Malware Analysis Report

2025-01-18 20:40

Sample ID 241214-qbyx2asphz
Target eee8350b227cd738eaf16ef108a33320_JaffaCakes118
SHA256 82cad9aa8dea2b0cc0b23646c0abaed713a879b3d917e8d9b3cb64fdbd08915a
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

82cad9aa8dea2b0cc0b23646c0abaed713a879b3d917e8d9b3cb64fdbd08915a

Threat Level: Known bad

The file eee8350b227cd738eaf16ef108a33320_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2511) files with added filename extension

Renames multiple (2652) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 13:05

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 13:05

Reported

2024-12-14 13:08

Platform

win7-20241010-en

Max time kernel

94s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2511) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\rrinstaller.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dplaysvr.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dxdiag.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\hh.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\runonce.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ieUnatt.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ndadmin.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rekeywiz.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dccw.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-iis-rm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\diskperf.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DpiScaling.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\odbcconf.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR41F.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35B.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_43c8f8ac0805bca7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a96eb731e9ea5ea0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_3.5.7601.17514_none_ea8ca0c25e350957\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ab03602b9d6cb924\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9db31541093af182\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnts003.inf_31bf3856ad364e35_6.1.7600.16385_none_1a5ec630d9861d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.managementconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8f1bc900791f2205\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81d97f02413ffbea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2fb3a1d5b4c2dd1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.5.7601.17514_fr-fr_28835b247b8dc014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.utilities.v3.5_b03f5f7f11d50a3a_6.1.7601.17514_none_1706fc424884a211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6becd7c8227ef44b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17514_none_3fc218fad10f1ad4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-14.htm C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c80cf1d4b4cdf5c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f71390cf9539b05a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..qlxml-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f807b381bda3cc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..evelapisets-windows_31bf3856ad364e35_7.1.7601.16492_none_862b61bc350b5a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-docprop.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9600ddd948c3c1e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d59953f442e57255\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources\6.1.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-langreg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fd709e41934da35a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_8.0.7600.16385_de-de_49651b6146f25613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wincal-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8a9a3a2e8e288e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59a756fabb56ede3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a239ec74ce61c438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_a5a135380060b978\aspnet_compiler.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\405.htm C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1bbf4d3f544a1dd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1c0de23d79605787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b4cdf0148751b64f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.1.7600.16385_none_54770154269f6123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06d3e34946d2cf79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_528c6fe21823b5d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_073d8f900a01ca4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_51b029ebe2ca826f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48268639435a097a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_it-it_ee32fccf7f23c0c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_msbuild.resources_b03f5f7f11d50a3a_3.5.7601.17514_fr-fr_ce53794cefb4dada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-7.htm C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netvwifibus.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0800c2c75a54420c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-ics.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5fc652bbad6091de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c347d344b4180fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_998776b7c69522d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_05d30e9dd60825a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_53ffa70de90b78e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eaee1bbccc2029c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_uiautomationtypes.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3e51037fdaa98d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_13196c7ddfc6da10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-4.htm C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_d60e0225bb629349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnle004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8cfa18adb8d54d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_en-us_10cf56c2df959d7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ae75c153af624664\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9c52999aacc0f8fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-locatep.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b1dbe16bb6559215\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3fc6a921cb2e7ab2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe,0" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KXOQZUNHYUIPMRI" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe"

Network

N/A

Files

memory/2412-2-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 8115bed31b7cee7b0b056d1196cabf40
SHA1 006eb04a3824dcef13fe4bdb22ebd33ebb72ddf6
SHA256 0d10d27819f45b102d532862a233eab90ff31812c0019143eb318b0fe16a2bf2
SHA512 af1f6b6bd9fffda2b7c10fab77843fd0f64b37ba5b2758eccb212725fe3c7b3e2eed68d48045d4506fb1020c34f379d5d5e87e056c42c0b2618fe490529c3c53

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e370e31a55e64371774eeac4370901f1
SHA1 07d0d214711413340e4b0935246e7c19ad8be678
SHA256 2e3f10a92a08e4b0aa9676e659f75b2fe1e70eefd939ad8ca2221567f7c2065a
SHA512 6b0018bd4957cf15d9953bbc70ce049a23b5a5e31e5ddcf435bf84aa6cf1fa7dd50ac8d5e1f4bad8612f00ff51b13e571b13f2929f77b1e8dfd1666629225dac

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 df123a0bc1604a86938d87a0b4503eb9
SHA1 1f559632c88000043d0b47b7f0456f5a0fa0c68f
SHA256 f0ccf85ba59cd656c3fb9824edaf9b448995e08a172d693128ca3aa88d829841
SHA512 556d0eb637d9aac6d299a2c5d30ad41e4c677d96f61f11f0f7f745b355bc49f61093cdf4f0ff535d683fd4928266d5f86de77359f183bef180032195daa5a65e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 461567987b2e52a58002fe5ac8957cb8
SHA1 cf3f284c2a5e37b563224a9f9a4a340609599371
SHA256 fcfcc356e5a4509674c9bd38b33ac652ac31c11becea799a0acdebff63c5c479
SHA512 8bc50a05b1798608503ca9edc75109602f8c5af43490d2c4b5adce0b04cd251d6b4096396cde050154340d182405a8b3dcb0a1d5119855df0f00fd8bb797c841

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 ccd2addf31f5e403ba48b003899e2f45
SHA1 60fc97c9e340c3e015ada591d73ad1862361f7ed
SHA256 fa01b6d71ec37d1503f37dacce52d88b4d18db123b78922946c52411efcd2db5
SHA512 dae5119be0ecfddd678eb67f9018bb0c2a42d0ba1aaf44d862db18e16406ae7af4f98d12d822d38456619799bd7359815f31357fbc8ac36d4632cbe028fc739b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6f41529bcab246216a0eca47c362617e
SHA1 7b333068a89c5719d2b6140872c94be9db0acdc0
SHA256 b276e36d006f7405cae1e65f59cfb8c4f27279eb57d723b4d8886b411fe8d059
SHA512 04a3c9c012be24a45324cb830655852009d8a4a873b52e39cc4e9032d8797f83483545117109e2637af508a466acc6d30539fbec718290d4f574ce40d6a76e71

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 ed9240735e7a3fba3466790d8ccdf8f3
SHA1 4ab33f7dab656acfbbef702415c0cf545f9c8963
SHA256 68c1c780d03e5c261128530de3bad560092d231f2a1b0623774fdb2f4540e971
SHA512 bde0d8b475f112bd42a77d0869004d09a43518e12591dd6d068e2f71bab8f4a39ea4a713f4067145270c6bc600a0f982ddcffb32ab233eefd9aa839290ea7930

memory/2412-3241-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 ef7d5e91c3d32ad3e0fdd9cb1d433e5d
SHA1 9f8845c6acd6cee3183fe76899ad15e942c3c10b
SHA256 edd4dec2cba34c38c38a36b3c40a4716e31e7de0617b40e6a2f6f3bc25ade65f
SHA512 f55c1528816644d5654f63518c263b1c6fb5d68d4257bac5ac8a4e3c650b007a20a51c28bfceb1599b24d615b283de5f005b49debff1f8b2ea30ac55b0d07f84

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 94e4d7c06fcec083560f1718fc868143
SHA1 a24a940b8e497a3332c14c22465557f4176685f6
SHA256 574ffdd9362c73b627d5e7456c159311a9ebd04bd44b3ffff32ecf2f97a5dbcc
SHA512 9f094c50791cc792b93f69ae7390e815c271de205f7d10fb7f927b9c149c6dfa5f556815d5f3d7747e7ca50f210a473f3b12049135b9da44c66c445c7275909e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 227c2229dc7483e7612478575a805f49
SHA1 8d95fd45295d4e978388c7ba3b69944f2ff5f9e4
SHA256 5a36d7190b2e524e24d27147ab2b784a5a7ddbb99ed79f8fba21dbf32b4beef1
SHA512 084b97be262ee21b0743fdee3e602d1c4aba7fc4e70c1c0bcea905f354fffe603d4c04a444cf851db80fbfaaad34ad2ce779ced46aff26a3b08057462c3ce139

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 32e0444e30f3cf0f4ea22e84d7502d3c
SHA1 0233aaa0be12679ec5faf78b669b642df6562beb
SHA256 2ec9c528e47122a91cb1c219696f8ffb2434ba2dde1fd15e0e6366c1499510d5
SHA512 9b119c427f543de55cb4a2520ba05ba58ee47676a4ade5f3ab645c02eede0f474953b9312fcb42ed84a352a3736e6d1e0249b76b59c0cb3bbc4cd6db445469ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 a985c3e4cbe8e10c70d00a50de5bfcf4
SHA1 f5bf5b40b5d5dbde3a76859f89a8a63b565fae8a
SHA256 f41a9f2a2ec0fe7029f7f09b1fcc65c8f8842b787edc99a0c06f54d85ad0a943
SHA512 3304e2865300b74d1952af0b7b0fe33a9ac562cf30d57f9f078e3ac0a2a9a4bd19adfc27bbb5f6c16da18995eae54d2e1fb0d11a90bc8972d805aad513ecee18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8a256d4529cb6e4fa760b2e7ef3c2220
SHA1 7e911947b7b24f570ef3dfcd985dcbec26b68936
SHA256 eaf3a89183e4e73da9686b6579d7d15395f13e4a82bfa4f8d9d32c71b4b51b1b
SHA512 8026e85d925140434042091519a075683c24fa93a143b6a7963dded0d279802ed2733ca3f9ef7500b0a1ea2fd80d538286f3c99a2dbaeeb7f3c479abc9b22ea3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b9e25a0ac01f717c6a8b1bb7d97ee320
SHA1 8c536c0d234d7ab65c591f0b079dcf4d75eaf985
SHA256 4843d7a0216cddbb97a66e194ecb5e3906fbaa0d82754eb28759c8bec9330127
SHA512 f71a9ef21607c60559f4de987077c93f7233133d2fead3310b18cdc80173c5a7c3b905b6405bec392823b7c3a61bcb88a18fca8c7ffa7e784e47ba0516ce932d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 f2faffeb92cd73203e9c70f8c200ec25
SHA1 3a3cdc519105bcc0dcf47ace05209a5d05128e90
SHA256 8cef84c4b6aec791030fda671a7cafbfab67c9d3c60a009d7cf589e0225a36c1
SHA512 9ffd023b262d48309bf53d3ad3f37ef95363bc8decc10555edb07de6ec123cb2afebae5bb1698bbc31a681a9514bf956271926647226c255225ee5b8160e132a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 fe57432f9453e6bf134bfb251d92065f
SHA1 a041826c22de3fe4bdbcdc2eb16ac9b0d4d5ea9b
SHA256 bf4e212f68bb63c72b6f58334404004b3d2d0431cb1005af505f1118cd363b50
SHA512 a70fc9622e6b65510357ee9f3cf6a8b57324c2823e1e995c1f6369088c62ac6f97abb7db15dd3a88feea8cb931287a3d31e6a8a2c558ad34eef2c5e8cd0c26bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 95f08c731f3b861adac7439bbd3e3a72
SHA1 7c09615b65bee608b7f6ac392b0eeeab11230a36
SHA256 802a4629f255f1ca732cdf6afde937655eae6ab2dffd8c6fc0756204576c9c6a
SHA512 86e4b8e216b046a536b8b04cabf4c0382aeeca8dcf11fbaa417a689b41da9f0577fea520cf03508f0701061051a1adff8c75cc3f4b2570ad6fbc9384b7525b9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b3db6a2704fca40b108092e8551f2dca
SHA1 6631ab33a375124262e538c6514e9f47aa8f3e3d
SHA256 6e9e8b83c0a760d0c5bf840f41310cadd54615aac21a8cdc0e6b2040a2c3b346
SHA512 968cfce4ce1ca62aa7eb9dfe4e4291af646eb6099bca98b9865ab12b4628fe1564cc89cfb410f281e08fe609823bcfb551d4fadf24766cb908e7569bd747f4d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 233bd6b56329694ada533c5cb337a145
SHA1 6bbc37bcb87e42ffa23571f56b7d413b55334a0d
SHA256 6c8e04edcfed096df8689fab51b0362a19c0c9ee530aced9d60a212be58179d7
SHA512 16b91e57d0294d5227d57a0f75e6d05da278f5a2fc20a67110884823905aec54d451ff6160d7c7b81e6d943aa690329f60bf77b1fe698842d7be4bdf2fd7f571

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 87e0ca377cede9882f909b0fd70aa475
SHA1 e663030bd9f600ed884ea35234008b873cb57283
SHA256 ead26f5bc17bd3c200e353c939e16b27a6cba861a48f3beeb4825212206a1c43
SHA512 36a4a0b68d51a33772c49fa7ea151e9b9a6410001d039cdf15463d4c1bf418faba60b04611b378e419fbc7eda3b719461a791e871946bae782cebda5fe507326

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b17b85a86e4dbd2c274fc3bb3e378915
SHA1 454055303dbea4d8df0caaf63d02b57b3351851e
SHA256 fe5f49bdaab54688b1d41bd8a87bd63835601cd49a2ffff2156dee2616ee62bf
SHA512 419fa0de20043fde447cb697e1e35ad593fc5072f9a8cadf67bf5f4ac9c228228fc08dbe3cdd26e94905ed40f08d54bec200edcb47aac78e22f807a48c2436d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c7b6abb2d634897e1f29480dc09f7cad
SHA1 3d8d41cac5736ab9c4f752723f4bba0a4e134df2
SHA256 8fa05595869df6323b8565c406f5fc682719753e5d28704b25a0cbc1d6061454
SHA512 d21c24ccc762759c2d0a22cfbd9252940a739a6e7f1337701349b331cef50c8d40df9dbd1d9492454c191813c85df86c1d7e90e79dbc4a71f7486179b870f7cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 e120527abd7245e6b6f144af8970ecf6
SHA1 e0f2a1f138fd406146b713a799e703520921fa71
SHA256 d5c64c2962fbbed1afd4839a39b9b8c02e695d4d1819a995e53e1fd96f6c26fd
SHA512 0dc821514481c79ae00ab73f06e410159dee2e242f8087fd23c90b510fc06a15af5e4e373bef971e4a6e9c71d7fbdce3c0f10e785d5f714d28604fa9215ef655

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 2dfe1d8fe35c1f6967f570999039b4f1
SHA1 a0087fd5ec2b888376317c3299114a4839db4c78
SHA256 b92a973353ceb50abd54cc323c09a7c6280b7d340ed2df13195c148bda2e0635
SHA512 af55a607bc648da6fad67af4623785867d7cab57a7437624547b6e5a1306d7e4f9585e6f3e1db45644d3edb4d7155e4d5451b64a522be3ac8f87fa85e1c27f2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 e48994d89d13269f68cdf810c2e295be
SHA1 3d869a9303f2c5208f167dbc2dc234f75e3ba957
SHA256 ad58d302e9683b81ce4000eb3c29719292ab658200d4e0737717a940d37dab4c
SHA512 ce32908fbd7ff72a69fe8fa0ffbd31573a53c07dc6ae8a6f4aaa4c22f732ad4d76fcf9bf6c011c71602f8f9b82b0571d88de19be683da69365b6c224f22e4c3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 da2f4889fcccc2131b36f27e262d8bb9
SHA1 2c5d011caabb0492b41bc117c7f368ee0d108435
SHA256 72999631cac8fcb49a87449d33b85907bc000f0184ac2ff485baf523916e4cb4
SHA512 e3b3d76e05220eafc485c87fa20b383ca0abaaf1e2cd8a9189f16164ae9d1bdc5b684dd698ca1fd7ffd0a601e80d0b9b42195d5c0839eb7ee7bdfb8696cea861

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 0bf1ed56f8d1dc36c2345ede543762aa
SHA1 dbfcf86e2449aaf2357d2c18983a62d3059df2e8
SHA256 a1a3e8c2474133fbbf172b0c19dbd782c09661dba7b042d88be1ecbac9dab193
SHA512 02f902b6a1b41acd0f2f43ae44c0d60e08d564adb44e31ec7efcc82262f8b9996c6faf8ce5a5b4805973afc5ae002472191f66ced11d9825f89685aaee53a566

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4048a873d1100aba9e3dcdeddcc01d02
SHA1 d754403b2380d1d535b82a553e57e95e5ba173f6
SHA256 c7d0f5bb753ce9279144d98beab588e5ed81e0640fabf38616ca8c39bf611e9f
SHA512 9cd93ec7b1bfcb171565c77d62091ce947442aeee382b7e4983bd3852aa73eb24756297074baff8aad5373f77ccb31b759f39bf1876eb7b181ee037eda707142

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 1bccc4c216a9e0cb4a759c8886e98775
SHA1 d2e930058ddec81a99321f96e7b3732ad83b2e57
SHA256 9edbb2d705da796a596a5065b831c8f15648932d66dcd4502b1893b8491b4c33
SHA512 990fdaf46d55609e38a57c4b8a479a9ce61b7cd71d757ef036f1e1886334c725ae693f574379a44178427859442f3dcc2e72a1da277064086cce1cc0a4de49b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 e4a01775a3ac3727b3b01359bfadd2b2
SHA1 198e37faf64f34e287c980b47ae20cf4040cee88
SHA256 2f3c4fd091e3c973a1eb098eebba0100a8fe4aa1f6a9537513460746ddb82cf7
SHA512 09aa18c60f33f41f53142d31736c9ba86ea26ae8d775d86b50e0469cefd956d8a82668421c401b7aaf33cda022a7ef1e249de05d37d04cc59143579cdb2f83c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 c411a4871129d90c06a5ad5cd21a0c22
SHA1 5786ff181176f49f4d4506a3908230f1f1d6acd2
SHA256 0b17551143fdb2d651ed26a372508ef6d4fc2b06fb54638e0bfdba710167cf7a
SHA512 20d3fb68cff4d82b3dc77b7b282bcedd2f53a02501dd94a0186830de42eedb34835d802cb4ad71d0025dc71ffccb10a31f15fac3e5951d2e607e9628b9ad15d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 727504bfe2932c148c8b4c906ff5d728
SHA1 598b78fd9a5ca061a89469f3399b6f44e2af7432
SHA256 06724b979870e92702d905afdf7c46089e78dd6b34f562046a63d581fceba250
SHA512 d2e5869fbbba283ea5e7ab93fc648f8cb7b72c67c51baf4c3e09266e971c6685893c46dd35a46ba536d2e021a6701d95afc910f749ddaad6888b7627ee9a9557

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 1c5d973fd4bf92be0077bc57097e9b48
SHA1 0ece3ba65c9acb363787fe48194696f7a7686ef7
SHA256 35f50141131de2bc225d41d5cd4165666df326d106b99245bbbcc89cda1fe625
SHA512 b142618b08b86cfe6bf82cee6eeb802a193abed740875d03ede8e01b36afa662e21457584e29896e1ef2970512d1b174ca15e8d0c21f8c9854b39795a8331e06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6e461f74b19c5a21d91c35f4b47b5791
SHA1 90cbde4906acf17f04f755eee999ba01a2b58e0f
SHA256 b757ea00c0a0189353fcaaa375b6c79d1fefa3c1c6ffaf6e90fbdabf2a6babfe
SHA512 c974e1e62c7e03a2954a077bdfcebb6dbffd5bd29dbe9a8ffc7c9ad480bfd848f5d00300e17bfe7a5741c2e856b938eb19290f331049057cdaba9cb05cb16918

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 13f5e1757d97cc0d0889a170489855d4
SHA1 5d602533ec9f280780fe802a90343c996a0b7fb4
SHA256 7c606dd15b62cce4a973e363c0fb6bc2d7d54248adcadbbad623ed4174580040
SHA512 6ca1d551491d80162ae155edacb039dce2e603ef6b1f6836786281ac5c3339daa51c7b118260e657c42176775638fb9e9feb2610cbb5a79986424c07fad7e15c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 575b5eef80265d518cc329d207e6f981
SHA1 2915a7f3150ed4d66eabfede58524f2e4be00c5a
SHA256 51a51fbf5dedfaaa6b9eb3935c3383d83d838aa90adbcb4a6af6d6d1739b9232
SHA512 affa76538d381eaef203f8b82322b0879603579e11b4249a2f8e8dc9e86698cf7bb88787d78bf6b7f5b577311c5ac4ad5afb5fdb80cfaca4aa1da6eb83d11768

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 7edefa64197967c29f3086cdd5c99a6c
SHA1 363ecf9e24b6f0c1820887894ab34567ddccb889
SHA256 922aa0b2920bf2697a43fc0ce576c0db159bfe1f624b951cb11a88568b52337c
SHA512 3214fb307d9e8fcbc242d912a26373ae0f838105e911dc499826c45a15240a55591d2aa963797ee10798296ec76f9fadc4091bea3db52a452344d63d77eb5194

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 1d51c3d0cb025e787e4fd57e3068240b
SHA1 0c9138a29dea2f92291fa2b72b7f90983c602dd9
SHA256 77abfd4fea794ad6a1e09c611ea90f492d7de889fff738a4bc63ea7b4958b437
SHA512 d6e3120fdee6286f26fe880d58201d0a25a07ff8320d58b413e7cd7c705fe66683a8f0131ff0b8c95ea1a05393d58f738e54753940e27f2d079009fffcf30c33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 648a24d7d62985c21601625d168f7482
SHA1 7da6e7afdf7324ce42dc0f2bc82589471bf74550
SHA256 3bdddac7e2a7657a7ea60e610ae5b58bf827dc7f4540667ca77bd5172f7c14ef
SHA512 dfd8b7a04d4d58b3ae5ac7d52520532d74f2f6e1e8c1217042086fe279980e856e14b65afac9783b7d86f265c7139a7d3c7df3021dc2a98ca24cde18b6c9a008

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 2ca0ebbabe0817ccb2bd357c7a7f302f
SHA1 fad25b33bfa0a5f72ff5aeea0428fc4c9019c245
SHA256 a63e19e5e14e846919ff4c86f2cd31ecaee1b4ee3991d167256f4ed566baa959
SHA512 6c71ba2f1ec8d13c4cfacad60085b1197f388bfbafc5b5d86ea37bd794643d57984ba96c6f83ed33232310c90f1209829251579070efc906eecc70fa9a4008b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 97636dc0d1530aaaee6cdb7f2f63f99c
SHA1 9bf736d6c01176e696c088339f3f91bdb5867f5d
SHA256 cf2fdca60242fc1cd0d7829e621e7337858cd49b5c6766bf638738ca6c850d30
SHA512 fc2bed1d7fb6ccc444f72519fd286c868a3e99cea292279cd3e8cd187c1e91a8a1a15c8d678f530212f69410a0ccd2b434439991e0b7c791173863e0de94a17e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 55437bd14cdf843b496dc811d70e03dd
SHA1 4bd06636b92e6809c4fd469db3341010d7ac6616
SHA256 e07e591d3ca112eceb988ddf1e5ee97c29d228bfcb21b5bc6fdc61aa083afa36
SHA512 6ee7daeebb4bf8c018da145cfcfbb0076fd6f2a107f1e298da365e7f4017e3012ea81b23901bf2e1104815373d899e46f79c2d42218b4a5991160044801cf6aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f74d4def1e20cd7d12e6ca0c92786eb5
SHA1 780af12dafc1f7466c98b75b55c393a59183a319
SHA256 d92e217ad77d478f1051a0f708574011f5a22e01225bb953305d5e2df8d4aa83
SHA512 ab2a845474ecf8201418bf985b0f3eff9e545c9dee5f2c70801e36b4fba8a96da1aac1f0fe08b1d13339230068e736321144ac15f5f4616e33b0fc7b9b615a6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f8ffe80c39a2cb17186ea19fb7d6a961
SHA1 3b227bb19a1742d91278ac2fb9049555811ca48c
SHA256 0a2969bcf194f7f4d7bb9e2ac3197ea47745df238bcce5adab9a83c8cb31c75f
SHA512 f2d233ef8e1dceaadb6f9942f8e2f0e7b54d1c99e7b93d30df8de267e0216691db7d5dc95671332efc8b954ecd4f965b9665b97dddb7468cd7a86121a1bd63e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 15c203324962c9618b0e806bdbb942a1
SHA1 5b0ef92a1ca0ee8e57f53c6da9446518f739eea0
SHA256 657ac19a4e4377e84ab182aee3d75aa28f1937ca06f2bf2640dd184d86f8716c
SHA512 a741d9be2e0435013c6d3f832c1fef3f451d3ab9c47b567b29dd75208dfd8b82b03a44a3502f4c24d5df42562147b4d8973bfa6fa9b56e3a6b58023f8e89e5fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 1d980f2aac6c9490914f424a368c5365
SHA1 23447fbfdfcc2982ba5618aa947da5c1b69383e7
SHA256 5d17c95aa0655de5912f3a7f47ba11f9aeb7e40f360b96b0a28e7324bac25c3c
SHA512 c1fe8d69eb4d5586075a14313d35ece848e6dbcde836bef8d2f306472ef04ed77b25a44cee574b465aa918e7af94bbcb93ad4e5f502848d3d377200161a3954b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 166e34aaf66bea03f41e4dcdefc0a62e
SHA1 5290f6192678a53c9c52761fc79bfcfd8e52b7e7
SHA256 3913b7f29ac08324735ec0b252283fb75bccc818fed51ed84433eac48c4b496e
SHA512 06c335d2b2c1421b0484c7d3e3c0fbb18becb1d3421652d848b9cccf1ecc5ba23a14a4cdc27744befa2bf1fe9914293e2988ed67373891bf94e2e7b119f9f2e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 e9b201a8da8e7fa133dbfc42e5e3cd12
SHA1 bc5dce7d9194168bc3624886b10d9bd5056d6929
SHA256 af3cdf7867b5db9dff0cd8d878c3ceac6e722a80ab701e76b998339da16c92e3
SHA512 e6817e322829096a77d2d51f38efe99d17fda90de4703a0b5403399499d661ca62253e167ef019e71d2a800bf41ceaf63194b44f82b34314671fbbf2e9046258

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 d70e2ca46377743b9fb839e4cf1e9e2e
SHA1 cc1adc5aef80e08a713339d838bffd0e1287eea4
SHA256 b1cbe9ff26c50c3f985367a0b587e213fa9b334409676d1a1ed2d09cac11f57c
SHA512 9cc51ecfaa051e9dd9852da49162118638392e981ac66d371028b1154e72e0b19abb06d3a754559745c505b8bc7e39544e39d46b888d9afad1c9e919a9b982a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 deb84f56cef108266b7db89316138959
SHA1 484e3e9069b3cf8492d9628ac896fd924416c58d
SHA256 ba552ac5a175723942051e14c335088e994d9d6c8afe8e462f6f3e3535f93f2e
SHA512 38855c8b49da342d0e4cfb393e2e72004d9a6a2784026e8cbedf061c397fd98e98ab7c6bcdebdd51fda3f2810b01ec02eadefd7c428c62c8fd01cad655955779

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 65f072918bf7d90eb7dee2e0a208aec2
SHA1 c40bae5ea7c1077e4608273116512de44bde2a58
SHA256 70e8c8800f782368c6bb62b85ad25a2baa55cfd0f776f8593f040ff4c80b1f5f
SHA512 349c0acbe74f251c7858033c4e31b3807f71f16a4215c2410c41476359a96120fb9e8de98db39867a982131022c38beba79c35043d9e233582b3959f9097480b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 1f4b964ddef1742d45b40c407e9b63d4
SHA1 94804b87b9ba5ec87f5048f63157f0ad1fbb5d28
SHA256 e33c5ba7425ca7ff0deed190713e3b981a10f4f40e26e59a625bb54f5af78f59
SHA512 2f6f597908bfa782625560554179c8d0b7da703951757ccc2d8a06956c38dd4f32208916d83839a15b667fe8ed37bea62cc8b21157acff6ea3e6ec554b1e4ee7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 43cc60d85d7cb78f4208c428668b1512
SHA1 b38567e6c0ad9b4f6ad41e7333d99b72bb7af601
SHA256 8d05134dfaf948cc59346389195795b316d4285aba9da9dc221757762b9d333c
SHA512 a1b25ce8b089f809e064488db2f96ffcc860dd01d70dcdb816fe1c9c4cb6aa0ce902bf516855b515137a3febef990c17c0102c6a758eefbe6d108e6fcb6d8b54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 30712e4f1740a42323c5d0d09e992ec9
SHA1 52332ee7b0b52ea368e87b05f68d4366a2f5d078
SHA256 63bdfb807824a0c55d00dcf2f4af801b4ec3655ce4645419b97165512f444728
SHA512 d3e162692856acc8a248d8a76821c440d719128e9c81d3d3364d43aceb58a325769edf666cf62aa9cd626b0b18c8c806edd070364f649677e348a2891be6d3af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 59395893ddc2f29d5ada3bcce7f7975e
SHA1 f108c5cab2159edada56c3cf322b706ca07f7b71
SHA256 b29ed2f0d72d1ee91f9e44e8c8685849cf79563a50534fd43c68fa4d89fb8ed4
SHA512 ba2e40c0661ffc8b95d4beaea510a8665724ec0af4c9cfbdb61cc0a52ea6f5ec0af50e7a134657818c510daa673964aeff9585569721a01700c5623a0a5b9a2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 d04d8959ac31f373fe057aa3732370d9
SHA1 157beddc39052bb2032669910267d2ba1ac4425f
SHA256 df791f63a536c985895729751183c07b32ab9f482cf414c159e659cbf8389cbd
SHA512 39ba2e7fb76adcf3e5287fcd3b851909ef1d1f39935185fc9e8115a0c83964316c2296abfecf1da915273036c30f35da64c79d478dce172cd1dee24bfca0062d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a0e68c44a27d0b55945e2124d232cfc2
SHA1 4de8ab9814e0675c2c0bd0ffa3f5b10ca00cd360
SHA256 a069b5dee0c1605f83b25c3add277ca76fe1b81292da0618ef3f72e9db82c6d1
SHA512 c60149ec455c439d225532c18e5361fedf848c39dc1a1911f0b6c01a4f46d68dc90b01f78687afc6ac1ad7ffed0fab2e443079082e8dc5e269c35e0408206037

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3031bb08811e15b2576c6d4592ca1d73
SHA1 bd9d07877b8758e413bdd6805a4c0ab8dcb49c5c
SHA256 fb4b5834488552338b41183c01334b1615c047ba3ade758e96d5f1ad82b1111f
SHA512 0747c0e62bb32bf563c9a1c00a336301094ffbc7fc2e7ca9143ca1ba3d45a7c15a6212a771c65d5ed469e651e9db9231a919f4364cbfdb3be69c79702ddaceac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 420b44313d65f66084c33ab7bdf5e0a7
SHA1 e9549c95a4040baa154f8fd44063ca1b99e44348
SHA256 e941c52385edbea496d37a5227346ec927eddde25719329111471f3b9dfc4889
SHA512 07201977adcf302d5cfba9333f9ac3b5f3c548f4b243ae15b6f7a942c6e62861dfde0f61c8a492d08d7d02d30d94fb3d43c8bf07ec7afcaa0f2b3ae44ae7ddf3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 c4eea2b9058a41fdc661bdfb0993b088
SHA1 7ef0b62265a3c8204bb40fd6a089379ddf629b13
SHA256 03e3457324f7564e3ba137ed0f54ef2eedb165a52e3205ee9f68731199633f94
SHA512 ba06d5dcdf6a53dcf9b9c5ef64fea6ec0c52028fb5892d70c846ee7f654f6f00d65b12f3a800919be5206a3586274b2eb87f5894c86f5a1d78b451fff6ee3d54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 e18024545147a689ef68c06a394caa6a
SHA1 be4c396ddcd99faeb159c5c5f32296ed37e0f1b5
SHA256 c2e10c65052c5d54a73cf6261d813d9fe758c05b9210501551fcd6cd33ab3088
SHA512 3318c923601f23d439192c00b330035cb5caacc622b432d66cdd48ab86e0ba7d697b32adb43373be09844427e92ff9254414a504d1fc6a344b5ee681cdf248ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 e7fc709961b37ba2535290aa1854751a
SHA1 ee6ae844b717d821ac627744ee003879401928eb
SHA256 38fe0608c85f89d195b00b79b1ac817741e43a3d050ad7e6a5e81c77fe95c0e4
SHA512 9461df8f37c757603e423de27128454dbaf6075dfe19940ecf23c7502232d1f4fd1cbb7e54dccd223c891183478de05a266a851c2b65520bdba76a314019f4aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 530f05d209e9a6423bd99b80d572eb43
SHA1 243ab7c1ec565b0c17e74269693b199dee743b81
SHA256 aa5a6f3503fe0ca2c4f4635a5c0e094aadcf361bda961b49bbada8dcccdccdb5
SHA512 807f5b7d53ba2d03e1730cbf27cf3c02c2dc88e202f709bc0462852c75043a491a8be5a8db2d6d632beaa5f075ab628fb6070b79aa4d6d6c144ef4118ccbee12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 15366475eab3689569cb2382bea91644
SHA1 bb427d8690817f3ddfb48a17d26c548e11ba81de
SHA256 1fda18912bc467eab3d8d6bcd59424ee60dbd40431849b9c493618cb9f20ea19
SHA512 4b1526730cc2e2aae68da7d41216056e476f52ccb9e58b26a65b5d99334f6aafdc80e215b919858a8fb7b32214c1ac4dc282f626e5cd43b8ed97984fa7d95fa7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 dcc192e791dedf67ef4e3cca33680f73
SHA1 f680f1d16339b24298c017a9f303d08cbcce0f03
SHA256 7b2b2cf05c651a1545df38232f323b5030c8436ff731b4a33f0df781ad3bbe4d
SHA512 245848323ae505d3e74ba26f23eda8057b819e803586030f343d1191f2a85f57b0094754fceb32b065583b9983a8ab2ee9b8023bc48a5eab0b170cf63aaf5875

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 e486e9f186202d4d1f485a9f67703bc7
SHA1 fc7961252f0281e00011eee92a451686c9e1cf2f
SHA256 47f3d0529c3e24d02d2b8de78b178cfd6864fee5db5ea546d16a044f985a172d
SHA512 2978bbbdd4de5a4aa57e156d4909127ea128cd3308169602be9585db21cb813be8b90622c78024b09b2e843cad49f288bd9828fc2b58ddc9a6609d6d547064bc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4a25326f91aeb76a96414e533b7b2254
SHA1 ce040bb3f8f1cb07fd84fc7446bc3580cff99b69
SHA256 f0a2a5dcf80529b07ff1ed28e85f90fdf00dc3688fe43671dea0d80e9949a0af
SHA512 a55cdf79ff62fc6f0366aadb5ac00f39628181227ebf9b7f8082762bcc4bb4047f3c6907db19df38d8afddb748e63f6fc8ad8c202ef664caeefc1abd5fa4673e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c025159d1cfa66bd0f263645310d1c40
SHA1 65812dd7d16e8b3580d9c9cbcb136a4d532fae1f
SHA256 1113235ccff58baf0ffeb80113747549cc6216ccf77ede66e268fdd9b8f6059c
SHA512 4d660b55158736649132e67eb5a327d86e694758fd76250026881506656ea1fc3e7659c014d72d4d4ad604410bca097c0bfaeb0cc5f5ecba4beb84b983546d72

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e74e7718f15a99676157a315982b56e1
SHA1 f475cd45e6fb904856451d15108bcf78cabd1ca8
SHA256 4eced391273df13a0a0edb50c3838204ff7b7d15fc78c6f106e60026c9d3effc
SHA512 c56b1254105421af9576eacf311a32fd9619ed821ac335b8950796a695da97804f437772268fa0e87cced0a27eac1665a4739da17e1f8180c60b3b44a0f8d0e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 60729829e97f2d6d2b65a924c525d146
SHA1 6ba98106b4ed9c5082995dc2e74d52612f670a30
SHA256 25fca30ab4dce66135e9e39b4230c8707a881779579d2ec7d286e4c4c5bf2b80
SHA512 1051ed12354282137af1dcf9c711b5a005003b36fd5290dd57a27dcaa68009a987134873d8ec4e260e2d211346ba582eb69ea4098467508783409e368a20e436

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 91296dcf8aeab10a563b2d26e98e2ec8
SHA1 88d4663cc67c6beea84708240e902c69370e3a7c
SHA256 f3da7e7103a62f4ca717c23583c01531cba9da6921bed634d247f26932a9c963
SHA512 4b324aa779f90c0fa1229cb14950c9e2896ce4ffbaa701e96a2effe6d5feee852bc9c30f244368eb1bb6e83cca5ea5ae34df122ce4449f2b9e734d0883b7bfdd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 c6362c12dc03de73a5e7831207ef2a75
SHA1 40f031f521979a778b5bae0806b9b92398fbf12a
SHA256 95131a02d47d9b29c209486729ca3cfcccf55de8fb0709f4b63f3a6ff42e9668
SHA512 7b6ed8767f3377941165ed08e92f7e447420581c847c6c2d39f2a8efaa6f8914feb972d3cc0d477c20877cfcc5d95b353861fb909f36631e5d8fb31788893955

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 48b4013d03cbbe31513ade194586a957
SHA1 2bf75507237532e7f55d1b18329790d582cb4e57
SHA256 20b15ff2a213d1593fd1dfb363a016f7e5ca3ccf64b376c2591f101fe7a6ae9e
SHA512 db2971d26ca6be8865ffad0389fdf3d2ba9448f5a7d6f966f8e51b2fba6bf39107365a5700200d33c1b093d9b5e34fd3ff3848ce8b5e24f9de12529fb9a4a10d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 39115c4684e104955e2e3d9ed885be5c
SHA1 1d4bd85d48df944581a3c7256698aed2ed4c67ad
SHA256 b553e63669ceea59fbbdb1256c124f529284b1134ea968429d6949592f61fb96
SHA512 2ce9db8665cd2de12af175bd348ab59fd2c84ae89fa692f2d18f1136a536634e92df1829a1a44b22d1088745fa80236a81c55a00e8074011cee96d6f5f25d4ca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c2d5e96be90d8a85cd4c9a6995cc4a45
SHA1 2f6c59fc5c968a6b6b4250c4acaa76938ca52273
SHA256 87ec132f67ac61a59ddbf7aa6e4da52a6f79d23b34957ebcf08905a74ae8d801
SHA512 11cad8e9f3692c1f596fa9aa799a834a203f3d46c5205bcbaec84b929026599ee14ff86a4dab857933b2030a7c1ebf151f460a0d4ab0752171749f17d71fdb0e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 05f3baf319c5096c1864562fa0c8daa9
SHA1 25b7429faee2da9c00fc7607527539eddf79eb0f
SHA256 fb289108d5032a8c3ca7e08d6d137a8496c0f336ba642ab22b7a83899676d1ec
SHA512 312c38dbd6be1194048362699c31a3f88e09013d927ffad899f6162851da28184120e861669dba14cd83b5359ab0ef9c25b96e196ddde224f5df5e6a15ba548c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 ba1e382de783b1ed6fefd49fac0ccbb2
SHA1 f6b3d671ef49b8972f1a01cfa449a5ad0d4c3393
SHA256 5457db32e748aa2aebb901a2a9433babe3a365732b2a581fee8c364e4e5ac5f2
SHA512 472b8900e9b70523f894c09c95cad3ba8b68abaaeb166cdc54dfc3292620684e716b34da214ba8d5870f02946db34689b2fd415f4c5ee97f905d64c720a3b298

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a59a6116b7e474b75e61178c7fa4d78c
SHA1 8e94b29be68a0dfbb0a2fddc519f2ffe6025a7de
SHA256 41590e4538b9e991c880a3345fb257ef7358a9428b8bbc66f468405b99c69620
SHA512 1e527ffc6c3b084640b3d37e69afac3061ed6a024cdf17a508d2f4a346b61b27e69ff8f5bac9ed72b297a8a7a92231a9c1627673439d46011770d530d56016ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 724ecd5a2b40a8d03504b9169ca55376
SHA1 064ce2b5e85080d9ef69ef2259d2f4116571e7cc
SHA256 4d9fa55ec08b59d844d26c9f68278d84b16f3c0d907ac65fcb845ea41bdd7809
SHA512 a51cda05158067c8daee54663227a22a3e67b7a7c1593592bc49a5b065b25720eab933fa7dd9729affdd5656d030cfe14880a99cec551c734a636392a28e64f5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c7b73603d36ddbcdfb53229659e2d26a
SHA1 5e35bd21b5b2a610c9d60b5888b3c9f100ca5e6a
SHA256 2b98c05f610a373ddeceb6d687da742aec2a76e8392c3ec86462df47b8395eaf
SHA512 36dcf09cb6674a028e5bcb9d73f460fbd9dd613030ed74694d81a6d9ef19f8c0d8ba11829b7555283bb6a27bfb1c01cb3d1ae596c0ba965eacbb020f56a281da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d2e13bbe4583242f4f96784094c49078
SHA1 b5f90588b2ff93fbe0130be85543a52f6b36574c
SHA256 7fd6dcb2a57077153feb1fc2d177787885f14ac2d16aad9404582e189bd4156a
SHA512 f6a7829e471e6df8d62b04eb7e0602eda52fe0c77062c5497a37e35293f91c13a5f7eeffbdfffe7c1d2e6f37a88d3f7bb0f14497602ea6498a3740477f5bd65e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 43b84a61e9ab844b536ad9eb94abf290
SHA1 f2876d609f58415bec216c04621d0834ae6044c8
SHA256 8dbdd4d92c10dad7d06201d31c2939378b5624f8f7f25af1c6e1e8702b668348
SHA512 67c41b8f6df85b1af6f5d2301b009ccb2080fe802c4d1d7c4b0e0dcb280c29b1b588479bc2a0f7098c33f46c80a6ac80f08758927bd998bac281343cc43c0b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 8b6d120f5d54e227ebcfae9e6cfc213a
SHA1 a4393d1ac325e27276cbef3052e2e20a61c9cbe1
SHA256 c364f1ab48301c5ffdd268743fdd863b7e228a984002b1bd4c7357de658e5bce
SHA512 d95d62b7f4db1e5f4d39f0bf5f51b20578581f32a3c51ef42ec571f7d1b0e1fcc5673dc1e31bff03a5ac0203fae7016ff8e08f95831a2e20b5c59b71bba1decb

memory/2412-9744-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 13:05

Reported

2024-12-14 13:08

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2652) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2052.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p0_NFA435_olpc.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\4356a2rtecdc.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\LE_CTL_ar6320_3p0_NFA344a_highTX_E.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Netplwiz.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rrinstaller.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dcomcnfg.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p1_NFA425_olpc_A_TP203NA.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\getmac.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mmc.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\appidtel.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_ar6320_3p0_NFA344a_highTX_LE_9.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p1_NFA425_olpc_SS_S.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mavinject.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-standard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8080_20x20x32.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-125.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200_contrast-high.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-300.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ntservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4eeeae54718b781f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tworkmobilehandlers_31bf3856ad364e35_10.0.19041.1202_none_7071ca9643718427\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_10.0.19041.1_it-it_0f7ef5581f375e16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\PkgMgr.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\SystemSettingsThresholdAdminFlowUI\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\itemCollapsedIcon.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_92681c73960d2750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.19041.1_none_fb337fa99fb8bc2f\BioIso.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_10.0.19041.1023_none_6db8f44cd8ead692\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\Globalization\ELS\SpellDictionaries\Fluency\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevAgentPolicyGenerator.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf_31bf3856ad364e35_10.0.19041.1023_none_6b2c797548d35011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..iguration.resources_31bf3856ad364e35_10.0.19041.1266_en-us_301baded6360969f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..up-prompt.resources_31bf3856ad364e35_10.0.19041.1_es-es_11b6dfc3955f6500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netbc64.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f0b396a7300736d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1110_none_0565d41cd46ec20a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wstorvsp.inf_31bf3856ad364e35_10.0.19041.985_none_9ec3d9e91b3d1b4c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..orization.resources_31bf3856ad364e35_10.0.19041.1_de-de_9454178569cddbc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..efetching.resources_31bf3856ad364e35_10.0.19041.1_de-de_2fb28991f1a8b961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_b5ed54b0fe7db897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_10.0.19041.1_it-it_0078af1908fc00de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_66835d3c174f7d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_237aa6e0e86c5765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3bbab7d5b38e57d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\r\cleanmgr.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-gb_61455d639cf26591\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netwtw02.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_5d563b8f3a12fd32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b4ecd798f5a28aac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_1.0.0.0_es-es_255ec101005b0aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.546_none_ec3c5fb37d3e1cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-mfc40.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ffca6f045d62df2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_sysglobl.resources_b03f5f7f11d50a3a_10.0.19041.1_fr-fr_51edc62c2d3d119d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfcore_31bf3856ad364e35_10.0.19041.1288_none_65a04cbf0c61548b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1266_none_1a0aa046bfbc05b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.746_none_c0134b70522fa0f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.build.tasks.v4.0.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_3fbb35371cdb32e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-cdp-winrt_31bf3856ad364e35_10.0.19041.264_none_418e6cba5274383c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2cd851330f8efb90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsstatustab.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bb1e99fd5defbd72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.264_none_d6c18d8390c0cd44\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..elmanifests-windows_31bf3856ad364e35_10.0.19041.789_none_7f2fef395b7423e9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ityuxhost.resources_31bf3856ad364e35_10.0.19041.1_it-it_01ac3dde909aa629\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.1_none_d1fafd8eeb2a2637\Speech Sleep.wav C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_52a6881a1d366196\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_3062feae2a702d0a\cliconfg.exe C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.UI.Shell\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-media-cap..ternal-broadcastdvr_31bf3856ad364e35_10.0.19041.264_none_95569df974df5dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ners-dynamic-device_31bf3856ad364e35_10.0.19041.1_none_b4a7fb8b678481c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.hostcompu..l.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_it-it_ff9782c9a6b088d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbba47c77411d25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_10.0.19041.1_es-es_06822c1750491d6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1266_none_45b27a620a2b071a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_prnms005.inf_31bf3856ad364e35_10.0.19041.1_none_1eab1be1d38e5678\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ilot-reset-credprov_31bf3856ad364e35_10.0.19041.1_none_d75c5e3052d0a6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_10.0.19041.1_none_b3d10930f50b408b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_faea152655bbcb78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dsprop.resources_31bf3856ad364e35_10.0.19041.1_de-de_676c798e3fc23b3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupcl.resources_31bf3856ad364e35_10.0.19041.1_en-us_503feed586556aec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe,0" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KXOQZUNHYUIPMRI" C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/3452-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 8115bed31b7cee7b0b056d1196cabf40
SHA1 006eb04a3824dcef13fe4bdb22ebd33ebb72ddf6
SHA256 0d10d27819f45b102d532862a233eab90ff31812c0019143eb318b0fe16a2bf2
SHA512 af1f6b6bd9fffda2b7c10fab77843fd0f64b37ba5b2758eccb212725fe3c7b3e2eed68d48045d4506fb1020c34f379d5d5e87e056c42c0b2618fe490529c3c53

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e370e31a55e64371774eeac4370901f1
SHA1 07d0d214711413340e4b0935246e7c19ad8be678
SHA256 2e3f10a92a08e4b0aa9676e659f75b2fe1e70eefd939ad8ca2221567f7c2065a
SHA512 6b0018bd4957cf15d9953bbc70ce049a23b5a5e31e5ddcf435bf84aa6cf1fa7dd50ac8d5e1f4bad8612f00ff51b13e571b13f2929f77b1e8dfd1666629225dac

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 3d0ec745b644f1b98e31d6e7fb308b0d
SHA1 005a774f1c25302b1a6c768fc897b448f414253c
SHA256 a7b41e7da0fa4c81b91d17f1cd2b93259db21188993e5de8f91adb0bb5a1d9df
SHA512 1ee1b8027da4f7c58ab9a49f7b4c9ebab7210d0e04eae95bf9acc421707d04e445f31b5609bc198afbace38c4cd74c3f655c564dccd9f5dcfa5c43d74dddebf4

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 fcecf6eeac39978f4a029fb8fcd461d4
SHA1 88ae1807e7f403270a8de4e12ec3388134872b0a
SHA256 88d39eb1d1eb087f37147b15f32a67d427d6df7fc1f08100d4587f4302fb8038
SHA512 c3ba307c251ed39dc8bb17b3ef12a1ab61783e04b0adbcacbed186202004175980ad6656c48f0b34c4269cf44331ec17d51a2eda9d6eac5af74659710fd53053

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 9c59d185900c27406681a5cedeefd524
SHA1 4a49687258f61e0df8e65c0c6197f05959812a0e
SHA256 c4c69ac80f9aaa1dce4576789604dfd3ae8702e73ab0b8d1c95eff70984b278d
SHA512 cd45d10e07fc1281f64dde258e22928f76a1c401f5812f48411f1c5e0be93048b170ecf2de3ad96508e83b0915511bd0cdc5cce07e93a1b5f6c579474141f151

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 b918410ad66843ce511504ba8ed1b7a8
SHA1 7f65605bfd5da95809018ae419d432beddb09de5
SHA256 09bd888c3073c07f947f75542d59432175a3c9e41f565616d4accaa2c4c71df7
SHA512 12b87dd6bb23cc2965e49a453c52d6033f61c067146a7f8afa6d137221287763b775b0db8d887517cae7cd8d6b787eb22820336af2dd55bf03613665fc4315d8

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 13aa1590eb609a16e2db41c2681874c9
SHA1 0342c3aeba9704132869e9ec06137adc81edb996
SHA256 441fa0d1585c09833583c64aa2667fc8c235881edf0004103b20ed37d8ba36a0
SHA512 58e04627aa67e1592ae505046b4b83f32db4a6dc94fecb994755803cc2e8009ede1c29dd762f85129a481b49400fd7f9da66583519c4d02b06784b802be30769

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 41f241dd71afd9931b28e261ed8db3f2
SHA1 18e3dd4c249cd33b71ae7be42c30d5e339b1f5ed
SHA256 5541f4903cd8571b7bb7e2ce9fc13e596e19eece5a5f601628b3c3614a438000
SHA512 b7a8c40a26ff60a9b46771fa6dba726f1a6d0ff6499a0c738f028985c2559d488a4b7fff2fdaa43c3ecc0d476f6eac604269119b0527ab89505069be49f06cc9

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 85f11928910966bc0c36fc6661e54554
SHA1 a77514e564c6b951536a6cd0d032b1cc2c7d62b9
SHA256 fa5a95809908498cbf803d9420653b8e95a5ea36884eaeeb96c9c77b276c464c
SHA512 af6fd91c80cde8e36d5a10c2f2d6d7ce778b45558354e9df61841eba8bc4a2d62ed9c17558bd52ae8edcb62c12e571c3a50d0b7d8f28317315c42c57b31bce0e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 a800851424d75136fa4ae5f364d0982f
SHA1 2f4ca6717393875605fcc720b451ecc8ced68555
SHA256 63f9f558d9cb4b3751f24e8e97f83bc72c73e1845407d1f9ef08796dfcb0286f
SHA512 5a8650148b059b2137aa4d2ea1e953d5e0ca9a134bd0ace782036ea6b5353a8e1cf3c340e976bb1a554a111493802ea2124c062a30748c850cb0462b524cbaaf

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 8b81faa78ce61e3a4658c6b0bd27a77c
SHA1 dc1487cd7c6ea620d0f6a2961b6ec0d721684a29
SHA256 bb56ef86bf5c0b7cc86ccced37b2a248627bb2835300415fbec571b83bece110
SHA512 0fbba1f14e16f98a1a6835b1f38ebe1ed303a7e9bf31cfae641278c222d3c519d20902e47503901f2d42e174d6744158473c99d8fef488218e9128095388e33d

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e33d64dd9334ba1c78636242848ab839
SHA1 4ae616eb31549e272a00cec9b3d89c5adae35f5d
SHA256 a5f02139c197d14aee3be1cee7fbee8d1289908368ee9e8b059c395d7321f579
SHA512 5d95f76ebe5ab050fa8c997a1dc3e2196e85513468ed785aba6964d362c3afd5972169c58a6b1da3207d8deb08919fd7bcb5de2c70d925e8741d93fd686eb069

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3d9bf97f92879f653c36c40811389e7a
SHA1 b316ee9f55cc6d5f1c61341b385d49825cb4197c
SHA256 1fe868cb2fa2baf4358ba69efc6518cec635008e464207045d39607b9db6fe1b
SHA512 a40a91882a386449229837654e722313f63dad648541b7179e8d00857476e63fc136041f45c26ac7e071105e71d9c0e7a3d9537e9dda3017a8aac3461ce5c428

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 2058a28dcc0612eb0ee96a0b347907e7
SHA1 f35bbc52d91587b5e95549a3deea9b6ba679817d
SHA256 a5e26f92f30e02cca06a52dd09c25047808f8e17729b2aef0d8e4dc913616fb0
SHA512 9791b076d797aff9eb45920c62cc42b5fb1165eb6a6e95c38e31ec190a376b9fa78fcc94224ef6013cc8bae27be42e149d8d3af91f0ef23f1bee15c9a84341e7

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8af760ca96a3d3efe919292af3277727
SHA1 f6f52a9e4fc846bdf47e39ade83704901ee9ed02
SHA256 5c47de8fa1fde6db414651b7f6717f9ed3b032d5ebecdf1dc1a14f1ba8609f1d
SHA512 3691d1005d4c791d488d84a2ec5e6270ab4135ed72048fb343897ad74008551b4810ae6b539a91d7becc55fe437c8f78016dba64b5bb01063e68382b0b6d3bd8

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 e0e7a784c8e935a6af1de092374d5094
SHA1 467eae58a19d7282026cdd642331216384065556
SHA256 6e3b0f04844e6cc433a3a2fdd5cb3c2c5aba09485d435f73a0a30a0ef6069ff0
SHA512 afb7e6710798e66e478f088c3ed4a52a1a4648398741ae6fcf820e81f5d7812f0fe768bb1e8a58a0e49d22e004827d7045e110d2fe54fb44d5ab37c9402e7c9c

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 f388b7975711aa40d45dcef67883f34b
SHA1 92c0b1a0eefec25e63091e9ccbb27a39cf5e8882
SHA256 9b9dde827aed282ab79a25083ee8ca576d704c6f989c1460487428eb720f7872
SHA512 e9752294e0eab8c88af39a4dd37752337e04049919c134ec971d9cedc1043d53d5670c78a1fba60e67f51dd4f55adacc18b91daf5758459799a5bd22b4e3c0ae

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 de8060ba19aaf723681d99b884af34cd
SHA1 206f9d8b84e75ee0a644bd6f195b5417833e5ecc
SHA256 a2036b11f2948331bbdb1eb8cc6ca7693b2b09c3464a742a7df61c1a03ed5486
SHA512 5fbc4c09edf5f15116b44718b2b749410c77c1625fbcbc64cfbe3384e76afc195bef09f9f4e208cb486dbe2864a6ca1d9bd1183e2e7371e25fdba56061e0589a

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 4c18ba5badea958229c88258a19bade1
SHA1 9e8e83afc3b269c68496051d81cd15f7b64ed2fc
SHA256 eca7bfa6885f40949299c7c9466cf9afe1a76532e65a689fe6d8c6d371a1d7ff
SHA512 a586385b0a06688fde7effdcf78dbde8d76defe81d041835d4104390e9b80455edc77f55a250b578d4077b7a39505e57eae4540abb1b12fbe255aad6e830726f

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 928742b6ebe09b01043f6d3858a0426d
SHA1 c804d52755815b7eb55cebc2f507bb9422d172e5
SHA256 4a098ef94d950ad03fde86221e281097457268b033b64c081c70845cc5c2304a
SHA512 a6e75f635a6e7b736e63b11eef8b0ba957d87bdf2d2039dc0436b2868d62785a0120b10b920c9140e76c41f19df01583133b08841ece94ab44778362de5352d0

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 bfc7a246e5200ce1a675cdc42231d972
SHA1 7af213fce67c5657aa53b7783b72473e66d7fdc0
SHA256 91b71f98eaa840f3cd8956593c75af22ee265e6289c0f5a12b06cdce5fc95b21
SHA512 86649d42b5b9b3e953e4fb407acd2d10d7b93143c8b0d1a10abf198392d4ca869418bb2bcdc9cb1c6940d8eb3f94841e0c81db12c76c8320fca9406f2916dda5

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 103b23e30fa22a723cfdfa8f142a6701
SHA1 45936c0ca947b4ac927cd1d0471167a69fe046b6
SHA256 05224cb33844387157fdcb18738b785462f31ec99bdc96689ad586251c02bfc6
SHA512 0c01b54b020e4dc10436bcab680185d4e80222f60bcbde87a3034593518e86448ab364d6994c0df2b093d69f3458166ba7b78fedc381af3f8e520f7525db93db

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 89dbde2f29c0d28d904df147fb0c4f7a
SHA1 23f05406e0d685f19dc661d3620895f3acef3132
SHA256 c7a91538f059d83fb112f5d1811f4a5369d0931ab1168a80153b011983ac5ff8
SHA512 1cee4c47b8c0f148b8078621f36b8985292213548a30b68e9ca1e9ba1eb4ea1d87399ef9e022af033fe451c98584959a67b3ff47eed7e44a9a7ee4cf44cf255e

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9497fb30f2b5c0e5ac66affbe2281318
SHA1 cc41fd98538f4cc56836d8130e64413db405fc59
SHA256 dbfbf788a75d11692effc6f99fa0380d492ed659c01ae0c20e7e80707e479c3f
SHA512 c5d2eff76faf6419a4130fad8ca527c07880a7a971abca5e8a663c9a7b0d9bde63979f338e292e6fbce96fb55ad2ea02a719ba81587488e11c269fe58521ca83

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.EnCiPhErEd

MD5 8985931da1bcd98c6a6d9a1c91a811b8
SHA1 10e10c9e40ac87f68c4eafd7c3654ec289f561ec
SHA256 c94f6098ca9078532221e828b6797415eba638896d19bf3ec1e821988f8a775e
SHA512 2fa9c62c1fc8121b11e96874737cbf5071b251aa1f8c228603951d58f7b337347e5edd2272f96f209c6bd8e9e2a467da40a356220e94ac1a42dfb92e17fcff78

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e06a792d1a70515f7f95499beaad5897
SHA1 fe788227b6a47d3c5e4aacf9d80f5ddd0d62d223
SHA256 76f00e796aa17264b0b2be5c0c3ed2a3f111f1007ac880828ecc1b078a1b6197
SHA512 bc3a890dc46976f4b2d55672f96b1db94b3d2ffff25cb92730cf446efa2f1bc9ea6ad4002fddc0b37c7d6bc77f8cbe6eb835098c5651d481c227229503f72c4a

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f6ff9489fce274f5e94e39f6d3a45d18
SHA1 968d1d63c563a15ba15dfcdb49a3224c97bb507e
SHA256 f3138899ed93c787f8a74bd5cef6305d2253e5f240e7e422fc3a2e2ef88e4df9
SHA512 4b47721771500c197234dfb3f491893cdf2a303a3bfbc23b2f3703b23a37ea777244637aebb3212a30299d406d250724f5947e7e4ac2a2aba94cc2e70483c0e8

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2a7b28e97fe0a85d1f8b6771b256ad90
SHA1 00448a8dcd6f62f96b4f4a8c51f32ed4331e6ff9
SHA256 11c14b30e439215e52c52d9714263f789dfb1e5f89b18dee2b129f82b541ada2
SHA512 9f9af8d4409c345b54d272a95d89d57c67f7bf9d628cdacc125bb5cb7b968cf6eedb4928ffec54dd0fce0a2c850cf5bf0ac2be850f19c226892aa2d9fcb79ad4

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 0c0936b4b52fb9820dba765d5cd826d9
SHA1 684e53b45f55125d794733f65b73f2eba14c1a24
SHA256 922328200a839ee6d122bcdeb04e127ebaee0551a34c20e7047e7cb673d1cec3
SHA512 d6af0f622c579da3447d119a43d3fe12735d7614b54149f0ee736c183069d24eb1942b51bfec9728ca7e2caff7fde364bdd83312ffb95ae3ae96830b40423f90

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 05626513573be52b628a7f62ca4088a0
SHA1 ac9c8a6c359b6038d237a0d1e0a66144413b8b6a
SHA256 9ef816bbad76228e82b5cbecc990b9f522cc3573fb8065ae8f4696f29aee04cd
SHA512 abc6ff1082fb354ed9ee41701748b85cc5c49cbde5e0ed3574695800858f33b48e10d89c0bd79b1e236ca423bd287e6b5eed5f34b23d8814189a63232ffd9e9b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 38876ed9684acb786436797007d8e276
SHA1 1d91a56f30f8c6e7d130940c190b1a23f5f1c49a
SHA256 42cd70d035a51b8add3000d631882f89200a82d39c797eccc8a23b819a06f4a0
SHA512 8b7c8cbff7f4489437621a8a8060444afd610b138c3b4d8321a053754720c26fc1c23b256b22d074ac27df7e48c5845d51d8490ab9f1a6cb61b5ddde3059378a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 d79f8346f0a316117f78e9864d9b7401
SHA1 2aa17b9f25de43ecc973a67e2af2eb72cb273bad
SHA256 f30b0991053c7136cc492454587be1b3fe4c630bec259510d96ff08030bf0298
SHA512 cb7d1d1ac0e779e186e5f15f42b4ffa2440d670f243853babd3e8c428ea4f9651cf05b145dce9d507915ff3090a6e963aadc9fe76764053b8de3b9dfec381ceb

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.EnCiPhErEd

MD5 72f4c7a8cd378b3437bf728d1027f3b9
SHA1 41f656e6d7201abe3840fb662f367bc8ad87eb24
SHA256 072655277cab6599a30c0bcefe9f02bc0a9a733b360bb9fb3b08c66828d1557e
SHA512 e0d07e103c9130ecee32e736320e94cf39f4f2c6d516c3a2cc1456341eed14a7dd37b0d630d36e81db0a83f31a6b2dae8864b57ea16946be4749eac30d412119

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 802b3c8332fe8a3a75a1124d7799df44
SHA1 f9c856b682d79785ab04a5cf8493ad83b08dd7f7
SHA256 106b3933ccb502d4474d394fe6b61386274b1592e598ea035dfd7ae007306f54
SHA512 043931761aa5fdaa684d879cb440883477da2b4954601cf4e93f77ba51408dbb250c0a67969d2ea2528746301f4ebf3304e285856590a7299a917c5d4483bc21

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 a2d6ef7f4fc279dce95e06dd19e4a9b0
SHA1 368dc0098341f8336ba9b3deaa920b5cbf7d4c25
SHA256 9af94fb4a13d45fc8891074355c27337d401e1ae4335dfb03f0c98ab087f4cc0
SHA512 2740bc0d070c447cbed316d28ca16b8736a460d6000456aa2ad6e47b0900bbf135f5b67a1e4270492f2e1b8166b785bfba1bee9185b60c1e3ae886616fb75bf3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 f93e64d450b722ed36cad4ddb8878811
SHA1 c320dfbf4c8c76a36fcd53ac3575f85afaac6148
SHA256 91f34d072bec18a64c921a2266d3d759c3e07e765e08e25e178260dbdff06868
SHA512 10913c7657f7985c9fdbccba0dda35f7fcea534b2eb179c760db5f3a665642bdad9716791823cb7b3ff603f5576e8acc78f1916ecd015b9decd0a8c1e9f29357

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 bac72071cb12ef4934fc55957c5b37ea
SHA1 b83a25cd00e8063c01e5794050ecaa1d9e4f740a
SHA256 4825c7544759bc8f0b61351fda8153925584f153fa400e0f1be1a5c0d1d86959
SHA512 c3ab92386d16e8e314313c4f4dd809c36623e70b1849e34a5e981c86dfad67604828b6d43fc6dce4d4868410c00df94dcc5748504fc29972237f3268ac30ff16

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 dc7193bdb94ce50e3a4bf12da60c49c7
SHA1 f2e5832addea8876e84305404b6016b2b4424365
SHA256 cc40a91912ff83a0960cb359db241ad240077a34c977ad33ea34f19496516f0c
SHA512 34c96a3f2023acf8a501035c7c58675d26789aa39c646c7cbeb25d3ef863c8448c421cdcc5ec4df5a55b35cedbf3af25a997c4ef0e992a9c408b9627f3eb0600

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 630409954913a6fa2e3e46bc756f6302
SHA1 6448a4e296d4601d54d413fd42c3449c495e34a8
SHA256 69ce388b0a3f59461871e8083929b0db025493c3eb1a2d45306c1f5e50e34e6c
SHA512 6aaf704913dc7a209bf1fdd5d07e27646a8f2ac564651e0bc56933cb7121b46c5798a82ed8a49e644ea231b209bd06b468175ea7034a62bd55f34e3fba801300

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 55a2c326895fa9150e88fe373fc6f56d
SHA1 de118a424b272064692401d1151c8ee3a891be1c
SHA256 14652fc41017e0b99863ae23c03c9a008b75c58106153938b8879fbb15192662
SHA512 7291fd65427194c89716cc4e52b3d34da44601d5d99baf74fafb6622e83073473b88f4bc617330cb2a5b59b423ab41cae6f46d827cc357136e8917776a6301d8

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 190ad1f00ce4080bc1839f3106ff0ec9
SHA1 a274e42a225fd8ea0e88064aae749c2b6cbbcebd
SHA256 602620792ff4e055a08b77d10a10dcabc693f723f73814314bef7d96386a0239
SHA512 b848f8bd23e396befba3d65d8c9072d4f6978f04214f30fa6b691fbf97a163678ce7fb89a4473b70881887e779505e445be516da465e0a6374a7d6eca4edce10

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a693a3432864d27577cfd458a6fadf17
SHA1 beebc01c464353e0bf398526ba9d0f857be2cb97
SHA256 83441e4623e863451979c1654c3c0e2c24518b0cdd74e64365746ce07861b9d9
SHA512 855de4b6bdfc9c5141423286f252db168dd441388ffd9a1062e647f00a7a0146ef93ffeb731f83eef353271acfe3e00caadd9f1a04b63bb512adc544f8082e9d

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 ccc8806575ce12cdcb03e541ddff4b56
SHA1 9db82e966119677ee057e4b6b6d6ed3fea2b6a54
SHA256 2cfd658ecd255b73f8ac3c3eb1f2229add9d5781db11ab696fa689a017ede7b0
SHA512 609274bafbe6e009f4a5425887b73f093c86c72f77dfd72e81f93a11be8f114b02e3bcf4541f08af2c747167f48a731d43eecb29c6d83bf1182115449d7f6567

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 4142ce83d85cf918be7b57a44c3a3cb0
SHA1 292017e77fd75c62389bd3e8b3f58d3e0ac89df4
SHA256 28078d3c0d9cfda50d986fc82dd9053537d32b0053b7052ff79fb6ff3462cc95
SHA512 cdb72b485536323f00155a085edc4f6fbcb21bf4c40217ac864a6e1aead2d8abbd77638b80f047974c1bbbdc4785040395e82c4a828ede5cdbc7f71622b69095

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 19bf91172deb28156edc4906eeb68ce0
SHA1 c5f556e64f92b066b5ba8a4cbf6887c3576aa1db
SHA256 947ff9b17563a8230eccdf05e38a1edbfb6453543cdf763ac7aff2cc1257fc0e
SHA512 6204876070e6c539ed74c33ae4bfe7cfa1d7be19baf61bf7218d781c7cbca7ff6f8dd17f246c9ad5ae0a8b04906cbd5dc4bef72074cdd92404e6bf10a0aeb7a3

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 906a0dabca9a3ffa76ab6010173ea557
SHA1 4c4d365ab6174bab1555fd0fa7a7631175d6eaa0
SHA256 e58498e5d8559ca5f3fa91f5506c2cfd98c5d14e9a120edd5eb686c5cdd2fd4e
SHA512 1d57d97b83b65cc60d2d5e9b86345b871e1793d7215cfc939bf3de8f1d9443ff91c86ac5de54763edbcb374f84479ef63ad09205f233339f86c83615103ad44c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4cdd1441971121571336b328614aa714
SHA1 a0f8082a1df37a64d8e320ee044cc83e9f8b3650
SHA256 eefabebad453aca2e68c8f2772d044b0507d348fa66d5524b27bcae4c8e8cfdd
SHA512 8088bf53f526b3a1e5da0e0554c929cfab54ea4274aaee3a82316a88e198f5d4fd7e4393d228b5cfaa78612edb6738a8aab65ac842e205074515f87c0cf5bb65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 e1abc289bb2ede3c734847a0beb284f2
SHA1 7d102d0dee9042eb5c0886964376e2c79c6856d3
SHA256 21bb7cd7b92d7c86df1e9278e961261426f1236231a373c26325a16209e48c06
SHA512 51b77df94ce19642ff8a8e6ae1f8815f1b5f829cb17272c5507aab2b889ad9e928cacf64ade78a0d95940a9ff6364b1a940de0df92cb252e19dbd464ab6594b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 85cca018fbe262cbcb2c309be6ae779b
SHA1 043d51c94e538f646d891302b26208eb03c8555f
SHA256 33cd95e9763c17cd35f95e05749cb42a560221b45ece5388fe3f7cfd74c7a703
SHA512 2a73895707ea002b440e523c792b7d8f550d337d0d3335b016ff4d718dc41f91fc9aaf1bc2ecb04f604c1b1bf561bab83f0e809fd354f1cefb3096c50f46c8a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 9fe2bc1a24f779cb0ea5b1ffe0956c25
SHA1 97acdc1e938de78095bdbcdfc32e41976fa63179
SHA256 5abfba7de2fba3b17a991b11427b7ca7d503e43e91e07bb6f96007c119b40cba
SHA512 400d0148642897b21e6ba9146df3bdea26d4bc46e6bc8b235b5c28646c449d3d6f514c0cdc3a0fcf7861ef1661a8d2b1a7a6eb690cac3a6d3fbc12b01f7ccd29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1ab439564e19e3faa38c044704e1d972
SHA1 423791220b3d4fd7d5859ab46eabece6abbac076
SHA256 be6e1bd960fdedda66d1a7e2590d064779c25ae2ac6afd2208f0f69dc37ebea0
SHA512 980fe7a6b4e55a8fab45a0e6d89d77810211b3286409e869f891376b053159225e826cef4c0a3240ee953da3f753a108d42f0df9b34650b2850925f49efbc143

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 36130dfa46b3520819b71db8b212e19c
SHA1 d27932e10349195ce3d8ed6496dd1a3a330b2c26
SHA256 e57925fb4ec627a9ffe809a040c8590f1bc3cb2bce60a33d7aee87c45ede4593
SHA512 f18ac6efbb226083a1fbec3877a8c92e8153f9a6abd6ccbf64d034cd3d70e1face28c61961038163b5ee8f712ead1e367510254fe1f8e587ff109799e7454d3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8bcd4602f727327b50c37ade8f7a7230
SHA1 24deb46b41979f30f77616c5ea5921f89eb15206
SHA256 7af891671d37255517e34f98b4510f383d2b303cb2b2084de7b3f717419bc14e
SHA512 ad15b39515cd235d7a865ce2169b46b0e9cd57a738f90b8d2c00518b6f7c22820d0afdb89a5efeec2bfc2bbd772f8644cdaff01465cffc11318863b2399917dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 88b1e2bcca40fb3a331c88e6e16e7afb
SHA1 9706a9300bdadb85f6cf2c4def7e4c2e2502c8b6
SHA256 3f49a8c53b7aff305bddbd3e12bf7828533d77c84ba7c9def96fc4326b9198ed
SHA512 7ed08a119a95cc42b25b35afbd4adc6d9b5175bc152a98a90cc84838bb2e15845471ea79e7ea86ec22124a5a527aaef99b42784e0f5743b5d403069a5226e154

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 5397c3b7a52698c96be4f411918e4d3b
SHA1 7872d04dd1aee03b67e648ed9f055a7051737087
SHA256 adf86bb386a433201ce27d800c8a10aba1624519dcaebb14c1df2b620815efdd
SHA512 caa5d4fe203de2c987b1109c87411d54a5b2f47e0b8f931c118dc33335fab690d42b58f1f4d9d77f63707fb22b849e30187bf950a97222e74b8cd015bebfc02d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 b29598a5f57ad19e010240a1514f77ab
SHA1 640cae5073788b1147f5de7984b136767b168b59
SHA256 bb20fc4877109f83a79ba9d89a56f229d7c0c5c113ca778bc4a9ea15680e21ff
SHA512 1f2dca9cb243077bd3be1ef47aeacff9e3609e5e1d60a367d0690804367c415f92090e1327f8c2f8119b17fa6726a6278b30cac0dd1283d9aa1c4e4d835c3899

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2724909292924a9ce1c1eb1e025f9fa9
SHA1 5888186d13ac9223f5fea0a1e8ccce252f0b36df
SHA256 e466c612f7e5a993ca2b639d08afa882a4c64835d6e1178425b7426c451e2261
SHA512 a89978c57d8db297ee7fc846fb557ef4925b8f368cedaad228fe926ee14e664d9000198cb1fdb0b79ad4450b2e95902d96141b84cb799fb7ed50a72a89a26b0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 ba1e592da78d5716ac2fcafd483179de
SHA1 44ae30509ea331a1e362de85069fbe560cead040
SHA256 bb39cbdb9b4b2e32981942654b74dba28138f49b8ca571991ca18b21560939b8
SHA512 bd13c67027f7e91b7219cc5250f0f0a5d5eb9ec73a4d4c53293d4bb297a52561eca5be026f3f40207cff48e8f31ef6e1c0c884afa314463f0b62a8858dfcccfb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 6ac352972adca63977dccf8e2e8fd2b1
SHA1 c3cf0cc7de32d277a178a934cd65572369e35b09
SHA256 764121a3e0c28b7458779da1c47dc770058ce0ac14aa9b5c383fcf9be66d7b58
SHA512 fb1029413b9fc9ea5faf2606f0b8e8591b6724f0e5260ad3ea4bf3fbe39a30178a8e919d7ace3026787fba8b6db3b7b60fdf5f852c7b02f608eb70205d13e177

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 b9332da6bb983cfe50e1c642f4cc9740
SHA1 188d72d9450373b5db059bed18d8f0a75dad0573
SHA256 a435c1e491b3f1fd40a0df0047eb85723bbd9b616d53d3bf2cac9f5a2cd75fc8
SHA512 35118aaa15dea9f1042574fbb9958fe46d86782cfb240725c541a791967ae7731b8e979460dc4ad2b58c2e4fab4a0585ca0d752c322ae153efcb7ec24046dd6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9a80aaa0692d5e1c5c374278500aad10
SHA1 ca12282e84b0dc2b84d664e92ca517a0f2ea87cc
SHA256 3fb72c31d444c6cb1dad5f839b69affc6245d383c802337bc7a4af13a78e705a
SHA512 4b591e03667b1e0cd8f0bcdcd22f470af1219d61f5943ca4adc1aec13708d6a715693676851ae16382261ad44077c8db9360f18d7ac18095aa5b1df066dd6033

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 5c6bb659894d56257044f803f5da958e
SHA1 660c4134b8ad3618f99d8b326f8e758a386fcde1
SHA256 382ba8dc34619fd961c735e43fb4a219064de8c261c4605082cfb1f7010abe24
SHA512 914c0da558619510315157ff3ccd71c8058935d822c9000f4af9a273e28d7e263129e05ffb43b416b26ffb0c226fc33038698b013ff66b0e1f25153e6600ae96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 81cc0a0b27974e4ab502b2d7dc965349
SHA1 3f93cd007ec04d3aae4ac699f5b7bfe46a87fda1
SHA256 5d890123269b249b10e38b6c76ca1d9c90255240946b68bca6dd442be43848f5
SHA512 e18e9011c05ebc27b557d5078cc3fb0a4e3a4a54f215f819fa76995e2822ead3dbd997f2ff6269c6dd74422e013227a444ca1db89be648332d37504163bb5fc2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 d0ab88703ec5cb3403b8f5888f91f9ee
SHA1 ebd3df56988eb2a665352780b32411ea22bacf86
SHA256 6587a3cfff57fe51dd4bbd35913cee10862c0c5254a28eb126dbf91511e3d1b5
SHA512 726722b5a65ff70abd737af4da04584f45af07fee938ffa976ab761f25f1b00a04cc185c8aae94d10896a49e301b122ad00db52e85ac4abd48f71e363002428c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1a170b8281a07395ce2808ea98f9fd59
SHA1 4646f8b4daf8efba1082742b2758f34fbe13a412
SHA256 d88a6a26a47128b327378282ea6b8399c545d7eb7240e7473e2ededb891ce57f
SHA512 25115be64070ce2c45c1ca5c4d201779f4b93fd1093b7f706c5e8ee73e54f478610c0ab211ad321b1d0b245aa7171ab57ca4eaebbc510ee4580917d5eb7e6d22

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 56a185468c0465c9b5d27cbde4641bd8
SHA1 398de6711241bc11750796ff3a3a55be4a0becf0
SHA256 51e8a57bc5c49bd62e887b0bf3d4038b584b25ce6b228b957a4ba90eb2e25294
SHA512 b351b92f8f6c1cd34122920044635cd2a70a6914f3bab21d9829e797a9e08f337731c6219d849410916ddd516b010c9ee16ef9c794106e56b00317b757c3dd35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png.EnCiPhErEd

MD5 8296c39d875b83e7a3b0d2028b300c9a
SHA1 6487a9fdb00096796373aa654119ab3ae36a3fe7
SHA256 1ca3c4bd1835b9e627f18e7f1d91fc15781c449ec412e3bfb75c9e32138d375d
SHA512 198ff6bebf90c12210960c020427d74d706f0f227d207da60c6f3bb9ed402ee66477c5cf5cdb18510311379c304f8eac18499c6386f718361ea55797745f738a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 a12805071a81137075025c3e60ad6903
SHA1 edfe6e95777da76058a16885ffbed57cb3a276d4
SHA256 7a320bb87174f5bda03a5919ab92ea97a515dda09684069dc8b0d84e7c64f311
SHA512 573261cfb5265acb27631e07d60f53eab1bfac66e7d09e843323205db481d7871fca54a48b9476296ff13a1165bb2be60be9869dff7b7976bd675302324b8959

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 1e7e83f6af20535a182507c3462d30b4
SHA1 317f25ee6f53bdba56452f2f44a7639cde3958da
SHA256 b513e5005742742e6db9cce1894bc3f85cbfcc76501e2addfc9b1247718dfdab
SHA512 01790d95f6b902543cf720eea4e0a22ca8c77734b4990bc15a994c26d22ec23ddfde6f8195507d0dbb487e91fe32abb64e00d974c5303e7bc1e47dd1b96d66d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 4cf6411626f7b418bd3467171777fdba
SHA1 3aef3050ccaefa6b873a51cc145233572567d354
SHA256 143f3d01b805a032e457a504e448d005bb34d55258eb762e63815c8aef5f7ee4
SHA512 4fc2890b0720615e75c002ce4ed75c9d9aa2eca5624e2d859719d7e4fdaed2f56a0790531e49d81ee96699a109e91c598d780345784af7f49fe8473ed3e8d1e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 a5d8f340a4a6e45275d40dbe4b8cfe66
SHA1 5287d651d9583bd81a6ff995fca14e2518e38a22
SHA256 2e8bad10ccadc42e6044d459433bbc0df4a6b49cff16279167a87e02e3bc331f
SHA512 f80d8b1c10ee78500fe67171886a522506abcc950af589665c481c9c2f484b2937f41ef9e81f6413ee5c3da6b132e9987e43ea312c35b1a1b007cfc7dc133235

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 ffd82995c600b0bc71b75f5d1eefe3e7
SHA1 7b8424ca11bc5e5fbf9d317010e0a97e1eb59c4a
SHA256 8a825843328f3b9d11dbbf2deda635b8b4811a33d683eee3fbc1ac5170aea5ba
SHA512 df57e15852c7b5784b15e5fed460d7364a9f024046bd6a22675c54e29dd40c0b3aa66ece54b777c1b732307a72a0f8e5259b38eaa286de5fbb80a10b87c72419

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 bbef2aaa34af4053e70f1f654a44515d
SHA1 169ca9549551334628409449244514d4c3fb7c90
SHA256 60df195115ad8e505ba050302c11b7c0e3a22bc1c8d4f3f79bbe4c49f0c21c17
SHA512 3882aeca95361f0505e9fb7e5fa447727a0fa2727b0336473b070bf8caad4ea06fd6801b763ceae7028b7e6796c03bc194be3a60217a4ccc6f6f60f41612910d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 27b4f4384026683e7ac1cb85dbbf2b47
SHA1 ecd4e2f1f59c25e1f5795c0233c1bae7da26bfd4
SHA256 a18a0b25f236e2c57bde3f9f0d1b483a76f885c895d8b504d608392a0b0ded74
SHA512 f9b3501d99860579c971816e2f1fe997a2709f8534af72961cac4703fd87df7678299a40135d374c3d3da662b26fc41767099223f9efcc26524cf7580a581b72

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 beae494d68b90f8f4d8143560d0e843f
SHA1 70550f3e6690716afe9f804980479f1020369040
SHA256 1e112b83fe88cdfca8f32d4182fb4f529cc9ffc863ac5fb6cfe02a9d5a23328b
SHA512 71961e4d4ee15cc7ef6cef4d707d86c51f89602531fdb4019e99a94a7be1ee3dd40a15906982e5a3cbfa1551207fd3d6fc2e2e78c4fe8e8eaef86c8378878b5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 3da14b681b7d542ca0e51eef428cce54
SHA1 2ad2e264b504403f9b82814a506ac179a1f7d7bd
SHA256 3fb2c5ca730fe6d1d0d73d4c9a8da6cf59ce08455fb33ff97f01088131eebd11
SHA512 5f9404add7ac4cad1226687acbe8ba4207a02e722d2b00fa028f1d0d458eef602689d3f644e47114685529127b4d17e6bb76999f9a71463504da838fc5e1bfb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 02ac3a03591a3c489ac7ae23ad9bdadd
SHA1 94dbf279a204b72b01187c7ebd83285108181477
SHA256 066c2248b87e2d465e86736c413aaf4d483f03afe81e425b9ef5a6c08e462261
SHA512 af45df637c5b6dad651951705a6c1192448ab56b1d303148ce654de667aaf80ff46a0395df871eed0579c4ede65853b175d3be48fdb9cea83a394ce6c1a3d23d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 12265c71ec5a26fc4d36834bd7df0830
SHA1 a2156068dc0d141ce9c97a40cc0ebe9d5e838642
SHA256 bf3ebb21c177e90aa7b77c7a1c7b05a8f035bbfb1580ce35b7fb786f8d92973e
SHA512 61eaf48e4ba8fcb9f08b7a569ecec32d8c8c45b5ccd5be9c6c10a1574e7367f1d5033d7c069333ee3188df680b5e4a49ea9d1d7908f431f40365866429631e3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 338071034b2c59471e0d60d2749a7ac3
SHA1 cb3e0aa075096f2bbd48e4da9c904a324b9442ae
SHA256 c33fd965537b3fe41f883673bea9904c7f91769d3d1a56ce1400a6b4998d0b5d
SHA512 420693928150756ac9a83a3347cf10e15557dcf1ac94d4379fce77f2b55b0273e974a00fee0f49a61aa87cce1f57f14c81b22db3bd9209b696ce054fa1222cea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 999f734a72c69dba78db41afdd40e67a
SHA1 260d122999725de77fe28498cb4d168bc51fe332
SHA256 2c2c714db5cd87a1e6a7482931139c572c212d04ef8c7266bba1e541d58aa45d
SHA512 2a13778ec262277a280d604dab80856017d86f9efe20b0a9ba7ec5a1523d142377f7275df881c6fa643b36b10b32a8d1f1168c4d653efab94c562d490eb3251e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d7767db8d6ae135c11d4ff48c96634f0
SHA1 b7076b393fed34d1a00505e6b17f41033cfb40d4
SHA256 d53db331c9a6ef670e155ecd70240330629e3cac794a856047c78e8963ab1b0d
SHA512 ede0f8390b2f413134c8d48e7b52f433884c531da9be717dcba670beaf5d7050851d3b90ab0b1d5516046aa4a2ec31dbfe4cd5cc5c628a6a7a3e0340629ab53f

memory/3452-4947-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 528a31cf3517bf162b8daaf2e7980aee
SHA1 2ffba2808c68c715cd756a6a0dfddb31676ed1d7
SHA256 97c4d9a1513de15e46166f13ac963f30d2ef0b951e2d38a91985b2e969842069
SHA512 de8ca113dcc181853bbf2e5fa66af457cdc7c0d7a3a38cfa40fdddc8cc942342edf8ea6d01e9c2f1640a29ba02c12ff64810ae2398221cf68db6c9ebcb6aa9d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 3b4ad440b55cbd799aff933b84cd76b4
SHA1 a549b5cf55216340418793e20e55f9af3d2c2f0b
SHA256 641dcd87be40196f5621cf17a4e71f7b73f021aa753f9d6a77f27a83f0467e87
SHA512 5efa3d6b19ea2af630e7ea2125c40bbec29aafb2406ab722f03d3e19e2d00fc618722a633ac45fff326515dad7d1c7d7aaea879504c7e0e02a6092b08a4ee7fa

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 01cda515a9c7aa113945e3f9951a8859
SHA1 f876887322688944368f5c2b1f195400d1eac062
SHA256 eb7513c77bc37430e4be89e1a1ecb14bb3fc13f94caf41025764f6d4bf52b1cf
SHA512 ea2df0c979bbe0d53b3bd5da9f3f91d8910b41af971ca8a0c8f205aaae9707ea833b61136ff3ac30bd2869c98c5a676b1a93d11a5f5e5e268d21c69e6969b2f2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.EnCiPhErEd

MD5 30c7b90ccb112b8c5e0bb0d068b00d16
SHA1 d6d75d6980081cabb82e50c75a27bc969ad028e1
SHA256 9cfbce93e8f55bd9eef9a411a418d4c43983f81e1fa78b2167ddcfa5513fd2bc
SHA512 6f60151c0068c387c00e424a3d2ef652824e258366d636da6da8278700010b2f617f67f0349eb933049e9cf458e695a9858369f3a5880d88533f962b16fbce58

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 ee2ea508ec2e11fc438de977a7dbd413
SHA1 85d9e21d4657bc85cf21817e1f61d022821165bd
SHA256 b34d308e1c1c45e7aebd6e7d04e950c5773d9bd82abcee42086f919327bd2027
SHA512 f1e648492b9006130d5876b507fa21b87bff4fd743a036fd85816734dd12bbad831cc8b82909d35631979ea99c8bd1787f748b623a7ae25846600ced28234818

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 0c9869bc8d6ef6dd08932e5ad5e9eb5f
SHA1 f6a94e88b8da55230643383ce07c84cbe50cdd56
SHA256 87705630f4420c6d8a0e2d72e9795b6a88119447df4a299479e30f25841066f5
SHA512 040f514bd487ac4017b0a7b42ae369389cb4a928e6ddc17fc5753d0aae9a5206d95764618e7c6dddaccc6f7488aa8df486b4cdcec27a7fc3b5a4631927e84b6c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 368df181f2c9c8cdcc9006e1f7729b38
SHA1 3227a105e114bb444cfbd086d0b688f12dad09b6
SHA256 c374afb75f47705663258f6a33d6470b586a71c87ff35633dce27c574c86ee11
SHA512 99084c525d7de2f2f73681b1deff8fe8563d000fafca73d1266c54f1e7127da5a4856ece635d090cfc44c394d4ed3d4ff5d3cf768572afd767f09ce0e3c7bf77

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 31c79e14044cf8c57e07d621e6d7f4a9
SHA1 089bca200b81fc914e160123209c81f79aa50614
SHA256 d4a85c854f61211ea1d19d64a9d3114b6c883c889ca58f9c9ff48d47cf9625ed
SHA512 2b2bf039c36054b24639b1d67a66474498cd332bc40a9477979bf55d41717e50cd833cc1302acdcefac8bdff2bba92f4f560df06f9ac957da7cc0235d8864d54

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4a25326f91aeb76a96414e533b7b2254
SHA1 ce040bb3f8f1cb07fd84fc7446bc3580cff99b69
SHA256 f0a2a5dcf80529b07ff1ed28e85f90fdf00dc3688fe43671dea0d80e9949a0af
SHA512 a55cdf79ff62fc6f0366aadb5ac00f39628181227ebf9b7f8082762bcc4bb4047f3c6907db19df38d8afddb748e63f6fc8ad8c202ef664caeefc1abd5fa4673e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 48b4013d03cbbe31513ade194586a957
SHA1 2bf75507237532e7f55d1b18329790d582cb4e57
SHA256 20b15ff2a213d1593fd1dfb363a016f7e5ca3ccf64b376c2591f101fe7a6ae9e
SHA512 db2971d26ca6be8865ffad0389fdf3d2ba9448f5a7d6f966f8e51b2fba6bf39107365a5700200d33c1b093d9b5e34fd3ff3848ce8b5e24f9de12529fb9a4a10d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 c6362c12dc03de73a5e7831207ef2a75
SHA1 40f031f521979a778b5bae0806b9b92398fbf12a
SHA256 95131a02d47d9b29c209486729ca3cfcccf55de8fb0709f4b63f3a6ff42e9668
SHA512 7b6ed8767f3377941165ed08e92f7e447420581c847c6c2d39f2a8efaa6f8914feb972d3cc0d477c20877cfcc5d95b353861fb909f36631e5d8fb31788893955

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 39115c4684e104955e2e3d9ed885be5c
SHA1 1d4bd85d48df944581a3c7256698aed2ed4c67ad
SHA256 b553e63669ceea59fbbdb1256c124f529284b1134ea968429d6949592f61fb96
SHA512 2ce9db8665cd2de12af175bd348ab59fd2c84ae89fa692f2d18f1136a536634e92df1829a1a44b22d1088745fa80236a81c55a00e8074011cee96d6f5f25d4ca

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 91296dcf8aeab10a563b2d26e98e2ec8
SHA1 88d4663cc67c6beea84708240e902c69370e3a7c
SHA256 f3da7e7103a62f4ca717c23583c01531cba9da6921bed634d247f26932a9c963
SHA512 4b324aa779f90c0fa1229cb14950c9e2896ce4ffbaa701e96a2effe6d5feee852bc9c30f244368eb1bb6e83cca5ea5ae34df122ce4449f2b9e734d0883b7bfdd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 60729829e97f2d6d2b65a924c525d146
SHA1 6ba98106b4ed9c5082995dc2e74d52612f670a30
SHA256 25fca30ab4dce66135e9e39b4230c8707a881779579d2ec7d286e4c4c5bf2b80
SHA512 1051ed12354282137af1dcf9c711b5a005003b36fd5290dd57a27dcaa68009a987134873d8ec4e260e2d211346ba582eb69ea4098467508783409e368a20e436

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e74e7718f15a99676157a315982b56e1
SHA1 f475cd45e6fb904856451d15108bcf78cabd1ca8
SHA256 4eced391273df13a0a0edb50c3838204ff7b7d15fc78c6f106e60026c9d3effc
SHA512 c56b1254105421af9576eacf311a32fd9619ed821ac335b8950796a695da97804f437772268fa0e87cced0a27eac1665a4739da17e1f8180c60b3b44a0f8d0e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c025159d1cfa66bd0f263645310d1c40
SHA1 65812dd7d16e8b3580d9c9cbcb136a4d532fae1f
SHA256 1113235ccff58baf0ffeb80113747549cc6216ccf77ede66e268fdd9b8f6059c
SHA512 4d660b55158736649132e67eb5a327d86e694758fd76250026881506656ea1fc3e7659c014d72d4d4ad604410bca097c0bfaeb0cc5f5ecba4beb84b983546d72

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c7b73603d36ddbcdfb53229659e2d26a
SHA1 5e35bd21b5b2a610c9d60b5888b3c9f100ca5e6a
SHA256 2b98c05f610a373ddeceb6d687da742aec2a76e8392c3ec86462df47b8395eaf
SHA512 36dcf09cb6674a028e5bcb9d73f460fbd9dd613030ed74694d81a6d9ef19f8c0d8ba11829b7555283bb6a27bfb1c01cb3d1ae596c0ba965eacbb020f56a281da

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 724ecd5a2b40a8d03504b9169ca55376
SHA1 064ce2b5e85080d9ef69ef2259d2f4116571e7cc
SHA256 4d9fa55ec08b59d844d26c9f68278d84b16f3c0d907ac65fcb845ea41bdd7809
SHA512 a51cda05158067c8daee54663227a22a3e67b7a7c1593592bc49a5b065b25720eab933fa7dd9729affdd5656d030cfe14880a99cec551c734a636392a28e64f5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a59a6116b7e474b75e61178c7fa4d78c
SHA1 8e94b29be68a0dfbb0a2fddc519f2ffe6025a7de
SHA256 41590e4538b9e991c880a3345fb257ef7358a9428b8bbc66f468405b99c69620
SHA512 1e527ffc6c3b084640b3d37e69afac3061ed6a024cdf17a508d2f4a346b61b27e69ff8f5bac9ed72b297a8a7a92231a9c1627673439d46011770d530d56016ee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 ba1e382de783b1ed6fefd49fac0ccbb2
SHA1 f6b3d671ef49b8972f1a01cfa449a5ad0d4c3393
SHA256 5457db32e748aa2aebb901a2a9433babe3a365732b2a581fee8c364e4e5ac5f2
SHA512 472b8900e9b70523f894c09c95cad3ba8b68abaaeb166cdc54dfc3292620684e716b34da214ba8d5870f02946db34689b2fd415f4c5ee97f905d64c720a3b298

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 05f3baf319c5096c1864562fa0c8daa9
SHA1 25b7429faee2da9c00fc7607527539eddf79eb0f
SHA256 fb289108d5032a8c3ca7e08d6d137a8496c0f336ba642ab22b7a83899676d1ec
SHA512 312c38dbd6be1194048362699c31a3f88e09013d927ffad899f6162851da28184120e861669dba14cd83b5359ab0ef9c25b96e196ddde224f5df5e6a15ba548c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c2d5e96be90d8a85cd4c9a6995cc4a45
SHA1 2f6c59fc5c968a6b6b4250c4acaa76938ca52273
SHA256 87ec132f67ac61a59ddbf7aa6e4da52a6f79d23b34957ebcf08905a74ae8d801
SHA512 11cad8e9f3692c1f596fa9aa799a834a203f3d46c5205bcbaec84b929026599ee14ff86a4dab857933b2030a7c1ebf151f460a0d4ab0752171749f17d71fdb0e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d2e13bbe4583242f4f96784094c49078
SHA1 b5f90588b2ff93fbe0130be85543a52f6b36574c
SHA256 7fd6dcb2a57077153feb1fc2d177787885f14ac2d16aad9404582e189bd4156a
SHA512 f6a7829e471e6df8d62b04eb7e0602eda52fe0c77062c5497a37e35293f91c13a5f7eeffbdfffe7c1d2e6f37a88d3f7bb0f14497602ea6498a3740477f5bd65e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 43b84a61e9ab844b536ad9eb94abf290
SHA1 f2876d609f58415bec216c04621d0834ae6044c8
SHA256 8dbdd4d92c10dad7d06201d31c2939378b5624f8f7f25af1c6e1e8702b668348
SHA512 67c41b8f6df85b1af6f5d2301b009ccb2080fe802c4d1d7c4b0e0dcb280c29b1b588479bc2a0f7098c33f46c80a6ac80f08758927bd998bac281343cc43c0b66

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e778d0c3b4fd9cf47a4225c6c227d47b
SHA1 0a7cb019b89a7b7fba8a916db72109c168787f06
SHA256 94729bed55f38dd182dd63cc8f13443e817c75bb9577db291b81a657cd69b218
SHA512 eeb9d6de4a863a8aed83e7fa02bfca0afa3b3047c29c00e4a5c5ebd07dd1cb2fb55a0357299a0ac115e0ee5bd755cbc5d437cac27984cfed96d1527efcb9318c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 65548af2a668a998d3df81f7d28ed7cc
SHA1 63f2a24da5f5a4dd1a52bf8ebe37c3db131a024d
SHA256 ec7e9ed2df92373af78bbd049e1b4c22c2ed6dd17c8008d9987f3af00fd4091a
SHA512 48de467bdbd889ebbdf43a63051a9d98bcc9ba2642abf52fe5f2a33008c2d42c1fd68315f770ab91983239457eebcf92f4e5344235a162faa8397ea7b3e21f9d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 2408eb55a2656ce103791eefaac9856a
SHA1 95b57992c3b2e8f5445875be01b6b7f65f30dde0
SHA256 6b685d8d8b7a044c2112d728555e1e562ec31433316f2b0ef6a6406db9b4ac30
SHA512 a6e00b4c162663b46f85b3d1ef0eb768fbaa0a6f534129f19a87edd2e2a1ba5f8927d4ae0d181b909b3b6a435ccc8a2623cfe44f6a8885ac9555156aa8739ca6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 cd0dc9376ac861adceb6fa8e85c85cf9
SHA1 7a736a0e6f964c1d9ea7c372a13b39d7dc2dc218
SHA256 1e836cf665360b33ca3eb8ed94b2fc166193292ab279d32082dafeaa143bd7bc
SHA512 099b4538d2a5f8470e955be25778525f144e4090ef70d8c77a95935b07d4c2c5eae412b2d4a077d4682a157d447899009177943bde109df29925fe0182c972bc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 bfe8b380e241e096e862501be63d6106
SHA1 92ed2e8e3e7cdf80c1754c66d968a81bd15c95f6
SHA256 8f3cc4371987aaeca9cd5993336081b7da8b1a3806b267e8f266b060e1179b09
SHA512 7e43881d2ef52d4086732ddde2ffc6f4a4c9170a179442773b443c796eb016ef24dd1abdf6f61b769ec8f5ad05313535dbe3239ae7f499333a20b160111287de

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 6eb17b71fbdd1a6339f9b13390211ce3
SHA1 52e1df07864151f4e4623dd32fde3e0ee059b267
SHA256 7816b0c433b7991fb71ef2c5a7553604ae685be0b380fada5d156c8b614d4c66
SHA512 2155043d3fb72d88767d0881fbd70d5b0df57990bfb052aa7714c1d9d8c929baa8fb5891084585e4b9cf61296051d809bdaa6b119e6b58f720b160853a6d1ec8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 a23ed7746cdf553fb4b65364becfaa83
SHA1 c9d1d2f1b7f2604bf5253ca7267c5245cdf25003
SHA256 047ef84899c4e16e946585fe0a51feb0942618a810b284a0540ef4d067f60f60
SHA512 c0da2e52ec699fb0616b3afeedaf5d4a5744100fde459e706a7b476d28c516f4a1e449c3d5523148c04462024c2d5dc9edc8faa51c16e2e17b125a336ac0b7b5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 fb45e34fcc8a86244d84eef790ba3d80
SHA1 bb1cf8c76d5677bb02db704853eef08ea7fb13f3
SHA256 08d3922153cc922b927f2e36197de45c6003f7292ef2446069d771258b920922
SHA512 eee70f81aae813f1b28fcf4b48d3acd29793bc00c7be51feb77e57d39eda59ba74c80d29fcfaaecf843d25a0af27ce51fc4ca5e3d62d0bfb3e107d5a2984db51

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 06366fbbcd34563f0fd172831bf0f15d
SHA1 cbdfc4fe172519f96edce0f9afb95484b19d0c50
SHA256 1a89be309b90492111afe6a999aec1e2a3eaa805746b7fe0145ae758e323bc8d
SHA512 67f55f7b2f173be988f5ebaeca2afa37eeb7c1893bd4d72246485060615d9ddd5acc66f767c3c78ac97e7d7cb79df05974a5b1332b12843364c614f0927cef73

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 a912596645ff5d3f213519f7fa5e4fcc
SHA1 bf9af662065f348a8bcfbe2cce81f414c4d060b0
SHA256 ebc763fca84f0ba0653b34214f3d2b298c15e3eb5170690fa1b15753a6d21575
SHA512 cda28a8fb5526991c0f476de3c5e1170106294dc9af11bb092860946ff56f89642a6710e05f224f97ec7a6113e4921dc04c504d5a711d86b021eb9af6051762d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 99fd2af4a5a30a6c76ef07d42cee4281
SHA1 a1d129285d467f337f6e12bfe678afdddace6272
SHA256 57021ef9482d205e996a40210384fe6fb02846dd70c80ed23374fe6d512dacec
SHA512 b88a5218ee8e513ec45638a29992dee30237cc9a5827363dc68e1fdbeac3e2c4524ed83e60f30b0e1d52439b8fb318998936c7e9b9ca49b53035a7ad0267bbb8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 af2c3525b2ad89ecd5d6d25372f4d258
SHA1 096705c5ed8362fa140cb6a0d8f8b064b03944cc
SHA256 3f831a7298f0dd96a5ae27a5b78f36ca4a16a085dd681d89a51b4e60cf6d5af3
SHA512 e2cfb781b91b05af642b00093bd73247de7d2cfdb5d3c8a2f67756ef65f3ee5019a5be859f12d63fdc425bc44cb07266dfe3aa789571c508235e2ce31e2d4e67

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5c04b5c84e0691419cd14e3d3c8baad4
SHA1 5a59985b68b2db63cf60f9156db3b7c8ab2f50fa
SHA256 9ea41329fa15230741b207e51feae7346ec28fcae035241f294ae8906f75471f
SHA512 0949564e132d7fa5c8d953ee3a6cd4f9441e57b1446aab57f029c20ec6a604746f27698d1ddfdf9b0a45bbd34d026590a4b167a7cb91448d21ba328c5b2ebe10

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 97f13559a055283a5d9560b1618b6b4e
SHA1 be0c721971eb3a41560980738339049da8fe78b2
SHA256 fcd938e3f46098dd022d387b3d50f4c8817d854efa895e334dc1a275642920ca
SHA512 13fcb7b4d94e055a1f5169354200d4d18ba9868d24055e96b8779af6d1ad8626d29ab8e23de24fa2c909baed469e003e059dfb1ef531c521637201b6fc2b0d0d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 c0c29e03d50c31cb4e24796f4f97444c
SHA1 34520da6b7fa3cc4c22ac14e910097ef68ef1c96
SHA256 49ac18639d1847d17c78259814bc094b5d383a0fe29afff4fc390aa822ea5d70
SHA512 b55efa68dd3f49c4bae1066f829b0269d9280987abd7d36f5e8c786154638c4e08dc24f9ea8fa312e2a98df10e04f4ab29472f19127dd8be547f5a1dccb8c1b6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 ede654e04db4795f8526165bfe51bb2c
SHA1 758ac020fe0adca6bb75be9195a784664e0e239d
SHA256 1b9f55621bbfe9d8b4f5aaa93ca1db2a9c4307b9a40d05df364dec7efc615f79
SHA512 2cf57a9d06b3b845f8adaa22a13ace65fb910af1648a0753b08fcd347639694be41c48447113d97c3f12ec616317dd0696cf7cab8d2af6a669a146876afc1b5d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 64217f42afef7385bb9e3f087714ac15
SHA1 adcf5821886dd4cecfcdb963e1ecab733fdd6f29
SHA256 ffd65bf19c2d4db65aef4c16e425f10aba75e17f40720c54010cae2e004bccad
SHA512 c624e17c4293b6d18e466876966236e2b8b99f9b24d942204af9be5ec2ec6a10f6268bec30c5c88185b33a1c638c2bb6d456b4b969bc7388973c3ab9c5de28ac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 b274b59f28e15a89904e5bee654e4f29
SHA1 c714d0df14bb41ff5079a0881d2fd0b52c0aec30
SHA256 329b54e5418f818dadcea419a32a246ab3f2c83bdb80a55497dd76d68983fa31
SHA512 2b24f2534846dbc972982208ab9295653302a44e3105424c3dbed1afe1489d97274181d71cbbe30db7b6bf8b1058fbb1be4938cd6cc8e4fa4a906d6702e0157a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 0986355530b94f8ad6bc74b64997b98d
SHA1 455602555fc92169a61ff1ff39b427101efcca79
SHA256 2f028e48e93f0c917163ffdd1c8069c3d838f5d4761e6494fe01c30c0319f372
SHA512 8120c2374e589010c84dd9a5e6fb080113e08a3b17fb480286143ed51b3a018c6889fa10ab26a59919688e882cced5f5a5d4e5990a48b58043f43ad9cb52f0e7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 176ddab956a31d8ea3883558183ce29b
SHA1 f6bfa2708aa5d569ce9a7a50fd4c5af2264e5e40
SHA256 b515693531ba710b793ea707182e809f87e046c90e26db48e9617473bb29467d
SHA512 a178951664d58dc5994cb4143ed750fc6e2a218fc29378f9f8aad603fc0475dcac4aee41ab15a06a0e775b904b7e8d6b59049e16696d2c348dc23f20a0daacb5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 90b1d7f5676e814907f8b9b89907584b
SHA1 ce1d04742e6d96f84f423e2a6fad79287f00bd5a
SHA256 668500d71158db65a247affe239e8396d3e3adaf6abd2a52b48e7cc8d6260e8a
SHA512 a7bfafae299040fbd938a1460b6284c4262ec2daf0b281ba64403b6064a4dbbed62befb55b0b94c040d8e0d2680a95c112121ed297687b66c7b8add62f92ca23

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 42787149998384acbe2f4efe37dfe79c
SHA1 6c48c4db06ceb761b6009586010780ec882b2a50
SHA256 bacde24c03b402dbaf08fdbaef495293010dea3aea9144711d4c7668b43a0c89
SHA512 9e5962c799d2a69c17c1e2f93993788191ed65cfd7ecee407000c4f2e4ccb0e2075a5ea00a409d73f3f9f9065b54eae97788967229415ffac0a5692901ac1144

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 5c8191e8293566ac276dd76931aeaf9b
SHA1 a454e9309c44b8899bb4b2b81fdaaef10ad254af
SHA256 034eb6a4cee79f8bbdc4a7d6ee4cbb975f1319ac455952bc1de58f328911f555
SHA512 cc640d9680588741eb9ae24f24bbf412a76550a8e525a7e8851f20ba52e25b212d594ec515461d50c4d33e898821fa5777abd47b5393a81185282c97854a4274

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 84dbb346dbf9c144fb2b74db00ddaf71
SHA1 b30c505090bc7ce4df607a9759e944d4cf316fec
SHA256 b64e1a564b54f371c6e59b32b72f74c758c6bb2381bf8dac3e7b28c61f35c9c8
SHA512 604a39c6421acf0137560d40bd5dd3d3ae0c989fdfc9cf9d246e507a37c642c03c8fa49d781bc910c41c7bae64da732b7006eccf5cdf8bcf37719b7900cacc3d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 23dfe0e1e7cf4d07f1b3ee2bd0e18b61
SHA1 21364b907b505a6ed4f1031c11c6d4e337046949
SHA256 83f6a1c8f4ecfa018f2d0ab616fe7c60514ebb9ad4a41a5d86a6f926ac88abf5
SHA512 dc4bdc3c35b695ec6790b7e8a8921cebd2d772e91dac4a03bc084ab3f0fd138ea8436e7a74d16e2830d6ed1728fc0cdf1f981ba2f74e8d47a15366d06ec5de02

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 ae37fded1261d93154d896edf9a30530
SHA1 6e310afa45c1c142a205f20864ef2dd738f83217
SHA256 3e820dd80fb823b3f7e9241e40f00ace3354ead568ef826667710492ff120938
SHA512 98879ae0d7d81b352747bfc733667e58911265e318de702f3599293052c6f094de7122c76b7a99333adba0392580123ef4edcb2948ea67b0aa4b4b561ed516ce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 89c709e4294da4fd2e6fbc61da7e30b0
SHA1 2e5fc7aa4a847442ab99067a753257201f675071
SHA256 6d94909fcbefc6baecdb2a0e5378e5ba68460891bac90bfeea3e2ed8b18a7de0
SHA512 570c5daadaf650eab5ff9849857c810c19e1a05023293324854d8a1c16d23b41e11e46475989ae22a6ba1f08f7c0a2790ede1c4f54bceafc749a854f59f495da

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 85954bd28cc2ed74d43e383375faae1d
SHA1 775fa8297ffb2cd47c1a9aebfcfaac430e96149b
SHA256 d4d3563d0f6f8573b517dc9ffde4baa972cb91aa1acd78dfffbd86b61fa279e4
SHA512 e2114e41c9766a77a6b62404eb43496d25c6d62fcc6b07b23864c5ba8a0c71a07e0f04ea89c758ebd59dd0819c324f422db270047c135a1cff3831884e1480bb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 a627033b1807eaa4dc2f9dc026b53b45
SHA1 5a9d6b9a0a9af0cfecec7557f4c6326821b02218
SHA256 4be9fbeac1acf0315c72cc015321b7a6aa16df852120ee6034cc07e51bf3b33a
SHA512 3e09172e1e52c7ca5898d96659774168838be1ff444a62aa4cde30c6786565de8297c9c926921a7db5c000433bd3010173ec9f9d9eb3aef18db9eef12b3ffc2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 cf23c99fd18283b38a46d366918fc86c
SHA1 2c355372c73e1e0e27e5c63fcb772c603b6c9641
SHA256 a7f7c223b9d08e8552691e14c83ca0b48c97f9d0bfefa47f33c5d205ac7584f8
SHA512 b24e1e9f129b89c4a6e7f2ef745d6c7303662f9fa2175f7fb1b7f4aa065a35ac08c4c3719b03ac0e384b521b4fc8824cd6f333966c3156148adaf435f2d51bd0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 2e86df222ed0fc307d5918b617075357
SHA1 f0267f6664622ae1b1e264aa18e7654862c60bf4
SHA256 bd51d0aec097f06b2061997a35b29069d0ba072236d3d3a332a5d7b65188b6b5
SHA512 72839325af8f3e2001666f640fa327d56fca223736c1abdb8226f12eaae02e9475afec4b0c1f1bf425668ecd344a8da92af28dd9467c9e362539dff275a0b443

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 b2af3b21a3ccf66ec308df04fbadcf34
SHA1 53afedfb6952c3ebc5c32fce7a89683939c07f9e
SHA256 838e797dc5514aa0f596fb3a791c76e901fe96902e0711050dea03e02041b0c1
SHA512 5f1cfd862171ca1cc690973cc7424df754c1bdd6aa82fb47cc0be71b0e4601118a66308b2f7b32c129f70db0c45ea06ef1b07f44cd0f4d53a5dd9f1ad84d9395

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 4e7dda6a0308c69f9fb2cb2eeab858b0
SHA1 32daac43890fb3b069be8ad6d6bc1f73fed6011a
SHA256 8e86057a2dced1942525c3fc0815f9ab9393f875ac93929015ea32bc479a4515
SHA512 5fb6c5d609e7550e4d0041f5e5ab0bc96103fc02a9a65f1dec94f194bacd457884792f2d08a5d6c8ed6c3edc9bf003a45506c0e119809b4bae49dbc447e28b0b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2ef8ed8954b414f91290e0d379b02d80
SHA1 7813631ee6ba718b015ed34954e51ba63d54065a
SHA256 0acf9d5193fcc032f9bfae2ff3405c53ebd2566ee744d05a3aa1f053d45ea51f
SHA512 435d2ea9c101f2a404c87c53a10a3994b2895b2f74c2de193862f785c2735f071e528d6a2b97184ba72ce84ea12457e9a959db5073393aace273c1f875b7ab4b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 4116cfc98b62cda39115d4e09cd45c1e
SHA1 7921469749734f9a0dabb638eebae7252b2966f6
SHA256 79814379bba6d6d2e5b447a367af73262033d36fe853c263da8d41ecb514918a
SHA512 b433f31f72c028afb79826325947d22103236b26872b4dc82c3760c2029864567dd92c29e11b61e51ced62d0aadca76b8729b54a4fd235a105296e38234341cb

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 e56e04d8cfc6e5da393164b02cabdeee
SHA1 2b5b18dd211e8dff7cb283046c18c229db01cba0
SHA256 2ac84a2df613d875c3db3f186b3300ca1eeda2c1d1387f43786b27563e06be52
SHA512 38decfb8e703039324feca24054ca2a8625028d1b59fbc0a4ce8fc7cc2864f39f09120c2d592099f76e0f8a1dc5ae19a3abf3e6c2499a7623df26f3bbd8a0fc2

memory/3452-12214-0x0000000000400000-0x000000000040C000-memory.dmp