Malware Analysis Report

2025-01-18 20:28

Sample ID 241202-rw1g2axpav
Target b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118
SHA256 074b703e4832453699f19df6aa6d95b71f30e3d642ac39671fc5d771faea3ae4
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

074b703e4832453699f19df6aa6d95b71f30e3d642ac39671fc5d771faea3ae4

Threat Level: Known bad

The file b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2193) files with added filename extension

Renames multiple (2216) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 14:33

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 14:33

Reported

2024-12-02 14:35

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2216) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_neutral_b64a610f1f09f267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9fe8503f82ce60fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_14f3769400f2d3c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnin003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8726a2ef3c9e3626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_6.1.7600.16385_it-it_69b43efa2bb9b6c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..o5-codecs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff29b0518391dafe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e3dcb0ba12aa17d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_08d5d719d58c88f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_es-es_44ad0d1e3fbb046c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasriplistener_31bf3856ad364e35_6.1.7600.16385_none_57a862ff76823daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netevbda.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f0c5e35abb8c57e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx008.inf_31bf3856ad364e35_6.1.7600.16385_none_4ad9791e5ccc3974\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnod002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_136b484e80624d1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-vssapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_87e93ea72781141b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\AppCompat\Programs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10021_31bf3856ad364e35_6.1.7600.16385_none_8106387ae1c412c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a8afef97b2d29707\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\Aero\Shell\NormalColor\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fed085a403345299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.file_srv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1eb95a05b6bb189f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9e460f1ee327fb77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_72187bafbedc84c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.1.7600.16385_none_1ee66a1fe1e08c96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Savanna\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84deb0912a3c12b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-propsys.resources_31bf3856ad364e35_7.0.7600.16385_de-de_682e95a367ef6ae3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bca1b3a8d97eeaee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sendmail.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1e196194a0e8e07b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb3c621ec6fe245a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..mogrifier.resources_31bf3856ad364e35_6.1.7600.16385_it-it_785e216c5d8d1750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7acae5d4b206f7bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21025_31bf3856ad364e35_6.1.7600.16385_none_ae46ce08ffd37c33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-18.htm C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hidserv.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_81f953ad5f61ed4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_7d8982db6f41dca8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3e83f13166ac57f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4a7865ec1f5f88e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\df4cc33bfe326b259eeef086451a2528\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97530afa79f343b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d679ded0deb6e3d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep004.inf_31bf3856ad364e35_6.1.7600.16385_none_948c2353452e6ef7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-devtools.resources_31bf3856ad364e35_8.0.7600.16385_es-es_75dc53198277f079\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea5f175fcd9f97bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\pause_rest.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_84928ad75b8d6f2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmdsi.inf_31bf3856ad364e35_6.1.7600.16385_none_31d603eabdc39192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_play.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.1.7600.16385_none_8bd2a8c89bf31042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netk57a.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d23369cf2577d24a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e5ab4e59c02b40f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b7da1820a9ec721b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-fdpnp_31bf3856ad364e35_6.1.7600.16385_none_b5c56238498c08f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbxnda.inf_31bf3856ad364e35_6.1.7600.16385_none_f1c768728ab70982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe,0" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open\command C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Opiwe C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Opiwe\ = "ZBMHOQHKLIITQTL" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe"

Network

N/A

Files

memory/2424-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 5a703ae2e6deefb82cb979740399b42b
SHA1 f487db6b575be05cf13fd14ca84bd71a30d29678
SHA256 11973f804d51fb03df36d39c0d25c97c867ebd0db6d9f953fa49ac6a61b02576
SHA512 3b2853168fba54558ddf957b9b3ead44e50ef24d9ffd946acffb38f8e46373f14fa552b4e95748480570b7ec49bc6fd3fe99c8373431f7efe7e44ea0ea2e70c9

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 9e2789cc63eabe41c55080e512889d7b
SHA1 0ff28d866005509b371d354486783ff774bf19d3
SHA256 7510b755bfa40650f4cdd19229abf7c193fd753ba55b41cff65a220e262c51d4
SHA512 750432ddcfa8c2150380091a182bac7ee7571584e23e5ffaeccab315f8562613a316c626673110199659b8b484a75797200d1dcf480a2a02785306523d40a342

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 c76e5ec0e5e0e2575fb328d67f89200e
SHA1 edacd2978447c897fe7bcd38d9eed7254c127b8b
SHA256 8d68e45095a73e9a8c14e09819690819aa8844ba8e6baf4208356e1918c20936
SHA512 efb9a65c7a34cd65906e5a20386c2891d186a00ac7502a97595e95e8c2d68f223eee324584ee0adfaaa47f803390ff00b1e7bc1b55ede5513fb8785409e61295

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 6408f3f235d9c84106e9a93c57dff497
SHA1 d5631bcc84faf6ec6ad666014c526491852fb816
SHA256 0f23d5841237020fcbe597257d7c504b861109411c62ee4a7e8b06571431e38f
SHA512 b1d6d1be89de3ad904dab5e08464db7f2e184756c0c93f59c0162513bb82430ef344f495137883105afe2bf266022f9592277006a1ccba27ec3d8aacf9a0039f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 590a3143bec35fb88025206754e1c355
SHA1 11474c443711b11f1eb4fbf471d61d2e148ca878
SHA256 5a33e0512ddb89a48b03eaad36db9b787acf64081c303f2ce3041a6021ad215e
SHA512 9a374c4a50c246e9c58868fc458e53b894db8bd92d45427f23e40746af4e2d7fc09943d0344c359ffa673ef4aba918315018a05ca3c2d2581c03c9e96601234f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 15ab40700e4f8b13449bae4547d8f33d
SHA1 14195a9e4c50ba47f9d460ee9a4d33ec00c065a3
SHA256 853ae448acc2fb650bd28c62a4593e127052247610af3ce0f2b886a9550a74df
SHA512 1b64b5e7f51a3d278e01e13eee25efba8ba706d51064bd4be6f804ca82959b22256b18f2c9a9e98260b35f3626b6b3725343bb59f3b43ab49f76d6268793ed17

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a5f696013da818e95b225fb8835babce
SHA1 8a1db6834068ac709e6bf6009a4d1258401a907d
SHA256 752987daf5d7976e9f9673c8012ec63cf70d3a797df6ee2d842ce4635f7dfa89
SHA512 baf5051cd0a01ca7c4277ba6303d47f4470730b41c179a572ca353f33c94eabd5df55b56f66c40f5aff47d20a2cc41811e9408f338bdd2d07eb4611f59e8fe66

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c96b3e555b57f360712b105b8663aabf
SHA1 a8be08c3d34a3336ab232b6f5e57e021da1f1168
SHA256 a75e2a8e7fead9e2283dd4852d2c385373f72efbefb7d76b0e22e1975855f452
SHA512 b779f16c3f6ef5f441cef8bc47935bbf13e68d986795ab5310ee9863ca976bd82916303e94d00ce0f2a49c8e26c73da7baa75a9ab81ce660d3967097d50eea3c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f5242c35adae0d81e4f2af537f1a3632
SHA1 1ec5f9a6ff2114ef40548d6f80746a0740c6f574
SHA256 6f25e77a4b1cf7aa47b13b7397f1286583d45d3986235e6c85135a073e4587ea
SHA512 443d7433acd31e3af326dcfd0da664db912e730ba43f05011324d78814656372723b71bf7203f85220a686efdfa12f47782e2823a0c023cb64a7c0d51882ef94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 e1a872a94f1b4153580a97e8ca8fad0b
SHA1 6b5c5c9c7ce8c62ba34ebb70ce1bc6dae586e568
SHA256 1583c58314c1b5dd396b2b670cb0c68cc39639c345973afbc2b9fe5baf9813cf
SHA512 a4b0f24db2634605d07e4ca5d8d11166fb75f2ea0aba994ef0ecae9635d5fc903176c18e39e2aecd143aff4f2e334749152c31b30e1c6bfeb892dcea7c00b6c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 cb7fa62c190a4393493027822cf0e8c8
SHA1 11584a3acdc110f7421b0a79dcce0fb420c2af19
SHA256 1898433861d352c353ad820085f37bc934a80f8191dd93923d6181eebe90104b
SHA512 e1d9feec673610c7a5973580b21b47e07ea080630f16efbdfd4e5a3b157b4dc9ad1a991822371c182979c34034a0335aee93bffc9f09464b0d8d5ac9a3ee2834

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 afd2f85a6b8454bf941b6420fa47d17e
SHA1 38906172dede3f676aa9c2c188a98b9b73c9ca0f
SHA256 2098364590225346c8f23ba50a4399a37dafe464e1048783a78de3b757366da6
SHA512 815948ba9e24d2bbe947f69be74c647b8babb0cf9f2a8e6b406a0320f7cc31bb0c0f83161398e090d97d3eb06d957f3165e8c8b6aaafd9b26cc81208c8ac1c9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8a869c108b8c262b0f93ed31ea376fc0
SHA1 f0afb5fcb513d43dff61e8c74cf0d08c1afe30a7
SHA256 245d8c215949d6bc3d686d47e1d8139a5107340142351e30d0ebe3604bdcb984
SHA512 0ee6a35950e0573d0ab76d93c504c0cb1f854033c398436d85988b54fffd89bad90baedf95558af0a9bb2ab4db273ea12cff13907e1486603a2dda9b6673f45c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 a6deca1211cc739d2589df6796adf431
SHA1 9939a73a159f37e7dec73ce5d84dc5afcd38da47
SHA256 82b9763bd75b787774c01b3d7fe3637df136d6fea499d72dd808ecb33541430d
SHA512 a46450dc11bd7e335f5d91db7405365d01df14a7d6756d24e901ad06d356f553fa816f6e736732617997884bdb85cf69a826d227b1e96bc199f76b42b921c4c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 a9319bf4ecff77f46aad74774f99d47c
SHA1 f810f25948c2e9b5201407f286d45331de01e0eb
SHA256 411f55d21a738cdeddbf2de96fb5a107dbc9fa5afe827cbc2228600c8cbbde51
SHA512 1301ee06bbbb6e67a1c0c12a956b18e561831e5cf387c3c88c89a738d66fd32113cd2244ef6a1c3d0b5a891a26872ebee366fca5db2fdd89863001117147456f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 5e2ee12e8ce26a229b1326058ea7f3c8
SHA1 3b88b7535c82a23232f5947e2de80685d58b1a96
SHA256 a409430f39d4e470b43ac047e447551a16e250bb0553c4295981964fd0bd9f37
SHA512 e867ec8f77911d4b21a1e06d05830c6b1e5f6a464b24456259b9faed17d80642b23bb6cfd64c7fe8b4800c4fd20e38f9d1bf25e7b2bd6091ce5c119c822f5782

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 51612d65d67c58c55bd195c07dba3aec
SHA1 375f69a9d8215c5088d5088ef982bba3981813f4
SHA256 910e78c90601d8c9d99ab9870dcbfe0fe31b02f0d3ba7e7ca21b00ea4d348061
SHA512 2028647261802ec65b94fc0992b5c858d43579b5707695cdf6268eb2a880ce72d85c7c8f1430f8a8a34aa47b6266ef2745716fa1ab89375591f98c63240f44d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 44060d1f9cf8eb7463f3b053f7675343
SHA1 b0d7098805c5da3684a330c30e2b8fa966f0ec3b
SHA256 56fd5b6a5d222dafca8a191f455c7c994383ea976bf57f09c9efd77123e9ef9e
SHA512 c6d358421d5e4fce54f86d52105e3226526a7738fb9f43cafeff253caad2f70028c8c110238747fa4fcfe1c28c8c9b33bf1d54f602d909431d7ee0159ebb5404

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 83121c0c040cbb4f24e0e5f3716ecb6f
SHA1 3a20dadd99997e1ac1e7e903e5279cd77ea85ff2
SHA256 e5a0b797e443ab0f115e0ca0f80509ca6f7657d49050ab96614b8a794e9052d3
SHA512 747bf4331566ad2aeeb6710a79620278c3f310d9e0ec02b018f32675e58884809bd2228f10b806f70e3b9132f631e8cbbbcff45c155bba5311216bce6a56dd73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 efa44470124049e63449f6de51fd814a
SHA1 ee777539fbfde4f76e3c5a7494d4624f8053e710
SHA256 56d864c4d89ac249d4754d8544ff9f5f0ae08c7c9bfa3fb5636fd3c9800f9958
SHA512 3376327bb5e2b84cb69633cb547bef503612b776bf575b45f364480f014906e88c4175c6cc626e5e789289e70e0b59a785c3924dfc23da68278a759497e08850

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 76bdd2cf7335463deea14a15a2c1bb62
SHA1 7fa6bece20a56ef1dee2ebe27b7f62b00d9b408b
SHA256 89a7e284074bf0a7028a705a743973e467ba3f38b16260197d955348d7f5474b
SHA512 eeb10226a39653b60c78624d4c3a8318a899d328b0ef9ce4e2c74a4e145b1f399be6eac7b1b2bce784718f2e813dcd602ec0555616a9051f4f6ec05ef9a2835b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 e5c1fc136f789f7b653fde7499014bee
SHA1 6d50d1a46e8b31334c0fa969ba10d83fcf954581
SHA256 c5f228f3002886838cc5319033befcea22c091d0518707ee207d510a2b4fa493
SHA512 ae536025725f71a297505719f5582e5cedf54036177041565cf8f4864ff208736e22eeb53dbf68f8e3c990528d7837ac5f68bc6f79c712ac26659e8782aa5cbd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 27d308433b564e04caf5827db3c55bcc
SHA1 714f58046df439f83d5a027d0037be505e1a16b7
SHA256 d17250ae283b7fb448eea86d0e89c8606c85b799485113e8b915116dd5d3d178
SHA512 f656a31d87d8b271690242b57e506363bedbecca3092d03d4259bab6beaaee70aa9f0624be63433ad4deb236340fcbb3eeee23e6ea57d1eb942bc32ed87dca98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 e4a3096d73560cc1d45bce58b9d7b624
SHA1 95e88898dece138385a788f82da445adc85ee37e
SHA256 56db951d96a506483c9d7092962ecf9091ab054ee8a3c75023ebc7630bb9e581
SHA512 fe59f174390da9343a32952b55f05748edd01b968cd2a5c53e859a0c46f127b1b6d2af8a34a24a113906fb8127de8c75eaaf8ccd07e87461f331e04019571b59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 7d5fbbe51693be0df2f21a62e200ec9c
SHA1 9011b439275a587e6c08be3e941867fe1b735556
SHA256 dfb94dfceb4d14ea74ca800f0145c6ec58a86af07f368b2e1a546afc1672f2df
SHA512 5f5f681f5347c989a6f6a4229b18474f40337ced1839998750696cf51af7232813a0b30fcbaf5df8fd630cba5fbc9abb0f5a8e7912d6282063004b9d11c27ca6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 1b836df3eae245f08f7a221ab249dfd9
SHA1 6e446b7e2ad32ab74a6c8413c320434abe0ed8a4
SHA256 c15fa2ce43cf304857bd2646b7ee920e3211d6f2f35c9f69b936ec7a4dfa369b
SHA512 4dcf866f595a9215c60f4e35bc8dbc26250aeb23183c58d3fb409281350068d36de7de01e0aac7441ce68a424f303970cf53f79ef853f478b91d4dc673fb3c48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 66b7c037629b468a7d952d3f8dd45c5f
SHA1 deaa60a7de0c3a3d44de2f4942272f46c8ea2939
SHA256 62f711c65f0da6fd14161d32091264216573c418e910cb8b2ee6fe08dd1ecab9
SHA512 f39992e0282ce8255ecb82d9ed93539c8590052f93d7c8404d7db0adefb0f9d3af73af02aa388b541d437a93c929a172f2af491269d177c134b0d3d26dadcfe1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 5bc0e5973de177fda2dc559d854d1001
SHA1 ba9d37b08c26f7f1ef0208f79fe07d9efb4c48d3
SHA256 542584d61f2fcc8f706eec73eb0712136849b5e0c75c2ce5ef4e4f2a113fb421
SHA512 64ee1688782067d6fe568201c18cfbf930689d44668149c2bc18335ca298121298e19f0302d960bc09a8d9462ee1709cb2346db4809fea6b0e186e1fa74bf567

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 912b026c9c9dda0af13419db0e0da8f1
SHA1 f5d337f339376ff3f4c9c24ff767a70efa72f3f8
SHA256 7815c12364fd056572d0d47ffa779596596ed23044075d51ce239d4fca5bfd1c
SHA512 b8581fe010585707fb5d74c3f22dec89821d0b09c77a940324439c1304e3e5b24ec35e1360c7534045b130328bf4ebc58c9285af4e569b08e31d8df4c0d479fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 3c6777df01cdb3a264d0cc5b3eece17e
SHA1 4b2067cb8144dbb96ca2f1a3e1c1d541cfbf0735
SHA256 2a53c33c66eee58954e57a64127fdee243844412e6f98a81deadd1b9282cfa0c
SHA512 6700d02c3f18e86f89524b93574a66b33bd125a0e83df390182f387044b0c5103c49cf87e65c3f7151099060d56e0faf35615ae96d0eb33e9bd7bcd3681452e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 45249b4f4c205516db881f8528ea22d7
SHA1 02c734413be71a759bed8fbc19886b1b38d97f47
SHA256 d2c9f9011ee8946da02434c0926859d65c877b14587ca068e5e323269b31a021
SHA512 7dd22c0288c4bbaf6425f6446d1ae0918133dd2fa7cf3c87a7775d258400e3cb554392457e40c1ab6f0d2bb551b8d060cb9540ed813abe337192b77a7ad0ccfe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 56d36a26afd032b979a0b29873464e8d
SHA1 375652de0bd32dff0ce617454e23996bf1eea733
SHA256 c991f2688ec16658c56b60afe0aab793bc93362888d5f8993ee9f0b969650b56
SHA512 7ae4379c2b9cbb3537a753dc4ecda66f3e5567b3c91089e16553dbc7a8bf46fb08200b7d8af86a47afd218e15ce2245e1d2d61463743e98765063015563e1c46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 aa3cecd336103b63961d43f8383610a3
SHA1 5d71e00e093c890748ecf869d6789c6bbd765435
SHA256 6d353f1025276b0dbe5861fb98e9ffdc07cfd346e4155fce61176880d1db43f7
SHA512 b90e442e007547d7cb2537dae6162dd842dee650b0cc4abacc2d7f254cf4a571353cdff7f0e65eb07c5aa0c01ed23845c6f09512a7861758b1a6828b7eb4c112

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 294b22339ef186370545a57523328b2d
SHA1 de633b3cb3a07965c4df6812c5963a38c3c15a02
SHA256 50245c5871b94a558e9ac7c58a73f1e722263cdb394325fe2e2f610d0421f90c
SHA512 d71e0924a087ffddeb5142cc8f3f2bcdb517b5d0d5557f9a669470b81cd5cb459bff9315b4869d9a8e147f44ea720396608fc28ee352bb2616df8830d263712a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 6ece7622d7b7c65a309f61ae3956fc51
SHA1 9e8141ad9d205b9d787e7f6a6ce03a22724365e6
SHA256 20bc05a72908e03c374f5deb52b1745158d096cd40185fce6efc2a53ac56f158
SHA512 03dd4c8ec31fedecb2510fc5f9d355e340c194bfb6241541804fd62fde18e4c5a7a20d34e0c81e02fe8a3402b6c097d8672df84caa471285d378239e59b5b25b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 4db86b764f417a9abe49b56a014a0c93
SHA1 624750e733c4fb9c2d49c737d4fa6bf22ce93c4a
SHA256 470cc06b35357f733ee0a6a3b481c2dd53c258f4cddc0bd04582f4589339f3fe
SHA512 ca115019565841c59ee2e3ad25b2db0811b459a6522ce9a512cb812a58ec07b535c38ac9ad075ac3f20ccafa7390f01261938997f2a9581cc9d4992a7846def3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 0cf75605e2bba30310731986f6dc16a6
SHA1 6bdc09e02e0b9e78c07116666ebea3c6d1da2a4a
SHA256 3b49713b14a3185de7fc99bc209f596e55ace362ea7f9204d09ef8273f56b387
SHA512 efacd77061cad5f2e912be054a999470bc8617497ee0d511e0065ee87beccf7f41613ad14d489bdddc41d74fecc8dd98c41b0c7f5b27e5b84f1cd1a96e847cde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 6174cc748a6027e59852aec5f02b9f86
SHA1 d1c86cfb51be4ad9a43a7d346c4b1d1cfd3b74c6
SHA256 8fb3bad2f2d2b6df19b8e723a05435bdde970e8e6c9974a93176890efa51ebc2
SHA512 d82d9679ab706eff52c75ee67298dac02434c5db7b2814647579646c2ed505d3b055a02bd289e174f8db2e35b1bb0dae6a0ce490410ec89179f932decc8e2ea7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 cbae0a4b7e1fdba1154ce8696a95e575
SHA1 aab78d67d33283315e74858610cbb5fd820abd5f
SHA256 444fce372b2abf947bf11a8ee18fd7b95f90168586925e0f5cc104eadb6fd4c6
SHA512 2bc227fe0941da68d66bbddcded4240ccfadc05cc869988c72c9c0aa1a1ef758d004f835d729915096c8afd233eccb00986e0ea8f7798a5627fdcc3f138f53a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 8ad6ce4f9a13c97d4ba07f659df51904
SHA1 b9bf9212a48e07dfb5cdde96c5ef8059ef5b4217
SHA256 3bc7b4df3d5aa971191d4efe347aad6e4abe3bf65af415f075e0fb2ff37736e7
SHA512 e59efe2bc354e30c97146ac128184ff7cda64bb6a6a66be14decf4f2675cadd32bd30c6cd7df1871a8fc91d60ab0127589936e454bf382c4e2a2678e3b1a4726

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ecc2933d4040a7b8359af2f8b9f53cf2
SHA1 9629fc5ade83f7de018e51359fb8297b34e52ba9
SHA256 41ed054e137aaced1529c8f7aafafffe7711c8329d787b271cc43fdc66b85190
SHA512 a0f2eb50afd9331333feb068bd33cc118320f2c375dd74902ce9698505195cb4fe8d119d34c903a424a0e998a697c0b9a70b673523037578ca3189e05f657451

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 e0c157d6b5c1336752542a29bca3ef1b
SHA1 ff7004ae68ed451344282eb7a117032f9e857d07
SHA256 7687772e72fa8685cc1bd93b5c41da8be9c75f54c60bb50a67d46ef58b727594
SHA512 2df7edff297efa774b6a2499fa14be43f3c0bc97d309cfdde30c45dbd33857996ffeb4f5da659520065c318ba84f1b9c6e801ec728f2c3dc1682cb9eceed0b99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 797ff420874d0031f14b42a58ca4d064
SHA1 5a76a1eac8e41a2fbed824046b0ce4218d27c113
SHA256 ea9953c6ba2441815de9beb759d83ed2bef2deae74179713102995fbf730200b
SHA512 4bfa60d998652a20b2e8db2b408c243e36b86078baf1c1808f21cd578550007083516c34452e982ef038d32edba4bb34ccc0f5f3f898a3e3e38ab4284c01d22c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 fab4e1216a3196e847ceb4a3e5e412af
SHA1 c68629bed0a7f19571858b2f9097d078727e50a6
SHA256 b197f0634312fe471ca2c80531343655a9460dc22e9aedb4a195541eaa40e68f
SHA512 70809e6874375edb8cd2f3e08915c587a4ca6ee2df27a4c1c1285e0960ddd29aefa85990c49dbb77449822bd5d1861e370148f37b29dfbfa0c1b098ab3a9b25e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 fac07457c03aadd5c240aba6fe37b5bc
SHA1 1d91d867e18b4e8ef9430ef67bacc77f323c53c9
SHA256 5aafaa3a898bd68117d93a38cec88491ee773d2f5a0c6d8a0435b961c342b33b
SHA512 ab60cdc48eb676bc0e5ffad7926681bdbf9e3c7c373d5a4970d6a6390cd24e0e07a69a7a2e74c5526df655f86ef4b57f7d8211ecf151c46d0441437f208cba71

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 a4305b4d793544886b3f1a9c18fc8f37
SHA1 4ae30eccb8d42025872c9318f163a936f69e8f64
SHA256 86c1fbc6300b02a1233dbf348275d6c1cd63df66e1ccdf7859e8e6ce1db2d1f7
SHA512 06bbf1b18d391b4c85e48953a690e41e02b275b9960654d2a3d6171a03cb8922e0bafaa2609c9952dde9de19abe21bbffb6e28a40328399ea200674532e734a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 ee9395bbd1f04e7760532226a3231cf8
SHA1 62bc2d1197ab35c49f7e23738203279b5890796b
SHA256 fc1e810e622cecef6fd34f5421d99ec2cd4f375718fda03f0f8321e50ef83fa4
SHA512 b5fc1cb55a2ff4299c7a50b8b60e06a5df9a5703faea32ad72948b3791a3b0edf0d474bc2245e158467d5f4f9a67edc6372c032d4f063466d2f60a9f2b24bdd6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 d14ebc1fb89a1cb87e87c6de76fc151b
SHA1 1377960b2d604289140ab5261b95f2c89408d03a
SHA256 7889483b0ff4c7a7ffeb289e7b16a0bccbc3d7cc3f628774643a8caf44c3793e
SHA512 912ff4930633872e99dd6b7ad61a23b4e97deb9a42d794af9a48fbb7bd8e83ad2608b0af5812507b5909fca9673c67f12cfeade8e01190fd29b0b7bf32f919b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 872dcffc35951209ab4b4d19cf46e3be
SHA1 23754d4313d527a7d953a018f47ae24e1375efe7
SHA256 81ec5b2d7cddc79cc0ebc409c8e39b9e2a9bd884106f710f0511f81847598b52
SHA512 45607b8ca18ffdf46ebff692affb9f0c934b4619f4e85c5f4260feacb5ce5404eba556de12fe32655e6b657e5abf441a4a87d81dbfbd0639c8b88b7577300e15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 28ba2f8bf3f0892ee65c129a8213f4a3
SHA1 4a25fd661c9a1bace561bc94ec71dcb4c39daa33
SHA256 fe6fd86ce39e78d194c3d97c5c2b04ff46c459066aeeee6a3a4a9fa1dd156190
SHA512 4d376ccb86e0b5e589da7f2f97f9f2917ab513821831ba49d3316f96c7d6030cf1fc9b5dbb808a8e09fb1eae6ad46557982ca93ea4e0806c6981ff71c2bec3a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 26bd6667e578e6b99b1244ac89838472
SHA1 40f141669c51dd03d3264ef43887161b38cadf0c
SHA256 605f78431cf6f838c57b4de6a5c1102542ee3620c0ae9de4c4049c1f25617c59
SHA512 73548657d6a832e25d11c007316065713db4260cb602d537d7d068684cbd425a5eb129450ae6593a5167c13a08d5654a2d4f12f8113c10516655603961fbe974

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 c3515b9fd8177bd62f387e89be065d0f
SHA1 74b62d662944a884834a0fe49bc2340dac3a5983
SHA256 30afe50a430ca422d8d394d018fce09f7907b4de6a6a9c527235c88d93751782
SHA512 41b191b4e855b17395e241790b85f29409c659226a1db5ca79ac2e3d3d64648e90ebb2682885b6bdde5f74208c59c7ddbb028e6933940cde44a7dcb0974ba1b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e28728727c714580cc4053fe98910ce2
SHA1 6bb46ad194dd1ef9af8bc18d3bc60ca5d5133537
SHA256 0acebc66c6a600f2292f6e1926ec8f14e8a10ac020d7ffc0447ebf3eacf989db
SHA512 7789a1110daabf7195ee2e03af103402d9e1ab2356af7da57c17def45f19692a428874921dccd7b1a2b9783f018ec07ff2fa0174f6e9724a7e4d97df26856a40

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 f4d76a4bba28399c8445aaf99e8ef65b
SHA1 0c71fe48690f1c2e2aabe151e15f1798c8a2e640
SHA256 3ff8789862e1c09f2961a950fda40d0de52b22933c315e264d4ea2bb36ec365c
SHA512 d9d8a41f907b1ff05a28028cf373352776b3ae444eb7a57c2ac7b3274e72c58d3c9bf681750b858bcc7459ccdedf94d62ad796fbfd1d9da6a7002296d431adfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 aa92cc210c6255301491a4fb39cbfdd2
SHA1 a5bf367bf7d88808dd01596f31fc40df0138057e
SHA256 ffd1d6aaa5f2ff4b918f6513287bc6521115a4d953856a73304746c7813e3630
SHA512 4ecd63faefbef37f1b248d1dec399ea4882663a4dc28184ca6542dd804666aaf2e799d3d76a516ca091a61921d48794edbef08f834a8311905c1f2fe92b1eed1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 87572ff31846811e2b3c0c124af7eb26
SHA1 5ce7139a7dc731436fd6c51409b74773b9c97e38
SHA256 486b2a9dd995d06346b3c86afa69b4102f3e5bbb3a49563fbc9b32a626c67681
SHA512 8a875277116ab71b80eedaa4dfda9cce7905ab47ce0f1dba05916aa39201506a043bcb511edb6d17b9bd04b44bbbee7dd98e97a366e5378f7e78a2b7b7eccd9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 6aa8cc47094ed7a56c5c49ee1532fc39
SHA1 b8d351ee9a9847372bce1ca4583be1b50926c057
SHA256 79ce2748157ce2164ff86ba1fafed5c5b0aa9392a75f05ff6f15c7f23c6b9928
SHA512 dfb9aa68d9f63995fa671a2355dcabdcb9cdee6cacadae51a0508f7a9ef83f66ad6a6a4edaa84fc907bea6e9e8b4079d684fbca83175e2ac20b6a0eb6dd92c69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 b3c5db48657daab0691717c33610e08a
SHA1 f341984996bf6115e6ac705b1e86b04a9081effe
SHA256 080e6aa6ce1e87f0462d753d3eed7c3d876ddc24321d6dc35d8107e36fbaab36
SHA512 6f714d52c6b7c72b2afc52a811c7112e77907ab17b2ec9499cbfa5b0cc235c5d712f66d27fe9a7782be68bdd617d4525614a445b887b5ab0a72ac1f06c29ef59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f55dbc07c2c3e9848211097985f614d1
SHA1 95a4c117685eccb252e8c2be542c29934491eaf0
SHA256 715b89d3210e75505cb589229150e3e3e7cec2e87ec14930dc6c2534ba068bde
SHA512 ce959662074eb3d5a6a6f696757f812eb707ea556574a9dee59e848f043ae2a543a88a42c3970cc44c362426bb12d4d08537e15d2a47062701998509b3138622

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 b386172a60a7711f86d68639972c4534
SHA1 9845331edcfe34261a2f740af281d7684107443c
SHA256 7616811150ff89e3256a7170f327770574d637ca2621fb55ebcdf660e196000e
SHA512 4c2dfdb477d3987aef76b67f9a142f9a3eaa50687e44517c7c20fd8e8f9a66fd6310b2ec3149b0924799f3e74e82fa7ca6108ae4b74841eb741cbf1db6a0ba36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 2f124d930f11263b567f720ffa92e443
SHA1 9340ead27c233056fbae180eb135926ba445707f
SHA256 84a4a5e635c3f0880f80b1a474b9b601031eee47179600be6beb4d0fcccb8d08
SHA512 576ca475d74bb3b16f4ac8189864800d447421479abad9bb1113b1c2c8a223f611e9b87794534f1dead323f4dd0c44ad5d34f2336021df0fd5561153cfa4c57d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 1bbcd6c6825d06127f332d9928c4a3b1
SHA1 fb87c1890171dfe0b3bea8750aa1abc4e06f56d6
SHA256 01df4f628f5af1e1a5424e8f3a3dc9d7de8be19b0bedcd669f6fc0840916e98d
SHA512 1b54438a4e545e44d941e566de784510d8026c059f0cd66c0fbafe87d695c33f257445bd8e06ecaa6e26e7ed9b419bd444cb1d95f9aae0e6c429f6f086505ed6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 0f035c55cbffb9bc88cfc4d1dc622713
SHA1 d11fc0cfda48332cdd8baf6dbfe056e6053ee7c1
SHA256 26e96eb5ce65ce2a1d4139faf615a4bedf0d58c4122a2d0038f411e8b39ab28a
SHA512 2a5727eddc0d1d3ca8a0520ad75b237087e0e6018840b8ef122701d92dee9760eeb44ee01a73bce2d8af8a0e420c7a64be2939b474311608863c0f889ddc834c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 08b299e1d02478150aac83d6711dbc85
SHA1 f9105f333b5c0bcdfd4e101f959796401cb31f0a
SHA256 da5b49721c83ed481f8a60103bafe4e15b8f63ddd12e9f719d3c7b97a2900e62
SHA512 440e1ef6b6874fef8de51671cef2469d34253fa6ec8e225a447c1fa08c1b35cca09b55f652021ab1f1d3b35f9807de0d9d383b336edd20a83adc1de3f5b92a4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 cd7acfb646da0155a5fd486b551e91aa
SHA1 905e7abb58b7a5cdb65bd335e0936a7f8670d35d
SHA256 228165ceab8765e7d2749d644fb69fcdf1d3adc8590af57cb26e56d93db906c0
SHA512 564ba5e05cedde9a94915559617753f11dba758e9a2b9524d14c5ce9261aa04773f0fc513644da48168582c881ef8a9f693cdf1ab52f0a8e5acfc7c18d8a5bce

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 5fbf735eb38ef2618c16829cfb9bde88
SHA1 614a9442eeca382450b3ab5928533facc6c5c5e8
SHA256 05b73b3ecb380072ebc458d20f15ae26e220f9358007dc42adf9d0570247888a
SHA512 d60bbbea5c69340af68ed382d8cd4e1dbc9ca6bc26c3b849a175285bbc45d6161c3eb9d9a2f13b9bf80bfa0dd7e2ad081e730a71b7af2a08a746234155dcf259

memory/2424-7379-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2424-7377-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fbebe17fe31f2dc8a645dabc9c976c69
SHA1 b26e3ef16ef8dc2d13001f7505571672761d90ba
SHA256 c51ad52f3667b8364da9dcfa96793bcfe3fe284ec75d8c2dd695e43fb3879b15
SHA512 ec5ead08322bd5cc65bdfef77ac9d68341b51be1a40709dd541434b240aeeef8559e2100996e00072e44ce1b430d9861a9ac29416902d86f67963e7fdb8b1ca1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 eecc7041cfa333012c1607bb73a0c66a
SHA1 d3e30c0e4d4079a3f3fc162eda1a1548fa6cfef8
SHA256 82aeab79eca6a952bfc7920b66350492644990eca4d8e3a8964f7ed777dd5779
SHA512 9a8ed27deb1499cb0b24b92e138833ea8c36dd0ae35e336bdd114230b2bc19db399262188d6b8a63efb2e866b8833efbc9ec4c77f094cc04b14218ac802684bf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d449642291b179259b5e294067d835c6
SHA1 7e52e4928402e67e5ac2199549fb32ea9522db6f
SHA256 c6ebecb43d192ee0c6a1e4399ddfd37ab6a071c41ddaa1ae7d0f69d8e4c1f887
SHA512 b9904a9ef94fe67607bbff530c2ea296a45f3469f6d61c61890cbc4b19e5cf96a4b9a155559246d4c0b771ed053e11bf2d75d11bc615ab75ae6bafc6955693dd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d2c0e5dd62843253272e90ba33df8185
SHA1 238d28920a3465fd5033fa2b547a83e1e148f0c3
SHA256 776e88a8b28bad5e0bef832d855a9565a5134f4ed0041610d3fc2fe31cc6d76d
SHA512 3a8a11b42224a9d8448d54f8aee7e515c2ec58ac0efc2dbb279518d1100b19402ebc409ea9aa222444e8abbf2ea186cefb0f308e38c0c2ff3cd6e8b7e953b566

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 17ad67d1985501e94cec6394f4a21dc2
SHA1 abf3344c96ab288efda68b3eb997d8651dcdbc39
SHA256 f75b142053ee21200d70dd683ef085e1b078ae3cc546168ae3dcb3789f87b951
SHA512 757b4734ebbfb6aa63e0cc97c6475a848c556c96d0dd7db81545c84d1af617c6c0bf670d8cb8d5948a1ed9e9e7d7f2f134b78e0b7c6b52bea1061ac2bed3b06a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 5f3f91c680b6f633c953c31605831fe2
SHA1 5430d91cf3a29de734f4c115107fcca9922322b5
SHA256 b4bccbdf1afe96012a2674ea5b52d46eb89d5b442f845ce9bd0e5a7e5cc97779
SHA512 2d0a9f4cc422eca4596e4de95d8f0f4a896dc09da7c5083507b90460b80ce9b8d0c41ea1b0bdda77d4dfb26e0a04d4a3886652b2390649fac70b3f105b0424ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 44b54b71ebec5e1480f791f8b46fce60
SHA1 8852c17e1ef60d094718b4e9a4c9b6e2bdebecc3
SHA256 faa4f9e5f1523152b55759c277c356a687a38fba6ce033362877cbf7a7ff1a97
SHA512 77a61d499e8fdd958a2dad95ce5f5d11e3a448dc12983072bb9abd5626ceedc42193b425d1cfe40ffd1cce2577461885aff7baf017922408f365c93c9ba599b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 86d24fe196c45b536d8b90986abb9773
SHA1 cb6a3da11af882e9e9aaa236c68d064401fdd51a
SHA256 fc683f28079f16333a5cacf59dde8c237c3ea524a1bfc8075c07231a0e05d4ab
SHA512 43f6e9001316d19f53e24d8b8a09019bde0071a1e7808127cef63465a403bfc1bf83b84355f140e943b90fb7732c212d09e184c506b2d4e46656b936f700e310

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7b0e540a7d6d5e120f48f6e9acf1f40b
SHA1 a6ab8cb52d2bbc8c03e1bd2203458cc3b2de25df
SHA256 b85349b7b3e634f9e8254d5d1b60a3b274a7e563c523dfea4479644bb8d82624
SHA512 6ef9f39b4f4b4be2060b13cce89af4928c338bcfc0cc82beb5817494523bfcdfe0ec31f6b0293e8f5400ea3e2f3b09f192d0b09f5355e1cf1aa74658d0ad3117

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 cb95644b2ac229d8cc81966ac8e73e94
SHA1 1dbc2a74e222d7db43ed01a708fcbe075a667a3e
SHA256 eb07a9e5b1316a77387b06bdab222d8015b14fbdee5ecc70e636354f4666537f
SHA512 5043c8b4c635a65a582ed7fb7d3416841b6a6ffee9026474a207f41556162048856a250269c264ec630bb63cb1635c842693422472a28666ce185c4311f815a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 8f5f70446c4ef773e5f9747a5fe81e60
SHA1 60e09fab6b56307c7de57f35cf0f9e639bbefcf3
SHA256 8dbab18f3aef912cb1ff70557c07356d0004d4990b5a42cfd386fc15de3a36cc
SHA512 c35b2e2a5845b7858522cd7611a81ee4541899fd47de48db408074591999a9503d40951c1722ebd952fd639f7028822b2f77398d9b6c90305423c68f1c0d74b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 df1b80dc937584ef39aca206f36ebe0c
SHA1 63ddb17169c3c47b9e0aa10d84db76d1ce4d2e6a
SHA256 ba93f63b5675a0050a6912963eb7d833e3b46e01723d1cf023f396ff06322493
SHA512 5f0b64dda5163c6058bce3168f89227af20a2cc5ee5e2871c47cd454c03fbfb97d1a481e1df4fa2ac9428d49cea818840a136aa32f6bbc73eee60e6811845933

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 5792a608b1320f18a85bcba5779c65f6
SHA1 dfde1b3970643a9a6b5e2bf06112c26615760e6b
SHA256 3096a66859b2b9c0ff250d867011464ba7a3f73ab2be4784d71910b70c8c6150
SHA512 81bb26eab77e58b895799ca3d78e53dadf896b5fc54c6c3954a2c1d75c854ee5fea7e0e43b0a8d54e8627130b5edcdf1534a4c40e417f0431a5740c1d1300162

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0a64a973bc55ffd02c7c5d8b84dddd21
SHA1 49e96b981a637167d38f6ddfd58ee4049827dfb5
SHA256 1e31057dfe6d1b410cc2a9ea1354bbd079927bcb4ce27058bc5a9f80abe80c18
SHA512 7736f9f121a9a61926b12404189b1b9b17aaca834ea011fd811b6e1e9aa34f0ad9671c10e1acd61d79123925350b1ff9f5e652b4d485a320a611429de550a50f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b92e8e6355a7f4321ec412dd07a337b4
SHA1 81e2cebb30fa69e85dc6496fbc2e387f1116bfea
SHA256 03740453540a5a7876c57e88303669ac8f4f3cc700e04d34a6387b09bd18aa9a
SHA512 9113ffa558f8c96cf48e4a3ef73b513dadd471b7d5e3f1874afbf772dc94c9715311ed3ef8e2c57a35aab3852625dc9c086de35fa96f5b1301fdd81c1ee77a64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 5e97dac33f223ea9bc02f32e015fe223
SHA1 0883317ce1162e863c5c6fa76f4a27afbc981651
SHA256 6c951fe2536bda8c5a0051d7e4b14a3542a3d946232f54ed01adff7361a9480c
SHA512 079cf36716fb742d96d9031a7be637e2a3d448bd9bf2dc56de8c76cfe6a2420e7601d307e5dcaf97999a4312872a52b078b17178f142b0ba83e7707ac6317400

memory/2424-9129-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2424-9130-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2424-9131-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2424-9132-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-02 14:33

Reported

2024-12-02 14:35

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mlx4_bus.inf_amd64_4c426f3bebc68844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mssmbios.inf_amd64_9fc7fe03de136fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EMLAttachmentIcon.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp_2x.gif C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCacheMini.scale-100.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Undo.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8041_32x32x32.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\DeleteToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_netfx4-system_tlb_b03f5f7f11d50a3a_4.0.15805.0_none_0ee0a655825025df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_76fa6c1a5ef15070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Handles\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ardwareid.resources_31bf3856ad364e35_10.0.19041.1_de-de_a11036a555024017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\ScheduleTime_80.contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_58cca18088e0d26d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_10.0.19041.1_de-de_1fccf3eba67188f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\servicing\Editions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_eventviewersettings.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7bf34831f087e546\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..a-casting-shell-ext_31bf3856ad364e35_10.0.19041.746_none_adf410174fcf3c9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvmbus.inf_31bf3856ad364e35_10.0.19041.1110_none_94fdd5ffe5705b27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.19041.746_none_790f12933fbf7e0d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-pal-desktop_31bf3856ad364e35_10.0.19041.746_none_5e23c447e8e02002\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\YourPhoneCallingToast.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-c..legacyole.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_36231f33b8ac6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-execmodel-client_31bf3856ad364e35_10.0.19041.264_none_ffa6227bb8c0a3e9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2b75906a53c9a6be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..stencemigration-net_31bf3856ad364e35_10.0.19041.746_none_89aa0cabfa869245\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_a9a24df6f5d795a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.certifica..s.pkiclient.cmdlets_31bf3856ad364e35_10.0.19041.746_none_6ff5291e6a0cd6ac\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_it-it_fb8bfccf8b2c5c47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfplat.resources_31bf3856ad364e35_10.0.19041.1_es-es_ba98ab56d5cc48bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ry-events-container_31bf3856ad364e35_10.0.19041.1_none_22ebbcab228602a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms_31bf3856ad364e35_10.0.19041.1_none_fdc3c32153adba41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mup.resources_31bf3856ad364e35_10.0.19041.1_it-it_22f02320409b54f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.0.19041.1_it-it_706b403826ef5bbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bth.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_9b27883de33f4d2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.153_none_e95531bdadf3df5c\DMR_120.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmssystemtab.resources_31bf3856ad364e35_10.0.19041.1_it-it_c590ddf77e4dcb76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_10.0.19041.546_none_5cab63307361e177\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\SendPhone.scale-200.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindowssys..re-events.resources_31bf3856ad364e35_10.0.19041.1_en-us_7cabbeda2f8a15a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_10.0.19041.1_en-us_f80b5bb9f3828875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlane.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_1f2e3a639637de3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tprov-dll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6e5045b9eb3e4cb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-webauthui_31bf3856ad364e35_10.0.19041.746_none_cdc08596bbdf4c8e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_10.0.19041.1_none_c7d420561bb7f221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-idctrls.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aef5d19b58706045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel-appcore_31bf3856ad364e35_10.0.19041.1_none_8166005f4d2d63db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lua-filevirtualization_31bf3856ad364e35_10.0.19041.867_none_45c5d1f803793e51\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..orage-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_7aff5c30fa09b153\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..iacontrol.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dba8df39ba03b2f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars36.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b77f4dc3a1a5900\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-passport-adm_31bf3856ad364e35_10.0.19041.1202_none_b31c5934486d66bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..d-keyboardfilterwmi_31bf3856ad364e35_10.0.19041.844_none_44b58b160c46a44c\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmgl008.inf_31bf3856ad364e35_10.0.19041.1_none_ffaa556d02508b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\deleteAll.png C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_167169796afde604\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_audioendpoint.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_799f1951b480b6a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e80a45bcb6105a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.managemen..imcmdlets.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bbdbc29ae850c061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1_es-es_7a4ff18fb0b9c71d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\IrisService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Media\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Opiwe C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe,0" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open\command C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZBMHOQHKLIITQTL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H8PvUr149gbK0x3.exe" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Opiwe\ = "ZBMHOQHKLIITQTL" C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ae8229c6b527ebbddbcc2b65b1de80_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/4928-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 5a703ae2e6deefb82cb979740399b42b
SHA1 f487db6b575be05cf13fd14ca84bd71a30d29678
SHA256 11973f804d51fb03df36d39c0d25c97c867ebd0db6d9f953fa49ac6a61b02576
SHA512 3b2853168fba54558ddf957b9b3ead44e50ef24d9ffd946acffb38f8e46373f14fa552b4e95748480570b7ec49bc6fd3fe99c8373431f7efe7e44ea0ea2e70c9

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 9e2789cc63eabe41c55080e512889d7b
SHA1 0ff28d866005509b371d354486783ff774bf19d3
SHA256 7510b755bfa40650f4cdd19229abf7c193fd753ba55b41cff65a220e262c51d4
SHA512 750432ddcfa8c2150380091a182bac7ee7571584e23e5ffaeccab315f8562613a316c626673110199659b8b484a75797200d1dcf480a2a02785306523d40a342

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 bbde966b2157f4f83f3ec2f453b11549
SHA1 cfca9fcf0103595cfd123ab1c917719c7d495ac8
SHA256 c4e317d6b8fc627afdd5422e5bd59347bbe1acd66be175a2a7ba381650997803
SHA512 1b05dd1639874e0ce8f1fae18e3b34adeb7f815d3d19c720a4fbd5dfb88a7b415cc236aa05341d7ea4a8d06a847e494f90e6c4cc8838e31f90270219992358e9

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 b9e8003404349f9c8e794e6396c7c538
SHA1 5b3a12396088571f87680dbd1663f6f34fc9c74a
SHA256 428e5988359a26da4dfc40b405a6615b16e99a06093c100bfd4d75a2491e330c
SHA512 c646d2bf8000ae6abf69f0ad788ce7502fcc12c8f8aff07b0430fbc6fb2a48587c6ea1c8ec8d7f7c06d90815b3121a1fe5d5cc94d709a62ef40342e904bd472d

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 9a52729c78a6f76bd0e33deabc620980
SHA1 27d5e8e4e9363cacd66be1ff8bc4ce85acdc58c6
SHA256 325ee9831c9764a25f547a1208ecac23bec01e0843339440934ed6895f949ba4
SHA512 8e50fccf3912445fd52b8c74f0f195c9e50515ec869eea8791885f8633a9f3cdefb80494665606a4b01a4f41cb963a19cbf8128616394813dd9c25908d9c5aae

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 59b1394dbb69fb2313865f6e94b2bef6
SHA1 9655eec2eca796eb97eddb0d058a1404437f5d95
SHA256 6618214f4379633a038bc38e7c55daab509c8f71c22f338cd53b89c06340c99f
SHA512 cb210b991b5300678e726ceb19e481b0cac14966e73f647433396896aa99ba0fdd881ac5a43d85a8b7e7ee307a01b0be627fa076b3851d24ee671635f692c082

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0fef2abadabab756b53f7702f5122bf3
SHA1 a8bbb41ad022973c26a5a5ca2797c42565965195
SHA256 09c816581e8a6769f77aeef8440ea6585dfe351119c9212a73d41f4a78812784
SHA512 7ef0c5076d160e2923e37b759c1f9138d6fb8030ef2d5f0e310adca5c58c3071310a523489c2a0b284ffc63a8acab5acf9fde11a26a0705c2f3a105fbf27b349

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 11408c4feba119c0ee1561e1af2f22fb
SHA1 6a39cb09af12cea830ba746bacfd4e6a4eb3d83b
SHA256 f6e79c6b326eae46dd4e4f08eb13c687846a38797c2b06d1a16c6c4dddb5989d
SHA512 c503d3ebec416e9bfefdb244d1cfefc5d8d1e405161eb7245021eb258b4343c08e33122f42c0b68eadc17c154cd4cf8197a070d9bb5ad2cadd603a5a5912590d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 4be1ae310edf49d164f9b8d0b86f46cc
SHA1 dd8c1a74f3c2ab27775635e4613637bfb9cd97de
SHA256 0f5edb54d9d21563371345c7b1a07b17c1db0cc555683794eb5ce96baaee2da2
SHA512 f8788a5b715a5416536e73e098b2e6d65c2131a6e5b3f739f4a8be96a83a45d784a0dbe0b87782247485ebff03026a7a7016b266b2d903b78e7c3f6f7c68d767

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 3486fae8a3322ecf13dbe081da93828f
SHA1 1405d22945ff4f30bad00fbba0b5d9b20f6fcbc8
SHA256 104ca0e24c04da5e5709a14431d5c07e9743dbc99f9a7a358c91f67d37c74622
SHA512 3886692f33e4dc7b95b556ea5b6e5c54f0dfcec5230ea2a501dab74a9dcf25f3eeed88f5d02210b8d9c8c9745657e910d2b3fd518d56d772ad545fb5682e8af3

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 2293d001496918d747142a601f8be9d8
SHA1 6be1a66bc50b3682cad9262c06ee710862732c3c
SHA256 e4e8fb8b8d122bb51a4ffc2cedbd3757287fb245c18d20213198dfaf05cea504
SHA512 bd31a0176ccba502016f31401790d4a4b52016d0b1918672df6175a47df2762bb69d5a5582fc4998bc89cb86e4d5c2cba6d55d434de06a145ae4004a39be893a

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 63d3fee19207fff8d2504a4732e37cb5
SHA1 bc814063daec17aa15e9f72536e47a4dd7c193e3
SHA256 db0c47e0553e2bd950704760af2146b4386925b0e80335a15d322a128d737fc2
SHA512 0eb16f9689bdd8bcc5a3f5abf15b426ccc66bcbb7db3bd6b770f09f499927fc4facc087403fb9077787dd7fd53ae7b01a667dd0fe5fa7e794523f304e8f1a1a3

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 c3d08eb61e833fc866dd0b6cc92d99ec
SHA1 18b13894aabddc1b66f631f748ddba8084e05469
SHA256 2ec1cdb169584320aced5d7fa1925634fdee116db15de3f2833fdf93716d229b
SHA512 843e7ac80747e10653a51865bc81de09ff26957ac688f3de0618f811e8af90c20a433e1bfab84983930b3b3673474c8dc63dfa7f90b024ab40187ac866f7843b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 678385d3e1d79ab40e4f25b6ddd738d8
SHA1 653299ad3919d20918d299265731d0d5c3131b67
SHA256 171ca735e8255b2d46f5a8daaac0c378de25f77fa1b590a55e07a03cefae8eda
SHA512 2b2effa365ed548a2102f6157e6ebdb78e23b98e7b646d7da1f3402beebc8e8e073ed7f5f2391f5c64be709a21516d692555b9305e08300a7f4f25a6c97322b4

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 b402cbea8936d2f6dffeeff219734c00
SHA1 6b279be60220e44b81931789ff05ddfdfaa95a2a
SHA256 ef57790fa9b3c5e49d78b45f1961c23e33af2bbc2b217da1e6af42aebfd9737b
SHA512 df1c3a54f7ba364a804d32555d051bd75c7e38fff1e464ac840f61628951ada9a4f1b7515bc0efba828a8a3c79d6bb671d5f43181468a980e078df8132c80777

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 9aa6a46c4d7c96fdbb63f1c43bf398d9
SHA1 dd65384ba76c934f483cf9f6fa96cea13c4eaf73
SHA256 bb98e5a326801a89b1f214c46ff051adfb92ceb64b1c45de08b5e5c71a6c9ebe
SHA512 4868a11e058655efb7a92d8bace4bb08e9010624c9b29a6938bf9fe742587cff204752874bb5eb48a8ccc30c9a37db38775458e6f207d4c7fbaa82d4a2323056

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c0ab2dc684f93c23372d5be237818afc
SHA1 f2803dfcbc143c07c6820e75b8332242df9e5e18
SHA256 8e2634ccdc64b3af3f5068ffffcbf017786e808ec2d7eaf6ec95ab18e0a884fb
SHA512 a3643109c9239ff11fe5e6c501d6ddf67943652c2c125742aa67387f213b8c509bc0c68534fdc24f5b9e5256d1573a61336635045d69e6ea20f9bfe0714bdc47

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4ed8b212d133d899cebbd62cb178f7b5
SHA1 1ae28e244fd034184d61b64f817fb9083c4d9ee2
SHA256 b5dc2f46155a79dbeb5f813e8872e5b666845f67a47d85e6ed5d400a0eb19a1f
SHA512 21374ba072c3fedbd23878a3d8325e6f0a48f23ec5d3b0887de484a6fba6a780fcaa7ed9f3d63e27231b82f83ca0805b288d2b91c04e951d8a0d9f299be86e06

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 451fb91e37cd4b51837627754f6ad791
SHA1 642eb77ab6c92e5ae3717e7c82329ff7ed9d4152
SHA256 e03d00c1352a059933b4d22cc9fa21f13b390e4f5ff33d6aa19cae769cae3a7b
SHA512 dc8f3a8032c9e1cf466a5cd038dbfa3daaafe4f69aad689d0c202c2c297e9502123fbf38078411521979563a0cf4d19bca4ff02843c05726fb4842114a612828

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4088c0eca69e938077dd1bf193ee8fea
SHA1 845d87b9251180589aacbf0a1cdaf5dccd5b075c
SHA256 ccb773759ed5ea61db69a0751c6b34eb77f2f68ff7b0b203972b3fd560fcfd3f
SHA512 03ea336e12043d230f83f136b68f141d6b6b1910faad65fdb51ec16ccbff9bb4f445109e146ee57b257ad90087e252ce3e9891e0ebbe86d82f5a7bc6f7f6c616

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 f196e7826ae6061d563d866db77b87eb
SHA1 a371a0b3497ed510431ac0a0af3699988c1f0650
SHA256 2584d9617b200c24757324e9f5194efdfc6d8f316c63f615a6d8915a235fd137
SHA512 88f3c6620256497b987b6f2757129b9ecff79492196be5b8e726af1335a61f2181e95699081991de7b296b0ac31ec5189e31290479cd152a1d3f6705d0aa9d4b

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 23e940246b34666e1801036fd9ac4820
SHA1 c6e21944963e6fe938dcd11b5c62ac3a375c35af
SHA256 d1c206c5ad142e2c5380711f288d3322e7c7bce948e83a6c229cac1922cf1a14
SHA512 cf4b60b180fbb938875a0097cd919cebf3ee3fe7ac45f48d1700ee39f6acd33b582e2f7fa8b4b818c03e23e58204df406c3e296c456e8ac7bd2b48f737e54812

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 177902de4c1e532a3790f7f911dfd14f
SHA1 c452682ce571e8268f54bae136fdac8dcb036b1d
SHA256 ff65189f35dd1c656b901b0198a0d8e25efefa873037c5e60b1e1d10584ea6de
SHA512 9399520fc65c50f66830cff9dbd42453bcaf2ca6e972169a121b2e14695fbedd24216f42ddb757cc50d26a4891ad5976d3f71bde480f6bf827e1ae556ef22269

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 1fa1266b9eced326e29878b1605f1e50
SHA1 02ff603030cd351e5d5d30e61c61d28c11d2d2e6
SHA256 3c3c83bc4b4b59868cba390be4f7780a3808a01f182ce96ee7c8b089a4032d6b
SHA512 b9c411bec91d58437e797ab95079bb8fe3565568e4e56e445f99b07754a8a696a89a9ee7aa504b55be7b39553049195742985246803d9ad2afbd1e5b825f79d9

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 c2f6a1f226299ef4a8a5cb0219a6e12d
SHA1 d486d322e3d0c1ed98af302cf044738a3348a884
SHA256 2a3f4de4b654a8177cde04d88334fb1a1fe2f241f0112c8d38fd656eb0477721
SHA512 282f2a36edb87adf48578ea1fe064745fea8e1fe64ad2bf6fbb7694046215e9fa5e15fa00a3fd4eb860874d87449fd03f3a2c7130a525a72e112df572c7484fe

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 28df09f46bd1fa6821975f6952a341f5
SHA1 cbf5cae460afc4d0c311398d7ad97c24b2180f87
SHA256 0b19a216f750c5d25d2ec77601d605994a6b180aec888757b71ad9b4497be03d
SHA512 8a0821164e1133d52f6f04b022c9e8cb905a66b56a1b1aa7a8f9eea2872f27078287d68823e420fbc5128ab577c55bcd58da0c9bcc6e81d1a772a4652bc812fc

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 59554c30998bb0f5024c971199b931e9
SHA1 1468dfdd6706e5646e0005a2851bc989d6dc838f
SHA256 90699c97c87459cbc89e0446bfad04317894d00daf709488dcc374f614abae51
SHA512 d55137c9270eb3ca7ff7c99591a658909b4a94303592111ae8c3c3e0517a3f87aee815e7c43fb82fd0b24ce621606f13d44ee75ab6eaf3572e86de440e217061

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 fb4ceeb8c19d06c980a15eba3f285750
SHA1 007ec38dbf0d67b4a6ca4a1edc572df66ecf7e8b
SHA256 97d4dc2b12586ebb8ab88e88163a53d51450122050323f58a9c6cc1ce1532f17
SHA512 cbcfca66018d10bfd44e90412d1ccc6104ad628e627ff28e5f302c98af40e622609949418c4953458d2e952ee42f5322fd6b3229121dba8f4579dce91554c81f

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 be2c22a1caf095cb482ddad574f0cd5f
SHA1 43a92cb07e2774186c17b78316200338bda0f6ae
SHA256 350bf5d63cb1789df4103812ac71a066ad10039aa77e7fea1dfa4c6f09d4e246
SHA512 094b0f65618aac76615ebca7fb6754fbb8a8fa98e7eb5dd06ff915c0dfcee275e145077183da162de21a42405ebe7b4bcbc16a1c9c42a6ddccbfbbdadedc98ed

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 c982491a0f671fd240fcc30b180161be
SHA1 9d8caa84aaaccc62cddcc016762d48ec9acce6d5
SHA256 e0d7af4463b990c9f18587a7e03eabc9a8b4795e5b9a79e6171c99f35266ad1d
SHA512 675ee55fdf76a8b47966f32f44c782344d264a2de8c08cb10cdcac60dc97a42750c57cab11f736f1f65e1c76b2cdaedc58ca8825a5eda0bff7a3d39159292aea

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0796968b1c46a8a33d9839753ed91e41
SHA1 1550855daca23f786af3e8f36c4b395cdce16d5a
SHA256 ff329d9e4066796d0ec4ad8f83a1e016a0fde0ca8dc3d51674e0b163a1102d7e
SHA512 146be761e9c85baa162cb613e24339d886aedf5f0d94d99baec0a9a68793302792084086327f5aaf6fdba67bf4c68c7ab1b8a93655f055a61ef3cb31c8913c84

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e3cda95db7d5868cb0cdad1989b35655
SHA1 40f663e63b8cc6088b61b3400a1b8f8819e986d1
SHA256 02a869fbda3e901e2afe6d696f8abb5530b36e1b0217fdc057d7f27cc6ef202d
SHA512 459809954978c070af9f9d291dfe49029cc70a77c819da3c9efdf57ad1283cdbb61fd5b3b8e0bfca14995d185acceaa75842e8835146b5ab167f97729c53e3d1

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 482932fedd362fb1da9724ad765adbe6
SHA1 92673921b14f0e2db107d857351c7bc16729de1a
SHA256 556dea20ff8fcce4f16c00304fc59b29ae73f72559e8a080a0d87e1cbf3a468a
SHA512 591c5425ea9960eea0c4dc71768aed3885b30af27bad0d9d05cb67159ea44762bb6cf90b4ffbd682085182451d17d88428785483bb40d84907c30fab8dee93ba

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 fdccba04aa8f9bc43dd9a8db69fde56d
SHA1 2f76343ac1546313bb848feff53d330fe91f0ab2
SHA256 ae2fa59c3b6ce02b9fe6a30a0d5c207e81aa15ee42672afb23cfd25ade89ec16
SHA512 2ade0d4465f16cb924d44e3381cb85ba76312c8b56dbd3bc4168bd766a7429f2640a448bc28022f6dccb078b6fbc0899e63593629718704e1a8eb92d4b09a62b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ec4fecb4a0f8cb5a7a34f49723a4944b
SHA1 e89d6bb1c897d299a8bc54cee69a7aeb7e5cff15
SHA256 a915034ab83a31183f68e211148769f37ae183b67e764b41a93e5f64f089313a
SHA512 a680d57b30bc92f7e2a3bb1c5020adc7c1a2c47d60896f1c747a84debd58e047f4944e499f3dfb4e3829d82df977ed357c9248ca7dbaba3bc2de1b028b5940f1

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 49dc43a81a3d2ea781a362db4729c9e4
SHA1 8d0a66513c38fc7c1ff01dd0e6e9f1a8ec92f45e
SHA256 43bb7182178c9f787be930e37c753e611d342464b863dac631a022955e9c0336
SHA512 805725d01d83b63bb724a8c7d16b24b5b839c73a14c73cdfe689fcc149e956dcd77986dbe5739fece7f0e819d5798dd332a800c04675e0fe39304511029ca589

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 4f5b34563f5bf94ccfeede441a22d7b8
SHA1 2f66c65ad016cbabbdf0979963257c28abf9489f
SHA256 4fb64d5648d8ef1e62ac455e00f8395ed2b46eae7ce0c357c10948c7b9db2e24
SHA512 b4841c4a8d603b3d5b9fe5569851a6b8d0c048f4f12a9f43f8e75a25e6dfa8c285d5118c42c5ee6895bbe445ce0decfd5fa1e75fa36896d2b785cf0cc0c537a7

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f608b951e6fbf94e6e52f4c4d07c50bd
SHA1 992b7f5ffd67cd236a287f0002f25d859cbbc56c
SHA256 2bd03979e5239bf02ac37116a73d334b387ddb95870ff1e85f7711f1ca570ec8
SHA512 7675acbfbb52668224fca4350bfec38fbfbfeb25861a535f9f5d9c318338b502a35e48197ecb28fb461953ca97db62899235855a1e56aa1e68a3841a1e0ecca1

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 d6f8bc5c98dcc4f4e41c69e887103821
SHA1 5f2bb6cdd7191399561e19bcce8918fe01db7287
SHA256 3ef3e4bb83048bdcbbef2ea920d18f83943dea314f7202abad7417ba0e1e54ec
SHA512 4dd7553e57ef6c5d21a832bbaeecf839c79a1b362cc21ead0ce6f439dc5ee1c8526c059b127f5b8703779df0f586773b9a4005f2de611a3703f4380fb3b3ef6b

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 0a0b6179a0f9d6831a32c152728321f0
SHA1 bed43bd2dbeaeea4aabc2852066593914a82cf33
SHA256 53f583aeebf6c3403ddf5586a1702a02306304ceb0e17b504754069eaf7f50a9
SHA512 79e54dd7e0ed78e9da83e5cfbeb2684b135374836d559ddd923decced5322cd838124775413956779632e2b63915b47165bf61d974ed687c1bea398f2cd67cdc

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 8f76d997bff4136d4e1cfe1067aa0edb
SHA1 c67db428ed1c599e8760a9a2ee7d57201071336c
SHA256 87fc2c71a2d12479362af13860681f2fc7ae088fe4f2db8d9ba824015a39ce58
SHA512 fa82ed92d8ce00e1bf63d3456d23a0659cae4fc55ba79e3fd7e2905d4b3375a643625daabdbc4843eb058a5e7d925f27568af5277ae190000a5414f080dd9cd3

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 06e6bb8c4412bd192b9ab90947bf8d78
SHA1 2fa2103ff24939498f2477586c2972b491c3c1a2
SHA256 9e8a75ca74623fd003c62b87edb314b7a451342701513a3ff001c47c6756551d
SHA512 9e9b4766ca335cfe7fdb65994f57f8522caeed33cfa6ab33d5bb2c8927482c5ae79aecabd1e19d78adba35a7e85dbcd806990976e0e3ccf41f950dd1b78dbde0

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 fec86bc059a65267be2e800a1f84413f
SHA1 89b8f241191013b5a965f3ec2baf1951d71c3b1b
SHA256 beed44dea45f4690f8c93cfb966764583898f7633bc9e6be545d7ea6ede9f11a
SHA512 28d33e18a289539173f24ead72ace43efb0306fc734b50d7998e89065953791bb0c6a7eda2d432d7fe140b6bb0a71db6d67971725fdafcc0bfcbe8a87f4cb3bb

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 156387b09b1cb05965ae146c026b6624
SHA1 734632f0e75df970a8e666744dc326a443dfd6ad
SHA256 5286b8ec66d4357b0c8bc40d54efb889a93d67c887ce47e4ef755f2173e2a165
SHA512 f7fd7c84ded3cac7b58cd7d1cd71147fce1813a6936b73a54ee346427b7fc2685a04540a74ecbcaaf0723990d1f395bd14e291645ad41b5939f6735201398f9f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 b3da68f9e0b6412ea8973d7443511d49
SHA1 edfcda297afc21b0038a20c21708cc0e0bee2d80
SHA256 9148731e1999d0c53f788042d909c6473a40549e94031d588c2d59abe0171d32
SHA512 04f3b5bb30bc3d667dcc976222bf3fa7d18729f53c7f270e2219e201052c0727a60132eccb2abfcd0b563155ee1f787aa417b805a73ee1c63ff1835fd9d01568

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 3c4e45ba1995c07bddd99fb415c09f82
SHA1 3f8f8e4a7692a1a2aa59e6d404ad01908a9a513d
SHA256 9efabda9aa2362dcb54a7059022c8366f2e6298ca3935a4956338c09612fd6c1
SHA512 05c5e93905f2b202e2c42d41ccd1948f26401ff85223188a44cfee4bce562ce0e9ce11d96505e4a25d6bf3f0469e860beb27ad493874b25ac349da7ceecfe2b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 c345ae00d4601df2265092757f3164be
SHA1 7a82549bcc7300de9962bbe63fa72a9e6936b2db
SHA256 9a6dfa62ab14228445c1aca4612b69c12772b760ed34ef29e149fcf6a10a9749
SHA512 8a1ea535b5ed1a8d1cdd7d56bdca954bb526108d68d1f18f8be872b43516cffa7212469b7d576981f66a3edafb691bbc0668a0f42ce6be1f87d9fb0e06afa46b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 be2a6d7beb9a533fb10b2df9b966870c
SHA1 d5dbfa829df4e722dea134488cb88c28452b0064
SHA256 b5e2707ee49a4f65a6dbdae101f2611155a02501c0661cba5970120ca02e4ce7
SHA512 43f99deed89094e8a23258e60730855bfe6493a545ab9d27764b3a8a1210201d81eb177f62db709bdfcef843f5f63a6d7574d350f79d6f804713512eceef31e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 2ca0aae11758d2847bcce20115741d3c
SHA1 44cae0973b0a52e4061f7e129ff1b32bdf1806ef
SHA256 f88d6e6aac5ebeb5e910d9a736aff98c181101fa716854275109e85dd369c8c4
SHA512 6f516763c9517e8749ac51185573875bedf28d2799aea4cd17d2fe785249f1181e85f0bef3c68fc88529ab918bc9a8f696b265a5bf1aa19b73ced00037e0e4d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 e9e3ed0b02645fb55b3a29f58fe5998a
SHA1 9b9245a13de3e63f7558241b03a633302fa2a232
SHA256 5f8f5d756fd9154b9573e9e2134225f8b80e9ef0beff33299dccfbd8530c75e4
SHA512 91cd92fc38c485d3be82e70c0c1fd1411640836ed760c707a35d86d5c9855995ebab379334d553d188abff3864184ae4531058062018c81f2cbf370325c57f0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 49bcd27ac1249164d01856cddd94681c
SHA1 afd06e3d5b398bc1e32f25dcb70d6df62b12465d
SHA256 ee01c8d9cada4ad58b90a30d04fcb8a70725bea234feb67f4cbcbf6bc3fe1913
SHA512 705d31cf49e42497333408d15b5c49fd662f5f3b6acb05ebeea5cadcf4b7f03809b6e58c7eb1195275ce0f945e4b6826b03dfb9dec8505908a2442e7c68c5d97

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 5f77a12a67a2fbb657be939fcfcb6004
SHA1 67ebf79b07ce05ff1aa8d0403a2c01afcfc630ef
SHA256 3e9e6c1158841fe9a0c0f06be9b47faa01d1e586c697675af9df4ca947f0222b
SHA512 af98fb358e01c9369c06f45e24338d2a6ddca7c81997eb58ced339aafdfe9b82099fb32010b8d6add7daae54cb92097d8fdb07bdecfc5e833c42966bedf30dc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b32a4a2766e85975281b05f9d8dcdd48
SHA1 0fbc4defc59920426409592a0ee0b809bcc1639e
SHA256 d536650e3b79f4d67a8766145b4ae367884c1681192888729fd9b2e3787055f3
SHA512 b77624fabed4f6958e6716fb73f16f761b1d0fa73e0e699e66049edcc5778eb41c749fa9d6bbe9c6d3d46e73ce346dca4687fdee53965dd66614c7fe4bc7035e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 a6939275c70aa54bebf748841cbc6a8a
SHA1 20af6d3c378968af908382572fd85ef2f0a9d8c5
SHA256 33776a3c764a515a02bd4df621ea61c69a3b0d2925d0bf72d0c7a419b01e4202
SHA512 2d143ecda6db43b11357f5fedc1b9284819a44fc530d6723a29f13bd0ee55a86257f07ee362bd16c31e1d6b2a94abbfec32c8c7fb45fd43767fa5a52b44434ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 bb5e8639deabb45d47c94f79d6b64b66
SHA1 aed8e76fe7b23c79a02a557e4cb0bcd78c9510c4
SHA256 09116fc24ee84a322668615cfd9a4bb2c4d31f3451822b26b4c987b43cd4604f
SHA512 6a557c39158c9dcb32ffbfc663163b7fb127194588a617f8b591470e6ed71d279e63b7aef161ba5ae5f7e6b2ccbca087288962a56d7a416e56a59c88966e4bfd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 9552e134e49486e424bf3fe23e4b91f9
SHA1 7939b7a1fd83d9f01e02c7fa70b57b65c5a301b7
SHA256 21d4a17e1593847a2671a39a73cd35090ca6cf6a41b9d8379546387b701ce436
SHA512 08186a3362c1cf765b05e35a1f8bac3d06aba34705ddf90ba9e3446fb6ab7f90bf326e40e597531c0d1aabfdcb7f8f6807b2f8f567f4f0e6693fba4df68c7183

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c4b67dce9682dd4869e14b5cc680c5d2
SHA1 11271c7a094eb0e0f01dec84a9e7ceff28463e93
SHA256 f29bb293752b694eeb7b3ffbf986e04074b714c9eaaa2ead02e31b706647c25d
SHA512 3c79945876309d4a86447bab58f33faa06dcd0d0b89598ec9204e5abcc978e310b1c5133afc059e8c8e5a72aef597f2b4977344cba18657b124a938bca341e2c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 837cc1e7b1649f0d188f4949b89a0dfa
SHA1 1b7a6944f5aeef5dfb7f056990ad796701af1867
SHA256 48b307af6a44b33feffc708a45990effb70a832b40bee239bec71de9a57cad98
SHA512 941a8a1530b46a3891b981738bbd93330f9bf315a2508f73d69e7cb880ffa9e8c6bad4dc88cc6fa5b2dbff2fade19d57396d0b029d95dee08481ebbdd78b96a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 d93ee65551ab7cfd8fffd6f2c8f720cf
SHA1 21069ea6d97b7a4003fd847fd8984dc383e2c585
SHA256 d59d21c4a5534c7847198bd5d242f4ce1d05fe056d1380a36b6afb75e2729a71
SHA512 ab549c0717088d0e5bbdb32035d794459a5962ed9b6cf4164c51b734c59d45f9b7aa44c31b36e185ae675a7f7d2c8712ce671243aea98ee8dfc617b3ffc4d820

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9fa77a0e7c0a7456faaeb1546b2b9b2e
SHA1 a6cd57ae3eb3e7bf207d2388c5084fd994d770ac
SHA256 3a5b9a6b79d6e86d8ee0899aef49fff80aaf4b0a343c059e87df20e49b388dae
SHA512 bc655a490807600f773e3ac2f32c0d83aff0c1952454949ce7aab5499d0b8f9df1921c11e050d41c1e565389a670982e7e054f7904df4aba336af0cb5871d830

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 855e3ce9a04f5e254b0eac6ac490ca90
SHA1 2ed8d9026726546b159a859dc5b7ce013e2a43be
SHA256 a54ab26fd4600c0b0324ebdc7dec0999c3b04109b14d2ee841d20021c88342ee
SHA512 40784a478310fba2f526383375f735d996e3fb045e6e7fb454fc999e823655caf7a89f947c9c12442f23447502c1465942de920a8c12042d7abc219ce26143b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 99a9388d78e942cbd5e4b69d089ba186
SHA1 0ebbd2a51622ea5dd70d9db374d00b858ab66159
SHA256 88a313cc368f03397dc83c533a8ecd0d7ab049a11e5e292678f4afe20e520482
SHA512 792eba53c9bfa8a32f82017b8258e68fd67b366415c50c5767738834dad4519953ea643b1a96c7d40df9cc1bec1571d91f5cd38475cb6a957df31e5b2964a315

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 c16249acdcbd1b96bdce2298accc57b1
SHA1 4f59ada61692464d4fbfc1a0728d3f592d8a23cb
SHA256 2076dd00db3af55f6051d707d5784c37b6b6ed42c4e5fe67a49f3680b5228589
SHA512 646b8eee383c65fd07074030abf64fcd1736d47c70f31192bf60e001cc35e53a05b4deb97b17844f69ff1255669ad451475031799ce9629c0c6b3923c0b7f117

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 854e5e647202e888fe57c1c1d7fa9422
SHA1 dc8c8f6c57b8d58b52b37b19662bfed2ca58888c
SHA256 8d5dd57c3a07b0a436b8a40e54d61b350e249d41cedcdfec02783663a2ff8c8c
SHA512 fbe8b6eee8fdce857f6072ca28d61253001f6483a96db600aeb00ec9c6d47482c15f5164da7438d08fbefc16388aaa2bf32dd6991ad1747886211c3365a7e789

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 64b6da14297796d256dfa9cdf748aa53
SHA1 01d782fb6f69caf3aaa5f52234c6b0561d5e6721
SHA256 d714f7ac00646ba94fe45a24ccfe218bd44a29db3a18d33efbce004789f38433
SHA512 14276ec81b1d07164ab1752d5fc0c7265d84d7409659e8213f028ebf2c5dbfee4dc56d46a3c332f85638bf96efb75199b275801a2c72e594ca39c748773545cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 8dc94daa2d3818dc1f896c738d69a4c8
SHA1 e0f1a06fd789226057bd7a3b4c86bf01eacbf616
SHA256 d2f85f7331f1cc8283123aad60fb7729098c0482d642a6b4148368eadf665d00
SHA512 8cb578cd898ebd81542b3466b226eaf7084f5a3ef3349954f5b5e6e9a5f3506551fa87dbf09bd442255523d62fa4c5fd03e6ae09fe7240f1c1946b2a489e9468

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 77b7cfbd602b5f451fb77b3d8e374e32
SHA1 29b8f473c70c9603651e1dde36e2ee4a34d44a86
SHA256 f6cde080823a327d26b65333abe5ed32da3811c05b27c36843de61dbb08dacd3
SHA512 94f6cf6695c395e11a234a6c6938505a0186aeed12f1f4154bf550af8f22638b0c04b406ccbe075a8defd7867f1f19823b8be9eaeb22b3b68f0cfe48ef9beef2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 0613bae907f9ee1c103190e8a4822b61
SHA1 a00dc2b4c04a3ec27f97829b92ab757c402238c1
SHA256 588ea3ebee7741c2711de69ca5f6645841c34e91a9e3e421c8ed756772323eba
SHA512 5889d284983150e317f208795f3ce3cbad1081a8d843c5fb56fcb1cca8aa113ba0c173023e08de986430ab8b2c8e70746944e48fb1d1575f71fef9c636cf23ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 17aec4389c101e5e05f17da2f90c9d68
SHA1 f2dfb0382712cb72f3269c58a91782ade88a5b8c
SHA256 ee10abe4e0114f1677254bb89d51339b4437d013024b283587e292bd71f0d59e
SHA512 c4bef51ce865882235826c847b95266dc4907066c5b7ef4bdb3abba99de3b8cfcde2f2e36f361f39e998e59d264c2544d041c5b8de6c4871b28ffd9bc363d256

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 866746ee01d6888e76b96b1c50ed9966
SHA1 61aaf5fba4a21460d13af25ce63d0f47d1992b2f
SHA256 9c7cbecc0d97a1d82e4e32872f39af6eac2ab0931c541646a16b503b985419f1
SHA512 c6709e6695bb66e5ce1dba25e20fabaf53f9f09121f218b77f99cf1957f30a28804ab9de8f8e17af59c503a4737e1080f2a90e530bcf55cc3a276cdb5c2c104c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 9fc0cb54766d2ba7ce554281fe51daa8
SHA1 48ce088d03f5c1aefa9f2b8a84c0bcd80485916b
SHA256 ee75e6a49e4d32a5e464ab6eb8300295ab9e4bd94982ee646aa4de2abd2f09de
SHA512 fc32f84e7ed9c2ddab316e14624463b64a12bc45ad912e7937d34f582be8a6985a16a182cf61d363bdb5549053858610c9b97f5af99cff11289e5935a2292033

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 715183e2544590678a001d7ed39d9929
SHA1 b9515eea751fae5c35f8b00ba71b33baeb89ac72
SHA256 0b9334d0b8aa6da923a6d7827610268a3b66a2d32ea8aa69fe49e016014c35e6
SHA512 6ed3d5d1a3e8b9da5f6a6d1cfd5011be80c62b578a8efcc6048e52bf1ae2fb351dfbd33b3746d2d685ed96f820da2b94b994b932ba30fbdbf1d63a2bf623e965

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 d96b18500123d3431749a98d0f056e63
SHA1 a409169ac3e1f665978c389866c87623c91bf88c
SHA256 cd378891d7209d1829f10e01a8744212a68bfeded1f91e90ce6f21691cf1ce87
SHA512 0d4c202c93cdce6972a3bf7c7fbfcb2221bc41f9d2a6e20b81e7e5b993b146874e52c79c9ee11bb5e8ca7c6efc2a465a6c7998106346ca71f9a30ca4eb44a569

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 833dce08a3cd54f9b0d91474b74dd852
SHA1 68bb0c9a016e73917cd3b8e93b52ff31489a925a
SHA256 b49a40a4000c88c9afcba03e244ecdf3b87281ae0ec07d5ae4610bee2a711c7c
SHA512 32c546527edae847e3ec44af0acf4226c5ba05ba65fb37d72de9e42a318a9e853baa2ec02796c431b8bb9b3135de69fd1c7ae377083766c5f4b142675a8d194d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f9e226f3a34b344763e2c5e11651735b
SHA1 5302d0e20bd506a9dbaa49e5f9a49fe062c4d9f6
SHA256 2004afc97376701e6f8859841e8574dd62cab0d2facd1567eb286f7485047632
SHA512 683f733879091d93f633834f9503d0acf84ea6148c5867a4df0df01c6322d4ec4a428cf2d060ec5648a8b82977b33af8a20caa24f5ba8ad4f02fe3da41ac7420

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 6513d3caf5653680a90048dd2d684653
SHA1 1c21d6208cb7d4fa55eed51af11958be591156a1
SHA256 bf361ccddfcc1eec3b964c18445859ede3a9eb14d1dc373df0c062f15efc3447
SHA512 8d2520577953e6b46e3cf4ba56130c135561096839d506b67784214ae2e12195d730d59f3574a095cb5a669a7712a707261ab31fa553527cc029e6cf933c4bcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 0496a81db23299c9afb532a10b64b50a
SHA1 3468efb0d8aa1a11d091559265e5772949c26d2c
SHA256 eeb611693f8791cd7b7d7e48c85edddaae4076daec0b70d4ed95e415b0c2fdd9
SHA512 cbee7d1dd3b91c828f3f7b6df2e4013dc695a128aba8de7a79dbbde77c857251b90e64a3d13e986f1c8b7e2501e15334cd4925cca2767de298f745f01bf478ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 a77b128a00fd344ce36edbcac5e80e83
SHA1 47375de7160b97657670e4db9b33d6ebe5972dc4
SHA256 a0b690f88527a1505aa4a520673cde2abc8a0706c55c0acbbe177073c3a328ec
SHA512 9c8c2f52425fb786b187991934fd4e22d7efd7c6ec7dda1c3acf42043a83253b66383bbbd23ac1600a89b44953958b51fef49b4bf72f2c46d0c444199ecacf20

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 1be4df934ace7c3cda6afadfacb12af7
SHA1 45b3005e17ba14f672d1789c9f973eaece74c8f2
SHA256 b810f19ef1d2d7cbe0fdb5d54e2fa975de049e6bf2af2149a07cfc5a2c2799fb
SHA512 bdbc90b5144a7ba5a00d4dc5e4a6b755489e76d102258c9d356bd7d242e7eeace4953f5567a29afebb5e5c3590e94e122ee0757c7bde4831af936df0416be2b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 c1cb31240638ac4287941d57e2361c04
SHA1 792d7dd749dc7256708ca7496d6cc8a35eb9837f
SHA256 86ae792815142a1707f7a23ccdeef3cee65465cf8e58adf12d7970e46efa2077
SHA512 0cc62c938183c71203d18613e234e75dddd250ce7acc84a197638948b3f12c9c32f925b04819d2872180fe5ad912bf4b229b59183bb4c7910cf8eca5b5484d48

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 6af62694f5ae2411af2d5c7009feaffe
SHA1 581ac00056216ca2459b64e35e9f75a96a3a15d8
SHA256 25fc6f25c8291c639e9304d182e07b0bf149bd067cbad10692621635326b7586
SHA512 600811da0c2e30bb55c7e654cc928576daea7a96d56b96a5323c9be7a771e99fd09cd8a623d1d93dfb116fe4f56bd24821d085bf949240d49726a548a792688f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 b350182b119db7e82ef5c8c38a77a261
SHA1 59005335ed059a3cd77cc32d4713268a72476b9f
SHA256 af3b3b9c815c8b25b49c869001cb1e399338528e49b1b32e19b254debe2109e8
SHA512 26c3e5c5283b89baec1af1a7ba0cf723af9c712aed5a2eaefde07d31b8575ed2f9e2f755e4783f94e8e7827a749c5045d3a42480cc6455fbc673f8970d45b502

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f8a2d6bd3ceef9f2f340f0de15ff6297
SHA1 d3a1c48a95eafd2c514b58b9dabc389a78721f60
SHA256 fe302575101a291720cf960e9371d7ee17faff2b257efc4804e196eeabbd9a51
SHA512 b40c0b17bdf56bee086e22c5bfab69bbd766b502c140ecf2e5c164d45d9c80c31680bb7873e2dcb8028aec1166b70fe3a40042914ecdd865c8ef380c75866e76

memory/4928-5504-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-5503-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 293719191982f076b62c30e49e4bce56
SHA1 b8394a9216f70d5d6c3fa0e86a27df0a347a9a12
SHA256 396723c75cbf25dc58a4760af04c44688da539bf45b48b507ad30989f2159b5b
SHA512 93745d9b440d2059fccd17450d8e4f213d8d607949efb8a851e28a60a12424bda788db30b49f2715751976abd218f54a185caca83814558aac1adb6e030afc7f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 a47388965ae190fe1f5699f631bc3e65
SHA1 8aff23c4e6aa47f9777838c68d5943934c6ae043
SHA256 f69971bff2e2f6b3c31ecf71c07e8e7d713006f6b4bb09cbc8b529b96219f4b6
SHA512 fa8a87478c1358a8d7904caf327c2dfaa52c07b75bbbcc3212cced2ff8de51166103289e9670efced4edf0b003478546aa4c50eced832fc8f28a2b2711cf1616

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 9d3510f3ab80fa510e3600be70f8eda4
SHA1 0640126e467f7f41c897fffd9539a933bbbfe0aa
SHA256 a163b8d81eba4d3554f3bf57e56f0ed2325df89621e786bbf4b62921a1e9ed84
SHA512 a972d957aba337d67470c02b1beb94dc4046446545b7122aa02fff1b8ae438ab456b818541c5f435e0a9af7d748cb36e69b7242ae164976febf029ed6fd75818

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 bfd6f7c593f63f407a2d452ac459a809
SHA1 9df14e1045582cc5b868b39a1e6e3c642b66a2a1
SHA256 428803fd58449e1e83dd012343cbe14293eefb53afe973270bf21a3551f7ac8c
SHA512 f1dbabb31195ad152f3e6c567ab3ba77102949d1fe36040df431c032412f2486f614c0d5a50ca1fa2dccf4710d9f4a1853e6b035c8c8b0926eb29c2b40b8ac30

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 9afd3ce5ae157ae69c97911a5de8680b
SHA1 062beff650ace8eadbdd3370753369337285e2e5
SHA256 48c12748d251fc24d3376936194144e6e3dfc94a30f42ca6f3676c6f5eb68572
SHA512 778f6c80d7049f0381e9754d37c5c7ba39c86ea67762348395e96c9825fd2ae3377f27772a5df4c7dfeeaf8d61f907cc6337e1c656ccf861a4e2d918361b09dd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fbebe17fe31f2dc8a645dabc9c976c69
SHA1 b26e3ef16ef8dc2d13001f7505571672761d90ba
SHA256 c51ad52f3667b8364da9dcfa96793bcfe3fe284ec75d8c2dd695e43fb3879b15
SHA512 ec5ead08322bd5cc65bdfef77ac9d68341b51be1a40709dd541434b240aeeef8559e2100996e00072e44ce1b430d9861a9ac29416902d86f67963e7fdb8b1ca1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d2c0e5dd62843253272e90ba33df8185
SHA1 238d28920a3465fd5033fa2b547a83e1e148f0c3
SHA256 776e88a8b28bad5e0bef832d855a9565a5134f4ed0041610d3fc2fe31cc6d76d
SHA512 3a8a11b42224a9d8448d54f8aee7e515c2ec58ac0efc2dbb279518d1100b19402ebc409ea9aa222444e8abbf2ea186cefb0f308e38c0c2ff3cd6e8b7e953b566

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 17ad67d1985501e94cec6394f4a21dc2
SHA1 abf3344c96ab288efda68b3eb997d8651dcdbc39
SHA256 f75b142053ee21200d70dd683ef085e1b078ae3cc546168ae3dcb3789f87b951
SHA512 757b4734ebbfb6aa63e0cc97c6475a848c556c96d0dd7db81545c84d1af617c6c0bf670d8cb8d5948a1ed9e9e7d7f2f134b78e0b7c6b52bea1061ac2bed3b06a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d449642291b179259b5e294067d835c6
SHA1 7e52e4928402e67e5ac2199549fb32ea9522db6f
SHA256 c6ebecb43d192ee0c6a1e4399ddfd37ab6a071c41ddaa1ae7d0f69d8e4c1f887
SHA512 b9904a9ef94fe67607bbff530c2ea296a45f3469f6d61c61890cbc4b19e5cf96a4b9a155559246d4c0b771ed053e11bf2d75d11bc615ab75ae6bafc6955693dd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 eecc7041cfa333012c1607bb73a0c66a
SHA1 d3e30c0e4d4079a3f3fc162eda1a1548fa6cfef8
SHA256 82aeab79eca6a952bfc7920b66350492644990eca4d8e3a8964f7ed777dd5779
SHA512 9a8ed27deb1499cb0b24b92e138833ea8c36dd0ae35e336bdd114230b2bc19db399262188d6b8a63efb2e866b8833efbc9ec4c77f094cc04b14218ac802684bf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 5f3f91c680b6f633c953c31605831fe2
SHA1 5430d91cf3a29de734f4c115107fcca9922322b5
SHA256 b4bccbdf1afe96012a2674ea5b52d46eb89d5b442f845ce9bd0e5a7e5cc97779
SHA512 2d0a9f4cc422eca4596e4de95d8f0f4a896dc09da7c5083507b90460b80ce9b8d0c41ea1b0bdda77d4dfb26e0a04d4a3886652b2390649fac70b3f105b0424ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b92e8e6355a7f4321ec412dd07a337b4
SHA1 81e2cebb30fa69e85dc6496fbc2e387f1116bfea
SHA256 03740453540a5a7876c57e88303669ac8f4f3cc700e04d34a6387b09bd18aa9a
SHA512 9113ffa558f8c96cf48e4a3ef73b513dadd471b7d5e3f1874afbf772dc94c9715311ed3ef8e2c57a35aab3852625dc9c086de35fa96f5b1301fdd81c1ee77a64

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0a64a973bc55ffd02c7c5d8b84dddd21
SHA1 49e96b981a637167d38f6ddfd58ee4049827dfb5
SHA256 1e31057dfe6d1b410cc2a9ea1354bbd079927bcb4ce27058bc5a9f80abe80c18
SHA512 7736f9f121a9a61926b12404189b1b9b17aaca834ea011fd811b6e1e9aa34f0ad9671c10e1acd61d79123925350b1ff9f5e652b4d485a320a611429de550a50f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 5e97dac33f223ea9bc02f32e015fe223
SHA1 0883317ce1162e863c5c6fa76f4a27afbc981651
SHA256 6c951fe2536bda8c5a0051d7e4b14a3542a3d946232f54ed01adff7361a9480c
SHA512 079cf36716fb742d96d9031a7be637e2a3d448bd9bf2dc56de8c76cfe6a2420e7601d307e5dcaf97999a4312872a52b078b17178f142b0ba83e7707ac6317400

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 5792a608b1320f18a85bcba5779c65f6
SHA1 dfde1b3970643a9a6b5e2bf06112c26615760e6b
SHA256 3096a66859b2b9c0ff250d867011464ba7a3f73ab2be4784d71910b70c8c6150
SHA512 81bb26eab77e58b895799ca3d78e53dadf896b5fc54c6c3954a2c1d75c854ee5fea7e0e43b0a8d54e8627130b5edcdf1534a4c40e417f0431a5740c1d1300162

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 df1b80dc937584ef39aca206f36ebe0c
SHA1 63ddb17169c3c47b9e0aa10d84db76d1ce4d2e6a
SHA256 ba93f63b5675a0050a6912963eb7d833e3b46e01723d1cf023f396ff06322493
SHA512 5f0b64dda5163c6058bce3168f89227af20a2cc5ee5e2871c47cd454c03fbfb97d1a481e1df4fa2ac9428d49cea818840a136aa32f6bbc73eee60e6811845933

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 8f5f70446c4ef773e5f9747a5fe81e60
SHA1 60e09fab6b56307c7de57f35cf0f9e639bbefcf3
SHA256 8dbab18f3aef912cb1ff70557c07356d0004d4990b5a42cfd386fc15de3a36cc
SHA512 c35b2e2a5845b7858522cd7611a81ee4541899fd47de48db408074591999a9503d40951c1722ebd952fd639f7028822b2f77398d9b6c90305423c68f1c0d74b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 cb95644b2ac229d8cc81966ac8e73e94
SHA1 1dbc2a74e222d7db43ed01a708fcbe075a667a3e
SHA256 eb07a9e5b1316a77387b06bdab222d8015b14fbdee5ecc70e636354f4666537f
SHA512 5043c8b4c635a65a582ed7fb7d3416841b6a6ffee9026474a207f41556162048856a250269c264ec630bb63cb1635c842693422472a28666ce185c4311f815a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7b0e540a7d6d5e120f48f6e9acf1f40b
SHA1 a6ab8cb52d2bbc8c03e1bd2203458cc3b2de25df
SHA256 b85349b7b3e634f9e8254d5d1b60a3b274a7e563c523dfea4479644bb8d82624
SHA512 6ef9f39b4f4b4be2060b13cce89af4928c338bcfc0cc82beb5817494523bfcdfe0ec31f6b0293e8f5400ea3e2f3b09f192d0b09f5355e1cf1aa74658d0ad3117

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 86d24fe196c45b536d8b90986abb9773
SHA1 cb6a3da11af882e9e9aaa236c68d064401fdd51a
SHA256 fc683f28079f16333a5cacf59dde8c237c3ea524a1bfc8075c07231a0e05d4ab
SHA512 43f6e9001316d19f53e24d8b8a09019bde0071a1e7808127cef63465a403bfc1bf83b84355f140e943b90fb7732c212d09e184c506b2d4e46656b936f700e310

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 44b54b71ebec5e1480f791f8b46fce60
SHA1 8852c17e1ef60d094718b4e9a4c9b6e2bdebecc3
SHA256 faa4f9e5f1523152b55759c277c356a687a38fba6ce033362877cbf7a7ff1a97
SHA512 77a61d499e8fdd958a2dad95ce5f5d11e3a448dc12983072bb9abd5626ceedc42193b425d1cfe40ffd1cce2577461885aff7baf017922408f365c93c9ba599b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 0db2040816fc34c48838d9c179a28551
SHA1 91747cc99209919df9740d151d07392b65d1af58
SHA256 401266fe7295382507ec058ad764a9b0c052dfd2e5b405899ffa4386f184924f
SHA512 e437c895d03878d153083756054cc949ec7f2356d0d6ab2556c28d880b69d1218095c46c3aa9708d1bfbc15159b4589dd7788ee7e0927313684d9007aed63f19

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 4fa1572734652563b3289297c1e9426c
SHA1 24396deb7ba3e215a8adfed1de939062d3043670
SHA256 9ac84c4452a573b7b1a2a94ec83ff2bf270724de7a97935cbe461953d66cd21d
SHA512 588e95b65b93a23bb893bbd6b98cf386a6d4551756647df9501b744ba0f6dfbe1b4e8380650218853a882b2bf31a0fe285fde7f1dc064422882c68326cc8f1d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 c1725c0505ce51139190d763355a3828
SHA1 081b92dfddc0932dfb5adc5737d90daff54a1389
SHA256 4ab99a87598ec2472eb2afdbd6ed0ed3c4238f1b5ff5aefedbdc8271c21b19da
SHA512 4b59bd6817d337ecd8721c7583339979e3483a3d56dcd1fc9396fda3830804c659de36a4b58cc4f016e0f1dc06c89af0ed51b9868d66ed36415adfb5b4b8fda0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 65a6be9b5445f2f15c5f01a00487f250
SHA1 d17aed64281e85c60652f98b97608e0a96cb9a5a
SHA256 e628e76041ca82d4f67b3d82e57dfc8e3f8a2cc8c399bbde07abd862cbf0a111
SHA512 fb3e46694c554e30504ce184964715601f4ae334de88152ecb70246a112272be53d76da3967ae9331694a47638fb0b397734c0cb2117cd701a26bbe17e096243

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 26528e6d44ba92f67af63625f7a8fa11
SHA1 4d9a90228a80e849db2ac9bdbf3171aa33c624dd
SHA256 e136ffbc525f4f31bfae2300304881fa07bb5168f4a9b35f896a3baf0e580e4e
SHA512 60e2394fb8b20bff8a294f4126db81681e166cf3df7687d7c595a2a7412959cb9e513bad2fd808d2a2ba4f4e9063f94d835ab5a41486aaca23df8e1f3ba5ee3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 5aa43af41cee0453b8f9169b4e838d47
SHA1 b80b2d0226545abba2fec50d86200dac1fd6c7de
SHA256 74b372b2f61cc48874295715e8e08124f474aa3df1335ab66f7674d552d1f46c
SHA512 df8a78c2c8dd4ac3ec847a62b7a7fdd98f7318fdbf48d4367e37ceb493700228ac6f98c67f44fc49a4d484ef4860dd7fa973e7470ad72e9258af81e0136a9d04

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 f5787e8bccb783d653cf9d22caa523bc
SHA1 6b31562b7f92dbf0dd5d2536d46d6e25d4fed555
SHA256 27e63ef8a8e0280976b0033635a5cbe9b30287862ded310c8a89e783a665af10
SHA512 27069fc36a9c6894b3cd999a6388173ad0c8cb5ebcab0181e5adf14b78e843cbed3a501b5096323215fce76b5101ffb7a41f27b4c039d4331aac5d9cf25829a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 d7043ed4f384b8e3dc0fd90a3c5dc78d
SHA1 05e93db5616447f43ac94efd47a1a2742bca15ad
SHA256 3815474723a31b2f2a93b084df3615a2a92d265f54ecb491373c5fdfd5828b4a
SHA512 8b8ae449febf81ae7bb6b262046229f57316194d6123f94d2079cf2d26caf980a386797d7c448892579ef91643fc5f154bad48a03a189f1f978acccdc8a7a84f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 8827e11b89a42c7a886ff008b9688dc3
SHA1 75458785892c119a86daa1799323eef8ab94a99f
SHA256 7464b17d89ffb6e6cf0f061fae6218b10924d03a015435fec0e89591be9ec443
SHA512 07668ea1efb0d4c37d48ad828f8d9fdcb6a93cb9a5c8544e326dcc88233a7da3660d821ed16f5d54e17897df0f7700c4ea1b4e71d68aa69fca3f3f62f6011a5e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 9a2ccfe3a48fe28629777cd96096564d
SHA1 9993bf116a490888d83af2b70b718843104831bf
SHA256 be03fadf50d8ce6273dc446196ade3c1e416faba9f45247807927612bb6258ea
SHA512 62aa44e9ffd619a7e6ef1863f37e715247fff0c3283af0dad4e18bb52d81dc0f1f4c64d58edde0062801bbe7cb616895028c58fc5103fbe355546d269030a48e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 aaff0d3a742a7943b750427d21df4317
SHA1 6e81063d23cef6b7593e8080f7dfce66807b541a
SHA256 36a373927862b8a4d8686a37bb116f8a45f6f560d0c86b957380dcf76e7c595d
SHA512 c5c34c6cb3eb4f1ff36af7d330b4aa8971240da952b4614b310689544ab779474b1bedb98ae5a54c9216188d72bcb960b313635e76af0787caf0e18e2b0f022c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 3b6c76a56f7ed88c6f1866c7c4ad4356
SHA1 bc64f6f73d694429eb720eb26bc801388c883ae4
SHA256 1aea3823dafa88c750f9ee606063a577849970e55bc64b9aaa439bf42e200eb9
SHA512 fa290c7377b7106b439ee00f5b2ca8e18553b66f93d292829c10fb36986eb9f61dda54d97ed4213d9f52c5883af64b44eb9c2995c8a6f5662bd4976612e47e6f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 8672152622372e5e316bcb7e0b8e7924
SHA1 0d6c1698e421947fb93dcd8b41f659fdb1f8b303
SHA256 8fa5c111d44444a624990065907e2a1846e48a7a35fe2107a22474b58207c30d
SHA512 a76596a20e0436b33627419f5ceef4b463fbe141406fea24c98ff68608a7787375b0ac52aa78d803fe2353e1b476ddecf1bc4b09bd255bb33ddaa57e777bc750

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 5e93ee44e346cfe6de9759d7f7f33a95
SHA1 157b37efc1165bfc2159b1b8d9daaa8aa3a8d23f
SHA256 3d933076f38e43f152a801d9d05152067dfb623182c94c09b805da3237ad06a7
SHA512 8ea6f247f7b86e52d0afb62dac68ee9001030dd16fdcc3c1bd8eb9ae51097a6dc0cf2f669ae74bfed2a27bd5d324c4e527aaff7f0d7db25f26c56779f6906e09

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 e5677b33f5f707c4aa87ae73da96b682
SHA1 aeaa9c379abbb2bfcb0276ff93f07ef8170d3f5c
SHA256 5a44a0d38f57d20df084d0d7d3a81f767001696c311ee694f98194b6009c3696
SHA512 062b0e89552bb5bd56201a7703ef52790067edf077cd471bca639655c3dcd805e15421f7b530d1a0620106a736fb29ec7d89bdd2427bbece6d38302c0cd10385

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 13f3a09673ec8da650574aff18e5c581
SHA1 4d5edced3d6ffa44bd0745c8afb0b7b4a02bf942
SHA256 3f1b3733dfbd8340ec9af9f5e3d1f4d8bedd6218f716654effecfcb942c3332e
SHA512 174b60f5c36d4b170597cb428e3cb00af2dd8d993e3e73f5af1886cfdb3ed89d832e18937f30d94973777998df8e93c11740f4629b776ef6c64603f8ead3e11a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 193f6fb705cef44a09da1681e80960fb
SHA1 e75e82ea92b1533950c7f95d1736847d5e2aed43
SHA256 32edb4b8fc0f0d8d7d85f9eb6eb0f5b5227c483f2d0558cf58a6a8ed44802160
SHA512 df1ec33ea93bcb85732a7202d19bf02fc5e4d184c8258014b7b16c35af16b2a5f37c33965f67817d7ca81cfe6d1d32a8d8b85de5c8ffb262fe660539960e2801

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 d32f21448fa3455b2003793a24809f32
SHA1 ef62023505226665aaa4b14e42c2ff9c78c97fe7
SHA256 06ae12b3329049067d88dd98f01387be23bab19f507a4514a50a2dd906aba1ae
SHA512 b0270c0e61753a572f38decc7288588ea03bf134ca9df70878522e219d4ee9593adc7fbd75469a245a39f04038f33fd59026668d04bc2902055f046849f2e728

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 2518f447fbcd6b72fe25b88ba1cc6a16
SHA1 6d73a2ffc84d292d52c0e2214e6e646c51ad0c3a
SHA256 d83e12b6d1fb4ef3787ed36c485a90935e557c845cf52432227f67f7e8817890
SHA512 ec10e825c121349c5ec805fbadc371cc7dd955e1400d6f6c6ac00f4102ec9f73eb2573aa607b6ab43d78463551440fcc312c8d7af177cc90478e8dc5adc76fe5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b32c1cac79b4616e76cdaba82e58c430
SHA1 7cef9589d6aa35e0587425081ab47e1924bae2b6
SHA256 d925d7d7fcdd56398902d33dfc1994a046df71f7aea5edcd51c83802a2aa519d
SHA512 e1c6e86369c2176497390516fa6af561c3563a2bdce5924b3899808a7e9c9be70c3c29100a35f940c656567f60675c2547040cb8d89ba771a59c4e1d60fadf20

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5bff61993dc4718eebd3b5ffb2cf498c
SHA1 71521114ba3a3cfd1090a49133e38f95e83c325c
SHA256 fc0a68a8b4655b6c732b1a64ea68f3170ca1189e91f3eac547b1582776f4a39d
SHA512 47962b8e99f3c2130dac2da6009641256f8f5405aa1e40203502d6ea3a27669d77001e42e3c7559e9e8af1dfece4072bb7ef04f5e3ec11c85d9aabd5e4df50c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 32473fa5be9b6f9c34e33b557735f9b5
SHA1 2503a9c37d889aba9bb187fa23fcc461bd7aaff0
SHA256 467753d248859d304cf98c649773c24681ae3e34be10bc1785a1089b989b92a1
SHA512 ae534c04d0d25d32113ee6a78b2a2917aee36983aca385695a64e007af60b145e9868bb37cb6e9a0a06124069d45db7df6080d3e5d50c33e500cba57495090fb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 6d0a7938c227add736de860f38ce88ca
SHA1 ccdfc236fa07b924493e20eaccd3c7af740546f6
SHA256 16bda5bf2a5426b7d16051d01ce66639625d9abe8552b3beb4d190f03bf388dd
SHA512 8fb7d4021af09a696b3f2b46338550f71ab83ac800afa262d281c4585aa56fcd077e42c21c983e09561742f588bf3f23a710e0f44cc1291b81cd871c2fa9d62d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 187383af61fb53647d3cb7c1088cc084
SHA1 5555115d7641aa637ae0a8fcdd534d84236125c5
SHA256 e5cfe9e1000c978936fbf39a2db21fb1899a50a98af37bc6fca69698ecaa7f0c
SHA512 762e3bece49e5c5fa994169c4e3236112df6ffa153fc3a6d323ea98af00fe03bcea1587608352d73cef26016dd0c660c5c147e3afd8fd4c4840571d1b0d4ace4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 2784bbcc6a4a081d96be0aec60cbb2fc
SHA1 d5ba0af0a7dfd8ce4d95c05b4a9e26604d423c45
SHA256 9f5b080a523826abe99f355814ae3d69145f3781d09e83347491c8a6af4a2af4
SHA512 c4bc4b34fd0b0c05eeac7b5ad45eefc869b36e19d9d4e647e2be643ec737f1823c11e57925afdcf9b665f7d06cf09d12fc3cd7f9b5d4528d798e69f88cacbb36

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 5febcf418cb9616c7d5839298b08dd19
SHA1 0cd46e3b5beaa9ad1dcf7c3c9152d5bff7a9476b
SHA256 7c5e998934c26cb3dfb21a4c41813a57e41e455fcb415762433cb761f2ce7f79
SHA512 48fbd934b9dba75ef02a2c69e353fdd7d9a46d175677a592ef9d054a41e0b9666c7cb87eab7b391f14829a7261c1a3848f9c588b8e5fcbe60d140531f3d63b2d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 a4876eefa04375f1cbdde040232dd698
SHA1 e90dd7e4a7bd12d688c496242acde654a19678a5
SHA256 296e1fdb184883e398ff3b059499404dfcf3836ad001df5d818aea363c2e7c4f
SHA512 a7c3332e0bfe48589615c532777217171af5011bd618d8d952d23c37a92978155f56b55cb88dac9b5459e60b747d64ab20625ae805dd26385f114ecb1966bf38

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 8b6b8b87a47ed309a9df706d385836b6
SHA1 29f65346c1e29674f65b3f16818ce559d462a8b1
SHA256 dc2350db115f351280af80abbf4144d1caeb6c8411838f56f5617238dc0b6d42
SHA512 68e6e2d072ebfe55ac90faf4356fe9c1357d2a0c1bbdfe3b6be248a6d0d25745f4ee45c1022391c25bd9a98820cc71d54cf5d4f58cf8e1eaafcce16b17112f2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 d9a7187c57716c35380054d001bf31fd
SHA1 a99b2af45019865d0efdba7bb7499f51bf0d817e
SHA256 456be1d252ba0dc58f30a054e2eff2aa7e7e84a806030933250db68a0257df8b
SHA512 298173453115367a35d5fe769f086fe8af1beff98dd0025ccac5063305e7795219b24c785c93a79fe810b0a747df0f00c6e02b1f24bb8788bbcd52aab1ce3fb4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 576aa8babd6423abf33d11b25898270e
SHA1 668ddbbde65a49a6fbc4792c4ed83ff05f44bf7f
SHA256 3700a3c310358e45b0a00af38277874f900c79f0bf08e69dc3ba2bd57d2df758
SHA512 584f196abba726d9c68974bffe642d37bb56f0348cd7a72564b2b87368a45f3a9ae63f7f0cf28a5be38876317612c849f2ff013efdf5b70aeda534ead46c493a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 541ab78681fbe36aa71578591e480c8e
SHA1 aa820e41bf16a4f31870d99b5f7eb58eb7bbf964
SHA256 354f7fce031c01deaddad123c6822b950714eb188f364cc318f04a836d90a2e9
SHA512 383c959cef78aa35b2e35474ff6bda312dae6a93c9a0e286629719e969916baaec0ec9b5f3fecf2a331e5f6094376e60b7bf88b71f736296344d82e23089750e

memory/4928-9836-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-10899-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 def6d7e958b211efe64a86854fb70fd1
SHA1 adcbb04f948cded75cf874a77df3ea363684804d
SHA256 5d746389f564b78dde1d14969f8c5f22ae48bfd39e84c3a27be65cb69a30e280
SHA512 2559ecd609a496260c5c9be8628742be66709e3467758e3c9b828c67a9186af37971c5d98fa0543364f9a47fb82d2396d21d2b2db948720d3d51fb7ad74ddc6d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 cde1cdbcc5b012ee3f5be57c5c38a47b
SHA1 de1afc115eb35362139408d351dc00ff6f53806a
SHA256 22cfa7a993d7356a1ec111518b9904aa6c31bbed9f860cd1c3c90ba19663f424
SHA512 9ba157bf58beac0da4250a8fc44d24456a4b4e4eaf70035ed41be99bbfbb75c2302469008338b215fd0851eabee8a96962e113825b468e4536c680a644326e0d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 883efe35a3414fded743739d3397870e
SHA1 9142868e4e84b24ced4d43818a5ef2ea317cb2dc
SHA256 7fe957777c76c5226391dad9d958f8aa18bbc2b5298faedb890c101163b3508a
SHA512 7dfa612b454f3e1b4451aa0513d98260d6f3c000ef31b99d38e5d0ad4df8b7d352f10c7b90fc1c59f44e5a4e052618e91010765f8183fa0b883a4599f86d5f6f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f52f35419912d53bc0f655dc7894a69a
SHA1 192f39727d77510f05961bf00aee36c584f011cb
SHA256 2ed13c0aa96626b3da64e8a781877b886a87a8a79e2ae6770a84a4af70da026f
SHA512 72a14dc3da616feab60f51eb7f8e99fa0536f309fe0bdeb824e5cb5b5e3d6f679d930b657b584496082c6d5ac5c37b007a5cce1d6428c36cea656c8a587428e7

memory/4928-11216-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-11239-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 74c756f3f81614287d547a39f1ccec4f
SHA1 ac99c85a0df75a97ba4b5770bb31764f5caa6fd1
SHA256 bb0496557a9c875c3dbcb472e05a9ab9966e009ad262080f09fc31d5f39fb6ef
SHA512 7cf2d098e1ec106c12ceea75cd70553742150c8a7ea962fb165d617c08fe0b4d87f5d1119c86bf27953d5148003fad8d7f32b3d0a4828656d4fde6845471e284

memory/4928-11244-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-11245-0x0000000000400000-0x000000000040C000-memory.dmp