Malware Analysis Report

2025-01-18 20:27

Sample ID 241203-rxh95syqfw
Target bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118
SHA256 056f76a1e2ed80c2dd1f4244a58b596350401aac3074320ea23e6da2aca0a78d
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

056f76a1e2ed80c2dd1f4244a58b596350401aac3074320ea23e6da2aca0a78d

Threat Level: Known bad

The file bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2192) files with added filename extension

Renames multiple (2189) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 14:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 14:34

Reported

2024-12-03 14:36

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2192) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMESC5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iknaccfhhknnpchh.bmp" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR17F.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CHIMES.WAV C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\CURRENCY.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\SIGNUP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174952.JPG C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\BlockTest.mp4 C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed7f07959ef02f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f0b795e8f857dc7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c80cf1d4b4cdf5c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_stexstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d5b8a3090cb0ef23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ae6e8472b208da12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_policy.6.0.microsoft.ink_31bf3856ad364e35_6.1.7600.16385_none_240fb5f394757090\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx008.inf_31bf3856ad364e35_6.1.7600.16385_none_4ad9791e5ccc3974\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\servicing\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4008bb7ca5eadf67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b44416c7e9e09699\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-sniptoo.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4d3f2eb2e35fbaa7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-a..olicy-snapin-native_31bf3856ad364e35_6.1.7600.16385_none_a5b522837df19ae3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-dot3svc-mof_31bf3856ad364e35_6.1.7601.17514_none_fed5505597978279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-icm-adm_31bf3856ad364e35_6.1.7600.16385_none_6a7d82093200f4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0bdd1a1b9873aa8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7b2107e9ca749c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9614391514d4c938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fd3235c638fcc522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f0f793e87a75079\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d7d60ea24be809c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f33a25822fcee3ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fae76101a7728c8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-alg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b09e0ee225f9b48e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7601.17514_none_625ebded763bbe23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17514_none_3bd2e487d8e769d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.jscript_b03f5f7f11d50a3a_6.1.7600.16385_none_a6b44d3a3f5b37c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\rss_headline_glow_floating.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ddores.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b860e3728a94f310\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_839e734a1796c923\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc373b8a3c1190f9\calendar.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-12.htm C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-tvencdec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_33d1f3108d482e7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_es-es_55c9a92765e4c2e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8c5bb00ce4f9092e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netvg62a.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_963654db403a5d93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_8eaf79351dba1b94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ting-separatorpages_31bf3856ad364e35_6.1.7600.16385_none_f1cb9ac3156bde38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d00f6a32d935aa1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a027c6637f58839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2e571111c694db8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4c9b200c94aef485\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00e.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e0aaec9067d9d36c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_feed4020425c7714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\PCW\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_cfbe612478d15836\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_86a3fe0653491d07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b143921936942d2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6ae52036e388d34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ipconfig.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1ec2af16702e7c60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rascmdial_31bf3856ad364e35_6.1.7600.16385_none_d37d716fb6acab61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_45e192d8a828b8b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_199a79fb26d4d837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_frame-shadow.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf22f74eb8bda0f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b21739fb5c961bcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open\command C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.1212 C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe,0" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.1212\ = "ELMSMSPLZYRAYWP" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe"

Network

N/A

Files

memory/2984-0-0x0000000000400000-0x000000000043C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ef46aab9e588928fb923bac741f5cf9
SHA1 22564aba4f92b447fdccd7c044255004bc9d520b
SHA256 b763fda35333c16f77f24ffe26e5df21e4b0855c3bb31e4b2ccb03444ee303c5
SHA512 dc7156bf9a51fe466ce39b6ce30d4c65a7ec1b35a56697ca2653305b7ad7ac0a0a45e3f2aaa41ab86ccfb07b75b0b1528db051b3dfadfe7eb13d59b4f03ca0d6

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 ee6740c40c31ab3cf31d8c042c7bf02b
SHA1 b20904171b70799fb8836fa6a7d581bc559bbb8c
SHA256 0725115ba1a5fdec4cd2870117c1a8d58d58a66e9288c376213b241ab5937a37
SHA512 a3a7a61b93a3f3b8267875605725aa5d6f31c649d65039d38d8ec2c43bc136231b98a0d41fa749c999d6dc583720ea388f804f4aa81f91cce32000ee10c88bf2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 0269df8aae005cc88e3dbdfdff89a540
SHA1 6b21ffb75bd38d909f5e614f7d8e096372188466
SHA256 487c75d4bd3d7b354e6008d6d6ec4a520e960e036df40a7a72b8d564c19b7bb9
SHA512 1bca39e061affcb12d5cf7caa14928ef8abbe4e10a1c5867c6fa7c2059f118597565f595d2608024ea04e9b95f4ef363c8e180d60f811e17c3d3eb55c277000e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 a3e794d48ee23861ad281b0fd796ce39
SHA1 106d1431bf59295428c4a57b440d1d56197d8e9e
SHA256 157112931ef3350ed728460e682c344f0149b7b89afcf91d38018b9235af3fee
SHA512 0f9f587e1d67e21214c33a62b06e83cbb7c28a748f75272849ed9ae0e2ea728240ff30a30d608de1c80210b43c74d158a6561a69711900708cdf65bbd725499d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 3b131c0fe72714f466a9fdc1fe231d6c
SHA1 883db1de6e0d459c0a698b1828525361fd605b7d
SHA256 555b8f1ae4501b9b784bbc8c734fbef9d6333995a122a69588974a9b789ab04c
SHA512 ba20ea5af4de2ae194d25bb65891eb43e56648c3370a8a571a9ad9b3d597c58142c17ac78d40381703c406b835cb7f7eafa00edd0f74c9d8370906570b3576b7

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 57b07798e24a767bd9c419dfa5e9ca2b
SHA1 f823f73d8858e60951592daabe4f311ac95c3559
SHA256 4b29149c8f8dda8171d3bf86b3f4df67d2bccf7f180c98bcf5c8f24791cf3d4b
SHA512 b75168aa13e3ac7e85d43833a854dbaed0eaa05ba1f1648052f812c0b9b8b9d9746b8e6008052c86f3dbf7e531e72f1f16de13f934c93ed0c582f0a2c67227e6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 5666d90d9d4d25ca2646d1d33a782dc2
SHA1 5e70ae040da8b5c7de99622f1f43983b2fd447ff
SHA256 debe3b0bd9021c31bbbea3eb4ea161fc3c48e7668546ca328aa0483e3e19dcfc
SHA512 fdadc1e49088210d1debb74e9305615dae831916c9536b3416c119885611e0b1b44ec734e1d58f8532b4e87e2daf41af34686f1e98f13732e7748d5e984bbea4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 eb296ed44e5526c28fe30f9eb80bc795
SHA1 86cad7812db393395723b47ae7efc379a1710ef0
SHA256 35452f17cb91776384ef57b9206920b739f0cd42cd21f5f0d029209f31bbfae5
SHA512 c0f501a6039d494bd6b850ab43baefbd0e5e01764905d40d8965235d68e29a43e8731529f0ca3e95348cdc8ae30e4b47ebb1a45f25b8bde7e1f2ee0aa10b3f94

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 27a7a4539015a7fd376fcfd884714b95
SHA1 4a85824f7d18089369594f65db6628e1900551ba
SHA256 aa748191aeb0bf8544263792c5f3c1a9953c0ae1d9e2627b2e771f00a71611d1
SHA512 4dac4cfd159c6e90078bbafd8c23d9a333b3e7b335f539020d7e8754514a128901b594128501a7688a2edaa97d5063fbe118f5fe96515effee51df6d75797c70

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 a34f03a5f45155a89be7fef7ea99b4f1
SHA1 0271fe2c57b60151fc483e599a5c5f49c341594d
SHA256 b90ee3f799f7896b995905ad6e90cdf111681f4bf56ec0be08c32dbf1e82dc81
SHA512 b523fea4f248f78cdebc615cc69b0b99816f228c484a6df2fd23121275a22204128d7e2e305d49d9291753d4b50425438ea35ad97a38fe9da05911a0c951c868

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 98c4bd6d246c541c8caafa91e749eace
SHA1 ec47547035956b52dc5ee71120f6daf585612ad5
SHA256 37a46fda5b52f89d0459b7aef8834fb31297ea26948d0e779f112b4ff03c86f5
SHA512 a3bc78b566c4dc8d3adb24077c5aeca02d37b02e0166a6a541ec9bad0c75d712c7b2f10130ca8bbd9d7735bdfb584ddc0b1eb5c5d9a6c64cb889f117e133aa94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 be1eec6520eeac7b97d94c2f08a0f9be
SHA1 e25dd2c6da7e7e0fae9cc6115a07083f53205db6
SHA256 d447edb95609feeacd1e657351a4817432c62cb985aa0c01fa551665538ac0ee
SHA512 457088f5ace983144de4f3f5173c97bc957843269f1977403f1bf487d91f2c3d1d90f344adc7879d0af8cfbdca4c2baa5e9617d1ae8ae68bd6f0a5a32cf4df67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 e208182008432154a22fb947ce6d0139
SHA1 73adbac41b38b72aaf70e0afde77addb7a5874c7
SHA256 87ba7e567084a152a8bce52ff0e0be6aba412499c5d1362f2c261ae64fafa39d
SHA512 91f345f4803818699de6b4e0095d5a20630e5acba7ff10d9a5b7adee16e2c2c09ffa1179fa14cec1f40eb4d6e0b6336e9e3ab02c2ec59b3a82f6c814b90e86c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0e43dc4c0e7c6dbd462bdff00012c523
SHA1 55452f064fd736e517f6a1161951e45424df0eed
SHA256 ed945676600034420c06fe90b04baa7dfa08a78e2fa8674f515788fe4c58708f
SHA512 c8d1c4483cce42e3be2992ac6950e91ca91bb5866b62383247680276d950f54ea5c80b5e80ff5ace60f74f70ca9b65f4b879da9120ec578f1ff43cd86e44d93f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 a002c5dad587281e01ea367336acd8de
SHA1 75781e2d938020cda3aa2ce33d44575417b8aa89
SHA256 ba3b2b27c4d422c4de6d74020b7381ae8f28b1831877fabc3e05b29dddab299e
SHA512 7a27f82331ffc3b855db7d0256c81a3e09ebffce12aff0ceebdbd6003f5721d57ee151e385d2451e47b49c54d256f60e7cc2d854068253918fba41d473e26a7e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 186a7f5236a2a2ceabe5e00ac2863cdc
SHA1 080523360b8fd1289c556357c0d84ef091cc8786
SHA256 75e3c8f0028d9f6a5ab6ac0f6d14a866f63f04adc6d1cb07be2f697a25c7a8c0
SHA512 78a6a830757f206893e9115534861f08023ccb1c70b163f9ca1fb7f97442c11cac1f6a96b863fa627bcd27d807e86a0e0c154043602d97432bd40313df278664

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 f3215d23d5cdb468f609dff4ddf42fb6
SHA1 7b991ccf8ab2e3e5bbb5d7f33964d2852f4d0fed
SHA256 15a0128cb3c6f6f2b0f8ad3ad93119db08de1dc9595b2d940ac8d999ae73cb5b
SHA512 b7717064df9825d4fb6534b79938c6a293b85ad3589be3d5168c8b80b7e43533f132d91fa800bce846d07690833d34db1820ef37003a107c0c2506759b94de96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 84395704b46ab1895921675f6db5309f
SHA1 16a3ffa03baa2e953b4298c2a655171a998325ac
SHA256 7cfdf8cee8a2ea26aefe129ed2d56f6eca69949585a948295d795193e09e8800
SHA512 beb3295edb6d283aa4ae8f1c90c563f1d4e1afd27b83de6063c85969c879f9e33bb28d250b60a1e398919b5d8a9217ed37143ed8735ce9b799d559df6f3a1208

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 34738308e0f0d7372fe8bfe75b7c7673
SHA1 bda3c02c5c0d90d416f62dc51de2d1347a06a225
SHA256 4ce35e8a4be092e3349b381215e4343306020033b47ba241ed205d10d6fd4fa1
SHA512 f8bbaad99d7c45d27e4b5f55982d2bf6df5846a7c1705aa8b791fc3577aa2d1cf8b6d9567098a8807e42586e047d023616016efee207362b5395a56e6ab2791f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 137c4683a556e737e69110fbe198c42a
SHA1 dcd0067cb5155806cc0f904d3a8b1d67f671355e
SHA256 01b3b41b67847f06864e4c376c9a5a75841e3afe855e7c085c976d9e9698d720
SHA512 81337f112d2076c0c6e4809c53de6da520c74e9b8f84ee7b8c58b6ab69277d3e2f8d3288c12abde2668253b18ac1a008889947a2e0718e39c04a73cdcd78dc7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5f6501a9a4005f97609d51d36cbc9a70
SHA1 c1f5ced99fd37434178a7a11b699827771329818
SHA256 cc0326d94abd727bfc0e2c6491e3a0fc3f1e1b700937936c9f5015c39551f429
SHA512 467182a59dddf66a7bb1f589d6867a2bb9277db46b572c5c82f0ca723426a08d2aec2e1000e5e314dee1c6ebe9d63587e90022e2f20b22d3a6b08e90e33d87f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 0b5e65c74a98be29dc64cbe411f43f54
SHA1 07e35238d4751e8f5e14b9c8cca80b279c708985
SHA256 c8daad2203b6ce6d79db05d93eb6676f9d4bde901f1758d9f15afbe85e32a4f9
SHA512 052eb0a4c21b08240b3c26fc3a7a1e725d2cae93c0a62cf029327f16949549b60b501ba9f2a8d2ab4286cd75512b66439ecdf8f588980e628f72feeda6498ca3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ec484bc176d556e8574171510639b340
SHA1 5aa9864d254368f3a7c448be48e037a068ba3837
SHA256 cf5f002e79753ba154f435da81ad8af97286bb01f2bc733893db4ca4375b1d2b
SHA512 cdfe3c3f0ad26a7555890fceb84d2f32f45198847707d794827914660ed11f5b27efc109735ca7b3339d4cf734977e16604ab91cb94408fcc95aa7fc0aa82319

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 2868a31688effd1697519a816bdb7692
SHA1 2b6fb9e8501fe4c873200c41f40aa9b3bde845aa
SHA256 50e0d950ae30f2c9aa452259922193266de6f3b60f31300482e4493588ef3b29
SHA512 c3011134d082e3a03dcebaf521561e630a1a710726c6b886cdb63d395f971ab0eade24de391a63f6f487e9ebcab5ec28676ff6cb4b7ee7544d1d61065e7e1c32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 bd6aaec70f42fc82ccf9d000ad8f4d39
SHA1 d28580f267887a9ced3a9e577adbae57e61deaa9
SHA256 4fc381cf5930adbc92527282978eedc9216965d9f12f996ada3c9aec8b3f838f
SHA512 062220d925424716b8e60bd984e650b2b0d888aaf5800905cd615686282d72cfef72e5f713257d257950262e3d09df90f258ae7cb3a2aeb7f124f31fee04ff99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 ade3df99d097ad352f5662227d02072a
SHA1 20c569de3f449c2606f63545a94acba018b32925
SHA256 c2ad850799789188216f1dc46ffbfe6206a8d8e4644702df8918f2969e06ef7f
SHA512 c90fc4c49a21c77f989d3d9a2c758b284f6bb49f9f3ea760c318afe3579ac2c212cef3d821456ab2cb71f69aac1088dea230e8ad556a6a6cb126164442bf7512

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1483a49c2e724178792ea8da34a17a58
SHA1 e1e62132ea1cbfdcd931cea03739d75d56d06bdd
SHA256 0afc530d37c030301f80e6013a744e0281992b744426160e1afe3f23b7e785d0
SHA512 7c48775ae0abc27ecfe862118b837c50f3779770d9beeb7dc1b8f4b08254a187a6b2ff1820040051da317b34f233901058ea1a2c076ea5cb0ac2b417d41f2b9c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 22deea34768c396e096a490a96549b2e
SHA1 a3558b26a7436389d52b97360b2ffb6152e2bab7
SHA256 df3bba8516cad110afca3a135f5dc64dc96172cde0b76cdf2771e579d78b0b51
SHA512 6f8104bfdba8b012691ce85b1d32baf677d59d74e740e2501fe93668feb0f6655ff7ec99dc19a3c833bcb16e07ebae91a6d975cdb6ec3e4305100e76654a2192

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 075e095b6839c45f02799e76ef1a55a2
SHA1 c34ab7036726cf5c297f0f56e630771862f4666b
SHA256 ffb810eafcd1b239441bd2490a7ce68ee25cb03f20f3d8f44105f083cf99fd32
SHA512 039c81acff949745b5a99e96746f4bc5ded1ae0059f7bff7938b197d914db9090ee396930e99dc6da4f76f91e80e712a397a5d94de009bb4752a78f323231520

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 5db7369e64fa6f871f951ee705e18946
SHA1 16d0b23d37ac699b3e7e257a5bc3a8b148be1eff
SHA256 b569fc4242eb447eca93795a583eed051699edc1a487723e7d20dbb0ec9dc255
SHA512 8ebd1e40454747a883b6c4be8e7b841bfb56178962f00c0c69469a43ba7600437b42f21664609782eb6f7b18b7d61cc632fc65539afd798d7101bd042f5b50f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 244aff51f8d3e3a35ea0d4912cdc74c8
SHA1 84624329954edca58fc43a719888950aa3ee63d1
SHA256 e4dbd5e337ed5f0705a8c2d905ccfe0a9816d672e9c8bf08e83acc3b75305372
SHA512 cf3614f69ecc1351c0270db8c21440fabdf9045e1e2456c83247473efbf0ea5421c406a835329eaebc83a792a377cb2c1108912d34b1059627cbc946391e36b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 0d6935e0320bf71ab747f8b509309ebc
SHA1 49b93d628013d01f88444c4bbd0e6cdb75d6b09a
SHA256 d44bbd36863b9de23c86c7912e38d3c428ebf6c77a7c8c7e57c202f2309a5fec
SHA512 ac6a8571612a2d55bc2a0f38ff9d02b833418bb659c6f62658f94a0bc7de41f1673b9a54ede574de5a34735e0e898c2beb228dd2dcd23c3ade81f81a098440f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 277481fc0d4984662af206c807c27d0d
SHA1 54018fd95ba92b1e9f9ca685c3798529399a9c2e
SHA256 943beffceb48b9337cc74f507f8f2c77bf228f2924ed3ab9f65a42671d35e89a
SHA512 962db909e76d24163cb56c016effdb1be86d5fa3ce60dac5b2c1e72d2c929288b176f8e52d08269ab1435f2e5be3c655c47a590877af4429583ef20ef8489cff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 cb294941d51d7054aec9850f3e61af32
SHA1 40efd4fe2ed85a04bca4576ab23f56700a21a283
SHA256 eb2880240848359a5b13617a27256b4cf5fad4bd108239a3e1cdb5ff8e4fffac
SHA512 bf9587d48ad51b7ef01208ee40431741cf2eaa5760c730da245161e9619d6e11ad2f16aae8a969fc07615c0423c0468ed97f7515dda946f7faa717b44c29bd9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 93397dc69c8fe826fc177ee6a0c7f342
SHA1 6b2949f57533194a461f97ab2ca8825484b737da
SHA256 ffeb3324eddc2f87bc6d9c30c8d09f9fe7daf0432c7915d398163edaf53cc2fb
SHA512 6286910ba1f36874585ba195421de6873fa682ad408db3fc4a49e17aeecb488789d4a7633c5490ecabe2f7a7fffa3ca79fc63c7082aba979b21eb5138edf6c0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 6c41968a275b28a0e487ba162bab0f18
SHA1 457f8aacda89d7e35e8335ab4c9e322030f30be4
SHA256 4c62034a628e5c07146d170b15994aef77f22d7c9261b9c98bbbdf7c2fa478f3
SHA512 10aa22eb8b86fc7c858cb0977a78972d1067c7f96eb708c9cfb0cf699445a30a95fe4a455955c92f1a58a94435f6c7a05c8e0b333146fa36d5314e7945e9b738

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 f11152fb9a365627a27f0f4d6b21a767
SHA1 9dba66c61a9a122a1ed0400c6954e8c7f3b35b73
SHA256 ae04653cf178918e42d570b387c9a31d6d201cba968ee752be0c94e08ea380ef
SHA512 6a214508d4d816eba9e2a5ad04c153ee5812098ebb0924c9f26b5c173585d4ebc0240ee661d7e4d0972e046079456e3194e2af9ee43c0f886adcf0a3dc4a890b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 f11ffdef54295d5554c6ce0bd17ff9d6
SHA1 78e30dc3132f001fca91eaae8d47f97285deac5a
SHA256 eca8fc4e30b79313dd8c239e9fee40703e86db19f779a5e2194ec704079976d1
SHA512 d7c340ae177ad690260cf7b733b48ab4e9c45a3ff335087dbdd11c4b9a58d60b64dfbf32acc8b24b30dfda32234321a61fbe30b08f154c31ed76a68242f1c197

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 d018e8eddf9a6ae99fae2e5de31112ad
SHA1 c2e0390d4c3a0b33c3633a41f3037333ac6e838c
SHA256 fa514b1222b1758225d77aabfc739504c70ae74376b7fe6b46ca3e64b5657473
SHA512 1f78de7b2873c442c41d1e5268db62b2b1797c252a1bcd16a8497d7a0ecdaa9bf20e212756b22464782291a788a6e380eb809bc618e4b9663f13365bf9ba4df6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9af2678e7c29d65278cccec9f786acb3
SHA1 492f57d6c36d950af2c873a05dea22f3d89c89e6
SHA256 f33e96cd4234b4dcc081098685c45e89e32d99b8d8473ddab0fabde88de65bc6
SHA512 b73af2a37e76a6d33830e599d7af8cccb2c7cc2055682c5b045647d570c305f402d07fa2a03902f49df3d08897f64bc193f9ec3e8c0f4eddf4961396c80240bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 7a40233cab9efdae4c70734f782c9784
SHA1 f26053d429b45e2f55983bc60688725d55cb5345
SHA256 4f1d18289e22394b3fcfd8272e8f9e4b4bf433aabf7c7fc7cd292cbdf4645635
SHA512 a811f7eeb6a887a1e01eb9e69b27ee0c481ba3600436b21e415f610147f1c28be0d9c04da930b72af816426bc3eab48565e21096aaaec539cd3c7e12f5464994

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 3d69948ac900f4fbe8b895d6f09ae1f4
SHA1 85efda7ed1099d8c2e47926c9d037c2a0207d52a
SHA256 f40adf37bb2180ea24bd9f46b3a6e1beed8e9fb0fc5c14860bcc168357a40458
SHA512 9ae01d55876e3c8d4a69fbc83a5a9a7499f1c143ac779d725747de84d81a92ee3bb549cdaa716d445256e41c7a7a96bbe176630280cdb019541414d68fc3ef4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 b6049e445709df8b57e98680e5a37283
SHA1 608299c614f3a31fbfc5e03144b1a6aee94a0aee
SHA256 0d3146db9d533c11b7a30334007ef9c31c5feb2318b94cc4a7d762d7feb14bd5
SHA512 96f1a9b87dbfcd9d71f183ce3d77ee71c3dbf5262d80de869eb42cb30a4652a689836d4105c4f5f8c77f4a427f5efb45e69c0c47fc5c9ffdd50bc10fea373310

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c0b9de59fa171978c01bd44c897e62c5
SHA1 1412b61f5090377dd2cf7dd121df0142d3b13495
SHA256 40cab4fb712a506fbfca9ccc2db99b04ea4e9dd3676e0e1031510d78ff4fd07f
SHA512 e71c418b6ec2b6fd6b718c88311d2f4aceef28997474a4dd768dde7fbe47e2e85c6718bb301189c9f570867973e5e5ba6827cf4c661c00fd6bfc500525d3e5bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 bf0b81167e7c30257b842ef40f4fff73
SHA1 bea1644ec561ff1ef65d897767a7416a0e88fe65
SHA256 b7a5f54a7a8f4bdab1f1d97998aa4939ae5ea0d960c69f0ac6410382ba7d9859
SHA512 af0881711a5141925ebc89e710525aa27631d8473aa7f5fe8deb42ec7bb7bce44bd57fb9ab83d05b0e857336ab4b9be4ebe98415c48f6289a2905d17faaacd8a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 6d4ef188e5f600254c926e36e8d260b3
SHA1 b0843a149f49301678952b6bf997ac01c278bb10
SHA256 f6b3dd8dafb8b7b12e2183ac9ea9d463dea22009ad6e9062153c008a303effe3
SHA512 d63244072b1e4bcccf22dd47a7029a32abd48128a3040191a4576907c04d073016a1f2247834edaf8d2439528258db52af994a548c41b68ad0e7183e9f8f4c15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 0b4c29b7d12b5a16a2a4a2e898e1d0c7
SHA1 da8961d898c025de6732824af5c7dab8b1e4b164
SHA256 9e57dc75cdf0a283a466257fc631c52425e9650eb1fa1540ac4815e6ee391f8d
SHA512 418704226712b9a2a4166143ee9a78aeded7eef232fc9f2295d42726f718a9d77b04ebd1d59947f1f5ee8c38e2e99f8efcca311359a7772d4abc83806bdec5cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 0281dfbbc7c49e0bb844b2cf42fbffe4
SHA1 7cf6b2faa14f84541e4ceca0537c8770eea1df87
SHA256 a0ce4ec7f41f43cde634626e37c38d2158a69be7da695ca85159fc3fa22eb784
SHA512 99eaa3fa613b7fc86ea1ea3c0636debe63358609970f69d6d488e809b3b5af06af716dbafdbf07ac34eb13b82eedecccd277483f8829f7e97bdc3d5c42e10487

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 b2e58c5dc27a2c164b26e2171301c5c5
SHA1 9d8ccd0784d20eba62ed571689c5ba44ade8574d
SHA256 47dbbc4252855d7f9c54a0aa6853e20fbb8e75e6e621488b057a67c8d20a27ba
SHA512 f82f92a9851f16893a23602ad9d8f151ce9105710c251a4efafa7eb7769a35fd12d5033bc5e157fd5fec4fa02b4850ddbb2769a09a79c706bfd7ba32238326cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 9662fb4e45ee60fb5b35a589664dcc2b
SHA1 8a6c05fde657755be57071fb3e72b3c93fa5cf7e
SHA256 85283e87b2e479f05a42903874fae0ccc8b84ab04d371297173208e414c7424b
SHA512 a808e96dd98be9d0fee5c79dafc1946b58b8c6b0eb703b39df3f7f3b6ac127c447849fd03e36b5ad57d454e143df85ee96da3010ee17e737489108a1e34af346

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 ab606c2d857db74a5f5d266b0aae56c0
SHA1 f8ee5605a600ae568e420c45e3f6f027569200eb
SHA256 82440405e59d2cb65524e3033a440308d31f636a785b673bad2953f312f2b696
SHA512 d53b7027f832b0fe4dbb2543f5586208cc13b015fa6a896171d5ae458bbb5e2d9ed884802faa50f12f723c579cc83e5cc632bd365abc31dd1958899a33d165a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 02fc559560041bd789731381e8e060f8
SHA1 f71fdf58b6556b85dfc941de5d0d9f9e9a687e8e
SHA256 64dd54b707af6f1a199df5a369ffd027925d7f258a96197dd6b1506d4cb92520
SHA512 94d2a73acd46e8516354b88b75fa1b48079d621d380cb590e713f95136d157b7570e412e06d5923a3761e02984e93be794500184aed5b1714953eb368243e7e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 7023a5b26de6848ece8f1e0321a584b5
SHA1 f389a146ed492a0c5a61294fd2438707860be9f6
SHA256 023f93d33f25928477590624b07de1bad91d67692ad41601f12db1b049177a2c
SHA512 428d5703a5386c5dbca24718e0c2e8c1559d63ce11010cb8a5580e7fd0241117c7dfd543de16a07f12bf528247877fbbf281960710a0076b16ae90cad12f06fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 f38d8f5e146541440468f7a82dd033be
SHA1 2b16366eb957980d787377d5a0ebb6dba1290613
SHA256 e69d9f1176e809a9608a6643936c3634031a7766087330af1bd679131315a306
SHA512 ca33e9a5c61cd198dd2f6b4bb188b0c556a76502b6b509fc0d4a328ecbdfc0be1c3e13a1073adce437abd77d3b4700cc0b9ad17e38e99e5f4917269b1f587807

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 7fcf1543890a55154375f2e91c81365b
SHA1 70abf0327d72cf5f15abfc896728012e1daf4a2e
SHA256 20b22ada6c1cc6db7068910ee85e3720e6f45e3a3f35dc66364ca7e378b3b524
SHA512 45f0d3b7bc69e7ccb2e2f40a464f27223be8e96ed66214abbb60eb4e884bc8e3dbff7eb46e6a428b223d9a14f378a27846c0999cdfc59123b4b15e633c9257f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 3a2e2e31ba40a5e39d764c8a0c10b96f
SHA1 0038627963748cb2db8c6f0d0aea96deb3311d25
SHA256 649c906471ffdd2308ec088a0668533963d51056742e219464c352f5533ca547
SHA512 45ee1e96073aa2006e3661b79466904437950aa7e1141640fbaa65356124f3bd3fdb7a5e834783640bc1f9a7554302c8ef142fe21ad2b8c7cc8a82a25dfc654a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 096a8db93758fd33bffb04a352c87c4b
SHA1 ba58919092b292b3b719fc16e8152596efa512b9
SHA256 25112a01e6ec0c08afed05568c431dfe96db5affcdf83b31ab1eda3662984e63
SHA512 8cb94f244d896ed6053de23a268149eca02cfccbcf4b6acbf1b5e9a1b0c72748516435c683bbcccd3b6d5bbe81fe725c585f51e166e9a7a6f655bb3973b9aa6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 d2f9e2a0c6a8d6876a9331913e0bd1b0
SHA1 96f230ce8fbd4fec24624c06f08266ccbd37c8e5
SHA256 df4a697a8fde5d4479ed4a82afcc4af94c73900f1a3da79e4c836b81cb657cb5
SHA512 abd44a5be0c38e74d38859a0af7700119467a025c9e1f988bcba14d151a0a903f9e5a501292b335ba751a2e90313c0c4268621fd1ac3d0be84a03c559616d944

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 b3ed63941871183350fc49b0f5af3eda
SHA1 cc02c36bc72695230356aec10da32c94ca057715
SHA256 f88d02f6590e122f0082d5446d03a5e3cc69ddaa9fefdb26be070fc8404a34b6
SHA512 92d179d6155b62be1f2af37dbffb6a0d9e58c570dd0384e4255790d4369f77b3ea14d69086b75df5e6323fe63e8afa04fa2b1babdce72042218a5a0dd4d891ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 fa022b91a070d97572728e2f34114917
SHA1 593bb091c400632296719d845ad8f1e4476dad22
SHA256 a229a06cb31160222fa9ca729018c091bf3c3b21ff877ad6757d63e109b095e7
SHA512 ee98377817d23a2a5185baab86d42c1081d1f6afcc1f98ec4909806c99f62d10fcb7d83ff0c4634e0ae01ee0c09b78ca804af18fd09aab4261e45a01b3b7928d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 f3ee436e481fa90c1ffc053d93fc711c
SHA1 04c68ad5d4805c9e8f2824e1833c4a51be67c9c9
SHA256 beb0f7c79378aba6c49400dc282878252318bda07108d35b08e6008ece0fc2dd
SHA512 bb124bc8efd23768a153e3b9667c2b5fc0866a40e1041212448fccfb6f1b2e2297e87506b21e1977502e4375e2ac0ddb7b3753f66c79ffca30725b1ee8532c40

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 115d6ec54ab5b98a604365f91155a325
SHA1 a4d84ae3120a5b4375092b2d3412d9c6f9710e2a
SHA256 d88f0553373dc8d24d242f85666a3376cfcaee2e38d28dc00703693ea9bf1cdf
SHA512 ff53255121cd879d44ff7756a2650c006510912bb7ce089a81085837f591a1a37910b2bf40094f4d82a92a004a728b7e695bbb02b29efe1d3e9b55039160fd9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 84489de29fc74a104be1e82d57ce52c8
SHA1 f1c29e9de15540c2772a67c229034079bf13bcae
SHA256 e7a509ff63aafafeaa50e58e629f51ce1e3aa6df3154285552133c1dbd59dfc8
SHA512 01f1116c9a373da85d642cbf4ffa7e37d7ed54dc55677518578d1573df020c69d99549a73ab3f324e07999dc860274f1568181b4268e59e1b0c123ea9a6c9e7e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 5cf126aea8304fd5e60c62148ba3e1e5
SHA1 5c48b3397b924247b5d1cb1b6c08b1b749622645
SHA256 d88765c05d4b06a9d10426e5baebaa4bbb2187e130e39c937255bc13b6335ec5
SHA512 e59d81a75172c5b71d337545b4529d8432e628806d12a59bc033b46a681327824cb2f92ebe9d17f0e0cb6a94dd8dce399e46c34df16bf07a9dc54c23bdcaaccf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 90c4008bf605fdd2273e35895f4967ba
SHA1 90c5956d068329172dc71d1ecf386b6b87d2f77f
SHA256 d52e1f54291379655a69d6a59a02895c3182d58547918aaa73590fc957f49f96
SHA512 f5bb32f9699f13b18342b32b50cbdea20d608ed0a5377f4e21d01a7c4214d8ad3f91555e4cd7daa24403dbb0f1699a7af8abe7b77894921b0f1d194a0e463093

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 af17654c832ccb181b70e1acc3cd8bc9
SHA1 b857b36638db878672e0b2052efe32b7c9a8189f
SHA256 80bc27b572416312fe15e1a7ee773e6842ffcfc15cf344c446a781ca780fe942
SHA512 bed7e1fd51303a65eee45791d1d88060439448559ae16fb6b1918d58d2df02edfbac13ad7c8e0db9ec6093e122d750280c70ea13834ca98e6b4e1e11dd5901ce

memory/2984-7416-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2984-7417-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 f39c22dec62284b36a6ca7561c3bef63
SHA1 4054c31f49769a9df651f8ccd168808e5e43e665
SHA256 93b9560de045cbb82e7af3ad568ae86be221395861ad73533c0154db7d1f3254
SHA512 c80d75f83c898b3895337cde1cfbb76b766c83b3e5bf8f02fbcf569b3a2bcaa5442a0bcd98dce18a8099ae2f9044e4383767ddf0881a1a2845d3a5fd07c51722

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4b438d3e0b466dc731484d24a7ab8d61
SHA1 cd1b564dcaa3c647f1e6a7dcc776717b1bc01e0c
SHA256 e7fc67d1ff8e208d39d44913f2d46e9ab3c7525488459ecb66f0e50ab36068f3
SHA512 e73daed557e9d7bb2ca58d92fb7a6e2b561f140eb735336af4d4557f4b1bc994bdcdeb605776c8d38596534c00b8ba4b32af2e0ceec81c25ed06479cf2f3d7a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 a7938bf5343216248268cd3146b4b22a
SHA1 52bd3aa969adef8f348ae78950ab8e5f7b2c9314
SHA256 bfb1225f6c40b2368a86eef7e3205843e45b467fcb809443ca8629282b8dcff8
SHA512 8f24d4fcfcea7c22e07683aeac83510e57ec9c8b9b1010cd8884ed8af155cb7413b136ed11406a9d4dd9abdc9344e6f5e0d3e5e5012ec5ba3bd022c01143cf8c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 1cdc5eb33ced5156d7364aa23502f0c7
SHA1 053919b4de728e334c9e98a07eaf4cf0a18dc2cc
SHA256 3c4123cf0a8db89bb356a1e1db0cdb4dc61f8f8fb7266e3be90f407a57fdad79
SHA512 fa660e61ddc7234045ee667f7f26d5c52261535e037989290d786cf7127522fff6ce87e887ef5e1778853275ff2b757a97cf98bf805119982ac000a346388f44

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 83c7e76f5ebcbdef37b265e462ad818d
SHA1 b70ad57e2cb791b42d1edb7010ee415545ddf9e4
SHA256 2338f175763ecc13ff3232f0ea922ed2087dbf6cbc08a39655b3716cb9f6d66d
SHA512 ecb5a5adb4f09d4b633effed08add53ce6c272c5b674026180b3b633e0139e5230b8903714d47452aca27a18ee4872c131a7b6a43a977aa5764b3a3e83552346

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 5ac4b55c92fd734f8cbb1f3ec59dcadd
SHA1 e139e2fdbdd02bd1986ef4ee5f806bdf64133efa
SHA256 0c61647ac45ef777079ae324d55ad8b1886ed628fbec4db6ba0658f1f1bf623e
SHA512 c60a8d5b9e7d00c4fcd4f783015b66e724ae390db2ee82a50a2d763c90098f154ec614b3cca4d39078c35bac756dbfc235f16991d8a8d49f13742abe59c951ea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 47b06ae557c13d07981159a2072ad277
SHA1 295b4f5dc86e057b2160d22feb41d0514235daad
SHA256 b7cfc82363ce02f5b4d3349d3c72d9dd41659525c2b0fa071fbabf5ffc2c1a35
SHA512 2a8362cee6a01c94216b1661706d03b0926a93612a6ad20a97dd8924aae79b660cd928ccdc0151ed9402790c5805b9c2be2998352dba5b72e128192310c93357

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f6d007bd860d6d1b18a1a750cbbe50c1
SHA1 55d280c74f107f6f5a38eb42149a5ce6dbaf0a7f
SHA256 2955dcd1a1990a8240c370b9a39adc40a7104eee5442faf3c05f54f481f7d8d2
SHA512 a4452077d466553ff25f595025ac8df703dae5625c1dee47402227f367a474eac56044404e8a7f8f6ef6de63b79b4fa8d175b9ca11093664c8d90202d8484311

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 da0ec559ced534212182d949e3721d5b
SHA1 6ee380c294643c57182c637898e2fe400a38b327
SHA256 e462fa8831031f7e4b24675f40f3c4a55f380cd12ecc59d193f9b4fa75feeaac
SHA512 93f566e83165e0e94cdd4838b90a842eb14db6befc3ff89d17a7b60d5fa2520502cf3db848c1c9253ae0074f80573d10a19afe4c14716634aa04124da8ceebab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f9f7f8fa083b7351999c21ae1a7d2133
SHA1 94081c5dede0d28f3a26b73d74ee0076150e4ec0
SHA256 e3b2d055ff392c5d4c52ad25b313e6fba5b62452d8d6a27261403c052452fad6
SHA512 ceef4d46469f5cdc710745c9ee2da2796dd4ef8bb8d0f4d1af9e625181a4d685b7be0b114ffd7aff175c58f556c4d115d09feb6f390645f0c32486bb45ce62f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 370b303bf25e17f832da3e72b9213af9
SHA1 b5d73a37fa84744e28e2d5547161856b13a9bb8e
SHA256 1c62957a7126514954bc2d63ad3a0a9f106634d896b0c6108299207d79e5928e
SHA512 abb4efe7c12b951217ca95c629e1dbfa08cf43ec5f43a26650a76321866de389d482af411d906cb3fc76f2d43e9501820b4d036c982d7dfe9fb1d7e15ee6ec7c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d612dac73790ccc7e72ddbfb6f2a518f
SHA1 dc857fb31a1419e13e372ed21caca1b6474129bf
SHA256 248ae5162063460228feccb4eee6123fd8b334f39a83085f32cfa45585598b28
SHA512 5796862fff4415edf18c0b0619c5b4e987e1c9db4278c35cc46b00c9522d1b0c678e19e2acbce97cbfb0b0a86e0d02f278e11a198bdb1a99982d4de53c7d3976

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fb6040aad3ced4c93b58a953be901cdc
SHA1 0e35d0162268675b6949443273df15f9fea556b4
SHA256 a372ae677e9f4dcf6600fdf1b8092a12f8ccd52cb3c71c8e3ba07b8070211ea4
SHA512 965e0b03d8f3d9a3e523cffc3bf97e7e15b9e53f7656b44920e4a48fad36c755f49b4eaba3331cc3de751a989282133b90054672406cc51694df172ea6004b28

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 846b2a6ae8223bc2628f95f63d05646a
SHA1 d4bbf7554000f9be32d19c31f6ae09d6db4f2caa
SHA256 88a0a4adb9d5e20067be025e8ec81d382dc1bac439027c0a3a2d1354be5bc835
SHA512 47a2e69bd87e5278a8b2e75fd967d7be614a88aa118118b5d9168aa8c2fd629871c4321c37b0b904f95da7c3f5122863ff39e4fe906579e2b204585403b597f6

memory/2984-9052-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2984-9053-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2984-9054-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2984-9057-0x0000000000400000-0x000000000043C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 14:34

Reported

2024-12-03 14:36

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2189) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidtelephonydriver.inf_amd64_43fa6b1db642df7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_399f04975a0af112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jmoobdggjllobdgi.bmp" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\AppWord32x32.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Text\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\155.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\Welcome_Slide01.jpg C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4 C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\measure_poster.jpg C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-rsaenh-dll_31bf3856ad364e35_10.0.19041.1_none_15b81d4b50a1ff4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-storprop_31bf3856ad364e35_10.0.19041.1_none_dc43c1fad0473bd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.546_none_ee5c058bea34543e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.964_none_f50adc6b5da9528a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-appxsip_31bf3856ad364e35_10.0.19041.746_none_b1b31cce0935ecdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.scale-80.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3b9be77e0eb786a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_networking-mpssvc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2132bea4783813c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_1549fb6d8d202300\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cd29f231265808a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmhayes.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5cc85900d09d16e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..band-experience-api_31bf3856ad364e35_10.0.19041.264_none_d7750416676a2126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-vault-roaming_31bf3856ad364e35_10.0.19041.1_none_4ecbf4d3925e0342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-datastore.resources_31bf3856ad364e35_10.0.19041.1_it-it_13692c1a3f13319c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_137c995a550cacc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..c-ctnrsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe6dfdfc12f64ca9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-wms.eventlogmsg.resources_31bf3856ad364e35_10.0.19041.1_es-es_c93c280113f48e62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..gationconfiguration_31bf3856ad364e35_10.0.19041.662_none_03129bdce2e21ebb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..efetching.resources_31bf3856ad364e35_10.0.19041.1_es-es_d86ebc6ee0adb6cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ion_service_iassvcs_31bf3856ad364e35_10.0.19041.746_none_c075dca01e8b461b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-gmsaclient-library_31bf3856ad364e35_10.0.19041.610_none_09d1bcffbb4c6dcd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-perfcounter_dll_b03f5f7f11d50a3a_4.0.15805.0_none_ac4ea73d1f821385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.resources_b77a5c561934e089_10.0.19041.1_ja-jp_370e38c2013c667e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_fr-fr_6b9d8f66c195c032\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_c43cc6bff54f38a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.scale-150.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_390d35aa0a1f21f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\v4.0_3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_10.0.19041.1_en-us_095a64c41a014141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_en-us_04766c3fc42d152d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..worker-v2.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6d8560a0f3f603a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwan-luiapi_31bf3856ad364e35_10.0.19041.1_none_4f22203e8b800619\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_printqueue.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d3983c6e73a4cb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_uiautomationtypes.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8a2ea1684da41002\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Resources\3.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.powershell.dsc.proxy.resources_31bf3856ad364e35_10.0.19041.1_it-it_5fa41b4f3392be83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.servicemodel.routing.resources_31bf3856ad364e35_4.0.15805.0_it-it_5e385f4fb37f751a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_10.0.19041.1_it-it_66727760c10bdf9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_8c4805a03d9311c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-identitystore_31bf3856ad364e35_10.0.19041.746_none_1fbd618700a52b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.19041.153_none_c8fbed52dad932cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_10.0.19041.1_none_822b2571762f47ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindowssys..ore-tasks.resources_31bf3856ad364e35_10.0.19041.1_en-us_b877e8e037ac122a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rmapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_64431168bdd0d778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.746_none_3f7ee0a8ee28ef7d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.numerics.resources_b77a5c561934e089_4.0.15805.0_ja-jp_a311e1780bcc92c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_tsgenericusbdriver.inf.resources_31bf3856ad364e35_10.0.19041.1151_en-us_c6e66cc23bad454d\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_10.0.19041.1_de-de_4f9f91763fe37fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.1_none_3a93dd76defd6af2\onenote150x150.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iana-tzdb-timezones_31bf3856ad364e35_10.0.19041.264_none_e1482d65a2a08701\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..skcleanup.resources_31bf3856ad364e35_10.0.19041.1_en-us_a6d8523316bd0f20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.19041.1151_none_ce259344dd35ac79\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-i..workcollectionagent_31bf3856ad364e35_11.0.19041.746_none_3b893c16aa61cb8e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bcmwdidhdpcie.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_117752d266efa7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_he-il_a510db988c831a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn.resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_10.0.19041.1_none_da45e23f07aaf391\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\pdferrorrepurchasecontent.html C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..ype-cambria_regular_31bf3856ad364e35_10.0.19041.1_none_de96cd265485ea1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ppvclient.resources_31bf3856ad364e35_10.0.19041.1_it-it_e9ff2d03df1860b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_ucm.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_fe78bcb83b1c24ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open\command C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.1212 C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.1212\ = "ELMSMSPLZYRAYWP" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe,0" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jrXn698rs6w221R.exe" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ELMSMSPLZYRAYWP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bdd5ccf77ee8b5ce2b00c50f5b2c0910_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4324-0-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ef46aab9e588928fb923bac741f5cf9
SHA1 22564aba4f92b447fdccd7c044255004bc9d520b
SHA256 b763fda35333c16f77f24ffe26e5df21e4b0855c3bb31e4b2ccb03444ee303c5
SHA512 dc7156bf9a51fe466ce39b6ce30d4c65a7ec1b35a56697ca2653305b7ad7ac0a0a45e3f2aaa41ab86ccfb07b75b0b1528db051b3dfadfe7eb13d59b4f03ca0d6

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 ee6740c40c31ab3cf31d8c042c7bf02b
SHA1 b20904171b70799fb8836fa6a7d581bc559bbb8c
SHA256 0725115ba1a5fdec4cd2870117c1a8d58d58a66e9288c376213b241ab5937a37
SHA512 a3a7a61b93a3f3b8267875605725aa5d6f31c649d65039d38d8ec2c43bc136231b98a0d41fa749c999d6dc583720ea388f804f4aa81f91cce32000ee10c88bf2

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 c4d105047c17b8313adacd1b0939cc23
SHA1 03ba64d042ae0bc8eb59edddd80cd150fa3be847
SHA256 aef0b984870e35f4f1d2f13d760071cf595b8b1c824970c2427d4ebb213ae983
SHA512 7318535d4332e34963451906470a35fd95cc5a43356184197a0651acb7a07680d3683811ed5f5d960a56e3698f0874de18c7ee12ff65ca1972ee292f6d448ca3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 36e59d8720ccddde5a53cd14dc778294
SHA1 864dc1f3590adf7b38758b0473ea32b4a6026e83
SHA256 46070e46731c3cd6b69e103b897313477f301ec2033c3095976753079580addb
SHA512 dcd91462753acaa5e1f40222e00d8d34ab51a1f83b400b741ddd714b1cf8125fce30b70a1391c43146585587e84ccf4c31b1c6cdb677573dc3d2d10d6a7e4d98

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5837af5d32120720b66a847a28d76041
SHA1 a46f06f8d22d121cb917d18d7db51566c5689a29
SHA256 4ac81c5a8ebd09ece09ad8b917d7696de0fbc6fcfa9b12b0e33cd8b93e19711f
SHA512 87ce3489370415cf1f24faeabae7df545e2480a408fb6487a07ea1d64ee1a15c0afd0f45f447ee261c1ad162d75ee323e5dfd942e1b7dc0118f12f1de92d34e3

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 19a1d4eac059a6ceed0d8ac3b0460a16
SHA1 1b1c7bdb5900c0de17ccd35ccee81bc3b74e877c
SHA256 faa153fd29db00e800a007d0180d898fc4a6f50ddfa9f44ca64772b1c14ae16e
SHA512 0f7750f894ca99a51ca4589a44ddb33dc04c26df794a11c7b59279167be68943ce722177ae32bdef4ed5ba63e5504119a5fa3c8e531d1fd0107d5193fd3b420d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 7ec765aa9e35ce44121958bf5d4b9731
SHA1 9671034ec6a679f79e857ab8e694cd6ffe779c7f
SHA256 7e4bf2c2e744bdbd9365daf7bdff7b06f79ebc5199ded1aab54c06565e2d39b1
SHA512 0074b0d4120c66a7493ecd2f0a7db12d0e7a3fd7c836bf185bbe11183fbb36ee397a86995074118b87fa7060ccf336b69afb68b5f435dc1bd4026959da94cb97

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 01c3f6e8a6ad6286f79b1ab730214861
SHA1 2876eda1f20ffd2cf8aa72d9487648e18dae781c
SHA256 0da25061fef81d15f9401154c634982ba43c8c82b64173603bd85cd193e5fbb4
SHA512 6a09f6ebf9f6a9ba0c1de9d369b2f0bf866ffd7f975db71adb26aa85b28437ee9b5ac3cba0389c1d45b8a7f08f037630a40eef2968528ac02388d6e7ce010e75

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 e2842bd2b8bf817642d7a0190ba53995
SHA1 06d742d32f82ea4694e2a913e9bc50d071e93d1e
SHA256 b879e08e9109177b8a02e4f8ba8385e0f6e7e67210e413c7ecdabb57d448564b
SHA512 69db8be63435401da288708dcf101be5fedde9447a23d26992e00a4ca13ce3a91c94cd67e79094f683126aa195de25025ec1239c11b61ca2c9698a3ea0e811fe

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 66ea649c4a529d3043caa72a91d8b339
SHA1 383221a38b6a963174d3b90b5d2bb0c0527594b1
SHA256 de8452b0aef99abfd73c1308d1a2f3979e14304e6ccb925bea9525215bf40b3a
SHA512 7f516eda5f96e289e3252d6d833bf8f680f5e8f5360bdecbdd8f555a8c73cdac0523cde31ea0e0b2af5df829ca086d568052fa0d0ae3fea9dde1e92d8aa7cf07

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 deec98465f5f46103530f919890f5eb9
SHA1 6e6cf055f25091665a4b074b7250b804030a7dcc
SHA256 fe49e96c103242a3327f1dc42fe946be5bf4913b769ba9ed063abb4e0c0fb242
SHA512 1e0e11522f6a9cf33c069893a78d36231e80125b6a3051c6ad982c7a2ec61c2142513c5952d47893d5cb9bec08f1af6f89110ffe27ea5d099c1759a9dc70ce05

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4b371c7f479d53a23c9c7f1ec4d5e4ef
SHA1 780ff6f145182ed182b652ddbea402a480e6a70d
SHA256 65868eca8831fd6655bd4489e329425ebf412ceb939e1ac570aa0fced64374e2
SHA512 7047f0c4f639e29d44c987eae204b358af8fc3b061b89364faa5ad970484747849fc8cfe0fda0bcc8c8d3a9f9f118bc52bb385ff7776afc93a9079d0c3086232

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f8cd0b130eb31d43c1c7c1ab07cc0cf8
SHA1 0ae00e64b782a7b5ff4eb3deb52818489bf3934e
SHA256 5b0222cd1d5dee20199f583d83f8d1ad411d8660fecf57c55d7f204e871ab8f4
SHA512 ce114463efb038c391ea5cefd8fbcbb5bbdd89987cdfef7ef1d4481c628fcf425e2edcc289ca4459fc0a113b100b1dd393ef3e86827ce6abc57610ad00eb24b9

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 46e68aec120a2dc81e4d0ab5bf261897
SHA1 8c6799f102f7e4ba06604dd179c681681063b3e5
SHA256 375824fd90be5d51de3f72364dc7f55a4bd4943ed0beaf4ba33982b9fb9e44d4
SHA512 5a7abdb049b440d55f9cc20c0a0c86e86252756f29c9270fafeaa2d6f056c7d53b1832c1e234b1f8232300918cae99e52a3451c49085bdc0c3c28c25698cbfc7

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 b0df8d4ab0d3875e8b7a51e1e4e6755a
SHA1 2cc7abdd314bc1884ea1f9f9dc69ab9b49ff6d3e
SHA256 48b800628c95266d83ab3cb3204d3101b82ac4b382a0ccb34220010d94b184bf
SHA512 da44a9bec84645634f61e33ed2ef3e2a72169cbd22029550da60d5e868c6110c2297d3783e761c81a9c51001e62b4bc049f82c93da197ef64d6b2cc2b97e0491

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 a88183ec97ec51976a8611172ab870c3
SHA1 c884abe80ea0b230435140785a24812626c07918
SHA256 cb860dc32b453863522673093028172f5ac547befb2f34caec3a2c235180badc
SHA512 44988c9caa244500ce3b07bf26b22f0f941167e8bfa1afa50a38a2ccfb22bd4583278b0bc4879b2e5c91a7ececb506e6452c5f1ea85a9dcd36de6fa3229bf69c

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 30d3897595cffbc4ade4b247920291a1
SHA1 a40ef3452644f749a5fb1ead5eeab369e581f398
SHA256 d42d4b32b57d6212f5c903fe6c7f23b0eb138145ca5271f31e21375f360b50a5
SHA512 e9fcea330242d860ab56380a436c5a024a2290727a463d56a3b82eac81ac50f175f2981d50a9e3c02a4496b8078ec9e71bb45d8f51d68f20e9285a7851ba2c68

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f73c20ddd89bac1eb8219ac8d64888eb
SHA1 badd6b2d3fb93d26ed3f80970444dcbb2833ffb7
SHA256 5667cca1bc06181600d4d84a4b4a8fc30e5e9c3df2bffac21953bfecbc2c7702
SHA512 90965c0a7d2d936ebcce766999dda7ae687d17e6c1e26e3d7ae6f2f4d0bd065add7a4416318f3f07f1afe770495616a525610e7c2c9471be1be6ab64828f4571

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 e5cc894d90e5b5f4bf1a5f51fdc0a728
SHA1 e97bd306a21795c3e129c8ef85e5716ba5340405
SHA256 30eae346f3feb1f848516fc4bf6c3d254bc580928bd8f598091e937a89e02b95
SHA512 5bfef5e4cd5feffe7c7d2102d4d1c0336f174c572678c78c935f25303bd02c7ae8a3a8c44da6bd05af059ad95bd9b6221f9c7ecd98f2f1265c004b75144f6261

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 49b030d9a864be6036688954f4fcb7d9
SHA1 b72150f3f39ee081e6b27d710f02240ec754b42d
SHA256 3d0c0d6153a3c2df5d2bd339bbc10438e21f0c0d615acda713a71d375b27cb13
SHA512 6173f0763ddeed8942cf9016b665b34acb9d54559409fbbcad3626f6fefcb87ca9e06a8832ea5a81ee9982a5e0b824ab9769ad2f75ec9a5be74ec788cfe8d672

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 79d1a371cbaab4f5aac2847168b99066
SHA1 4a92ab33418ba701ef96ca96a5a5ef0cb9e589bb
SHA256 faa4c30d216a7bfb67241a1efa0d8535c75e9055f7fdffa415da0f7764df3a58
SHA512 0541995affeefb7ced09330fcbf02afb038911c585c92f5155b423ef5e91e9a5e0ee71b21b7faf22685dc87ea970e00042dca6f4181271bca6b1ff4af12aa797

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 fb5818ef3f031dbfafab6bfa0ec21477
SHA1 d03562db1e28c9d24d03b740d4aee1639d9cdf47
SHA256 a521a7f2b3301207cc20431dad069230f8eb330929245ea8cbea32e557a195a4
SHA512 d119c16449f0ae9c500789d29d7915fc7f01ce3087c126a6f0462f998167a7f198f9811d837de7080b991679501394fd4c36e742b5936c92812ffcdf48c37123

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 4181ca05b1bef6ec00e2ce3c4a5e06e0
SHA1 7d3d315723e97ced7bfd4c2dd6118e83b568a774
SHA256 c0668434dac576bec43d6b999aa1ecb992c98b8531306dde6ddb74c4ed73fb90
SHA512 a896f36a131a81e503c4bf55df33867cbad3a67bee66fe5a138677ef2ea2ac99da3eba870c07f1572a5499f1961dd509c6152a24bf82279c429a73186bce702e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 82d1326b695720b6aa8633e496da9cf8
SHA1 f10fcd0c1de0f499de5ea45fb1843d9e990f772b
SHA256 fe15367b301154f19617642b90bbf05f66d1cdcef33f45be4901402687b00a0d
SHA512 b2f34bb496d7d51b7f1622a19fd4963989cc278e15ce0d5f86c39d1c3383f49666426dfbb6d2cf3d9e92e785438097b080b9baeb921e2b85b1c2e0b79a4897d1

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 359dba00f8ee07f16630c062f570649d
SHA1 6d7fa9422a9095c5eb34e7a18562c2d0fd71e8be
SHA256 9f3c1ddcf24c6f514785127c59506bf55943220d9d387a807267b80952458a26
SHA512 ee3a0454d05544191f092874dd9a5346f5102303ff2d078819ded115bf0d774db8d706c99d310b23014991439b593d126f80ad15f5aac6d99d0cb29c17bf7b58

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 0a466ca14a035377db921fc705752d12
SHA1 28ce83362cd207d236e4a4fb744aba7fd0affb23
SHA256 13e6a5b451637725eae6e3b1da8c51e06f1ed967bcf72815c8b9a81eb99eaefc
SHA512 11a46f2a31c0a131e474dcfd587a90049d757ecabd91561183d415b2de061f704052ded039532793a7e84af6d2c532f19e5904875afd30e02cb81fb2f9ba3947

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 c7f9347521b6d085fea344d151602688
SHA1 c4aa31c1a1a2ef71cc637b31e7097730e6f28ffb
SHA256 0925e412112e5b65c868571671d498d77bace2232ca787006b2d89c2bf87fc9c
SHA512 0e40d2f4c19bce7a24ccc848505bd74f7f3b09812eb6d8f5983d9caf232fbd71403e1f3d6511208ed87ef0555257b4bad7f9ef93209d4e074b017af64e989cdf

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 6f08313069eaeee0749631dadd9f0ff4
SHA1 0a46538468f42d34fa4398e4d42302ea33036fb9
SHA256 d3d87337bdb9657e09ee19862ac10d306862b766646e6744efb635f39798f987
SHA512 20bc75b47b1c161ae7e7f2daabe011882b53f3480f526e64de8498ad59278ca52ad13553c96bbdbe11b6a3386a57a6c906bb409cd382e0438cb8d75c431e3572

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2fb09813e90c646deea3d31412911904
SHA1 926bdb068f9409850976ba19c3388277d544e6e3
SHA256 4a174cb1fd1cefd840ecfd5c9cf43726e48bafbdf42928e4f1d63f903f49b7b3
SHA512 80f6fbe38e73be2b685d0436b9a62e513aee52874e37c0ff878956c20ac5bfbbabfdb96e2cdbe1082835cd8be0112308abfe665f9d598f24887727f21cf542d8

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 dedbe6c1a1385ff03c0c31fb6aef4b71
SHA1 c000bdc0805a010b391750d2ab8466ff74da0309
SHA256 4985f6e3f27802c068aee2250e2e1acbef72f5c06598950a6661e905da4133c8
SHA512 bdb3ab23f545e6a00e81cb02ad83787f1c3cd255771bce67c73fb65b1e711098493e23ea172d36a530b139b07d790f161278bc45c8c8b0d3267bf35830470c34

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 d53b05648aae5a97166e7ef8eb5a75a8
SHA1 6399863d582f45298e2de09670d64469151dbe19
SHA256 50abd33c610d5b860dd84c149ed5947e7c11287fc7058c083a54057c87cb4bb5
SHA512 0e362473bdc42cc442207f5e6eccd3af392d2fc788461bb7e517307775f11c6ee4ae36e47ac477ffcc83fd5f2de43b9dbc015ac378241af9953008de7f5abaa1

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 e523c4b5ac94b52b9d15fe9caca7deb0
SHA1 1fd5a5f99a9d32dbb9b492919e66469da5abe4ea
SHA256 a894fcad89aac6f5898ee59d6b83c7c98b4f3ac1afc26dd57e448628304c9c07
SHA512 46eb857817557fa0738a47109aa9efed22cb2ef3d03387c2e7e934aa0aaeb2dc971789e64ade190d7041e2310b240aa3b5e84f052d2e9e46438b35ab2b3914b0

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 5973f7a8e307e1086f859cfbb9698a0e
SHA1 b03a930eab69323928c59c492cf5394bd17a1eb6
SHA256 7d0629a6035934800d71236afd8ed0b41a32ff0c7a30ab3b57522d7f0b42ed60
SHA512 d6d48c6971aaaaba5670eee47e26f323e9c9c25a40182d09921d4a04757834b3461edc82d5d1602bbb452d0a59a373e94e71bbf6d0baa1ff64f88242ea521e0d

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 72667033f949bfc2e67483ff7d5b4843
SHA1 d00c1631f4127f76414d0d28d17ce21f1f950590
SHA256 a749d86d0fd6a8e5540015a03b87d9ee0912f1b5a347b740ff9d1c45c3a7e990
SHA512 7316293fae4478acf8ac51c4ab67afd06c4aac8151b0cefe02d04041fd51c7d52639efe3b0213fc8cb1d39538cee50f9e5d81775ae6653b4abb891715f9e4100

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 a99767a116932ee9133a6ae3de3c6fa9
SHA1 8f1c3ae5dcb7063fa66590a671cc547b3993b4f8
SHA256 e3356d32cc847e401013d829679f3834333751c835f79f99750b54f8b6e81578
SHA512 6583d3e20f99b9eb4fff6dc0d0d7df0086df5ecab0e09d6e84a629e3c2e1c5fbe835c96c57425f15b9750f311cff3dd8f4cd4646e03a63d0db43da88076af06e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 8dc4259f2978003ebebd98f2760f4b8e
SHA1 8a54e0843f4d0e00eceb21ac5966a112876bc54a
SHA256 942dc767aca68bd39b0d3620b0bbb49b0c6672c2e189b8524da87b73ecbaf149
SHA512 fd08e0a4c956916f9575b18e7111d56495eb0b3d151f8296ca0b745d12831c5bcb65c8c46e819ea7b3990501f1e52e3728db4ac3a6292101898c3bd316ee2c3d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 78f090d15d30eeb1580fb8eafc28fcb3
SHA1 64c74cba088e641564fc322045f8da26586746ca
SHA256 e4f54e6a6d736150d3f80e5440e81ce33194cc2c72d9ec332ccaf36c6b48bce3
SHA512 5b1d54b2473d616ea7c2a8eddbb018e79719c10d7479625d854136af00c80c2b0b5507f4b20c5d253a48ba1d6e0f36838e291367e83c95e1458adb36a0ccfb11

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 8b7edb6f325bfee29376267a0d519b08
SHA1 a1e2324f5bca44af5f161d96ab48dff7bed7bc42
SHA256 86a6cd5b7aeaac89350adba1fa99cf22c31ec05ea16858bf0321bdcf09f2a323
SHA512 b5ab59c5172bb1ec2346370785a8ef67eb8e72c9d5998c8094b1ba95c169446326574371418a8d5c6e0ed3b33fef48b9becadb4e9a5e13bea8416183686548a1

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6ea48049547d758cb868d33ae8e274c0
SHA1 3b30c0d22ee85be20ee32532bf9b88b531c92863
SHA256 c9a01222f1afbcf3f63ffcfb13fc04cf0b66e446746d1a5946e7c2185185b146
SHA512 af8679f86027e93c407676742b3d8f11e67199734a4b1294ee5e5556bcf94ebf0928a976358067b7b1e390c8fcf2883d1dcb5e6357305be71f66f9f508b41833

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 e50d25e85a07942d53613ddb9010fb78
SHA1 3a879840360a308f96f18e9507ce926bedb0012f
SHA256 39462e5b95e88d3dbe468ce496e659f23e88fc02009b15648ca8d7057bc59535
SHA512 6c35720af0048522397e8afe70ca12b07eaef963f367c8e659d5ced05ed969256ebba7b0535397259c3bc708341b233e476b634c08d76e208e694b71c4aff65a

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ffde6a18b1c5140a5577ac744e09cde8
SHA1 6d1fe4f5d0b392f1c4ab00a16e0a6f121a99e293
SHA256 0be872f4edab8241f345468f8dd74a01de0db68c8022bc1bcc9762d3291ac03d
SHA512 91657acfaaf9e8ad9b567b615242b74f3533ad7a4410332146bf941976a4a72b9310b7179b5f0ca4fce6fde08a726721d1ad2953bfa4e86081db3d7c8095b8b9

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 ad593d86f1d5863be88d8f5eea5d0131
SHA1 ffa689afd90932e0d94f8a0ed459d5fe225201fc
SHA256 b684856f292db3bba885abd1be815616e9058c2a55b2d3fee8fbc9b7b81e41b5
SHA512 16f90fb157f29b6ddc2d4ece243536bd1a7b50468344345eddb676987961bc2c58ff4786d2c4f833fbb04b9c953a31c0ebefeeeb7536f4d44bc03a4c980c0a71

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 1d7eff5401cb87b8df04bb7977b07eb2
SHA1 be5ee13ec6da9d083a2af44148c1ba7d31008836
SHA256 66e19d3c85d16abaa4749078885b427e8be65cf29dc1aea7d4275c4c2eb2c0e9
SHA512 55d96b9d0442edeb3ccf2d756d8442c39711cb2516eaba72ec24bc413569cd963d925a6cf5d0d7e1c0e858e1e5bd025b10742286c81a6898463e528a73bf1266

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 094b80f931feb1d13396beab2e6011b4
SHA1 a20ce334f3a0525adc4480476714a13e2a851aa4
SHA256 cfcde9cf41ebc609cd1c026026dec2d3bec7e5095b6c54e16aa03c75ade82a95
SHA512 d7dd77509ff36596bdb3b1c9b55191285e366fa9997857babbb83de2c794f4aa6e32af786d81d46d83246582ca2247b70ab4d36c5fdec993050c3a5a65004739

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 8bda848ead88e5b187828938f60244c1
SHA1 fd56b66427a83ff8048084d58272cc312a03bb63
SHA256 079e793f65075728be86e55643f24dbc9db840b9a64dd0460fe00a8e2b5d3ea5
SHA512 e33159fca86c9b87f7bec493751bf9948f9084c598324c8e6c0b449dbd02fc81a7eb1e2f9451e053d99807359009424d8f9fc65594f2a9117016dea4f73229c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 588068e83ec515a783ad5e2fca1365e1
SHA1 d0ca0b62d814b7918bbbb440e326d0577bd3fcbf
SHA256 684f8e5cb56db933203fa4d8760ff54d40021556e3c2be99c9233a61b85e6287
SHA512 c94afacbf6fe0991c35c21f80c34fab86a81bf402ea1386b034614391ddf8beb4c1c934afe23893ad05310a61dd8aadf4ffb504a139310ba6712515609253ab2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 6565469118f94d3aaae7d6f39c5ccdce
SHA1 92e2aad5d7e0b2c86df2f3b8696ea792cc9b3170
SHA256 88c4411390f3506d90dfb781c0c0d6816f36ddd2a29b140d7baedf9f42a8d2bb
SHA512 767d3d98d10804a4578a86febc24e6f6a1fee58570ed94b716e1f083a0e676392bd66d4a80c7cdfe3a2eb75dad43f7c5d17535b4648c8f046fb5ecf146661215

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 93b9d1f052788336310c6b8e916ce907
SHA1 dc35fdf87ff3b351408d7e963623e4622d6f9d42
SHA256 4fd1256508ad32181320dfa9e9eea05830855d5be2cf607303e9b11124314e00
SHA512 e5f0cfcfeb1e27fe2ddbbe579d63a8c5823bf0b533ce25cfd616063afee3c10607455b987ef16a3f96ae4292c150941ad1388229b13010b1bc07f77b842a9299

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 7b09d0efde2fa1e4d1c03a4ca47fcfa0
SHA1 a48dc4b37cbeb22d739ac896f5acf9ad7e786583
SHA256 691fa4141f7c945d7ebbfcbf6fdc32e116d098702606ed45d9f0449901c5393d
SHA512 3aad2f447de8723fb3c7d8d0860a952d014b80e5cdd925dea04b7cac08580c770754be7614d02ef98d1a5e9f6dbc3f3b20349e3e0fb51c07c92237481049e65b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d07f1f773c7239a37e6989f47a35a4b8
SHA1 7db1cdd042308fbff50b5adc615823e61bd298fc
SHA256 894d3481062ea2b05ced3927b80dbe9e3876a095b59f8bf7f2736b1e716c25ff
SHA512 f87c1becd3c400a8344c913c0bd07d22a11c29867e652738c6dcd8c0c0aea633178eb65892ed17b69e92ef779532664b645884532b27b6f313cd37cd8173ca8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2806646b354c3b6389890d2b62005a2e
SHA1 415f2d2d0aff0d0b2fd1df487bddba435e92c899
SHA256 eaf9a197f9a67ee6bbd69a6e82edd6127e291916ad93f20875b330367e1522d3
SHA512 57aba1a8a5549a6e42e21a5e3a8e217bfc0268548d067fafee56a881ca97c6ced0be09bebce354037210126d6a25c97c12866c5366363f7f8d315d17b0e5ad3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 5366b5661d06028ed11ff552e7cf0d10
SHA1 e7bbc8a8b9d92c2e4bbf5cca01956a751f6e40d4
SHA256 29ece5bfdcd271ecf010b71635223e9c400de80ef42e9a55d98386b024242f58
SHA512 25bfef5c414d0cfc864e0cc6fa153210cf5091d3f3d61a2f476bed6074bfc18c63a8031ed9b8eaf14eaed254e531d30af504eebc6aec573e769826b5fbb37fc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 06da21cb135d744af5947831bc45734a
SHA1 097e49104da61a823b2559cbb20afade273c9daf
SHA256 f303370cd1b22c492a13a6d94ae8e9a34f7f66026e1e8d8f0429fe3134506a6d
SHA512 23ca3a0e8f6950c64deeae1c6d87e5fcbc5f0b84a2b4771530f5fb46f6405bbff62b7e72329659b1980a3c3bd9befcdf9a81a21cab209d6416d106050db4c67b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 e82895885a535cf527f05fcf83399931
SHA1 3bc9a61c4577018a9053c5671fd65679f0addb93
SHA256 5ca952221dbe20955fc811a661fcf3aff5c087bff7c809b50ce472b14fbd506a
SHA512 3a52d4261ba97d62c06dbc6694e7a837637dae41453a4b5b4176ca18c953e6a84d29d7568cc2de2f115bd9e96c4e12d3c861f8318aa792a1aac0f8222b1f43bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 6bd1e40728d99816cb50982eb7c66632
SHA1 43499efb0fa1f0a077612bfa3a4ab1bd92b0cfe3
SHA256 5b45defe6be150661c6dc7c1e0701ba64a9968e97c0da83eeb05b2e6ebf1c1e2
SHA512 6a04e6743b1d0175608201a14002648f3e6c1bbf2e272623fc9d12b709c120f9d825035b965546bda63f23353835fb76eed2fc7159d4a13f725e153bb875017a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d02b4e7fd4359e551e2ef1264d5a606a
SHA1 e38fcc0e73dd9aa9a6dd653ee0f892b41a5d047a
SHA256 9cf4d4f297b21b55d026aa91e7dd3936ceea091fd232eb992d11180af8cc9382
SHA512 20a2292d72aa64f09898cc71cb3b19c36bf25674daad6347c6b6e74a7a01c916f62cd1431ee2404fc63129dfd0f51fc93b41dbb90e5f17e2432ede66f473b699

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 82d3eee692f02fbf8a62ee85af1eb46e
SHA1 1ec36a5a959fcd672f7893400df1fa84e8474df7
SHA256 265eadf741c077b9559ae4198544c2ba8dd2450651b197930c39c308a285c9bc
SHA512 67acf91a3a54d3255069551fcc626b5764ada0e8e7ce0b40fd44742a3bfc20c9782c87b6e2d4c43253ef424f9242545ebf8400c8581e5e087f45e691f2a39940

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 14b3071827269d5ac4dc7ef820057edb
SHA1 a5e0ced52515fe1985379a82b1f3225afd6d21fc
SHA256 1a86722aa67bfac358aadbdbe000e3e8d2b0e628ac30ad2c60c56aea12489bac
SHA512 a6d8ee747077aa55735a1b5b6f6bc9ce26f532f36dda14aa602bfd653d53ccfcd232386475ff822b707e8c53d2c24f79219a74c66035ef5171907ef6d94a0561

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 4b266f77b905b285a556bb400e293197
SHA1 4ac1057ff26d59e111ed730a50355621490f95d8
SHA256 644839e36dee4640ed33a537839b2bcf982777259e5cfb3a839a17d148feb8fc
SHA512 1ecee53d70d545ccccf5b1b5b849dca257c98f72c871c748e40675f3dd331cdd5c5ccb3b66fcf7453e3304cabccb67c7cd0aabeb04dc0783be17c301b59d3012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 f110acd3eae34dc4403ea6deafc7cd38
SHA1 733c44b4e7b4700e7dc9b51865a243ed0c6c6c82
SHA256 8dcdb65986c4d82b4d4600171b6b781999fb21883156b11cbbd4f72e168c4f7d
SHA512 ccc9b297484f3ef52fc19b009c470e59629db5c1f629a949e64c63f0550ef54aade57ccec14989a59ca5ea7ba4ec3a90539052c68be8c9fb16e4e7e1dcfeacdf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 89a33753e17e4d04d2de2acfc3a2a358
SHA1 91af23de8e4f719eed5e1b284ae4b97fa8c4acd4
SHA256 1eace4782d25834c8caf9a52320943deb812fea591bcf0933002ded18c88b8e1
SHA512 9871dc63c189ba3b2379372e8834dd97993b50b257e00675fefb7cb9966a4a05105c05c2e9703b89bb9e101b5fa571d65108a3cdb03c4f032878db4e819e4442

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d812a8b021cdfe65713ad56b269e9ba4
SHA1 4325177942940eaf7b424f4ce5fa042007c1461d
SHA256 1c02faff4533471c3f097aebf9597f7428518b39278c5a2849ba0cedb44afb4e
SHA512 d0551a834289f550947e36ff18b723de2bf5a944c8da2b68668f1a9bb41fc288e2f5fd373fb3a9b565072af666aad7f1c97f05b95afc66354aace9ad33a000f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 99a587914f86ab5c7efcd1f5d58d4f3e
SHA1 f9e79e9f7bbe24596140254e67adf5e8aa169178
SHA256 9994ec21c43bde31d20ba2743ceeeb959b285062c538563f01b51de690252265
SHA512 246741a96b9efc995ce021b43c99393f4945887860f68dffc5e1a52eba045571127afa734e223f635793a9bd645b4455cc1f92705dde96e765a8a30d65696bce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 bfe6de96a963108c1805aef26a300b2f
SHA1 bdde4602dbee813f4ad59858a1bea487ba29d226
SHA256 159e03fb8222914a171ffda19502d5d8d87b51c3e396cd19c5dca5fb393a9020
SHA512 7ba6ddaa4338c01fb95d4846287f2741f9200f3e0e7350e14f3ba8f3e152490636296824fc721bf2214d80b41f212bf7977cd572343762378c24316db823e981

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 dcc79a6d1967c1b2e26f1d8f1d9ea130
SHA1 23fb39e703c9ba836b83b63df5ea51e134b43b7f
SHA256 5356dc0b950f41e7abc83768ce730d860c90fbbf48ae258728f3c0597afdbe32
SHA512 95821d75253ee7f9eff541b799cb0683e71cce30f194aaf720be258d6eff25ed52aa9d2e200e374272db02558433e0d14a5fe5aadad5e59f0a873ce17c46edc0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 0dd8467960b859acd3d4eb371dccd134
SHA1 e4e655bfd1a0cad6a0a3ce9ff68bba06d806b79c
SHA256 8972673627aa9aa6095f0f0a7441d8cebef2962eb8022554a49b0bf6b1b88bcf
SHA512 07efb809740541f641aac96f49e78b1ca61f591bd8a21e89111723f033150ff28e5057df4a075b2c29bb1a7a0e42e60b3b078bce8297547363466a4507531dd6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1c5db16fa2e2020659672c09672547cf
SHA1 70bc6d976007b5af7a318bfa79c62bc3dd4a376b
SHA256 e71428018cda38d5efbd915ce65deb540f97400fcf4443e69e7fa3eec3bee3d4
SHA512 9768f145b69dda56c5cafc72c256a97a980534ca97313bb6ea801fe50b2a2d17909c9f8b47fa907fa8eca2ecc889af2fb7aede9f24dcb16c52e3e4d7e51ce66c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3762d0d941cc3af2c68c0735dde29c74
SHA1 8dc148b3bb1946d01fe9fc50f68eabcb4dc466ca
SHA256 c7009ce6e2f092345b7bfc8a65ee4c3c3e8fce4177ae0c1f0ea3fb57cb56e43c
SHA512 d0f5d20ef42bcd315558ddf711f04fbd7aadefed6de44627b28b06a465696557ad03b7c8ef01338855b2917d4ff2dbae742e81df104a713ebeb723b617927b8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 12b68c8d9e14e1660569951da69467e7
SHA1 acd97f6774643f665a717b453bf4c8dfe6e638ba
SHA256 cca7bb933d2e11f01db6df54cf554456b577b0f1b2d10eaac3110e4a0c9bde70
SHA512 d777977ab92e5ad81170cdd06b571af0f50ef59e0efafb101aef64ecac39d8e8ada89f62eb32f32060ccd205ea8821861127fbbcc2b3adf155eaafefeeffe73a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 020abb79fad28ef6e3753b23dd7e0bb1
SHA1 14324e0ce54f542fb35e04c1565c2c63d0e900ed
SHA256 b7ef80a9a604626a866ce24971c83df95c1878d2e4ec6ef0b0c25f31ad348181
SHA512 f26c97f3c668053121e577131d29d183d58d940ae917e48e7ecaba112b9fa6a99b1ea0d2d2e95306f7dcee3e1fbc34575d9e34a2b712a367d438e16fb0016bf5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 df0c3dedca842b8314f3b930a2c8e9cc
SHA1 d028abd45d323b3484cf0f54459c5a0c9a13955a
SHA256 347523e54b079fdd827664cb18bcab74dbaee97e887dec41741b02067ee1d45f
SHA512 5bdd36b9f88f8691130e96443f56eec5253ba1d639f690e65e27882c39c4c153edf6b6a4c310f7b1afc624f41af75477bd168e6e25240d64526f45995953c45b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 408e628bd15570ad235b26ce5814b94e
SHA1 1949c5f93480d02dee6ee93a6a229203b509b1b7
SHA256 606e2fe43478687078c0750deb97100f190b12c9c41fa95022ab3af1c877d653
SHA512 4e95d9e6526e08a73aa956d9f7f30c1ce42ae05796a31239c648280d2797178222e4c4bb0b28be242340ed280cf8f2227cb35766b2a159444b54633cb58b355f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c149d529f43d6e2aa63906948d4b874a
SHA1 4d8d02228ec69574566bf434bd63173924b8567b
SHA256 ec10a4fd90dfe20dd005f237247b114589eb92873f814819ca043c170b8816ed
SHA512 851e5e9dc926cdac82620e195c7db52373ad72aea2b86e5fd929897c46d30bd041f07a384277131a967372f8e994a431ded2b4b6610dcb323ed4efeca77afae2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 9f03e71f2a2ef38a1422ed5b090c2196
SHA1 674125cd191284b33e34dcc1ec8d7c59d4284b6c
SHA256 424a5e481b1623f416630f706ba8f50e95e85f0ed9368b7fa217b70fdb3bc563
SHA512 e5afebf543e0bd65f8e400f792a2896f18b434fbf9022f58d06aa4a55d386db57af0b9aeabcade7c0823d87665e5dcc79d52c5a0e7a277e06d3a91e30ebfd388

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d022997476489bad669be03098fe86a7
SHA1 a4f2a4671b19013536fb3609a5c8936ba5308f7b
SHA256 56d01dae8261cc30a55dd0f4828ba5ebebfbbf6dd7e44b0bde57732da0294373
SHA512 229c7f527fe7051fbdc961b404e7a6b25026ee7ea73de9a0aac2444f0ada7e013b1e787f4b81e7fac266f0bba3af0825cefff241650ba9f00e39ec257768e358

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 e19908ab900c04f98e8b37f626c3f7e9
SHA1 7eab0489077315d888f65a58fa407ab6b57c378f
SHA256 2e27e0a43ef94e592898d3cec42adaf2763e4a11f7579fdc69ea7a97acd43c7f
SHA512 eb474fde8a145fe4bb47c4582f6d7ce5abea1557a5c578d066d1b6ac64ab1ea0d2917f1c23bff9cb5a7ca1e23a256e71149ac0d3a5740913f8851c2ac43c037e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9d93382d94334574b58f2704bf57a1cd
SHA1 0de03884d9ea456539ace3ddf521aabc5c54f030
SHA256 6bbea0cce50be6c04a628ffa2c42b3f7d959faaa2c5bc1e8bd0e94aef6da1b3c
SHA512 e5b9a2ca17ed0e2164fa824db75edce6d694a7c9efb186c0742df04c0f0a3ba3863b5b5dd1840325d1f8351ea628db0a7f928d90badeaffd173c01c10e463dd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 5736eae690731a2cedcad7a6bdbf893b
SHA1 dfcfb2171a1fd642a52b84f0050a70d686c6d951
SHA256 01551110c47cf182291ef55a86d80b5f5c1fa224573ee03e19836d5cb4d84305
SHA512 e75adc0d492d91d1663cd2d15812ce5817984753d968be95e2daf1a60b79efab560bb2fb631f22157b9a6cadf939abfa3d04933a1d3f413452252ebbe26ef1b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 2ea31d8552a8743d8ae5a86e4d030102
SHA1 95cf326fa78b119ae3d57f4bb8a11b8d5f790592
SHA256 d3b510971251c712725229923a054f1592d4717801687ce1383b3a32d1de4ca1
SHA512 6e6801fe099b92a5d3f3474e6a808b2ae2ef3fdf7b629af5cb8f7092b348245a0e28c81e6e2013fdaed8bbabf95199ef5e05d51a11ee55e3f4f3612262d5359d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 a7a08f364934cb310ad0a37e851ce49c
SHA1 805f980ddfb2b2d4a6bad5e826fa263ee3c9a10f
SHA256 3bba874bc21b457b72c4bd6f21fd743dbfa09984db64b588809831d8794b0861
SHA512 c5d227f6e926250bf599a4eebc7823b3234e672b775ef2c18dae3dd4a825615436b13011fa4dd0d4d7c6b44cd0fe525b08a78bad740b63cff003cd46a0f2a104

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 60ad5025f19dbccf2163f9311caeaceb
SHA1 dba98be8ac538a71dc6e3f25d3e6a40824ba4c5f
SHA256 06e2630eca0550eb7779f9cda336e884d9d801c3d7d183085613b779dfdab771
SHA512 6bdeb07de46be47934b56641e7c0968adf9e2d86cd6ec8701b01bccfb759497008ad8549c5612e56fabab132640bca1cfcf6c8b30fb426b6bab9842591c16bb4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 f9bf5dfc18d626f7489f491e99d5a584
SHA1 879ee6d32c7eeecd078d3a10c8bbf253deabe951
SHA256 7ec44bd7ea5f2f7b9867a8994d89f871e1656860b34353644e8d6a3f74488f5c
SHA512 702970a032aa9e4e2a41cb5526139defa232b41071aa19d57dcae2964e8f1e1b0e5b4183929e72a590d28221b21c21e298d0f531da10c1e1d8eaaca2d52f4010

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 396fdfcc42ea49876c9f781d4a8cbf97
SHA1 63bdea682c9607c5bad0d69110c7d015545b64f2
SHA256 85d7c1cefcd6a0c44f5e2e9332264bc92b2c9f8bc32a9bb89587985e95fac049
SHA512 d77e134a5a0177f391bd943d8d1fe011fdefd7f08166c0f22af4e0276c2ca10253542cbdc9f98ebae05fa2874e2b27952952d6af08bcb981c7cd760bd1294c40

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

MD5 387d1b96fc0ea7d310a55dc2f1e37966
SHA1 b4dc3c3d825a18a4e4a924d4df7f503c795576fa
SHA256 0ae1084e416f6dd7fcafc47f272c39daa3506a22acda5b5853058832aeb878e6
SHA512 c5f038ee04899063dee1b58040897eb7f291de5aa7d9f8472d5293abbb9cbc0bb6225a1216eb85c677a926e212779cf78416d3a3c04c35f4e144bceec9e8a7b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

MD5 6f32e831858b409388e5e66eacd9c21c
SHA1 4d4a57d44167be5b36dff32461d768f82e544bfd
SHA256 41e3f1bc0bce9cb08c08107236ae859e75be062ca1e957fe94643d1934e2ac2d
SHA512 f6facdd66eae299438124353e49909759b0ea05936d80fe4403b000b87c984e5f308807b2d0b9d5a63e1efc339aca33fe87e3859e39b83f2d3ced64554e8a5f5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

MD5 4b845730daba1f20688db55b6a7ef240
SHA1 696bdc21c931740d50829ebacac2d9304b6c3945
SHA256 aa377e8f67ee24e7ed28bce665970dfd87d5ac97115913d824d168449059ce6a
SHA512 0cb41bc802113c11d49d4a586c7ef59f8455d5712e1a0f782e24eae8ceacb33af5c67f36cf7c73573e59ecb4da716a438c3117733e5d876151669dd368f1542d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

MD5 a93f65e1f2128725514c9b83520249b5
SHA1 d5ce799948bbf931f7e2fe5b8b6c6f25df514169
SHA256 0f9384eaab54f72096339b7dd8f909adc1662f6d3228664ebe94a8aa4efc954c
SHA512 bbfa06162f428dbbdee4cb3d03882be8d9e65807752510a11b92c96e1ec2e26030147bd67d598ab2c8b3d729eecae9bca686398761497e283e805b3a3b8531e4

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ed2efb01f22c098f6c1110c30b66d033
SHA1 6b85620e567acfe0ddefd066c8a2864afd53c34a
SHA256 280e6462a0952ac697d366faabbd69adc48c3597cbf3101de4a6f150b798cbf2
SHA512 2837c1e26f113822ae486465a59166ef686ec40e8080192f9218c1ac5042807a542f5c0b1a5f4992c0440b03c2ab0c1fd78791adbc194500d5672f623b913337

memory/4324-6599-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4324-6600-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f6d007bd860d6d1b18a1a750cbbe50c1
SHA1 55d280c74f107f6f5a38eb42149a5ce6dbaf0a7f
SHA256 2955dcd1a1990a8240c370b9a39adc40a7104eee5442faf3c05f54f481f7d8d2
SHA512 a4452077d466553ff25f595025ac8df703dae5625c1dee47402227f367a474eac56044404e8a7f8f6ef6de63b79b4fa8d175b9ca11093664c8d90202d8484311

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 47b06ae557c13d07981159a2072ad277
SHA1 295b4f5dc86e057b2160d22feb41d0514235daad
SHA256 b7cfc82363ce02f5b4d3349d3c72d9dd41659525c2b0fa071fbabf5ffc2c1a35
SHA512 2a8362cee6a01c94216b1661706d03b0926a93612a6ad20a97dd8924aae79b660cd928ccdc0151ed9402790c5805b9c2be2998352dba5b72e128192310c93357

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 a7938bf5343216248268cd3146b4b22a
SHA1 52bd3aa969adef8f348ae78950ab8e5f7b2c9314
SHA256 bfb1225f6c40b2368a86eef7e3205843e45b467fcb809443ca8629282b8dcff8
SHA512 8f24d4fcfcea7c22e07683aeac83510e57ec9c8b9b1010cd8884ed8af155cb7413b136ed11406a9d4dd9abdc9344e6f5e0d3e5e5012ec5ba3bd022c01143cf8c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 1cdc5eb33ced5156d7364aa23502f0c7
SHA1 053919b4de728e334c9e98a07eaf4cf0a18dc2cc
SHA256 3c4123cf0a8db89bb356a1e1db0cdb4dc61f8f8fb7266e3be90f407a57fdad79
SHA512 fa660e61ddc7234045ee667f7f26d5c52261535e037989290d786cf7127522fff6ce87e887ef5e1778853275ff2b757a97cf98bf805119982ac000a346388f44

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 5ac4b55c92fd734f8cbb1f3ec59dcadd
SHA1 e139e2fdbdd02bd1986ef4ee5f806bdf64133efa
SHA256 0c61647ac45ef777079ae324d55ad8b1886ed628fbec4db6ba0658f1f1bf623e
SHA512 c60a8d5b9e7d00c4fcd4f783015b66e724ae390db2ee82a50a2d763c90098f154ec614b3cca4d39078c35bac756dbfc235f16991d8a8d49f13742abe59c951ea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 f39c22dec62284b36a6ca7561c3bef63
SHA1 4054c31f49769a9df651f8ccd168808e5e43e665
SHA256 93b9560de045cbb82e7af3ad568ae86be221395861ad73533c0154db7d1f3254
SHA512 c80d75f83c898b3895337cde1cfbb76b766c83b3e5bf8f02fbcf569b3a2bcaa5442a0bcd98dce18a8099ae2f9044e4383767ddf0881a1a2845d3a5fd07c51722

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d612dac73790ccc7e72ddbfb6f2a518f
SHA1 dc857fb31a1419e13e372ed21caca1b6474129bf
SHA256 248ae5162063460228feccb4eee6123fd8b334f39a83085f32cfa45585598b28
SHA512 5796862fff4415edf18c0b0619c5b4e987e1c9db4278c35cc46b00c9522d1b0c678e19e2acbce97cbfb0b0a86e0d02f278e11a198bdb1a99982d4de53c7d3976

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f9f7f8fa083b7351999c21ae1a7d2133
SHA1 94081c5dede0d28f3a26b73d74ee0076150e4ec0
SHA256 e3b2d055ff392c5d4c52ad25b313e6fba5b62452d8d6a27261403c052452fad6
SHA512 ceef4d46469f5cdc710745c9ee2da2796dd4ef8bb8d0f4d1af9e625181a4d685b7be0b114ffd7aff175c58f556c4d115d09feb6f390645f0c32486bb45ce62f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 846b2a6ae8223bc2628f95f63d05646a
SHA1 d4bbf7554000f9be32d19c31f6ae09d6db4f2caa
SHA256 88a0a4adb9d5e20067be025e8ec81d382dc1bac439027c0a3a2d1354be5bc835
SHA512 47a2e69bd87e5278a8b2e75fd967d7be614a88aa118118b5d9168aa8c2fd629871c4321c37b0b904f95da7c3f5122863ff39e4fe906579e2b204585403b597f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fb6040aad3ced4c93b58a953be901cdc
SHA1 0e35d0162268675b6949443273df15f9fea556b4
SHA256 a372ae677e9f4dcf6600fdf1b8092a12f8ccd52cb3c71c8e3ba07b8070211ea4
SHA512 965e0b03d8f3d9a3e523cffc3bf97e7e15b9e53f7656b44920e4a48fad36c755f49b4eaba3331cc3de751a989282133b90054672406cc51694df172ea6004b28

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 da0ec559ced534212182d949e3721d5b
SHA1 6ee380c294643c57182c637898e2fe400a38b327
SHA256 e462fa8831031f7e4b24675f40f3c4a55f380cd12ecc59d193f9b4fa75feeaac
SHA512 93f566e83165e0e94cdd4838b90a842eb14db6befc3ff89d17a7b60d5fa2520502cf3db848c1c9253ae0074f80573d10a19afe4c14716634aa04124da8ceebab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 370b303bf25e17f832da3e72b9213af9
SHA1 b5d73a37fa84744e28e2d5547161856b13a9bb8e
SHA256 1c62957a7126514954bc2d63ad3a0a9f106634d896b0c6108299207d79e5928e
SHA512 abb4efe7c12b951217ca95c629e1dbfa08cf43ec5f43a26650a76321866de389d482af411d906cb3fc76f2d43e9501820b4d036c982d7dfe9fb1d7e15ee6ec7c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 83c7e76f5ebcbdef37b265e462ad818d
SHA1 b70ad57e2cb791b42d1edb7010ee415545ddf9e4
SHA256 2338f175763ecc13ff3232f0ea922ed2087dbf6cbc08a39655b3716cb9f6d66d
SHA512 ecb5a5adb4f09d4b633effed08add53ce6c272c5b674026180b3b633e0139e5230b8903714d47452aca27a18ee4872c131a7b6a43a977aa5764b3a3e83552346

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4b438d3e0b466dc731484d24a7ab8d61
SHA1 cd1b564dcaa3c647f1e6a7dcc776717b1bc01e0c
SHA256 e7fc67d1ff8e208d39d44913f2d46e9ab3c7525488459ecb66f0e50ab36068f3
SHA512 e73daed557e9d7bb2ca58d92fb7a6e2b561f140eb735336af4d4557f4b1bc994bdcdeb605776c8d38596534c00b8ba4b32af2e0ceec81c25ed06479cf2f3d7a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 a2be23fb50bd260d3e3345a000e18d3d
SHA1 5beb055b3f54f4b76d375b7cb4df1f08dae9849b
SHA256 ace1e2cf32adec9e3f88be6d03bb04d733a6bfbe5134ce15d5c25b9020018e89
SHA512 2d14d7361818c7028e0233990da1389f960c041761cf2c4e8735e38788bd1628f5bd6f2e15168494bbb8e06db3dbb79bae1b2aca7d40f16db0bee202685db478

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 a588bd2baf4e078a24bb87d0d462df3c
SHA1 653903752438ebc20926b5ea8f7841bba616e5d8
SHA256 089efb4637c44a9e8ba02abfbf263851de9b7e9736e5aa111aa35484d99b78f6
SHA512 49479f6150373a40989c8d830d89fed5179e9fc33f9e6c8c8de810cb7cb8c09c206d58af7170d9a4c9b0a8868bbffa91b65f806322d284fc39bf53f3101953c0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 e87fffc7b32b204b6dbd011cc7aa22bb
SHA1 eb2908f88c8a22201eb606428af15d1594cd001e
SHA256 2e0806e45f2bd3da63978c24198ef07e476b3dcdf0fcda9682457bfd03b3c744
SHA512 a89c64ec00154cae7304ad71836d0390b516463b80a1a1082ccb75fdaf527030b96f78c67d35df49350e90872b7fce67969d9ba7aebe33b9d3e200f552295835

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 dd2d52107e71e4da27bb85294ca2bcfe
SHA1 48d9778f07155b5f403206c596ce6a048ce91e7a
SHA256 b200c3a9e3d2699a40ba74bf719364b7b40c0da15b8c74aa62e9b24a96f2a4af
SHA512 43713c1be3bb5b3071946f514999df2c29a2d060fdde66ecb4e0b3253c9decfe922757b5e6dc1408c76480d9e9095fe91222dcb9c3bfcc244e690aeab75bd6f7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 d910accd1d5e8b266997a8c8f45ba69a
SHA1 588ce5f64f5e7f32810b89ba1501bdd865c8aa5e
SHA256 fcf176993fed53c1a30c8fdae75ca129c6923e798096f42da82ba30c42ba6aca
SHA512 c7faa650f867654f6072ce16a70b07c9f77611a0cd858cf39ae0af9f1d9c7a4e26dee33611661197b31e2956e8c06f94d560e5b5025177c6d280c73d966eac36

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 66538c23771a68cbd9d7d7c6863a829e
SHA1 cf8e03863283911390ed8a3f5a9f6bed267b365a
SHA256 91d4d2a03ef94d359c82463397a73f4b18c6f3c83441a91c8994464fa64b9d03
SHA512 1e44c948072c7ccdff2219b62beeeaf8ef785b0126618a5fe49f93302665e48ac0149e7f13d004412fbbefebe7832c006b3b54dee88b2184912cff6086ba6841

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk.1212

MD5 76d962dc6e6fe1e44bdc902c96aec609
SHA1 c402721d365a14e06e06dbfce328eddc159e30be
SHA256 f972ad0844f595cff8f76948dceb99c5e4cd4e3f6c71076b6f6e8702ba60562d
SHA512 5ea2541636ee9b6e043145b513c6cb6ce63b4a6bc3815e5961bdbf7f19814eb952a198ce0f2bdad522865c677c975b0f3b752a7e0768c6c629f8068bf36d6d66

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 475e2d5797f0fd61f452d4b20c5fd223
SHA1 c405c33743c8260bf653d5cea2cfa9fa72708f8c
SHA256 ca7a30364fb8cf7e8ca38d05d9cce2d3bc13fbcabc6bfc98b3b19de89a182077
SHA512 f06ef55b3daaa34b5949dd34a08a2bd2070dc8fa86b7fd2ca1f6bab6e5b962254633c4eb134a0757d29b9b91645411a98e3ceff25fb3b27601ef9e723cff0c3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ec725373a7cad90253d26652236826db
SHA1 d13839df9938ba891668ac8900166f46da95dfe5
SHA256 02795eb953c31672a46b45f4e9de5644f76ff8c6f1ee17c1eb08bee782f52331
SHA512 3ade3ec4dcac5c026611bdd787d317653b8bedcb42b4b1c0c1f7d6e58f0a6198145ec9cd03f316486e27a8251c8b7fce0d86198342740b6861ac73242e9a6cf7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 b28223810fdc67b22a1d5988b9ecdbb6
SHA1 573c5d48a9c9995f71156a7d487b102e1556d20b
SHA256 68d2ca8565d7a4b00ed530c30a8575210feb05a48ef8ec558e8cc0821d3c647b
SHA512 cb5db36cf57d0930545c559db6dc11d4c0bf5182c5a1e2d207d5665f543120cd6c97d86e08d4cbdd885a6b32c0f486e4b147f40f1039b971d3163a63912f8149

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ff8280866925ff69a56007a5193dbbfb
SHA1 1ec97af2751677a89a4adafc015f9bb0856d9df9
SHA256 6c7495b1889b7dfec14457c8d51e78caca8c921d9f685b3d1d5bf98335a24b5b
SHA512 8c92d4141a88fe45bcb09f9ccb31dac169f609945912ca9dda9d89848b7c7cc55bd5b4d78164efd70f02e783ebffe82ac48ca8ca85a2db587a48f1443d7e489c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 5acb3f94b803eff09a0afe9182d10175
SHA1 f451d68f2c0726a55de82d696bb584791fd26e8e
SHA256 69e3f33b53980f4106eb6fc17400bf35cef963cac6a969b8e1a1c06924838255
SHA512 72f277aebe8b66ba5fe11eb5fb9056392ba51645f0cb34ba03fe6340c42171a011f31e6e13ce72afd1335f5e1414851520cf48218b87a5eec3d76e6e7d197732

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 d975f540105b454253430dac6aa55e19
SHA1 cf993a583858ca0eb9482fafe5619544aae0267c
SHA256 54b171517c9162699b79fbc4e367953344ec0123ce89908c82b0636376f702bd
SHA512 b40be941d7143c595f6afd3d847a1e9087cc6f9dba674e8d2556fa4e44b9c3eb8f701e507210493957b2b74500cf363cc7ff58088abfe9461048a2e439ecf66a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 64db2496f52ed552c674b99739551cc8
SHA1 ed8437874e1a0d6e5c48e0d8202cc2570bfc7947
SHA256 90a14ecc804d8e95b6552f441f4c20add3dee96fac253cbe7148f2dfe5c78b0f
SHA512 3b3b92d4b616ffa7a27ec23adf6dfc0d9aa331c586962fd37e7764b610f106a3b91b223c2c8d7d17ec13fdcbd6c32dd9c2736818370132b4fbfdf618c1c34259

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 91f0471bdca06dcab1fcd666974cad5f
SHA1 7634dc6c163f23c6da9cddd149e7ff08dc0b008c
SHA256 5b144671aebd2b84a3378293fd28555358872227ee161b05f0fc1a3713fe946b
SHA512 574ccea26a489c8736b27b642c29ec152aafdc4c9fad6aa5d68fafbd5fd17761a0087e9fc75fb7e28c8be251296e340b5e69a7b92d30c27513952b0c84760165

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 2fe7cbb1fc1cf335636072d759cc89e5
SHA1 369eb9781b99a4bf815f70ca9bd83e099c20e89a
SHA256 cfebf487a6279b504386f09577b594d2b01498a482c079b4d3d064e68ae97ec5
SHA512 8b99e0c47c94e78cabaa916624766851ed4752714b7049a19effb018f3493f0889d8c38d31c406484494829464e5d2a5b652268bb369fc4125a164945db0a3b1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 f0caf305e02defe3ad5e05e4b9d30ac5
SHA1 ce08d85e74213adbd8c752f96cc02b5bed000b0d
SHA256 b68a5cc4ba226768830f723cdaa01b62198586daf0a856b0500a66acc0a40244
SHA512 5b419eed904fbc98d7122b9ddb8b30d656477322e94e288210b358952b5eac4cf8c1a0d37e663bf5e209081503308d205318809b38d79d72306291d11e198721

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 56b21e788593cd96c03740f93031a07b
SHA1 037438eb39c7ecb493d4c672e794b9f793febe8c
SHA256 2431cf989082d697e00bd7cf86113b7f01010ce47eed58802e64f31d90ff9264
SHA512 69870074e2d86a8ebf6a7c0c3cb210312d36244556610d879996cdc2ab0d0e5e1f333794d705013c561ac0b1e34b4908628958c9c01113102ec9d1eeda1d0795

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 17227255d24ba47d517caa638b00fb7f
SHA1 0a35001397a2ea360c0f027322d7cc30a9f5ccce
SHA256 5942f946c70deeae7968560d6e2e52495eda129a093b5325d4977311c5ff85ba
SHA512 fbaac274fb2b365a4b3cccf8a07ec278f4e65df6df66a3e38b8b1155ca7ce9e5e291b2abcdc5a6b3bd928ff44c294bf72f46c97ff1f6745aeda97e51cc0b3e22

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 b1489b90fb4d9ed3df4f625b628cc1b1
SHA1 9f10f10fccf54c10bb187f7e9f590199892dfb1c
SHA256 543a96e4da5c8d9f6fc7be42f028ca17d7e9fcc6ca8bf6d596d05c676e57e24d
SHA512 192166141d07cf601ac6f79f5d8bd91c6155aab0e0575c17e97ef123c7d18627c5e95d8f7af443c08855643c30bd7b94cf6864fff83d5f4765e516e1995e0a0a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 650e4d165cd72b21a50603e10b45f812
SHA1 b7e383739381c5fd4b3aff1ed0910ec259d1fb91
SHA256 6f66346cb84789c338e07051ca5c7d78fd363c6e82494fc8c76361c56cf539df
SHA512 3c6b463402fd65591e9d38b47ed239024ffd6016b2f728aba85a7eeebb8962b3ac6188af78596e822999d2cbbf99402c589fe629f9362a5e0a07346bfc27fac1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f149c0a10a34d2fc374221a301571dda
SHA1 360e5a9e68f84dd99bfa388df06cd8e4e3d1e056
SHA256 13defbe0d7f44eacf06da7426937e93ab8e9e26363642ec3dbc8445044ca99ce
SHA512 6174ed15b74c09766d2364b5efef4f165edd3556f32af3001a9b095ad5163ed822bd71e0590fde94c8d567b146ad6b666524db0a500bbfeea10f7ffce613705f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 9b314c8275ffc97cde5381932ac78559
SHA1 20ec4ab1358db796ce35887cdbe8e341f2a24361
SHA256 05add3bb463b22cdb1dd692ceb02835e7efbcc0252e03955c76a171f67c7ff7e
SHA512 5240292067289dd50944bbe9cfbe56a8789f90ecfa82c752d71e54df23e377283516c05c72d59d7e5e418e2d9f67023905ec737dd45c8bd14dddbcea10fe5cc0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 8289393265daf2ddb32cc2fae262ad87
SHA1 e34d0e130322a2a10d91d29eeef04635ed904496
SHA256 7040a061d370df4ca9062d05bb38d3a5d38c8ac8b14317dff3d3301dc3cccfb5
SHA512 ed0fce456a7736eb1b8d76ad680646c06846065fd90e44fd5824ea748fa329e3c332238eaab3c5271f3c7fc569e2ad336555106cbd2d8c5c4b68276c8b9eebfb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 793404abcb24b55a3032596312d20f02
SHA1 ecc7c0b6a97bc1cce596d36ce7286a3d95363597
SHA256 39d7b6f24c0f863afb4ed422a54c773f16fea70fc741aee43ec017302ea55df2
SHA512 df2a6dd0d07f2c8ce96ce1001a450e0e43c3051486d39cbb6e701bf762bd5fde374d1338b57de3e8a6836799318aaa2bfd15c36ea724287c01db97aa048334ce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 b0deaba7e2b9c355690484bcb1f2d9f2
SHA1 a147a8a2a7cde5582acbbbbaf2cabf2f4e84f803
SHA256 3eee4fc6a6975d1cecc3cb83471b4be95b3097102f8b2f097be0d14a9fd004c2
SHA512 aa0a0e8d7c4e0b006943018cb52afdbd48cd0d21c7d52319e8d054bfc5b9def393d68f49812ee8bbad2c97822cf587cf3d8eba4c251ac3b2dacfb0dc25ea374c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 d91f847b8647331fc078825480e177c4
SHA1 bd71c289599e7427f81a2bd693d4139ae064601f
SHA256 851d7bb2870d31ca8814e58afc3bf64fd01f1f0286979a58e891e39a5a09cc6b
SHA512 351a1c7a47707b4f5b9c87239c06a1b54e871038f17c5d79898706865fe62a3490a573f7a01160f27196f044a9a9d5002c8198242a945cbc9dc83ba7b27fc7b9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 acf9b1a4a8a48f596feed0b241b283ec
SHA1 6fe115cd37f041d89674a5e550422dda1821adcb
SHA256 9e8462a7c81654121fb1f5dac208f13af54c3cbf1baf5e56d9c402923e64d6d5
SHA512 06eae94a7e4ab374ae632b94c775dd57272a6619ebaad66a1867d33ba8561233fd8731996e7c14cc762504c35e5355e5da0921a07666e1207ca56ac204660f10

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 dfe170453ab1eeaffab51435e9184e92
SHA1 dbd1f0ec9b924cf5b598a335295086bff68f5b7a
SHA256 0910817c955b79460e055e23c49f4a8327e135989d7137c2b5acaa88b41e65c7
SHA512 3841dcc13039224eb4cec4103419ffdd8908b065481f4947c8abb2cf60e6f9c92afa90046a8bb97f99e0b885cb35f0ec027a04970b03a771b938bfa7e4a77e9e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 541db7d69ac9fec242d3c747c51f5d0b
SHA1 1f5d790fc08554a87b5bf367db52e0041157c330
SHA256 0bc32d165a83cb4ccf01f8244a273bb732b769fa33b9c194bd89d5703fe5eaac
SHA512 5154cb9eff96100f25688555e9aa97f16e97257551ab018799ba501eba8cb941c142985a57c3023f4d53deb7fda2eb21d905ed3322527233dbf5aa891d1c19d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 ade8edce50e7d26af06c24374fe7caca
SHA1 2921f5ce4123703bf87dbc98731f451c71a6fdb5
SHA256 02585d04874c3df0e7fe8ab933481f0b1bd3c0bb713e42b4eb0f38e06cbec193
SHA512 a0f37a1d7636a4858b5b5b6739656ffff14e30b720e2beb09df926fa044b808cf25ffa2b4117dd6480eb7e350396fa785338b1d82085c2620521e9dd3baa3c8c

memory/4324-10425-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4324-10875-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 6998bf3ac1a0a32f29537621c95061e4
SHA1 98228cc4794164d09aff5c3596a249739d7e5d7a
SHA256 9237896c4504949790ffba3839204cc4e243c1bdcc5408c1a6b5256aa0e89d2f
SHA512 8fe8946013390ec2ace9a50121069528c1a7034a78eadee5581666cfbdd0b70f90e5e800dc78520f26543a0fbf73a7781d1008a74229b4d2782933c0df98fc93

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 43bf6f32c16e9a7d6940786b64c96b23
SHA1 408ca894b6f5a148c4596b91b969d3cce2c51bc4
SHA256 7eaa4cac0d6f6759c93fa0d6374f093dc115d2e527d02b5b2de1444a0f7518a0
SHA512 1da2b77be56fc3ca54d6fa39f85c61a8594e73b067d06e5e43cb50f44df98d3987342c439a29bdd9d8586a066fe4ec93c060d563163ab9dd9d635380ac287533

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 afd2c2ab87d79db056989ccc47e1855c
SHA1 926ba809b5d287d254f2c9f6889e88b182e11767
SHA256 5b5a9d321eeac64d6a567682136c51735a56c1bd559db4fc5fa54ec8792beabd
SHA512 7aac0d164fabb471d3f631e667a712a8b5232f65566b650cabc299d497d93a93bd76fc5f2a18951580a9392a6df6693ef05904623fd90718d25355716f2b2dd3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ee1e3d24c0dc9942aa8a7cc342fbbd88
SHA1 ecaba5a2a58e32db50d33bd89262aa2f6d08a7ad
SHA256 86709ec682a37f41e10e3728e1fcb757014b059656688c722a730cd4939f219a
SHA512 e7ed4511fa39535c3ce6ef911c712e3013ce71cef7b8ea42166a8c8326f57d5d87a0e24c68d015c2740daadb85ba59f2c0861cf74f93a8b37d7ff5ae1cf580f9

memory/4324-11202-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 3950db5bfb723f7f35d45ee154e68c4c
SHA1 d8ab41496a1e53c5d4a3ae265cee5878043deeaf
SHA256 6bd81884c4e6462c0f3c9088e4185014859698c9c61a3ee71473fdeda7f47af5
SHA512 7e85f1e986155dd5b1b0f8ce4ac939cee841133483e7ef3e368e62f98c407a28c92494e99883f9fc8ae5887ffb85264144995f66ead0398e83ff92861a64edea

memory/4324-11207-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4324-11210-0x0000000000400000-0x000000000043C000-memory.dmp