Malware Analysis Report

2025-01-18 20:37

Sample ID 241203-shxpnazphs
Target bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118
SHA256 87dcfd522eef81f58e0b18db800cdd28562ba537f1d00bb48658c21e68521a63
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

87dcfd522eef81f58e0b18db800cdd28562ba537f1d00bb48658c21e68521a63

Threat Level: Known bad

The file bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2180) files with added filename extension

Renames multiple (2203) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 15:08

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 15:08

Reported

2024-12-03 15:10

Platform

win10v2004-20241007-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2180) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hknnpceehkmmpceh.bmp" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\az-Latn-AZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_should.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOn.wav C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-300.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\pdferrorneedcredentials.html C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_10.0.19041.423_none_b8c6924036b7b8eb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_117efa1a2f1bcdc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.servicemodel.web_31bf3856ad364e35_4.0.15805.0_none_7f2c9ed6201227d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.UI.Xaml.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ctui-resourceswin81_31bf3856ad364e35_10.0.19041.1_none_d1d99fdd2c96dd2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_be63e2bef26b3615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sysprep-spbcd_31bf3856ad364e35_10.0.19041.1237_none_918aca913a4eeec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_73792d943d17e030\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.84_none_04b8b1491897f94f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-homegroup-listsvc_31bf3856ad364e35_10.0.19041.610_none_4cbb0d74d942a05c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_396ebdea411b7aa6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_37c7228cf0c127fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-computelib-legacy_31bf3856ad364e35_10.0.19041.1266_none_2764be90dfc8b6df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.546_none_1e9fba3daf5ad632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_10.0.19041.1_de-de_cf5d267b8d5026f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.1_none_4581ce8f1c77898f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation-mfsvr_31bf3856ad364e35_10.0.19041.1266_none_3382f3f0703560b5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-webauth.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8a497bda6f9780a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..infrastructurewinrt_31bf3856ad364e35_10.0.19041.1_none_5603222270d30223\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_10.0.19041.1_en-us_770d0a8c34750d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.746_none_07b59b67e21ec38b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.1_none_28b372b13f3b8178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.19041.746_none_6e820e10be700e9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_es-es_e2d407b3504fb761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-portabledevices-winrt_31bf3856ad364e35_10.0.19041.746_none_a2de9eddb7b517d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1023_en-us_e7d5a7ef6b22aa09\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_88a49e5c212e0750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b46e4cb2efa5ae9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmiso8601utils_31bf3856ad364e35_10.0.19041.546_none_4ac1b0d8ac60bd3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dpapisrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3d4f0e8a9e6c731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-simpletcp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_521ac1e26443d289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ngstation.resources_31bf3856ad364e35_10.0.19041.1_it-it_3e052388ddb7d547\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_10.0.19041.1266_none_24de6724f74d3ab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a030df5a5ba3a4d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.153_none_692d4d323b980451\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.264_none_f136bcd869745605\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_usb.inf_31bf3856ad364e35_10.0.19041.488_none_22ab75752a645476\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_it-it_76b1bc9518abed32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msvp9dec_31bf3856ad364e35_10.0.19041.746_none_391d801f7c759df7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_apo.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_4b7a013e648bd3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0003041e_31bf3856ad364e35_10.0.19041.1_none_a7f206cc00d65eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_60746ebda8922d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_chartselection_clear.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tion_service_iassam_31bf3856ad364e35_10.0.19041.1_none_31a07115f317ca01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_10.0.19041.264_none_b08e3e3d06047dc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_f1bb526772bd59f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-user..diagnosticssettings_31bf3856ad364e35_10.0.19041.1_none_75831dc844e25968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.1288_none_476515abb49ecbcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peertopeerbase_31bf3856ad364e35_10.0.19041.1_none_21c94890c5647051\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wow64-windows_31bf3856ad364e35_10.0.19041.207_none_d60b7878e55efcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.servicemodel.channels.resources_31bf3856ad364e35_4.0.15805.0_de-de_0df4cdc07553372e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_10.0.19041.1_it-it_dbe59fe5ae70cf5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6225b0f1880678bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GYYYMXEBVVANMWG" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe,0" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/4732-0-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bbf8ed91be0e18f222cf55d9cd9127aa
SHA1 6bda96c64ac95bb693d81ea75b2ee16501bfdfcd
SHA256 27ef715b6bb915cf94ae427115bfe67b2ba4f160ea2c1f84fec69b7063425f4f
SHA512 98d8a2b2cb86e442631d5e05b4e3d94d8f3909f2e290d609f1a7dafc0d4ad55c49283965dcdd0c04616484cf982359092f5f3f23baeb2d8c84f5240f69efef5d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6cf8f9dba972ad6ee2299dea2774ae90
SHA1 32418a820051e0f124f66146e007084437fdf0ca
SHA256 fc89c83d3f32dd83704ae04a46699dd541c804bc235242fa6339236c87a8f660
SHA512 240679f81c3914eebe26330bb7c6e055adaf42a4827f6a9f1ae19653a52b5c24b23d9c1f49ffdf026f6639c81dfa385a367c12e3e7580aade2a8451c86daac46

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6dbfa4cb68ae20f526ab9148b5904d27
SHA1 c0b8ccca2c74953401eb003ca60e3018a99c3bc3
SHA256 d53e49d7c32bd353427832c5269e575523bcefed7f281e5b84f4766e04ca59d2
SHA512 d9a5bb01734e728d60e5e0745661bbd78ecbea6868587032c3bcd24257c01bf4311dcb38a4d752a43af81531d2f4c4fcc7fcd9c42736a9ade15e5db37bc265be

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c62dedc3fc7640850a80c04ebce461a7
SHA1 77f62d225a1197a44421f9b9b9a471595aac4456
SHA256 9b10666ca61409ba983a2920155f81abfce5808c4d7a2b1789bfdf5652d304a7
SHA512 409260b16a62e96a892cd2faf6ba00783e6a3df6030f0373ddd7381d9380da3fa02b92c9d4e5d11bca872a2eee8f970ad52465bb6f20f332037062816aa258c0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 4f905425ca598d97f4bff1ca0e7921f7
SHA1 94d06551b5a1a996b42b5f21c4b59402d0332409
SHA256 6629856ee9f546ec90148f0bc2b1d3f4b2974c6782d7240a817738a1d4135072
SHA512 97a3d04261c5dc670148adb38d4b24bf33ea58999b8c6dd624bce808b5ab79f002ae0591295334832990c335f35339bcd3f6bbda2b5ede70f00bd0d0953a5cbe

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 19f11426fd1c1252869fdd54f949f0db
SHA1 d112f0d23c55839b97e0b239fabffb3d0e8c1488
SHA256 10e8ca8cfae9d1b5753959976e40362bc2985235289e634e1dcde191d68932e8
SHA512 b4c897ad53551fb5f8029e4a670e3dbb3f353b679b76f3595f91aae137a2cd732eaf46634b05e98aefc425ce8d0a5b40543ed24922a0b1995873e548203fe39d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 bfb7b4a34586bb38b78941630fedc91d
SHA1 b8569abf6c4c8079fb884a2882742f8f4155c1fd
SHA256 74dd6be73dd19a0ff1b4c3103c14670e671d75d7678e5d5efca8b3410fb06a63
SHA512 a14efc5a642ebfdb3a57b65073fedffb695261780388216033ca73f2daf8c5c86a1a4e7259f4fafe2c30400b516fe807a7f34730b40f4688226491f065dbb209

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 17a8892ceac337df194c6f50fc6737ea
SHA1 124452f21eefa8c2203b9f7b4ceb4f1836e7b1e9
SHA256 d1a3e0c1e298c963e6e65e42c3a3243fc9bf36ae2cb8b03c4129af63c9260a15
SHA512 bf5c232cb4388bc11485609bf05ab8a8f4b744739a77b3ec1fa3056da62accd5ac50d62c6fd4b58db0a4690721aa5950ebeb42d7d34e1ab5b869c798f5eab6f0

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 cf67d24475f76fb5ec3149399d9a8f5d
SHA1 3c7ec4b84d2801ff653b96c6ba2adca086f235a6
SHA256 cf67dbd18a0de8f92cc7612c8080fe3946f1bf0a9028839310a3784d163bea2c
SHA512 f1db9d1b8f194e2498a864e8c4fdd9e17ae650d60064ea027c2665906c11f7d48949ce0652ce479d5a26fffcf7de1457bd4e982e1e627ec7a737ea3bee4e840b

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 206fdcdaef3c5f2546235c40ece7ff0e
SHA1 b9e3cfc041f81de3fc78dc351e6958ec3ef095cb
SHA256 1f534b0c96d9b191984554e69bb370be31b9c9c57f095a09ee3ee719064cc96d
SHA512 b4fea51750e41788ec861f80a22ec9a824343f90f7f107c43ffdd532bbeaea033b0e2bcad9d25b289cf3ef6ac1ec53bf8812d1e849c0ae0fd150db586e3d64f4

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 e24d85312568c2cef6899416e9b0206f
SHA1 6d0428c6c741f490ae59cf02d842500d1c80ce05
SHA256 7af92df7ecb7622037e9fae051cc3e00c49c2ba37009b054340a8f23e06806fc
SHA512 427389f8134d44b4935892169d00ce3733e0149ccffa4cc1ee3565bb0f1089fada34a1c005a4b8c20d79e010b453b47addc8123ca32bdcefa9d2eb59267595d9

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 99675ab299be9ee33a8af0757ab5a25a
SHA1 f85d2778707b8d2252bbc1a60b5f90a17a024e26
SHA256 c245db96aa9fe8a093455f5b9ac4ee670623af3c7013e0b7d35a6e2afb12f105
SHA512 6beb24fe0c40232a5d4c66848ba81bc00ebac49945adb304d19894c7d9382b6336bc629e2ef86a0a5ffdb6c333c5ee236028941ff230ba850d136dd46bfad0f7

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 62a52023ef9f3eedfff643102dd7b9a5
SHA1 06e0b566a95f9cd82b37c0a498751911450bcbab
SHA256 9249de14a71bd2a02d700d94120fc037d13dbfbb5812207642a79dc8a6d7b8ec
SHA512 6b9c645a6dfd47b780db9891335170a295fb3fb901f85940629407c1dcaa15b402036ce84e16c72ca90f902b61618a65e414eb54e21c7d2fe907c744f398c63d

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 732eb554669adf0332856002ed934651
SHA1 bb91d5234851a432053d52cdf8a6307dc1b933ff
SHA256 012df16d8bdbecb01e3cf4646374c0bd09c0c9cf785106d1ac538d40275a258f
SHA512 b1796e19222658ad84ca22dabbbf3a301db5ad8620769f61adcc5eac6ed19c39ba4971255e5d2f1d820101a7b5ce25ac21d14792841f96919f12d4a1cdc9e029

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 bbfd84067d96aa1f4881f84f09ce757c
SHA1 cd99422cf698dabb1ca59cd74bd7da374639075a
SHA256 7487fa3e6a600ef2baf7fb7a575276518f76c9fca438962c878af1b68ec18598
SHA512 e4dc9ae13bd4d46502b4a6c01d96c9b00b67e1b74b18aae8947e48fdaf138cbc74fe81d4db50a5e78bde60de1ca74d83357550d6f5a5bfa8faccedfc99509233

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 56cbe95568240b3ea71ddf4a37db57d8
SHA1 03d4d06d293f7aa5e12105c023c7daab986c3b9c
SHA256 62993084714d3fc774f84bc641fe10bb408b871f1b409bd726bc1704286ffa80
SHA512 d96fb38ee16be3f28960756847da4b78c6a5ae4f06c6c6d0b466166698d483982a4e9777123b2171bebc5114c094c1e74f61c6fd624df55508d77959f032d8e9

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 ef2c5be329ac6b1610bd21ce4287799b
SHA1 81fdd2d6de98835d613f050c3a51e38fb8dc69ab
SHA256 e8dd5909b7ce859b30dafd61e6dfd5a0e3fca4a1f54a3cdab9c813e8d37e650b
SHA512 f31c1d48e1025dee0997cc5e4a71878719bfbf67a20de2f68c804da0896a362785d50aebe85ce4564c533fc246bea2812a502f200e4c9b1646bebd2eaff5bfc7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 98f192b6384a01965766e6bfb8218456
SHA1 4248214e30a777adb28948c8da7b99649b2e7252
SHA256 8e4690568e0c4ee4c908c9ef1e78a6ff45eebacf9636e7c660ef58cb74c04419
SHA512 7d323da75034e629fa41985a9706ce7debc58251730a4166b124691872af0a452a586000669ad7e848745619fafcedfc51d9189be1a4c7eb72364086c00c6f8a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 4352fb51f7a99d5348830205a98821b4
SHA1 c416bc91f51a789695d7d34871eb00148a5a3a2c
SHA256 d9c541a0a44fe3b8ae1b9d015079d1c217ccbff660be1489d5fbe42b9b37046b
SHA512 7eca85c9acf4388747d8a3476a602b4ab2161ab817f27d50adca3ddd5d536083a7b870f748e1ad579fbfa42c6599813fa37c77477a2f161f4e3374a18f48afdd

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 9964c8a8970fb301eba3c8a94de7a1a7
SHA1 ac3145c9d2ed873ec22db3546f480ec90dee0736
SHA256 e7bf1cae55bb3da42e7bce125edb633b1d5c82937c42baf159b6aa0ff0a4c726
SHA512 d7282c60169619de5ae3ca482b34e4cfc824ba6929dd69a5b5903f0781554401ba4ef87e8363fc25f1857e365febfe43987c07d122f164de6a1fa09414ae29cc

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 cc89cd572f4d40dde4a47d8515aa733f
SHA1 0bcda07e2b595ae8509bcd61bad3554b12d526ba
SHA256 9a34400ae69e395add867e66db715e8063f89fdb892f995635fc56562645a209
SHA512 74ec3050fe0159924702eb4493945c36cec2e021229e83cf4d19b762e58ff5414a14bcaf8dce2e929f03be411c44323027813247c8b9625b400d1ade6e50e3af

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 162681cb19cd216b542f1444c3b546f5
SHA1 0ff4a0c1a11d675f89f61346a80810fd39c440ba
SHA256 6512b9737245627ad1812b24dea8a04bd71ce6c690a73d7892bcf045f601b894
SHA512 b187b836cd7ecb93b1115d295d21e527d92c42e5fba117b31a4e2ac04c51c24022c5733c551ac218b9ed86c2db249ea79b2f7040e37d358e7226e652e222492b

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 d20bac3a39ba115a521fe382d196d67f
SHA1 d265bd00745fd2b46062d5e699505a5d846f34ac
SHA256 c0086997e287259d5680470fd5da81e2d08a0ed3f81a6906538caac84fb47972
SHA512 3eaf993c22c6bbbd40118e47048b90609f47168dabb8224add0053007f0fd5b84c11e0c3e60a532d85f6f91b2797ac9573f68194e7dd301b93581b25a91b8771

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e13ab7bc04198a1e4659038c6fb91f39
SHA1 6b5fc72a7e8f4783f4d82decc0a7e4b0038087fc
SHA256 8f4d78e40d8d9794fbec80d7b4ab179422b19d0ff6c2a9836db0c1d340304344
SHA512 0cc0803381815106cee8b182cef307df1b9c1dc1c9c7cb8584b3ec1e6aef94ccf22ca9bc2cf05422ba43033b992a70a5b3186143e1677fb91b61caa7851d48fc

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d5e2fda1a793295d417c60d8ceda224c
SHA1 13f5bd5762b8905398f796f7ed0142fa22531620
SHA256 695ec67d93f1f4e4192d2f30fb56930a1713c3bd5394b8d4d00a4563d771b94e
SHA512 4c3ce6d0e5135f30d31f30181e61362a3f97b563d68de8733797c85fd6c7e26a93279f3fdbb535fa7fc6795eb8527bfce0c2becf154d2dd6bbded50972009910

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 cd6cd4bde006b64b708cd3cc32fcee23
SHA1 bb0aec07fe3498316eb226131c1b9cff7bf189e7
SHA256 cf597fe0b795bba038af508d17131d058a2c58277f86c306bd8342c85e53c298
SHA512 249a211832c57579872cbbd572744f95f95996b8c1428a850882542a6b4b24925d76b47c600b3d72de909c193a20c776a9cfe3c75959fb3d44aad42807c15d98

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 57c14bedeea82a58a2495f2c7458539d
SHA1 d5b5b5439d73d93ce411dd904a84d0bd829e5cf0
SHA256 3ecec3e66b222c80f4573c04528940cb10c63c0f672b9481a75f2fd451373ad3
SHA512 8d370f911d59603883111e990856d3843aad6d3b123e44edfd651dff11467de4793ffe7652a27fd532bf5312b45e791137d91fcd1e0bc8b5b189190f3d24d69a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 fbed4bbfaead2b9e04f8e42b0383cd7e
SHA1 9a9b93a9c176caa13800e8828afbf9716de403e4
SHA256 6fe2c2cc7e96456f5042907e05c4d5b636a6790905d3bc94e2151f940ef3308c
SHA512 56f5c1e067fef806d6198dc27550cd0d17d905a4a84313deb7f24d2cec44f8d3c887f7fc98dac899528fed77c3ddf72743f7ce9570674455dab49070bda3eb8b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 29513fa04c287f378c8cb225e3fd6528
SHA1 10c85102378e26dccb09db002c91e9aa297c0dbb
SHA256 951d2fe26181871c95610c4b122b08d8f54f268e8882648bd9f24abe9d498453
SHA512 cfb5af156b6c40989890821d086b2a6b804c813a83fb5b36cabc2d36c818a9531b54c3b3de0f765cdeada796409559777e877ce9f166b7194922aab0dc397ce3

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 ddd4a0d36d9357fbdd41e5117979a2b7
SHA1 e7d28641ef01adf905c9fa14be7cdaabef2ec1be
SHA256 7fb99e9966efc81f077d85746d525823eb2479cc26f9e90608942bc16decd4c8
SHA512 3f2b8c4bad2a4903ceb44c98e6b7378d4e9945b61eac7b705ec1b2b9f4734eddb6b6e12d27f6499694c4f6e88bee31cdcade3aa9dc723bb5bd3cbd89f618dd22

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b861014645771db61c8e2a00619aaedc
SHA1 342f292239d3fa7cfb05c071cf1a78cf166eb6a4
SHA256 43411e5b503ce5a0cdfe8b10e2d4c3c500f547a8c9577924a8b4f54b1bb72f22
SHA512 6ea61bcd5151684bc2789eb162ea39380bf5cb47bc161b952e4fee87b4aee72bc3e5a7915f8f0057408850563ae0722151f238eb1382ba25f0956bafc63fb4e3

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 0b164c641ef3ebc78167df1c1287c058
SHA1 5a306cb442732b3e45ca12465620eb7c76ee617a
SHA256 3c17a9844508214a2cfdb5e69fd69423b2146675339988569b8945879d6bdd46
SHA512 606b4df76273234e7ad429eadad634a864cf1a8a04377c3055c68810b20a80cef7a808a681f29dae9e5a702fa44fb74a9b2466ee98db3f1530ba9ff8556a0b97

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f89f80995185aeab8e61eaba621b8ed6
SHA1 8b7b40b8a3e8f2f03a7cdf16ad7b7015858c0c1c
SHA256 ac805eb55a20a7da05f333ac30cad961cd5ced3198128338f1900fddcb7d79c0
SHA512 86ecbc84d2191626799391a5765760b45b7034e1dab1c663ffa84eb49f1517cf2e3dbef499f75092ecee829cff4fb65fe9ed188c0c7adc65852d08d2f61b2651

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 bb7e7dcf1ca88bb355c78a9231ce8871
SHA1 f0d07240b063c2b759fe46220bc1e7849c877883
SHA256 11b2aa57a7518266782f9cdeea2b38a6e6cbff5cfc7a248a278c874a99b1f9be
SHA512 52d830d2caa928f5b78178e3503fb502d26b9e3cbc43ed0f02a6e296a5fa74384746a547b51cb9883efd8685926e7f51615a052d8e7371120ffc50fd4d49b77f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 d5db365dc3c94dad8d17ee393df37bc9
SHA1 cbe6153b1c718b381eeb5c53854c1d437b7e066e
SHA256 f831186540f15e8b3f7b3f213ba10c104603f5790d545d9ea4fabc2ea9bda982
SHA512 cfda488bdaafb0fd5d210646ff83e61998bf1cdc2161d1f3c6267f73de483b0ea17a8fde72fc13590698bb4c1383b0aafb98d201f2b69d3ac646c4e57ab021dc

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e3a2d4f44810e46de53152fedba880fa
SHA1 457ef5125cf7e58e00f0a4f321f0221729e5b88c
SHA256 03c2a6f276a2983fd25b3580b513590d35e8413be8b27389213053df4af70005
SHA512 48db286e07167dd5ab570ccd61ff441ca14b55f8c88594896c573c8f07e369d49ce94decb47ffeccf3b7c754fab0bce67bf998d26b8b49e75b93a1bd1b55c573

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 fdcd91d51c5f64d212fab906b45b00fd
SHA1 d1eb486e0c5b2579556be9cde92ad0aa24f4df95
SHA256 f5cd6c165b017cf7fbea8a312052a355d1ed5c7018f86c35730f4afcd937cdb2
SHA512 f612af66d61e3009d781a4a98c89ce45841e2c6ed0a4db23c974021cfbd1684345f14138609e4a7d55cf1fc563de178d1f694120631eefebd526d7289848cf50

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 3061988008e4c67c083b33692a425159
SHA1 88ffea466c19e1f5f6fb852589a0bfe137ead84f
SHA256 3c936ea4a095f0776801df77ec091cf154aad7b2132d602ebc85b64c2f662847
SHA512 5a4739df7514d2b050f81d40e201134707467dfc6e7590b28c79ddbff0cc1c0dd92142b751643ccfcf504242256a6cce2a2982ce7b7c3ad8e341e1255777b60b

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 c856f736b017d688ff118c089de78f84
SHA1 8186bfc007078aba47000332dafc234db976bd36
SHA256 00b0094291bad63be348918c2e38ad80e03d919a186f1191f50d66a4831ddf0e
SHA512 fa62e8a87454fcc40b6439e78f468b6dba15ef8283e90d36f37f243e02de4e31050d51fbcaf886c0258b87479c642528083e32eb9b98b0d6e34bcb90b94a4f6c

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 dc6ccd9bb5e57105b83aca535cb273b8
SHA1 d43eebca637259cf1305bacfc8779294ad290998
SHA256 1da03b7efa4ff058dab2377a10ea3cd2c1f7a914e5d9ebde05c27efbab31236d
SHA512 c163ae3be2af712a937d5df8b6d8680a92a519202ca35d6f04dcdaf35a2d6bef8d43ea021f93e3142b31284cd03ad2cfc8ebc921a183255a7a0a953aad5dd06a

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 6a990ea0a0397523f0022a6a8ab22e35
SHA1 b3af54ae918eee6b6487c55cf2220857bc823a6a
SHA256 f9a61280488bb6262eb3418ac07ed39c14b167b56c1f6ef69eb561fa02e1e7f7
SHA512 2b28b1094b590bdb04979013012b5002559f30bd93429f8b14640176e88a2037e73046c718b130f1932af83c5dae558a081d0448e6cdcdd7cbbd03a05483196d

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 d495353d728f97fdee532de86620bc3d
SHA1 fce4a57e7e6a8b2196729d49059c0969d363d59f
SHA256 563f1e7b1541fe60c0adb428e94435f5ed0ea779457967f62b90252056b785ab
SHA512 0c28bec547d00225bde1ecbc477b41e5060d5daa1bf7c82045956de0e56d3e2c175545c376e00c4ecf4e035d3f849cbf7557247cab5c56cfec4a8a25ae4123a4

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 6dfbadd6136d3ee835cf3686af40abfa
SHA1 c36b06441fa71b0289fa3adeaab79ef7c9254399
SHA256 8d650a07d5ac2697c99e22d4e4f2339ff981c66b1a73717d20a0db53a5a0d661
SHA512 7d26f661085abee41aed603d3425d068c835a04a2247b39def69966c01c5683abbba094417459cb329cd3695aabb7b18023a034cd9d438c8c472a54c18f0f0a1

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 925a6f5ce90b06f0066867e3c94548e4
SHA1 d2a72197f48814fef3b6045e1f25524207649af3
SHA256 bd4eb14cacf386df94a68408c7352d23bed9f4d5931d16d4b114a2a804162285
SHA512 5fc343a19407ec95179ace7063f02785034144fb3b208011d873d364215a44c89b886e87542ffa05fcf4a22718ec133f4021e82f0721e69bd7b902ab5fd3ea23

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 4ab9ba1501897bf39456dc7bd672ebb6
SHA1 9af074c1f6ae05f167f98f5c284c09103193571c
SHA256 e04c88d89d22eb72e2dbf2965f1ceee76cf5acbd3c2d30feff6ccb40c7b2c770
SHA512 e9f3fabe4052971eb6a336b4105c049665debceab6e6b177e304da17f1cf39bb2f58ade2c148cd8fd3369cfd706aa95aeda743eac79ba158d046137250acd1a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 6379fbbb950a23c67cd9a67e9614ec81
SHA1 8fa8cbe7aaa439a1afe885ebe664d520fcce40a1
SHA256 6318c48a985b1793086ccfc94b73355e1a58fbdb05f3e9f288d44473df2abad1
SHA512 7fdeca9fdf13e91833b6d04ee90cb0bd18cc5bee12c0af3b5f539c2fff86a166d8592d1ba25768a8a61ec79cdb4540e08f11b22cd523c3ee5104ceee5254c0c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 631b9372bd89b0bcc32df64f5084fb1b
SHA1 a2bd87d6771f775f4702486fc3ad1743f1ac98b5
SHA256 79004f77f38bd7b4c8d376fbb90b36d09eb66f9ea20a62edafab0e17677defb6
SHA512 2724788eb59e6d6ab5998382846a1b2f4f49dbf01e76411b7087916d9edab2daef67e296bd44bacbe63441ebd75c1b7045a3a0967dc023a06c6827bc56981810

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 debc4966b3aaf3d06cbfde55c7424529
SHA1 b43bf86d580f3565956ad01cdb19dd1cc25c2232
SHA256 56b547092bf40705f433d7a5e19bb59212cc96fcb2a934449b600806abbff8ce
SHA512 02b163442fd889579704cef8950be78b0778dac63fd7bfecfd882d7c6b42d36db09e77302b10badc1fd7422f6d6f52b35b360ad0b080feb29706ff1b0950589e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 69869e3a716a740ad92e60ce3458499d
SHA1 3eb9028822f57e5cf82d6db30bae8eee822ee8a0
SHA256 4dd0965558ef34b236434bd6601dbc0a54e22c6b077f77f3eb350498c67eb6e9
SHA512 2e1f2b3964f548b76f89d4275091ca0e8090a60ba98634b00bd0a9e8d9de0c10de69e37e653ef6b6d07875c2bd0a9fffd8ac3d7bbabf9b063e09e73a6a497aad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d1ec121675ff34df79355cd0792b61e7
SHA1 df11ba438baa15b7a010ecbec3e71c583f379d70
SHA256 751b9b294514d0d31643c780dca32b0ac0326c3a7b31e5e3087679c41899d3f4
SHA512 5c33b3c175d2662933f86ec125a310f1b68c8c5f3b688217d9973d7502a0499cabde07ff078ea4b605d47d107a1c31e603d1ff5ca8161700c3b9cc1a69a30f33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d2affcbe1119e816df910ae14b23b7d6
SHA1 ebc88c0e58bd5990c23af0c5d18f9deb4bc6943a
SHA256 ef4f1b900faf6ecdae1b8c66b62d891fb680b83a15054db83a6c6e63d004cd33
SHA512 0119bc309a73858aa8d9fa18f7e1cf2f85f86c82b96a5d3a3ea8073b5b42a7d1ba9aec9ec0cc810e6de91beb8b970d2ccd357d2c002139fd25107f9866477ae7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 bfbe0cb41e407187a18ca5bb1b535c8c
SHA1 8045c3ffdae6cf02b7c7a97f7264e5f8897dbff6
SHA256 fa3a587fbab9504a5be771cf34c58c57b76e289df2e8dfee1d9feb2309441992
SHA512 b029a6564bdd97fdb9eb411f64fca637508c87d355b6de9d68faea295cea201ae7d155fda2ab26b4153550333dabf50f2a6514ced28c5918b0dc4cb0b2753dcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 645515775d800d5892f6a660256536fe
SHA1 9ef8128f0ef326a59c5d7e69beba854b7255acbf
SHA256 d37693528c49f87038158151342f40b071a8fc376935af89add0c8ed46aa10ea
SHA512 25ec1515524670f78df03c437079c78cacd63e1f378463cd10fddfb4592a00e2bf9656d6682baccf9e5d86de85aa4ee4d2433abdbff3e44057220ee500be4dfa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 11a6f65eab673966a879477b4593dc14
SHA1 bdfb5b4a36a6b40e2ac3fa195157d64118eaf108
SHA256 9d0588e9306dc2f1713fed968ac7f98c5f52561e671eeab9ac2c9ad93f280a97
SHA512 eb9a1c8a692256c2e9da92edfb207c0f2b7ba9faeec69fd38f960ea927b0761d0c161bc710752ed9609e5bfa83399672c5fe4a490bff4482972f9cf9fc7d3e14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 511c8f8a6645839b1f2b4609c161eb31
SHA1 250e16ddf16dfec57892f5f2ba54686d8c2ad7c8
SHA256 ccf97c6517b18b8e954b21caaf9e98144a95b289b50efca3fbb472f79a0f47f6
SHA512 aacb4f9b6da7183a9e3f31970d19f114c04e11f0032e904a78cfa428c9c062297e486879cee59d28bac490b3243fc99731d602cad1be1edad0a81fa93a1475d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 3d9f36d0880331947bedcae0de5ab931
SHA1 5e4b6ff1b57c97b8d6e9f95eaecc7ee1967d266f
SHA256 b8e45bb6e693447eb2303f345de454847afa8117e01e8b53525481e33f2f36e6
SHA512 ccb91aeb41fe290d8643ff032b4fe6f7ac363380f02ecde6b8d244b4f3287e678526c9565e00d6ec6d7f3d3e8ab1fafb0395c9ca04df5437941e1c31710ceb33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 cd606c194beaa263f4ab25ffa232adc9
SHA1 c8b145766857de8fef9e0f09feb34492fd8cf129
SHA256 f61f33c612f2ee582b0d4c19f2e582ed1de62b179b75dc6d56d80903fa5e59d4
SHA512 d9e3cd3b48540ee16877219df1f7576465aa76c9e81feaf81e846c2ddc2cfe8a2c97097de498df2a45748ecbfa80961ef717f6ba4defd318232e86028d783c9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 8e04ce00e5600e26b3aaeffdf31809d9
SHA1 5a1f6ff2ba1dd9aed66a76df58d13f3b81ae4512
SHA256 4ef20da61b332cb660fcee2089a4b2f559ab9c65b85d5a5fdbfbd2c15db3dc75
SHA512 8866bc0eb2d0a86d3b296385d1a8157e6889f37636b2066d17a2e88d7b9ecd0c0c4032697bf57fa6c26994017c4fd22ce3f65ccf3a475c22f3075dd25053e7ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 0c197cd9de313c739fafd4dc3ab5e8ed
SHA1 0dda38b47b653681ff7fc6a111ed4c03fc07fed0
SHA256 2a16d1f29ace3932222b943af16bdf28f481e38f2eb90dd67fd2fc99fe8d3eb0
SHA512 407d9cf7ccec16e9c19b1b74ac184da6ae2c5c5aed2d5e88ba80d19a4ec8850a5cf072cc8341a26021a9e024c4b4553308ae8de3709a473acb1d772e9afbcc0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 976396f4d80e0463a4fd420fbfd96f27
SHA1 81f6213dadb9960a9cb78513df2fdf86b6e9667c
SHA256 259c3d15283dea69e9335d2255e254a063cf2a451b41c213c9097c55950fd823
SHA512 875aec9517e4f778ff671696faa6783b23f892deb5f2717a924aca2643998d1d8a5e8b3d6bdb24b41817b0e849ec58d55b73a6dfb97608bfaf92a7ea47cff50d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 78b68bcf791d81fd801dfdb8be607a3c
SHA1 4817450eadcdc17406048e3175d3733ce6259e48
SHA256 28d838171b1533158f181397bd705a3a556fc65f3dea14f64aba46653c16476b
SHA512 35dd117276082b13ef4714bf8ec724a21d62ead4b515d739a46d3218f729ea35b12ddb42e0963a723e54c14810c3177b0bf794af948328b584767f00acd6e33c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1a4e269c92e3a9d06950a42fc6e8790d
SHA1 a2d2a8e61be3076acd68c35b619dd8d6057bff9e
SHA256 260be4274371e8aa670f0a72075ca6d507219b55db76b1b93bad283e490542f0
SHA512 c638039afe59a1df0efc0c1a157c5c9043ff991243ed79a134111980514b46e5abfc80d918afa58d3d512d2acc81a3feaa9166f656e3e55d41d7fa3765c7d543

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 6321fc8e5301a7549ec781072629e3a6
SHA1 828991a497912e510f85760196b1c9ddef2aea9f
SHA256 d9907de953772f5173a7e82344b206f4c9509ae039e9c54901a98dbc7f18704a
SHA512 a42ef0f3496d5c2bb06db759bae135d647382ec976c1ba1521a7ff323d1e4a02ffb992ca6ce7e0cd740a7f718f693bf824f6580a1baf6bc730f419253855656f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 989fb86c9ef4ec9fd783d228cfca9739
SHA1 013f13bea0d53709766086565d6a9bd2aff9023f
SHA256 1633f74f580ef68758c851fa89670ddef193703cf5551077f6a441a787b35db0
SHA512 82e0fd4e86c10777ba480ac6912b69327c5fc35d34fb414f97edc2cdedabd2076cb652713442a5e000463fc41520925edfd42b23df53915153e4238ca8ff4b30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 359bde881a32bf3665108c5b8e245d25
SHA1 efa2a906583bda13ae0530315d30c18ff142740d
SHA256 1cd81f0c3ab5faf5b0f4e9d024b409411651a76d4f15f93521137bf3d2b6519b
SHA512 de2a00213126a5805d3c8d5e90064323e3a0cedb4ceb3170a936cf6f36886e855f07d79bd4d8c36544a37ee8c4cb291f07654339f254c508432d8eb2a3661a63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 891ec5520592b20d02d6de5e38077905
SHA1 eddfe22205a80f3e34c09faa12efd17492addd5e
SHA256 e4072d1d67d798e0e3350e0c1cca9f9ec1944768340502f2b54fb8f0eb7c456e
SHA512 f6e3a08770089ce243a953ba45c4d7d56471ee682746157907e61dc527fdfcf91909689a9f6a7dd053d4aae482267d829700d0969965d47121d01c8348c3dffd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 b765f03dfa5f1a9c78910e8b9269780d
SHA1 3bbc1b18564d95292ad698429f1e5be69cf5bf0d
SHA256 a5453387674be03a5953506c0cd1213fd2bca0620dde8606b0242b11c9770d42
SHA512 e403eb87c7de8ad34b3d0bec83fd612a62272140f72609045acccf2531a2ecff65ebfd363ae3169bcae47fa407344b410c1c78db35daf279dd738bc7ef31ccd5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c882f8f71ef0ece301dafb0e84fbe0e0
SHA1 c144e5adfed3e54863a748f09724776a77911620
SHA256 a8a602e30984aea7f7fc56510e07a839c09918c681f942f8a15b7bbaab8b5ace
SHA512 6280ac5e70edd4efba46e6b256ad6685d7ac22bbfe9f19d8653cc83e964940a6a20453ce1f15365ebd80fcfbb248a491ebcaebe0375768fd6cf2949e6e4249f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 3e965beb2675f90e064d993c8607c612
SHA1 577e93b1134064b9084e5c0eded7ea2a9b81acff
SHA256 d418184cd9cadb1a1e1f4f16a9d5ca51bbe4d1e9334f339fd846ca9ea6e7900c
SHA512 f4b8b2132b93d7c8d74696a02671198348ea835e9486885ba5a886af90146e4eb92b47348c6fa58379c4d162beed9a35cfe2fc4d05607b987fcaf750984c4a8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 2057e17ad5140374a6b8fc8f321a2899
SHA1 817bbb5ee765e46baa7103e8d566326a0930d362
SHA256 23114a12b6cf8faca14dc1b37befc19202b73874e6f0db68598f25aa259a3fa8
SHA512 c4122bee922cfdcb61651a691cbab3a065859f52d141f7cce076547cc69a02ffa60b21712dd034bbd42f2d11b04b13340c88bb64e3095490a3ac1954d6258113

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 de6da343aacb0d84ba1af78e8c5e3120
SHA1 4058338aa598bff01d2fe2687cb54c0fcf6aa7cd
SHA256 257c03dd235accedbf630bfc7798fa9885b5f90305fb5202bbcbefddf81782bf
SHA512 6b0f1654944e4ff6ada041fef1339cf97d69b925098b774ccd8f5522fb2be716ad2821286a0e00461bfaaa46bd567c9233f60de38db7eeb9ae997468ed2bca93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c486a2ae7059e883dd1f77377e7feb4d
SHA1 e3c05d405b922ae82dd755c26c40bf3068fc0171
SHA256 1f53719e517c15d85d2803c7f0bb45278321b557664cfb979fd0da5f125bd681
SHA512 6b9733cb237e22db94b9557d2287498951ebf7f9755ec800c1d193719789c1a433356e3bffc3efc8cc44cd052d8e8079dcbe83f06f7d2ad1654a34243b687363

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 31d5598aaf2634fe870457e4a4b3af9a
SHA1 e4bde2de231735f8638fa5be38ce2f85621330e4
SHA256 90a0e71a73af98c50c2ae75b6ffb39dc0e96cdb56b68a7907b75cf1815e54de8
SHA512 0db443145f1247167ef6d94e3d9f898339452b53fa9e072c8bedad5a472508b5d1181aea1f5ffdcbed0d4916826c306d8921df4978d4c9102d0315f0c8a1685a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 2cb19f0d40d35d4a9c4cf70afd0366e5
SHA1 58a34bc9aa7a43935a88c355b61ca8ddda9009d1
SHA256 5e2ec231c9ce79d86b25c8156f9d83c890fdfef4a5e0f4d4cb001991799a019b
SHA512 14b7683c81060b8e91e730dcdceebe61c3a9fb40dab92bf7b6685610372e5fd67c9d24c21042b8ef72e5bd4cf99d0c2a831c72bd5340429c72c802956e2af50f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1c2b846ba07bb530f91b40d4f73e1322
SHA1 50becbe85d718b3e8597714085aebb23e4e6fdf7
SHA256 f3352b4386a931959cf60a99a417c36c28e4e61930ab2f7c2552bd2a31fe9ca9
SHA512 18167eadf1e1c83a111c48f5b853b9835e4b955569b367a3fcc9da727e371b6dac3d03192f98eb62444123187f264e668b829c83df4bf8e14331b4fbc2329396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 59f3ecde7b25f3f2b001b30834355a6f
SHA1 2509421b20ffd1bdcb07dd103819f67dc9f2017e
SHA256 0a23f5760fb8408112fc5b04838d374513902f436a08e7ea0081a3744f2deff9
SHA512 d8f7800f3c7cd65fc515a358bc7d9cbaa872322ad7cc71e0762c456bad787d689b909d2e222083ef5a4646a7f3aae55f4e0a25fa771beb6882528b4a44237dff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 ad1eb20336146c816c91f4ae8cafcc00
SHA1 320d96121c9f45034205ec63dd313826b2024f00
SHA256 91d314f78495b9d97d9766adf17ec050c96e33875c5903d3b2a46db310c641a4
SHA512 69a6dc75f321d9236ccecb078c8ed34c4c1f0452b6291737b93cf15fd094b8f19e72218bbca6c1b9b0bbc6f8f22fe7f9942b9635befcca49d39805984c64f872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d4abc5d6c3c616f46e57721dfda71fbd
SHA1 3d6a6dd7abf7f11b16d2abe9d751930ce708bdde
SHA256 2d6b47e80291a5948a562db79e5080ad01a4a2f09fc8917393e602a8f45bd0d9
SHA512 e74b432253a5a5137cdd750a797a7f2f12006810bd22fc32c72206abb481690d5dc4e643588cf8865159b2947782f5ba42226d2c504d1d628da4d1cab414e1ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 f5ebaff9a210cbdac1d2efe198eac648
SHA1 107ac41477dc71390fedbd2e5821b717ff4c918a
SHA256 9b6f9f1b8877a79d60f075856e22d3ee0cc6ede774ac7babdb352adabcfc037a
SHA512 dc1ff70b1fb0fa2f2633cb33ddfd540eb97350ec5f3efcc38d06ad0538fc940b7b48fe519d0543a35859fcad035ffa2f1bef938c5110e1edf3953f7660d37bd2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 b0d474c9ac0cc788103a00546872435b
SHA1 6aa2d7eb70b77aea8eabed47ce1f3661527dd3cc
SHA256 c0c80c9da2ab9e6b5ba623f2c9ab4086572a58e8c015d49be5e8701efed30325
SHA512 1ede182fe367edd11bbb1b44227d0eecf7d2d39e11d53a81f4557c393f3065a78a63aba0c2e8c7ed12eda3f1a7012ff50a70f77474a280b22bbc08df487528c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 6c24f67c50e6ebd634170115aaf01a96
SHA1 34d53edc72635a9fc1c148dcfceff6503ead1330
SHA256 67a79fa829ffa54f57ff5a64cd5b227c85eadc3271e5e90a82b5ced829c6314b
SHA512 839885c121533143f9f981b524a7838701a8f7c90fd2b7ed6046c0691a8e2bb0dfb4015ba7a966d8651eb09ef701e63cc0a153c1a5d72dff12940cf8d7a5f2dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 af0196d1758d69eade0c6efaea2b62e5
SHA1 c893330f2c932d62bb44ad23b67d2972ebed73a8
SHA256 c55c54a5f63bf9e0cff8706f5828084bf90e085dbccb6d22fbe000179051b5b9
SHA512 4e8841b642ef668cc9737970919cce76ffc9fef54755e50c8e826b97bf55c4c1cc1168de94cade5f4756bf6147026002befbd11c329b5c47a7db3e263d15b5d5

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 ca6a0b23736e76cec09c89a898d3a3ac
SHA1 d5fcdaac98744a69b3b0f2fbf53c5724d4ff5b9d
SHA256 18b43d7b5fa6b571aceb285db60efdc7b01de65619869c83f0df6012160a2f28
SHA512 550e0cc0ec416bd5c1345dfc51f2a02379679de97f1be970dadff7d958861920a63080f3fb21d6562c9cc1ec23b861ec037651f7a306068be10b3c79a405b95b

memory/4732-5019-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/4732-5022-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 ce4effd6e420fe83478949e303889276
SHA1 f63e307ea9e8b137519130c7674ff0cf2e08ce43
SHA256 a92d0c71179e069b74e50cf9d8c170dd0a1ad94f44de08683fdcfc706c8b213e
SHA512 f08c5122b9e790e69c3c31f7ab86743f640cbbe81561f2b8b98868d40a14cc3c661541d982b7def3e6794692e79879eda8620305f4451f33ead3ccf74ff8c1d3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 076a1aed086452ff2db2756079ef24af
SHA1 2cbe2327d5ae66dae71958332b64fca653339a77
SHA256 08bb86d07b2ed53135eaa061204abbbe943461f574d94aeadcba6928a2d443d4
SHA512 4f05668b7192802366f9fd583774382b8983a463ac0144faa15a0e35e255daf8d4ffc53c58a095739bb4c8f5b44bdff2bb5e5c9a986bb7ee36d203ba0c97c206

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 fb80253ffb984120e178f7a85ce85527
SHA1 19ebba02d70225b49655d907d02e5a49af8ffbdd
SHA256 38260b7c66a3a4ba11f901a8fd0734ea8098a19a61c783ef0a60c6c37bf438f5
SHA512 3c2b0af70abaa18d4251a46e49c2ecd0fa9094013fa3a22db6e8798d5153e33b33dadd9343de333ec13651efe87220710a4e468317db29290ee0ca4d5b4beace

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 054c473aabe82bd48d93cf779390ffcd
SHA1 177a3fc667d10ba527c69766bbe4d8f3fea88f83
SHA256 8e440ac1cbc9883cebabe1f6afabdc35b03d5d42625f3ac16146240e303bf6bb
SHA512 da902643101934d554e3305708cea912f993e7c9dea7985d1ffbca3b8f309db2faad0536233f5ac5a09fa697f47864a17d761f160e50a620ea8c8bc4e48e31cf

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 65da18ca08c16a49bf7f7442173589fb
SHA1 7d0958f62405aa16f98217097b01248ae0b7b451
SHA256 7bfc3af64b630944312c96fb347fbfd1e6ef367d453768ec0ce73afd47bb0869
SHA512 307cdb61b71d9b9d5fbf1dc9be40cf47d3027995afc8384f4b73b27043bf395a44059bfc0a6983a1c2f05cd4e983d9e3f816b145de7b379b846ae80a1a4b2f30

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4f8ada6f7f5e3fa6baed6fd1579aa2fe
SHA1 d4752834d3a5d2f972c180b4f1822d6d4a0c9892
SHA256 6277bdc05626dda5be6695886c3cdca57da94224c3025efe37543c3b516a0b3e
SHA512 8e062fde0079b416a0f7c17b18c1e6f89d80b386852ed5ef933a272c3faa3473123c2bf62129f1c9264dc892e6f9cee9b3d35dab9e973e5e625b7e60cbebd698

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3f475827a5383da87f5712bd5524216f
SHA1 616636e4eeb36a1f952c83ccf1da09aad2637abf
SHA256 11a12f0f426aa3b023fdfd03c998f169561e590152877ddaf231d0979beaeb8c
SHA512 c9575a6ffe3c52d15c4e810b6bdc41025998375bab68b461a232158f276bc74f07ddb04db619663ead010d754d3d6a3ae30a338095b1ae98d7346af04aabc3a0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 852bd8639c968ccc7f0524db8cbf7619
SHA1 1d3aec234921bb220159e7f0e3a572506352d6fa
SHA256 513bcd138da52db6a6be1520789dbb7e024919650d5ae86abeaa0acb53eb9bad
SHA512 cb779ce81674397feb169a263da9348ee3e93466e2a6cd0667c70bfcfae3302c45abcd012eb90e0838308df8c09b92bf2a30b408f75b1b8b949707d4e07ad8c8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5d5c30f7059e67030f6b1e248e751859
SHA1 93e578dd67dc3934551abfbd18677798f13c4032
SHA256 0883f02c70f4e8ee502c030c54b14a89c1595291bbd092747f29028e3fe8fe14
SHA512 92e7503693f6385ee345cbc443930e932ce495fdc4f6f75d94d3c5d9cd823956329d1ac99ebde7f7c84aa22c8fce509c56e9df006543c89d04e5212d5d556377

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7ecc6b66544ed8d85fbfa77e870f9904
SHA1 38e1a4b55b41f59c4dcc009e4a0e2876fa39c4d7
SHA256 be83eb4822f1fb3a2a2d34e7fdfe91c9fa157eb3c172d3c9cca7139a376c0525
SHA512 f5d6921fa72477555761b0af58a26af17a0cb5221ed4d111a79ab0ac5a50904bedd9426d4496163a3ff8a61c794c090aaeafad655b7ef272e614186c19803fb7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e7004c934099b53682fb0a47c54fa675
SHA1 7a81249e477f0f7ae6cae12fe86e15dbc69a5152
SHA256 d6c02301fa697f2e9f089999afbb993096c33a3482457055dbdeeeb825fb49d8
SHA512 ea61a6c9fe816122a94c15662c2afc2b75f04846abd4597791ce41c8ffc012b74f26011812b8cc5770f6b3fe7ce7579200abbfd191ed46b2508faa768e86950a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 26a0d0a9a6e3bde95f00677ea00807b4
SHA1 9e7123ac216049fb3f1f2f6daacdd4254d5cd72a
SHA256 bde15b532a4e4912c00ef266451124e3945ea082630df884edf8b57c79c5aae5
SHA512 3f31d7b05afadcd32ea3114cbbabc869b132e852adde29a05d2e0377a8706269acb1bb79fb2370a5cffa663a31d49d07f085968490abf69e15eb9cb8b0a45f82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 44fd6868a8abda6ed237e949b76a272c
SHA1 3f22c4a7ae76b8260851d2d87473f69ecc158ac7
SHA256 159cf66b90e43addbabe07248b14a8263328bdc39df6aa52d09f3dc6e2ceff34
SHA512 7f9afc6af1650ea972092210d7a9b0f7e9e083d57b036ab24335f48b39c5621e6e4660d1eb964e3454ea402f97969ed631341ecf100840daf1f0ef43d5b8a6a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3d8b27fb4e12e7878e7bb9ab2ed4f7e6
SHA1 75a940c6da18642bcb8c7b73b07fcf3ded97b9ae
SHA256 2f35ba9320074c19d98fa9f7666f944d01873a2f5f73d92f653a51a49b62bc1e
SHA512 59710a7ad8c2688623b8318a30d8941f159269b1fa4e54a3ef50a7124613e9008cfe9b7782c95dfbad4ca6fd5502749d72f06cb339cd093135fd22b57c9f9cb8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2ec8bbe9e42d18a03c35d06a34d82472
SHA1 84264225c975a32995afefda9fc2de9c9bea14de
SHA256 f0e107b9ecc88328c92eada498f2cb05c07958d37db94789523c167d425c4047
SHA512 6dd14b6d34f346c07c1e6b5450aff3cdf48ca1e1f79d29a47e2d2c9f1b8bd34183e5a322707559bf07574d68b5216be50553763495274c9c13aefb585f7e85e8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bf192e2ba96f207ee77a101b4ac23532
SHA1 83938557ca28ddeb8b22fab5d8913f25df1ce08c
SHA256 e56ef30f183cc6fea016af8d29f53e302aa1ff61c62666689b647f1a2fce215a
SHA512 87d412c1d3f7823816f5cf30883651e421db310cb8957f129601c86afce274102ca4e67c70ff0a38bcefe855fd7557594e87e7508cb915b46ffe5f8f43fcdaed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 657842ab0aa82bc83740feaa7c881fac
SHA1 5add54f5973de366ee3b458b46a56f9ae4a7c567
SHA256 a9582bae86b74842b0c0605fec16ceafe4d522d3548ea97a996f96d3dfba3342
SHA512 9479d36e1dc93d6b28215e305dbaf9e5d28c1992ac1e2426d79e00459c336a94553024562e448570deb88a29b9802b9ce6bb50ff9e64b34c51b597d23c3bbe8d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f91c09c724586d4008a981bda81040b3
SHA1 1a0fc8efbd77580bada232a58d3a7e8aca7fe923
SHA256 9cf0e67ac81adb4fe0e5a9c07e0c37862e926c485204697db968b73f9dc3cd59
SHA512 01cedee6a81bb7686eb81d2ceb784e2eaaded8c29c43d896484da19c395c720c90e5a58d003dd6cb8e288be16c5a96d11101feb5577c5862dab568d14b43647e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 ab199c81944646ae730543cbab69a12f
SHA1 67af2e806277b2483063f33498e72a034597050d
SHA256 14a58b044147bec4cfb2cae4660313e7f27fdeb249f8efe29bd390bfc30e862b
SHA512 75f71c3ffbe422dc18a5519db4f0d7221be514630425154ea798212cd99830ae97fc2bc3e4e6c5e2257bfe52fae17b7e3dfc07e0848b9d69c30cebccd5812654

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 83c64691888a7111304f05205b1a73d7
SHA1 eb4aceccbc0833ccb92fe69530b20b2b12c0b0be
SHA256 66bb35f67aac3844bf01ea5126f3c2e45e95f808614a13e67f58cf796e6714ec
SHA512 fef0344f765e625430ab0a4d67cef2d971d514ef6a3b970a80c7460920fa71eb8ec41b2343ef3a197125ce94d060766445a550631298f01534788694f0e7621e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 c7a95a6915cd1ca2978296aac9ac2e9d
SHA1 03bd27fe2add13a4c343f7b62e12708f4ff71b3e
SHA256 7a093e21b2574cd31674ceecf9a2e3c9681dba2b79f0df59e340fea9c71448ba
SHA512 f4e450d16bb493e279d12eff794b2a6ad28bb29d6224ce9816204fdd9235ce33c8773ffdde0d0782f563c4aa5ef47e4ddccfd0c667631e600534beaa968df7af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 32c59d972597b07defde0884c25b7724
SHA1 c5e56accaf5c719031b58f6b47aebb77f206f324
SHA256 0afe3d5b48d5dc7638755b29808ff3eec1827cfdb83a9e97e3390a4ce1115cd2
SHA512 e529d6ad9d7a11b9f6d8e89d82817be69bbec36e0e1214236460f7f7804cbff50c27d68de24f6d6be0d41709540fe3daa1d3381ad5d715cf2dcf634c5a58d6dc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 9553b91a6f1892b296ecd62db993bf44
SHA1 180cacfe7d39e19174efedcb8348dc0815d4cda5
SHA256 d7d1254694d3519061420033714edae30d43ae6c41c9037584587300d60db034
SHA512 5cfcda1fc41a83f6ee586fc23636c610635829b9bf1739da627a60830d9c4d80fe280eadf5115e97dd002690baa7cba8345d1c0df7d0e22221b25b8a367e2b55

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f8d17d909f0d291e57eb54ebaa796790
SHA1 47c8dfcdca8b7d9fefa0fda2d349070d84d348a6
SHA256 285d660fb8828c09024afe9af81b076ae74b49c14c6bb4b257a7bff4b8818428
SHA512 277f4cab899b090f81104b40572874c89f25f8c7250f9fc4b24bba800bb1fab709132cab4998efd61d47995349e6794305adcdb1d0a8381beecaca00c4471050

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 c06770b00e694c1e952b2ff0d6419595
SHA1 1b0f6aa962c07e1f21154b1a6de8b1cac12d446a
SHA256 32f43776756608aaa16117c8af45e6f4bf7ddf22bcc9d44ddd5282f36845e6de
SHA512 3be0c59e6aaebad20752eca28150b2de8f56dca7f434ffefbac7f5c5cc659542b0b0e1781fe0b0654f60af61a4bdd15e534dbe022725fac83744692dbe879c62

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e3d397ebe3ea420f271422faf16d14c5
SHA1 c5193834874306b9be26809efe531fa27dcdb31d
SHA256 cdaad4a6fa9a5749b8a87414caf65e7d6284365b5965eb2360c43848749d26dd
SHA512 36523938d0ad2d5c0822567772d9c24642ed353164f527cccca2fb04aa22b29a62d56c500d0b3db87194a128c161fe6330f141c070890aa715850cc972ba738b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 b9b512fd7498cc07e90033acfe16cedc
SHA1 8f59e0a8ff0d277e7d1c69c7a0b3acd5d840faa8
SHA256 dd733962ffddcb562c57debc1a71195b6ffb7bcb7185f910c0cd4a500ece2574
SHA512 01d2e12b6054d9e95a0790339abad02445b5893d2b557156f117ea657e38706e62beca130a133416544344e31643e04678eaa4775057a819a8d4f2209e81ec70

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 de638e7a152fd9ba434f8df0b6b705b8
SHA1 93d4efcf8898acf032886e5762424afa7bed7386
SHA256 298dd7f478d22751e439d8222e977c60f4dd408ce05ebc7b43f82b0b3aa9b745
SHA512 fb53ff0a68c578e9bb5dbb0e364d8b81039db81f015267c1941346854dfa417e648cb897961dc70fff5228042b40f845cc735f5218dbc502e8e2ff30512f8e1a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 da62109cc20a01f7106a017af5d6d893
SHA1 26a29887164ac1df578e40c42067f4a5610a9dc8
SHA256 e8e6f7e491c0ac3bda0a7105334b93f26f44eb2de04a712777029995901d75b8
SHA512 80f5724eb08d535b80d6b026c2be41fb1354dbc144ba2e1d9d7f18516e45e86a5ccb0389ffa64a52109f350b82cc0c36d1149c993bbc924312dab43566766ace

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 ebf0794fc809a1933c50de280a99bfa7
SHA1 f14a131ad0a0db9f1f295b95d3e0b1fc773185c0
SHA256 207484a3a373e2bf5116b7302ff3313b034a69d25d0bbea08898b8b5951d99e0
SHA512 72f6e0f7fca3b0ef3ff8c4103b64d5f40defd07c0e6907efb61bff6adb08371f75a54bc159302fa09dae91b3281032fb5fe355ca07826979892f002507645c69

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 018bf60e82880025c7ccd02f76040d5e
SHA1 a7dd3872e98d5045f644b37aa35cbe5bbff902fd
SHA256 6ef6506e53e4d11eed08bea440e60abf8a1e047860edf19a57aeac52995a2c64
SHA512 b6a5fe33a05092ef85250cb1c1cf0169b2d7352eb6cc50af245d571519336b89d24c5408db8d1a299a09a7d6f8fe8ec50d7c47995249b8fcf25da4d79a2d75a6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0b01876c50e3d67b708bd191b01d5522
SHA1 97a9b8eb5d8af132e62d69b1ed0004536279c648
SHA256 4234a997f3f737b87f2804185328488e2b76f46e46e70139234774eecf9cbaf5
SHA512 fcbfecf3f4441bd9f9bc891c5e3ab55a76186468de182632794999bcd004eeb2591874dee61b35a318bcefa56b941267279c0ea973238e1550c5fbee167c3a67

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 bd1921c4232f93496f8090bcb7b65d38
SHA1 6258272749a7b46e914db9be90eec6ffccc09e0b
SHA256 fe7b40277588628ce03d78f173ee33be3a2e323e97d3760e87291424eafa6e5f
SHA512 1610aac880b26b673260e216962fe840e79f6817f0e2f3ae170bb04978a419d3090804371bfe783564d30f6fc29eb008475d95396983723e574e0750d0267db3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 61ee57bdf9c6028872da450c4e963653
SHA1 8e1b74512f9cee1f594f47fc3491332890ddd4a6
SHA256 9e56fb2245ae4d63c98e55868833f1ae7a6d2c891cbb2fdc22bdd6b878587312
SHA512 291763fb765b702f8b8d7f6d741d9a88212a3047fe66ebfce808caa1d13e919159a1ac470b718cbf1a2e9f5d8b3a796b4fef89d182e6cd312e19643e18643bdb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 bab003a39533d117d387ea6a867412c7
SHA1 4803a4c49160b3977b17067c71468b5b6271db97
SHA256 3a35adcd8a11dcfec6122536a1ea372b159ccadeb41cccc1c838dc0d1f149f50
SHA512 a43a7bc0a5129ab84b42bd59da7215b8e7f70ab0d9d88994183488c775ca6f89bc405b3e8de81a8c44f35b6cc7bfba6dc5413be5c03fd9bd82e5dc66996c1309

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 c90bc460ac55c779da6e4eb3b1958331
SHA1 5c1c502b2ce5ebc100a14a8c3245adaa6f37a6e7
SHA256 7736dfa0225410a2549e749c2fd4a800625f5cdd3bfdd1c67b3827e910f5f0a0
SHA512 ba7b9d9a3da2d7d6b09ce84e72dc11e81b6951e93a5d2d3b6302ff65423e9d3099a616e4782f70c9e3f4f41d8d63b7b46a3dc52a4bad25f20bdb2a36a93ad7df

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 b966dc4c2ede312f1b945a87ffd015dc
SHA1 ff2ba8eb106ebd3f49d8f81742942e50bda03d7a
SHA256 6c88a94be6745a98732d293432c7a037e5c9b80276262e58a97df0c0c2e85f2b
SHA512 4283fb3717d1a63f07520b4ff20f85722baf164b03d00b26204d6f2e02ffdeaea7097558b11d1c50f9a0efb1066fa73dc7ada2f61ca6911a64af54b879507084

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 373e45da91c82a064e6a8a2d36f47b35
SHA1 0f1e48525ec9006e6bba7d2a3f3599684edfce12
SHA256 a5619621b7e745caccbad65d9e3f534650c9ba031a01aaa9462293f7f81c9cfd
SHA512 d32ac44610bb8f35ea17967daf2c6c5c6130cb56ea1caa918f78eccf4a62ecfa4c6d6c86bab331e3846ae3332c33ad205a45c488722b4d7928ca2821a85e70d6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 bc03111bc5373b7f2292da4b0c6ba534
SHA1 524694eee9de4aa002c050d5c1545ad12715fd9b
SHA256 a202379e686d00604905ff90db6bc032f210f913dc551b20140af005bc3c9d63
SHA512 4e15796f107c1139d81f90e6539eb0b69fe31c46807ffe5b7eebac6a5477fd5881bceea464634c3b07730911ea4dc487b2dad2c979ac729e3807abf5538be6ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 1c0ff534ff109739ef80ce86d44253d8
SHA1 f21db9139e41e06c8f6036d80ff03cdd9e7cee1f
SHA256 3312bdd31a1b1a972fdf1118b8b6ba5a06babec1dad25be91d8ccd822ecd3743
SHA512 8575bbbf5fa82ecc80756b65487cdf304424082776d4349c226c50b2108113f0de740fe78218c0fe2c2e2e3323a69647049cefd501d9796a510705817f5a5993

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 af6d4f44098ee38973e16978fcb6246e
SHA1 3f435934fdedd68075ff01e2277b3e1477efee6c
SHA256 b0de8177091ab7bddad74a4a6b6ae4c5a72ca765dbf6dcc1e278f18b3b49c714
SHA512 f5f130b576ef28cb68af392fd3128490b31b4335b14e1ea634041dac5adadaab62fc65c3a168ac490296859f5ff0a075ef191b9f91e8e48bca9a1cdb464a5add

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 331112c69831d44f27019eee9cf187be
SHA1 a7072cfda93a3ea25c79814a704d4e4931950501
SHA256 dc5d205a6c6c72b6b602d3f3adf1ec09b679159db71602bccda65579b9a0b081
SHA512 5b8f968336132628b143da33085f6d1adb7edfb26171dbdc8ae7504b6e0081d3202d0cf6e101714b2776205142a447897c3389b177a7d20430418410486df6d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 729a50cbd86245829e04eec62f1c9825
SHA1 db533fb28c5652ec833950184c483ebb8fb6bb9a
SHA256 295446026375c00a91ede8ea3b540b15a0de9c434ee746cad65c8a4b4ace3181
SHA512 50c5b97c3fe67eb5683bb359d1b65e658f9599507eb0c1bf610eeeaa5559fa6bc26e1d3143329b36299b25f3d6c07f90167d6c955cc94c4c94c576718c532402

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 24acdc7309f63b44506955182df1e330
SHA1 24220548bb5ef7c3134d0548b85040bd08cccef0
SHA256 3efede31c17979b6cf21ac2ce3cf4e7e2b59f9b2c35b9dc1935b8cb6d7c5e633
SHA512 4e3f8cd1da4a24e75141aba94d665a4422a5ab3a0a31fdf22867d393d6eb2185c27a1eacb94dbee0893be2172aa30db404797fd2cf1a3abf98401c56c382fba5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c431fd663a18d39e08c28db6d34475eb
SHA1 97c3d14839b256a45d625f247a1ee67a79e81de1
SHA256 02bbc379e2d1c6ffe181ae0233b7b2f05675e8c5ed0fb2b9af0bebc3e9f01d18
SHA512 401d18c6a8d111de5f6da5a1c906ffe226f3fe5fd206c06b4f100f96351b695732569928e791cdc65898b07493c2fae1e1babe80a4e8a5ee8232cc9cd1ad4392

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 b7e76ed51bcea6fac04e3a0b68f6d65c
SHA1 0328aa1e6345e615cbd2816c4ded1bb281193107
SHA256 bf9dd813cbeb1127adaa1159d04d7c7b29b468bf05aff935220b7bb0076ee443
SHA512 89f37b08283d45d3aa6bf31ac9ec2a59ca9a496a833d47a7c0bf55468f11277bb1acef6b504d684f5f4182fe346777818aa6713121ef80edb5b1907c631024ac

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 a9494e8ab117996d8aa8d5c777dc5483
SHA1 d83a48771ad3fc056eea357ff3c253f9fddb9b50
SHA256 6c6961e81d18fbf25ea653473c8bfc4e9cba2752cd427349982d50b843769888
SHA512 ca37b4c0e100a6d896165a1ea6c0a339ca74f78307214178edb48ac842892d6350dbf53dd09b0cb4d401e14cc1168ac43a995d979fea5ea6ecb1de9b53276bd7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 abee30f85e16b3cac8c3e31b1f1841f1
SHA1 d22d37f6acfb0026bbc77c86fc026eec48ba09c9
SHA256 8197442351e75623a86f5bf7f030adebb3e3c04ff2218b33887835e2b5ad2a01
SHA512 20a2b2408a272c8315bfbbef694352588c9380f8ea766a6bd69128c7aa981edb5ba1447cd29e8adc51d8f6080391bfbb27c21055a68dc48379ec7ae176917d85

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6152cfec82a623a09b0498f726b04446
SHA1 ab936ca29ab85a940fef78a23ed34286f5bdbe16
SHA256 1e9bfa1d2d74c822a335fe2248855d5e5fac3f5d83b98e4b994f5bd92421a828
SHA512 3eea7027df230d234eafd75d8b369494e0ddc6ea1de7230a826c3e42ab5bb80a4e390bd449cbe1aa8b8a4a88cc02eccc857f11ebe18ce876259f8547d667569a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 8ecd2d212ddb25508627a7cd90289537
SHA1 b2d8651d468c9dd7a9a9b5f02edc23d6e8ba06cc
SHA256 466e77b8be18450220d38994cac969a571c95edf6ddb8088883e8ab5d4ab7348
SHA512 2d28e819c8f3bce196e7d2278941790f1dbea61335f7f70a59374f813512f0db10e8b5897835121ba3f31fbd740c862f96158078a920cde4a0df3e9abb504a63

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 eef6b1ba79fc4c477ca840212ff2fbfb
SHA1 f799ae27c0e6ea303de9657f790199f523917e2c
SHA256 df3c00ac2afaeb6233e889107d8ce5e12821d40b29ec0a9d96db0357cec15d4e
SHA512 f5c84913eaa401c54939738370ed688e7b94eaf2996aa691b60df6d0199fbccc8f231b3d3dccb4401f14338d2a8c3745a89bc62469d100957d5a9057022ab68f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 afeb708b728c7b1447f120d528d429e8
SHA1 2ab763dbde74098d305afd79f43b9a32a4f3550b
SHA256 34cef4a722ab7ed889c27d4425b9b4bce7ecd806e289070e2518aedc86f8cbff
SHA512 c052d9f8f743a5970f8923d9cedc9a4e3b2cd4a7aa1d04ba454894d5eb9e4ab5f9213371afb71dcedfb59d30c9c510a4b96103a593bb6523c65a562b89a9677d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 93d40c7ae41bc30dc382983dce660634
SHA1 34bf6a4f7a6552a982dd49a3b47733bf5f6852f1
SHA256 a027c5974c9dabb4143bb394c064f17c9f92f3a1afbea85379ea9f4409d2fc64
SHA512 62016de90d3b58cbf000c3d77cf1ba9f09479fc87b68f0291c30e874f8c2d07c4e55644a38ef6b810ed5ff4f0c7be1fde1d91903f780806a92adcacb3b759d67

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 e954152b5d1300d8ab55a4862900a986
SHA1 a95687d6e901836d562a3b4641de5d7a7a5a3628
SHA256 d37d120fdc5b26e9760b66016b289b6fe8f3544e4b52559a1ab7d76b501f73c9
SHA512 59a49c7dfcf92c719e59eb3c279be5cdea68f95b3754e6ae7626cf73d366cd07e3e564dd586184f2005f07678823e942c9d9cdfc326270e8bfa32f4747ab9c38

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ec060decc581ebd708235a5de7ceb0f0
SHA1 257faa9de539f6eaca1320f6e07b088886201b16
SHA256 41095b4a8f88021fece3287dcce60ef8dafef8e6257deb8ad508a19bcd02d75c
SHA512 37d579097dc841c0bbed0d8c165531260be7776fddfbcfa35552ab62416a53168b658d5b0615a52b154584c381fa67a60d0846234f193b7a8debbdde8c4924da

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 05682205e0966dc7a2395053f789930d
SHA1 29735d53b4603652140144744a01d94c9ec5bff5
SHA256 6942f4dd6ef26265f63cbcd19bc7f2f3d1eb057cde44b55a5d645b3117bc27b4
SHA512 dc97316ee5f96d46db5c621f4b6292356ece903a8853b946b77131171f9d3f80c3a6e63e0f13ce7db135d8722009c3a53909cb1363bd61db624de8fd781d448b

memory/4732-9867-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/4732-10866-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/4732-10991-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 06ba639498eb2bac83f4d7d66d76c8aa
SHA1 cf5abf2beccaa98771ed15202014259b67b5ed4e
SHA256 597b12699cc4ca0cc9654ec68da830b0d6fe4c88e4c7aacf455c21329bd73149
SHA512 8cc8019753a813e47ee34c4519e7b2af32986a454cc742f22236ff873dccdf6760a8110731b59aa58d26e5124cb67a714c182c3ac695af3783e9fdac9cc7291e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 20282c900e1ec499360ffd730e9e260e
SHA1 e444dfdbd52db17a8f411efbdf9dc105e0449709
SHA256 ced705702a00cb1d33e68546a67ca943a48ec89bde77f7a7f1636ef5f2e2f84c
SHA512 9e955aa80f6627fa73bf463309d188c14c89ebc3eb5fbf0e2e44cca4f782af43c0dcb123cc84dc04de88515a277b41c3a71763a61d6224c3a2f32f4b0f31ee75

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9828737a45d11710b718cf2ba42bb154
SHA1 a16dfa7624b6f500b5d0b92a52c0cfb2da2a37bd
SHA256 e92a50e245dbbc12a6548df655e89b17e5b9023d44b2c85a1c5d634683af57cd
SHA512 b45e7770641dfaeef48ca253371b603e441b959ad3b7fda5ccd00b5c4ae72c1a5678afd16545f032a49ce08255f689351689dff1aa5bc02ef60a22f559c33713

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f4f9a4872591c5845a54e0b2d7d3c273
SHA1 10df6bb94d46970d9955605956dce38cdddab92f
SHA256 502f5fcd4575714a7d4daae595429df2fa27b6fdbd6bc92c3148b1b086c26d0f
SHA512 e61e820031a024a01d5051bf1be23aa32c7b14eaa9208fe1ee82d7f54f14952bc147294372edbe14dc66ae4f0793799f5f50f3d0fad8b4dbf6b45aa5d764096b

memory/4732-11270-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 2967fd9ac30d950718251f767d20cc17
SHA1 71ff50be415387b0cb46fe83449e89f066826683
SHA256 d69f2703894722bc8bbb0ea81e8c74b91d621b6acf927afc009393aba267c757
SHA512 542368b6131ac4cdd67c4b72b73bfff13d873f3cc47575a7d1916563e562005358b9a700f69cbddbf4716bd40fb50f6264373cbabdc299916d84eeca1464e74a

memory/4732-11275-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/4732-11277-0x0000000000400000-0x00000000004AD000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 15:08

Reported

2024-12-03 15:10

Platform

win7-20241010-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2203) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sr-Latn-CS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dillnaadfiilnnfi.bmp" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR20F.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarViewButtonImages.jpg C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309664.JPG C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16Images.jpg C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-m..dac-rds-persist-rll_31bf3856ad364e35_6.1.7600.16385_none_f0b0216b40fa0809\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systemcpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ecec28cb356e5056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_aspnet_regsql.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_4c94203433857e69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_6.1.7600.16385_none_650cbccaa32d721f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_00f087462bef45b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\Backup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.gpedit.resources_31bf3856ad364e35_6.1.7600.16385_it-it_95f6257108afc0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c216849e273364de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5e75d9fcf72c3633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4d31740567f07db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6dea4504c2e0e073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..readwrite.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3ebd83065edf08b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_e96898ffe0d97c7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deskadp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6519cd5c61dad301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-networkbridgenetsh_31bf3856ad364e35_6.1.7600.16385_none_1c36f1d57ee69270\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ecb9818d9a15db2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7e8a29ed31c37e1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmvxencd_31bf3856ad364e35_6.1.7600.16385_none_49662cc79bce21a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\servicing\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_4f98d5a8e20ed76c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e3d4307008c1132e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5e0447f42bcf99db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_kscaptur.inf_31bf3856ad364e35_6.1.7600.16385_none_1d769306b0886adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d01ebe366295889a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmnttd2.inf_31bf3856ad364e35_6.1.7600.16385_none_0f272be87f4643ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-7.htm C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a23e0ef0a4416066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_ad54ab3a7801c830\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ipconfig.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a3657f25205902c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.1.7600.16385_none_ed1eb8fd6654bbd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c2a2d87483599809\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_af53cd57f1549d2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-peopcom.resources_31bf3856ad364e35_6.1.7600.16385_es-es_630594d6397ac764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-sysman.resources_31bf3856ad364e35_6.1.7600.16385_it-it_351590786b121a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cf00a033363ace4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_58a94d70f5cca7eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_6.1.7600.16385_none_bd062a3e0c6e3ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_272a26eb3951ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e65108cd3afe999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\dcc11202188c9fa2ba06359a04d4b43a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a09f47c6134a1649\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bf201eb0e6f23766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6b26efe4de8fcb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_6.1.7600.16385_none_d7d643c30bd72bf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_41ed62770d4da14e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_29a18b107d8db6f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..ollmentui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94d14c6cb3fd8b81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_918cd071ea809e06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..bility-assistant-ui_31bf3856ad364e35_6.1.7600.16385_none_a4bb2020d87fab9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6bb35d9d79285b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2aaa1c64192cba05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_6d3191b19790d914\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.2.9600.16428_none_204bdbe2081cad53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef0185529236c7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shgina.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39d841713c093a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nete1g3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d71035d5b548185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ccef1ca84aa3ac41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe,0" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GYYYMXEBVVANMWG" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe" C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe"

Network

N/A

Files

memory/3012-4-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bbf8ed91be0e18f222cf55d9cd9127aa
SHA1 6bda96c64ac95bb693d81ea75b2ee16501bfdfcd
SHA256 27ef715b6bb915cf94ae427115bfe67b2ba4f160ea2c1f84fec69b7063425f4f
SHA512 98d8a2b2cb86e442631d5e05b4e3d94d8f3909f2e290d609f1a7dafc0d4ad55c49283965dcdd0c04616484cf982359092f5f3f23baeb2d8c84f5240f69efef5d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6cf8f9dba972ad6ee2299dea2774ae90
SHA1 32418a820051e0f124f66146e007084437fdf0ca
SHA256 fc89c83d3f32dd83704ae04a46699dd541c804bc235242fa6339236c87a8f660
SHA512 240679f81c3914eebe26330bb7c6e055adaf42a4827f6a9f1ae19653a52b5c24b23d9c1f49ffdf026f6639c81dfa385a367c12e3e7580aade2a8451c86daac46

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 3f087b5171c8bfbc19e0deed8076dfe1
SHA1 8d26e5e83f1bf6f7a0d5872274b95e0d3a089828
SHA256 37b46da984282d2eea4ce8b0681f1560527f19376182cf467d71b4d713f1f6c8
SHA512 101d1a697f4bd96f3b595ba239f79418bea9be10f011f897dd4a66d4ab693f225a30bc2057776f972d3730c18a9f662fb9eaad62d482ba900ca8993fb345031e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 fa15aaf3d503b1003db79e3b0954322e
SHA1 64df1de6dbb09caa09b53b96a58eaff979205658
SHA256 91d33ee47c9ef7e240f5921c7cda73f1fd328ac0683dad7bb9fcc7585e41ce9f
SHA512 fda2a4fd1c611e1f4ff0b80f424c17c271ad5b59db8fb95d7b5765a0fb94d735c9fc86dc4cb0426a6b8aad9818b8f5d290aa9f86a4566c2b384cc8bda6efdd43

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 0b8f2f6bc2a3b978eabef0da2f45935e
SHA1 32cdb29ff39a0d328c62624daddcc1b76bd8cfe8
SHA256 fa4e9232fe479e2fc2637fd3fe2936fffb77e37b0ae2598efbfabd2fb1e610d2
SHA512 410d8963145d09c1f3ee978145e6e6da5a17678834c554e56f0a1adbc07f4b5f8be451bfe9453e130370080176fd770cacfe163be441f58ba78c0fefc6ab2b2c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 27eccfa2105b25a9c114a19150ed0251
SHA1 f566bd0a7816f3fe53a445382359fb8417bb4b9b
SHA256 a7ba2c4a7fbea98af604d67a5f8cbd39f3982571ed92134f83d6411dfd395129
SHA512 1721f3a605c4640cd377f1e32a532b9c73957ca1961dfe036426230646de4b76745cec5da53b481557c1874d21d76398ba4ee56dfd0628d855d06ee37ef4bf12

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 c54620d42d12b9b1716ea9b103b283dd
SHA1 d82504054bd8ff9b317c2dbd8b7e02a238d15b13
SHA256 994b6a7922ecc32a5eb2814c4ef83e0952025c97a7c66540f864ffb830347529
SHA512 5da223eaa7cb5b4620a5ccce323bb5ba6747f7d220434ac76c60a6be00e86c310b7b2c34ba235c90994a7c8fd2ff0badabc6ecc8450d90c2053e538048927ecb

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 77ac8042c7b3c1df6e0d610fe452b3a7
SHA1 f49cfe58d9e831553aeabee2d2e257c145b4bab2
SHA256 8db038a427b7028465df67130b416d44be53a33bc8129d75b2d96c06c6c5d3a0
SHA512 a4be85450691a1a116a88a50d23a743701d63b85ef3101e91bfd363cb6b1436f15d15f7a3fc89d57d3255c8ec245d9f78b613c0e66f9c5bb0d5a2f07b8e20dcd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 700140f0b57b4225281aa41d2f8cd725
SHA1 135ec56221e6b953e0e918cd6bae8539684b1ddd
SHA256 1101ad6e4fe7a312ab9b9b5192749db5133c69f33dd43ea3e21de421e7d3e2a4
SHA512 e1f8dc219e42621cb0f42152b0f4c5ec6978da1e4eea164b564d9cdb8597431f339e64ff6834cdf34fba7bea000dc9a11e6f953ac28211d26e52773307fc0086

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 c1c200e5c5ec1360787813509dcd2df1
SHA1 560abdd967dd0c980904febc23ca9998f6a2bf9c
SHA256 504605512bff51076776e7156e387567017a2dca2fad9f85dd1354f3ca089918
SHA512 d0b5aa8f8f52300982ceb527c36b078df99bab533c0c7ffa1ce682d8ce8712a6748191bf16c07cbd94cdc76b1500d92a6b018e46a25c6c2b3c78048b7f373ff9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 15b3d32e58e6ced8dcc07eb848aaec2c
SHA1 b61e00257219a39787b202523e961feeed2ca808
SHA256 889a457edbd071eaa3c93518eb5e60d3b022bdd9f64f5f9e7b4c16e48f6079ff
SHA512 2680fd8661ffdbb9ec604eeed228b0b5f2a9137411f6c67376e3c645240894e96e65d1cce2f2ad55febea16c012717058da14db64e365dc6221559756a7ec7b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 f84467e2b763afd39bb83644dfb9de02
SHA1 46933c4e477463554ed28c262b054b0c9ae7edb8
SHA256 b94ed596480499659098671dbad89db45bb3894041412a6372fdbe53188ba987
SHA512 862735903d647bf03471bd29661837df0b7e28f10e5e4b1f8840eca098ef966149206ef607b10267129dca50eb5a01e81a47b0dbf37358d296de8144b96ffbc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 49683d5e481c89489dcb731ee3554565
SHA1 691a0079832032078364515ead9f243e8718ec40
SHA256 bf15c961c132155dce67cd81c13e607bfecc190db77be72a38dc36a3c8b3a072
SHA512 2a6043e691d20b6bc94df304bee0712c5c7e31bda49f7d1270b6bc66f8ece147f3f3a952fed333593dff74c36ca49c2f0fc61dd6d687b8fc038156da666f8b16

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 1cd1e3a617eca1dba03babeab2145562
SHA1 8f4d2fa60370767a5c0b614dd852d1e973733a91
SHA256 bc6d62ac89ac759959d5ff322b8f67b2c1843155324b83fe703c931bc9a3d12c
SHA512 028200a2f5968ef440e091985b29bd0bece1e05a5cb74bb52a3343edbeb605c810e2a2e14f9d01f29acb786887da63b400a88fba124707aaed595a6793bec092

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2ea10439bf4710f95a56b21d1902c625
SHA1 c2d187314c6dc6206442e4fe0242f839ebb51dd3
SHA256 1e31a7cc4b38a0d7b9518edac045ddb414c3d900f125d251931525674dffc1e1
SHA512 d155fc2899e4a2997ed0242a7dc1838e3412fa6663d8e8345be769de82149595cbc2a3c2975ccdcbd634a233bd8479710d8a282c64924534881551f812701955

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif.EnCiPhErEd

MD5 e69f0d3034a1b9798d36b6925c33de96
SHA1 e13a1c6d67a89d234fc41d91f173dc5a86db44d2
SHA256 23db7185c4c900e104ebdd558affd5a668412ccf31cff3a92ebb3d96de4b0cbc
SHA512 3a04b2492f0f5ef00cefc86fd35db395c051942e210578098b6b81aa9a69430d590b8bf68a4bd647babfd9016e901aeb1838929b896d20e613cfe0f59944c4b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 734fb087e848a795078fcb3325acb899
SHA1 e381c03a882594ec1132c517a43730fc6c266ed2
SHA256 9fbaaa51fd26da473d29c18700cac0bd2d978983ae505e6c377b3cea235d6b09
SHA512 a4bdc2c00546bf45f62fd2b691391fb258f1a95d6937b238a8aac90217caff7e2a9b05302024f119d2ed6851a56c927b38feea97fff35499ec1a19649750ac4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 66b0fec8151a87ac6e90956be599f7de
SHA1 967a4796dc044d6cf6ab5c262145b4cfe159a354
SHA256 a52a0ff9e4a6e6e09f01f6946d7199100b5fd37c49bf712b5b733b5eedb7d643
SHA512 2aac5213842b8cf4cfab4c59a04f892df19e7c9ac2cfbf63a29f1e9e1970f710fca56b8d5dfc57cc49c49b55d7d1de17bfee05f2f83eaf24e9e35fa77078eee7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 e8d7a3476666e5ae300bb935ebc7b0cc
SHA1 ee06750c597252ae0c4abd066cdf39d76c4042bd
SHA256 fd1c40f351acf2162bed789f43349b64e0843f6eab54fe0def49e63101fbe4f9
SHA512 58e51c3c8bd49288f94552dd8f6d2c5aa7a87441077442ad6fb4e73a4bc5ebb988528f271678368b794f5f6f6a7aef40295ff90ca32bb80518ea766884154482

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 910682b6b335e87ed8e6de10f32300fa
SHA1 b27f0dea387307084c090dcb2d84748d4532b27b
SHA256 d3b9c02835c3cb27d69c0524b3ebdbeb3932d44794fd8472f8d09a885449e170
SHA512 255410ac128b05d836130e76e37a4ec08c57b5aedc7110282824545ad32fbb6295dfe97c5e05139659ba039bfe8d8d3ab700e50bdfad92d625d1bffe4b3410c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 4a9341830b098a6a4d3f93e6130939b3
SHA1 f2f1b19d3b80d038e21eac14a8baddcf9050cf10
SHA256 18708b7a880d8cc4bf10be3c87c05c350b5d0c249224d00265ef2772f2ba9d2f
SHA512 9f471c54203c2b857807bb5eb0e985371d881351909551c3c52b405a811a93082a09273df1cd9ea4ea27479f2788e5e1151e2064e7ae9a569539a521cacad356

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 6d97001b3d66c3d4fd062ec4fe5ed059
SHA1 3d04456749af4ff2ce71233152a9815c9bad894c
SHA256 2cd4dd1434ffe7ac9fa044bf01c1b85ba5f299cc7870ba4e65bdd4c2b34935d9
SHA512 b99a383c9d512fb58d1c00cf2fb58816d81fc14c98c28e41894c4d75c559f751bc28802ed4f814431bac6f31c52c37430dc6c824ad57ff5c75b1e816b70902ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 dde4fa9170eab372944f3ce7145efe70
SHA1 75e8898516950cb82b4004419f7979657a4a7ed7
SHA256 58308cbe779d47af46c06e19ed57e75a206e2bc78c986a02da60d586c1c30956
SHA512 6ea4c3252bf08a89f9f37da33c938ab0d48d645142600bc6587df6a77bfddb94f322ebcbb5ca7eef241431017de3320c63b4b5e446572192321d77257670ae7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a51f5e969848e3ea1ed11714cb69af4c
SHA1 c43dbd9f121deb672ede2b6a801db2f9fdb4cd7a
SHA256 6da3502cb691ea0583de173f1f041e3bd8323585657aa6faf66d34b2e3c09473
SHA512 2329d4bdb13bfb0396a18436717c7b758957d2e1406875c3ec765250849b99c3738a69d1579d38726648e0a331db4aab9649606ebe5c9b79ea711767c08a17c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 9da7c60b6609a965c8d37b27e788541e
SHA1 0f308ba6ca527211a261538f128e65cb9021973e
SHA256 b08a3390e01fb67e99925a02524ee0f6d8d39a947771710509f3b41f337d17be
SHA512 c543480c0f764d3d34227c6ed4ba0547fee7d785b308eba95246e6dc47a5bc09ab1b3702fabb3404f732be3c64aa79a24d8b0ca087d489ff5d2982a3c4ecfef4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 cd82d78761f5cccaba61b9dbd37c4022
SHA1 bea38b581e465bb3924cae79c81276a0310cf01b
SHA256 83f5f313ce9449e09424dd06b2663502b867ebd38f5cf0945944289a5a872111
SHA512 7a5cd395604944a70a12771d7b7764b9d5f22be1e08ce20b6b0058070fb87db5d458ef832d409534c2cafd9ddf0cb09f194c9104b6aaaa65be2c3730c880afd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e182891e384513e45bad52d5163a6e67
SHA1 b9f2561632ea9d97a4058fb69e3cc3355e7f2ef4
SHA256 0cee404e7bdb77cea8218b0b44a2d2fc378d6ca85c54d18a8343643499f995a5
SHA512 b059d370327f9831e28bcc9bd6c3a8c1309ae2dc24d67b1ea05fd9073d2ccb42337683cb12c218649858ff34f7540f7e9a9072e354b6d04b3a68d7382562bad3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 f5bebd7c44efe8f58b1e736ce5dd2b4a
SHA1 efbd9e6a192fcaee158d681212b085ed5c9f4bcb
SHA256 c5a671606defd954aca0ecf5fc3b39eebf9e4f3ad64adec69b677dcdaaea620f
SHA512 9c44fb2ee8ca36cbf1f5ff62578a314e609b2ea7c88bfdf6a158ce4cc33d1fad712bcb9478843fa430564dd3611809811842ceffa0f2517441de0f7ccb968fbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 fdff8dcb227425b1da576eeb2c95b9f1
SHA1 785bcc8a616772676475d779b912dedaf3659362
SHA256 793293e5303d12c199e6fa70cde0fd6b5dc33fb882eba6e1d56a7b95b970e277
SHA512 63c820554c1f816b92288985c36b41ba148538028010675ea2017bade0f5fbdffc3902c16102d0b17ff66fccac8410a3a891468c6b21ffb08404ba26aaa16826

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 c71f6bfb0a31ac78abc20a42799d63a0
SHA1 a132f48b95145a088ff3e2862e58b4a986c06a7b
SHA256 006e843cdb2686839f831ff1e3dff453373a94bfb70582471faab4fec6f94927
SHA512 04b1307c86c358c56b83f32f2e7202a03fd604f785ce36ceeb6ca5ca926e9ab8aeb2f893c6876bece7d47272dbe16cd78544dcd6ffce78dcdc764f843d254e6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 37fb0b900e721158c216d418b2baa7bd
SHA1 64a533023bf734884a838c4c009970676f0326e5
SHA256 3827eeb276964fe26a28f11902010a96e0a7585dcb35aa36fceddc440e0f0e9b
SHA512 13e8b22755ddbe8ade8adf908a10f3c17f9bf56faad890eddb85c984dc9bb225fde60dcd1629940d4b1393f556e9dcf38799e243d45b946fd71da60e1e1d7952

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 71ff7bc088dabca35b1f573565a62a13
SHA1 b6a9b71240d4d0b0c99a0d1daa14e7e7b9421196
SHA256 067ba18bb38c3e1d563d7b9f05beeed1bf9bb263914571e7fb42b5de2ac2bf22
SHA512 d34ba45172106304213d9b942d4853cc05512a97164e287f6240f190ebe51ef9e53b12ef28f9cdd34b28ce01d17627b36c80318d2e9401d308d3974a2a291374

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5c75d9ca462b3f08573d8e531baef5f3
SHA1 3bae3273ef3b60379608a369250cb74e482bd5e1
SHA256 f82f69ce0e50d762edb58d0b6f99db47eddbcc147622de2e0c37bd8b7cbd19cf
SHA512 c4fb78046261158b47a45d8014c50012e04c2d036eb369c7b4e9cdd9c6377e8a74817799c26112987bf9ed2aa53246d6352481405469e63ca31cd4d2eef6b27d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 5c1b230faaea2e8fa68323b1046364b7
SHA1 db1d7dcb490072bc8e33668dbd100ca2d7b23bda
SHA256 c74ebbec0c10e3de34c62064363a60472debd3378b50ff1a6d4e7eb2f3f15525
SHA512 b2227d8b8b75a3d2d6c457fd468fc9952cc08618083901dafefd3d2de980de8885bb3a239ea62446c7f2e1f497693897bf1cf92744dddc4cc4dcd5fefdd33a31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 79a7eb1d60600e1920dd021684014cc6
SHA1 053d220e9f139059e3442aaaf68f87dbd2fdc6e5
SHA256 32eb75bad0e3acfa21863f137fef21f490b43a3eeb9fcda2f39cda4fad604acc
SHA512 3c6136385618b96b044d83161163ad3836ad5fcc44aa08862aa106909db02b67b6cb3c0d978c2204e52fbed033ef612533d5cc95ffc6a2912b804f867e4701c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 2733a58cb268074f390a402958da2994
SHA1 3712e13ae2ea4561d15c1004858644ebb5e79982
SHA256 5b8d46db85bc76a9e477042d9750ac6cdf8fced18fb1541fbbca67bd4af4062d
SHA512 7ccaed372bb3bde3187d305181512e41bc8a535b832843b41a568dfa824dd4e770f5c63b94fd598cbeddbf89575e3ad68f1bb51da0c9fc1ab5eb1b83543a995f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b00ae125728cd90c999242f95779ebce
SHA1 bf96b5c92ee0ab73220c29e5d7c54fa244542ccb
SHA256 35d99dad0fae27720da94acbd200f54c7e15979714db1d75a71216ad3ef34254
SHA512 f6ee970ff3d1d9675ca6e5bb5b03b4a3565b24d7c41b46634229124ac5aec6f2355503b884dc514efe98e14d63c8714b02f9afb40c72a9044d97e665a60aa523

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 a159586a2f7a9c58ae35eb3635770cec
SHA1 a254252c45eeaeb39d7f8ee7a7350569bfb2cf6b
SHA256 5c61ea1a96260f6ff4da1d75690ede1954faa04bb860524a9899ce7a53958d12
SHA512 5c95c2eb5c2a7baf0e8e8cdc71c3720a7f9a9e61724c6859b357f5c1104677b3d59e34dbf0b93be0a2bed6159f7b2e21a5f2091789649c2d14643d71f590af3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 37a2b72ac9729996a850f77bb1ad0245
SHA1 3d8ec8f1d8f78b44ba480db8a12b47856121f302
SHA256 91a2e0ccc097845c89f8dc2fbdad0017dde9dc584d1c1e15cd2f9f7d3c37cef2
SHA512 a4a83780dfb4a7cf1f45281ed22c1a26e6cb16a3b092984b0602eab617a41107908205a676514eb0a904d1ba5d7425c577b4c87183b0b9634969801b617ec66e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 743f3ea11bdf81113538f9f43096e6d5
SHA1 65c64f73c5831819c72581f1d6872d3f0bf58943
SHA256 abfa618aec3222fd221043b5c13fe74a750fbb047522651e963791264be7496a
SHA512 f344624e80524d864849a91bd26969a5a85748baf42b72be8dfcf551c41bc0d5b9f959252be7369f4bd1ed15ca8e9bd8135289518e38919c879a8ddf91e81a07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 7e4ea9a4e495f1247326e2557d8d1ef3
SHA1 c0296423e449813565cf806e1ee22d4920dbbaa8
SHA256 888d964cfd15a39eda09adeccffb3ec85a0e4452e640e6a9c9c4059973abbddc
SHA512 5ea741b98bf2e25bc1298adf3e6013b1553c1b6e7a102095f4220c00ef2f10ad4d6cf957ddb148301bfc59621a056f09d6d257732563768c646682538bd19e12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 e233ddb8c9429f74525499c6f6f5da71
SHA1 a4b33d774d739b1a60f9ba1000c1c2c1e1b003c8
SHA256 21627dce47347190bc70019736f11d4d0c15c73745ddfccfa72f353da02ab5f3
SHA512 73be0ed56f20a3b40029f971a2081da7c1645c7d7ce11356379e99fc61e0af0d9e9fb07bb9b20e08dc068c853170d22f6f6f642017812d1e5e05d5acbc0bb037

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a7a2bf3b920f0c2e1585ea013e6c0cee
SHA1 a039c00fa1183c969a80585191f4c1779e1a3c7c
SHA256 ed48cea77b92fe94048e0455670939cf1a765933af3a0f295ef9e5db531789b5
SHA512 2ee1fa027a9d9aeb06d2e86d34cc0e7282240b48b3529aebb5d3a71d9c7a1e1f34f8905ea2e899f7c540267dcc0ee781430b8a36cec6586158bf7c1e7d195fad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 41ba16768a11307f78535be5de396ac0
SHA1 30fcd6ea0e574dba6194c588e03fb76e484c628a
SHA256 7b9c2f8931cccad4a562fea57ed23ecff571cf508e9c9f6f3092c7f138442d55
SHA512 51038b2947a3cf3bb35a9094df77fbd4329eaf5989b545c6545b7152969fdf915eb853e26226b6f60d2b3efde88ca1a0baec5a3b80669b313c9476967c3ab79e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 ca79fa1872d37a64db8e3459558f586c
SHA1 54f64cc9b571ae6d0b6fb928cb87ee9349efab26
SHA256 8073002bc77d6d59e6aa94d374c3035aa970d6d16786e3102f7f9c96066b4049
SHA512 89d864ca99e1853ab97b8b01edce6b632427e545591f9493370dbee237876325f9076810459f54cf9651291ac9cd71d4219b06b8b5ec6a45ed35415fb9c6b3ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 9601d1e45271831601f5b53f6e4c4ff1
SHA1 fa90d006fb7695e006760c519c1bb7802fb48520
SHA256 cc5d7011a3edf440592da4ed853aa61f058218398fba4f7f4b59b507190e03c8
SHA512 31616487bf232466327f411e5091939c7383d7c9cd39d9b76c802743834587a3e0117b9948656d5541cc70fc9039f361814977b9e7c7081d9825a2b607652630

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 d9f4374c1c657f76927ffd9c09014e82
SHA1 aa47d1e868dcaf202c9202b95c2e38b74fc20d20
SHA256 1eda285971fad532e6a93ea8e735a210d33f58ef8bb2db7ee515d912a3a93344
SHA512 396c99e578c7277f4a0e074f468193690b884d292529e7fb5dea7d772690fe7906fb29300fea064464ba13595613e468841d5b649a1745c9dde74c348ecdc14b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 210fcf198b9e87435b2ec68464339e0f
SHA1 0dba9eddef693c84156fa4c7a5b0d097b52c9092
SHA256 a27a746dbe86834636801d12adbabb6c38cbb5abf1294aa333c05ff1d85d61a7
SHA512 04c8d805e343a95c8356fa68fa2f2659e2333661548b7802c840c563a0e09f3e5a4551fc50b7b62a63b7f8ddb57c4dbbcec040b6da033fdc2ed8cea8e2f9b994

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 8e00075e15e67e2c73a28fae842a4714
SHA1 48f5027abfd74ecb6b7b1851b11561e168d42a90
SHA256 342c92b99bf06f0e436742208687edad25bcb800675317d7d3f619519d69fdb4
SHA512 cf163c38e9b13b9f3f0660206f8c8b3434d37a246cc6fd3fac3cb37e804cce930a56b9f5a15950c6f4b3630fe9d71c86a95f8b29e649e4df784001f4e512f0e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 d519d7880cd9c549be1c8eaf8cbdefa2
SHA1 ce544538314b24b5a6f7c057f6b4e1bea2c52ee2
SHA256 ad133d4200d1b1316168083ca3d9fb385799ebd1366991b2558fb9692577a0e0
SHA512 979dccf8b79082b85d50c61b63c9df26034db76df84ccdb8c0d5df3e63e7882acffc6ce3635dc4cb0f73fe4a4385fcb1d4e609a12000324bcdf95b865aeba77c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 bed7e8b1e10342860e6f6224c464bf2c
SHA1 592bbc84f087854feac62ee1322d0a842474798e
SHA256 8581d8624fbeb3cba8c2ef5b51d05b6b3a2c2b190b6e63557f3788cf7b0653de
SHA512 85fe6cd12ce58cbb4f757724ccfc21e06aef372d5f00676862d34dfbb76b7042270d2c2655559da8388af3c2f3c4a75b4dee434faa90648e40d37e7897a185bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 1e02a50c3a1c53308f238b9c4087a03b
SHA1 43773d8fe1055d54a5e3460b0b76b16ed1f67e41
SHA256 3979e841f724f1695deb9ee66c5cf8c44fabbf19882db501ad2a37342c5450e8
SHA512 e1b28e0c35a4251e6ffbb1b6f6c379207fcd3dbb11e3babad1570b9b4ab0f492723adabd803ce3242e6a19bc1e953221886271dee9dc460bfe1213834a1adcd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 c3dc7d1a665d111407c964f9b3872641
SHA1 301ed6c87001d0591fd3e0852b5ee3c7f737bd99
SHA256 0a10ca1b0fdbade32877ffe04b29df15072441fc9185b793f5b9833f9cb540b0
SHA512 27a9c7f6e4ece4b3afac0799faa47f03cf4a2142c98e06756b7ce190380a59ebc66c30bc90263db577a72a57c08e1e98d1e33574690def8a8a132e0a0037f16b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 fbc0ed6a464910790df8eddc71eb53ae
SHA1 76c1b87c0f91619f2bc9fdfe5f8807803e54cff8
SHA256 6c01bc3bc83545f1632dbccd3867a2865cfae516b7a673614864f9cfa1d82b22
SHA512 94b56c31ab9eb00fa71dd08b1c50ff752b8e17bae9df643fce2ab94c350375c780dce8cdabfb2829d765a6773c19b42b2bac2eb442a48ddc805b5d2c8a77024b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 664706c07c01163cbe0c12e4a23c94ca
SHA1 e7b6660aa74e4f38f1e0973ce4c1cddcc5a1f47a
SHA256 8e7540022f4822c1080423d934fc5257982fda05b754e34beea1acd01e8b9553
SHA512 e011d8c1ec02ddf2172f69cca6d7f46e90335e1ede706c48dfb025e6da854f1837d9f14323e1030aca85f9f0e208aba9c2301b2fa61989a2cac8a1611f4f5d0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 a488b5a64803a6ac1c45467b775c6922
SHA1 7194f0ea216820f58321f2908dea2c0d2564ab9a
SHA256 87f0a366e1ba80f00baff4abaaa737e4d5aa8ceaf6af352cfd1f962885279980
SHA512 33e579383360060742f11b2009ab36cfcb6018ba53bf4faf1d126f5f6c9fbd7fad23a0a689c90a58e0917afdda8136cd82dda11e02962bea27713ae39dcae853

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 6e65ebad4de5bd2e2c6cf3bd435bf09f
SHA1 5ca41501cbb86219d7812a7f6c0ea31ddd8d2499
SHA256 475b3d3aa5ba36f38ad8efacb6cd4a1429c902ca14e9a12b9d428760097ee0cb
SHA512 53e0e96f9070222c80f6c65072212b438eb55447c11ae90a4d8fa4139a214fcca643e90243e58083bcb54c8514c9b5a0181c9ba32b2aed0c49fb6b2837e46674

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 dbe4c28b6649eb04bd7e21e3e1bf28c1
SHA1 f5bd6ea3004cb39f00103a3df81fdc61863dca00
SHA256 72ff0bede1267f88a72e9ebcb876872c9ebee0616c605e5effee8d176ee9bad0
SHA512 357a785c5d720795669ab008ad8119afd4b71584fcd8883df925240f635bf9803af8acec3ae36615b324b438d87c454331d24c80cab84577899bfaf240c0f6f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3c4aa7cc2f76ceb7548ac83dd61114fc
SHA1 7b4b82a2682d8e2574ff88d02a24fc8b96f9c94e
SHA256 241bf07f82df196a57de1411f60799a4bfe06a9a3f7a810257777aaa4e8c8aad
SHA512 02f347058f18b453ee44ef743b888acccf982fb1ad9d1d80b4e142d7959c2335fcedf983d7a3f69c18a94df2d0f532dda533e54038585b7ba1a2216e8fb1f818

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 06d5a4bd878df7e02491fe716f5c1603
SHA1 4bc5dfcbc1b9fbfc81873d7552189bb0bb76780e
SHA256 3cd1a21f1111b3bedf84f52d03b83bf0fce74163822ba3741bb2d6c4593127b4
SHA512 d04b9530397c58cc932d2942dfeef11b3a46e888296613ca9305237c9127c5ea3b5c42d1137ac79d3519026d615a51923a1f008778a804ea65bb6453be1d85fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 cddbef87417d86ba87bc722e00db96c7
SHA1 b6bff4845a7673e5f3048321f59a0d68227ea076
SHA256 68de36778c8e0e1f9c323deff3b4edb26ecd7a5c3e1ed8532eab49da6b88bc3a
SHA512 24651a858e0353b613fbdc32967ff4c59020737644b069bbe7c71773d1e4985e026bbad8da05a7bed4337c2b65c40f7f6f848aff020ce1972bb51d495f5f0d6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 8f397dd9b77fb510e25f4edc2a2f21e7
SHA1 b664e8f9a72bba9ae5a0f5de66a30d9987ebc506
SHA256 1fe6c50321c56535ff2ff46d446c6a25b24487f6a3731c08b559109b090a7fe6
SHA512 b175ac5da0625112850ee00b675404f0460cde0fabdca9eaa6ed684c848bdbef06cba450f8bb5b30f132afa75a0ad0d3e5690f8baed0cdd13e0e8b4d6983be43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 5a27c6baf3073a7ed65c47a6367fa235
SHA1 d11955684714fe1ebaada9df1b9249bf2df733a9
SHA256 7e35dc787114814d5c844cfd2fd2caf40cb4e2fa5de4236e267641a55b057f91
SHA512 099df5c84ae49945293c8e74cc6f23903cfdf1572e0e48d51781b94b2345a3afe5218147effd0e4dfea51c1c47e3c1f0696c4927cda289c9703301eeacc0bed7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 2923e434c4de191d77ac2437d1133de4
SHA1 9208cce7e1d0539e8db4fdfdbe74e8af9b513051
SHA256 c243e323348535a64108e3996118c70831b0c221ca33a31cebaf81f89a3b09a1
SHA512 644b8286916947c38b4fba91f417c908e66004755dcaf9a8520f89687d3f42745f55c467b32497c277cabf0a61c1cc56f7758f7241fa9760e2d28c4e63f12cad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 20c222e5ff8f89e523d2f1f501c70f7c
SHA1 4d5dce6e4986879442e68a6c26462615351649c4
SHA256 2d64829b54e983c9789a939b6a24791e990aba6978b3f93b6f5798260a81a004
SHA512 2a133f31dcf98f7aceeedff8cf7c9449ab7feb0856ec9a30b19af21e6b156b79ff34962c63331cd2eff5edb9d80a70a0317bbf900c6224f0df500be4219b1ffd

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 595ba3ca7e3bbea0d2fd13a13d76e5a6
SHA1 282e280233724bf9d5a666b193ed721ea7c5f240
SHA256 a02d36d968365e0fff148a7a1b932fdb76f53c458fa8e52d9fd4ea80719c54d0
SHA512 7e3212f02bb7274241c99337d503472335b6da05f66d52210d267c6f9d839b0f9ea3bad1418dae9ab612bf0505d144234fbea7e49bed93e2606eaefcdeb0e448

memory/3012-7608-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/3012-7607-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5d5c30f7059e67030f6b1e248e751859
SHA1 93e578dd67dc3934551abfbd18677798f13c4032
SHA256 0883f02c70f4e8ee502c030c54b14a89c1595291bbd092747f29028e3fe8fe14
SHA512 92e7503693f6385ee345cbc443930e932ce495fdc4f6f75d94d3c5d9cd823956329d1ac99ebde7f7c84aa22c8fce509c56e9df006543c89d04e5212d5d556377

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 852bd8639c968ccc7f0524db8cbf7619
SHA1 1d3aec234921bb220159e7f0e3a572506352d6fa
SHA256 513bcd138da52db6a6be1520789dbb7e024919650d5ae86abeaa0acb53eb9bad
SHA512 cb779ce81674397feb169a263da9348ee3e93466e2a6cd0667c70bfcfae3302c45abcd012eb90e0838308df8c09b92bf2a30b408f75b1b8b949707d4e07ad8c8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4f8ada6f7f5e3fa6baed6fd1579aa2fe
SHA1 d4752834d3a5d2f972c180b4f1822d6d4a0c9892
SHA256 6277bdc05626dda5be6695886c3cdca57da94224c3025efe37543c3b516a0b3e
SHA512 8e062fde0079b416a0f7c17b18c1e6f89d80b386852ed5ef933a272c3faa3473123c2bf62129f1c9264dc892e6f9cee9b3d35dab9e973e5e625b7e60cbebd698

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3f475827a5383da87f5712bd5524216f
SHA1 616636e4eeb36a1f952c83ccf1da09aad2637abf
SHA256 11a12f0f426aa3b023fdfd03c998f169561e590152877ddaf231d0979beaeb8c
SHA512 c9575a6ffe3c52d15c4e810b6bdc41025998375bab68b461a232158f276bc74f07ddb04db619663ead010d754d3d6a3ae30a338095b1ae98d7346af04aabc3a0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2ec8bbe9e42d18a03c35d06a34d82472
SHA1 84264225c975a32995afefda9fc2de9c9bea14de
SHA256 f0e107b9ecc88328c92eada498f2cb05c07958d37db94789523c167d425c4047
SHA512 6dd14b6d34f346c07c1e6b5450aff3cdf48ca1e1f79d29a47e2d2c9f1b8bd34183e5a322707559bf07574d68b5216be50553763495274c9c13aefb585f7e85e8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e7004c934099b53682fb0a47c54fa675
SHA1 7a81249e477f0f7ae6cae12fe86e15dbc69a5152
SHA256 d6c02301fa697f2e9f089999afbb993096c33a3482457055dbdeeeb825fb49d8
SHA512 ea61a6c9fe816122a94c15662c2afc2b75f04846abd4597791ce41c8ffc012b74f26011812b8cc5770f6b3fe7ce7579200abbfd191ed46b2508faa768e86950a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 657842ab0aa82bc83740feaa7c881fac
SHA1 5add54f5973de366ee3b458b46a56f9ae4a7c567
SHA256 a9582bae86b74842b0c0605fec16ceafe4d522d3548ea97a996f96d3dfba3342
SHA512 9479d36e1dc93d6b28215e305dbaf9e5d28c1992ac1e2426d79e00459c336a94553024562e448570deb88a29b9802b9ce6bb50ff9e64b34c51b597d23c3bbe8d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f91c09c724586d4008a981bda81040b3
SHA1 1a0fc8efbd77580bada232a58d3a7e8aca7fe923
SHA256 9cf0e67ac81adb4fe0e5a9c07e0c37862e926c485204697db968b73f9dc3cd59
SHA512 01cedee6a81bb7686eb81d2ceb784e2eaaded8c29c43d896484da19c395c720c90e5a58d003dd6cb8e288be16c5a96d11101feb5577c5862dab568d14b43647e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 ab199c81944646ae730543cbab69a12f
SHA1 67af2e806277b2483063f33498e72a034597050d
SHA256 14a58b044147bec4cfb2cae4660313e7f27fdeb249f8efe29bd390bfc30e862b
SHA512 75f71c3ffbe422dc18a5519db4f0d7221be514630425154ea798212cd99830ae97fc2bc3e4e6c5e2257bfe52fae17b7e3dfc07e0848b9d69c30cebccd5812654

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7ecc6b66544ed8d85fbfa77e870f9904
SHA1 38e1a4b55b41f59c4dcc009e4a0e2876fa39c4d7
SHA256 be83eb4822f1fb3a2a2d34e7fdfe91c9fa157eb3c172d3c9cca7139a376c0525
SHA512 f5d6921fa72477555761b0af58a26af17a0cb5221ed4d111a79ab0ac5a50904bedd9426d4496163a3ff8a61c794c090aaeafad655b7ef272e614186c19803fb7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3d8b27fb4e12e7878e7bb9ab2ed4f7e6
SHA1 75a940c6da18642bcb8c7b73b07fcf3ded97b9ae
SHA256 2f35ba9320074c19d98fa9f7666f944d01873a2f5f73d92f653a51a49b62bc1e
SHA512 59710a7ad8c2688623b8318a30d8941f159269b1fa4e54a3ef50a7124613e9008cfe9b7782c95dfbad4ca6fd5502749d72f06cb339cd093135fd22b57c9f9cb8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 44fd6868a8abda6ed237e949b76a272c
SHA1 3f22c4a7ae76b8260851d2d87473f69ecc158ac7
SHA256 159cf66b90e43addbabe07248b14a8263328bdc39df6aa52d09f3dc6e2ceff34
SHA512 7f9afc6af1650ea972092210d7a9b0f7e9e083d57b036ab24335f48b39c5621e6e4660d1eb964e3454ea402f97969ed631341ecf100840daf1f0ef43d5b8a6a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 26a0d0a9a6e3bde95f00677ea00807b4
SHA1 9e7123ac216049fb3f1f2f6daacdd4254d5cd72a
SHA256 bde15b532a4e4912c00ef266451124e3945ea082630df884edf8b57c79c5aae5
SHA512 3f31d7b05afadcd32ea3114cbbabc869b132e852adde29a05d2e0377a8706269acb1bb79fb2370a5cffa663a31d49d07f085968490abf69e15eb9cb8b0a45f82

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 83c64691888a7111304f05205b1a73d7
SHA1 eb4aceccbc0833ccb92fe69530b20b2b12c0b0be
SHA256 66bb35f67aac3844bf01ea5126f3c2e45e95f808614a13e67f58cf796e6714ec
SHA512 fef0344f765e625430ab0a4d67cef2d971d514ef6a3b970a80c7460920fa71eb8ec41b2343ef3a197125ce94d060766445a550631298f01534788694f0e7621e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 c7a95a6915cd1ca2978296aac9ac2e9d
SHA1 03bd27fe2add13a4c343f7b62e12708f4ff71b3e
SHA256 7a093e21b2574cd31674ceecf9a2e3c9681dba2b79f0df59e340fea9c71448ba
SHA512 f4e450d16bb493e279d12eff794b2a6ad28bb29d6224ce9816204fdd9235ce33c8773ffdde0d0782f563c4aa5ef47e4ddccfd0c667631e600534beaa968df7af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bf192e2ba96f207ee77a101b4ac23532
SHA1 83938557ca28ddeb8b22fab5d8913f25df1ce08c
SHA256 e56ef30f183cc6fea016af8d29f53e302aa1ff61c62666689b647f1a2fce215a
SHA512 87d412c1d3f7823816f5cf30883651e421db310cb8957f129601c86afce274102ca4e67c70ff0a38bcefe855fd7557594e87e7508cb915b46ffe5f8f43fcdaed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f8d17d909f0d291e57eb54ebaa796790
SHA1 47c8dfcdca8b7d9fefa0fda2d349070d84d348a6
SHA256 285d660fb8828c09024afe9af81b076ae74b49c14c6bb4b257a7bff4b8818428
SHA512 277f4cab899b090f81104b40572874c89f25f8c7250f9fc4b24bba800bb1fab709132cab4998efd61d47995349e6794305adcdb1d0a8381beecaca00c4471050

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 c06770b00e694c1e952b2ff0d6419595
SHA1 1b0f6aa962c07e1f21154b1a6de8b1cac12d446a
SHA256 32f43776756608aaa16117c8af45e6f4bf7ddf22bcc9d44ddd5282f36845e6de
SHA512 3be0c59e6aaebad20752eca28150b2de8f56dca7f434ffefbac7f5c5cc659542b0b0e1781fe0b0654f60af61a4bdd15e534dbe022725fac83744692dbe879c62

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 9553b91a6f1892b296ecd62db993bf44
SHA1 180cacfe7d39e19174efedcb8348dc0815d4cda5
SHA256 d7d1254694d3519061420033714edae30d43ae6c41c9037584587300d60db034
SHA512 5cfcda1fc41a83f6ee586fc23636c610635829b9bf1739da627a60830d9c4d80fe280eadf5115e97dd002690baa7cba8345d1c0df7d0e22221b25b8a367e2b55

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 32c59d972597b07defde0884c25b7724
SHA1 c5e56accaf5c719031b58f6b47aebb77f206f324
SHA256 0afe3d5b48d5dc7638755b29808ff3eec1827cfdb83a9e97e3390a4ce1115cd2
SHA512 e529d6ad9d7a11b9f6d8e89d82817be69bbec36e0e1214236460f7f7804cbff50c27d68de24f6d6be0d41709540fe3daa1d3381ad5d715cf2dcf634c5a58d6dc

memory/3012-9137-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/3012-9138-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/3012-9141-0x0000000000400000-0x00000000004AD000-memory.dmp