Malware Analysis Report

2025-01-18 20:40

Sample ID 241206-pbw8rswqct
Target ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118
SHA256 93989a08305e83e58b9c6e355b85288518be61df1ae3387d144da7093659cfd5
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93989a08305e83e58b9c6e355b85288518be61df1ae3387d144da7093659cfd5

Threat Level: Known bad

The file ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2178) files with added filename extension

Renames multiple (2193) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 12:09

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 12:09

Reported

2024-12-06 12:12

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_4c56d83f6e4d75b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341447.JPG C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02845G.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6F.GIF C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_28cd5792c4b6d80f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d31291564a61cee7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_en-us_15c06431e26d1b99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0001045b_31bf3856ad364e35_6.1.7600.16385_none_0664723396e2fd61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ac3d71c0815ea15c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c0ce852bdc6351db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_45641a7fbc21db79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_a403d5b489e5518b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd208823387ca105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\glass.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_1b4d466a173e8550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_de622c363f0c5007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0931bea9bee7b31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_a13dea73a92ad990\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a11f76f021849262\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b9f913dfd8acf6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65ff4943a6ea263a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7ea28e08545b12b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_533531d438f72bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_de-de_497845ef5eec3be5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a425297bcbb85473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-http-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_55140e8a93ca0796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\AU-wp4.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dfs-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7240a8c0eb9a8132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6e640f5c7b3f0b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5e5ada0dc1258d48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3871025326ded452\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e91e821e7be12dcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fcda74a85457284\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnms002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ff3d88c3f61fee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6cf749941960d06f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-rd.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c4c2a1e8bcdae2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-au-component_31bf3856ad364e35_6.1.7601.17514_none_36a5754e72dd8aff\AU-wp6.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d3b075160812bb76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-5.htm C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_76bf2640f54c426e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7601.17514_none_4dd20ff1f71cea26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b4ebaf32f78312e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5f5ad4d6e4612081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad4ad467924c6a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\navSubpicture.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.sua_lh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69edb47673b60583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3df688bd2ad75d18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_28aff8f66aa65f67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a11d6161cd73573\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wmpnss-api_31bf3856ad364e35_6.1.7600.16385_none_48332061386e6c89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-onex_31bf3856ad364e35_6.1.7601.17514_none_03f1215c33fb2a93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d73871b59294ac44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f6c0f81aef0bf82e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_644f5eb2171bf085\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96bb9cb48b01aa66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a5b931011631619d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sort.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14507056e60fab76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_851353ad2a152114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo\ = "OFMRCZMFSQNPPAW" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe,0" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe"

Network

N/A

Files

memory/2120-4-0x0000000000400000-0x0000000000450000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0c613e5f0ec9297c30b52ba47e404037
SHA1 0e8c8eb51ccadaeb22a2f0293ce7ecc4cfc7944e
SHA256 238b7b0da737ce27bb29b33a6e2d36cdabc2fc9530164ceba5c05a5c5bbccadd
SHA512 b2f159ac2dea16b81dde540442f454f053c13b6a02640f780008616806cdb71732fc9fef333d9bc4643ef43334ab8469da576fb78fb18ba18f87e6dfccb7aac8

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 d1adc0613648be971e9e3de20bc6ae31
SHA1 2e85f8642a49f43f47b529a802c254bfcf6d9c65
SHA256 3253cb5ffe2446c028a71adbc9ef727ed0637ce4406c1f4b79cd9b6944f4ad05
SHA512 49c71f05c24353fef1093f1005cd4dfc3a930ab0f6f983f43c5d46f7b6ce1e27dc4bbcbaec80ec00e25d059a2a5d4ecaa773e3b46cfdfc593ca69aafed5026f3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 6e3a947fcb397d71d2b7c1f62e1b0606
SHA1 b86b5f63f6e981594db51204d1ed66c6054a1899
SHA256 4f16c3fecc0bd58621ca160b7d9714ae1cd0e13f7fe23b831f2cbc55c2f63693
SHA512 0d89b64ddb9ebe10afec97b28feb08cda25c12a5e559e9a417ae0398311aa16e445e620f30b519f386d113131c0784af383c173ddf7a7e8589a2b28d344aa02c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0ffe785ef47219ea488acc96cf0a01f4
SHA1 36ede14254a0f1670de82d1dbf74f1e574b774eb
SHA256 2a9405747de02799bc028fca1f1fbb932cda09b69bc47dda2332f35f0dc0e3a6
SHA512 4a2bcca06e18cc770ad3609413c3c8bc3a1e238728576012903ae842c567d77dabe713592f7d4b232b7057942469385e1ab361cf024616ffa659ab79da2e2942

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 6d60ada1ad14784ce054370e948f3c21
SHA1 41c2fd90344705192f0d8b333e1c42627c7c68d2
SHA256 84c049bd6bcb4b21fb7ca10a6b916dc842d8d29d3fe0315938e56878acec8cc5
SHA512 3bd8f8525e0f9ac0be1086b46a7f812c4f7f341111928dbc803e0aefede31bb1d8d8759a66a8a601cf3dc80ba86451604a025806481c54f8da57b1d4451bf3f0

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 af60687e91c37e978b42031d354350ca
SHA1 8daa118081d1c01af1c0f2a23058336466098768
SHA256 6a42976df568ccedd9f75808f610aa2eda00f87785374ff9062477e3dcf56818
SHA512 3869a2835954a046cba8f0a67c3dba9a3ae08f95467e0b3fa04084e36e3b4e39025c82e4432b58abaee2dc4b183eac9e45807b39293e9890707f7a7445832075

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 d7d6f1bad6d8f6a60e2cdb90c745b81f
SHA1 d8ed20bb7e8577922b92e86d909cd2354c2cd1db
SHA256 325d974b07a4b947589247bc01f3702b199f410b9f5da4158b96718e547e09cf
SHA512 8d63337ff4319f61847b6607e64312c0ef0d34ca35f55db81a4ffcf7d8773722d9d30dc67c815c966ad5a8a3691489e5d6f8a4612e683e056741068a8ed52075

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 833d50a642354ac547d3b56efc95e890
SHA1 96ebd8161a241ad1219135b695eb08d67e9bd0e1
SHA256 faa98b1c116683b5846a55086c94627c9661dfe7f0eb8264da99edfe64806f75
SHA512 765eb12e21340108500aca98e07cbf07aa0df6033fad2eb74b7776a83e85e9e671b7ab6a2f57d9e15d3ae3de97d7a0c019fcd5234b916ab376613e8a3eeb7193

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 440ee1f42172f3d1a6e453739ee9bf74
SHA1 38e423eb05e129a179640727a93adbc9d0beccae
SHA256 697817452feabd1ae8f2ab1614ddb95815df9f559f9e3ac21c6e3c18d7718794
SHA512 208ece4fb7582ec10b7d4c8ab4d3763b2017300d69eee4d13a46ab0a8c945b0256c1e30d8f95e7c0434890430cc88c668556115267bd350b491500d1580b5b18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 68b73dafafa2c37502058d58e74f20ba
SHA1 7a2dc9aad138980575418a060cc993988d549249
SHA256 ff8efc96fd40a1a105ad6d25b8b6c2a8ff9b8afbb8bfd7693e78ea668bc872cf
SHA512 a59931f83f8dcf5cb53489b6b603ade1da64a8c1af53c2c704f0553862231f494d035cf14ad0bf8e6f6436b1cf97b7bd2b3172d323bf4bce7ca77881fee10e18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 b6308f4efed52b669922d48cb2d69e45
SHA1 c328bf4d5c63c3f5d2df227c8c8c3175c7fbb0a8
SHA256 834246a50e4061f335c8acd2a32dee0267649f6200826c2fd8f8e89ceeb236d0
SHA512 48715a3c52e12a7558f95dca79ce80733f6fd0761353e124ae73652594f1d2a4d45a8391ef7b4e09408c3a3dd12a9a0efee86b8efbce19eee8557eca838c02b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 63ac7dcab032e4a3a9891601b9ab6445
SHA1 f42e3e7b9378696de57d87d68c184c84551c855a
SHA256 b9741faebca2cfa0b5d63823d15e624698a34cb98689bd4ec4fb279402529ae1
SHA512 76d47b49c2663a6cb16033d1dd9c7a4d3bbfa017df9b4dba1c1d0f2f2a802bc01cc3091c71bbb8cde9e6aec81a22c3e0ec9fd95a99ff70aab2aa78f23bd4df87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b68500db9ea87b7b4e77a6a1d239c124
SHA1 9ed71d83b957847da2cec8716759cf273f4c05f7
SHA256 f6f32b8588ef3e19090c57e837a667c091c18400197c3c229d4973ccd61e4942
SHA512 8f758274cfeee17ee20c602d59b0aca99d1f549a036389662cf186012ee18e0424d6b025a96177d44100c8f070031bfda7c1558e6d5aed92e9c7c17b3e69fe7e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 34785aa13044d31e3d24f27f7502571f
SHA1 e81b5a9dd0a828844d1fcadd94e7d18811498e21
SHA256 24089b946e7a9d2ee3e7b9cc4a526e317b8429fba9a3b57da77d3adaf0875c0a
SHA512 f496f12b1a400797491a810938fc4a87c9db9ce8ef0029a9db903f010f88f4269217940a52fda28ce1c784642da634a755371a6deb70104cfdce4f1c4165e6a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 5a006edfe068f8de2525e9143827f4c4
SHA1 c975e4769b2170c2e970f3cc72eb9fe281d72c24
SHA256 4e160baf1a3c114fad3f713a2ffabb566ecf6ab70dd4a320e95b4a1b715cd6f6
SHA512 4c93cd6293e56b670b9ccde58e13055fbc9887dbffc3e67fe5c510cb556f2e277f1c75d2151ce4ff2aed78c6a20378825ba73e1c6a5ac6d86fd34dcc34960549

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 165d3d9390a1b77321e3065b926c193c
SHA1 428763560708e5c025d9c8fccdab8a1d9ff11e21
SHA256 9f488cf72678c5740d5948317cde82c417c6b10a2cfc560a4cc7371349391913
SHA512 9314636beb0be2c35a4b1ffcbf35bdc7c1bf84c73f3e02d9f8187d982d3756281e96a002829f39ae3e522542e317ec487d4baa952c68f91464c71d850baa0ca7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 71491c1f0e3e895172bfaa5bf4003ebf
SHA1 360401d80d0cecc08ac3df29d6ef80bff91dd45e
SHA256 33368741f4f60aa4c44c718ef74726f2c328daf1b3abd0845016cc284e964b2d
SHA512 7841f4bbb641d5b73a0944317a02dba5c876702ee927479877b775e2f0e9470a0114eb22017328a077c4ecb440d7b2d2fec301cf258b978947176dd9fb7474b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 43c06d2637312c4f6a402f142f006cec
SHA1 618085150b872106ad51a12a026258c08e180538
SHA256 b062075e116a1cdabbf0115f03cabf28912dd2f67cb2732e854ffc2281fa1851
SHA512 d9656f23e20166edd9edbee5a442006348982ee6d1f0fb608ab9d0a33e504fbbdfddd2069c2143c0ae6b188fecc3215d521fab9f4829567d6ce2fd0443eb5f39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2abdcc494bdc90885f80d910261c8d30
SHA1 3ae543045cbef97ade57e433784f7d8520d45cfe
SHA256 0c7a824255fb44376dcda2f73df57f36c4d632ba7cb5038d35085e32360cc931
SHA512 cebe65fdd4530070455181bc7956b1e85e51f06e69619ae2ba282a5533d4bf69fa1cb2d77e506b9e5314591e42a36424dcb19a56d64a69841556f3ad5c8b6612

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 198dc941e083751b0248e39a310c7159
SHA1 bb76ae37a5781f40a9932e88119ad16ad44d4337
SHA256 3854639b0434ced5245b15ee8e082ef442ea8cce61c7cd9ac34affbc241f0215
SHA512 5233325d9467eb782db0c54a94162d107c77c384172a39847ac092e0c875bd81745985c03bdd4e369abb0a7b2436d6b58aa68d3fba7a4459b5ed52a6d486d596

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 8245b5fd52f404e671b8d0171ff24236
SHA1 d243817e20a1ab273861e03c73dc1a4bca1a0e95
SHA256 c98224a53114c87483052b6b03e4090094730285e4d391dc8cc551f24b57e887
SHA512 2e27c42fb532f6be53d23d51949249b2f0eff23f732f515fc905e424e6746ef3a15e106b355b92f34d6c4d4424a8c9d2898a22402055e44b98764cf74bac06d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7b774f8d73660a9d3296cbfaf3182da0
SHA1 0f663b62c4bcc420726d373c6750cd9b0ead2c18
SHA256 1f0c3eca13556d3bc7c258458e3e2c6f61ec4de4517189ba4a88994b4c08debb
SHA512 f142c0c560b90e5dca82f2a874627f1bf55ea97887dfa2cf998e3c354701a86701750b14ff28fd23459d96b113bd9352276ebeb52e34a803c60351210728341e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 83303eede475c2fe9c01f56efa608e1c
SHA1 0393faf246f1507114934679441122f3536aa95c
SHA256 e8ec8e390bf89ed930d23d33c0b634b16408806f90a9b45b22cc9abe6946f792
SHA512 71f973b655145b248ec6b001c1cd0b6d71590bf5a0bc2f67575e1c02a79088a226fe978fd4f8a6f19a038b25e9ac26edcba32fd32764473cd5adcbb82c97d8a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 adbfea2e1e25c10a96b87fcf8fd4a605
SHA1 439b5e97bc061c26af7e7166c58cc05820e19054
SHA256 ae00a7ecf95b25bb3397520b8c0acdba000261225fa340bee194ac39028abb0c
SHA512 b74b96a8dfc759475475c12447c3697268a77a1c9cedf8ff0c963eefcc77b5ba33bfb1a02b082c21d2543d85933f19e55b13381c72a05cf69ce208a308aa65ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f08751d240fc12fd66093bb3f2d6221b
SHA1 a1b1157e7db18baa12313c25c3e6d7159d632e6d
SHA256 d702bfcc0b717c672c16612436ea21d62370a995030eaa0a59787937da0d889a
SHA512 c93c8f40edba5e6a94e514641a0315daeda7deb3acb3fdca48a455a6a78308d03fd57a9e7c12891bc70a09dfbc7ab58081fa5042b8a88d0f91a8bd508dae5434

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 9bac9fc8119ba3e72b2e2fd5600f6ccc
SHA1 518658565601233a984d97c202c2748e0842c0c9
SHA256 acc2fc74108d01110353c7e884bf5635b0e22c47d51b36ff2ec040fad58d7a20
SHA512 987482e17e391e49305effdb8a169ccfc1a48ad4f74f743ec90e0a557d93ac32cdb3392d2c6a52489cbd1b7662ec95333b6234bebb59bf1ff9c8dff2961620a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 7ee6c72ea72d2dc06063becc3c3f55b6
SHA1 539e534c48c8359784288d5bebbce429fe8810f5
SHA256 033ae8abd22403031eff1a138aa2db28f2db81f42685dd790439b1828ffe9613
SHA512 b7f522f3a03da988bd657cd74abe1c5d0d2c6935d52e401c439cbce395b2c36c78288abd91a1d45570341f02eeccbdf4815cd3bfda623a185221917cd5f75b36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 ef8643a4e69fd00c1e20c9a9d40c4518
SHA1 c2f57079b02ae8d82a51ce3b4000443b5b3b4bf1
SHA256 d0acf62f68aa69d473476a564bdcedcd74a9c9d0313f2ee86bea60be5e99ff3f
SHA512 d39ea024c374395e0b3b8df70da089803c69ecf375fb8bd7365711523dc7c1c4958cdce2ebee736a9e7d05171d00c2d7a00db29ea877204c2ae559b7d767e979

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 86c1e40d38050c80d6f51da583d5de08
SHA1 0a60c9ebd8f550202b2273183ed29d211bd6599e
SHA256 061189a7569843d2668f12021292f567b69c453a1e07dfbb54ec6b8831ed3e89
SHA512 2ee092311a0461edfa749ad229134fd267b768fdc4210d8c051f79161e544566b423106cf4a142da953672968909ed37699535333e1257ae0d17b1b0c89583e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 53a8ec7c718c4e0031c86b2ca41ad990
SHA1 4617877323a0001ca7eed81a561412b0cb632b6f
SHA256 422671f15b3d4e6e22d6722f6d86aca1dabe66bc77954f53dbc70c8388f491c4
SHA512 a318917d84d419539f01c41d8834fb0d848589fac9e724e118f41c83db5829e3646359206485d6270af8d501c62434ae9706616bce0ee41a62613a2812c26334

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 30a549859e342a710fa9f3acbd9589cb
SHA1 66f2abfc805fe1235b575b5142e8fc9d39f558b0
SHA256 a387d8240a0d7529582c35b38103baa02a948dba3cbbbf466f3d8316ef1eea48
SHA512 1ff795f8bb8db2911b5f410827ae6d18156ddf02ac9bcef9671eb733bb7873dd9ad943e0e0edcce7546e34d98bacc835ba925061216c302c1786ea06af992982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 98404dedb48e1df95fe7213e60a25f7d
SHA1 15d4b3a83fb551130534abf9b5437d2c116b5f9b
SHA256 182a492c5d9f00639da3115f4d6b39bdd3869f374985f15e5084d9471c34f5cf
SHA512 6e9df2b526e3a87602dfba1786bdf8d2793cb515dab46cc05c5f0cda202f1dd0d40d7f471a7344ec636f628417bb9e528f5517470432cdd97c20e6016a77e604

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 0e8a5409246d40268d19d296d3403477
SHA1 8cc3b4ac3a63bfcea1e7530a42af9610a0523606
SHA256 413a5e54771dbbf6e2d0b0facc64ae9839d2101e2e82e722459af9537993c2fc
SHA512 1c67f3f7d5fd89d3d8bd441834e70dcc4543e863c68677b0c87180b01c00288784ba43280ef54efc3ed04bebc232c7495422e3a0ca345b836c53b3493cfa2ea2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 0c8ca40ffa487a3c1a6d21f44c7e0bd5
SHA1 30bd8a1fbf5364f37abb72fa3f2176b6f6258605
SHA256 d1fa9bbd0c928ae35b0aed10c79c5d832c151ddaa2c2719a6a80d54f0d1993e4
SHA512 9c1e7e41063be5a74b6c8c7258a3171149684309cd8d40f4cabc23621ceb1f9cff977b7349eed81e1c590af594795b064b6a3b422111e50a9fd82288596ce537

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 63570cf06e2a967bdca4ab8a9f8d3ef1
SHA1 06bcc5c57723536c2a1c6c5e48cbd05e27e4c535
SHA256 1a0ff6b5db27614896c9b3d6329334e6f6e7e71937da1a23c8cb49b24a0182d0
SHA512 c7e2f9fea2a8975e3f9151c5800d842aa747f961ae2ab69e910a6cae4a97f61bba2047532a8ae3df1b54a541c352bd3177d6b149bdfca68e15d3746aae969d30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 3d37413601d4eb027991a8f14bb34a56
SHA1 8262867f08640e26cb2399eeed7ce42faeef97dd
SHA256 67b1ea259d5f7e0fd02904ebeb1928ce4c30de03b7e1d2f1f5a5074270befdfb
SHA512 b0e937a4ceca5c88555a1ff969dfe58cd8694d6eaea7e339ba2997f003919515253c7912c7844dbb5a7a39a408fd5b7176d1513336324a14399c2be4bcecf9c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 5b50b2834fca30b30ab11cf56e282eea
SHA1 d4241e77e009f60642e7aa9a9f9c1e1f7b649e7e
SHA256 64ac16817672c966fbe66f42986d80a56fa7961c85e7f24a50e853d82ce528b0
SHA512 51028a6ca3e11f65baeb60112dbc0e67af4a764c485b7ca5564506391decdea3b75cd26288b8ddf7c57518f8cf8f9287d209da592fbe9a93bcb1d695fa5361ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 fbe831ff9574121456885b334d93ab4d
SHA1 7eaab371264e81953d7bcd5d2a1617dfe23794da
SHA256 6f97aa168afbe750893655d80b161c39e01d548e34cd74cb8606a0de41274f18
SHA512 bc0c71d79ad94cf4cd58a2c7fc94dcf377d99d50e6ea242992ab3952a4345ca5ffba7f6b6ea2c1a65b6954573ea06ea0e56882c0f52b581842757bbf638cbf2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 24c6eb0b80679580fa6ff59bb2b25f9a
SHA1 d19c2d6d7951774f6f758de0a770b9a995f8c084
SHA256 edb9f46c7866be3b5113289389d25536de4c5bed4bf159aec4706656fc22fb05
SHA512 b83a54a4f25430e99d0bce12dd553534f364663caec72fc34d62fce40fcfa0f35e3224cbbfc4ce51b45ef33ca29692f7daea3fd837f033698b2dbd79cd44017a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 cac922511666504762f1313d92c298f5
SHA1 9bcfc5ea8adf091b0dfd96306528fad75e67ae07
SHA256 9babe6820d105e22cca4addc9d6488743e4ecf3d580052b3c52045b4c70a4620
SHA512 5e1df760d2d9bff0dc06ea0c35ec79d3a82ded246a42384e47756fb1788bb4381347196b962dfa9d25f1cd77d959b67f8401edd8e8aaa836ca8d5123cc45634f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 7f27da30d9d8c4eaaa6d756c1c6b08a6
SHA1 414270d8b80c77f22adbb66e63b7131375add621
SHA256 b61079c8ac73dcbd97a9b61f85bf74b531502a3f514aa44d848dfe6a532e3d2a
SHA512 441de0e8962626dbdf14f37aec7296253132823d7f7c465d2a13d5d37cb30d33547b3af125d6970d78477c48a5b149728e4c894995a90a26bdb4de8a797cb52b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d6612864fe973a4c6c35446e2205c685
SHA1 293d6b6e2fc8ba0f05cfef1042be7cde92d30dca
SHA256 d4c02dfb61f2aadf30c5f59d341ab874ba4a24d53a19b4fe3dc138181427d2a8
SHA512 fb774462b97031db6d4a16488c25925bcd56c147abc4e0bcb84f0818bee9f83444702c09f7c0343604764918e57dd3272e3849f9945bf0b381a3f74324542603

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 0827a9667f4182657d0ca5f00dd1972f
SHA1 b8109860286cadd6dc8b6a2aec1a1067a26192d1
SHA256 bb0f324f87800395f0e437b9e85ef8862d7d5ad480914f1228804ebba7bb3712
SHA512 06060d7c04f58532d14c7eb45d133f1ccc2c64619868fc6e753b53f34ed3ec0fc0f0e48e4837a89c2939fce903e61f331dfa7f1a8b395e23dad3428f4971845a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 014000de6564570110781f5472aa61dc
SHA1 14c5db2b3a0a5697f53ca0b3fa591e4e21ff04d3
SHA256 0a1fa0cf98193ce126645400f5be6f508ae664e5ba85d33b7642fe01f6a11636
SHA512 2dd6db4a9a841f25506c81437e21e463244c5bad56982d62f35ef50f8875b6da3d509adee024f5514ece5fd60c21718595f14ad33ad6f886760b1a9179cce503

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 4e4430bc303e86be5e5fa6a4754cd57a
SHA1 fab084df6a93d9de5bc195cae1a675f43c87aaf0
SHA256 3cbf8dded2c4f4592a6273ee061811bf56a6490d285fa9282a62fceeb5670e03
SHA512 112322280c24878b979bf13fd0dabffe4713c9225810e4d73bd92a1585775c310849946fa1243883ad3dbc0ba3b203e4c2045028a64d0b6cee72fc20b19c6b8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 42c619dbfaf7a841daa153d54c15328a
SHA1 94510778092a380467b0958d7412e67c7305bb21
SHA256 4a1c4390f15b2f67c5f84b3b30afb17a800ac1666c83f9ba18e34f7878654a8d
SHA512 d37da277fdc9821d930145b87e72af3f55326ccad963a663135bd51055200039dab4b74153b75328e7f5c9eaded1a6a37286e79bc579a539b740748a0e60a69f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 829d71a4f3fac0e35e13542557b1c0e9
SHA1 ec2e4527edb6c25c141f82890484cbba11c8b61a
SHA256 b043bee1925982ff4eeb2786c04f9d2bd997066609e163072b19becc0ba431b8
SHA512 17570b994bd7fe9934c73dfc3b9957ea81acb110ff88ffed46fd23f9bcfd099f12f5ff6bd6deec50676fe54c14438ce6465afb9496fd2c436ed6f1fb06e7cc54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 dc317073c50772bcbde9e57335181e6f
SHA1 eb7c79df8f6e211b7d971e9a88a858591d03feb9
SHA256 6fee17d8a76011a3723724df2d3f4651d87a3cb98da6515f03dc337d36561caf
SHA512 4958d8f5073f3d4b12f7d7a06e471da676849887b4d0877fd2fc0efc8f55f175f3295475d998a7d26e2395070fb400972eccf0c3d66aba374da4c4858d922c5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 e8c3e07b4739fddc30aceb87d52f1dca
SHA1 1af1ea7e0d4e0f65fd47a7a3a9b83283aaff4eea
SHA256 43a2b6cf36a44196a27620f1750c263959bf64b183f4bc720b28f937ec342a1e
SHA512 c0486c45333021bce8a2939b005dff7796f48791ad477b089982c0be3dfd8bbe3798efa504618d1da522adedb649ac504fc376ba3f69d42c52df8bf30a30d68c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 03e8d345cbbe4be0a3200bdcc9d789f2
SHA1 15b66f21a1474162c52961b56afa53e9b40f0ede
SHA256 54edb0b1104e2f74243b7982eca0167f28475e95db4525f1ed40af239d2c933a
SHA512 5e7fa22ae8f7d2ca5cd989d6a73d5b6ba6a4408cdefa81ff97d887c968b614dd430098f5ff75b4d9b172d798bbdc5c654b770b17598abbd865def12549421677

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 4ae6d37e8a773c0cf1c4df9d054a3faa
SHA1 83562216868321eb7a6d0b6bac6905f0b364da76
SHA256 b638e9ec6e65a09c687c631a39227c3e853cfed86be02ae8e64396f8df22ed59
SHA512 a3d2eeec4f37e334cbcfbcd71bc6c5c6c6eff2d16d97816f325c152e67a2fb1e86b66a16b9962bd1f3b4b47b67b37d25584ed2c9f42143e7271350e62c82cf2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2ebcd3cede725d451d5bb32ea94426b0
SHA1 d014fbc534537d33c6f15ea7041338eb9d30779d
SHA256 7dbe8cdd5a6743762828ce9a6d2ea8c8bd04ce96f27a69b469a313d306e9eabc
SHA512 4727a048d288fb4bc80f567dc48c7da109ab2baa058da1614ef968d9141ea82bd605cf795d3c2a0141ebee957bf44008700425377ee59bac52e8d8ffc24a915e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 ab59f3113146bbd6f6c6a024ceec96a3
SHA1 74a891513222bae339a32f98a58c869257b316d1
SHA256 39c683a05a23825bd5054e1c852733cfe727737c1f1bcab120b80183f0caf5f6
SHA512 683d635227faaa4947be6c065f8f37b61f0a8013ae4ec479fae228f5bce580654e83ab96bba066cd8be7f09bab87d4089498b3e2c97aafe27aad454731f17dfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 a062c3fbf5eb2f116db3419a62d1523d
SHA1 82c95341d11765cff3e26a506c3eb1be60832051
SHA256 2ad908461345675a4837011b252cab612a98d8e49575ccd3bb431e7f4100a78c
SHA512 d72b29bb21c5c6b7b63bebed1f5269a736985adf4a74feac7c5418c8c01242d19099bcc67f4d94b981424ae1667f1dd0674dbb2ccbe4504c16313371085d0437

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 9fab3a003e68341b4996d029d7ce2476
SHA1 9fe636a62cb941321d68ba87af772e6273e74195
SHA256 3c4cff14ac4cfc6d98f3a6161d8fc6b45273152096f5b37ef1dba58cec3b8395
SHA512 51abeaf221d8630932d3585fe7290eab6413b5a3e2efcdfd85d6967ebc5a9ad2559fa3b74e71078ede33a38e69468b15f737777835ae6d4052c83b04affa5204

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ec02cbfa2f08b458daccc27bcd26168d
SHA1 da23c0b6df66e82c5a1af95121f2d9662c3d8233
SHA256 bf3bc794ab7c65a75103d1c818105a97bc8d50ddb99ce41c42fc8867d3d8589d
SHA512 54663129f84fddf636948b41e8798d9ec90865141fd629f8bf2edea630728912bda0a298e838925e4e7734347d44a2d5be135f63e7957bf849374f4331ff65d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 9d4ed35f4b59e00ba1f37fa140c5a0e7
SHA1 39b1722aa7c60e4fb7aa2778262db6db21073bd8
SHA256 46eed78cf0a2d38267a1e49864ce30fb47937eec766b94bff1513e66a33ea5e1
SHA512 7b73d2dc88a28cab9b091183658b5be4a6d8170031c85af74759233a5111057674feb43f7de1e50e5473b759b890bdffa5223357064659253f111db50a654ed0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 441eaa991d439bc47feabfa15cd37d3e
SHA1 195ab911c9d2c003e89263a87c486d257bf5b7e1
SHA256 1649555773324fafe502b44e37e21e3b4fded2aba35372d7fbf71f006b108bef
SHA512 5f30697f8fa57c2f6dc730e191d1fa13bfee867ad09ee5fdb982ffcfc9ea215c055c3e129de5d07c1a29dfa27ddf2294e595c76ed51fc19868f89b366eb3734a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 97b92d6f3bda9d7fb192761f0414f775
SHA1 f6b315c6715a2edff49adb3ecd3d1574373867da
SHA256 afa34fab7fa836770ab2ea235de3b3a23a50a97fcec700637809be736666c3da
SHA512 c453ca045c6008b6cc6d9adcff43bbe3297c238bc9d940d866e99eae16ecfd73caa67c0ea4d2aa0c9cf5e0c49f366841fce4c961cb2abce56c4cec34ad406598

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e7c23bb115e8a7d6380b366fa3ed481b
SHA1 2de85b26cb0063bd1ca5f8b71933c33f3351b445
SHA256 13a62769c2866b46876118f44da834cedb70aadb67cb961118a9aac899d12652
SHA512 60df6fe939ad50ec4163f1dba0f14aa98dd0edd90e264e548ae957b0816b8d79b43ee82033df6456c0038424741c84f45b70e8b171413cb1d88cc05a09dd6b32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6bfcd258f2567474d02f3af24f313fd1
SHA1 a1ea2ee1271fb36610010cfc1f5cefe8dd7a4066
SHA256 eef5ad424548ea7cc981685201d7b2f96912ea0c749909e4db80f323a42b602e
SHA512 228b61e9c9594455191859c001b07219a857755788cff5289dd5a9424df1cd32774d070ad7652a89570083ae73d2a615b5e20688713384772c061101546aa920

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 494a7c246a85dbe56d5b09a7634c6dfb
SHA1 9f8836fce3344fbc85417f4f6042b390eaedb100
SHA256 eb4cada7e35d6b430c9767572c6335031fee35f9e9baaa9b8d72bc7178ec230d
SHA512 d65d05a5bdf3a31985249275772464bf99754b02efa4f904a74781e3f39864bf74d9d9ab7a5d45fe2ced57d6d9dd223bd8c7762954102905a1e99c1da30ea21e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f5aa66163ce95a11ed13dde3d11ad9ab
SHA1 a3d0fb7fb1a6074880070263774483fed837acc4
SHA256 57ea588eefd7de6931703a4d4f8f443f6c273ace3901430daafa443152ef387d
SHA512 dd1ee0400ce257113bb36d5f3b62bc67d211f86aa1e0acdacf625053db9b8161c4bb3f9627c291121067a0c431b8385c9d30264c278001df689cfcae5625d09f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 77e6742de20f6eb8e073452046757686
SHA1 9efc39dacd518fddb90eca593bde4038fd981a3c
SHA256 7163882e29d81113940db340d0b5b227ed1e759ace08c514d7ff3aabb56c668b
SHA512 820a9e2b185b27e20b56d7527334e59af64d802665bd405dc7acef623b77cef3176bd4181131355043a1c429dcbf659301960fcb3d4944c6812e44c1cadafaf8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 bbb753d9704ef5768e4d474706f7e4e2
SHA1 0b9a24afb7d97e45389ef0b5c01b3ffb8d18597f
SHA256 31fc63482ed97f738905c0d7db30f1fe7fb2986d85d8ca157ecc50b63baaec34
SHA512 f32d7053540cdcb8db2d63bde025650833113982b88575936573320dc8728d594ed9a2a05be67bea425671f7b77b4fc4d6076c8c98c77520ab2f1de7ac5fb51e

C:\Users\Admin\Documents\CloseDismount.xlsx

MD5 426d932dc8690df465a76dfbc558de93
SHA1 0277fc750d3105692943580a7d9647f23843f33d
SHA256 4de17677ecc380a404a4e8061561900fc08ffb19aaff51eebb83b100e297e68d
SHA512 1ffff181c5390f44f5f968696f0989fe2190f854b19719a1eab28e4e51611c1127daa1d89b513c462714c8a8475ee1c6cf9cc88a0a74397d94e204b52cdc0833

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 7569d657196c4e1e871ca6f8886b5698
SHA1 8df1799c42c632393c269e57bd697d55c08f1168
SHA256 f01a930ef29a9b0f72baa3a6080881d5b54c84c5585b1dc18af106c0aedf2488
SHA512 fbc688fc3c9e415bccf4ea57a754da843a6d93635eebffcb3b243a67e5d5b7478294970f06fe15ca4a04088fd1b99811d848ac45a22148f2ef11cad7816bc2b0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3e65da9dd7740527ee1980380703871d
SHA1 0c5bd06f4a410b216a99e1c44aeb61434df50d6a
SHA256 23ed93d8284a5e765d8c0ba73a790b6a8c68eae2231e2accc74c87cf765e60c5
SHA512 9f6259e44f20bc8d66a3e250c5dce2526cf3d6918a359984e5a36f09f87d5f9eac9d59c5420095706dde2ce60ecf530f8d4967feb5ae140b2bc3300dd988e1c6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 aaca4be2440d248bff88c1dee8212e4e
SHA1 9f883333923252364f5bb1286ce8602f33b95807
SHA256 478fd058fd96a2bd44c68e73a5b697e854396c766ab5ba556112d9cc73d0134c
SHA512 1055237c2206ab9efb910d10d6e5f2c2f5aeb8079268d0d0687173de63c3320ab6390e681b39228ac6a9fa225686c411bf5fe641042b589a196f650077915d03

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 52e9192fcdbb10961cc22368bba35ddf
SHA1 3fd4d69fb32ebf2aab0491a264fb0e89eec89717
SHA256 c5de11cf382ba7c51b54bd201e682ff81027bf84ae7548eba1d0abf8778d011b
SHA512 ef43b100b24177f4e2f5b3a672facf213f12c3adfbf16a2cafb6a86608a93b95bc16f62ef4f02a99be6fb7a92562d5a93f7cac0ae916bf1afdad4ebd2ed8e124

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 77e33ada8c7a76f0c627e1d4cd2e1340
SHA1 fe5d9a428630ce93f95e36658d0df00724046f23
SHA256 c8d41d188080f3e6299f5329a2b9ec2befd1e9c796deb7dad1cadb189d284c1f
SHA512 7d7b2a1007ad9ad2b627f0fbbfe70c879b164ab765118532857cebf30c42a89f48175feba5d1b5c2ef9d04c622aa94c2496d7916c569b3d577d336bbc1e2f54a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c3666442dcd9435b85c55bbee424e685
SHA1 b5d6460a6b8f5ee62467b7da38a702ec64a49ed9
SHA256 957619ce72832b45bba7fd7f9d7801099b61494c9760c7dd1bfc6c3c06c40cef
SHA512 9a01f534ed4616045f6acd5f1746dc2f0d9bd2204a0a94f969948c1b5029d962b660244e641ea0d0aa3d11f1a1d387e285ba4c7d1520ccce0c5759df1654a2c4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 67f21661f3c003c8042030a5796c6a72
SHA1 3ca1d9d2932b5bff0141b392f40916a84e9af5fe
SHA256 d814c407ff5eabe3e86f5114c15f33af792f3a7d02efc1b0d98ff5371428f2b6
SHA512 0d6f3d920ae8850fe0b35f143223ef015384662b3b02fdf1776d4034877c7b022d18fd787df8bc41dff81e74a6c1018bf46373db7419302ca546f0e997dd0764

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 2b471350e0c8e1ebca3919fd8709de76
SHA1 686bab43bbc770b7b5c672e24f145f4840a71800
SHA256 fe625d5a377774ec508d73f922baa170b790d896967e22571fc71a499f0f1f93
SHA512 995ea712840f970461adb86667abe0eec2d41c0fb5a8e4940d9e1acf5d34c79ba43785574fd4de6e97611828fd22d8819e0a787cffcd8524bb8ba096b06464b7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 bd5479ca56236816abae5b2f2103fd69
SHA1 ab2b0cdb45068d48aea9cb825a10e27f2b52f236
SHA256 f6d97cbbde510c9ced3857a7e5758d047f537caab8fb87223f3d4ae15aafec14
SHA512 08a4ebfd4c7e0ff27798379683542bf7a478d004beda2038f6eda8f508dd025d92d27e7507e803ad5f4ac3844516c1e027870423afea239d5b657656fcaafcbe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9ad2610cbcda12f8a4be899c460bd480
SHA1 765713e032c809b771264fe0fc69d2dce312ece0
SHA256 f1e7f18cabd118e86c91e1602f0ed9e44bd7aa79895b201b861c189d9ee8de22
SHA512 28b5bf10215f9785012f44a27b6967594598bd0b339aff6e7b77c045de8929147318fb020cba70a424195736dca0f3dfaef23db7b2dc337e03ab18616772d6e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f28044342d2a7a7e7b2ce0d268d3c1c4
SHA1 87c2cb681fe78b499921a4f8125785d2b74160e3
SHA256 37d36034b7de5ad69fe4f138ebfbe6a6ae7fb0c88c1d5a5e080e3a9516f79933
SHA512 9278ace4e727270d32d733346f5f8ad6559ac15bcce4aca5133de79707ba4c597c7f9b0be0b586afa2361933fdff2410f9350c8e9be1b62d5045c31d0f0107b7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 01a1add815fe1e3233113f24318e1069
SHA1 ed91c515a8475ceb2d94200ef788d1f54fb29268
SHA256 53125ef2c632cf117ee6cc516bd54ffbbcea4d7c494da80383df54288ba778f9
SHA512 4133182897bf360b56e4c32dc3449d8071b0c04711a7bc317188db3cda6682b9ddf887a0a309344cae1eb8195dd271b0d54727a098c24316f06654e3104b28c3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e0f81d9d68bc91ef9e53eb5286ee8d9f
SHA1 d528335b19d51a63e841055f1bf07aa837b5f4ae
SHA256 a90660c54cdd2b61863d07cc9889e53715e5da9550b5792d34fb85b7828d4831
SHA512 a6c0dd6241ba122074821b51444cacc902ed13d86d4060424783ef74da187a7807bdb8d22ceab02ef29768b38b83b0fdd2b8a7009ff6c6b08d6d13b2390566c2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 d506ed924369b1e94a9338e1691d7fbb
SHA1 a9b31479d9af13ff541dea951c7e5095e9cf6446
SHA256 c9e0899ed67cfa3aee05a5b6b4a9e14ad7b250236a67bbd32a5d416c15107401
SHA512 1f3e664b77d11a2002283b6768c448afcb4fc4fd090e3c1460a9dda95ce774e02d8cff20584bdcd7b72985f772b9f40b8a8b995ef170c512dbaf810620693847

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 ca8c3905ce4da7acb7d29ae7ce299203
SHA1 1acc896d80af853f05d90df651df2bd0c02b324e
SHA256 27654fe8cdc9e99af8b9d7e5d596edb00f94d3c03175616a71dad9fc1d5228a7
SHA512 653c5317030eb4ea603c87ac316d87f4aa351f86ad63bb976277a1b13aafd9ccc05b98869132f7a82442475f09443b9c2204bbb0c219e1cee18a9cbbddab97dc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 5c304ab65f76b26a2047acd1fb66ad3f
SHA1 a211c1c759304a0245f3b428131d2c8689f5eb13
SHA256 3f83ed8f94f4953e22eca8314e8c14870b051d14b049ee67206c91e707d31f25
SHA512 347fec9b30d43d3e27dd2d5dbf2ae84f601b9cf00bec6c7f8e9cf9019d5712a2c1b5dd6daca6903f045720e3b0b4b856c4d0a3d51a665980d3bd686f5b0fd644

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e680e4d57e8da900a75b726bfef0accf
SHA1 9a4322d171c8b5d28b7c09aadc82b1449b20ea83
SHA256 99e84d16c1cd3592903531d5fd6a9b4827b104b616b7230c98868b1ea500b691
SHA512 f808746b33bfbab57231ca1c8ff28b63e67267d3a365c9f9f4b6fd91c96bc6be2e14d815ca1610ab05b00e9a3be5983b7ec4a09ff876d72adbf0d17b2045dd37

memory/2120-9062-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2120-9061-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2120-9075-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2120-9077-0x0000000000400000-0x0000000000450000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-06 12:09

Reported

2024-12-06 12:12

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2178) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_dot4print.inf_amd64_33c48c563d7541f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Sunset.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\star_full.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\CHANGELOG.md C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_SadMouth.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_should.help.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\WordNet_license.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_10.0.19041.1_none_e799de0292ba9a6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netwtw02.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8c5b26e1f7320aed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-inputservice_31bf3856ad364e35_10.0.19041.264_none_a2201c85cccc800c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_68bca6cc8f686146\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_036ad30e6f96de74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.15805.0_none_f749d628311c66ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_10.0.19041.153_none_d123ff5fb624ee15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4ebe9cd18298b39c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_095964b946de1bf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\4K\Wallpaper\Windows\img0_1600x2560.jpg C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmviddsp_31bf3856ad364e35_10.0.19041.1110_none_2604c8ae5ecbc964\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-csrsrv.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_62b98c8af185e371\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-compatjit_dll_31bf3856ad364e35_4.0.15805.110_none_255c9541ba14edea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.746_none_6583af1faa5ed790\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..fyiconexe.resources_31bf3856ad364e35_10.0.19041.1_es-es_0a0dd949cc1402dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-cred-library_31bf3856ad364e35_10.0.19041.746_none_9d489045f13678e0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_volsnap.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_2063628031bd7b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_d61139c349b152ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windowssearch.commands_31bf3856ad364e35_10.0.19041.1_none_60e26afdce06c4fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ment-dmxmlhelputils_31bf3856ad364e35_10.0.19041.906_none_6541205da965aace\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_10.0.19041.1_it-it_997700fe159a9b73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wsdscdrv.inf_31bf3856ad364e35_10.0.19041.1_none_293a77b1ff506787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..atecontract-desktop_31bf3856ad364e35_10.0.19041.746_none_692666eeada9435b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..vice-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_ee5d5dda6e10ad22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_product-onecore__mi..fp_hf.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ebcde090ee1e5d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_de-de_b782f28207a4635f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.19041.153_none_3c9b504ec5293ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..rdataapis.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62d140fcea4959f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_22b6f973d931b098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_10.0.19041.1266_none_a4b3db427ad98ca6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\servicing\InboxFodMetadataCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\24.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dnshelperclass_31bf3856ad364e35_10.0.19041.746_none_5638ea63ef5422da\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-userenvext_31bf3856ad364e35_10.0.19041.153_none_517e3c077789ee97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_71bd26521ed13251\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-store-licensemanager_31bf3856ad364e35_10.0.19041.173_none_1e3599c3548216f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mup_31bf3856ad364e35_10.0.19041.844_none_8ae9954cb754d7f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_a231dc9a40261fd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..actor-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_109ac8df1f3d3b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_10.0.19041.906_en-us_6199e052e07554ef\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerWarningToast.scale-100.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_ac593be72b4e43ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shlwapi_31bf3856ad364e35_10.0.19041.1023_none_790612e48e34194d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.packagemanagement.msuprovider_31bf3856ad364e35_10.0.19041.1_none_fe319a7a9eed20be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gadugi_31bf3856ad364e35_10.0.19041.1_none_9a2fcf6fc49d7ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.19041.1266_none_3b00801193b15c0f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9e8f8d77439e2f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1151_none_b36f7f02e0310842\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..vice-core.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_156fcb31d0d41d56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.19041.1_ja-jp_8c756bcb880fdf31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1202_none_fceb29af5a61f7e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..pp-ux-dlg.resources_31bf3856ad364e35_10.0.19041.1_de-de_340ce94711cbc1ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ehandlers.resources_31bf3856ad364e35_10.0.19041.1266_en-us_de7145e968c0ef4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_8d4d91b02544b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..-experience-ussdapi_31bf3856ad364e35_10.0.19041.264_none_8181c7ddc6d5d12c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_82f53caf3bb13bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe,0" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo\ = "OFMRCZMFSQNPPAW" C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ccecca4c16b979777cb3d52cf814eb51_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

memory/1168-0-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0c613e5f0ec9297c30b52ba47e404037
SHA1 0e8c8eb51ccadaeb22a2f0293ce7ecc4cfc7944e
SHA256 238b7b0da737ce27bb29b33a6e2d36cdabc2fc9530164ceba5c05a5c5bbccadd
SHA512 b2f159ac2dea16b81dde540442f454f053c13b6a02640f780008616806cdb71732fc9fef333d9bc4643ef43334ab8469da576fb78fb18ba18f87e6dfccb7aac8

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 d1adc0613648be971e9e3de20bc6ae31
SHA1 2e85f8642a49f43f47b529a802c254bfcf6d9c65
SHA256 3253cb5ffe2446c028a71adbc9ef727ed0637ce4406c1f4b79cd9b6944f4ad05
SHA512 49c71f05c24353fef1093f1005cd4dfc3a930ab0f6f983f43c5d46f7b6ce1e27dc4bbcbaec80ec00e25d059a2a5d4ecaa773e3b46cfdfc593ca69aafed5026f3

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 d4a678610718b0a17e6fd98ab416551e
SHA1 e809e896212a3b5f465b1b63e799ccce761b27ad
SHA256 880e5f16136dca682787744ec2964f3c01581829150a73f5f21dd462d01ac8e5
SHA512 58e4229623ae92fbb2192d773abab3ef83fcdb9fa6187e1389b6615398476b5d748f5ff6a1f74a514909f4af16289a49cd074979fb205e5d19aa0d3986a78caa

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 ec990c880b50e2f0480b50eb23e8a06d
SHA1 ce1c0cbffa84120174eddec36f32d16942c0f1de
SHA256 d91804b93b3acf187f20c9e687c93f253fc68063a10f229162905cc7ca78e348
SHA512 12b023a33eeeeaa8b700c62b17fe484b14b5f300d7ab1c4b5641a10825ad0c7d5c893003f157dd25ae52073bdc308d1330dfa4f330d1ae1435d3744b3d40c38f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5a3c2ce25ded7c74f34ee4ea5efd1d31
SHA1 7d2c27eb378884a4c5f52c3e9683597c42a0dcc2
SHA256 9649b7b9c6541086907f70bafae2344b7da89d451e4e91ede7398cd7afc8df98
SHA512 276a6c89e78d352497238c2d76f33a1009440b20637abaf152e10bdc47f6da138df5597f1f79ce8358b8dfa339dc838bacadd41412feac21ec8f0cf23e9dda43

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 fa2681eed9e93e7b33e6bbabea1b7dd8
SHA1 f564a1d27086ca59874bd2f81e04667582188285
SHA256 74fbcf07714336129da50afdf78c9d32570ea12a93a18dca1c383dae25f80eb3
SHA512 59e77a37fcf5d51e6d9bcc6333cb4bcb8585dcb1d8ba3611bdea873447d4431cb55ca532ab5b810070496ecc2f7aa3598ce7a1037ddb4e899671f98a3aa308db

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 2952de339d40bce7b4ce6b40854a7304
SHA1 04ad29bbf65ad23c1b3b0b48999185b0064f15fb
SHA256 057ae63439728f0fdf56a4dc9afc92a28afd0352c4c755250758db43f1da184a
SHA512 d053e0d5191566936d10f1b92341110606aa70fc09d9374125a902ed68abe69302e740522a9afe047cba10c49370bd5f02d8de2787d1cd5859d78ea1cbfd35c0

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 08ee5a0192b38627983f3bb1c0487238
SHA1 8c6ef31140fe6cb5c0d0c9119ed66703457af70c
SHA256 3ea20b3c87d85a961f1d02f8783808cf484ddc8a5b8ea8f10e0f0fcdbdba41fe
SHA512 959a267a9168e5fa3c83357b3103de61c9284e0edec8e55793992e0e026b4db25943dceee1cd53ebeef1afa767c82bddc75cb5a18375ed33575c2b638e3e671d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 1fb89ea6aacbbe7a4f7e3f89895ecde3
SHA1 5a6fc5994f1a622d9d648bc802dba46c55e598e7
SHA256 3bc5c50fd325efd6a3bebfa88802be9d4ac69479e9a88884685a3f200e82e834
SHA512 9e19b55f21d9510008dc373f2b9d02053e4216e5aee50a92a2c6c9c72beaf352df12a583bc36a3a48098d858c331637c3445692b24f3430fa35fef8b84aeaa92

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 69a16bd3507a183c827325f903b49db4
SHA1 947f3d9210e7bab2002bea045f4986f87befdad2
SHA256 1cfdd2372dba94385b1c1e071ec14ad04c2cebc2f6320c969070cd5004513cf2
SHA512 7292d7ab5b38ff19e7e299bab01a0153738b4edac840ff1210305c131667d4205b900807d36431b322408c27e791aec1b3f544e6757625132474e3129b2da39a

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 c3995e28215ea696a6a4d4467eea65b3
SHA1 3d82913e53ddbd2af84e7fc06f0fbfb487757e5a
SHA256 90db2b9846c396d4f013e87da63e1b67bdc55b26cf2069b2e000ffbfcc240ebb
SHA512 95130d17f064a437bee1669c52ef7bc3ca22dc1823832360f3a91d9c6a4f3cca847ac541c5ba853e8235964e2bc0297879d3fff70c2e535175335e1aaa59edc3

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 30f334cce22e4f844a9110bafe7455a3
SHA1 f694982643149dcaee02f46db11b5235fa45e088
SHA256 44d9185f81a24d09486406e513a03aab6ca2aaded825dc104549571823b1b4e4
SHA512 536e95607cd38314ac066ecde13f598daf2f344e65f682e13bf986f0133887185c3f6ac6d421fe114d06998353228f4479b5f13bb30a33ba03f6a43e6e52bc71

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 42b5ba9c2a3fa635f374787a04ea6eef
SHA1 9c6dfaffd02a5f5be5587136b7b9d184310d0d8f
SHA256 50b05eb8b406ec612ecc17c54bba56d13441f2d943e6aae245053c354848d8b2
SHA512 c52830fb710cb72e033eaf30d235c7317729de959524ea9a2093738aaa66bc3f5f7e5ab898b1670c6c28e2f0619291cc4c51e53a04bb234d49477bbe0d05d47b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 18ba7822f5cf927f7d054668a1551728
SHA1 e1c042c547aa87aec8a9e7e6b7b2b15213fa4f64
SHA256 07e7d4e425b7a63c5cd8c1d6adf522ed73919e5f2c51c7416f3c4f500b77951e
SHA512 9b565ce2fc5f709a5c209421670309f5afcce1d6cd8e8e2f1bfed461ddadb20c30d96af99e0ddb14bed7b62c2af42e9e8206acd20c63e706ca9705dac9c8ea6f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 50632b9b5f9a02b089cb96347d4f6460
SHA1 209cfe55fd48d6d699a99962741e3ed2bdcc0770
SHA256 d14791ff3e820a5c6212b36aca3bdae99c87b211d01099852ccc65cfb87f730b
SHA512 beee47b2de8d5366c6baac6c39c000a54581a1dc7be29408f8e353b4f8ccc2cf3c7b7643eead42197b2bee93bd409090188e0a875cd4d063628a3e34997e12f2

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 6bb828e777a78944ae852819044890a6
SHA1 f1f1a762522728515452677fa6d01fedcff87a30
SHA256 079d9d9641d6d9c2915e5cdc95bba8251183e9b9f9b0c3195bbf629ebd77a262
SHA512 6e14a485cfb4e8c15dabff286afe4704eaff89250b614ac7fe5c2682eae6399cef06ddfd5e26d56947cc7be43b20f0df73f2bcc41ea0ee60c3e544d349918653

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c4100e78c909b0512e04f2768b63d80f
SHA1 d69db98356556dbc7c7fa282193e8d75ebafa808
SHA256 ec96dbd5c2df982cebd95fd5cb1cb101596335d37a3b32f9d5e3f089ebab5aec
SHA512 9b31e37a909368a84e94822738d8bc1cce4b2fb7fb4c62c718068d5c2e90e8079dbc393b0ee718680807906f78af6176b2eb603f00e44b30460600adebf72cd1

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 b2e7bfd717e83d1d668ee8e45ceff707
SHA1 e80f4d1f7d1463d06c3b6bd1f979ece671f0f050
SHA256 2cbb9296dc553b0fea682bd19a4fc83666c3fee52841cac06c44431acca3c28e
SHA512 60941f606b5827d11333fcfa923b9e342e9a70e4fb75d1743ba182a804a7d07c28d5d1104d269f4ccdc57957796b4b5eb05d44a5e0b1a0137597745da470e5d5

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b6be383629c4d09d5e21909a03b7f889
SHA1 eec4719ff952932fb7c4953fbd0ae0aeeaa219af
SHA256 b60f44d9031f03218360d1f565057d6ad75e3b24d6df48eb8ed6f0d95d0735d0
SHA512 cb66fa55e5d878205257544e1cfa2580e08fc5212c6a6a111a6c166af3751adbf03891e346c2e2e41c78c8edc8d6db12822b05b3c3fd32fb9ea671d5ce0129f9

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4fb0253eba5d3deb0f551ecf699c5a4a
SHA1 fcf5033d713394a929dda219521ecf401e125fa6
SHA256 bdda248a486092b7207535cd23c4e6a82fcff75021317ddd3eb5b2a40308f100
SHA512 ae527bdccd719a3a15a0564d9f729c6f784a9b3e7bfd6fbb994b9ed1c144485b90d0b67de1181b0fbaac32e7a5b1a9aad0d09860132d4ee181213fc7bda83584

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 99135d01f44fd8d4c54a78a3c686d703
SHA1 5995a762a3b57180a4b4f07e21a870830554689c
SHA256 d7e7b67733ab28f81ed86226531b9909ea3c8798b18f6302a64a339c3db8eb5e
SHA512 e6626ad7f53b82e8a0168034dc0d62c9293ca276beeea77088051672ba47504828b8047d8048c56cc728c564111281be4311840386bb7db13f0f8c5a92e351a0

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 05c29f0da773597a968ef927bd15b768
SHA1 9066e890dca058b41a35949a2cf9cac60e681073
SHA256 a5d8642be821fc3a0dd66c85513ad91bee67663986a23633296a85ecbccc273c
SHA512 9df2e93288bdda2d0ccd13199a2c7cc3d67f820b797ff2d92d92dcfa6eb94c7fd34194c378b7adf0dde0844421f536ac1df19e6fe090d7beb513ad57698e3042

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 839d4b071ebfca8d0a457952d22ff990
SHA1 eda1ca0afb24ffebbf5482d75f52eab86832e4db
SHA256 446e4d99501c12527d395fa6e2e87466ae34450f9c80e5992a578d0e351ee0b1
SHA512 70ce3ce65cfaabb7041167d5ba053d119d72df884c22d0a4534c6dbe18019f1b57ef530828299318e4040a3a6d823c88e7170678dc59fdc1a3907e14bd0345cf

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 82f9cf9a60d73671dbcb36364d772794
SHA1 2b74c5d97afe48c10a054a3653564f916c548626
SHA256 88013f6f15adbaa0485c39bb537042fdec43973cc5ff61f66391c828c2e5d169
SHA512 e5a0f3ae105dc81d4ca0bb4b179ad38cb5b51d2c5708d708393faf1b7b501bae75cd327a69aa498386386872793f2f256269b24fbdecbbaaf92d6aa49600109e

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 b33075f9206562bd6cbe07f6f1482a3a
SHA1 e9609dd7296e24896db58fdf61cfc6584bd21e10
SHA256 97380dc3c40a3821eeccea654470a91e71831730745647e864bc5e874a6ea1f8
SHA512 8df0d36ac7f2316a9f639fb61596ab9a2ca8b781baf4b42ad47ad10a6c9f9add36585aedb8e6e530aa070474f35250a3700cd28b7b990e46e5e4fd8c547362e7

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 727c524fc1aa1c16a6e119152be7299d
SHA1 67773d3097be4dac5d583ac299ec9ac54651cd75
SHA256 047b93eebd0d5f3693e2bb01238ad0c28e5b8f68b34a64d11c445564126b4314
SHA512 baee4aa397c3bd3d4fc36532b38e563f7fce3b4524872476d6a5bed32b0a3a1db02f48fdcb5bb32e0a5ebb66238bc7292f16156ffe08db746aa6a03fb207d2f9

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 4432dd0ffc6f11e97532dec1e1b3909a
SHA1 b83b94ba7f73d05a79c95d0a5f2c1b83179c2723
SHA256 72d233b44a83ee9b7ac38ecf069c59e65d8fac13bdd5ae0e0906450f0170c0f6
SHA512 6a057bed2926b591b6fa6c7cc1d17014329de05af83b618c1d707996d4a38ec1a7edf792d1ea5b8d0c8127b0371a94b2adc6793bce8f78c0a49613491a128e9d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 584cb3d8af1623a154a8fa03186f4e8e
SHA1 5600e4d5fb07389c37eff7e5e5276b8b228f8df6
SHA256 748c49ca8ff0b73d1b4149933b7660203311298841bc165f8de0f1f0fd7f2cc7
SHA512 ac121368847830f1f451a14e4b6d4156aa2d5e7a372a060d47b4365dcc16e1701caf403834498630ea81b3bab0a7954b6be0d32233a56e37670a263cc4d5c598

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 9208dcc07617b8647bb4db392e682a12
SHA1 ff8f5a2dcfbf4ae177fd878772a1063f006015ed
SHA256 ce6f11467c840599b8ffce4f6a176742445ff85097f105e1f9b1ff37d589155a
SHA512 ef940fd9b97c4b5ddf782081030102e24ae56e5c9d134c1253509b5483aec9e501fcb374da72a014e6f88e4a5e101e51729cd5bd435e2251edebfb3292a4c09f

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 70b0997571e07c52e582d633d69952e5
SHA1 8e072e8f4a3dcc42a042157858c895acad00693f
SHA256 9048bef1a1597f082e8294c42e95ff331b1f2541f8bae28246cd09193729e763
SHA512 151c1be63389f5f3290eadbe6d33bd161aed41254def17eb530edff472068d56bf48100719d039876243490c22e1fc667b25c1881c7b263bb538e21efb1f08d9

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 1c51058737112509bc742bd16747e94a
SHA1 15b75d7ecd3bbca96933d4f97f7df8f99ba5d6e5
SHA256 7500912e7267fb138da26dced6f629a57cd5af2e228657e101bfc59c08300ca2
SHA512 7273da864af447cbd58075eeea6673a2bf9d12f6e20abdc496ed257278df39ad774bfa3e687aaf30cbf715dfd8d8b5e4f1be763dcf2650e613bd9e527c524c33

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 479e60378593216e725a90041f7e990a
SHA1 9a5def583fd17fd3b4241ee44552288427bc83ec
SHA256 76966a5e7a299735cbd994b5b5f1d9ebdec1d220e7dae4be40f415ba1263ae86
SHA512 4be899d59869ea8dc96f2230bfa61a925400e4e858d2458496b7ceac766090fdd2fb8aaa9d7c6bee19835b7d40fb77135c3b11c4fb89594b9a8347bc4f0dd7bd

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 5f324b90a5ce66065ed4eb27127b3222
SHA1 3702033500600654dbf870c3ee6a358e2b6f48cf
SHA256 591d34c7ca3dd922d38b3512aade753487f46bb84858c4e4f9e846eae16a45c7
SHA512 b05d8d183b3a3fea7457e2bbf29d341dea4b00588f765721b147e7d3e932ec251f20046135183f7fd11f140f770365f8a9009547e5f7e8d60fab108449827074

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 87b4fc29ac6cf8ddd16d62b1d970a351
SHA1 451775cd8c4e1cb5a59239f2ca86b37c6650449f
SHA256 49c161c8123207480abfeee48c4d284c99e2ebb6241541d86b6664089267d7ea
SHA512 7951faa5a7e02412a1da659c79baf76498cde5a530343ac8826df8eda17e71987c6789d431da9238a6943f266f657af8d3aa34f069c4ae7a743ba6df729d89e4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e3a42dee8fb2b1c06aab8b1d78fb91b7
SHA1 83b774b3625c485c267bec91b806e1cdaa6f1714
SHA256 28dd528941fa5d639e08233d4045b9b33c22bdafc7c0a615bea433c553c602de
SHA512 a1ad3aa2d5a0213acb73c808ef70eed444be9d34d32dcf91992e8d650231df1373c5a002d407e170aa158f89e89bc774126b2ec3244f428b02434bf00d85bc2b

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 2371777bfc255ed3f992fefef7a7e459
SHA1 5de59239484cc25ca0b243af19a76078d9da5b6e
SHA256 4cc03c9fe08d2cca900735843840f5abe8952aebc1857b03875d0898cbc4d3ed
SHA512 d06552d2da8a5c3bfcf4f0cce6ddd45ecfa9d5dd273ea5c4bab42ae62d3f7d4c47b5f7f11d2e671b3cc8e82b053614049c53a56329924f570a6050e033fd98e7

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 d640dc3026ad6b0428481c25a5fd06e6
SHA1 3103408e3254a1f372f5318192ddf141e628a010
SHA256 40b12e937f318fe58d12f6093e3150a84fa74608a941a6c132c0bffc9b88b6c4
SHA512 d46f39da49937620bd0257c068c56c6a3a9106e63d3a439e81b987b9a743a8ae5edc69d3be6b4e68f37c7bcf2f762cc1c9bd4751458ee0fd270e245fc6d379f1

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 a64b7b55cee6c19897934da739c6e5f6
SHA1 b4795d5886ac5e8a4f9501735e05fd37ba2d2e51
SHA256 3fd079c567f90e1bfcf3cb69b26c0e8b5fab80bdec8edb6a5c9555011bcdb275
SHA512 aa82e7f8fee3454e1411627a21a0020b1f78cf73c9bd0f5d1d8cc4df1eae2c9947ed48c02aeb306a7f6f87ca506cea0d62730b9c1e7da875b94fcdbf4a4710ae

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 abda27959058ae652bbd5b64eeb2f61b
SHA1 2eed5eede483738ec125de50dbdd8cabd7150c35
SHA256 e1b3bafe33f1431ce04b00bfad35faa8e25a2ee55c667094923b3ca600e1e15d
SHA512 bba8999c3b3b906b4234c59117273e28c228e0421cb9873a098e9191c0009cca8399fa2377094d4dd9f0b7fadf6376a231efcbe316f80be7050f491e1f444f9d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 87926d2c2a5ae7b33ff97e6588d98443
SHA1 dfbaa9945699f1a6841ed91396745665dc8979ed
SHA256 91ece960847d8b69c0cb372c6220d4460b3b32a2370062c62f7b4619590b1644
SHA512 3511e657b464d24768ae97302e559b3ddece09fc4d7e7804c619dbd9839952d4cc43621a752000ae3f4c4d4b9db0a5ce4ecfacffc478ca101e382a1ebae08140

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2b6baff36aea2667cc81fe2b09ff29e2
SHA1 96cc14926e69e922b1a1253bd743706d2f16e750
SHA256 99591bb7f393785d84f563a6f22bec4d35291719d6725c379b1e9ba5043b32ce
SHA512 aff6fdb399dd3f805eb90e78260e30a0cab92a92736c80162be1ac5a4d98d7b460a6ecdbc8d62962e9fe70081696c633ce8633dcf39489da7c40024cc24a76f9

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 61e2b2ee18e0839a95993565dc44d0a5
SHA1 40945919d044615d0671c987eebba19538124943
SHA256 8f6431dd49cd2987caa8fcf6ac8aff0b4ef423cee5280f01328c5bb24fefb86a
SHA512 ee3be854f7c00e19283918a79a03c7019a5cffc7a68a201803aa450205d52d1cb47b063fcf3b046e3d43444c3543ce5a837f1fc6e9fb0945152879e6a34cec88

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 5ea5908f0c2c41ec2ee92cbf52b032d5
SHA1 b8bc2bee7d80a812ce16e0e808892e29b181ce11
SHA256 c626237f9f074afcf254067af7955b1dd91280535f66d849ad5c2993248fff43
SHA512 eed418bacdfd1ccb2b5f98c18a278d8c4e1e99f73f4877e58e9da7d36d4cec4a27c53f5e7366579c71d78834763ad0ef1c39dc5de8b251b6cf55c91b261e8ddf

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 4b9a59f610d9af7bfb018632dbd17284
SHA1 a59d0aee45ee2a2b517f3745a0f46835f1b14c9d
SHA256 bde283d004f9d544821053a5353877ffa38b1e8157f3165d59659e4d445851d5
SHA512 f6382d9eeec88f046db59cca9bf03a56fb91d3ce10e593232e3c2b8b9b709cb16ccfd7cafd2970151094081ccf7c6ce4052c2da89e25b1b29a6672ab99a797f0

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 f3116daef477413d7af3da5d67a967c6
SHA1 a19570b1e617071c87c708989d0b1f68d50a2ee9
SHA256 ffd1a2190eb11f02dbccf1eacccba40db4d377a827e42d9c127b583b537567be
SHA512 63b839bfe9a1f4bd0861f716b38ff69b4fdbc35ed0c19e80d781380f413d716f6a149e8a3b882c67986bfbfea2ecaf89edd05730dcd22f8733358788cb25b742

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 47c5aeea5e4f2242a5fe7319f3e79acd
SHA1 3b5edb8c27dfa31c404544d4b21f534650c3b757
SHA256 5ab837f32e587d61664bd6ab9b66f34fe02ec32b4603f1339209bffb5de0097b
SHA512 913ecd7ad321b175a460c4f3ddf69782915fc2b2f263e0589421fd51e3ed9b924532d993b4a8fd3d99c0fb1b5fe3041ca0654398053c08397edafbf3b6cf011c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 04ad373da7789e90eb8d92b2d45d34a7
SHA1 9d4a35f7160f121eff8fa849e1a33e9f86e49ca0
SHA256 174277d4e12f300423162fd93fc62ed8b1c72b19e972fcfb6d82763af9313c81
SHA512 ec20936531ce38cfdedb3d4a433916e9e881f8deaec18e42ac314b649c8527e2970c154bdc7906a81f719afc4b3ff4af495647f3ac542376b0a2a430a2a288ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 4226466b88351ccf23dec2e362f8bf42
SHA1 92482c0c4d476fa9cb1f96a185c59ff0116d4b55
SHA256 60485c17949ec80a6f8a292d69884cb8df0d506f6cb42cc085b30bde25563486
SHA512 13fcaf1db725d4af387c0fc566cb8fc33e35c4c60047466b272b6bf471dda09920388e835a9c314a4a0d63d99948560388bb2a8400694767caaac52b2e4e8705

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 b7bf02cb0cffa98ab83e0d5eb1aa2a1a
SHA1 440a250b25449cf35a252659e085a31c171e5c42
SHA256 0c816bbc5d4c9b8d604cecc53a93303695923824c13520fc915c66caf4604830
SHA512 1ef12c50d57521eaca52d5f4986b77000da4b0d58f46874313ec2f4fd95379ef55245e66e6c8412513912df5c00312c2ee88bec89bae3d3cf3a2d000008d822e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 4366ac3285d149842380312312856759
SHA1 884d233c8d8875695be125d3e5d7bc04c0fa8b7b
SHA256 eb9374cd7f957d0c9d11d573326f7e4b9ee1572493b10c0dd1cfdfee475d491c
SHA512 3d2b798fab7dc3c6c0c1d90f2df85380f104de52bfadaecb4cde2ba0c79f5ec393888e7d8dbd55071f5f8acc5d9d21cf8a60311d641b6ad6ab987efe99e008a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 8c7890bdbf7fe88ab4282ddc9ad356c8
SHA1 2dba2f8d3de2f520803e3840733086571649e591
SHA256 15eadb2affe00e437db8471499e5519b7c02782fde5cbb61753118840c44ab4a
SHA512 02d0a13084119009aec5548dd28add9bdee5bb977fbee3fca8d78465924e221e3a0f502db27cc6b2f9e9cf88183fe95f813cd962887e4d08dfcf36d76a125681

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f5f817cae1f33bbd0c94c5b219a9db39
SHA1 9afa62fd5314583d11713f47ef6643f3a8c7e12d
SHA256 0d5965d4e7c8eaf19e56273165368f3fe73421853514df81a40c6fd9cdc23991
SHA512 cdb0cd256caf2ff33bc13380cd1a6ddcfa535744fa8fe5a21e3e8b8cfb3a19660fdae0fe540ce2e7b9e719b196d16d8c5616804d42c3e7d08f3e0012b29257f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 41086b153839c813c9be32bb1904cfbf
SHA1 17d8cc71bb132519189ffcaa3db5bb4f8357940d
SHA256 57c0666d9d1552ca882ca3ff874b25a205745eea4ecacf847ce2422d1717fbd0
SHA512 e91a1414294d61f2e65d8787fd058182826d4112ffb48a4c08d8b4bb4389d622908552d9ed424d07c61c73def5c34d614754a9ecdd5cf3183a2fc9d723c133ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 7c8493314947e3909507dc3595eda51b
SHA1 2581e2951a78e79cdeb9f99439f111fa74ae0582
SHA256 4ec66afa15afa2120f5c9557ef88e65877bfdb24bc1cff486cf2619e2b3b455d
SHA512 95c4e4470967e4f405585e15fcb317f3ba60414b479b18ad87fc883ba0a91e530b971624ec40285de86e8b389ad4470393f57ec0eeb5a53a1f6a6aa960b871e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d6bea3a644d869fdd64a51ecffa1d4cc
SHA1 c387945c6f58ab9b6df8bd962e389976aec6f7f1
SHA256 1cb6c4f556a982859969c251d6f558a2dd136121ea30371e0a97876893de25e3
SHA512 f88c1716580b1e790c62e68b947509748da2b6f79364bf8b11b5b7f5c01a07b4565773b3840163dd6ef91f005cd749bf42a1dc69741a7db291058db7cedbec28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d92cc2f92e19163538a0ae66c25a264a
SHA1 3d188125b72c36d8539598f19c3cc3bef53f48c8
SHA256 9f61daf89649d210b21a02ccf7faeac64c5e44e4c277b69f56282847e8568805
SHA512 35db0720b8bac7ce1e5c3c158549cb6f636796def3ee4f7a5056beda5eca98eed02b1233d49a9ce67b5fc6513bd5dfbbd3052a5dda5363ca61ac3543594993c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 4174f95b16470896c4c7b327d7096541
SHA1 59ea5ab93e8928f2d5d72960f1eaa73e6f8fa1fe
SHA256 933d35d95346150691cbd28696b92c6545d00f066c89c9b430b48c171376ebc3
SHA512 a08e8b9e884b3484f06638af259eafc706460fbc475cb8cff9641889841e9da350e5166263dadb2af0da9d4efeb9fe50f89fac27232ba23bb8fc44698a687374

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 d7bb933ac0102d08a4e2d59bca7ec5af
SHA1 ddead71181be8cef46606bd0ad730e2d767e6128
SHA256 a58cd244cd826549fb58cb88824ead9cc8ef21c9ccd4d9750b0421d3746a135d
SHA512 8766774461ed0f0d2db0c31c2dd5e7619a8449c8e40ad1827bc61a3e82c452e2aceb9b1db8193e0725a4f77c0df2a9b196e55b362ab2ba7f644d392a3caaa87e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 a53ee16db5ddf86b4870070e5c6d7b65
SHA1 de93db75aba3cd26e7e4648aa58c3cf8f43690c6
SHA256 2fe802eba91deba04388c987eb09c7191f736def728638ded501251a413df955
SHA512 8d32a0253a36287f59239bbb3f1109e0b2c486746d5c2766b41eb900a37bd9f83bf624bf671cdcc3884c7e144ab4436df0a244bd683242158a2c13bf7d7a14bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 0c5591079c5b1d38736e15429a39177d
SHA1 caf65e86164d0644a716079baaa3e423695031b1
SHA256 0da9176ff7e4880288a6c692f39fdcf56d3b5dd05e529904a7a8a66146ab6367
SHA512 a5e512f2abaac1bd565f8a7207bf86382aa430c5294625845566d2dc207e41c63b6d661a3f84081704e0a9509e06c5c4d527c3dea7b95ff50c2f8e705f63bcfb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 fba549a0bfd196e9a841b7c2d3363c67
SHA1 19f1948134119edf8420c8f03d9bc7b3bd9a3947
SHA256 526e38ca2ce89a30dcff3f83badff2172e36c79f936938c16723eb88221ea909
SHA512 ee27b3c5d9ff03ba956b30a27a099a044d9378bcdf1fa418472cb58ec9484bc89d189afb32981d8fc34d9e7e6c02100e4b05bd4d6a86aad140c1fa17ddfaa459

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c1f7bfbbf9aa1de6bc3d5d0036e779cb
SHA1 c57b0fa7d39f2db557b4c8abdc8cc7ba0c22bf61
SHA256 fb293ec150e3d8247c869150f03bf9c6465e66c3f7d48afa4a2c5a3e431441e1
SHA512 ba090dfcbdbc55485c304d1ccabd0221cdc03049323498100ace3d119111a21471d8a24a1e83466ba8936062c74c10e37f64032e8deb12e302813b7d5f094ed8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 850d3ed64d6d002e4d46ee3c84faa380
SHA1 976a57fb0602348c5f07e8fa5b379a57bf7c98c8
SHA256 97135907b5f381da3acec68f8d2c56464cc506e3595a9358b745072adcf12b92
SHA512 2169296640eb6dcaf73837e704e6ff665af06d65f6d571ea1f1d792581ffdd40cca1e9b560afafa3d6668e6acd776e5f7f3d591ac829158fc7f57509db1b6c37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 fe4e5b5e24a6188d9b18b05d9ba8ec81
SHA1 a9a552c3d877e3395b03780343e166baa1bad358
SHA256 969cdad3562ec8043f15c191036ab365166a7460eca287a0ed8e936264eea747
SHA512 e0b915f949b7bb2908a780ce556aaea593ad4f939a6dda30e3e3cb8767348af7d4dec7ff1d78fccfda8ab7e6ce842e1cef63d81f93247e465e75412d4c1ac154

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 0a315ebd8c8e9289d79069252f83d218
SHA1 b5daeab230fc4a88551fdea295056b9be056b651
SHA256 e85bc61a2c1b89f98488d569e3ebfa4e6347420293f2dc8c3fd708a882a42918
SHA512 67cb3e5e4de71d88347d83990cb48fafdaccd0e70e91bf3b88d57bdbb4ee9c1adf96c7957ef7a652e0b39911f13aa5633a1e82fe397fd1d5d21c88a11e27801a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 d96c5e6082ca74aff8e38786b61b2101
SHA1 c7dcbc92af59ea39702a980e611d76b8c3276728
SHA256 e6c39eb4f1cb2564c3da4f1e374100a8ea7228416e08effd9fa013d9cb22a717
SHA512 78a1a8ccb491224bd04372164859063e6e05d24aca8da1adc8fc107f5929c59f8ed794f6ad117ee4f9bafd847f255c9d6c3027ee7a8fcd0f6a2f4e5665c266fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 01fb37402756f2e4296d1a18b661e062
SHA1 2c8b8b685228447607cd5b847a182bbcb6534f75
SHA256 c389a0b79dac63b87f85e3ddd76e7202a265c207156765730fdfcb3997c07850
SHA512 7f62a371487782cb519004e9ae26eabcb75fd915f9793ecfe6b632852f6183256f0a6bd96b6c06330666275eee670ea622de76ff510e837a076a73b3dd5c65cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 e40f86ba4b1a7a9affd62985636cced7
SHA1 2edf7b3cf225fc6d9182866ecdd5f54fcf7defea
SHA256 885ed0f19f975707b6b4dd1075264407ee6115c24964554aab875af104fd94e3
SHA512 bbcacef4b7f377010fe3b51b3562454936fcb19b6f2f1da0fa2ffc5a84b3c85a1a28f64dcdbfa44227a64ead016ea91f0a206e2fe6e6ff3c6cff6a190f1fdd84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 b1bcf1c522c21f4d94663648597aa0ff
SHA1 55ba23b17f95c00733e017856c8c0e0ad0db74ab
SHA256 d57ffdad1414876f9dd25a78ad9f9724852bd388596cd2b2406c752dc76c4df1
SHA512 fe0bac43c37681fc1c9bfb29cdf306114dff3de28b8bc0558b1844be14142f723359db2cf873f891f39622cb2fed3999f711d9195d5d4b8f13b2c0825613c792

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c3598791a0dd8aed523e0602de5ab881
SHA1 c35a7145a019fd86d745d0233e4e43044b051356
SHA256 f2f321ce97838209dd550fa41de0448ca1d11629ff5f58825c51a4cbe25199dc
SHA512 107039c76625c8c3c6cec7370915edaa9f80a5f2be1a2d94e021c93dbb196b19c6b8b3dc21887bacc40c9c7fe53f3588b2d3795643bdef2b92d35e899c877f68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d4a84dbef662d3a7a0e592bf2d502824
SHA1 16949ef2ecd2f75df7d546a4279b6c8392824db1
SHA256 7f1e6ca18f8e35061f4cdd1f17d9b4cdea0879e3fe69e5d58bbcda395631c301
SHA512 a54a6eca8b43ee15070c8bd8cc8f25b918b2b8eb0399fc3b6bd44297b565477e3b72cc32a506091500ce3e6fa3ee17549182ac6639115b17eaa1e6670f9240c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 e7f961c8b767498008b1d712bc9fa429
SHA1 f633c269714d895ac8cd1c1f083485f8a6829fc1
SHA256 539f4cf4403194c095c8dea239ebcd4ab5a7f40077fdaed6051f5c9d21851d88
SHA512 fb7705b06b54b4d257a95908fba8ed2861de245a24ba2dfaedb7c23994d4b66db6d76925d5e3add4a4419964aa1b8d238f39b9c6544ad32ca5597768421dcee7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 e570146b5ee185cb2e9d05944f3f388a
SHA1 52f7bd27ca8a2db8d0a54ee7d1533d0de1e3aacb
SHA256 845310a153f8f83978b3d509f6bd537530dab551901641bb3c10138dc0439aef
SHA512 809acbd4d9291129bdba425f0228a312d6d451e1bf292f266920448286555a1074cde6e8f3d6beb90634ef69eb2338dced53d498530372a5e90e60465a950500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 30ce6a173dec437d8fa5d05441bd900e
SHA1 804df49390abb97b6a5a00d4757dff193f14cf38
SHA256 215a5bfc072bd3b207a89d57a5cd5b64b2575da0ad4e0772d08da5c36144c72f
SHA512 0791439f3b488f73381e191e714378fb81aa625337df11d9450e7977514d8774d9597d339831b2c80726772e4586cd84f5a0125c158f72eb252a4f7ab43ff7fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 b43a3e995878801612347f8eb0dcf85f
SHA1 27eb69224b7a41cf6121e862fde7c90d81322921
SHA256 736c5ec882b8366b5579856f4249073944467d255ae6341f7317bb9fbb109891
SHA512 faddfdae2d972a5d9688cee9a8aa82b01a4e1b702ecc97012069e99345a61374e195f901977720c48b13b7d5e32fdfcb160b752b4acba4f945e906fb5055188c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 46c274aa3f7500fa9372ec725d5d5931
SHA1 9ec61d80768dcc56400d3731276e3f2f71da6804
SHA256 0b3628c2ab33b8ff36d994aec40b43f8fc0911b1e7f2ea7f12959fcea2a5d722
SHA512 77c09f9e25df62c85d247a9a5d507ef39bfff7c37d57fc1db8e3f4d0a0a5660311f3f3425bace44df48aeddfb40bd46171fd946c081e9ccdc42c43b36761c20c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 e92a716277ae797f6f494b6739f7280d
SHA1 fe0706984edbe5d0753cfe6d6b1a7178892039c2
SHA256 77685ee1638923fb3654fa63182ac051b7d5c7bfab03788c89164cb3d46da596
SHA512 c9972c1fb83cb256f902f3c7346862e615ada0e627238655bec9726a2100c7af3d709b1194a4ab64557ce973fd1eb4f066dfd1ee8e21456d3cbe7350dfcba14c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 71cbbdfa5d885d4827d3642f7c27f899
SHA1 2b2cea0dfbfc088742c01698330cea3e529a399d
SHA256 ba4cb9d408aef714722bcfd5d2ccfe1f58355bc81658f5ccb9dd9b8d18f6e502
SHA512 db9ca398687327a4a5f6fca45c8ed2ff52da93cc13bbc980033b803df80273fdaae2d7c488aafa9c09a6133c0c0e92ac11362c81ca9713dfe35d6e6e669aa610

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 dbe28b5264dd37f5cea742b9a53d4e8d
SHA1 20a7b642f0a853a3d08132055a823076ad1f8067
SHA256 e2f82d9ae1c5f9f749905103619b02f177eaaf2c3a89a87f5f7a30988a816680
SHA512 b3a90794fdafccd0e2fcad74808e299ac2b3f57653bdc29cedccb3a7d5075f25c9e4321ee3a196693618b59d0c31572346338bada1a67ecacae4432f044cef4b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8b2a7d81cf824b4616727dbf850ef294
SHA1 d152e9a5a4cbfa45313151ee9e0ea895733feb92
SHA256 1fe3bbf90144b0eca9cbc4361686cecb6359d72b117cde83d4616f9042a05244
SHA512 f71aca7914396144df35bb11eddb971f8012fdc014449806a9f24eb937bfa7c4ec9677cde5218ffd6e23dfc5d120182b9ca7feab5a266bef34167e0678f95af2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 90be5b099b32e6e24428ddbac9140ba1
SHA1 5f8ec2c0506dd6256dc30b2ed7bdfcab8cb58954
SHA256 67d0b205878c312e26d1242856275b13f9e9418711174b9d56d666c66b3738d8
SHA512 d06682f0364680d9cc5ad3b478051c05c275dd3e1d508ae254a961b7ea6a534ae9d08e0defaa3a65d1c097785f137cff3a96860dcee935aaf6de1677829f084a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 38c6a4d2e2e193dbd4d4e9359a775fa6
SHA1 77c1c674703e2f3a9f92eaef6d991ca8f70fe9f5
SHA256 3116e70ee938be2582a7436625ccff32ee622af31a5b99c863715e2c0818f2e1
SHA512 0e96cc01168084a6275668f71e4b6f675206e3169a1dcc98f0d0610df222f4227a982690f4488a1f0936529d640db081e9cc6227a978ef30b8298a542a2aa277

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 1e1d902f1d648e54d19f8ff071d0a549
SHA1 f6ed7c9d2d51957cc5d119641693f3447f90bcce
SHA256 9201ff99e5c85e4130cbd2b9f6fff8f4c564ca6627045eb34ea772e4a71812cd
SHA512 5c753d6b8e714a8c59c95539c7b512f923699b9b95a50a1d6793a9dde29cd13feda86cb27298e011ea2ed49fdd2083c34f70fd7e3d0488d5c15d490a662b6f6f

memory/1168-5635-0x0000000000400000-0x0000000000450000-memory.dmp

memory/1168-5636-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 fcf5f59f25aeabe54414264df71001d9
SHA1 5a59bcc06183ccaf8950cc901dbfe80f9b8212e2
SHA256 45832d60cf0643af28e34633f7455289b70f25a841ea18ba2931d9c7dfe8db6a
SHA512 ce782c92302c6c442825d1fb798c3845905ef4c4eeee468ff50a704911f7ff1cc0337ec25620aa320ff7c65cc5804c1d96ce0c0fb714730c3fe376f9861cc46b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 0794fd89cd3098e20d2e25844bbe6ad2
SHA1 43d1cddc0879a19a23108d33bc63b5a6bf1b6457
SHA256 5e4a866c52c5ba42e99c282e6a6960bd879e4fae02f81e56df63f300f81398c3
SHA512 6b9f2cfd76a8f7ec9d7b22ed263dfa7de28734acfc841da8f0e914b51927d87b9c5d3e72b83e502fb746861a69145f18d3c16b8495c823e56214cf106d487c1f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 7fad8609455031258f27bd810b8bb23f
SHA1 e234a798b30d35c4bb0d9502f833c6739d931e20
SHA256 9e7ed5ba7b16b34e683c33b788d6b250e4786246a4dc239d3dd71567647f6b99
SHA512 64f76b9d2d72098d5b78e51e0f7db7359effcb866aa6377cb649d5feece64a7ba8502bf0bea3b704846f42198735f3da863e382c8cb4c2fc489dbb35afeaf63f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 33950a84f056e2797f4841dd2376b895
SHA1 b86ae3dc920ab3771f3867f9a32f31e479939407
SHA256 de126779595199a016eeacee04c7dce7aacb5fa8dde82157655305fe8735aa24
SHA512 f599ee4d5018b47d15717211623f6dc1f52f03c61893e82f7a683e1bf7f32d8521f47269fb50ebdb960ddcabe7f94e162aacc7a7c825736b59709eb065c7756a

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 87d725fe1a7e28a24f8228e55688b96b
SHA1 e1cf01568336cbaebe17b646ebe75a2e04937d21
SHA256 acaaa07e04f29644582ef9d9c16a4cac9097f82902763957e3866b75a0257b6e
SHA512 d225ceab072bd2fcd75c18dff6ad31dfad427db542ff9379da9e2527cceeae9f6bb04d1639821633a8b455de53287360e60254f6454d080587038d50a937fa2f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f28044342d2a7a7e7b2ce0d268d3c1c4
SHA1 87c2cb681fe78b499921a4f8125785d2b74160e3
SHA256 37d36034b7de5ad69fe4f138ebfbe6a6ae7fb0c88c1d5a5e080e3a9516f79933
SHA512 9278ace4e727270d32d733346f5f8ad6559ac15bcce4aca5133de79707ba4c597c7f9b0be0b586afa2361933fdff2410f9350c8e9be1b62d5045c31d0f0107b7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e680e4d57e8da900a75b726bfef0accf
SHA1 9a4322d171c8b5d28b7c09aadc82b1449b20ea83
SHA256 99e84d16c1cd3592903531d5fd6a9b4827b104b616b7230c98868b1ea500b691
SHA512 f808746b33bfbab57231ca1c8ff28b63e67267d3a365c9f9f4b6fd91c96bc6be2e14d815ca1610ab05b00e9a3be5983b7ec4a09ff876d72adbf0d17b2045dd37

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 5c304ab65f76b26a2047acd1fb66ad3f
SHA1 a211c1c759304a0245f3b428131d2c8689f5eb13
SHA256 3f83ed8f94f4953e22eca8314e8c14870b051d14b049ee67206c91e707d31f25
SHA512 347fec9b30d43d3e27dd2d5dbf2ae84f601b9cf00bec6c7f8e9cf9019d5712a2c1b5dd6daca6903f045720e3b0b4b856c4d0a3d51a665980d3bd686f5b0fd644

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e0f81d9d68bc91ef9e53eb5286ee8d9f
SHA1 d528335b19d51a63e841055f1bf07aa837b5f4ae
SHA256 a90660c54cdd2b61863d07cc9889e53715e5da9550b5792d34fb85b7828d4831
SHA512 a6c0dd6241ba122074821b51444cacc902ed13d86d4060424783ef74da187a7807bdb8d22ceab02ef29768b38b83b0fdd2b8a7009ff6c6b08d6d13b2390566c2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 d506ed924369b1e94a9338e1691d7fbb
SHA1 a9b31479d9af13ff541dea951c7e5095e9cf6446
SHA256 c9e0899ed67cfa3aee05a5b6b4a9e14ad7b250236a67bbd32a5d416c15107401
SHA512 1f3e664b77d11a2002283b6768c448afcb4fc4fd090e3c1460a9dda95ce774e02d8cff20584bdcd7b72985f772b9f40b8a8b995ef170c512dbaf810620693847

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 ca8c3905ce4da7acb7d29ae7ce299203
SHA1 1acc896d80af853f05d90df651df2bd0c02b324e
SHA256 27654fe8cdc9e99af8b9d7e5d596edb00f94d3c03175616a71dad9fc1d5228a7
SHA512 653c5317030eb4ea603c87ac316d87f4aa351f86ad63bb976277a1b13aafd9ccc05b98869132f7a82442475f09443b9c2204bbb0c219e1cee18a9cbbddab97dc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 01a1add815fe1e3233113f24318e1069
SHA1 ed91c515a8475ceb2d94200ef788d1f54fb29268
SHA256 53125ef2c632cf117ee6cc516bd54ffbbcea4d7c494da80383df54288ba778f9
SHA512 4133182897bf360b56e4c32dc3449d8071b0c04711a7bc317188db3cda6682b9ddf887a0a309344cae1eb8195dd271b0d54727a098c24316f06654e3104b28c3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 67f21661f3c003c8042030a5796c6a72
SHA1 3ca1d9d2932b5bff0141b392f40916a84e9af5fe
SHA256 d814c407ff5eabe3e86f5114c15f33af792f3a7d02efc1b0d98ff5371428f2b6
SHA512 0d6f3d920ae8850fe0b35f143223ef015384662b3b02fdf1776d4034877c7b022d18fd787df8bc41dff81e74a6c1018bf46373db7419302ca546f0e997dd0764

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 2b471350e0c8e1ebca3919fd8709de76
SHA1 686bab43bbc770b7b5c672e24f145f4840a71800
SHA256 fe625d5a377774ec508d73f922baa170b790d896967e22571fc71a499f0f1f93
SHA512 995ea712840f970461adb86667abe0eec2d41c0fb5a8e4940d9e1acf5d34c79ba43785574fd4de6e97611828fd22d8819e0a787cffcd8524bb8ba096b06464b7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 bd5479ca56236816abae5b2f2103fd69
SHA1 ab2b0cdb45068d48aea9cb825a10e27f2b52f236
SHA256 f6d97cbbde510c9ced3857a7e5758d047f537caab8fb87223f3d4ae15aafec14
SHA512 08a4ebfd4c7e0ff27798379683542bf7a478d004beda2038f6eda8f508dd025d92d27e7507e803ad5f4ac3844516c1e027870423afea239d5b657656fcaafcbe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9ad2610cbcda12f8a4be899c460bd480
SHA1 765713e032c809b771264fe0fc69d2dce312ece0
SHA256 f1e7f18cabd118e86c91e1602f0ed9e44bd7aa79895b201b861c189d9ee8de22
SHA512 28b5bf10215f9785012f44a27b6967594598bd0b339aff6e7b77c045de8929147318fb020cba70a424195736dca0f3dfaef23db7b2dc337e03ab18616772d6e9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c3666442dcd9435b85c55bbee424e685
SHA1 b5d6460a6b8f5ee62467b7da38a702ec64a49ed9
SHA256 957619ce72832b45bba7fd7f9d7801099b61494c9760c7dd1bfc6c3c06c40cef
SHA512 9a01f534ed4616045f6acd5f1746dc2f0d9bd2204a0a94f969948c1b5029d962b660244e641ea0d0aa3d11f1a1d387e285ba4c7d1520ccce0c5759df1654a2c4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 77e33ada8c7a76f0c627e1d4cd2e1340
SHA1 fe5d9a428630ce93f95e36658d0df00724046f23
SHA256 c8d41d188080f3e6299f5329a2b9ec2befd1e9c796deb7dad1cadb189d284c1f
SHA512 7d7b2a1007ad9ad2b627f0fbbfe70c879b164ab765118532857cebf30c42a89f48175feba5d1b5c2ef9d04c622aa94c2496d7916c569b3d577d336bbc1e2f54a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 aaca4be2440d248bff88c1dee8212e4e
SHA1 9f883333923252364f5bb1286ce8602f33b95807
SHA256 478fd058fd96a2bd44c68e73a5b697e854396c766ab5ba556112d9cc73d0134c
SHA512 1055237c2206ab9efb910d10d6e5f2c2f5aeb8079268d0d0687173de63c3320ab6390e681b39228ac6a9fa225686c411bf5fe641042b589a196f650077915d03

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 52e9192fcdbb10961cc22368bba35ddf
SHA1 3fd4d69fb32ebf2aab0491a264fb0e89eec89717
SHA256 c5de11cf382ba7c51b54bd201e682ff81027bf84ae7548eba1d0abf8778d011b
SHA512 ef43b100b24177f4e2f5b3a672facf213f12c3adfbf16a2cafb6a86608a93b95bc16f62ef4f02a99be6fb7a92562d5a93f7cac0ae916bf1afdad4ebd2ed8e124

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3e65da9dd7740527ee1980380703871d
SHA1 0c5bd06f4a410b216a99e1c44aeb61434df50d6a
SHA256 23ed93d8284a5e765d8c0ba73a790b6a8c68eae2231e2accc74c87cf765e60c5
SHA512 9f6259e44f20bc8d66a3e250c5dce2526cf3d6918a359984e5a36f09f87d5f9eac9d59c5420095706dde2ce60ecf530f8d4967feb5ae140b2bc3300dd988e1c6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e95a0f10186719effe59b9dff2be4295
SHA1 694a5a365160e20246d40e3eeca72dedf73d6079
SHA256 bc08466baf791d5f04561349ba198d31ba947933cc3b8e31afdc72caf0cf896c
SHA512 523e0a34f1aefd41f0aa4c436ab5571f8d151289bc4e2e8e6a90ef7031e1518eb8206e2becc02dfa7a91592a0032ab7ed5ffc3404ea3f4aab62f035bc6852239

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 86412c6d1311a843c4b49dddbdfd3543
SHA1 700bd3dbacb2eee033ed440a0c3abc163988b653
SHA256 7a26e3396a19db00ff614bbbc53b978ee47ee665ae541bf5a2c87a6120d1af1d
SHA512 5788033983a8d4c4636969dc65d2a4c689751469ef23faf1bbfd4983ab4847dc081122db0839ff36e4d4e1dcaea5c315c527f2a2711b50c3dedc6d34dd221a40

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 b2f6cfb94ad94851e6e6f4462b55e1ca
SHA1 bd83348bd6121fcd430ee8eae92fb0b8d0d93a76
SHA256 c1b00b67ff601e0b376c3c16ab1aa86177538578dcf07dfa52c8b38ac4f57d8e
SHA512 e03301c5bad26f1b9bc94b320ed24ceef777cd8cd248563d3f06765c7bbe2e7202f903f75201f61ed664819459de3eab7e872b765a1e2c80ead5d8646624bfdb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e03fc24df80ba67a3faafbf01118c3a0
SHA1 15e2b5a9d8b57a0a673d13d03006bccfd1904af6
SHA256 8f575eaff3fe609f47ebf553dca6aa59d5c4e33bf688e4259357fd01be10f328
SHA512 c3cf154c066706df66a5401e7984ccaef849153ce5c9d0f707eafb3dafa71f97f16162ac2cae4998968a26da487f1d2f5701dee48aebeed66c0915887cb0e613

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 7d47fd340ee25870ef2f3d7405656251
SHA1 ac5386f164eb6609d6282e1687de7e15c641415e
SHA256 2db7c055e8d3a40f3bf468960166a7c0a9fdea9a3acd3282cb4739c10281dc08
SHA512 a5c7554d639fc81a3b46e22e3d80c8d4a05849b478dbac15e4189a4a92f64711031d45ed1128160872c0af0d194cdd9234c582ea24d2c70b31270e893cf07a8e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 20f6faa160b8fb0cd0de1465ca12611b
SHA1 8cdd8caa5425fb12585d56b57fa2e6cfb2015a63
SHA256 86b3348ac5fc8d2d646d67ed3936e4e6ee51681c56cdaf67420e8f0642a044d0
SHA512 b5dea2e5ea89f06c8565ca0023070eb9535c5c1dfde6f664bc7a0bb89cd7208f5bcf98f456dcf848df08cef88ba8e58eda5f15a6e8dbb03330d6bfbb45338fd0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 be1100c250f2df4b94ab8c74a9399dad
SHA1 a102535ea1408b68a5d0ec354fb3e672ca321fde
SHA256 3056f2c8fba151ce8d80b70f49639429096c71670d469c721c0a1246cb175da0
SHA512 5d0eacf314e93049206b7e9633c5182014819cc9ca5545fdc1e9998d04594fd1b461e906dc0e89935129f1deeb0a46996fbc459aaea73e966c411f00256dc817

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f15b5ae8185c7b93f0a0191e6a18d843
SHA1 eaa82138343870da1210f401a4e8f4a5a2e97adb
SHA256 d0ed910fa02355839afc8974dc41299f4bc842d74e1703d84c18320f73ab2814
SHA512 64872669ca0584abbda09267c1bf262b28a5740f76690a7b3294cff59760fb9d652765ad79b22b63d87fb178f7d3a62a430052a5228f011dfe12bee4028a5f24

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 09bc329a22d26e3f856e57fed868962e
SHA1 f829ea1252c8d8b2d04bc8d62dc347b0ede03e4c
SHA256 8ae3f42de94ae86ff1b97573044c7dbc4de12efaca9ed1e207b253fc234676dc
SHA512 0f7221c9e3d560b0ed14a42189676127da89d81dcb356274542e21ae95e37076e07f14963abc0a9b9368f25af958593cbe4eef6e5aab28f89090632f53694ada

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 2706bf34f7abbc72942afdbd6406f549
SHA1 ac04e71b0669c56f6eb683457fa81110c254c80b
SHA256 70c5f73474d069b179c55a547d5fbcc9bfbbfabd166d711d2fa6d3763b2e716c
SHA512 f53feb0c20169c9c6889a15f6d121f42b0adc6c74a3d5a898b28dd7e32cacfd84fa412706e2fdd9a5042f368bb4a561bd892268549c43c6c8b4f938e333ab800

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 6ff35e67a1a936908fbff9838b4968ff
SHA1 1bc0ea93ab6d99902112ea4f2efb5d1ae5dc20ee
SHA256 0c13080ab28a36457fa591c8b1da97fa391d0f13c1087336a1754e1cfbdd2a1c
SHA512 f9d503f803209706b0a04d6f314bf3a207d8c212a9b63c2ecc726c6f7249d683dc20c400738141335ff035c4d11413b07930c81e6d256a15c893ba876043d703

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 ffaa923bcb29121b81e9d98b999003f3
SHA1 52de75386c579702929f2f797899e172e854d1c0
SHA256 81b089e0763106a9005359a5906486025b87187accdc5235677f787c4025154d
SHA512 4948a2250a2cb26ccc06fc8f80c45e109b68a8c4d5c2a487ada23370531cfcf861266e17baa99b3e7549b030389e8619b4ce4a2550b41976e2c64e7b78d1da2d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 9d83a36d6fd76f62fa44b918031d59c4
SHA1 7bc8dc33891264f2cb43371908ab55542ddfe661
SHA256 da18a9708a4767c3bedecf7bdedcd69eae9d774d5611d26edbd1a2cc2a01236e
SHA512 fadc7cb08e4d142bdc9daaf2a6ea3900866a0e0d577a7487a9599d990c162b18b9669cbac5d1d6c3e8d6fa3d60eac9c422ff7a7d50c15f7614b8b5f696489498

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 752f8fdee95f0e283326b95055ab838e
SHA1 9a3297db93a23d55bb84ef0c48a8bd32b2b19235
SHA256 68ea5cd1c47cb141374fbe52b32fb29e1afcd30f100129d782c3569cf3be3ee2
SHA512 df895367833d173489f5fd3592a5661fe9ef987ac413c33fa60a8723479ea06da887656bb6b04f15f4f60a6c6599c6a811d987bc759e2d0efb76a99a1ea284f6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 bbe55887d060157d75951b253af9e1cf
SHA1 3828414fdceecbcbbf82e18437b5447f522e07bc
SHA256 0e7cbedd39b876ad25ed44f971bd4956dfa1ae2fd8fdbecba027b9edaf23b026
SHA512 29539d08884a6d5ee46f35c6b09e471289b33e054ca8194d4b01161309b9ee315a7424cc42c756e48882046dbc3e927a0a490b4c19b850ac79e74165b4d8b7dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 74cbdb7bd3f44688d61e9fecaa1984b9
SHA1 46b771cbe800cff51929d1c530e3e802c4a0af23
SHA256 a8fa537b5ae5e17c635d2a119dcab6f24a803e8812f06cd5f629010a8acb2709
SHA512 9bd5e948ff0d7872e2e40d439d252aed6d147fdb2a711fa642597bd3a66be002259a2f084e8e26358ae528f6efd06ec97290ddee1370d088896df0533f1e6fd9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 093a0022974049bdc382ee46d4f778a7
SHA1 aa3a811b48085fd14ff5997e18b5d046ac828a53
SHA256 37c88f632939b4f4166cf17fffbcc8f3c7414447023282b55011493ae013c240
SHA512 68ce67433b0ae54fb7e29ed79a9af13bfa652900e728b115f8940342f9cd8119e9e65b4238a0d13b0f71d94207b722cffe0994d0a294ed2108ecc2f73458e15f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 14fef40ef175edbb0468bd679073e7ce
SHA1 b4cad04eb4f99167a0e0578699276986d479b3ec
SHA256 defdf3a7db2b370a4a4214ab6dc29256508737a5808dc343400a45147128d208
SHA512 303b4de07152234e21e5c75d4e175215d80e63f2e042a1ca77b98c02ff1bae6068821bc9903fede18b05c40af366ea00a67b69b8bc63c70f70a3b3b5dbfe6446

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 de44c74cd7d0f259853abab2d1866db5
SHA1 062303fb82b08118f9afc16926410ed862d88c6d
SHA256 61b89bfeac6dcf89f62f45ed079c1658083af02ef213e1077391302bf3541212
SHA512 bed7172a97e7560ddc7273feb100ad99e0042ecc93a1af94ef8bc599c452231f1d0d6662051bd980b1ad6c37de6f53b8ed9835bd9101b4d8fdf45ca6153f6e5a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 40665a8f9a2b96212bbed6242250aa46
SHA1 0f1bcfc93d23494a40ebf6646ecac34a7d02d373
SHA256 5750a1ada68fbcb2c7d659016dcd8997987b8f414befd2b0cb3526d92cc0fbd7
SHA512 01979b5afffa748942b0646089413e93b067c5580b1da3beeb4c62cc0f664529b3d9c1dc857fdf6106f7fb503d34b38d78f1c8c44f4c1024095e1c23f5f04d60

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 adcfda866b26bd65b1e940038bb91bbe
SHA1 a414ec5b962236c957ab46ebe06f4d0494a598ad
SHA256 2502b3e6914375f630a39253b37b0aa59780fddd34654adf376e48c6b4c6b073
SHA512 c7d8704b4f43ed690225335ebdb32aee949cd81156b4a741489568e5fb96529f2864acfee08fce06af39bb34d92910947defcdab8e276d105a81defd0a8ba375

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 8ef1fbb2ae8c9131081cb4c27f7dad2b
SHA1 afc697f02c65629763ca5a8984981c597d12067c
SHA256 fa0c6e1eec6e125269e7fa3bd9b1f6561445455005672f5aff307375da9048a2
SHA512 5049f8b2652e85fb40b16f3c36c79d2f11c5dff8196a7ba0c2959633a67f6fed6497fd052e1e762f0bfb365b8cf9ad93ce946f5f22d959915f8190f4a59623fc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 2ad9151542db7f387829279bbc7ace04
SHA1 9956430efbd166326767123cf5e45264038fce84
SHA256 d5e5d0f3c145bcbec15cb360c882872668f1d34bce535f5acc628abc2f37d6cc
SHA512 6c3ba68f58126b92683746a5f966710f6db83951fc48d3c75587394e332b89d729c46a8d943c689e1bc36cf455bc83ff7506bf84ebea6ea4c3e719e061ef34c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 aede67bb3f9eaf446d443f28c6459081
SHA1 52006c3ed9fc0751d2fe9bf42dfac43ab3c1047c
SHA256 4c8cc6e3918ba63a90f4d374180e0e9b7c04c83b38b814eccd5a210ebca76f32
SHA512 9ece0e68b7968765c10508bc705cc2f655291471c828edb4f2a8f95fcadc6409b04c5240898d7d504f772d86c491e486e9622f31df33e38cf1880c9363a98c27

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 cde876d3f124a221fed470f60fa47539
SHA1 54821b6001c948a4f16fddb06e0a92e737fe6b48
SHA256 cacc60fdb15083e87d13df752591f53b0ce6b3b453073c4b35446605e4356e39
SHA512 cb81b1118e09ee1280653e9aff276f448245fb300411797c2e8bf743a983c7bd689930dc343e25ef32885fbbbddcd947514233941de6afdc5d60a5363cc12cde

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 b47f31265e261b1a07da46ac76ac7d22
SHA1 c8605e62878daa177145b6872f35f1eafc2e8133
SHA256 f2260e8dab8c06603ffaf96f29dd680b4ab2be0391f9b3a2c90bc88aab081cd7
SHA512 55326c18fcbb8fe94c4b6360b27aa8e3d3c184e9e19cd6a15447f3c332a7f8eca2b1a7c004004149031fe15c44e46368447ceccea02b0aa7b0100d449996f2f2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 57b2696420341e66ff82b49d6ec4eb1b
SHA1 a266d4a27a38fc31551ec4b8e5ea2c985e9e4d12
SHA256 23c0526595c8206aecd8707114cd74ec3d190d32848ef9a38d73550fdfe2026d
SHA512 cb8475c694bc2c66e0b7d41e01f27a293cfaae85a0f4dee1f8a7d772c094b2c76481e52a20905055c3630cf9555387b6ae1ab6b6b243035b3670fba2bac25922

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 7decd5ff03282ab9acc9c66ead61b968
SHA1 85b3bdaf5d13ac57b362c93be0af2848dd93d9c3
SHA256 6952feeaf23dfd9f1784c8c675063db596ea3d9ae35d6efafbaaee265c86584e
SHA512 55a0f052ca1b9323562bd396f7f48e6a19fff5429ad5d660944701721a966e36c80e17309a56de1290c7b2d3dcd47334109060ce8d23dbc72ca6f2f44b59ef96

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 f409b1093b725877abb76c3ec1931e81
SHA1 58e10df488afe25c8fea09b3fc3aebda3cb34fef
SHA256 6b8f94c4e78546c62f436b646ebbb1da3cb2103cdcd61a58805342f197c308ed
SHA512 8cc1f0cd8fc674abb61f3b4946af96507f54e72b7dfcbb78db50490c90d962604da9aef1f7b5206eaf28aa7cf8738a0975ce818aa27e701c76c846e6f6f89f7c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5fae50a02a42c2dd269ff2eace1a25ef
SHA1 fb73869c53c81b662d09f4601af01fae9fa970db
SHA256 cadac43a45a5d1a355f218a06aa970d84d22752f597942d15fc6e9e029fb2b7f
SHA512 fb37dd0d6552a0604a1f7a37205c9708e076515b8b323e71a15c7aa2fe7aa9e9b6cd941e3202495e9c72811a956103c822d426da5743307b6a67b253c0bb37fd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 eda3cab9ced4a9b4fc04ab1b475376b8
SHA1 66b1023880c86dfb5d6b98f031c112f571fd7f88
SHA256 33e3f8cf3bec08a579e56d6fa47da0d96ece9bd25955f017d649e584f99c3b10
SHA512 8cb82f6d450462f97e2bd623ff910098bf3d385aca09eae184800f037ba618550592cad2c0cd51e28cea5edf2129a2177fbd46c42b4e9532b6cd9acde8dd6b4d

memory/1168-9901-0x0000000000400000-0x0000000000450000-memory.dmp

memory/1168-10877-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 abdf8a1281122e48586d5c13f21abb1d
SHA1 a9ed881eb2324058c9a6a91842332d6fe440e3af
SHA256 4e8f94796fa0dde72ed62e97ca3b60fe37e94802b9a8c6cee68b5d0bad0eb3f7
SHA512 ddde1a255308a7561dd524d08dffa3db7306f0b280fd4b363e7c73fe84618097cb6d45fadce94830f5cdb0a5e55f30f262e05019ffe84a7bff4025a4bd9d24fa

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 df8224345f2d6782bf3c7995571ca235
SHA1 483b7bf265d0b06f538aa35e26dcd535de51db26
SHA256 fa0c9bf62877451d292812093dabf9af5bfbbbed8bd4e3c486e2b56eaff9670e
SHA512 76b092476ca6b944b7ef221915970d782ab2b4cd59fbc2158e71d6c825876978d286a7f64998b6ee4f7b0369ccaef42ee051715879ac4995b5f42b680f06ef9c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3279e308178e2b88252d2d1776b2048f
SHA1 766ab8e682550a6f2076c55b14afafc6808389c5
SHA256 7b05f91c3c78a3c1f869d584025ffa2cef8fb248be7ade9517458b109dcc188f
SHA512 9cb3ad6066ad0a56d10a6080a6fa51158bed69be1df675b600a07cd541517449d1abbec6b9d8f66c0143567a728b7ee9dde85d80eac5f9f5b34cffcfe957a800

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 81c381d7cbd1b1df3815855101df6327
SHA1 181883672998794334e7a4156401c55f408966be
SHA256 868d66d69ecffe1b4e35a7eebc1a231aa60ed597ed174376590d0fcbf9c81678
SHA512 5fc7e8df0270f62b870c1d8761d381fad0c2de9510edc5fd51a4039a9bde93b7ae4ffcd039ea2b19bdf9c7a2e390ccefec7b7715356fa4d623f5fd21613dabdb

memory/1168-11212-0x0000000000400000-0x0000000000450000-memory.dmp

memory/1168-11213-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 e929cc87c982e784219a221a44a70b7e
SHA1 bd0c042e3d20fde8d89025da7a62165f4ff6dbf5
SHA256 508dd2ea979a935fb27da889dcc765f6350312052ce8c328e95d1f8dced4129d
SHA512 d44feed0977321365f9d64ad4bb9e0758b71a74725dbb33d558eb4a7b56a7fc55785ec950766286e16859721afa0076c5b49f3fc9e89bd3bf81f059191e45132

memory/1168-11218-0x0000000000400000-0x0000000000450000-memory.dmp