Malware Analysis Report

2024-10-19 10:42

Sample ID 241008-mmkyrsshlp
Target 2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118
SHA256 7373393f8dfa7f01ac42b42c92b33683489e99605bd2db2339aee7daa57924f6
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7373393f8dfa7f01ac42b42c92b33683489e99605bd2db2339aee7daa57924f6

Threat Level: Known bad

The file 2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Xorist family

Detected Xorist Ransomware

Renames multiple (2548) files with added filename extension

Renames multiple (2497) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 10:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 10:34

Reported

2024-10-08 17:47

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe"

Signatures

Renames multiple (2497) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\colorcpl.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pnpprinters.inf_amd64_0c653d53a35b896c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnmngr.vbs C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnqctl.vbs C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dpapimig.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\write.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\CameraSettingsUIHost.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fsquirt.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prndrvr.vbs C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dllhst3g.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\auditpol.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\inaadffikknaacpp.bmp" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_whats_new_v1.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-200.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosStoreLogo.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-100.jpg C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\Icons_Icon_PoP_sm.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xea23.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\167.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-64.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomSetupDisambig.jpg C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jsaddins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-80.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-acledit_31bf3856ad364e35_10.0.19041.1_none_1dd28dcbfbef7cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9368c95f5724cc3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_10.0.19041.1081_none_491d51c316b5ea8f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4a077f22be84abea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.844_none_f3894559140c31d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..a-casting-shell-ext_31bf3856ad364e35_10.0.19041.746_none_b848ba69842ffe9a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_edmgen.resources_b77a5c561934e089_4.0.15805.0_de-de_2bfe7bc15a652f77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_it-it_672a6a2783e60b27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.h..agnostics.resources_31bf3856ad364e35_10.0.19041.1_es-es_65d30ba57617e51d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.hyperv.powershell.resources_31bf3856ad364e35_10.0.19041.1_de-de_0b489301cb4b431e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..izard-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_1687920e1b81dd7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-mfc40u.resources_31bf3856ad364e35_10.0.19041.1_en-us_7c32e636b8c8e72b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\monaco-editor\min\vs\language\html\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-payments_31bf3856ad364e35_10.0.19041.264_none_3c5559db7416f46a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.84_none_e4c76534c11fd2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-aphostservice_31bf3856ad364e35_10.0.19041.746_none_33374e3aacb7c6e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_it-it_acfca3ffe0eaab8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_es-es_80c64f3b2dac5ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_uk-ua_0001e86afac803a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.19041.1_none_af96916428136673\mobsync.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..aryauthfactor-winrt_31bf3856ad364e35_10.0.19041.264_none_c3d04ed728f82ba4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.19041.1_none_8a11dbe22c9bf6e1\msfeedssync.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..rymanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0e39979eccc7e2ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cloudfiles-apilibrary_31bf3856ad364e35_10.0.19041.1_none_3f28d2502bb44e25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.19041.1202_none_33e8c5dac6801a49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_windowsbase.resources_31bf3856ad364e35_10.0.19041.1_it-it_4797c8648c9e3b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tion_service_iassam_31bf3856ad364e35_10.0.19041.746_none_59a8ae5eb289884b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-bootux.deployment_31bf3856ad364e35_10.0.19041.746_none_1c0a97992f105d4b\r\bootim.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..memanager.resources_31bf3856ad364e35_10.0.19041.1_es-es_5a4ff6b3276fd74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\clearCookies.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-adm_31bf3856ad364e35_10.0.19041.1_none_bba6ca982098d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.reflection.context.resources_b77a5c561934e089_4.0.15805.0_fr-fr_f0679b39e8b12cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-webapi_31bf3856ad364e35_10.0.19041.264_none_f55abebacbd4683f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\retailDemoMsaInclusive.html C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_145797bf9bba159e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm_31bf3856ad364e35_10.0.19041.1_none_5ca479c80833f252\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..indowsuiinputinking_31bf3856ad364e35_10.0.19041.964_none_d7a4e81d76688a14\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_es-es_6871eca24b40d9a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-playtoreceiver-dll_31bf3856ad364e35_10.0.19041.746_none_c86987e3f50036e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_en-gb_1dbdc338c2468486\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-9.htm C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Notify Messaging.wav C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\GAC\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-network-security-mof_31bf3856ad364e35_10.0.19041.1_none_6c409dd882170ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..kcontrols.resources_31bf3856ad364e35_10.0.19041.1_en-us_0d940bcb0cef2392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.117_none_4d353cf1ceb5d6d2\f\notepad.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ncehost.shellcommon_31bf3856ad364e35_10.0.19041.1288_none_c9c1f87300f820c5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d2104853b0241561\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..rastructure-upgrade_31bf3856ad364e35_10.0.19041.789_none_3cc76cf1163eed8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Boot\EFI\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..-socialrtcomponents_31bf3856ad364e35_10.0.19041.264_none_b9643e8f2a29f875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_10.0.19041.1_none_fe54aca2ab1a7757\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbser.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_25eca2a6806abe40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.1_none_2305f6cf48d996c7\EaseOfAccessDialog.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_10.0.19041.1_none_677a60dc537bd64a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres_31bf3856ad364e35_10.0.19041.1_none_321a321236e44693\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rdenrollmentmanager_31bf3856ad364e35_10.0.19041.746_none_ce6bfbcadad4054f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_de-de_016a67c74f771486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.porno C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.porno\ = "AFZBCNZEIHUPOAG" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe,0" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 ac69af47df8ef098d5686092ce8f9f10
SHA1 2e60d0057f0bc197f792bf855fb38ac07448a5fc
SHA256 bb7675abf95f706b88fac088a56f5194db57415e7ff8433097ed96edae7af086
SHA512 dceb24df89f0855d439d3ed461cac17d56216b4c0b7348c6623d8d92c32f65515713089021ee621f7c7de5ba6437889e1e6d4bc041b6b2c61907ae5e1fd991fc

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 fdc4ad8a327776894a38106dce2dcd2b
SHA1 bd33d3b2be110fac8a22a16e1898a5d765d7bd31
SHA256 b4d2b326a2ea3f62ef00fe2d8642b2e30728ff98299703a37214f349059ee673
SHA512 9bbfa2087fbbee60e7ab1202d2eb5926b4e660d10b207e0889aa4ee87eec7fb2b9998b7f62ac18be980d388565473908c38d9be7ace9229125261eba55169d7f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b2b4b8958f489abb4429e7bf34dbb9d5
SHA1 89394b03d10d9823aafbcc082675c2588e9c64cd
SHA256 87125862457225dac9fa991086da5043be4f66f4c8a3d17e5f9957e82dfe069c
SHA512 907584e168fada92491c37cba861994ddde9f89c87f00fd7359f33d295259f6f2ce527636bda192ef602d3925829b03cbc0ff91112c9c2212329984f9ad718dc

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 917fa479ac9eebff22d67685ba953926
SHA1 1939674a45308c32df13fac55fc2ccb03875b224
SHA256 0d5f3470a47192c95e8964b3844e4171de4a3c3171860a24935685cdc4d8f83d
SHA512 d139bf24ef3ff2f9e80394a8d222dcfca1a6fa5361c52308f2a6da9692544354d0517f05dc24c1a406ba51c80337d11216f87058cc3f8ff2cddc18a09cb420cc

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5738dbc5a8c29ef8c0896baa090f7b21
SHA1 746a032b78760a71b0835be337852d43d94f5ecb
SHA256 c3c24b4559287b5f3d1347158f6899eabdc810e50b8c37d2123f8584de93760c
SHA512 44f79823e32ce5327f62b7100fd015d73bdc0afb0ccda33e76e1042c618733771b208d2ff4e58ee8345f4dea0d7b263b264e14162194797b5bc758c7be675dd8

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 8019f11ae3d115df48b7f2d795cd7ab1
SHA1 4a52f36aca8150e2294ee19fa952328bfc9a0dae
SHA256 ccf0b1f20dfb9329ed74305453439a7a7c9992bfa8230ed14d2c2379f037f54b
SHA512 dd731f123fd5e5eccda3a9e9ce43da28b6da138e75d4b0b878fbc63072aa4aede79666f231363b5dbcb9bc8d20116cd3b87cdb9ac66a4436da48c3ca16fd7968

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 8ea2d2ae5f3f92cacfee4254592b3a7d
SHA1 3c10f8e6cf5156634463e12170561ed8253a384e
SHA256 c95dd949301ae94aa37823a36244a1f2631f7d7f5ef15f874bf108e8769ea5d7
SHA512 9af3c899c354c99e3ba13b87849e7f251c484a465e13aa62b181c56d0fbbf0ced4e973dfacf335ae71385887211baa19b5444111906eb21a6ccfadb20a36e983

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 b0f31ccb7e0d3853a2efc6c223bc88b4
SHA1 74dec344e18f2f0f5e636b6eae75b84d1bf5a6ad
SHA256 5252efa9fd101c1fef872cf4d28425e40c2f04eb81e58f30f3f33b3172424d21
SHA512 1072a39dba0056dee570976de8a0c2b4358a04c56f1ea12b010163e517ac15c96364882d148a200af1dd4a14a9d47af92adc362f1d84dfbb15a24079c10c0f9b

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 cd78713b1c35c68a772d45450f100b7b
SHA1 a10e6ea14f9fb2d83c3523d82bd23bfbe02d1a42
SHA256 d665bb62b529c93f4b8a47d539a0a55ad8bcf51f1b0517e8b14a47a0ef1f65d0
SHA512 86377155c40496fb9f84ae20eca3fb8f09b46cecd1385b40d0ca9c600d4524d850308cefab5f19ec477f7f5999e60521753244dc69161f52ce17d047b0b991a4

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 396f14fa238737291e00e71434718cc2
SHA1 41b6e4cfe431a5a334d8dd83b4c9a5f297f68adf
SHA256 adf61a87ad8f13f65206787fa3ae2d72d1faea5b14b839f27c0935aa1f0f927d
SHA512 b79ea935de632c77a5a15714353808b2ba6118aae1a880e25417f5fe35144dff6c381611e1265273079e18a6385f4ffac826cc205647764d27879654c677717a

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6464f02499a75d81ea98656354cf4e5d
SHA1 57655808e6a5badd04d866d7e464e2070b24afd5
SHA256 dcfdb11e934f77fb94081214f668e708c7ca6820c4d6df344d004a40df0cb962
SHA512 61c81d1b3b3e3cfab2edd628dcc72de68dd03f2f0bb5383ec1d836beecf14617ea730978af70b1552260ae211dd9ee91ba3342b506d6b32763a7e9b28a9599bd

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 ed4c7461a2d1669d542082dbfb2bf17d
SHA1 8dd436c9155524dd7ffa219f200cb246ebe887e8
SHA256 45e01a83f82fe14bc8799cd6841a7e3b7c2253f370e0da10d6ee19c354a36ef1
SHA512 fe26d61a47987ca2b73c312fd7c3d90465c469e7c24adac9dba8fe771ada6a50f0c3a7b0ad04ed97f88dbee1f21493ab91cd7ea3e25f0e0f39351b525b9bcd84

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 d271d894b37c2cd3afa02747160d6299
SHA1 06eb872a61c32ba53d05d5c7d6b593992cf4c5e6
SHA256 b3e504b3bd83e5baeb671c920e04d30ccf0850346fb212a779363484d956b59c
SHA512 6091c4b557b51c51380822d81e40e6517384774502bc9f5b20bdd84dffc21a126d674a67c2fad1ab96c2f9d38148fd7ca72e55fd6d0097ddf3c8c507b91b04b6

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 da20b0c177dbb5dd71a8d679f690fb1a
SHA1 2619d7aa4040ae85826c4042606af893cc921e06
SHA256 ce08aadef55f0429ef955b9d6938ae7b802cbb5735ffc963ea9a6ce0a6a5898e
SHA512 ad487d6333aac764b2d5482b6baba15f88dbb1785e427f09edff96a4922bc5a3b4984e51e611abfc5b3f7dcdd23799d45e6bd9b955685e2f728f88bf0c03f1cb

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 afcc1495569f8520b05b179a25721d1c
SHA1 dd747c361c65d483c73148a3811bfe509388aa4a
SHA256 3bf93ce733734800c888f6107195040e04874af04c7a5f479ac601af245915d9
SHA512 88051425ea2de54b046af8f3508d0d5b679004b20852c13385c43b70bb408768749e8906c8a95a5fe0f328db88c2dd53da135352891baaf53b5c6a6238b45359

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 e87b96cba852542c76098cba42e50fc1
SHA1 a287ca9daf58fa650049e23ca367af729be18f51
SHA256 a1ef197fef08f4be54507f21d5afa66049bfeace8f6df3f3a959fd6bc09a6ed8
SHA512 4f1b66ef06238075e8b544729a01414730e8cfbebd6bf80ea462e8c96fe0505a8745451c21740072c7870523031dcaf0dee747cddc2b0e8a492a84d6951747a0

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 1977b4026f35c87a8e9642a3ef746d06
SHA1 1adf269f8b04714ab0cacaca2ef6683bc843c684
SHA256 016acd7b4a9d57913f64b28d74b3db0eaaff4a5419ecce8da05722c47cb0ed8a
SHA512 3baf62d1e9b30c5c985e6cd7db0e74efd6a72310d0bf899d96a0aeddd26ccc031db37d180fa4f681086201f39b710db6dd0fe567854eb0aef55467b09d79667e

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 280be3b11f062aaf23b697f5b05d81d6
SHA1 c62ea5daae07f28448f939a5207bbaf7cb4ac5a8
SHA256 bdea07b85bc66982318bf94a3b262e498103f3ae4b7a06ad8d121f929f5e6014
SHA512 500e616b41ac04dc2c9ece079ff0a3c1baabad3e1933ccce512d98b430906186663742cae2102a80735e24aee170b516763eea4710eccae4ff1b7448539c762b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 5c3f5645bc4ead59edc1ec303ed560a8
SHA1 3814bab86d7c3a852d93482a742b56fd07d4584f
SHA256 877d2dfa964f1c30707ec993dcef32fa055123189bba5560270d95cca812b061
SHA512 2e7e4da6c6ea6476931d4df33f589adcc7d61d5917cb06825ba239c5bea5147ba9d6e6394661fdc4a972a9b7d1e1815572b6e420761eafd5e6f28c66df53a207

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9acf77de9ab2715037dfaebbbf5db41c
SHA1 0e77bea9e5cb2ce7db054e4a58818bce5821c26c
SHA256 91ff1eed71dedb8fa3dd1162186372917550887855cf70108424313ff3296870
SHA512 2b2aaa39e2302b8e4363ff2e58631efb9e91447b8edad2cc2d1fe5d63b9c8f33dd2761d8141e0a6d550fc4477ca8f363209c5911ac25bf1fe3df0ae2b71522f5

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 752c2ece5f6e934c38c85570cb659487
SHA1 d66d8d785b2bec9df381e78ca9c2d3b205b09ca9
SHA256 e26749c98c71ed349f2b6294290236ea31aae2ac5b1df5b9eda7275c8c90499b
SHA512 432b2b8254b3bd00d9ea4155742c0aa1b3fc7e7b0a9b555c364a4cbc94882d4dd8cccd64c5803ecaa3fe44ceb23f1b088bedf85dcebc3eaaf499f7dfbb13d767

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 5d9d3dac202df9e7ac09bf89b11e7304
SHA1 c9db89c82b3a333c320236bd92048dc62498720b
SHA256 531ed5eba3e2a349c7e5fbf27a50f4617602120b6dfb269b1a7573b52783ec68
SHA512 0aafa0c7c344d222100c15f0ec8d7a377c742e800376f0a382207505d8fe0a286606bb3b1bceaf70b5e75d28a1af59a32bda6dbc471efdbfa1b75c36acf9500a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 3f1e20331fc19802fe779b1641e65726
SHA1 2fa39fab75a0c92f88ea1d80bd98d6fb52fd3a3b
SHA256 3024d59a09b6cf96421c87fb2021f718fc41c66bab123eaeec43205b4e6cef76
SHA512 bfed123697e329a531fd0e679b4d2bc0559f77178ec5fde48c850fb3408473988db9b2d84802f1c1616d334ab3bcc4fc49bac8656f2fb8e00e58bf23eaf0e7bb

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 9bf18dc29e221eddd870de77d460e1ad
SHA1 9eea648c6a2e52a4b934163853eac509b72200c8
SHA256 97b6eb644d0b74c129aa220214516581db1ff4049b7f03009e6db1a6f22c19bb
SHA512 d85f46ec95c04de0a270b9f9a29039c847b360c7961b52f6517326c8d3f2da38fc4bdcd647fa492534bb6f74062b537c0797b1eaa6a3a4616a75de1f408a8785

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 fd074e8d95c94c6bd6146ea2023686b2
SHA1 98189b1a05933761710fd22732bddde1b26a2190
SHA256 96acc63275b3f0f7bfab5bef9ca04bdeeedaee2903dab2abe7008253dda4bf0e
SHA512 24d2a859e4a43b2ebd061c6b0b29936eaa936f376eb7584360043d68370daac2c7da9e38f65d0662f76e04d5abdb4c4e157eda9375fe0318fab606eb752e616f

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 00f34fe7721910666c9018a816ac1f60
SHA1 81a35bdc058600211bd80464724be6788ce0d477
SHA256 9defcdbe2072baca47c3e21bb1ef8554019dcc49d2d27436ce441713424dab83
SHA512 e2d5dd8b10715dad0282c9dafc3ab93fb521a16a1f8635e34a79a766b59d52e8ee698aa48a031760a4733df3e1b8c7e6bbc53767438aaede6bf05d6d6e70284e

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 c6361a202ccb560ce709d8f144583ac8
SHA1 7899a9a969af9a9856695b74598d0cd2d86d7356
SHA256 dd4d1673746a20799be2cb902bf6268d00609d30eb94d2174c9b358d1e5a8e26
SHA512 6456ff4962cb822ea6cbb8c082958300984d08df0d43d887a726736fa55a044b0b3c8845e74b2117c86b1e46911773259c0c2627edb14ab2388ac5d3cdd17a0d

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 dc5579cc30e7e9883c8d202fc58d443f
SHA1 a46af9a3457c39af6cd558c796d7239c276b9c80
SHA256 6a1b7fd1bc3195fc385fb81444deffba4ef264d2ef7c1a56f54d7149c05f1afe
SHA512 d782230a20ce05ab03599accc34eedf990b0ee2295a5792898aac0d69385190a46da3c4ef6c804afd18fa0f2adffb2cec17fe19bf044d7574abe8bd653e2a57a

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 96786b8784ff5511a17d3aef66a7e86a
SHA1 d04b04b729d758e316f59ed813e563d107a4af95
SHA256 36f98b18a25963588241fdd8976ce8f9a78e60a8403e7b0dcc82bf4b10129919
SHA512 c75c1ea265a23ce8edfad72ea8a3d5f650bea8809729886805819560130f75a046c5a0354bce2eb01cf8f3dada670d8dfd078bc70f3ccc1731fc950bf8cf99ef

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 ba8578214e0f9ce9fab9346d05b1f2b0
SHA1 bd82b966d3bea7898f611c9f503d4bcdaaf204f6
SHA256 5115c9e9551afc71e5355bf546a876728da30e9b64699a152f4fc4b43f97d856
SHA512 ef29e41a5abc46e8f9f05f3ef171eac2c0420f31e2f4fc7ea47b6a82da00d6563c9d827db1db8cd750013697fe0b055fcdd624dc9af1cd4ca08470428b86510d

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a52115879a10ae0d3cfde6c18fa6539a
SHA1 046a6155e45c9677c7539168a689bfcfb1be152b
SHA256 a266a149c988fcaf306174be45294c18699cd0ad23ef1ba610f0893c03e209e3
SHA512 5d7aa006c4f26f979741faacb5a52ca7116d5b09630cd55cda728b844b7fa4d11e3876c82aa891f0042ef9c6708457162755eb348fe67ef38f31a4ac1a6788e7

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 d57d53f3ff9e691738ceb1f3b255306e
SHA1 7d971d135badf2c600e41b9b87f771e064792886
SHA256 96bb4aa9d83d293a955158f604cfe2d499a6590a58cf0432805310d771584c8d
SHA512 23f3a9ab7cc8fd2a86b69dee0efc458b06dc7aa261ee79ea73fc423e5ae62c23931e0c78e056378b26a58a88d7bb695ebd955e97a609ce26af30c9385a1e230d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b0f9d9f8c368637401f6a37f2765e846
SHA1 0c8003ff82db1e5bd29de91a835c09615bb2779f
SHA256 e7dc5b11656104e537e2263e45778c217891d323b18405e38ca7af0017832197
SHA512 e98542bd4402e683bc10895af0d5ed7536ded404a95c2f398d26ae67d214e76cd6207cb93cb1f75369958ee5d64ddba58e180ef0bbd9a0dbfecb2b31aeb73d7e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 138407b8216d819b677456e1e673882f
SHA1 9de8eb0ea7ee6e9dfbae6ebab8063e65ea3ba4ae
SHA256 49adf64ca3ca7d92788ce289f850068650a5f35ab515195c163aa9572792b620
SHA512 1a791831979688d6a5847b04657e87327de7a25fab0d0876ee5b3120db27f9fed0327ea54c69d25ffa33132bc457ed7f520e6034c7901f6e38e5b757613f23c3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1e1dee6bed8fdafcb4a9d064379a0fd9
SHA1 32b4b03eac72f08ccff5c7632dcd3dbd855c854c
SHA256 d580044c80524ed77109d48f42feb6be61a46017c618cb43c363e98032c7dcb8
SHA512 007d11bcbb0721a3deadf5858f7aebc4dc347557a8552d5302d726c3a9c78586ad42603937d16fad7bdab216d75efb1c37f6e5faed93d4148655ae350669e789

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 a318719f5624e1bc11365af67b8bc9fe
SHA1 7d06d9582a692ef026535af8920563715517271f
SHA256 73bc6f83715016b05ae5165f58e5062bdee544dac8b62fa06b8709ba8b4c8c71
SHA512 c0d8d62ee2320b3c625ec1f38fb951c755533e3a6131ae516801875fe50e803d1ec7e01a7ef4337f74e4bd57a99b219d670c2d3fa34a32afbacade5cd3980732

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 70cfd191056f77d2f0f815809b3d3284
SHA1 425551ee80758da27bee86d86480ef600b138fae
SHA256 41787594dd32a5ca7f0465800b50c31f54f86298432b89dedb0a33baa3a64f6c
SHA512 a8f989468ce30da053fd231b126e378c96ccb3dbea60ceb26cf7e9e1b0668a1d45bad6286599a2865635c3f35edbee1c2874c2af585907fb05fd0a58a805c830

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 f6252a88887f736b2bddb9a8356f9781
SHA1 32a0cfa8201a713ad78a5f83989032b959ad3fbd
SHA256 feded0411c44d33fd6b80b088e9b6a5883d099205ce47a77d779c0a759baa6e6
SHA512 a4e119324ccfc218f350e091736b66029f567587e509a7f4d51b7234ce067d570ec824ae5168a33aaf6dc3a9a5b015ff85574b051d38decdd69cf69d1dc5e28b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 fe17c96f3261a2f41032f52428525335
SHA1 a814040fc9bdc2893117e13bdf8caf7b57fa40ac
SHA256 028a4999d2af11f270671532168532850ba50e837cc758be2d855150e1f40943
SHA512 eee4341944ead356249634353767c5e795e6827e5bb73d4d210c822921bf2107f74001e9292af775ab6b4e8271db5b8f25cca39a46484e4a13944f955335e27d

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 27ea6b1aef7fe182fd340486bedfe8d8
SHA1 f0ffbaa86ea78729bdeede0662bff8d5b891dee6
SHA256 4070e270c401a9118538a20d459977d9b0a98f8a5a4ca4bdf00440986dc50cb2
SHA512 471917f5639ab452babe15fd5a551bc2d305e8675a78b66a80a66e91f15b2131133d2410b0d39c857ef60a510b2e810425a10a9894366e1d246893a841e4ed6f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 9b1631bb3c0f19cfbfc384cd6361cd2c
SHA1 4a866f15404f33be17fa6a673ec511bdb8198c46
SHA256 99e8c39160c4c0576c9b0e7a78fffe181f9b4181bd9e1013e7063e958bfff7c9
SHA512 25db81b5fd6071b638518649cea9c8c8a990bec301c88ba87569888ab0b077af435f98e03ac0a3676014cc4f848e77a77f408ef932e0708d076578f55a011ce9

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 15fe616fabc5e1720ae39926f70602f4
SHA1 5c7b26d5c8663d151f7cd76ac042bedd333a24a0
SHA256 c698255a259492b13aac04464657fa30af6badeeefda0b6cf980fd97723793ca
SHA512 b9ec155d1cd4b331e8489c2025f54fa48601cfa28a782a8c3ecacc9496c40fd55c599609f715b90ed55fd0b3bd36a6e4421750f77c4f96af0ddc606fc6d81020

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 079cb768338e9c1f448f116c9a6b455b
SHA1 1eafb9197089c74dc90dbe3852a38f86afbb83be
SHA256 260750803dbe3e392d204b54e3598c21c388b6671c11ec05aef5ad2517ab9fe6
SHA512 a81c6c81861b1fbee3061886bb091b1016a5e192f7ca1b85007250026318cf5e44065e4639839219ce28db9f4913b5d9673280e54457d118c9419bce0fa5988a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0cfb2a2f3285e90836860a64d37b70d1
SHA1 dc634d798b8a902a0c9a68aa01db0029f9eca18e
SHA256 3c3f0c1402be32d03d286bbdcec1a190da9c5068873860328e183a3e9ed9fddc
SHA512 4114ac4ed5ed9720639144ea422323e0d5db4f16bf359d2b90c40b423f0ccc8c6e4515ae8e2f8574c5fa80cc0758b94b51c8073b7dc72c68cc3dcf4112598e55

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 dbb3e8f03a943684eb1bbe7fa1df7448
SHA1 9ef429fc9d971a67046d7530ebd5ec5533c93d52
SHA256 c0397b8d3bcd1fd39056698c43e823a876f62d4e4628334f1677439d488ad312
SHA512 11a9173e512e8b8bd7edb5cebde27204dec3a9b1dc89bae26611cd064f2bda6fd3b4064d483de613a72368635d3290a37d86a3350212e3e636fca1ab69b2fcd4

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 9917b39a7a39dc9f00a69708ee17009b
SHA1 14def347550875723815c6e1d87a944e3723908a
SHA256 97f3c33a437fd147a78d6799b8a71b1ff7fc1193f7f8508ca1bf3be0b4d79419
SHA512 a5d950e2e8c8492839522cd0d3d5f16d67857b15de6e34f34d3a4881190d5853317451c4091ff9d638e13f4e0b8a191564ef50671d28416321a43630a372b1b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 73ede960d08cf716f0ee41d3ca38bd38
SHA1 22883f1c9e91608fd08bad978794fb1de0a9d830
SHA256 2bc4a999054bc586aadfa9be51cd582d362a0e656f0f279cdf693343ff8a4755
SHA512 47b20630cfb0f77cd95ff1eb40ad989b18730786ad04352ee2357e80992bd277876d64fc6b9cf40a65011b319ad2462b3050156429d0cd4cf66cdffdf85387a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 621db7eb9e17bb3176409e3edd129fce
SHA1 6e4363c89e23e2923a2af4b0359440bfbd3fe621
SHA256 9b379867cb35c99e9469e58369a44268b400e7e7176a1b485e6c16e67f83be15
SHA512 dfb5e62f11bb444aba6a7112d484690dbbcfe345fcd978af7f22cca34a16cb8a93e7c7d5917ad496c5b8c6a241f0b8041bba3fc4e80ca046c987c045dacd80e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 ddaab9b480145a7e70f20eca6f09049a
SHA1 5a5456524eddecdfaa423bfd4a08aa05ba9ca616
SHA256 c75b677972651f46809aa94e203573bfe7e89d75c44b4ff1d6169e2a6a60f477
SHA512 b0fb465b0c52ad92fdd3ab73704b214a4fbd7c9f115cb243d5c0c0ef06cb4ab22958f90523c0e11e90f6947bca279f7dc30cf4573eb636d322408f5813db3625

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8a38a05db39202e75829a8d2abc2c366
SHA1 1cc8dc66ed064e1ac3d46377d3ea2fb3a9b36de6
SHA256 20ea9c8261ba28e4d22354ff7555f4d0b05e4d44fd96984cf5af7412402e7f54
SHA512 3275791d34a2fe460a0ce08ba769ae3d26eda05e8bae514f5814cd3145fe1d83bfde7a0e0c7dca116aa8c41d516e0adbfc48648b35c82062975b46bd6399d75a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 666712ad736796eca0ffcc05054482e4
SHA1 927638262b72ebd2f4a43742bd9dcd4b95ceed9e
SHA256 737bb9e83bfafd87a95c7a1928e96b7fb6a6dbebefb10f839af3c9e8d105dd0f
SHA512 c0c68ec3c827cd0f2afe83b339cb6f6ab47904526cbd51544b8886329db53ed54eda60276b9696d9458e8aff11db2cf50fceea7341109d5461207a12fa0642f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 7d1f7d506b6418ff5c409aa06db6f6ab
SHA1 a7d01959f44de7c02bcb693aa635dc21c941a740
SHA256 0716df05d300f2cdbe30a02425b35f4d52738a9677ef6fac63ecce93b211926e
SHA512 c7d92d1d79aba29877f55f6d7d7bb8488535b9e2538061705d45e52457f7713788dbcebe494d97c9e229e90cfcf28183541d33fd16f4ad710823f893b579669c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 0fb2f6a79eb8cf8dae36200898b5d2c4
SHA1 950d8d6ccca407ae55ffdcb621cf58345ee9f272
SHA256 dd1d1d079cf89e085d69c18d46d649a238520c9ab05dd6f6cee01a5508bbacf1
SHA512 da7c1d5b06fdd983ae0dbba7d9073e88ccfe7c226959fe9ea78e825324224a89a1cc1298e22cdb86242010d63a06a31da0ab7ef97440532b2230683cdc11d615

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b4a83320862a6f62ccfdc40afa7de730
SHA1 63ef7e63170f8e5f14a9985fa280bedc2fcd5f1c
SHA256 a22c80130aaace3e27103634f79f86363acf2b2f3149f15a6b0d8685c1200575
SHA512 e0b8cb10d65fdff59c1d03a71647868cf7dd5dc9fe7e9fb14e60fc395360b178b0a9b3ba1ac0b698f2adc221a690f37968f4a09aa608f43285cdea6003617572

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 a025e9eb38c3803e41b7c59089bad13b
SHA1 a37cda6bb255c59cef63233c5fd241a16030d3b2
SHA256 50097802c53e3bdc41e0275c297e27e37f209d788345316688507f3e6a0d72c5
SHA512 8284ea6b3d07125aeaf7d518292019f68e2185178203bd9a860633f3dc807ec46f32d91baa3fb0f688c0270a7d42e7a2d35497a7e7b288fb67ec8c99e4349753

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 b783f78bf4729ef6e61bd675881fd42e
SHA1 8c897bda2e495c7201452e1d268095a6aed90f70
SHA256 d8d0076a015f1f17390090c5cd85cf3ad957aec7584d38c55978c40860e55a7e
SHA512 798f8c62db83e553d10ec17caf7dd207a1f4b5dd10383c163ae53802ec072a488c2c08ece4bf1c7f68c21b4610b21411bd01f0d1ffc29980fae3d44bd6b85d2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 f1979325f82ca57614b548ebb66702b5
SHA1 8d248d45e6bb6f1ce3a4af7211a16a6cf47056df
SHA256 ba4f7384eabb5761d8d59ea70a5f3ad9e3985578725344dbe54664cb75633c32
SHA512 8d399e86c6fa7df8f77fc7be99e358e3a0c7cf0bc8f240156396e42febf38b7d65010b4a365667070bf3d867e23d9c9d563c47dd4c05a2da21be0b7d8db0dfcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 fba5362a6fc18a1d2db541df01858cdc
SHA1 c6bb568d229f21cea54f9616624c952c25047c4d
SHA256 782379e228cd7aa5ea7f3655d8fe59a56d984e2e9af2818d88930761231ae6d3
SHA512 72fec701380204be8978f94768869e54663f9ff83f7a751fdc77afe928f2121336a3a0016a9cecfc63145bf5ca39fd4d87296778e49a5e7d3949a16dd683ca2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 f53f98a6b276db1e5d316c3f833dee65
SHA1 a9323a34a8066efca318e3dcaa0e176b3faff877
SHA256 9e0437ef1e74a3867770b1fc1496ac853928a820165ab75856f5b3401c28ad22
SHA512 7ea09c21a1febc6a84ce64357e5afa83fdfbf5ba53196896b98fa6b58c65655111c44dc107c6985e6557e4825f9e4418111fbf4076b702551e6dcd7ac769dd50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 2b124d16663706370c30727aeb216694
SHA1 c3de55a435a2bd8e5a7427e81fef6cd7b3ba6dac
SHA256 fb73720ed747b06ac780c6a283a3b4cea9da966cc025da809faac56d66f47e8f
SHA512 16ba739729e1325940c7e519c003d3a1cffe43bdd7f83e21881fbded734cfbf1df5356364e171bbb49da2302823f9a170237e2e3c94d665b17dc9ac3d36b7e52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 ea5148cb1fe1508d4b577d8742b904de
SHA1 7d5671ea2032726518727ef93cf5363d05106d7c
SHA256 2712aa5f2d6dc63bb5f2d12546ebb1c00464d5d7d50f9561bb4689301c17baa3
SHA512 4592487ddb77a63327482e025088176f5266936abff27ad07a530b9da0baffe8343981416cad369d1acbc46b548c6b60b59033488b67338c9ab601b4ec2796f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 ae7a3a51a007cb420bcbd1e9a8166803
SHA1 c96447c079aeb28fe0e83b2b2a14957b97448359
SHA256 14d334b579e372a244e06d9ece661ae021c0d9ad8ed9386a02b3811c41619655
SHA512 5f7f9057ec82815d08f9cb155ac16674324906372fb211f46b4bcaa9881445d07e1171ee36bb788a4973fb931e68aace07f2e67efc7cfc1f17cddb9a25c9d759

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b7fdad16b7fe71b55192796c8e1384ab
SHA1 15bffa6ae394507808a2bb21004cd1c58fc85179
SHA256 716de0d46bcce5bf67e275281c1a044334cd2da3ec8ccfd1898bdf30dda9fd77
SHA512 d64c4fa7eed7475edf27997969c7836c543b0a415ea3636418e536fc771463710ced09c372cf1821c8889b74656fe6c605c408e7a4cb78eff484e28b6ea77200

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 f573aca788733a92cf10d2e0d6aef244
SHA1 3158fcbc1f538a0f0924e51f37db8fbd0722ba78
SHA256 65bfa3e848ef7a5e18b46136392b576aad34e9539fec1d1bf8392dbb8bb4215d
SHA512 49fe8c4acca4e8fd8922b0284570dcf9186395681be9024a7db9c146ec6f8006b6540c0a849f7d79bb04faff5b19dd2e42ab6e0110fb86e98efe1c26bc5e3223

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 8c5132d4c820fc675f47fb40c7940471
SHA1 1bdd293b950cd20a187d5f485b527fdb5d160df9
SHA256 659e6d81b7eab7ecb6583939055dc130d07cfbf71776b3b2e37df3d7fb0b27a1
SHA512 1a3d59a4b4647670d3d214ce2c9e98589b65c9aa5d44d01e8e554028f816e53f8138fcd4af3083aaa3bce81f52e17b80a0490d096911079f3693552a9ca17c6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 574c101f525eb6bba1d622ddbaf412f3
SHA1 29c585d09ba94f539e6d9b4bab5935b724647631
SHA256 9346194b21ffc4fe3f813e9e1f0d9d9b1360fcfd67297ef24e5641d76b428efd
SHA512 d966cd4ec0fe053692f40adc11a08dc0dcde49e9accce6bde36303ae82d6d7e2cda6eba0d0793585799c422be2ec89f1d3b83c5bc3b95f19861ed8ee74fff0b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 ec6c11c10daaf091ac456bbe899f45d9
SHA1 ab6c3025bbc514296627f8069fca2062da7f7a05
SHA256 088851acf13c59f065dadee33db05a16343747b3314c186411f41b1f2146f579
SHA512 07d7cc41354d04a2fd5da53b71b6aed66258d5934a10694e5c641d2998658ba9f1b5c59df4ef9d0619e7ba6a9980929c480c38b6aca2784501d7136fe414b757

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 cbe66a107c4f5b1598896dd752756726
SHA1 ffd96ffe2a83bbf44b96428698c9f5e106368201
SHA256 182cd52e5d79e6f17f72f654e084f5470a08b07c3617e8d78e009c4f5356e11b
SHA512 b490f9850bbadaabb62c4f0dce916ecc36d1d43fb647f6dbbbd289ee4bd369fc2fb4bffe3d49cdc6d9ae6317eddcfb47593e8fa2c7053828b9e27f13f11767cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a8baa0de0d7d3ea6c1d457f96c2ecf25
SHA1 e2b261bb6505613fa8d2c1d0bfcf201fbfe8e226
SHA256 17080ba270a91211380542825cb580ea6fa85df0c12c2ca780909e7a3adb3dcf
SHA512 bec6cdcd3754657e1f8a6d1061e5d862448870695534c5750a5ea1279b2d5072a42c173a0d6300b1587cccebcd57e601e0f16f66c480de0176ae2c580198bce2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 9c5c8c8276fc43bcec6f108511713023
SHA1 23576bd8aa114b6cd3a5f1884ec97c9b708812fd
SHA256 20bce6ab4f89bd711c539926fc9b0f3bdc0cda0fc83807eb251dbb25de1d4e49
SHA512 148f350dda5173d377817abfd7a06173226b2af01d494c79f84872a7e618e9418ca72398e4e887f38ff81ea2e112ab0a7035877c40120ae7f356f59b38647bf5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 7a4d4d778a4450f42856bb8f6fad7905
SHA1 adb71b3f2a9d2231786a0f3946e82ff851e8599b
SHA256 a553bedfc77532c3e287ef80fd07d9bc61c250f0667ec08da2bb0d2f844fbe5f
SHA512 9456852e372958273e3e298c0f0be136e69363abd47e84449c131f9c223fc48231634e5c737e99d73fcc9675742f24caee86cb4f9171c76db14947e3e9c7ba0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 9a630d22886b1c93d46f58b11b2258cb
SHA1 4be67016d3bd01194ff5373935a87e628dfa3d81
SHA256 333bc1ed5c9c2aaf9164a5968acfa97288abcc1637881c41dec79376c5a1a236
SHA512 4833455e6b93b3ea17b2b19fb1e480c41ce42f20cb6ef8a8aef6953830cca7f891c4fd802caf7ae629b6000799852a1f949b84f62406106071c4be2aa74e738e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 aa05e43536583fb6c01e20cd6fd6d5b9
SHA1 e66b2fa81e3f0b5ee85e95db0fd614a88e1e02f1
SHA256 b553752c9bba4bdb9dd7169dd7b33cd1d5428ab7752dd9c4eef52eeec036c58c
SHA512 e5964aaddfe5090a065d01819f39d7c04a5f5e9031acd017418f86ad7e5e136175f9e3a56079f3f2f4b17958296159e40310916da5eece402ca688de0a384e47

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 a9ea5659633f8b4456e7bd22d37f2ed0
SHA1 7419fb94be34db8bf647d260f954d75b21ace5dc
SHA256 fe4db024d66c5ff76977bece96d102b8eeb46c167c18ae1a152a3c5efd47dab5
SHA512 ead78263f57cdd5ead99272f04cd14c7f8891820e5c5b46513cc0517e486a8c0ab73928b0f673e135002464031d5a7bfc148ae8e69611226c9ebb4abced7f78a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 f9dad82317ee14787c24b091d1e30ea5
SHA1 dc64594d9932e90a00376d962a5245278f839305
SHA256 9ed5c718494571413840ff0ce92b916aa5b053963d5927899eef78d595e3118b
SHA512 1558adcc13a7315eaa79484a89aae3569f6c69718e5f016a4b97bf7cc978df58c149ce1e606957c5a005c059e3a97c542db5c3ab227db05a64a33e3b1e68964b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 aaac3a79353b66b961e3236a02ea76da
SHA1 4e0d35a2e2be9fef3ea89df100d352a3880534b7
SHA256 4c9fa3975d98e8ce46254d39a9a3df78a00c880d84042fa8424850065106741f
SHA512 0118df7c71063cad0af0809631f8a017cbb0d6c069382d0648285194a6dd02b71a86985829466c1b3835b37b408a141d4461e928ae5cf1c88e582236d1d1aaff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 5328b46c963261e01c10f616efa812a2
SHA1 24658bd82fd90f4376f262a61e2715ca5e90a8fd
SHA256 6d8687f0d16bab49bb50ced48397e2ebfb188238bf6a44e1ea6a8766fd05d0a8
SHA512 f5972c602498df3f23d509995a5cf4ae3f9b41e088e76f2a8b4aff53b99e8d1a1fa41ba76cc01cb76e0ee3a4a56944b4936bfc689a49ca5dd65b183a748bb0a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9456610becc3cddd0b988afd05aa12f0
SHA1 6f406f25ea0f78dda8370b40d5c4e7027958b1f2
SHA256 46de5d2d67bde78496f60842dd9604054a9b734174ba506cc51c4ce26b75f3b1
SHA512 57906dbe3bcb8ca795093eed57803d5bca87cd165d38603c8449220e9c0b151c0ed5f7067b0b11433092aa0b32f252f4819efd78816f687331475adfe9ceb1f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 421e8a9522c7750ae63b8a0d1b21610d
SHA1 0d222ad80e32c2f5687702c09d8ff68a2ed82888
SHA256 25a46af726e106d40c3ec278f4ab61e53e0223400065c02fe455e29ac01c1fcd
SHA512 d5ce1062eb513f78cc2dcf4357d7ba577e0926eb948c9f7cfb7620dfa6dac5a9ddb2d8d1cf77fa510e42fc9eeaeb42486557449684ff12a4736bc598d77c1b31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 d0bbd06a98beaa15430dc5218b20456d
SHA1 3006348960315a9541e63a527c5f024a83c05468
SHA256 a6b8f0b79d0a6e5c50c638c42c8340970630520b04a1dad83fd43e57e393708d
SHA512 49afb8150234afcabb180409bf86f48075109aafb57a97d1124523a759c4c5990cfb781ce7d67eda026c014c7eb0cd5b7343c3e52c57481f42fdd98be7772353

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 640e8847c20cf18b6be5e171af22820b
SHA1 4ab8b1384cbd84c73dd7f31a04c38b666d23be62
SHA256 e737c38aa837da1defd831c4a267f4686156bb6b1214b0be1e3ea1e341cab77b
SHA512 750c1395cd90b5ff3ea15e53f7545c20889cd83a86843f14370c80479530cd0d428315916dcad4d5f41151ca852962a83700165e92b7f973f36e21ebc718989a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 56aa73f128fb5f1154dbf4a97f68ecb9
SHA1 8feb354da97a1c3e4f04088ffed0a45e22adb6d2
SHA256 3a3251b48a13c40b70c883ad44f44d1a388484b692d242f76f52620f11746825
SHA512 f5f87bbf1110a142c5f1acc4276bd61ad5090e2173fadefa1a10668972ea77684b5b7a2120eeca29960dccd67cf86ac11591e092859d84ca81faf09e6e19942f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 e15c4de7a11923bfa3407e75b5919032
SHA1 2352fb4d63eb2e98a0e0c0baffe949b77518314d
SHA256 61d3bb81a4668d1c71609920b37b26a84ae730dd6b0ec8ad337277e89236bc4c
SHA512 7666baac411c949f516763de5166cb5e93883887df0970c73e9a44b65d464bb1140b72445f3fb453d8b40ca4d1895679fcb0fd380d8d1926ad3473e412c78130

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 42cfa74db227829ce3b5b270188a5ed4
SHA1 0aac5e5b403a57ef1e55a83c9bd02d56403135c8
SHA256 70ba8e5477cfecbd6a04b410ad6256eb689517455b7f7f95e8c1c0d74a853258
SHA512 15ff75a3d4b22974c7cdf1683d96dcb934f9f89841230946f0f1215feb00b6f36d8155fe41d0268c4be7fb801a7ca07c3563e725a548a0504feace053c59ee68

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

MD5 8d0b226ae042fd7fdb8290bc2392eff5
SHA1 c95e467422994d6d206466b42946e43456b83801
SHA256 0556750970591de0d61580f290dea99fe21c8733b197e09df9e1bb6d2ecae366
SHA512 0a86ce12e0da082295dfe0e3f18b5d1688adbf73954875aafea8b636407b30de0b3616a36377e336e23b80fc06a8b0436105f50c67024c239bad8818a02c0b39

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 d1423e858213e77b0b4d4b29a369ff3f
SHA1 01e6ba2675470b27f976c633fd6b607e62c31dd4
SHA256 9d98caa1daed872d49d895de854963b95d2bcbdda4a204495e31520f2d40ec7a
SHA512 c5e29127bd2bb3888d111bafbc8362e221cd17b3b702625da4e05f2f6211d5d39c64d162bcab1192ef1d07401a4c83fec34c0ae10048555a762a51079bae7d77

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 60c64a62dfd242e8f031cadf3ba1dca8
SHA1 1040f5a9db159cfb8f4050ca27c443cb8933da17
SHA256 457672e5da422d62f1a3e95b27e8339a4368ceee3292d994e3b6f1cacbb70af4
SHA512 7cb29e5852c1d8ef5aace619971c5d35d4d01e6e4e1c722a1c52ad8e55f129ef90864b92ac7f889b487a81ba1ef4c17ce8185cece71d6d85b39a000e359ce799

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 1239f47f1b1184e43ba1d5a1300298fd
SHA1 738054386eff6da70a0942671132b78f277b0334
SHA256 e3b557148b6d1a87677017cf9b3e7c6c93c986c9b87cfc1baaa459dfb2368818
SHA512 ad2725efd6a65e7fcf463576fe968260a7cb82537494ba25b5628d2e8d7df606c0afb6188863615cd9f60601a72a58798f422628080e70a673ad7c9718c3ae10

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 dfcad896e83f3067774f60ead5f46bd8
SHA1 f49ee703295b5a2529ee5e3ce8379333b331c7bc
SHA256 be010eda44ac16f92d445115bdfb77862676ccc391a134364eb94e1fc1891c52
SHA512 1e161feeebfc3926fbaee8fccfe8d7f1c8307dbe587c38898e96b19e47364b2197c0c8ee310c565d06dd6b06d2b2cbf9ab2d01d9106f11a5b3a3684cbefcc468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 52a4e3bbe2160a0aa8b12ccd12e8e679
SHA1 800cb044c67ab867f932496a1232b0bcf02d401f
SHA256 e8771c4c1f497ee7a4856512faac7ddcd263c30a7515306e29a500f45a5bd79f
SHA512 fb6e8b191abfcac23487fe472cc983a93820604087995d0c75fa8ef0fb47e3c772d840279dfd2195f24baf32af28a203c72ad2dc1ac043a696c27461b6475133

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 af8d882a99afae5eca7ef6735feaf64e
SHA1 0c9eed2ffbcdaf3f0fed6f940fe64eb6895408a4
SHA256 c4ea52a669fe12444917ede5a1e21e6eb70a191a5bfdcc495ff2d943f16bfa33
SHA512 3adff34ed64853360b616cf5d671404a7ffc983c9545740eefa5d01b6a1dfeb44151710a5377fa60511bcbddcc3007cc91dfd1ca4818ad745f5d9b17793643cd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7d940da3823726278e772a3ae64b2d58
SHA1 46a6ce845231a68b42fd0735224c9e96225c8020
SHA256 ec2459f48c9773c509565bad9a30c493b7262902aac6fd757d49ad91abc68a8a
SHA512 02b615ac343e4bff2bbf0700c03168ca931dd45f48675cf9691b345d1b44816d6539d67aeaa27cfa8e70429478d47da9592de9eb1d4a2e9f1df68bb4100177e9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 158156dbceffd0b971b55fa7e84e2351
SHA1 e5c3f6bfa703bd6926009d58de63a260af240005
SHA256 c4d1b08183f2d06925240dc37ee54e57b27d572ee65349e55a68da39121b2c60
SHA512 7c0d11acff4398032fda677a0e98e2bf7d4f3afa8fda656bc941941e17e0e74fa5ab8a725514e9506cfc1ba8592dd50ad4de9e6fcd2ea389de45613c27464253

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51720d2b6bc848fa1ab8ea4be99080fd
SHA1 6672c015e9f95d28eaf4e235d5607ad694846da5
SHA256 12eee2e0439287dcf8cfdc35d922d512e35abaabecfd9f5044e3799a6f96eb37
SHA512 89f8fe929dcd0d43e666445f7694818cff559d5027ca7d5e9a0abef14d76fd6da73450698e6ed4b26ebf28266e2f5bc19b3d185e0693fdd32835810f156df37e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 43e0457a8180d7dea551fe50670c29b9
SHA1 2b78ecb2a328fd502e87418724a8623a3a8da6a3
SHA256 cfabcc78d654639412b904aa10484e6ca3f5888fbf9924be922c345bcf05c887
SHA512 30b851a113348cc86b3dff87a9759cd57c40b349fa30b2eee63333e12575b228c2f83625bc6b7b0ab931abffa12861ccd7082f0e78607b3497072a2fc6e7b20a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 913515b81711db96edd0ef5ad4c7c9eb
SHA1 ce81e070c17a81071b529751acaada0ce59276c1
SHA256 31ab08e1989de0122bc1ba014d288a68fc1212798eca99a0a4738a9d0b13dc13
SHA512 f338a88c70e126e4619503898856a7ace07ffa9466729c8c7a3ae20b5ccf70388e106a42e95f7c0fca9b94b14c5b4fb552f408ca12175761d5d5a04dd047a8db

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7b4ac7fd4fee562df4c02dc5152e1dd2
SHA1 2e82538747444d1bafba4cf039ca3917e690828a
SHA256 78ccad2aeeec180629bdf97aede7895a1455f1cbd4f4a4d41b2d9e682c585591
SHA512 76c726426c0432bf1a552c6d5a22f5a3401f0a1dfe197fed681ed47a0e5afc2041b1741e123844777e3fa1a5aae80467f8765ae8d6e2df7e00d1494e321ce176

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 38d91d70b6af1387fd251762a5099de2
SHA1 4df70ce20abe6e2eff62ec70403d3047585779da
SHA256 7072940b5d76d2bae2b5c6ff6e156ae9c6145ae453a13100da0627d4fb75d790
SHA512 c8464d31e5fb63a1e8f87524c8cc65ebcf6e9f89a7663d85937e8927a1871e7b87feb51452bf999f899728c3abb8e2de2404de2b98cbc4fbc747cca80d2d690c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 5422aadba7876d847e335a6eda668699
SHA1 c9b80ff7ff8a8d61f9df15dfd1cb47eaea2b0a6b
SHA256 362fc007bde371124a9ba08473447426d2235dd06fafd146e42d08b753dca67d
SHA512 1628f61a5c40debbf659f2abc3fc8ebf5bf713bf54f027946deaa83de04e26bcb0a131951797183db7de6243cd50aeb73926a642e2518888053173b637272f33

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5faca8159028ac4836654c636c9c79f2
SHA1 0e1fdaccf8667e5967d5327320cd002d7d604e12
SHA256 456cdc2046e09ab597a94579832b2884fa2993efc451a7609ad1f68015238b4f
SHA512 ad723f46d4d9142a110e071d4e2aaeeb09661122549876f99ed888522c0a84f629958d30e710968bf8bdc405cca4afd5c561e9a15fc67730d71ad3c6bb52107b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 5db483d4fd109aab73d9760a43c9abf7
SHA1 50f274b7671660b1749989f7d8d331ed2ebcd824
SHA256 67cf7595af9929ef87eb22d8fdfb82a725ed946c13958d47db12251730e23dd1
SHA512 190f14bcefd4462e60ae28ee8df421a6b5d3124b87903f801479a298d1b2d2abd318907ef132c020c662048cddd6e181487635aa701f649bc2d1d5b1f32ac1a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 2e9b16ffefb1c8c3968e7fe355fa293a
SHA1 a369a5f33bf662cd5f8ffc07887e8d34c441082c
SHA256 a329e4d0103263ddc12c1d3fd93ada6421e6105003d79167059936c11a0d40df
SHA512 8ddeb31d19b498f91a7ea064901bf93c7f6c33012770db44e5bca21026b8ab27e610ba4009b06e18c8c5f4cc5813692310d6c692686662792fe1c8cc389a03ec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b5a221105d3df67386f7e70b7446da4f
SHA1 0276519d02e1fd906b2210f847ae238d7eadb125
SHA256 b773fade044902cafb97a044c7d21d6ecb6ec6ba8a63196bfcc4b744a552972a
SHA512 50f236fcac3c57de909518886df97a09d3f8186492c561fe6842e21efb3ff9c1a95942d35a88465ee38e63f7ea9f3852e426133bb4f942ab7e87850dcb9ac448

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3d1678cb420208ade9f78414dec92199
SHA1 547a4296d4fd70c75bbaefd63aaa57682425ab4f
SHA256 7515b8d4df81d0b9686f354ffdfe9f4d5205354c7e92a6e0320f167ba00b28d2
SHA512 19f13836934410d0dc4b43867fb0954112b31bcf7317def2c3cc281bfd58c147443811ce692a7d6200e7404e80569c1970c49a027debf32123973f2e3d85ba2e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b765120006816f8ca29c34c97ad563e3
SHA1 b369d6e3b6a48e030cc39935bff6c12c4c5f4f3d
SHA256 7a682def87593a1f16d23b5465f24748e09b7334defb2549db60e95784faa376
SHA512 c5890084a877f6bd379fcbd8919be2d23f09b46b0364a5e8f283d7d75dac06df72ee79d34980098c2d0e39f41b10c523cc0e9cd51c7229631202fd2209b81c7b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 a3cc27413ef7e9f8d815d4497182b766
SHA1 496843636e993e8f208f4d6bef3b345080f9a661
SHA256 55be463151c31a2f0d8aa1571f2e00ac404d3725bd7e56f49415c1f123c0777e
SHA512 a1a3f67c7ef37195afe71653dce402d2cfeb1728f7e9736b48e7e6ff6d2c6086b3dee09d0a6ce57f8fc8cfa89de18edf435bedb1c2c827e614460ec26a60d824

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 d99f46d7931af6f448ce4620b6a376a4
SHA1 4cf6c0d000d74fc67297efe75a3de541e461a15f
SHA256 c4656a914ea43d132b16d8c176d8fa4646cba56c5920b0751e8b58a5ecdc308e
SHA512 d1730169b7a8bf3d0ca34ca4ca8b84e92dd69d10c58dabbef90a968e7fbdd30e5b6bef8caf8ae6652734114c836da553f8ddf0fa8ce2466ae40efebb9f16f0e7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 65830bacde136935942585651e42ee51
SHA1 ad8219c7b5133b2b1d6514d7dc5bc884783f1677
SHA256 79bfb624f520d17c47c92652342f70453ffe8226a655d7534a37970b876eb397
SHA512 26a157fd14aa27db611772989e9351da42bd5e36c6519cbeb90f87a7a143a4f1148b47ffbbc76958348fe35da4cc200ba01ef86d713f99d8885ba463cf0ccf0a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 f13c815dbc788f0974d6e51c6b2a3317
SHA1 c740d32cefa8eefc9f4db4ea4825e67be33ef287
SHA256 afd989d19348f3977b4cbb3a80ed07dbad863f17c64a2abdbf3f729bd0a67d40
SHA512 65e08a755e17a21b61d8e173ce4f0962e67de5de0274d6d3b19ea4998333cdf3f6e73fb97f807b35da6d8071530fea6bf04eede60874576ee4509312fcdd7711

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 adb0b341771c5aa233e7891482426d4e
SHA1 0a34b2aa4bd2939e4c6e3998caf3cd8ee03140c3
SHA256 7b8ce5355f179aaa143b073febcfb66d6d856b85c40257ba646c522dd7a501b8
SHA512 778e905a7636174d3a3e9856c9f4e67b5c772005bc8443ec7c5c7b8400926dc09f7625fcdfbf91aa727a720617d570765fb69ccafaa435606f830c321093881f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 513f792b381951289f0e486ab83820cf
SHA1 faa27f00c24b468f7cb8427149902960a3f1f37b
SHA256 dabcd2e9a60f0ee28415f0d4c88d6a8b0e8b528b8d6fa3220193bee6ad0cf7cd
SHA512 98cda17e3d1f3c07dc878ead52fa2a6aca0fa7a974aca1206e22cdcb1d4065fa27493d2e57676d91c2793e7a51a4944debd45db14823c2a672b0b4da0858f716

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ed8c6e26e55a4eefb6df6add2c6d1251
SHA1 7bbfed9d289788dc576dfe97dfe787ef0983a2dc
SHA256 ac8ca67e424ab12eae7de07610a4505af8831f1b7478c52be78a338bafadd2bb
SHA512 49fd040a8410f9d83e022162f6f8180d6e1663d97a506da47d5d1d55c628ca3f67da3315f5ce466b954f4e82aa1ef9bc57703758edccbd361d21f14b67439d64

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 8749db376498081e7d4a9caa5177ad9e
SHA1 cf3c7aedf440f6e62f9eaf0048c7663fbc9b4ed8
SHA256 6730f60405dd37bdb2b5b4611eabade345cb536015e95e577aac978613a06ff1
SHA512 057abc509eab54fc1ea0aff1c4c30ba987421c8dc5d90c92e2660ac2346d8c784cb693cfbb4718b611da80633a7082643d95f2d7a07371fb69e2d01dd964150a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 725196c54bc39494497c46a099d015e1
SHA1 868aef5e107d96493909c486fe076d60b07a445c
SHA256 df876a7e393665b054c32b3090a22f71b122879a770a83075a0af0ee935f1b8e
SHA512 bbfc52748ec88170c28c013388ed09820da28ce4243c194fd51ba20ef05ea6429eccc1c72cb5b1338d3958b8dcb0216768bd7eb6078edbe9352fa7c784437476

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 eb2c5c1fa641a0c2ff60b20105f0ff53
SHA1 d8d56ca4e46eb494b57c023e33cc33d351aa088b
SHA256 993e45a22940aee5b4a91841b2d3bf2469338bc79830249d17d57014788725b7
SHA512 628cc49bc7cb2977b3e133beabd05704cd0f8d4c21fddf7de3b5e6094571192f710debee434d1c429ea32b4ec17de052a546135f5f8a4fadce8e82e8ca716797

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 675ecd41a0ba3f1a4c67e2670dd6812d
SHA1 fa9b7d89cfbe789bb1ae38609d8c51c5e93de08c
SHA256 2bc652bddffbb43ca8629427c433e9c5da3bdd62006aa23ec031a406bf4071e8
SHA512 989c9326ebaadf11e0b38bccb0b999fbbab29f6ebabbfbb453b7b9859b7e3f2e3f6a1b0432f1b3abbe055608d7a11414b7a69a4b26ae655f0a91ea7ab4d6fb5d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 ed83a80e05770fa41d645d1d1e2e132c
SHA1 68f9b65727b031df4d815630d4d70d78789f2839
SHA256 f4c590fc73c91200bdfe7f174be41bb38b9b5030a905789ea4749eda7c89c021
SHA512 674218f399568c9f83d75e4f54f46a62f1214fecfd00448a70f830e45e9d37b4f9ac843952ce9f1d2cc89b74f27cb90656569026285362790c9bf985f3074a12

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f73e17a249eab3dbd9a86a1e4669108e
SHA1 04e59a40b1ad8baae32df63899420675173bc212
SHA256 a375607df5c42d7f6a8d4ebde835b8d6e22b0529f5ecafd46ddd362f0f487b44
SHA512 1adfd75f4cac350a895971a84a18d61f7455c4fac8a6b1a3e3d5cf2a69af085445f105ccf078e32d0d261402aab26b84de0a63bf316634a5ab326f2369a76898

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 170226333e21508d0c0099f4b1ce27ce
SHA1 a152bab30e8b6c740849cf19982cc4d3087ccf6a
SHA256 9a96504d1382560e72bf9d5682df0610b39e39aa1e7095a4788865121e4e652d
SHA512 2250958ef8d3105292ac4d39215a97149c770028f31bd46cee2b0abfc350076f87fc50c2c116968f3a3e83dd79eafdd2d77e1dc056a6724906629043c1d03802

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 ab143949c52b175a6fcdebba2a1769de
SHA1 cd5d442633019d2bc16663b8fffecb566f8a8e5f
SHA256 948ca8c2af322b4c1e049f8306867f8bae4fe88278e56fa061a633531d31460d
SHA512 d314741b03d952000e37aac55ae55815d83290c304d51ff34466995a71e7043171ca435dc215d5f0f5e260b5be9e2675efd6cc501afb6515aa1ed8a509008b2d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 e54c08e7e93b1667537fad527df08913
SHA1 17bb3105d5face32dd82d84233d9a2e59116f6cd
SHA256 337dcb770c9ffd901407ed085540d6f90413cb9a50eac8b3532a6895a511f802
SHA512 56e7a2812f30692a4f555ab55b23429ecd9ef0cd959e09cb11535e2786766cde1d71107395a5623199f362196278606e9fe8f1c4ac18418f22725e46fde28831

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 822da79b8c5620df730d90d2eb8f3c69
SHA1 c82e2aad59ea1cddf03f1007f243b823db473939
SHA256 c422394207090fa9df0ee635fb508ff7d3a2ee5478b26c3bf06ee489dbded6d5
SHA512 f0ecb4bdfe791e674c6007ac76f2c40e9777f4ccab7d3109566c2ddb9a03658c17262062fd900a98b1124b4ccdfe23645dea76eb6c7e162f35c3ddd05766cdb6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 deca5329d38cb7f6b558b1adfaf7ece1
SHA1 f1c3db7558734571632407958da0993b30a71fa4
SHA256 892410b926925dcb1007c5de4d20944c94bbc77e98fa3fe26e9f7e6b3e31e457
SHA512 84c8cb67914a77025a50ae9e833d5d4def0fe223ee7004bbb117233ef1f1902ebb6de79231102a16b47c22ad505c04c4ca6c6e420873b62b8c1148ba21c5c6df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 1393ddff7e3fd4b13fc515013da8fc73
SHA1 b9a463c6975f602fd140835e409cadc3b16b17ea
SHA256 b2e666578e9b9b9c07cae5a3bb838c46168b2c3d10c3a4b19e7ed9c07fe45e75
SHA512 456eaf2268c94fec4f03ab5339e51fb08349bada969ea9b7872ae380d857ae2f8c60a940ba354c1e9e92344d73d9d33ce278d6837ccd3adc779d191cea7df04f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 b1024bc5a9404d7200cf59e28045b955
SHA1 ca5fbae7187fd02ef9844e5f88b56a083b59be4b
SHA256 0c7fdab0a44597fcdff5902b52b1e9f8c5adf05cdf5cbe1eddd0f45790ce5200
SHA512 5dc2cd19884e4f0334844221e313355bb5ae20016a025e5b14c1c11f0eef95369d72adb2a502ea0c48ba2e23858764dd5866fac22da2dff872f72761c9544fb5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 9bbd3c6afd94aa78834be0fdc6c13ac5
SHA1 e86009eed084a96b829c82fc8bbc8264d41a0773
SHA256 c40b26241ba41802a614e2ff3d8043051a33c17449c935554ef66492571055e1
SHA512 644711104b6402e0a1433f03527ec2f0667ebdae0780ee1b99685bee54bc4c86e26738c301b4d3b735d73843ce1e7fbf4bacc44fa26de3bd5f1f5de859a84fc6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 d3fb71e6c4724bac477a469d29af48f3
SHA1 a5c0110db0a580020f1fad45f056d1c55c1df6d1
SHA256 49b2aefe80e461694073c62317050cdeea84ccf6d651c3006c45f7d56122b371
SHA512 bfd61da8b75d835abe8fd82426a190489be4a373a2e1e511e18a92887ff30d7b317acb92b168abb541900e6afd718a53e2dbbc2f75f2b8b5bbe6734c5676d983

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 420fb0e69b3df197c04f9f0032d44e81
SHA1 e7cbe33372582f2a2fae1e8cc33e66e1c4029c78
SHA256 82215bbe2d1e612016c3a806219a41a1017ef30ddc0970c8ca57dcafafbd5368
SHA512 0a887f81b208f43e0feed12ba84975aebf89bc561794c6be1e06fc72bde85a3aefff71d5af585f60adc9f5dce2cb3f8bd4079931d10bc575a0aae40f1da35729

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 4e72f2a4b5c023f97284b5db59138a71
SHA1 3a6aad2bf73485116adf47707bba20c4868cd84a
SHA256 b41c1e1d7a875b75135f92159893c9cdbea43538eafe052ae4d562deed0a0784
SHA512 2cbcadbe33715a2b96cac9ead2e6129bd74387686b927cfbc3e1b30a928e17b07819905e5cb47fea2b876c864af728b7e473983394631e870b8f5b5d873e8b97

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 682b09141294e1509001e31d8cb4b8c7
SHA1 4eb7482f4193521822ffbbe5792e76527411e373
SHA256 91a0fe22b75924d385b4db1b8e456eac0cd274b32de5ce7ce9a0ef67ce40f90a
SHA512 ade4b8f74db8bc7d691378f47a0867191b841b0e7f0d920bb9815721f09e9f97401a7e06549a2536cbb7eda90a340756838d4c1b39486a5cb97793ba3512f489

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 93a9805f3b131be93941974ca0f3981e
SHA1 9e1f731b61a48fd975662ea40c53ef677f89f636
SHA256 e7589a38ce68609d4232d0fc71e1fb3e0bfab1e098a9590e711babc47950a614
SHA512 d3aeac45769339e10f3541d238fb51b369fdf866616e8b38652a9976a766aa8ab5995384415a5a0b7d60b740f095abf698b2907231bea62c64d667c46bb4ce61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b5a698ff4d3f0c0e00a6ced5839ecfc8
SHA1 9cbe419924a7144d0241f19418b8a2e06aecc258
SHA256 614f9adffbe562dfe6183ddf2be5a46b12fc96669e2809da85b9b883fa883a9f
SHA512 36fbff71a855a1598aae00d21c97178f08f39402971d1fc335d492657f956119bdfe9b27c807a83cab6d9465e6a9cf7d834d7f2b17852b0c1b049c0276aca238

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 ff27081e865b9fd30f8fde75b9cbaab0
SHA1 980111f9241d8c853fed21b929972450dfda7b03
SHA256 521c8b3c1df4632675a13f9b72ec12af332fa530c23f70e9e95b01658b757de0
SHA512 8e27350ff15d89a44714539c7bf23a9eef263f02d0b727c2c2979af574b44e6e2bcc2ba4351e780bdaad6a988a13b666d09d725eea59f65a17f7c5c85aaac696

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 d784dfc15df0607a8dbab51907a65330
SHA1 94a40258e2cfaa7e2e5f8d65007e65cb3abf0640
SHA256 7a63370716467fd06a241288fb2c0bc4874ca50eea19a51f3fbb6c44fcba0385
SHA512 70e8a7eac44bb8685f65e944f40cbd21880b1169b9fddfa4c421d72a664c93d57deb2e48d0acb577fa5f756b6ea53b921eb607f007f3b8f861a3e27b54a3a619

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4fcb3ad95d809c10ab14ba2de5ea07be
SHA1 0313bbad5ff4321a1a4fc4339716eb2695d0ede2
SHA256 ee03c654033003c2b6da22971fb44acae999a4ab6d0fbf1510ee9faecdb8a9c5
SHA512 afd8096319570a98e127ecc6f8dda278933a6c77882bf2744c34558363ad8a78be8efb9d2b5ced80e49e289be253c86e89d09d2ef9541807e95ab8576c264ae9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 c3483c699b3547b8c31e1ea37cb34217
SHA1 3e1266d01b3dfdad612fcb7ad357fa79b374535b
SHA256 b751c3c2c7a952e6c3f6d8f1b0d2b918d41032b32574323be6a3ef8b1684a575
SHA512 0ca3b9e6de05ad29bc39c1e1aee25e54f96114eac363a6aac96711f4fe8e5ad3e5ac892e6adb5301301b94865c9708374fcc38dd63725f4125bf087896301bf5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 741226c4366fe8ed179077bb9bf5b133
SHA1 f0c40f53d412f6463a3eaa7dd227b1210207c951
SHA256 e1421d8bac7910e68fe60ba10d769ac3c277394ce6dec74e38d604b4c210c567
SHA512 e3229f8d0bcaf419fc9f462cc69b26d6959a9d7e2cbd5fe6edba1419f77db7a37bb9b762af24fd3c0953302d7033b5e63ed6a31a6558abaf14b6cdb84b851b50

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d99daadf70a4a4d1fde3ad41ba594d6a
SHA1 40bd6694807fb0646b982c4e91ed4ace0409b90b
SHA256 14c5394d6c6978350fad76c7e8e46655b20219973a5e413b683be19d9260e5e1
SHA512 2dc1d3b9bec97793b90c4e65098ce7868b98727a9f9a2db3e42c405491fdc28074005de5f8c1c26bf74587126e922db6e1473663ea7f8d6a4dab671d4fa8a1eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 369e88930e09b7013894547788908545
SHA1 225c3036742f8bea145ba32fa21c8988d4a496d9
SHA256 8272f004140f05701f043a22227d3e6b666900b092ef55b069d2e399d14d86a4
SHA512 21481c73eba90b677b82bd49291d70c27eaa1d8d261fdaf6d032f9e1ca9b6579ff644c9482ecd575826c144a0bf05ec5330de15c67185e113e8d36130c940538

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 311f3377ef244f171668ef7622d49e73
SHA1 473334a276cf8c635c3f7d95def745629fc05e3d
SHA256 007acd0b6b6bd4a3e3b5c988a3f91ed35f8686654314ed970e73cd6bf4705b8b
SHA512 0cc52756c17f9abf6b3746fc82e861c377ed0ca08bd4acc38705bc2f0f46a1379657ffbf42cb138bd077c154abdf4d1efa9941949689cb184c8b32119ed3c436

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 5e6b29b71275e226d349fc956a216645
SHA1 7cca23b30030fa458513a825dade9b2b8825289d
SHA256 d46687663267693721d553824a96466718bf2953b6e68c9f5d4d6af56daa804c
SHA512 c4c368f7dd4324abbd0f0e2a14ae165a44808b5d7099d4bbc7b5b0c539878c157d4f92dd0d4ee8903696146f06ef684980db702d43e35edf5237e102d747a6d7

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 10:34

Reported

2024-10-08 17:47

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe"

Signatures

Renames multiple (2548) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnport.vbs C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msiexec.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fontview.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\OptionalFeatures.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnqctl.vbs C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\powercfg.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc12.inf_amd64_neutral_ff7295ba5a46d63f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\calc.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fillnaddfikknafi.bmp" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SplashScreen.bmp C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-f..crosoftjhengheibold_31bf3856ad364e35_6.1.7600.16385_none_baa58b03c657ca8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a340cc01c83b04c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netb57va.inf_31bf3856ad364e35_6.1.7600.16385_none_581eb8ede4375d14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_it-it_12b64ad00099674d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wdmaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e730945d85cdff3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_6.1.7600.16385_none_6bab08b1a3868589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_478d5a6fc8dd61ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_en-us_492959f9bd028207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_328af534074dc6cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..engineres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6cac38d52f2b60ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_6.1.7601.17514_none_925c6a062361e055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b6984cb6532681ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_746a89639016e5ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0dbd47353d530cdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5c19cac5324e6a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_8aa0c2aae4765631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_es-es_daa4901a41856a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\08d77067bceade0839fda4c78a304038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-timeout.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c310ce2807b49cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-dvdburn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d7c039199f71e906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_b47d1ea4c958e6da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fff5b280f9c70559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_3748f6b1d0ec8a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1039fd7fa6efbe65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10001_31bf3856ad364e35_6.1.7600.16385_none_24048e9b29f89885\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-j..buggeride.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_5d4eefa8314d0c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-oledb-rll_31bf3856ad364e35_6.1.7600.16385_none_f83672e25a90465b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ype-microsoftuighur_31bf3856ad364e35_6.1.7600.16385_none_1312b5e22558207e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_70416df523130950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.visualbasic.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_f8e3e86473672c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7acae5d4b206f7bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\33.png C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\nfsadmin.exe C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1ad085cc2ebeeada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_7d8982db6f41dca8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14941c232d3c4d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6fb966f8e8095070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b865ecfb8d571496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-system.web.dynamicdata_31bf3856ad364e35_6.1.7601.17514_none_0ddf9afd5455510c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..y-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_718581684fad800d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_11ad1328609df59e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c46639fc29f5072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7bb4c6b8c1b28384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4d2228ceb3c7b24a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz_31bf3856ad364e35_6.1.7600.16385_none_fbcfa2528586252f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\boxed-delete.avi C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..achviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_83e1ef13fa56314d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00g.inf_31bf3856ad364e35_6.1.7600.16385_none_afdac3e7463477e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\Help\mui\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f9b78bc742954cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ad8e988c6b87813d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_7057fb5fe3c0ed2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_de-de_5b5a6afc3f413c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3c143fa39ed4f150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnod002.inf_31bf3856ad364e35_6.1.7600.16385_none_ae12c1cb94acf497\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.porno C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.porno\ = "AFZBCNZEIHUPOAG" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe,0" C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 ac69af47df8ef098d5686092ce8f9f10
SHA1 2e60d0057f0bc197f792bf855fb38ac07448a5fc
SHA256 bb7675abf95f706b88fac088a56f5194db57415e7ff8433097ed96edae7af086
SHA512 dceb24df89f0855d439d3ed461cac17d56216b4c0b7348c6623d8d92c32f65515713089021ee621f7c7de5ba6437889e1e6d4bc041b6b2c61907ae5e1fd991fc

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 fdc4ad8a327776894a38106dce2dcd2b
SHA1 bd33d3b2be110fac8a22a16e1898a5d765d7bd31
SHA256 b4d2b326a2ea3f62ef00fe2d8642b2e30728ff98299703a37214f349059ee673
SHA512 9bbfa2087fbbee60e7ab1202d2eb5926b4e660d10b207e0889aa4ee87eec7fb2b9998b7f62ac18be980d388565473908c38d9be7ace9229125261eba55169d7f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e8f7882374fc0542ec6fa4a6f5cad887
SHA1 9749474e4ab54c1bbbc746a8c1676ae3a3bf2889
SHA256 1ecd7ba7b2c1712310cbe26dde8755e4ac18e2b3affde3c4d8402289a4441038
SHA512 5affb2722c1a3255b4d8e7b3526f63c082f3c382edbda4afed31564ca05800b34818d1616aeafe116eb90902db2c69292cf818284cdf12e2b67cecf7ecbadb5e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ece2edc6aee66e3ebdf955696c4d151c
SHA1 f76ce081298f4c99ebf97be85d120b4f66d8b8b1
SHA256 96cf3afeca0248c8dff1cd490780ea3439c4bfa4d67f677ff1800afb5f422f54
SHA512 f376a2ef385b6216a62798197160b029f2670924c44709ffd535e2865d74f868a5d442d201d1a7d73829bbe602e3d5eab3f4b0cf381e1736a47f2b2bf9ca5f40

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 6a379359bc8801b1639d9b38cc21e6a7
SHA1 e52f5e894906d1cbf6ca79987a813a4f606362ed
SHA256 292f5995602b1b6dfdb660b8401eb49e89ca43b9bb8f7e2553fbdcd0cdb2e0d2
SHA512 fe4198f0ee3c778da4354343895abdf79475a7baa26daf965a3fda03e89acdad0725aec580802f75d26dfe858ffa3a3a1232fe41cd4820e6e6997571350ddb64

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8c0e971e93fc2b51564049f9812bfd05
SHA1 9d4db8389c65d0b8582f7c00c599984133c000f5
SHA256 a77842d1f2ce39d61b84f3e9a5a209a0240bd9a98fd68235f383bb5f33741bef
SHA512 1c469e81cfffebe2e136525dc10ff4dba10f2bf70e18f80da2b4fa17d35797169b8577f842eca9c9e59efe21c5d00dae42ddfdcbe645653614e4155c144cf8a2

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 2edcafffefe4f1d35c668e7bf050e36f
SHA1 d1df758eadcd4d68c2d9e2c34cc2dd65cee5bc2d
SHA256 2da45f723bb2b5c959bd3822b7a0ec8182c10c969af66e3bf3d3542095d4e859
SHA512 fd54d4b64b596951894bd7d0694fcda5ecc013aea168b52f4fd2b51a6792c7bbde1757d2b0ac29614f7bc0ef76fc7583f6354e6386a7a796fd60f6c0b35e8511

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 12c278e2d2e57af1948c9c6657620b05
SHA1 54a51ff5688d9887c06323ba6d1472aa549a7ef4
SHA256 50278fe1d30d74d53c397830b309727fda1144914d0a2d5cbcf8e9f0130f96a0
SHA512 d23706349b9c17795709c333bc1e3d79f92c321d18981942467129523ce708cb5e58816e74a38d7c3613d5477faf7d070a9058fb03e3c921506c508cd0e47552

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 1cf4e1a31fe16abc17a1b3649e3ba602
SHA1 d5a798466e2c5faaaf09e64cb67251c0bbafcbfe
SHA256 8989afc3cabd9c40696f0d335c4ec139d49fc535d1d4d35f7321e88671048538
SHA512 48b8fb57a869736d557248b887a25080f2b33f56e6f1729f18c00f47d3fd49249099a43d9f49d334f817fc5feeea007449d4b6e96229357b496d39d5903d2218

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 013c02aae9b1985a0318e2b6c9aaeac1
SHA1 eaa0d3ca556fa6639a631e9b302dc5e0393de455
SHA256 dffd10a231da6143e8271cc3dc412aa654f5af66b485bdc661fec3c292bdda55
SHA512 ee1082698a5e6ecc8b7d67e011e80fb69b7956037cc926aeb6a0b1f671c32cd330cce4b02dc10e5191933b079ab8702107f9a60385ee9a0b0843fc91a6bdeda1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 227ebdaabcf690c3b52ba240530421d9
SHA1 5ee0a26228c429cedd8e304ddc4d061bb83482c1
SHA256 31218880c08bb2dcf40d650d7715c9a59adec536bf6a1f48474e3086b0e10138
SHA512 38d44497af90e987fb93b6807991aea3d8471b71cf7d8c85e9ee6ef9413b39c843e410a47e6aa861419dbbb0eb442454cdccbb0e9975bb6221d0cdcd93dab115

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 bc84034df8a808dae9ddbf3d3c2b06e7
SHA1 a57c4b1395d502329191ef15a9aa0762c22c119f
SHA256 831844cfda7a205deb4bab21a7317748d705bfc652434a20bca787cf3454aace
SHA512 a3962e2265ef7e367d4c951af624e1626a3324de8b2531e6f8dd3443e504c47f8b78347443df1dbf1d76104a98686c9093a71ebbfc324b63d0d7360d21873d31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 734b72e08496564c60c0b1c592750bed
SHA1 db2e1576daabe9c1e363bd5964ccaeb61d354906
SHA256 7f7204f5b11d434a720bd029880083bea22a538f0bc4b7cb12c44635b2eec76c
SHA512 85eb0c5b2ab69f24d06e6aa390e6a2fd4c5c514a5b3ec5ee8c3a2a04ba397a57d560a34dc6d406823f96fb9e32ca3da44f9420fea7ca6194090f6ec5536677c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 acc9f88a360523cd7109f3f42ac30331
SHA1 7113ab4ce74dbded57ffc68b4f1cad90524f4c70
SHA256 ce260915ee673257d5af335b2d38098a93c0e98e5128026380c09fd03a3cea95
SHA512 86fa2d2e3e7ef59803605546167cf9980c8b81e21afb26b08c71b334dcb3096e7a215588a040f04672b284439eba3cb46583c6692c511a36b265859b867e3db6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 e623b95f3acd474e28f4cc1cd4cd57f8
SHA1 3877b31eb10fd4f9ed173af17d1a0ebd9a128704
SHA256 b566e5a065a95fe692e40d4b7a41342714139a6aa972e73ded6f98996bd00d7f
SHA512 fbe21bb6a2112ef5a1df94b559a457ba85d4231a11da3816a142e0a5efb04cae8545c3de7d6c6f935795eb9bd190cc25c9e13a2ad74a4f1971df00a69b923494

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6e691b5cb06bf679c9b46b72eb22fbde
SHA1 c185149f52d0aad4938f7c614a528f4db46272e3
SHA256 e86f1d8df8c3d76de50e8d678f93c6fd7c82caf45d1e0728757bf2e215760645
SHA512 4a833a59dc4f5c5325c3a0627129909ecbbded4adb558e1618e7c513539dd9c45f74c603e5d0ab5e2785ab36d3a96780571ef288f85f93f777d9d37ad24b7d55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 8bb0487565463f15b978d323e4701304
SHA1 8bc9bb4256604ae6edda596fa86e3f535ea3f62c
SHA256 d37b2f847b41c356e1c4e3840c5a0f52e62fa6d3ffc6b33ed54b5204651d158d
SHA512 18dedb335b67a888e82a3a61a4b20c4349c257ac3ca22b52bebfa74c6e5778188f3102ff8ddd28685f27dec6f4b308cf4eb0dde72a8beda2bccfe57aa8152b30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 bb3bc0d29ac6f27340a51fc4ffffd006
SHA1 f599fbd80e8c0df6b733051b5d39b5e5451f3c2a
SHA256 b7294b858afc0716e6bba0e4fea76edcd87924f689c67dda90e62d35dfb85aea
SHA512 f09be8ba83db56f3e1642ab16eb524a3d716f274aa2cacaf1293ea53085ab32407ae7ae755373a9ce03430280d0ad033c2f1ee71a4228caade7cee7553620923

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 708a9d9ba078605ca76ae15d728048ad
SHA1 367bf5751651fee344f66f3672aa8ff8dba584e4
SHA256 6ced8695bd3ca36a6aba40978658c2bf5e8fa0ba6f729bd63fbd48d7ffd59d4b
SHA512 34e3f2fb1c05ed00f9c3165155ed787613af1f55954b94e510e55fd2f1e991baeaddb7e97e4c584abcd104475302573db5b3b56d6802550cfe6d0939d7f8651f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 c1ce034b73261e11a1f687c74670d071
SHA1 74d9f7441d48210f1ee95acdcc27e4cb7ee46898
SHA256 c631fd9ab09a908c15cebec9098dd35e1c3430dff5eb2d8c39a69bf2ad8a38c0
SHA512 f9920d65194666026340d1a121d52ce0c9aa045ea388cba36bf4ee13880306564a6641c63b649cf75a6aa5cbbc46d1fe701c8db86184b7afbdbc67c75d53b5a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b6c1e12b25ce4ab60931461094ce3598
SHA1 111f83c388804e6c37e75e30a56db0bd886657fc
SHA256 be07c15bd618304d8f7c644f2a7b10756d68f524c6723be01a3583c1291df88f
SHA512 b5c3cfcf492022724b700b030051b965c13a7a1436ee5a65219aae8a02b799b14409e91c0664a66e67b221d285fb8ea7f73d613b19d9c353b831a74c21e4a303

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 61e8a3febc72e3f27b809078a06050ee
SHA1 9cda4bf0be8ef03074a3f47432cd4cf787338d1c
SHA256 6ecf84f9d3e734a74eb5f289b6324461344246e3d9a7d426efef69045cd0e034
SHA512 1d7c8942d144bc763d5160eece91cb9b9f0bd0b9fc5edd437550941491ed5e7ffe20baf884b10c828aa97588cba82c1df0ac423ec58f12692ddaa735435a0bfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 a61d7ecede5df25f349ca93613f79009
SHA1 96bda045ecff6859c59cab4d41b914ce1d0ec90b
SHA256 7e38499958e6cebe35e59594f8a5cc4399bdd3166b25b80d29b17c06aad1021b
SHA512 ca5f2ea484e8244367cde86baf73ec59dfe4936fc7fb3057eb9d20a735766139a8ed69fd7df6b84cea68a7e37edec653a4bb1e4271d890c5c58f9ef0e3e9bf1a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 83f060cfccd6e11408eaf88a3c40ee10
SHA1 f59628387d25dbc502f7e21fab224f29f4c4db01
SHA256 67b0abb80b947468284ef6f6d63bb1e74dbb41d8bcc55e03a1c291831363c0d0
SHA512 1fa7c519f727c771db5582700828562d688e142efad0d83e7dd0f3be2ee70e42e3cd3267ad05aa6ea67bc0ceccebefb57d486f7aff9010206401547a1b5de7ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 09fa7d1a86c0ad4e374c0b2bce9424f4
SHA1 053fe885ed1e7a1738b47872af77f7fd3850a4a0
SHA256 9311df6c8344dad2a1c9a5f83e4175f8c5511d37fa215e7a675d55c52c47074d
SHA512 5966463619395f7b496354cdddc6d56410e1ec679df63e90522145f188876efad4f69d20fdf437321ade0f9c3108e5af4295ff4e83d4a64b8c8257c7fe20fa61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 062071e8c0e1a64f4c043843a981fc82
SHA1 ec43fd8bddad3287361231fde2024c09ea6ac7d3
SHA256 43bdfd82ddbb5d29c09789dbcb721d2c2e492557de91a545297725d7ee5d54b2
SHA512 ab7c887a49a1a459a6d819d125cd1e117e35e7578c9c0f3e08bdd6d158b49b64f9f6ed6f3c55d250dd70fe971a2281abc3c9835abff865e8995fa15937fe2e11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6abb2768ee621c444833c6202b0a6ba7
SHA1 020f1511395117577ee15aa05dcb9212a449c9cc
SHA256 360e1ac096af3eca731c9170100b164db55c1bf27e70ba6a7655fbc5fadc095b
SHA512 a7b688d60247dd5812715d3e2a1e0ab29dcdedc5bc6e1968e5f83f60251d76be6ced361cc81728e57ac7b708bdfbaf34f3c27b1aafeb0ea89f26c6e0a3a6dd3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 6e0cd8e990332e89400b89a9c1f859f3
SHA1 0a9367709aa2026f4843e7e6fc67c5978361aaf7
SHA256 62858a44c9990d034e489ecec350d00ec371c4bdb70b6d546ba18fb7427ad139
SHA512 0f38c7c923b7252cafbce98e1e7180047c0b567e76680ac79ed32b497e049cd6316ffbc8c2966b8d3996a2d1e545aaca9cd2639863fad8166c55c0cea0a65290

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 682eef148582aa09ca1eca0673f548bb
SHA1 234f6595fa9af647b205bcdba969257f6d7b2928
SHA256 b908278a48f3f143b78a3ef43502bb3469d95b962a4a238221624e48dc855207
SHA512 2735780dc11e78ee044f8b8625fdc18a2429c8f7473f32ef744e0ee6a6c869fc731479df1de12987a81b8a7381d23247744d4f4daf1f76429223f219f121db9c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b45eb0db03060618b887b33bc6932f6b
SHA1 906f6e6fec79e1afa140769d9c0ec455fd50f3b8
SHA256 0308472bd8723ecea69f3448b9c57f044310655012ad8866b08b08250e30a761
SHA512 47ec0a79db8acd29d602747b15151c1efe661892089bfa2d01cdc92b48f62204a7500d01a523c14871927969b49141b284a30f9197dcafcce8ccc521487e369a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 6795bb0235751a13a43c2fbfe6f7f431
SHA1 0ed62ff4d1d12fa02541144b7c41a0c2a59e92b9
SHA256 c62deee134f3c6b5e0eed82f2ce0eaf3d45c591832f5335d758462fdf0dd32e3
SHA512 aeb7383a7ef3c45aae55c0169fe5b221d3378d64a2e93ddbab0a637585327ab8d9605f8cd24b6bf80d2152522eb53818a43bf649bca4de950b55cab5aa6696ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 52cf2f632dcae0b0964b3611b06a4f3e
SHA1 0cde1f43745ff49465c91efc0ff7dadfc6ae7bae
SHA256 1e99f50e08a713b021b14e9673fc7b009748620c4dcb3e9cffa94cc1f83646f9
SHA512 c1666c1461ce81ecd61939ae2b12e2cee6dfe11ac6df629d70cea5c8f3880ec63e1083674152240eab83571c85bd5da874c74e28bd33a6e54eec6a2b9f65efc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 3c8eb29ec9c995a56ad43eb31026f90b
SHA1 5c038a5565c5856325f8b31f3619644903e137a0
SHA256 0063920b781c82be96c1f42493e73ac14a2b8d423f5c31f17e25b9bc1d5d7c75
SHA512 dc86922f1e6d64700473c7a6f59903d8011cdd3e67d1ea9b38567d502f6b732db7e2d461c5c6d341e5d827be79a5bad9206c4640b881f52fcb6ecf842c472343

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 3b8481f12298282a08b6b9e7bb00cf11
SHA1 d5f1719d5905ac910e56f0655033a0a53a9fb217
SHA256 4915f7637792398ad842af1293e8d0c6dcbbf43461e01a337d195196f145a81d
SHA512 62df67a39cf5725ef88579a306e3d04dfa82e45a452e7a23002ed427e5716193f05f810083b0953f80d8b258fe8e2793b26991ce5b396ee2fd4d83af9dac820a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 2e2c32b280e0e2f7c39fad1ae4276ab3
SHA1 7cb04acb77cb2099cdd52a7da42187fc43968e2b
SHA256 dd8c641e9a35c4307737bde06cf738bc010fe19d57275c88d5351787dab49728
SHA512 2a4a1f2407694608128d6485ff74e906f682cf561504ed1080bffd0034bdde890c32002d565a43585681315dcae50999fbd2f3dfe9e27bedd2a6143d61921630

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 a0686181f52f4f7ee10f73f0fde3dff1
SHA1 d8af3c3de9ffff35622f5dcb52d4bc50af0942ed
SHA256 887e68a52dc217d32fad8fb18c0aa1a779f70a972eb43e8e73e44bbb7add468d
SHA512 36a762cb2af8947a82ba9ae52fc72a4019631f5ad7f594d4717aeed25724a458f95755a9fbf5507fb98ea4d842191936b21fd91f57e51e9b6e18c62456c04567

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 fdffca58f4ec7104521e25a84312880a
SHA1 86efd074239d14ae7da2a3f5c71f1bf42dafd97c
SHA256 0d2efa6e89713c1ebfc76da99b4d7e243443498e79d2770a2f9356e161e2661f
SHA512 3d55745d0cd10125bd095098b90dc10a1c65969a481b4f9350e207e97c38af301a3575cb9bf9fec2d2de484ea71792d4949bb40376c69018805faf3d988b0031

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 9c4aa195e75777fbaff89a7abca1d390
SHA1 eb568df6f0f0d996d883bd6e2742ee86256fef35
SHA256 ca44d675a26bc3f12149e9de40677848267fa3ec3f13f78a97582bb9b39232e2
SHA512 6b9564a69c3c977d2cd1440e9616159ea89c252aa1e0775400841d05c6a4b9e1286370c541fd5b04ab64a4733d783f49b5e3438982c8c9f4b00cec6aecceb6ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 907e61ba3b8d0188ddf9aca6aab38e9f
SHA1 222dd9b9f81023ae9b7e52786a5e2159ed60160d
SHA256 7a37c49568f53871b48be193f001d0000a9451f36028e11e4c05808461156d1f
SHA512 6718ad3e19206ed6e71369d55e65c26f435c67af490abb78858b2c6e649d3614c5c7d25efdebacccc92f4eef8b27d9b2fb106bfa7d2afea87899cdda19baed4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 edad14c19c9d8013796f3f1d8d59509a
SHA1 38e9b506a56f09df25410699001f1f6a11f1cb34
SHA256 800902269576110a38135c3e75f94a9c33fc188591218f6993348a4dd8c6a6e2
SHA512 bc2959b81465868b9a20e466ad9e068c124a81f3f22f258f4699a76170fefdb856be74f5d5d4d8b309b2100f70bfc49a324c822cb13efea2144b61196739d82f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 2006ee36baa0d073d94add723982c398
SHA1 2ff67b5578dd73d22758a5b6538601fd513bacab
SHA256 31037ec04b70dc17e992972e6d6d0e1f97dececa791002ebb175a721d73a0a3a
SHA512 dae32b2ea30e2db3d5c0fea9175586325f8094675e61505e4145c87d7dc7f23f1aa61252c903c388ac1ecaa1cc0d04150f15a825789cec1f3085cf2484dbf3cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 47901c0d9a0f75511ee91a4944e20b40
SHA1 054fc2f28b2d72b8abffc532677fe6070d950d2a
SHA256 4c1d79b3f34191709e5ccdeb1856f1bbbf23c8b62c413ca6ac9b82814c313694
SHA512 5d4216838240d9a34971823a0b430044189d489a7dcd807f9e8586ec432c275ad5d4c0f61561e415fbb2c021cb24fded24523dc223fe2a394b3958539cc9ae58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 07b2a1c545df94814ae217de69d57153
SHA1 d314464d7d09f5a6888a7c8121a66b5d11668d5e
SHA256 b7ab52436d114b8d2d25afcdc2f0c86c4650d7b8e2916f013359d215e304a271
SHA512 1803277d93c8acf562315d8a2416f222da6b678eaba28e9fd80facb876f1547ea7c869cc677ad9a771970f08f18183ddd46e430aaa2793e2540cb6e77c727655

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 033394668b2b10e6552f6fceefb540ab
SHA1 a97c0cbe2d9a715bfece0ff93c7e58dda789e39d
SHA256 94b0ec21966d854e23948eb2abc219d628abfa2019f195584072f2127ba7fd53
SHA512 a7e3c29a5bcecc672be3e3fc4ddae26f93fa43cb256201455d9bf8f1b4952267a5c94be8912ff72cc0d69a89e300e50762c76084ae28169700a6082c8de5bd4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 4ee2349e98fd0f02412c0e3b71b59a3d
SHA1 e6f2844353687aa457ad3223af5c8b5fd5300365
SHA256 82727d55ac36f5abf6cd3f4effedac4b363541986b8b78b98cdf9445d02bc793
SHA512 b725b66019dc663d399500bb60d9b49771d8ee9f2c59a3fac26cf87f40d2d443acc763aff89f8fc1216a7d7f662c0f3ddd8e38ca51e8455eb98edb25259cddee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 76ab2b350fa649634d99dbcccff3de8e
SHA1 e1f7a7a389cca106cb9b2aa8353e610037603f60
SHA256 ea719c42232b997641b8f3078b79f0bf0fc5cf0f465a79260ce2b03f85933ba5
SHA512 e4ce70bcfeafe959d9701680bb986c55404d610d2482906a42fe3a30a9fae0f096d88aa63e6d66a24d6a2057f16569774136ffc0e4c9a35e0e6dc82f9cb51c7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 6ee420178539f257d494ce397d4ddb81
SHA1 a73577519a4583956f69fc0e8a9369164d5c1dc8
SHA256 f9183eb27de36a51ab604a27cc71be1fd9ceab34f219242ba94143501d1b8c77
SHA512 7500105331d5da322f339b69aa821b0b9d235939e9c1acfe6d5eb59a4d635fd58ef47cf9aff6268c9ddcb771c45d9d8bfeceed19f7498f81bd9c5acce17c2c77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 159c629067bba92f101c251618f86009
SHA1 7dc9d75ce543db99c6a20e201e26c16d1692d1a9
SHA256 9a3c3cd0434769e4e66712553b79528fc2c3e9b75639054dd17e994b8ee0cc60
SHA512 e8251212e2b7a13a3fd7c57e0db21423589bcedf61c85ab84fff926b9138f9efe31b2e5651165ad3727caa23af32dd5a78dc5e5eba063730b0b57beb5701e244

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 43749bd8c14426a603b9b28f7c791070
SHA1 8fb8873caec05153669041b06a7564691bf32949
SHA256 c775bb89b31bb8be4714ffdfac60e37e889cc29b086c9ff3031bccb058e02cfc
SHA512 663b6a6c49aec9c92a3a0728b93246864f7781a03b8554fa9db987e16b6e5d1bc28a95babc69c558fdbe8bbaad5062c4538aed8257acd763cba2d5cf40705212

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b62e5084e5730d0a1fd4ea46ad7b6cb2
SHA1 8f411c796f31a84f3cf77f1d1de0c1436e3cccba
SHA256 8ca8500e353dc293fbf7b60a3ff73607f6b82db0009dd8ec0ba15a123e483876
SHA512 d159a52506838baa5b861a22ed772b2e3aa6aeed22e38f93458cddc1203cdb4619c38a2c8c6725f2488e386ba48382660270fbf3fa2d3f15c46b70e4e1fbfa46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 496b2594251dd12c9d53ec3dd695224f
SHA1 aa6012d4f0b3c14759206e7582351b08250eeef8
SHA256 449d0f5733b12d23d39f77976e587044a5e9e04e2946836001d1add93c94e625
SHA512 73756999f2806fbeede960e90f50c4ef5d248bc9414c5f4302c538d824b1e5bbee1e172c147cd4db34d1653b134863e01f31aea6c2282a3ac37f0a970950a97f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 602a29c9920aa27ce877d3523f20fac6
SHA1 b07d97fd449df611c1c63e9dff158e651ec9ff3b
SHA256 3441766116f632c71fde4c4768f9365b1a732968fa7e1a9acc683402ba714d97
SHA512 e536c1daf1daa2349c5fb6afc39f277d36468fa359d07d1512bad7f3b3a81ff92703ff91267eff23ff62ceb8f65ed90ed8d868de8923e42276a40fef54a6e6b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 51ff55f4f1a4d5bd19a11c68ffaf2179
SHA1 a50b5be46f57b55d482f56dc70f0e305ad907003
SHA256 bcc500d0a2aade709b4e6d84d36713629c13c2fe2b948065e3dba76cd1bd266b
SHA512 886f46e61404f925c760f15f789e19a39f065aa85288637bcae79443f4a2f4030d72a1b80b7f5472699b26d9374efcf4a4a059b5ec180f9971ab10cd08fdadbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 8434e03d66760aa374cb99148e587b36
SHA1 232b88f68d3100366eaf776408888a6687534d6e
SHA256 836de7a3a630eb767e8e528bf789777dbf9a014aa18692003867b6a27ca1fdc5
SHA512 a245a1c5e9ffd342e10e2f41bc6cc489c7df2d1e884e6dacb882f30dc087cc475a55d97514decfc70d2f76f90d7c4dfcdcedb5365e604dc7d1870d00a6eae7f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 5a03357b3b486bfe83a5bd80fb0dd8ae
SHA1 eb66a2e3a4582de71dd1b5cd57f45d5f915d74cf
SHA256 ae4aa65b078d97e881877f9b21410b0f1dd0abd3e73cf82b954b9bc389529138
SHA512 ed94d863ca09252dd233935f9a192a8f81d1796921d475d01594281306f344ca3dbd9671355bd3e3ea20b6c27a2078937a0f424996b77916af435e7be6dde1b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 0ab33b6116318601d11b747bc994e03d
SHA1 cd0e3f0eb9786fc43c1c51db12a20ab0db869c9a
SHA256 65da9114601030d656454778278c917fd4b00de342449c46fcc8bf021316c434
SHA512 3f6372d64f188021d01d600cdf246013c515ba47575b88557f081cb2d929080e47daeb63c2b1a2d006c4f013ae6e451d291c8dae4dff7b3ec264e6f7ba80f6dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 2de4afe16ce37ee2ef6b250517ad4705
SHA1 62ba3c2f38d79c72eb53ffb97f8421c259e7b3bb
SHA256 d1f8769ad930f0bb6767849b83f66df73a3552e1f42758ec3fe7fd0feb65ca27
SHA512 8d5a14bfc1bae83f6e1f78e61f5cbcdbc539e8212a74b065ea4fad92644c4d9fa7f1151f842c2c7599048e4b71551776924b68ed610cf63ab472733f41fbf83c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 5159cff220ababaf722bdeba3673fda7
SHA1 2f76fc268e083abefbbc9dc41051b83d0745b783
SHA256 994d1f9d6f37a522fb0ca43efaac33670142d7ab6cf5dca501b9cba85b118a0c
SHA512 2896dc14509479eb4b5acbfdef0f14d9754b41bf96a308f07fd801f6a6e361fbf3337d05f2d6a23cab76a9e83b9ff383bf40a5c8e7fb17b9a53f0cfbb7261da3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 23e8a5b031421316b859ac4403fb278d
SHA1 2f106a9f063e094bf07aec6fca86883d3dea256b
SHA256 db3199a216557878f9b8db3bd4c4e0b3353055f3a3f5ff87f53963fe25d8480d
SHA512 392a97587c903ad267105882111a7a649b1db23698039630ad0f9c7256261afe992a96fbe8fbda904a3d236c7525fc4aaed3551084abc18c0cfec8e4a53ab682

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 8aa0604f8dd1aa762784bcd0f2e1996e
SHA1 895e5cf998f4b4dd99166bb8c0531a492200a0eb
SHA256 530809ecfd4fc457dedd006edb16478f199dd3ca9084373ce3641c6c4114ac90
SHA512 65b35fc2021aa4ed2f912024470ea7cf4b0c9b02099506c6d45a2193f5573db0ccca53635ffff618e265401b6135a541fa104b87266b18ea21e67eded2757c30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 dbdf64efcf487ed81358a590e7beea6b
SHA1 213085f72ac10a9a493ab75209248a6355bb9151
SHA256 8061675aca7d5b3fb93ca5231431ea087f4e6bf597525cadc733ecbe9324c281
SHA512 1ed292f349a93bfa25806b703b41d23bf53d939b1cbc680a78fac5638ad76aa40ad68fb87e6409b6c44ef584a8b252bb7c18fe576d276953ed08de0fddfc33b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 994d7c14a54624eac789f6be76cf1038
SHA1 0336327272b8bf6775ca953c49354ba1a435a4e1
SHA256 2146d2f51b14fc438790ef3bd3878a62f4bc0b6a3c78c41b8ff01d70645ae187
SHA512 ef7dcf6439a7644fc5ef3ca4c37910e03b838d78e9bf4b7fb9c764ada6c5351435e430f8b31e2f3e0f24aefa02ddc9027ce36029659a58498892f4875249101e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9c94766329803c1294a2a3f6b517e68b
SHA1 44873f41357ada8caccae434cad9eecc458bc9ca
SHA256 f83eea0b9638f89ea1ebb3e9c18bb2a9315345c70ff4f89299016212d6609c8c
SHA512 906b963969269f305e68f275988df7f15cb9e37bf5a0ccfa58f502c208c535e0a7d45d0fd9f8e1f867e34ce63d10d5772c469ae3b3cf4c5ad66043dde171c34d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a201b5771476720f7984549810ee88dd
SHA1 1afa66ca40d7a76f4cfa0328226c8c9b53734c7f
SHA256 fd152d9e0a7982f1605e966ba044e73b871ce6069e8ce45c672fed4125a07e5f
SHA512 8767816835ff7f4861a42db786be6fea7402453d99d93a4d295149080c05b31d3c08ff53cf4b17a06cdcf061ca3ebb5a28a2d63b833e909fe38a7e31b200f305

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 3dd3d08e6cb8a3ffd2578462a614cd82
SHA1 de1b9eeffc3a7d15d959fa05ff0b6cd4f3625c7f
SHA256 47210306e0a595a6892bd7193735647de7664a8cb12eea574bf2dc4112d5c393
SHA512 750d8c5b9e9f27b8800bcd765345b6e1f55a5143b5dd3d286f23a9d6008d6163da49292d99e1d0ee91a6f6a66926bc09f83a99e1c570d9b1ddc7e1d62402b1ff

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 2bc757e39f87cd5f7be519954459961e
SHA1 69d2ad8a9119f118ae17d18df2426104929cedd6
SHA256 39516d4a8f17893789c3d22e597465bbe16ac0ba7971b415733cffdd94e2eedf
SHA512 558478e82800e274cb7e0f0938551d767f2338c39af1a5b5a9936d0fa65bb8335decf8dff088e54624b6dd149a7406a02295b986cbd36cb70dab991105bd8be3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 52a4e3bbe2160a0aa8b12ccd12e8e679
SHA1 800cb044c67ab867f932496a1232b0bcf02d401f
SHA256 e8771c4c1f497ee7a4856512faac7ddcd263c30a7515306e29a500f45a5bd79f
SHA512 fb6e8b191abfcac23487fe472cc983a93820604087995d0c75fa8ef0fb47e3c772d840279dfd2195f24baf32af28a203c72ad2dc1ac043a696c27461b6475133

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 af8d882a99afae5eca7ef6735feaf64e
SHA1 0c9eed2ffbcdaf3f0fed6f940fe64eb6895408a4
SHA256 c4ea52a669fe12444917ede5a1e21e6eb70a191a5bfdcc495ff2d943f16bfa33
SHA512 3adff34ed64853360b616cf5d671404a7ffc983c9545740eefa5d01b6a1dfeb44151710a5377fa60511bcbddcc3007cc91dfd1ca4818ad745f5d9b17793643cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b5a221105d3df67386f7e70b7446da4f
SHA1 0276519d02e1fd906b2210f847ae238d7eadb125
SHA256 b773fade044902cafb97a044c7d21d6ecb6ec6ba8a63196bfcc4b744a552972a
SHA512 50f236fcac3c57de909518886df97a09d3f8186492c561fe6842e21efb3ff9c1a95942d35a88465ee38e63f7ea9f3852e426133bb4f942ab7e87850dcb9ac448

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 2e9b16ffefb1c8c3968e7fe355fa293a
SHA1 a369a5f33bf662cd5f8ffc07887e8d34c441082c
SHA256 a329e4d0103263ddc12c1d3fd93ada6421e6105003d79167059936c11a0d40df
SHA512 8ddeb31d19b498f91a7ea064901bf93c7f6c33012770db44e5bca21026b8ab27e610ba4009b06e18c8c5f4cc5813692310d6c692686662792fe1c8cc389a03ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5faca8159028ac4836654c636c9c79f2
SHA1 0e1fdaccf8667e5967d5327320cd002d7d604e12
SHA256 456cdc2046e09ab597a94579832b2884fa2993efc451a7609ad1f68015238b4f
SHA512 ad723f46d4d9142a110e071d4e2aaeeb09661122549876f99ed888522c0a84f629958d30e710968bf8bdc405cca4afd5c561e9a15fc67730d71ad3c6bb52107b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 5422aadba7876d847e335a6eda668699
SHA1 c9b80ff7ff8a8d61f9df15dfd1cb47eaea2b0a6b
SHA256 362fc007bde371124a9ba08473447426d2235dd06fafd146e42d08b753dca67d
SHA512 1628f61a5c40debbf659f2abc3fc8ebf5bf713bf54f027946deaa83de04e26bcb0a131951797183db7de6243cd50aeb73926a642e2518888053173b637272f33

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7d940da3823726278e772a3ae64b2d58
SHA1 46a6ce845231a68b42fd0735224c9e96225c8020
SHA256 ec2459f48c9773c509565bad9a30c493b7262902aac6fd757d49ad91abc68a8a
SHA512 02b615ac343e4bff2bbf0700c03168ca931dd45f48675cf9691b345d1b44816d6539d67aeaa27cfa8e70429478d47da9592de9eb1d4a2e9f1df68bb4100177e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 5db483d4fd109aab73d9760a43c9abf7
SHA1 50f274b7671660b1749989f7d8d331ed2ebcd824
SHA256 67cf7595af9929ef87eb22d8fdfb82a725ed946c13958d47db12251730e23dd1
SHA512 190f14bcefd4462e60ae28ee8df421a6b5d3124b87903f801479a298d1b2d2abd318907ef132c020c662048cddd6e181487635aa701f649bc2d1d5b1f32ac1a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 158156dbceffd0b971b55fa7e84e2351
SHA1 e5c3f6bfa703bd6926009d58de63a260af240005
SHA256 c4d1b08183f2d06925240dc37ee54e57b27d572ee65349e55a68da39121b2c60
SHA512 7c0d11acff4398032fda677a0e98e2bf7d4f3afa8fda656bc941941e17e0e74fa5ab8a725514e9506cfc1ba8592dd50ad4de9e6fcd2ea389de45613c27464253

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 38d91d70b6af1387fd251762a5099de2
SHA1 4df70ce20abe6e2eff62ec70403d3047585779da
SHA256 7072940b5d76d2bae2b5c6ff6e156ae9c6145ae453a13100da0627d4fb75d790
SHA512 c8464d31e5fb63a1e8f87524c8cc65ebcf6e9f89a7663d85937e8927a1871e7b87feb51452bf999f899728c3abb8e2de2404de2b98cbc4fbc747cca80d2d690c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7b4ac7fd4fee562df4c02dc5152e1dd2
SHA1 2e82538747444d1bafba4cf039ca3917e690828a
SHA256 78ccad2aeeec180629bdf97aede7895a1455f1cbd4f4a4d41b2d9e682c585591
SHA512 76c726426c0432bf1a552c6d5a22f5a3401f0a1dfe197fed681ed47a0e5afc2041b1741e123844777e3fa1a5aae80467f8765ae8d6e2df7e00d1494e321ce176

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51720d2b6bc848fa1ab8ea4be99080fd
SHA1 6672c015e9f95d28eaf4e235d5607ad694846da5
SHA256 12eee2e0439287dcf8cfdc35d922d512e35abaabecfd9f5044e3799a6f96eb37
SHA512 89f8fe929dcd0d43e666445f7694818cff559d5027ca7d5e9a0abef14d76fd6da73450698e6ed4b26ebf28266e2f5bc19b3d185e0693fdd32835810f156df37e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 43e0457a8180d7dea551fe50670c29b9
SHA1 2b78ecb2a328fd502e87418724a8623a3a8da6a3
SHA256 cfabcc78d654639412b904aa10484e6ca3f5888fbf9924be922c345bcf05c887
SHA512 30b851a113348cc86b3dff87a9759cd57c40b349fa30b2eee63333e12575b228c2f83625bc6b7b0ab931abffa12861ccd7082f0e78607b3497072a2fc6e7b20a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 913515b81711db96edd0ef5ad4c7c9eb
SHA1 ce81e070c17a81071b529751acaada0ce59276c1
SHA256 31ab08e1989de0122bc1ba014d288a68fc1212798eca99a0a4738a9d0b13dc13
SHA512 f338a88c70e126e4619503898856a7ace07ffa9466729c8c7a3ae20b5ccf70388e106a42e95f7c0fca9b94b14c5b4fb552f408ca12175761d5d5a04dd047a8db

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3d1678cb420208ade9f78414dec92199
SHA1 547a4296d4fd70c75bbaefd63aaa57682425ab4f
SHA256 7515b8d4df81d0b9686f354ffdfe9f4d5205354c7e92a6e0320f167ba00b28d2
SHA512 19f13836934410d0dc4b43867fb0954112b31bcf7317def2c3cc281bfd58c147443811ce692a7d6200e7404e80569c1970c49a027debf32123973f2e3d85ba2e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b765120006816f8ca29c34c97ad563e3
SHA1 b369d6e3b6a48e030cc39935bff6c12c4c5f4f3d
SHA256 7a682def87593a1f16d23b5465f24748e09b7334defb2549db60e95784faa376
SHA512 c5890084a877f6bd379fcbd8919be2d23f09b46b0364a5e8f283d7d75dac06df72ee79d34980098c2d0e39f41b10c523cc0e9cd51c7229631202fd2209b81c7b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 9641e44099e3ae5d056345af5503fea6
SHA1 03339350b6aa74fa671d23d6de576e01063b330e
SHA256 8f513f48374cb3ca4d81c221bea12470e9a03e55b9c928c8c5776198a7c9fb3f
SHA512 21a34f8d4786e05b7dde67a1c94af20315f3536a02c31364554072c330ce4f356f18cb5491fbdaa89e39af68231a7c8500b1ec48c71e40d27efebdcb3751594f