Malware Analysis Report

2024-10-19 10:42

Sample ID 241011-plagraxbpl
Target 34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118
SHA256 621bab043d087f306ad4c5768e1befdbb52d3bf0bf6d476448f44f987aed0596
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

621bab043d087f306ad4c5768e1befdbb52d3bf0bf6d476448f44f987aed0596

Threat Level: Known bad

The file 34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2199) files with added filename extension

Renames multiple (2204) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 12:24

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 12:24

Reported

2024-10-11 12:27

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe"

Signatures

Renames multiple (2204) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\catroot2\dberr.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_neutral_77b02fd738dca150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr006.inf_amd64_neutral_0232ca4f23224d01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mpceehkkmpbbehjj.bmp" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR35F.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49B.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_6.1.7600.16385_none_1a0b146e42cd86a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d2fea2e105c89ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ceb980b410556443\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d1240af48795ef12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc007.inf_31bf3856ad364e35_6.1.7600.16385_none_2382b73cd9ebc32a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_76254d191e4e240e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\vintage.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05796afd8f9953d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\SportsMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9666f6e1dbe77f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.1.7600.16385_none_6f776b90ae50c174\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx35linq-system....dynamicdata.design_31bf3856ad364e35_6.1.7601.17514_none_f48e45c7055224f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-http.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c5f9747401189195\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_506d995dde4fc5ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_192351c34d50f960\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5cb089decb7f0d0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnin002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e5f248880622a644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_11.2.9600.16428_none_52384b40ff247e5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bluetoothpanapi_31bf3856ad364e35_6.1.7600.16385_none_3e799a0c613390f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\7.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a40f4470e2dc1327\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_securityauditpoliciessnapin_31bf3856ad364e35_6.1.7601.17514_none_0bf83c8c008c2303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_6.1.7600.16385_none_6bab08b1a3868589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.1.7600.16385_none_d07272ee73dcea8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-movie.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d7ecf32b14336103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-asf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d6df4779f64c1082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ee8df911360b6dc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr009.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a5e3f0779bfdfe4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.17514_en-us_857cbbf5e0089eab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7b2d1e58964afa49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Specialized\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\Tasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_aa1327e2fea0fdd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71441aa33259b227\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ctshow-dv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_743a98caca6a17eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_304887c1ba48ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_it-it_895e063d1fd4e7b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b344964b84bb896b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ad3437214f28f35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e513e4f107f4beb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-where.resources_31bf3856ad364e35_6.1.7600.16385_de-de_53e6f795d7707532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8495f7f29e850b95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_76e003a31ddb4c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..foldersui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_41a3cfa3d390ea26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.mediacenter.mheg_31bf3856ad364e35_6.1.7601.17514_none_6e7020851997fb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_181808c228b5f879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a5176554b8bbfaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_gameport.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_71ec32bb72288062\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmadc.inf_31bf3856ad364e35_6.1.7600.16385_none_f579a91fad889610\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..etip6-pro.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c06b202382f51c23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dpiscaling.resources_31bf3856ad364e35_6.1.7600.16385_es-es_054940325ab594c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-http-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f7cb8489869c1df8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_68d0bb24c6f87760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_881c3ba79183c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FDMHTZNXCAMUKCC" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe,0" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 07f4907502245876a12a787726b39b58
SHA1 f962a9780137a022a30b222b0ea5a1e076cce079
SHA256 0d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095
SHA512 3c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0fb9e127e4fd33454b635badae766765
SHA1 2febe922e97bc7f73018653df7a5f253be529380
SHA256 a6f86d8e6925dcc47d02605c0b4d722eda3897b5736ed9cdb7e65ecc00ec042b
SHA512 4f9db585c2abb4b8b3dbacbbfb630280a27e94a3bc2d14011087229da58833544fb474ec63a44f10bcc7be304e1dc4dd8b866566858d61f944a45c2cf7059f68

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 9bd7c9eb6e0b8ada62934513fbd695bb
SHA1 bbf8ddc8cb7404c4094a4716b597c88b3a695b6f
SHA256 9406cb9325b762c13aea5274c98ccd00af576aa70501386fafb9844dc84218c6
SHA512 bf70ac96807be11bddaa8044987d36ab077f8b719160ee47727c2034ce9c4b34e5dbdf073ea81d7a9ebf92515721977f5f4eaf6efb897c26dfa04a1969486e7f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 d57c5ba4418c3fe24b00b504ec146a90
SHA1 c404bd9b269afa25d89170fdc9d1d4a3fbde4d1c
SHA256 fcd4b4a44f520445f26e0f93bb2655f077425e56e44b062a83d3d2952bba27b7
SHA512 23a1c9b59553d436b986414bf7d64d8c7098467215482c9e03a331c6536230bafc7fd0fe42f6e49892e4eea60aba0d1e8e8f37717a04da94fb22a0d9cba8f5b6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e08d8b17c9fd46c11ed5b2b49972fce3
SHA1 cf2017e40103899f87e9d6b72a36b6113cf64453
SHA256 16f06c88e7d04bccdcc08b6ac926ad3f3e67cdeda9aaa60cd61df5a6b2be17f5
SHA512 914815ebb0e841294d2bbb5fd6aa5f0ed0480d79c2be065cf92b4160f160c5c7fba59801cbd2f338908678fb6915a84a0f0c76db59a9e3c457ef969bb23a608a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 737bc5c597d9ef32ca2ca36cf30946bb
SHA1 ca39a0cf1575cf6c4e25fe9a1684f8b26b1ebd0b
SHA256 ae508f5f60f2acf941b545c88cbc799758f657ca348a2c21867734d72184407b
SHA512 af6b8aff8280bfc119842711692db8349fb3b9627274bc3ff8ad015fcbd76c9242ad0f5560815d387f9b7e963b10d6bde71d720fc0bb666be9b1c85999a1c4a9

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e7b73abdcf43aeba37f1c12ab574566e
SHA1 1f6c057132ee8099249a18fd3ad9f099c8c71574
SHA256 822a1213b4dc8204d40a452451c48d993108b9aaed63741e2478a8c7f94dbe92
SHA512 736a07a156e7708d8ebc4f0825e2d8e553154b274857b4e44b7bce814505553224d2b50583e991b6409be15f6b5b637b1408e3515b58a7ab81203b147acb9f88

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c5a35de8ee6b76f90ab0cb02482d5441
SHA1 146b3ae988f9cff799187b396941b610bbb2f1a3
SHA256 58328eeb179547569a0cd87fe6b40b42e1b90f99c422a1931265bbf90796d732
SHA512 74862e59aa2f3af2101afbe0dd704fefbfea86515064fa37c1536b0f51e1e0e50324847b55dd10fedd9b4c5868a97876ae57c89558de1813365fec25190f23f7

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 186d9f70fbd2aa995cc89c60d55aa59c
SHA1 fe4488da712b8d66f563b7ada317de633561d97d
SHA256 2f8cdf8fc0078a5e809ddc21a3332544988f9d4320ed1211e562777b3850265e
SHA512 0361a9bc8283bb8052062dd8528b5f7fd078223a10b6f59ef530c64656ff5ab28a33398083d03ed1ed1a3507a36deca4cd14698d298afc867a0bc72ce91c355a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 f366ce03cd0f7caa9d003121b78b5d1b
SHA1 b51c6a19ece0529a7c9e8eafcc2fe3ed28967ec6
SHA256 12b20323b3839b28934a77631b575905abc10ee31a67638a3b008192a9145c39
SHA512 a55646a11a01e0523bc7b23533d690a886e71cccc169b8c3db5e31f64aca9d5a9e0aa1a038fb5695d29f2f05654f65e3174b6c269bee236d6289a1b6240e62ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 3365ce4baadee8af9553bb012dcdd052
SHA1 0503bb18ea162f9de3dc7adeb6a1780a46a604d6
SHA256 81c34fd2e2bfb41552cebbd5f61eec015795a5aab7f625cb8b69a2818e16d595
SHA512 1022158ee3134dfe8ba92468241a7160f3a284edceaecc3d74c89fa9ecccb79fe820a268be7c6d86f99202b1f97ab3933fe8a5b531611f678b1f251b601e6c54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 6735db107b9c7b60d931df3b118e4d0b
SHA1 03ab2517ddb232a462d4e946c2f9614baebd844c
SHA256 02ee61b3060ad799a12c28d5a6ea6c820ceb1ece459bd9ca68077f1a2b006529
SHA512 2a5182c0ec05c4fb82a055d4741b3f4af01196ec889f80dae7ec606435e92e8d0d568f000327501bf8629851f9111930fb7f895ef51f7ab35c2f22bef8225134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 8f3cdf8aa7cb4574c559a808c2e7dfbd
SHA1 54d7d99b539ac8ae6e6d898fdc2ef2599f068311
SHA256 d5af3e054509423c9260d04943bb159156a5d56abc7a75313968df63bb91d8b9
SHA512 f885e2c15734eaca033408ffdd3e582bd0b6e2c2e11124de89d2c848158bf37f906fb7b44da74a8d4ba09a5c2bcd8ef3ae52e30af3d2104f2a521eed3ebbada7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 a0041d0aac821e259472d1548c75b5e8
SHA1 e959e38303ea0ee8796ea15e3d438f8a44004997
SHA256 8791319e99d73c6ca2dd79c05fc6848f954f063b1c0507a863c43d4af87f8b5d
SHA512 9cfe5fcc41630ce18f19b68b7f2d2610f5040da894876b4985f0a271260132122fd8b5849c73d5d98f20a05ed22c609587e056bb1dbb2f9d580939dacd12c674

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 37293ce5933014188f2c4405e1de9e39
SHA1 53c6f268f008d1d4192e1b6a3f2b2aa5c23eb318
SHA256 97f545e8a7bc638628a31f9eddeddb5b6fc44dda482af47d7dae3352b9d4faaf
SHA512 ba65bcd31065983f6dcceee7b12b2a3d1caebc38a301f1c447117efb7dc92ba564f039194168dbd75d576f811e0e83f047c99d7d24b64521bc79e10ca9927356

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 24b77dbb844f01b2639b0c5c029f22a6
SHA1 46232674f6f8d5941f664e211caf2add45d1495f
SHA256 83fa6cf2937aea6c3918b6ab0b05ec2dad4d8c1afc005f3cd9a8e04000801017
SHA512 054c91ff45d6f271b8b8470c2ee39eb6f16344118c0244a186837e4ae60216596c529a85617df2777dfe3255cd9e97ffbf50a4ad0a2ca6e330f8c3bac4bd3e7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 5d11e6e0e91abb788122d47bc03dc5ed
SHA1 d5327805ae2d391a450ee84b3860fd4c45ab91dd
SHA256 0a80f9053f70139be6f02fbd41a8bc4bde05a8440440056b6b7f3decb5124957
SHA512 e4e1d35259debd4b81876ab2769fa19b08b4e6726a3b76b2768be73f2f0678645fa2eda6302c2dd0746732999493ff222d6a11cf2a9966a10f3c097e7720e588

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 a64b6c4ac09b01c93a08b57dbdbf9f7c
SHA1 d675fd7e13d8bdef12d4830da368df13dc10951f
SHA256 fc77ebd492d849f7bd7dc44c81d60980a166b076d7660665aba573a58d5ce941
SHA512 0683e820de6b16e61d0f4da90bab768eb8dad23804f7f56de002862f3159c89a8a21832f8f5fbfab74c5d7fc6fc24da7eefa84e5cfa772d5b596464b23b9ea5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 f94c7495a9cee61186e83dd85a7e851c
SHA1 5adc015a617acd567bd2f5adcec12680dedd7b4b
SHA256 536644acba618d32266bebe403af9902d0317851b43babf60e9dbca9f456f4f3
SHA512 6d46ea0e56e186711f101969beb4a692119db6efe406de8034d2e95a8e90bdb8826d704993365bb00ab0fc3937e1730a5a4333fc2f2690cdd166c5d643a49f8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 8962c2dbf7b1c0951d105238e027bc51
SHA1 f314ab5a644a8853e21493c9360a8e5d617f7c70
SHA256 c560174244ab28e9d17ce9624186bfa54954a1b0366752ecf147930296daf888
SHA512 09d0cefd4b6b986722ad191304a1623af0beacb57dd04a9933c90aa16cde8324b4f5ca18b7c24c7c10fa213e6d4e34577a653a2ab47870413123ee7464146ec4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 92db78d1b56635ab64b856586f38c644
SHA1 0e954df0bd1dd17a8991982c5b3ba6ff68216851
SHA256 e0ca2808e5558f8ac8bc048857a677b63c37a9aaf665d5fcf9b4609ae281100b
SHA512 18920c997b547120db6efe3d4f420ad6e828b77c9676af15cc23792419a16cfd05a5c7230cd7655a5cf37245f7ff7286e757f413300dcee2650a46db9a14e003

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 f3e8afb7c718140485515c8c27289b70
SHA1 4c5ccf13315f65ed7081ac03ba6b86614dd40d82
SHA256 17055d03597f341b11f917a7cef6693a228ab19ab4a4d53014e3d8b9a54f3b4f
SHA512 9fdd150a571ef7093517a161df531697ceb5493ef7b6ae7af56a63140f9e15cbe32d261809918f16a7c9d397a36b66fcefd168c091d3bd58d6ca0b15f30ac86c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 9b182f499eb99226e036dfbc08fc368d
SHA1 3e91a2527624b8854d8251e37f9c07d260053f63
SHA256 5c2bd8d236ec4a66d0d00f7b6adf9e1e960d096affa522cd6dfbaa0d6d3becd5
SHA512 c4efb5cebd8f2f1b1fb3208e04912083c6ae44376702d5a81fe21d67d1b1d97e4cb347413f6516f45d114ecac3e04c9c92197005abb84882cab9644151b70d5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f54e7d85b195c96302df324945ba7b22
SHA1 b39e1d9b07138825911e2cade2e288593ee79434
SHA256 3219063b868e2e161b1d7ef26c15b293e74a552d3ad8f7c1fd3043118ffc2434
SHA512 4edd2d45c983e8a6756702ee5ccb4ca0b0d782635c83cd27691b4ee00dfb5ce1aeb1f685742010dae9e7f51e6c92273320af33a651c68cfebb3d7db94c3a4d0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 6dcbc86a9e66b80da293b31eb89cedc2
SHA1 878c0e6ff71d2da0197ed68d9420826f9c4fa553
SHA256 3d447311f0a692d6f09c4158904fe0d4c102dd7eef3363c1922252eaecd40606
SHA512 25e392173cee89a03734cabe99eb811683212cec01a894fe46b77bf49987259ad94c943e38bb13d6af47f913d77a33617a23430647bb566f4d73972bde401465

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 529055fb0ddcf690ff6125d1d3e3577d
SHA1 3c78555242a2a209c0fcd768b37bd255bbb9fb4c
SHA256 93b91103235a8678fc8e33fa5e1d8c1b9bef293f93d86e99096d5f0c5ecea77f
SHA512 b9d1654d030a86934fee3ce6c94f0a08d4b8cf3dbd5ea872e7ceb88757be94cceb9ffbe20cb6d23cf9ec95b7c16722532483a96ba01cf55d86ce578a0f7d92d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 eb1dc6c3b089d59c46b3747a09ad8d64
SHA1 1c8958e1a7a875924470092fb683835f0f5a2356
SHA256 0f5cf86b2904f83dda1001a1386961cf43626e5fc4e33b9c901d342942814354
SHA512 2074c0baf36dc36199ec7c554953061fb008069c6114a8b5249253cc2870767dbb60d446846ce25e66247031d86b9f934716ec294b23da4112e62d340065cd08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 745ca7c9dded3cc5567cb7c52a7e0b74
SHA1 3c17b2bfea36418af73d59f6dd4d9bb0f96d5005
SHA256 5019781f3d58c188e98ba9b3e2f075b242e02cacfc8d264b0be54a83de7951d8
SHA512 72bb296ab4472aba5f21d22f09d514eeda0112190f2991998eb1bdb7ac4e20be9500e8a06e93eb8d24c8dad944846edef79674ba6cc01a0a861da5b1776e492a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b0a8f0f13468de2e820fe8e9c4abe5f8
SHA1 13e58ebe78e7e56f9346358d1752356eb61ecd00
SHA256 298316be910ef8ff8d291581ab2e6c165c44e6aa5175cf2e71c31c59a9743f7c
SHA512 193c6e95b62dae2c9cab4a337f66e32e5a2225f111eaa6b7de7dc7d83d0b92c439785efee438bb92c7441057a6a644fee6f2d19bca02a5379b367330fe297aed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 63240b811cfbf87f06e1edb30c42ca61
SHA1 159ed19a805de5eed07c4d7e3028ffb9a6508d81
SHA256 962f9e512641a3fe60c2b813eca37818d9e169ba95d83aa6e9cefd68366c109a
SHA512 31c96e614c9c4990588ced8264f5afe61ea787c92b751c1b9ca6eacff3555894bb8a82594a06439a186ad3701a046972478c11d6e33633263edf028c3fe74075

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1ab5d5ef3dd4d6b85a66d59ce9ab8831
SHA1 807e5c5090c0bd44095283905ba628d85d4506f7
SHA256 98cc960d3e9bc5f84ed72742dc806069337f9f581c54f666be92e831011683b7
SHA512 ba47f12570a409e7ecde5312ff31d2ee90646a5cb9505ea444d24576150db0d41ba07d6a760b279faee2f1eb60204b23e935218b371e416be2e2ea6646d7facf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 64ccd6e54d6a92556fbcd15f9bce5799
SHA1 79ee3ea9ec52b16e867fb4a80cc62d43fed5e254
SHA256 a7af601e498dfd74b57c4f3a23c2416eb379751aa6fdec3b6aa224aa5d2303c0
SHA512 11704e640877938a30949bb0dd80aa0ac7122ee1c5d46c0b76a74236fdd2d5d1ab630452c7efc1afd2278fbd01c45260274c3fbbe829395be6f841a53aa21266

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 8af4a8b58f1e4d8b15cb296c4a236b28
SHA1 179e1d542bf324679a777bac7681cdc8d6f5c84e
SHA256 7a0eed585fe97b88767d0a8467830bde79593576b5371fe8bd26d8eb537cd9ee
SHA512 a5d2c47447e9c747fa4ea31e8225b254c2dc8532e9adecf093c9b106e3948fd2c3597f3cb9ea2a4ef8167da9035b53d5e922175fd6d95d6d203de09c6b6522d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 0460fae4129f46d8a443800b98b41621
SHA1 7ab1178befe18b4536c8c6f27c715d3bfcbfa346
SHA256 4f2f40703196d35bf94692ea80b432c9888431ee176e6a5e58f07fa906f6b4b1
SHA512 ae637d36cc91df0912ac68420fb82f7aec844496bd0ef331b8291fbb3898db0f62836e50fe128f1dadde830fa985d8231aaf91f0223c1545bc5eba5ef6882656

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 299d7528b34aeedd58c497685ac01aa1
SHA1 30171bf6b018e82fc73a67e3e091621e73f99b22
SHA256 c7dee522b461087234c0ccc3e8f3de4dba1ebb454d0dbaabbf5ca0243eafafc4
SHA512 d0e0b3111b547c01dc4259476b66bc5fa990c5c828fa60acd6e9661435f8a25167dae3ea07edcafb4f4e5234880c510250a546253691344aaf3c69d2dc77b61f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 c980afa65a3b87eb0bd906800387ae73
SHA1 1a764b0b521f7f519e4b0c4a8787e88720668191
SHA256 bde5d6c03479ea73c5267a8a2207bf49adcc7d18c5faaedfe19bf06ef1eabed2
SHA512 377f4a997d286898560d7c1f150c1e630694a97036d699263f6722b5d8685152785d4498046481eb6d4c28e0c0149eb54011577567ce0670f30cbdbd8a7fefd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 999219aaaa80c859fd68566058081581
SHA1 08fe2fb0a6d6eb7ce896f4a8e754d1880d6fd40f
SHA256 db487b811bf0b9faaf4e340416a06b3cef029cbbf321a787d801b4d03f766ebf
SHA512 1588b450152c394d84cb7b72eb9c9db2d63b6cf9dcbf52cccb88c9880672b0dea7e07bacce9a7f0309ccbd1fb04a60386eab0f429566cb474ff52fc575039134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 02fe69670bc0c092722a91b9943e57f2
SHA1 b71b321a25f09c0e5d24fe37adebaab9dec529fa
SHA256 2b2c34e11c91ba4529a4b03550926696d5a475c0619f2d25cd7c414443e9610e
SHA512 bdc487a0478a6e8ebc1357cde5164a3cb0fbed8d166ddc89128f70911864b70697afc7a499e387bc093081fcc72300c01b425c0a09dcec3c68a1a87cfe97b715

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f09918731f4427cd609733f7cf135e5b
SHA1 20dc876ee8f253533b778deab8e68a8c354f3342
SHA256 6ce96d48872747348ca18f1a5dbb85c12d45d1799dabdb706c56c02cf3d2e5e1
SHA512 c038a2041d18b17ca402b86c27919ed58b5c6433dded7e3370ca0d387a4d94a2177c06ba0185498c93f4502d0cb2b035fb8f72d11117fe514adb94c62441bd07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 4c5b7a9020c4973f421f26f150d090ee
SHA1 19f2ca78912a45f28a2801777e06e8e5f727df80
SHA256 b0cec1f5e023de96fefe86d3af4d181cdd6178a8bd90561a756fa11c4b6a39e6
SHA512 7bd56fc1d97b7163a60aa68e7d0d7dacac300252ba6342aec8f2b7fecc95343a713135a2314c2dca70df0bdd40f226a3b02056b8fafac0eda338637b41bd0108

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 ce235eee74e616e6d3cbb72491e3d5cb
SHA1 4e261997d610baf1cb10451816139829d7efddc8
SHA256 3d4d4249e138160b08f533926b360a94ddce88eb2b8125fa9c426af5a82d5bf7
SHA512 f6f4e028fec6216cde9cac2fd4c1481ad71f63f2ac7020c2f0d78bddef9c24e1bbdeca0bf0718e46ff2fb5542f6dc01c0791b1913d7d42b087344962b46fb0ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f420395692e110625a8e8dd6bd4de753
SHA1 6d4b9f50ea00951253e8b2cc948c726e4360c7ff
SHA256 c3c6257c56971ab870dd15db8e54579475a86ffe4185b5a13c4e0b0bc318b1b4
SHA512 fc700bdbee8e4d4ace594a22b787a2243e4424959656e27920aa1bce18847ce1fffafd9ada096bf3d4f2ecf852d17a2b0cf385bd4c68842459317de36a2157a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 fdc1bfab247396edd6dec844595aca96
SHA1 e7e7d7434e0956104af68425f288d6e030f5f76a
SHA256 44c35dabd64cf830401f7ae66c3d835042099292d566857791662063c38e1615
SHA512 01be776ecc2a43240a2253de844d01a31b30ffb99683c01716b395c4354dbf91f6cc98e4ff18b2bb9c4e61901503c8dddb7c4837a8a38e2ab10ae7bdf46e680b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 f9bdd52ab6e890159a64d1e2f14334ce
SHA1 ec3537743fae37ce8878d254d83819e553c3cda5
SHA256 7900ae65baf8786ae348f019a8ba739eee015586c3f792a738d34d75b87406b3
SHA512 7185b82e33d5dea3743174271ecff9ca7454323da26e8567c2594ed2bb552878af84dc507713d2a5c8f8678a9c661d13602adec3483958f9ca10835f39c47125

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 6a782cc96c73f0f8c1bb8deb413d189a
SHA1 c1bb548456aabf8c217af4ac5877c2d38b33875c
SHA256 ff7be2f962bc1a77330dbdf76681e05762fc870b0f053b53547d04c85b1a07c4
SHA512 0c4acdd623c7e0bd936f1147d6ac824a45cca3fe213aeb004cbfad9c7b178d774e4f8d6e8d0a9cd2182fb970d40503dc83e9bc032162c12efebee50da527c652

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 b5b2792a7659502790a1ccec39e10544
SHA1 c137ce4fa5c2f324eeed232ac39fb5d666d0ed29
SHA256 40a52947d2cdd0850937aa1b8f14a70454a14358a142e157b2b14c1727a60e20
SHA512 0fdcb33ee01e9b98b080f953407e682e3f865ee8fa6c7128c99f494bd5bfa5d21ab2c3ad3abca58b179db9f33df3d3ddd0b5e04f30eb94015ee34cadf56678e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 596acb32ede0c002b9a020f6156718dc
SHA1 6cdddce8ab8728e08d744f68659e516493c1f0f6
SHA256 a338ee368f14dac08370ac4f88ffff85c1d1b9e523835198fd0c47cd16a00dcb
SHA512 4dd46369e5588065717e23d2c248f1ca36b190159ae60ab2e6136008aa012ad8e8c65358d5c8ef2ade6fc3bc727207a0b2a1f2191b09b9b2d2a2d85098f61e15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 fc4baeecce8bf867c6cb33704fb53200
SHA1 9d0231813697f2181e1e14d865ec97eb123db424
SHA256 60947e3084d040c86b8759a4262e0fbe485ded346d29d65c93dc591b38168276
SHA512 3e0c773fdfda308650241a19c4f93fa907ec3e7ecbd5360b0be8430ec48cefe21dcfb5d450464a2112fdf96c876fcc08ea210ab409d7345a345975c5d22a9431

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6799c3c48b91b7c6bd065eb5b9cf158d
SHA1 60c120601f14558e6bf51e454ae3b97d85ed18d6
SHA256 8fe0830d13684e8cbd3b45197e889e521c39e95b28aa1fcef76b573ba18e49d6
SHA512 5141a42ca23002ecc77a8876e61f79d561589bb0a05407cbd773f21064fc6cc09f520abab70e6986c3c428b85513a81fe3ea6f7c417e4a89b8f79ea577dd6f17

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 fc6adf1853dcd546357153d5194a4e6a
SHA1 07ffb9c1a54a4f9deacffec9cd14328eb93e8b5e
SHA256 795376d5f1e886af89416b3a732d9ecbe634cf0dc4659e105527e2b067eaadbc
SHA512 9822a153992c0209e537fb5769d2a1d654d5c08c166086cecb8a77f9a5e54fb05d1f6756976a87ecb0d8e45c8be3168074486adde882f98aa5466164d08c6906

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 8a7b361226e7de59de4a462d8eefd18f
SHA1 46b8acb56786d895f589c0596e130b4dd13029ab
SHA256 49113c0b95bbc33d8c093fe8941d365533694e8a87fea4f340d7c091a8c8f261
SHA512 ef547d917a2d332f65a2e94b05c7409c178789ad5d4127715a32eb79e33e3445bb2ce976ad46706ef72637c0e1c08bb88312dbeea02e522cfd81b759b4337343

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 cdc799223085c0fe2282593897ecad19
SHA1 1bc33d66ad0f4b937ea3ff7963a248ea2727c188
SHA256 a77fc02f6964d6343638fe09f8d79bb3f6618331d9b915c209d325a4eac39d9a
SHA512 f2539dff3b654345bf40ef392de2293b9bc56403de0c39260d78147ec1b0818abdebfef783b75057cd137420d20d4b53f039df106fba7a21bbbda46a0527c3c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e5519910e8aba780b53d5224c6b0d976
SHA1 a6ae131dba02f4ba2c0aea382211bd557aa8b40a
SHA256 79459b806d6a38f2d4faac6b715ecbb6afcb1a992f738ddf7572bbc898ff23aa
SHA512 de195d18f775b4fee1e10a736f48bde3af9989377f82b98d9a1d1aa4bab12ef096f29f2c363f08ea0ce38f920f4704b8f475551fca5992556a233224acfaffce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 12f7451dd655d8efd3088cbbdfa993b5
SHA1 3faef4a7921880050a9feed53da79b7a7aa3862b
SHA256 bfe586134401edd716216e485072eaabe4df615e99a38999679533bd4b1c8559
SHA512 e9217d488ab1e87e9702bb1b21c4bb6a709393818cc734343588768a830059c1f584036573ff7e7b898f40fe48bb20339464dc80b782821f965f8675ad00b37e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 5b870ff70af017609de5b2ae389192a3
SHA1 ba71ce9f0d412bce0fb41b505246fd554871ced9
SHA256 f2ff106b54d93eb2efd0ddd6798090cb7c6bd1360f4d9a23297b1a514e95353e
SHA512 aef4e263ee43302e53b548d0719f92df39663edb7c9803423959703b9fb5530ffca8fc622d6515d7a94f2f1eada5a37726cd58915d0e1b27ea13181069312357

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 e30ad5f2e6eaab73036d48623843d406
SHA1 0f1d134b8e35ef725a37c6bf22a94117a7665a7c
SHA256 f884b64ab1becc338d58ffa0708109206bba42f87bbc8b09230c3dcf2ab120ab
SHA512 2eaeaf4121309d43ed0090ab4c1f2e8fce8ce77649f08f04ed6a16cdfeb6b30afb988b8e94ea06e1cd0ad14035cb2ad7dcf0ed887733000b61503100d6b9d64d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 c7ca8f3211cd2c143e12ba3f1717178e
SHA1 59bf58985d787dd4f7a29b05ebe44a3b4eb540bb
SHA256 dedaf5a6ee3489445975d0e60f9d4ce519fcb2897c44029d191b14c600af26b1
SHA512 369e19e3637d64fa1f93dce9a1db0a4c788b557bc83f61c0b435907466bd2a25a9effaaf136125c9269d342b11f0cb847dc6b3d83ec31a0784a4dcda2475f8b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 030a13f2f392af80affa45da67a7119d
SHA1 9fa356ecf41dfc8b79e29a14b99834a543b2e1eb
SHA256 b5edae610ba0f0cb14a93546ef69317408df7c34d74e554b5dfbd32557ff3d7e
SHA512 3de9c257454b967000a331492b84f0c9b73d9529fe47dfe4b334dbdb1d262dbd0eee38c1da791850455096746860c99ce553c823f36e65090b0806a5fb747371

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 cd9ef56d88b2d0820e496cac01115d80
SHA1 5d74e14fc2aa8ed7b29c2d9842ebf36e04e45dfa
SHA256 5256e48edf82b35ea8e65ac5606a0f022fac858673a9ace213d063ea7fc05ea8
SHA512 0d5922080d8d980ce0bedd5c5d07c7a44a229e0ea577fbb7b820dcab9103d171a611d91b9149c40c6bc1f101269b6f006f0e72a237a1ebdc3d6290e14c0e56c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 1a710a420e859d3728e0c76c6b40d793
SHA1 e431226d25cf33e31b6a00a93a2568d4e9651525
SHA256 238de7abca27fbf6967b2c69767e4ab8a7edd24351ad72cd2c3afa5ea5de8a0f
SHA512 3bd3d52239856b324a73d77211020f1f47037bc1d7cf74e808af0f05c2d81037c15fb03b0d80aebd744b62cc70f8affa12c513ecdac6be89c065a2131525c09e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 a452d5bf964dcc0deb2ca90a8f0f8c0f
SHA1 989e8207c3dfc6d8541364b5a5bcdb2de0e59fab
SHA256 11290040731ff6c7b6fbfa047a04fbde63c1f266f3d3ab6645b0bb3c011dcda1
SHA512 4160cbf9958c84764d74ea6e789bbffc467f1d3c3ea084588c3c62b80545214660944863121d096f218056c8aa53cb10e805156b58e1154503de3566d636451d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 194d3a376d0cc8ee9e92f912fd64e6e9
SHA1 a63924768b22ebe4cae2e9ed098c44f3ad7342f3
SHA256 49183bba5f1d001b7a576c2694ad99eccd2596e07e0f0335b1edd7449d97a8fa
SHA512 a392e69dc1bf57aa489cc4f3f49917fb873b718b52f62f64c3ee6d3259b0353f00338c0b660e62993d13ae74a9db82caac04cb20dac5d2a203d0c5b27994370d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 e9a311d2abfe89496c84f1b0beb8975e
SHA1 f1a08f2e1ae00f4a95fe5bef1933288592d16a77
SHA256 b01dceb737e2e01ff59981dce23fd4656f0b45fe612dff710cae204937255cc0
SHA512 d481126cc83afd154983d3d0954a5fb3c89e3f5e51739817c56fc1f968baba4b26c66e9971cea9613b645f2a0a068e24962bfc981727f3d9883a8b959f0ab020

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 6ec98d26626dbe2e02d28b7713fd2c6c
SHA1 592cdbc602c86ec3981d17a0f809d7fef59465a3
SHA256 625205480fcab64b6f6835c8293447b0b6ae44e416c63a0a664a035a37a90d33
SHA512 1bd5c26d31bbbf24cac5d79d4f3c42e71b207bdfc3f4e858919d56efa794171c4ce345ac6c5d096511c4098d40ed5802c908d6088c8f3007c31f45a5a2400b8d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 45433ad06457554f332856fc5ef2417e
SHA1 240b4975124b29b5be6af744f873f32cdf9ae53a
SHA256 5331b1965aa71b4bedd82c1774f20e9277468f1648635bae755d3784be88541a
SHA512 7ed93956868793cf67482463d693ac12aaf98ec385923c9e04229fbe3fbacc94ebd7f61425b20954219df0fa59acfccd1cc4b618f3595cfe95e1b8422d27a7da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4d88fe3582672ac433daae5e540d3105
SHA1 da046db02e8bce0117900e9f353b0a83e8944a77
SHA256 ba8a525bb906879fbe693735a745d8dbbdfba11d8569fa44e3e1c389fb267008
SHA512 47be81a0b230527119b84b61d84c473399a701fb071568bd3677baad3243417d0dcca4eb0c575b79cea7925025847622e60d3e20420247755edb4736c145c40e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 83aca83c3068a712167b2cf8a361f20f
SHA1 6d524d6d687d12d7558b15aba9b3af277bfb8fe6
SHA256 b09a8003e964bfc95b7ad2976ff39df2f1c5eab7d7139778e951e9890a0df67e
SHA512 39fc399eb4296dc9962271a4863752215a2b050797ef741455f1d1303d3237468577779d7bf1c95dff3e777769ac5e3ab713acba4b757657f9461c0421b6d337

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c9944f03e526859576dac63006705be3
SHA1 eef54c0a81fd564c3543e7fe80149dd9aea4896d
SHA256 1764f6ec727f1c07953ec708fba65b4c3d10249cfc536e30e14a27239e34f0d2
SHA512 0d372d11728290c755875b6b10d2deb7cb997601ec8f9f223e1616ab59b243a02edb0b8ba4dd7ed7da6b875db92fdce41065070015e9070e46ef0f301933d280

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 69853d9cf29c76d8d5b51d20b425bbf1
SHA1 a3d238ea8dead7f9201d166f906fc177bf8801b4
SHA256 462e4bb55831395f2cbf8a9bed33e7660f2886614c9e8cc6a8e7438bffc881d3
SHA512 1611fca7f25398beef98566071c2f59accdb93a96a9c0fce664fb7342dfa9bf5227f768f948850eeb7e154b01e4aed127680c59f445ba92ab579a1250e1388a1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 0b698f5de0e38d0b445aa98490f8a7b2
SHA1 5963777f6558448dbf6268032f804a4b079cdaec
SHA256 1017b9f68a9bc8edec3f3f789f3a9e5a737fcfd9c374a6950386dfaf06da058e
SHA512 9a44b670e2a136a26647f8b16cfd8d565fe2450434d60f5d58c7011377cf96b2debe7237b3ad09c502fafaa917c1b18d24cc656f374396d0d8a75e5dbc70d121

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 10238e6cec736b9c254ad0d35188798a
SHA1 cb4945435f3af01821bbfdddffdf9b7034953b45
SHA256 5fcf065fc54a826c3fef789f94dff915dc230544ef440c53c54a4c746f17f001
SHA512 fffc3c0eebfc0bca3312490fde89335567353c531a6f53db35f8310aedc416acb11f9b0b9a6acc4b37bdbd196c778d4690328d2a080d37bf72763f5e165467ce

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 13fdbc11a635f54ce3c9e8411e55d64a
SHA1 2fa6a5f5a5bb31a8d63d0cafcca13d6f433b665f
SHA256 1f74b8cb7a23fcf4633be4156d1bb7407d4bc218b84dc0324592a12c929bbb28
SHA512 b92c54f323e4af02c5b48f74439785693bc7b4db6cae46080f8c53cf8c0ada619790967a3bf73909585404a560f1e186a06cbf4494c8a0b0b7f2f8ff5bc0e0b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 4d6b64dad687ee475e5c3cdbf2607bfc
SHA1 9e5eefd52ac081ddb95ef6040d189c5798528da8
SHA256 89177d10c4c695ea9469af9862bd3d0b073ecc0d1c223fa350423f12519eef1c
SHA512 9da08b50ad77866e1e346e9b99ce552d28e43afb1423f93f7e1f42672f461f4781dedca414de3eb1b632942ae01cd2b6a8fb0521f61189d5095c82572b838a1a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4d092dc08a3331e45926653c5cb08af0
SHA1 777edaba89c4bdf540a6d2c58909a857553421cc
SHA256 1d275fe53ea6cdef397f671f91ce53f333549768ab06f44b224d047a727179e0
SHA512 c5b2af9f06f0278ccbd61038e9bbc08d1bd98769e2ce2533e94e8799da402bcf8bf5d04bfbefbb283eb2b5f65c59b42d4edf56d8ff8d97a46b4afef0495e32fc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 7228165942846583f309fabdc1e3147e
SHA1 f8f84d0fe46d66453d7debbf426d8157ee84378d
SHA256 ca6037c94a7103161a667ef7d64516f1f5cf5ccc0d05387a5ebb7ecf10fecfea
SHA512 7e7fd48103898129350ff438df3b7cfdc56babdea33d6a5c91693f89af51756a8db532713037657cbcca93000e7ad60ba92d6424c32c9cf6eb39cd72eb036b85

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dc0894253abdfe41d9fedf6d37fbc835
SHA1 50c55e1316be91c1abcdd9cd7ca116672aadd0e5
SHA256 c643e0d6a79c6609d59c117418614a42af50308c04ee6a5d84814f5e93187539
SHA512 9ee84c304f5ac74215f1edbac6e9e9c0c41c09400f089ab41ec0f4fbd1a3fdd59bdd7f6e7e9b5b5d84a68dc17e12fce6a98725b52106e227e2706c6d13766b9b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3a69f0c1d367cdcfae8724aaa9d22857
SHA1 1baf6a157d4a0882f0978f443f314ae18b435157
SHA256 887941fef0d0687bf9bf9d77869652bce9b56f70d46e595aeb30e7817f615028
SHA512 c4e1bceb372cfbf1702dbf29c042ff0f650a7eac63b0c1abfb341d7036e094c014bcd58c1b8b26534bf76c0567bcfc4e1a397b517ac3b1fe3b60b18ae5fb18dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 12:24

Reported

2024-10-11 12:27

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe"

Signatures

Renames multiple (2199) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_5c153f7ff7d0d00a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_shutdown.inf_amd64_bce6891915e70bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\loogiloaadffilnn.bmp" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare71x71Logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\wiggle350.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_WorriedEye.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100_contrast-high.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-100.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-250.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-400.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\[email protected] C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_error.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\clearCookies.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.19041.1_it-it_d2fcb7ef4cade79e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\PasswordExpiry.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.extensions.design.resources_31bf3856ad364e35_4.0.15805.0_de-de_9673a34c3f0d6f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shlwapi_31bf3856ad364e35_10.0.19041.1023_none_790612e48e34194d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ration-viewerax-api_31bf3856ad364e35_10.0.19041.746_none_2901472257aeb99b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_en-us_14364b506f288b2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.868_none_cb09f56af1e015a6\3803E232ACAB2476E81BC8A88D5B231A677DA3BC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmvv.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_78073d4d410a0cf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..communication-winrt_31bf3856ad364e35_10.0.19041.264_none_d2386109e9610491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_10.0.19041.746_none_af27db7894cefc18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..phoneutil.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1c40f9550e380483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_10.0.19041.746_none_9a9730f55fc46ea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.oracleclient.resources_b77a5c561934e089_4.0.15805.0_it-it_6f590e3141f183cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wms-chm.resources_31bf3856ad364e35_10.0.19041.1_de-de_4947d451b1068418\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-resourcemanager-client_31bf3856ad364e35_10.0.19041.1_none_2a6d423f6b2ae83e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_en-us_a943398c77854b81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.manag..davclient.resources_31bf3856ad364e35_10.0.19041.1_de-de_5df9a5d43b53c738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..orking-connectivity_31bf3856ad364e35_10.0.19041.264_none_1ab1823cb9a6af45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..r-desktop.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9e6da6469834e9ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_2728a1282da563c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-mdmlocalmanagement_31bf3856ad364e35_10.0.19041.789_none_f45ee311420162d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_d687d6282fbe951a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gshandlers-language_31bf3856ad364e35_10.0.19041.1081_none_640071bf5d21b28e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..olocation.resources_31bf3856ad364e35_10.0.19041.1_es-es_7a569f1bfb20f557\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_a6c561a9bd08ff47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorofflineaccessdenied.html C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.264_none_66e0b708f017bc79\r\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-fido-credprov_31bf3856ad364e35_10.0.19041.844_none_cc526fceb91cb7c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.19041.1_none_daa70f4df4b13b5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netwlv64.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_05c655fb74ba600a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing-powershell_31bf3856ad364e35_10.0.19041.746_none_349bfa9e0638e409\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.19041.264_none_adabe55a275dd515\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..enhancementoverride_31bf3856ad364e35_10.0.19041.1_none_f09a2d7fddecec4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b5223a00568e734e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-displaymanager_31bf3856ad364e35_10.0.19041.1_none_dc149552031ff1be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lock-controller_31bf3856ad364e35_10.0.19041.153_none_d7bf694ec2d9771d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..edpc-accountmanager_31bf3856ad364e35_10.0.19041.153_none_196bf4f8f4d3bbec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shadowcopywmiprovider_31bf3856ad364e35_10.0.19041.1_none_7082c95315bdb9f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.1081_none_f28ba6a10743aebc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ga41585c2#\285f79ebfbbdb039fc9607065b17587f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-mscordacwks_dll_b03f5f7f11d50a3a_4.0.15805.0_none_2eb654e908393c6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_da-dk_02d56f028cfc5e3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-uevwow_31bf3856ad364e35_10.0.19041.1288_none_c652bcaf4ff156c6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f9f7316b374b37de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nt-winproviders-ibs_31bf3856ad364e35_10.0.19041.1_none_97acae5dfa83b75b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Transactions.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.19041.1_es-es_082f643d1da71ceb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-api_31bf3856ad364e35_10.0.19041.1266_none_20f6d5a21a7b8890\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_39d1d5d1205c4172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\PrintDialog\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapicore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_525c0398ee5ede9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-workflowserv..ormancecounters_man_b03f5f7f11d50a3a_4.0.15805.0_none_b7d54c2f443037d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_caspol.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_244c4365ef34e170\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..ation-net.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7d7a873f87c8bd56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-l2gpstore.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_159cf24e13982ef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_40edfad252fc803f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.19041.1_none_193aab8d8b539746\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-bluetooth-bthserv_31bf3856ad364e35_10.0.19041.1_none_6ecca0810842a5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe,0" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FDMHTZNXCAMUKCC" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe" C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\34c61ea96f7a8a346e07ccca2b102645_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 07f4907502245876a12a787726b39b58
SHA1 f962a9780137a022a30b222b0ea5a1e076cce079
SHA256 0d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095
SHA512 3c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0fb9e127e4fd33454b635badae766765
SHA1 2febe922e97bc7f73018653df7a5f253be529380
SHA256 a6f86d8e6925dcc47d02605c0b4d722eda3897b5736ed9cdb7e65ecc00ec042b
SHA512 4f9db585c2abb4b8b3dbacbbfb630280a27e94a3bc2d14011087229da58833544fb474ec63a44f10bcc7be304e1dc4dd8b866566858d61f944a45c2cf7059f68

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 59829dcd56982bc3b4bc5e1d8728a2d4
SHA1 31495897b233d79d9807b1646157fea8357e8aee
SHA256 770f12f66d98b2f0b29df48516db1c55ec5b1ff4e1285f815dc8766f553eca92
SHA512 3fd2fff801b2ab454ec5b1e86b2348098502b23fdb623f23e71951f4a51d4826c391b13d97fda1c3ffdfec0a4c817da0375e0853403ff8d316bb54bb63b5e25f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 347d41c8c948ea4383fcb1ef0c9e59f3
SHA1 eb60b8cb3b08d1794a009a528cd50b10f574438b
SHA256 4d0526da7e9ae0bdef6afe79c084ddd69b2218f9427fd592d43e4c735a203ac4
SHA512 7210b005ad3be5bdd23b2226be4ffb7422d133769e70d40a263e94db58c1ac53dde92d81f3f6569d37fee671e5944aca4052e3c30bc668ea4f4242687e174472

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 7104091c171e32cd1fb2abb76478eac5
SHA1 a0c7035929cdade9394a9265f578b2e5238b173d
SHA256 1f98efeccdbed795b5a650f7814cec5776dcffedd8586b598e5abdde9e3a758d
SHA512 b469371609fcc4dbc7af78e80c4b56ed729e4d45683cad299637d849f59897ff14c945d9df1282dd1d29498870315b04bb6b9785361283f18b9129a1fe14b23c

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e94698a8133f82e2c8074f17f5b8db65
SHA1 508489a36a3bb9b9caafd252fe0e863d1594d29a
SHA256 95cfe74b4b136bd9d933e81a84f348b8dbfab6537308f038ed0fa8e6af766650
SHA512 04c7fba7830245a62a9d523225844e1eb52c5f53008454426318a76b3afd5a3ea50307fc0d838f7660c555748067f444fd7c90955623547b5861955de472fe99

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 fd9d159bc4a559640d402cf7abad6bc4
SHA1 536844b5c3b2034318b59fddaa4301d20abb95e3
SHA256 64b410eff66ad390feb18a6859a11fa0bd7e0e30f90d74a53db7c32404cebadb
SHA512 2b434d522e8392a37eb876a20a0c4ce4492e9d0a9a5f672d009d5c494e86963ef3a085ac680481f5fb3b8f2d4c68d650dc8da149a5296f0b0445c92e7137b9c2

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 a6e314413ea374945cf77cc35d9855be
SHA1 666cb5fedf8d5972ec64b1fa79a2eb1a8b85003a
SHA256 54c8bf99356610a8c8c767c9933b48da2e6657ecd0a5da032e49d43653abfddd
SHA512 260ddca247e10735117bbb824bc749085ccdf0289279b845a340e4359169bf6997a176e92c8cb308f310ae8cf5b6d42801b45eb82878e97ecb9418a557624c22

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 b7a527de3f3d104f16b2f257e4af1941
SHA1 3c6981c5bb254335e293d4bd7be62d5945b3662b
SHA256 28d0a4816a9f14c27977df12e06917c1560dbd4765154f0cf267cf88f922d2de
SHA512 cf51d3c0019c4b0db22947c7f60cd8062604af85ba8d7d0f0c001d2cc828efadf9f20d5fd74bbe9a9fe96f68c05e5f41f261731436ab04f95bc50f6accc34f8d

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 fa5c43df6750edf73285e10c054ac549
SHA1 ed7f725d228fa4007782a31b0c03c6c34aebbf77
SHA256 dbe9d890fb73b3a1cc22278db5bb3b9067d873a3e9c11a55f6a059632f5965fc
SHA512 d4cc7654729745aae27d5f1cd88c82a539e926bcd93511fba24d717445ddec8faf50d04b69f44d660365454983a0ddc15ddb1c591f36692920fb6c632ffc6706

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 078ef3c34a25f470d732ddb05dd0f6c6
SHA1 2dd7f79c1322bf0703320f87ca4e21c0f3d86511
SHA256 2f2304c3132f2d0268c58d69744ef26d5abc81084da1dfad0a346896458f9625
SHA512 1191dccc83e7de7f0d9af0acd64164c8ad594f265aa4490b7f9dada1428b56da3d16b24aa77dec24aa0c2fcaf7b03f914ceb500c735497b381e504c6a4b17767

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 95cfbe5ee327cd4f4b661d778c4fcd16
SHA1 edd728f1039f181271735b91fe7ada4fdd139e08
SHA256 4c5d803b4594018c2422d110dce1e8e76ba9cae33633ab43811e210540edecb1
SHA512 3a10e924132ed9d5bfcf84fdc30f8e4f84ef19eef639d11a44dbc70d0e67a9232834b8ad7e2659a4168813351d2b9002bb35f006a0932af61ef2ea895ef9b60d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 6219ef773d382b418c7d2d9b8f56ea7c
SHA1 c4ba5d4bfb1a46bc9c68903717b6422c06eec6af
SHA256 06ccd8d9a2320b78e8e0e65bc34224f8ad552eb2d7994a8bb1e9ae8857f007d4
SHA512 5fe057650d70e0c297c8fe2bd8433ae68066d4236fd6b4c7d2127343715cf4c7ec0f7eeb23318e482e2eff81a4f5cc163d5e4345b9c02a36506fff408618e41b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 f2115b93d85b0a6560d6720ea2b4cb80
SHA1 cb19eafa2832ade45c8e71f8da59aadd5f8f0576
SHA256 7c1c9520072ea8b18881ad235d9d0a2cc93320098c7c8419c0f7c3e34de1c32f
SHA512 5b35d70781f96547f6be30ba59d081146427020fe7149795dfe415362f66de8572fbb23425583eea8ae4c96f417b346ab3bceac2b272aac50e913adac236ac15

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 abf7deec35317a0df6caf395614684f0
SHA1 1ce085b28c10be55f3c47698bd125127bd3b14a4
SHA256 5379789ac6582c4df7e7eccfefcd708981e8338bb645b3626d3c943ea2415003
SHA512 69a477793ea53dca5ec41e63a32785de565267b78611be8a60686bef4b869f67813e9a527dfaea1516b5d371158e2aeee169eb7c6b5e9acc5e28b4b5df264f73

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 484232d3548594732bdfdbd8d13910a3
SHA1 fd50c2ded8ff8d5c83abf8b8c4ec90b6135886df
SHA256 6e8aedfa903f65c636169131702df747203f41082771fc81362fe63b4e42f210
SHA512 41bc79094ff2532dba2055ce2ca760cd1b646c93ed4650a215aba2b378f03eba2b94ede68fb4bba81887b3973023781762b205e41873cee11e776eb0c5b0bf16

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 64ae09ab2da9cfeab8045dab27b80627
SHA1 5a5d9d3308f662d8d2c7cf6cc2fe4b2e149db038
SHA256 446a098ee493cd3784e4c5a28bb429419a007ab63a24f412501212b31cd5df53
SHA512 dd8c9f8227c97aacca53482dad01f95eec52b0c876e44eb3c6dc3f32e27416765a114685c851daba209ba7ad76f735bef4eb6cc861b651b8ec3d8b34dd65cecb

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 7e1cd0760120bb6d6419f40dbf71efed
SHA1 5769721aa1ed023770668b804963ae8e48a306d8
SHA256 6903befe99d2941c7ddb6a0fee37721acb0f97dae52d3f52d69e8a2192f848e6
SHA512 cae9d0a9059f64876d27915a80c948da17c9500a95437af6d0070f9d135655349d59f4c60980dd5163725e813b5fd8e1d0b0bf0c0b07b8f105564cd2ed17906d

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 6e788191c6a731301c84f7bf21cb636e
SHA1 6dffd3a49054c39be003bc66e9fd2a3c72d6acb4
SHA256 026ec3d3ee5f6af2c3a19b865c95a1df924dba6b84068ca12a96b24731682b88
SHA512 2d5efdf1c31d36f9085b930f1b3260b076079bae91633900828bb23ce35ce1d5286aa83ea57ae2e19867b99afe2731e03daa7aaec0e06e02fe378e71d5923e00

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4cf36fc858d4201a4d118d4ce770a523
SHA1 552fe86e57a704665fab37d21561ec4fa1d705f8
SHA256 d23db6f72a32c1eceecbe8a5c6c28d2a1b098ed900589ac61ccdaf6ba9d8765b
SHA512 fcc531d453bf04e63a158e856b153047eff4a5c8369ee461b183592ef24f71d2466ad59fe8912034f558e0e391000547c29b67a289570ba0d041a184587269a4

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 3e39323bdf85036622dbed1e094de1c2
SHA1 fcbf16f6e557ce36f867bd150050b46188e6d31e
SHA256 57a0be21f3037696ff70faa17752df4694f2e79189446ec8b9785300ece278d4
SHA512 693818ac5ce1b2d34e20bba5256f0152e01141f9032d8c7662e23a22bbf9191c476959ad21a03ee2397fe9b62fccf753830ecdd5046089209923fe8da40f1d7d

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 21ff8fabd26b931640cc7e12bdc687cf
SHA1 9b6167b787e1e2b534df208aefba79604a5cbe31
SHA256 aeb72177758c55fbc118ea7eb0918ab772cab2ade5fb149ee7d20f2a5a1bb839
SHA512 300ab66f7e3bb9f32273acabaf2988d659bf40f6c88c5d94f2fb570683747f8f0b68ad782d4e28c2a3b64a53d2f3213d40462ca06662c65df69f6693611ac628

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 67fba36a20a3862bc7b2b6bd805416fe
SHA1 316a70a9b0e42e439ad9e7a9dedc9dcc7d085e18
SHA256 46d0516d901cee96eaf433c8fd86270e497554a6098b1baa5d85ba42e955e0c8
SHA512 3cd3f4b46f39569b56a56a814af5c6bb0864a889f9b90c98eca14ca0db019eadd2330a3f92a6b49c6e8499c2346d3087dc1914b9e131b18c7bbfdf0dd5279306

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 51e593dc1a5868716846039bde5c4b54
SHA1 afc67a535d24d825bf5affbb69cfcac9d5cafd32
SHA256 9108cfb1b55c9a7c591ed59e60cc4c6b71f549de2f346b785febf477c2b22427
SHA512 39bad57f83d921361deed394a5cb6a25a8a6a509807cb69e74cd8dcf8f589e07c8df2eeaa1d6eaed085408ba1a5ee99c0018ac6dceae744dc11af3326a7a77d8

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 f4fae228e9d18cb8a51a3df9c9225bcd
SHA1 3f8db0c3a65dfeebf8db4421246c27cbdd486ff2
SHA256 3941373f2e4f691013b610ab695e03f00fbf30ff031306f6f96f2200f97e5ed6
SHA512 7fb28857c4dea68264a1b2869e5c7c4540d5fc9691fc775b4262d2164d95e7d685f1cdb6b65e30bc26692e47b9e4a9e59cc5ff6bb226d4f1fc38131aeb2933fd

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5c728006916bf758e3ab5c6eabf173c1
SHA1 6d7d73b1ff08d7c49c823e09b99ec40f521d5638
SHA256 61ed27835e3a629b0e6802046007d077dd86f40c8169135a0caeea43a2576eff
SHA512 436fed79ed22c3bcd352667224835494a14b96a3cb7dd02a37a0b45cab2facfb06b99b243a72569e494b3aff3b3e05f8c8a985d190048db9e716552506cfe665

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 d9921cc545f6a5465d99e6e2b6fd2f73
SHA1 acb4c278e980e1c75fc0b4d6f9ad9b9d13f054f4
SHA256 6f5c8bac5fa3974602a73bcb255767bcffb13b5386f8c55a01f60b69644cbec3
SHA512 1a082704c04324afc342dbb6d2457ac98f6119b1ddba7277874c7328bff21cb471f1d8ce36a3b4a3fc9270d8d21a9e3de71e0af86a6f905ed2821fef419a85cb

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 0ddf18ccc0334b02c117bae950673c81
SHA1 e9e9e781a23738ee8529a26463fcb6826e57fd3a
SHA256 fbe80131dd8dbd51bbf45dfdd0286b7f902c28f4e42cb515ac5885948c92beea
SHA512 621bbb4b4fa52f246b609d7423500179969686c43691fd483f6b93f4329a1989b531def5b25ca6234b67402088801e810132c4d53dbdf074c71becc9c1a43139

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 bbb02177f8bd1e43a06858b5bc3d1d00
SHA1 287b8b5e00ac9ec27b6379b89ae39a9b5b2fb7c1
SHA256 a94e4ea8de93542e9f41eb57e4d617675ddaf0ac6c991b8109c23859919a57fb
SHA512 b2ac822fc1f69c8073a7f84bd96e2874cc3263ad744d2333f78af797a69a5fb5a5be1c1a56767607bef8127e0c6f7d427fb734d806b6aa5bc5d0e2093c2ac093

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 b9cfd10273a3fc8652cee7e47e191b5e
SHA1 2a0595beaffae18514631bb54b6b7e2fd0042d7d
SHA256 f4a61ed289933764c2acf3ee2cc0844b4ed6feabf015f518b4f4971749802f76
SHA512 09ac865f11be12d131d5c1399d0ba796b5f24f23517218046298569deb02601333874865e2406518fa1dbfa766abe2abf38b439fe6caf70cf04b8cd211105b4b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 8aa12680e631f4aa77613898b9a2712b
SHA1 24e5b44af725a0688611c9280fa50c60fd1f2822
SHA256 96822fd8cefd94d85aceb5fbabbc52ef98dcada896ed477168a7879c2f45ec8c
SHA512 20621cf66d29c5849d472ceb7a4e0c16e594c6d4ed48eaeb5c64a8b1c4b9c58757331f93c4b26eb38a0fd99f73dcf3f750725ae55699428ea3681ac7cab00bc2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 a49736acd69c8d9b358f04ffd26d114e
SHA1 fc1b4b2f00a6ccb3717b6595f891b998f958b4e4
SHA256 429323c73fe8862f60f7ca5654deeee41355042ca30ed0516dfa85b4f85304bb
SHA512 c7ed4208d5166a10dc6f55da98e5dbe688c54f03cb7394c8d54990c7d87d89b0161a344cda27fca6b1547f08536eb88b419b6ef6c95b3abb5d79a87f5bd6f122

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 cecbc4a2dfe96d6bc9b0d974aefa3533
SHA1 aff61e2e894145167d0fc142a9c90b737c31c9ea
SHA256 18c520a025efc46a7eb2f5d69d787bb158a1e944de7eb92cb9749ecb5d079bca
SHA512 05f4dd42e946d5232b29fee208207b1788bb97a8f76f62891e2726fcc29cafa9851876370d6a5583da7b333bd08564ff702ae7b4ca2c4e9a53ebf55183963b4b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e84a34b6c381d256462c7ca7ffb230e8
SHA1 c47a1a91af8cb62c81393628b32097313d0ccf30
SHA256 c4dccc2a6b5755626dcdf831be0fffb2b9e0d805aa4182e253804f03a0edc5fa
SHA512 c46cc667082f03204de6d39b6b6a411657a986e590e187ac40a5b350bd7bc295d6262ce7e80c015f0c91208483a436d9b4bede937bcc44f81df5783dcc744542

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 6e70cfc2659a11a7e66d66080ee51164
SHA1 3072c63a86b91c333922b4c518b1b273bcffe443
SHA256 266c1c346860a8ea71e4c172924b51df98dbb0410ad2ac0a24b679a5adabac36
SHA512 a5c1946af779c7bffc48b65532d1aee43c67f49a70fcad06a0e376b2cacc169802f2413588b1ce470025f87de3b095f95d29b97ab6afad78478edaf89938050c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e27d81ab1f8fce5a87a9cfe199d896ce
SHA1 cea9367e2cbb378dd5c34ac20d8a6736351354a9
SHA256 99c2ead41f3dcad3df4e9989c13a3aa420648a2baeb34c7350181d1e15f86432
SHA512 410fcf51ffa97c4d694b5066e671c9a9c08373f1658039a53339bb94e6200287af0443a1652017064460ebcca9d4bbbae9914191ff035e253bd8ecc79df62b6e

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 1fc5fdc6d3f8d613cc2492f3d63544ae
SHA1 696bcfd3e1cf62009c832516f1090bf88fd6997a
SHA256 7b78deb668705b7f9e37d17947b7f8823007ef48bcc2f57401c99da19d41538c
SHA512 125bc72304406d4bc7c070f83b031c0b307d0de72f416d26bf3977e46a843411f63cbf049148284c408f8c7dacae13238a605621ba9707b6caf0e5e3a9607df4

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 8ac47c399e2fe13e4878d54a55956f72
SHA1 7d2b6e89091be770da18d5b629d8fc538707b412
SHA256 eaeed8e828f55b8e4919b0adde0e8b476e5944de5924a37586213c77f03780d6
SHA512 ce0d04b7c85307ad98dd9731748840309fdfbe385e413064a735e048390a51bd578cbc91626b66b6ec3e1224f51fb6a180689b4dfc72840a5569062620a8cc4f

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7d75bc98740a4751be40ae6b270ce1b2
SHA1 81de9cd285f80f59ba340c071a0a2aae7da61795
SHA256 23360e335d00c903a76ca95066428a6832b2e2175c2beb88f3130077cb954331
SHA512 cb1d56ceab439b78d0366a69f3513cadaebb17ef5693e09fc28c6112bfddc2ffe48199750bf6103c664fe2ea04580c68daa7239ad06d5f14453e54c224792339

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 1701dfead00b2cb3f3b1b995b25cdf84
SHA1 f181076a2f03080e6fa7b82723511cc219104f7c
SHA256 0f08ba1e6215178de05868782e9d9b0867487600af7835cc89b5d84d957716e1
SHA512 feea6e624159cb2239bfe4edd865998347a72fde60383b9f808ea8564ed295ef0865b2764de7422211ade9e6755b32dd05798cac93db95204b6554f57e00742e

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 45d5efb947da69620c13b64478815f32
SHA1 607a3dc74665ab0bbb90228782ff9f2df3acda47
SHA256 8d7cc5235122327db535019bd52a57af81597b6108a09c3d8e9c2be960c9f717
SHA512 64633aefd2bfdf3c91d6db7b8a0c61588ae4ec0b908d3534e720e50aab7a17add243b183cac8fad7e73ab1192b0835c2f423298e1384c2ff0a2c793c874223c1

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 1469d1daa233a518e0c2014b200ce79d
SHA1 d808de46d231b9c5f5806963f66efea01724c987
SHA256 e8e2dbde48f41bfd4f85532b608197aeb8da91a3e60d2a9ca34724fbff755b0b
SHA512 7ca44ef3b41cd982f9de2313e3a90f709695d9380c5206703053c5373008b48717f7fa08b8f31b0c715761f281a4d25531b54dbce9fd65944ef065ff2c5087a1

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 4cd87ce27792bc57f864cf677133721c
SHA1 d59adf679c33bdc30b7dff8dfd98640ca65175c5
SHA256 d56510ac8a293aa9d5731b76a57dfd2e3bef9a47e9bf62f037c6a106219c52dc
SHA512 dd6aa4c07b828f28cf23d03c26c28e10c4bbc91d02afa281fb47f83bb123dfc0191b9451a960bc57ba59f899e9c3bb843972426b0de688ae4701117a1c22e629

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8c9d9e1f3f83ae57b64670417e473b99
SHA1 83a53aa7e368c80373811cde049edcc295747b44
SHA256 e6feabc6300579e54b1cb67b864c49d2cb2fa09329e1bcb6dd11d6664d556f17
SHA512 6acb544b9c9acf7c254ed812f4f6e2b03059c180ab0678d9e172389df441c9711a74b999725b58d01fea9298621ebd02077bed36ebc9738943b759e65442dfad

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 2c92d374c7cfde22716191adca221fb6
SHA1 b7c7da90e7dd021804b5cee28bf3e66d4321e199
SHA256 6ee39f1b5460b1d626a255d7191bf17668d12afd1b911be0b40fed28f4878942
SHA512 29284e2f8dbfd86b4b39ace20c009a8b1862e2b18ba48a7667988c5d92df548643970c836aceba2a04adb1652c4481da2dfdfd91fea6c33b33235f84cc422061

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 336b769c466795e1ae41d760b103cdd2
SHA1 ba11fbf7cdca481f069741dccf613f1ceefbee85
SHA256 919da91972b3b0df9f17d9569339f64dddb5c6d5ad2f1dc2dabb1f4bfa42f936
SHA512 ed45ea739efadde2d32a8234aa59ba048b78927b42d0768053b52a2fd1c80ce0203b09022b9bc9acc3c2c2f8cacf9d27478a877400ac29efe77bda9538666ee1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 8ecd0519b8cca0dc768ade29e7261cba
SHA1 3614c13dfed6d4ab31b6e148262a2b9ee8294b1f
SHA256 0c815ac6c29526b9c3e65257bc931e6de08ab3fac5f697ed728c385224855028
SHA512 521574441bba96e788ef8a95f99fb78a671e217973ce0d88448fbb22ac8d8742732ba59bdcbbe14b0686711f0c20b06907587ce5591f458a72eb955cf63fdec4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 05d54ffc83d976b0c04057362e8ea373
SHA1 e598fd22d502f88fa0cd08b3bd5a9765b98bfdbd
SHA256 72419b51d876196244cac691572332dd4bc999dbe5d48cd289128a8847234dae
SHA512 2c962f928dcb8b5eface862f41e91eb43beaa2ada34ce83206b381c272d359ae32d5ffbca1d437387651ca9ee3a370ebb162ce3c797eccaeb8df0df6ed8c51f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 810d08630703cb6a646524c176671726
SHA1 0f57e0f27d998b63b6cb60ec32ce6a1576f94113
SHA256 c7853f3a105d748d40c8f79b71d5a32b58269529090fd5c1ee8f10d61ed9b0ec
SHA512 0f87f939247303441468cc67ec8644288d25d611fec6a80e4b0ea47de64644c2bb310686582f928a64a4218653422d49cbfd50ce5dbd352516e0bfb7cfaa7348

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 07a65d3e9547813d847491eed5f54c4d
SHA1 01dfa01db6d739262c3f2c5d32aee91249051d5b
SHA256 1aa74381568d11e61a3f80a05d01e764646094430c4402bd38fe6877a6084899
SHA512 c824fad5bc783131d2a338050b8f52df7d3e43f2d9b69e60d256470d6671325e864d63da60df734ec10e3c1687fe26d73dda1ece08c0915fb85cda95756eb3bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 eee74971ab8c00a53f9d0da75eaf61e4
SHA1 8dbd1b235bf6abad11de8842425c684fc2cbbd0a
SHA256 57c64632cbb5da13af5e9b5397e3eee31a1aa4f9dad3fb8e83b8f32733e79ad7
SHA512 0b3f18c3aee731cc14e11dc23a631cc46c2a41a6b188b84141a58d30de92c8b756c500788e12a97f2910b61eeeafc25d54008c62084228d3229b65879b100bf0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 28ae990cb2f8b08755a30af451222b8e
SHA1 51271ab8ff03eb964c3379353c5474a881a4e920
SHA256 5fc8be687777e540d60e65b188d9d0521a658ec0abc08dd932489eb4a49e7e98
SHA512 8c2ee6cbe2d67243f3d738314e38b5253d812a674d69241e1b75753ab2b65e2bbb21e95c6bc58dbf598472a90a6aa2b7768949e6540b6e5e616734b399ad6c8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 5027f15f4c503dcaa85f6187a7951f04
SHA1 3d9b6d477f16bfa1585220e0adbaa7666513cee1
SHA256 70ddbfeb970dd947847a23bc595bf90bc0a43618d264a61aa7c27d1a8e03e2e0
SHA512 2d5b736a0d22c9c7cfd3de04970889584efc613fcdc4c5e706b30c8e63d921ca0147bae887fdf1a6fa01d260adb1ae086fd566619220cdc6affb53a5c07f5bc4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 e83d0787d78c6173c3b5d57e5415170f
SHA1 e3dec12fa2d543bec6437fd17cb32924466cfd38
SHA256 be02e85719ff0568c55112e812b9d308d8630c59683fff27d01a9a49ceba0e8b
SHA512 e9f5aa3a8dd870dcb342570174adeb81681a75e3d2dd9258f46ff8b42d77a32d7576c1c10ef6fee067fcb956bcc84d07cd145f1d7234c3d6862fd30ff5e8420e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 22aa9d83a40e41974644648f20440c86
SHA1 3a5e1461699b9c6ec83f73e0b74ba82b630f5b21
SHA256 ee87c3c6305578ba28ba8813735eb0b361d1e090440c96404e4a474527d0159e
SHA512 97b63941b2d79c44156842ac1810771a4c729d67efeb41036de8a672a8cb1574bbdf0ef4a7db92f20a87cb39024b680a21e71ccc5df6e4d4e3ed94d77d35599d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 86e72d89911a6835f9719fb944acc3e7
SHA1 49eaa6572acd87d7045e467d847d4acd70690879
SHA256 31ae9e97d1645ab7ece85b54c8c2026c060478eaa679835a3fb247a3b9e8bb4f
SHA512 ab8afc7fc2baa4cc19ce16cb1d662d587dc013da0026c77169285399c4fd194e8896af9e9980c7776f511188be6f5ca81a39d12717709dd92f81db035976e427

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d2c4bde7faca66cf5444b533d68cd79f
SHA1 b897893a8d11f8685026aa8d096f9628cbfdd6cc
SHA256 9f9dcf4c96e10021c6ac2238be9603c3a160dbad808f3ef04d5e72432daa9976
SHA512 950fe984d91efe39f2e096f7a293d64eaa30191c5ddfb4a73e6423529ff412df24e7cc046872e9736642e939e5b4d4f11ce7460b41a57b8ae671c6e234ebbea0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 723c7f0f6954b503411681c2a94a5238
SHA1 4f1a664caa8483795b34fae89b87a3bbd6dfb5fc
SHA256 9219c55790a43bf0ff3624bfa248cd0a91969057567f2e2d482bb00c4580f440
SHA512 d2c8cde3bc94d6f606c225dd74a59d85da94b54ece66c9c71a5ed681bb47f36546683a2d1dc9317360b95c0a51a33276e1821b9b2d97ae52e38dd74fdcb50d3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 425fbea95c30166479f365e19f874504
SHA1 c03dbce7a82db6e54410ceae0e27c62d24840939
SHA256 e6248391943bc999eb9cea870e5f7eb39d0d36891b57c9be8adf037b46122773
SHA512 3e9191e8f21f9b020dc39cb7692d513b53040ae1de7b33044edcbdb2eb9cd49ea7cfef439ddb7700a3e52d2f28dcf5440e64248f1b1fbc533df74f0c3ce1ea82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a50e2fd2325b0add64d6ea0148f5d716
SHA1 7079bb6abe501be01319b9d91a8e7051fb9f2aba
SHA256 107edc283aa065486e88a3dc59293f238584b4a2ae023bffffeeb4042c3c6498
SHA512 db3106c92d50c8b58f1544b8938815eab07912f1bf76666d1741aa2a4a6de6a6581c9920c647c01a04d9bf761327cab2965e807ea949487c3a34099fefd41e84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 56d77bcc54737b34e68c44da46028b79
SHA1 445f785d405c05e854d421b662dd52c9522ea66a
SHA256 04e3f8edfdb78c5d8bd70cfaeb9613230382764adfc6a4ddcef1461b3344bdd8
SHA512 9d0e49651c7603afe1dffc27be5cd04b2af64d631d5ca6e833c26766ea7734c20f7eb0c06f28adf56336a6ec63383b226ea8049e5891b3f4793d8d78ee3f1338

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 9e20919d46a0fa904f9df233d3e121bf
SHA1 93b46d338c4429d4e76f20fd547133b489f359cb
SHA256 d6b2dd5957da3af4f47b14841badefb8b20a87ebe9e6ea75365823887382ce79
SHA512 f8bf5f08312f2956ba40439d400eee9f90b0e04d254905dba81dcbe8b0704bef5d7e455ebf193940baab055e142b81b2b09d2a51806d0dbdaee8a16a863d64f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 85f6e76eb898a5933d150cd2d9f52366
SHA1 416906a1f24a484040bd9ae2ca56ea2a60d507ef
SHA256 6ad330c47427a6e61b7301fb043426e3ab4231c0010e3b11ab8fa91fbaf77d32
SHA512 a6dfd4996711cc0fe543169570f577ff06bcec331f0dc7360130a587dfd808e0ca3fc67a1059a3d1f5875de796bd3df3d0aec08cd220e8ff85e954a008af5460

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 07bec1ee384a587e09a0a4efec99d62a
SHA1 dc22058c80b7c46df3104d1a45d0eccbf3238af2
SHA256 3ee4e6b244659194c2e0997353db641d96f3e133e7defbd4f28262eaa6cff3d5
SHA512 dc04b3ef1edecc1947ac3a16566e93986716e8596d1e7bb64c85de3d998f8697bf2266d98be1e0ae1cc9cc7feabc5134606de1a97a974e7dd71649ed13074fdf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 59c4da9783372516e74ceae76c89b536
SHA1 a157fb1c39ec49dcd20f35d89d371ade9bd03748
SHA256 6616ee8abed1252d65ee760f26f0017727dc634b6835ebdbf9db006c79bd1ae2
SHA512 98a9cf398f41bda33ab5515a8764bd049cbdbf2d347314e05747ceb6357ae7d80fa07c71cf1c895e7525f72e4b9e2d9d6e65366ded6326c0b13223c0037f5812

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f84beb780600c123d45340ab26b12cab
SHA1 c7bdea0d290d9f7c2b87b9afaf23ca2b09f802ac
SHA256 65639448784fe1d8d432e89e31c6b5f85d8ac75feb4d32b4e245164432d9dc3b
SHA512 bb2f457075a27ea86324ec203f41e09ff34b319063ec9e90b201846c66ed35166f9194452c35c0c8035d9478366fb967a5726b85e7a54a7f0d995b979dba7cbb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 f1561aac7acd1de2ab7e13d4ed3f5dd3
SHA1 21be6516826db36df63bfb95b6290530dd6c5370
SHA256 45a87c2ed2b0fcdc1c06c6e23b564f0c8b14eaedc6a271f3038cd2fc57b495ee
SHA512 8ccac58be30e7332a8916591342ef916237cb232b0ede6c79bb7283fea9971aa7a99ffe9b2319b2f7beedd46e7e8d2fdb500074c2988830b46f051e3f450c794

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 cdb5587cc592527b7036156b6e2ded2c
SHA1 b760fd99cc4a08659405321bde8a3156be8ad2e5
SHA256 514c9eb7ee42df4ddab8cf1ab28b81b6fdfa585152c64b5326d06e42ab7bc2b5
SHA512 849dd5b9db1ed9d7d19e695f88c82b156f49d3cbae29398d688388e0a635c700a70a7c0aa7d1b542b3e8854ba72c217334168985a100a1fcedb2c9dbeb136088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ae1eb58a1169fb5de7a4442f24f58cc2
SHA1 2e46a2d1436e2d50c713d946b3c1d51adf1ee7e3
SHA256 bc7c17df61d67969b7dcede25900c05606bf479c63cee2637970135e021f6045
SHA512 175483e60aae029e5d4f05b4c47a7a89b69553e3ed042b4c1fe6bb3cefc98e4ab518426f71faa58055458a39074f7e1ac531f29147031b31598102b079324b89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 3fc08780c27c629b7822381f5f01c8bd
SHA1 58285fd6a06933683bb4e65f58a0dc843bbc9c4c
SHA256 8ff677bf0b95ae4bd7637d52fbc039c629242aa7317de385015fe33db572875a
SHA512 e137acee1ef742e191aa24bd6025d6bbb901b2a24667c09db4f64165b26aac8dd3c74c9399c4629e781be598d536513eb8dc36ce1ae6e5d26dbdb2b202ea8e08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 eaf06c735c56ca389b87f6093194039f
SHA1 bbf4a928051a38b8e3455bf05635904b37c274de
SHA256 156a4f3dde790bf5fe49f705ada8cb15d249825ca7d869b769d45595d304e714
SHA512 e2a7f2dff3c57f8a1db431da300ce8debf4475f220811623855a714dd6e7d474000a1d8256cdb0a8ec1b5c79362a4aacffe0ffb883d6aeca2e343a34d59bec4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 65b469e8511429f64423df00b8ccaea5
SHA1 925e0ecbc35e83f7e9192f7decb62f79bb6e30ec
SHA256 11cffab944cafd0b5acba26d13e4aca4ee16fd324c1805d6099d92ee82f5a34c
SHA512 e46dbcabc415a056d7eb02f7a6ece3059d6de517b2c278c262ae335896acf8bc64b4a8dea57e12f75cfc688cf0dbfe05aab798f30704fc433f3b240e09c3c946

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 1dc5e4769361fe6c6f53be16ea6bac1c
SHA1 c21b62606f6b4551f0f51da92f2b9fba2ec3d90a
SHA256 08122b17e53fccf28a91cf91279253392664a1da35f036d945c78e0a02add0e1
SHA512 60bd0148659016c858039c2fd5db08c7b192c6b32cfeb664be5e46a5089145e677075490596c5541027a1a4623ff7d925cb21a24338de763fd864680b6c4dd34

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 490ac5a2941661806143370b6269c57a
SHA1 fe4ca1e6b87e2b4193e9b4d5b5bc14f8b3f63411
SHA256 5cf8f7606e98892ecc2ddaec97923714f7183f1b49eb84f208874383b8ecdfd4
SHA512 faec70731919bb7615b11938273d90755cb353e725a324943aa93eb6338fd22ff9ef8dc4b9c9e7613ca263a0395f4762e60ff6fc78c1952bd51bfd5e7ef21e98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 dd8844bb497e3f721b552f993463989c
SHA1 65a3723246b9a23de46bfcabe2381e9fe34929fa
SHA256 95a517854abd7da546fad5c9bfe0f00d13be7190478ffbb10ef5c39271fb5ecb
SHA512 081b6c6eb3b9cf5c24cf869e204cf1d691d913996d213aad4e033405a4f29913050760df4696cbe0f128935cca67171a3640a77d0f2973457d02196438c08a5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 9a7d7642d896ec59c48c90cfb683bdea
SHA1 0586f04164da3cabfc75c5aedf8e7b0b4c2772e6
SHA256 389c87fdc5197c1f571e59f133d3ca262e201666ef9181e6cbb79df003caa142
SHA512 292e5d98c5a781e606867d8f605f826f77b6162398c41a9c9b2c2e360c183eee3eb64896c4f50773b4aaf99a4a8d55fe2b467c57d112187b095845e286e137c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a6aba423397e1809656e541136dc05de
SHA1 03c67a4276c9164faed89b9d97709d2c4e167e78
SHA256 6587090c6efd206db05f7b1bc044ce1aa553392db3f6afbe231ba6b852b0e2e1
SHA512 1d13965d0e067d3dbe70c7826c10028b1b07ec2a1f0531eec51df127c5ce57a9fc2eef6b8818e4188ce2b1e9c7548e39758f055cf10a6cc693bb0441b96de649

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f42896984d6a7907d0acf95ae0ad9e0d
SHA1 dcafd73755a7d53b918a0611534773b73f463b82
SHA256 c2307374bce49a1fc48406d23d7a5762956ab3b43f0b66e7293c29825b26634f
SHA512 f23e0032a417440a779045b88836d15c16d5c9d255dac95d7cebfa5bb5e65f92dc545062acb54852c8b309c5ffcab0eeb8e3cec8e7f7b3818d974c88708a0118

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 c937287cf4fcc264f0cafbd36796b30e
SHA1 bebbab0c656632f219037d3df387e33a689d5370
SHA256 1676016be679ca1fc1a07ea3c290495a0476c6566f69037d9c4c517e7e182513
SHA512 e3193a6bcf4dd18f8de6b3dfa6dc3db26cf6955637d5214ca85c27d864baa7b1c83e92f2323c7de9062a41ad5c361caf6788e00ee0b3f3f58aa3b2bc12416e21

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 eac49f76f5b9e36344e0e318bf1dd75a
SHA1 2e51cf38a8303da906a16c70dc2ed78b6d3c495c
SHA256 a81d0b085311ee82e3b05b9f9ea5e322d19acfca1d99b147e76b2a894ea10c49
SHA512 33c0d9239cd31ac210fc4e2081ead5b4379c23ab855f82ad05bdeecf7a34384c0a46a28a419cc21f22982247e2a955b76cebd392b9926da75c625863f9ee8b50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 d70840c925ef8150bb67e6d034638732
SHA1 1607246c91ed12a914a336d0e817b815b775cb43
SHA256 b0971ab77a530cc9886cabd12863e44f1dae0fc6eaa70c2543b77c74f484f536
SHA512 957d9c5b766ea3e56fd773fa3e1e6117960f1c8dfd8f0a27c1274dcf7feec31e468368e3ea0877654331590372ca0c5cf350cf48e3b66148e9c82d3320695104

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 db00bd264517c659341d04fdc085d60f
SHA1 9720bd5cbc1914a08b082d0a364d7efaac12f20f
SHA256 64567f0334e128ad7efe38cd342bac1813c74aaf0e10e79efe2abc78093551f5
SHA512 8b5f00d820e1c761eeb70971c4aa021b954270866c1ca5a3705f8f6e10c936e992b2be8dd72adc19543020b0728a56d6a38e89bd4e7c7882b8f6e954ea17a200

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 486532db5817e88f8dd7ba2071d7bccb
SHA1 cbbbaf5dd55d40d51b33ec162651f7b9e39970c6
SHA256 be202c8796b416286e263bcb692e856512596d0d91e13fabaac96b6405aa2575
SHA512 5dadaadfaf19a741d0aaf92de39d7b0e75271aaa155ef8b784e0cabb9f5892e971cacef3f926b9ab3ddfa8db5eafe5244b8ca122892267630f32714ca1c46c3f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a3283677-8503-4b77-a1e9-8c336ce49a0b}\0.0.filtertrie.intermediate.txt

MD5 fdb834d41999ec869c0fc0075d00afbf
SHA1 395608d0a92d99f7448eab34abc674530b5bdf3a
SHA256 98cdc602687e65ce40f05c74592cecefe3e566814c32fbbf9073494d4a1018d6
SHA512 ded98ab12b17bd0130c75a14b1915078456f6886d4db26377a6075eb1891d08299ce61ecb39ab6385ebb81ec7a36bbdcbba4ca337e6ad0a86091c046c5e7ef80

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

MD5 d939382a29af5e6298e5c27e632995e7
SHA1 5925c8c2e8b433a993dc74fd066b109e66296124
SHA256 dd763e4eed0614c350c7797ec7c0ee87982f0c5ad8aa5c1364218dd6e0433644
SHA512 4e664af62a7d9155e786e0f613c84ddaab72d5691b2b65b0fec23c5ff84e6e4b830eb6f8a35b1d8f6cef38837364f5c1a27ee8e45085b3cabc73fa00506691e7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

MD5 c941672589faa563ed67bb358e60d512
SHA1 e6799472f4af15fa7f9aff6360fc84148074143e
SHA256 d69b64cc26139c59bea1465aee42f4a14dc75d4a77b7bfb1255aea956dc6e2d7
SHA512 12e1f4beb49babdd84a1974c9c00e46c75d8d9ab36ecb06d363399c488bf9a07bc39451bd5fe15f2b90ca31c3cdfc633650ec044a1fc62004d3da9adadaebb6e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

MD5 3e832ffdea7e9ab15def99b99ff08e55
SHA1 5ca942cb9569eb90e64ccef1f3373c32015da28f
SHA256 d8548e8f85d1f44b976422ab4edcb48407acb7db0b3f8b4aecbb8efcc33d5996
SHA512 78582e4e66662639791768ebe8e0edeae35c7bd9e6110a188e16ac7084e787a9ddcf091cb8695b28b5b0af47254d6649bef6407b84c95c4c9ab0950838a52ff3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665714398674.txt

MD5 9eab6c9954a65d3768310550fabd44f2
SHA1 776091756b7a345670848072eed29b47fd6ebeee
SHA256 22bc5a68369107b621a74f0cf7802190be2fb70be54426493df4134aa245b14e
SHA512 6cf1c6ba2829b991eb1f3f39c5f5177562cae844ef193701f12103e497996d718ab7718043b96c86e7c95468fdd5052ce6ea1dbe2b7d0a7842951326b8845082

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 7ae0a6d13d4024ea1ca8b8e5fadcb8a8
SHA1 2a603f970218c0bef526d8ed5f620c0c9cbbfd0a
SHA256 9b600242fcf4c57ffd0d0d8b3866e8f6f0c6f5c51d8c107ea49585e84221936f
SHA512 19b61d31274a4e904ce6f779b9f5036710da72931345fece15fd90b34161d86455a26a06dbe23e2c5f59073f7a958be1c1b55aef009a0f32f4a84a19cca28f0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4d88fe3582672ac433daae5e540d3105
SHA1 da046db02e8bce0117900e9f353b0a83e8944a77
SHA256 ba8a525bb906879fbe693735a745d8dbbdfba11d8569fa44e3e1c389fb267008
SHA512 47be81a0b230527119b84b61d84c473399a701fb071568bd3677baad3243417d0dcca4eb0c575b79cea7925025847622e60d3e20420247755edb4736c145c40e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 83aca83c3068a712167b2cf8a361f20f
SHA1 6d524d6d687d12d7558b15aba9b3af277bfb8fe6
SHA256 b09a8003e964bfc95b7ad2976ff39df2f1c5eab7d7139778e951e9890a0df67e
SHA512 39fc399eb4296dc9962271a4863752215a2b050797ef741455f1d1303d3237468577779d7bf1c95dff3e777769ac5e3ab713acba4b757657f9461c0421b6d337

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c9944f03e526859576dac63006705be3
SHA1 eef54c0a81fd564c3543e7fe80149dd9aea4896d
SHA256 1764f6ec727f1c07953ec708fba65b4c3d10249cfc536e30e14a27239e34f0d2
SHA512 0d372d11728290c755875b6b10d2deb7cb997601ec8f9f223e1616ab59b243a02edb0b8ba4dd7ed7da6b875db92fdce41065070015e9070e46ef0f301933d280

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 69853d9cf29c76d8d5b51d20b425bbf1
SHA1 a3d238ea8dead7f9201d166f906fc177bf8801b4
SHA256 462e4bb55831395f2cbf8a9bed33e7660f2886614c9e8cc6a8e7438bffc881d3
SHA512 1611fca7f25398beef98566071c2f59accdb93a96a9c0fce664fb7342dfa9bf5227f768f948850eeb7e154b01e4aed127680c59f445ba92ab579a1250e1388a1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 10238e6cec736b9c254ad0d35188798a
SHA1 cb4945435f3af01821bbfdddffdf9b7034953b45
SHA256 5fcf065fc54a826c3fef789f94dff915dc230544ef440c53c54a4c746f17f001
SHA512 fffc3c0eebfc0bca3312490fde89335567353c531a6f53db35f8310aedc416acb11f9b0b9a6acc4b37bdbd196c778d4690328d2a080d37bf72763f5e165467ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 0b698f5de0e38d0b445aa98490f8a7b2
SHA1 5963777f6558448dbf6268032f804a4b079cdaec
SHA256 1017b9f68a9bc8edec3f3f789f3a9e5a737fcfd9c374a6950386dfaf06da058e
SHA512 9a44b670e2a136a26647f8b16cfd8d565fe2450434d60f5d58c7011377cf96b2debe7237b3ad09c502fafaa917c1b18d24cc656f374396d0d8a75e5dbc70d121

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 13fdbc11a635f54ce3c9e8411e55d64a
SHA1 2fa6a5f5a5bb31a8d63d0cafcca13d6f433b665f
SHA256 1f74b8cb7a23fcf4633be4156d1bb7407d4bc218b84dc0324592a12c929bbb28
SHA512 b92c54f323e4af02c5b48f74439785693bc7b4db6cae46080f8c53cf8c0ada619790967a3bf73909585404a560f1e186a06cbf4494c8a0b0b7f2f8ff5bc0e0b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4d092dc08a3331e45926653c5cb08af0
SHA1 777edaba89c4bdf540a6d2c58909a857553421cc
SHA256 1d275fe53ea6cdef397f671f91ce53f333549768ab06f44b224d047a727179e0
SHA512 c5b2af9f06f0278ccbd61038e9bbc08d1bd98769e2ce2533e94e8799da402bcf8bf5d04bfbefbb283eb2b5f65c59b42d4edf56d8ff8d97a46b4afef0495e32fc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 4d6b64dad687ee475e5c3cdbf2607bfc
SHA1 9e5eefd52ac081ddb95ef6040d189c5798528da8
SHA256 89177d10c4c695ea9469af9862bd3d0b073ecc0d1c223fa350423f12519eef1c
SHA512 9da08b50ad77866e1e346e9b99ce552d28e43afb1423f93f7e1f42672f461f4781dedca414de3eb1b632942ae01cd2b6a8fb0521f61189d5095c82572b838a1a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 7228165942846583f309fabdc1e3147e
SHA1 f8f84d0fe46d66453d7debbf426d8157ee84378d
SHA256 ca6037c94a7103161a667ef7d64516f1f5cf5ccc0d05387a5ebb7ecf10fecfea
SHA512 7e7fd48103898129350ff438df3b7cfdc56babdea33d6a5c91693f89af51756a8db532713037657cbcca93000e7ad60ba92d6424c32c9cf6eb39cd72eb036b85

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dc0894253abdfe41d9fedf6d37fbc835
SHA1 50c55e1316be91c1abcdd9cd7ca116672aadd0e5
SHA256 c643e0d6a79c6609d59c117418614a42af50308c04ee6a5d84814f5e93187539
SHA512 9ee84c304f5ac74215f1edbac6e9e9c0c41c09400f089ab41ec0f4fbd1a3fdd59bdd7f6e7e9b5b5d84a68dc17e12fce6a98725b52106e227e2706c6d13766b9b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3a69f0c1d367cdcfae8724aaa9d22857
SHA1 1baf6a157d4a0882f0978f443f314ae18b435157
SHA256 887941fef0d0687bf9bf9d77869652bce9b56f70d46e595aeb30e7817f615028
SHA512 c4e1bceb372cfbf1702dbf29c042ff0f650a7eac63b0c1abfb341d7036e094c014bcd58c1b8b26534bf76c0567bcfc4e1a397b517ac3b1fe3b60b18ae5fb18dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 0c6394cf2e3b9f32c1c705206faf7fe7
SHA1 7bc9151a85ab5419a9546b31863f56d8a89ec9a5
SHA256 5cc75886c6113d0b7b016ca165ec4f284a090f34f3c2cd1905bed112815b78c9
SHA512 3e58a7bc2ed986a4a556e1103ecde5804acc57c03d3defceb092f24a045005e40da16ee97246348ead4d5aa14b187e542166060214363da87c3dd224963cefa3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 cdece8523bea453fe5fea23bf45e349f
SHA1 1528196e98ce330509d73d3717e3c153d89e21a8
SHA256 8c969b97a93c871ed46b1425b2559e20292bdcb7145d8c80e04dc99d7bb321b5
SHA512 bd1845a4eb670faa46646ed310f5505c84e10ad79a4b707f8ab7585dc79b0b1ffb87b4acccdbcf0b61abf46cdab805daf7b4edaaa8fbafb3c48616f62e5f8975

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 eecae00fec1351c3a331f35504f5d85c
SHA1 9c88104ae401a62e7400ca48a5ea58f090340e07
SHA256 6ddf282741e7d55d7d873dd39f0d26c15b2f481d7178dafd6076d88a44be358e
SHA512 9943eb3820c3144d2264edbc21568cf8dae2860a36bfefa935680ef061a531b224d873f8c12e38c889b4fbc2cc11cc9138481114503b8ca36bc08b15891278bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 6d5d079a9a1347bdb0e7354076776eac
SHA1 b9bace70a3a7b2018735c70adc627ee3c9678e56
SHA256 07473e71cd415c4f93ba29d65f9cf4078973f6970249ba71d4a632a0d12d4cff
SHA512 45d82acca0d0856f63489ac4ed5f3a67bf9be59e57cf134c2dcba8d6afb792d4d0c920d83586bf41851e9fd832ae6eeca54d2d570a64cbb8521b8771dd503dd7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 d4aaeba6d3d63c0fd227fe7b007bc41c
SHA1 db0430fcc67169ff6f73bb1ff7932a591875e2f4
SHA256 fbd9180d224d972d6b1c12eee6f5bff3765292ed546c957bf64b4d6aea0e4b5c
SHA512 590dc36b8a83c54de4e7c5538cc9149f2396287f58683a939f25608266d60629ebe78b9ea575f6bc8fe0d3dfe638231267eaf92ada17d62d80d779b2d5eb61ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 04d496c0740a4a1c8d1ba0e2042c8fc5
SHA1 8b34c8d2352a3f018ed62b337fa408008dedc9bf
SHA256 dcd5621ba84beb6ead9de29bd9924975c81a083d69ac83fef29bbeadaa30df0b
SHA512 6edc6a85419b78ad2ad71bdb6dc182b6f96d0494a2bead22604f61c1fcc37c4b364207bddec1f58612a6a02edaccf92da46b8e6d56f4cc0e819e8f7392a91b8c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 73c7325bdb89abf81a3fdce5774d7b36
SHA1 3a8cc7ea6557d64fb734f10275c9b95958a0b4f3
SHA256 bad0a8273d21de17fdcc629f793826c765ac2f54c0856631fedca42b252cf517
SHA512 decce0d486a8c55f6f5e488b3da0f9bc8163269bf08d90130e24ebf922841a13340285f030da4928a9eb2a01ae89e14ac38b061bedc31f85ebf010a0275ded08

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 142a42b6d6d9ffc303671d54326ade9e
SHA1 90463a3252ec2cbf64d55d2a08a1e61e2a2cd5b4
SHA256 bebe10b352f716e80b13efd71f4800512ba5eaf05a3bb1e6becee6ac3b8c223d
SHA512 3e8b1e29a447308d75e40aa7dce3182a94c7fcf07e0a1981141bef12d0fbadad98ba987befa6be5e5a3d2b621a0b1c7e4d83a8ce4e222d196fa9c17987095cf8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 51af1e1021ce90c2977da102874db2cf
SHA1 e3079cac2293c0a27eabc12952f5d5cc435a38ba
SHA256 5d83cd16efeb3258f7ec213bca9abf5221382bc188222d37c096e0e5378aaa5a
SHA512 1a809963e68f63fed5b371b1bbf008c09e2a9a21a4b6fbc98ca828ce49bbf6b242d59ed8a1dfbf2392c8426eb5e9bf6f6b8623b6bdae1fa20b4a3603bc2d3b7e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 603cb5dfbdc659dce03415e98c545cf5
SHA1 5b24290ca85653e7554cd9e5f0605e6b94c4e51e
SHA256 6b2eebbdd953f76ee76c4100352a87471044ccf9e8884223eff7aa40b6ad3f08
SHA512 46b096a69073a02f9d1c1b70ffc207269c6f881a97485060c20dde760cd4ff22f06ad75fd14408bc48545aede31fda1c7e331a37a663673953de235eb015a853

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 176c1265ee258b7a7fbd96eacbee0fb8
SHA1 a20bf18906269a2a41f9b44f460d1ecbc2ffc2d7
SHA256 bfbad172c852486f43fd7ab813e10144cf7f8c5dda9e604b24d30705e5565245
SHA512 d1a806e85ebf44970ab7d6eadab5efc482b3ea8fa4ef65a5efcef5ce4989894728cefb1fe3fb9d6d9ecd49cded5949e5ad8d3af8f74629e8701cef173e1edc8e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 cf99ff53b38e87c8e9b19d53a25763b8
SHA1 86582b4c604e1c533cad8d8ec7aadb96d1ea2c91
SHA256 a72438f8cfa38b4303cef861f7056da22542317aa0db425aa0f0679eb3363c6b
SHA512 032917b147a4488bd1ad5341b5b124f7f420f349ab928d3a3b6b5788b3eec3a2e634c97ae93e15a586c60cfc8b97a09d512082571a12f3b1ace0e9277cc697b0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 3c3255e647ebddce54b95a7b374bfc3e
SHA1 528b144518f2fc842222c2139bf51817ef5f555a
SHA256 f1efc09750d04615a6661017c61e49ac2c4988f98c483533419ead27054dc151
SHA512 a3c50e20f45a5f01b3b509b36b59b109485e5f66dbc026a81420076b5e1db3a97354c3dcc45700f09623613781cbed17ab5fae0b08ea5a3e8356c7c510530211

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 1c3d95c17ae2fdf2cd3c7ee4c5d300e6
SHA1 5490016e626ba876d920435c7a5639f841b1d01b
SHA256 4fbfbb8caca3be5198c2063ebddfdaae9a75f66b9e6cb70841bad72975f87dba
SHA512 83e99f72c171cea2578135fa0180f4da5bd309fb396869be8c1fe6d6a99d4a470a15091c8b00d9b0cdf936fa246794b8f87d6a2e3aca1e14fdcaa05845f6a547

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 f9132881e342a267c2c2e44826897ebd
SHA1 3f9d0ada92138fff02e002a84830bd89e96c4413
SHA256 e11579d62592f3774213bb3b96069cd77fe8016e78b917bb0b4067903f2705ea
SHA512 f97041812550facd5ecfa524ca57cfb7aa329ecb86abf749764f3092dd4db23ab401e6f73f2ad08275e917a5fa1c0366cd4d152c27d2f26d5cb6507af8c6f068

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 333063df6e0c53a7f6eb49ece0c1e030
SHA1 15cf0aa86a11eb3823484b1ae76ae114a57a541e
SHA256 45a79c3ae803a54a6e6daf6ca6748379539ba373befc75656225abe3434cd6ce
SHA512 f72082407e6bc0b89282b229ef24dd95eac9ec7e349ec9771a9f9dc4511679ed335530721c7186f27e3e69747e1918ec740dc3bc0045a9da1e024fa04c978189

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 a80d27c2584c9250def746bca0729edf
SHA1 ff859a1c903780351f8b76ddd4d81395581c83d6
SHA256 328aa6e9114b4ddfa2e10cc0a0af79ad2b1332cce2bb57cf4fab19b770e8b215
SHA512 15e1244c315cf5705db50d03a05b62ed78ea0be648ff04d1e030d948fc9d03a81152d6e2a587d501b0e3f23c3975807eec84383e500354b0e46a1fb51332edef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 b4b5c3812bf762ac54f9758762745507
SHA1 2b91947a9fd35851231a1c0a758779fdb7ddf2fd
SHA256 e2e8389b14823f888169bdcec5822cec823a7b64fe546479bae87dc11f612a1c
SHA512 532473f918be7356b03500966dda5230f563b209c88e0abbb1d7fa3fbdd92075469df17100d469de0e9e118d6ad729e1e61af9df8799b66d230e8e36e583f179

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 d2bd722018946bc2ccedd676c7d1fc83
SHA1 8bdf2176641b75f58cde653c4bf167fd0856c8ee
SHA256 ec78620c85e92817194cb45c2bc6ae0ec2ec91bd1d7397bb9530d90fe2495048
SHA512 c16d609a1a47464e8da11e71b5bc08cdc7beeab8edc5cc0fa70f8fcdd1eaf24ec80bd29c60ff8bb9e07189e19aadc3f0a92d2471d772f54b76440ff3f1e70da5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 49299f59a9be12b5c5bcad9c53d29a34
SHA1 32b6d14ded3c69198de32a1afcb2a905253b9a90
SHA256 a06ff8a840ae64f204de8b68a64134a1b298e3741f9f8aed26ddd31fc1533598
SHA512 9cad6a30f14ffd5f87bc8fbd6eaadda819000e904d893f05f0dd7ac108cbd9e0fb5852642c0c1a8f9f15cae8270f6d8866e6622a77bd73573e6a04b1af1879de

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 59f712b2c8625ca5fa69a95c45bae8c5
SHA1 e600ce5b771b23f921d82bfb615646eb9606e928
SHA256 ba2ba645b35d886ef24c661d185769c9988ee62662ea1f8296bcaa1d8451f29e
SHA512 5ee68428076384289ee97952670d041258b69f94a392dbaa0d80a1bf45ed045dbf847f2a236208463e20aa23ce2b55a5acc1d6b167def11e6b6df3ca88d1e1a0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d4a21021f6dcc9d2442dbbaf8a3b66ac
SHA1 1bb4443be1e54f29debf28cdd7e54597b2b1906d
SHA256 6f5a4ed1793ed66024b220a5cf87fd3fc09ed34e6274e3c9671c0aa0baefbfbc
SHA512 76e71d431135437e71bd173532a9bde3bb64c99e342bd2deb6cbc79b9682b8df8204b5987f22283b8552a0371ea9ab99a10dda05e80f78d6a9655169d7a45143

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 6c39d3635ed54f9a9e0f0768b07b0372
SHA1 cd4e77bf8130391d51411af940ce55911eb3e258
SHA256 0ca17ba818d2b841c3e99d57f47373255205de77ebbbca7dfd9953f7ebfe6ef4
SHA512 7eb6169e2177cc254de7c42249137b799dc59c71f4b9596533d528b17ef6e013f649c3b9e8f5cc2d10c323eebfbb89840e07a33a09c70e19a5b235136b8d57c3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 a8d9df5e073bcdab2ac26561bae1238d
SHA1 baa2119a39c42e12ef1753276e7299a96eea75b8
SHA256 6b16c685229c28e1169db69455c6b3a2c77c0cd0d4fdd64f33781d872e64a013
SHA512 4c6c3a61f9fe0ba4c520aa8a7e11fcb9e52090e83a8a883fc27009fda2acf3a544ceb62c4e1ecdf7365f74fd3084f2c00cdd56b9e61b78082359cc35f5c3f834

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 b2e95c77cb09b38e3f4294d92ed60e77
SHA1 914f878fae35abd41433bc80888d16528d47185c
SHA256 7b0cc904e2cb7298ae693148921a1c5eb0837f7b827bb393057dfb16fd0070fe
SHA512 c3417d4524ce31b8cd47f82c0b5b9e2110ee585fe0d4eb495bf0a00685bd152cf90f76cc05f0b8425a98786bfa0bb86fc5973f8a101f484be7e9902ee9b474e8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 ffdd276d8baa5b1f91afd1114cdc38cf
SHA1 31c7ec0b0bb48a05c1b836a2d3ac619e6d704e74
SHA256 1b347836a0be2450b8b37311e5662299782a7f2ce376594f471e52cc3793c05d
SHA512 0d9d1841328a4eb1fb86344f936e9cfcce10e6dcc932d9c3e860d15f268a258a3df101ac266bf7ea934e7cf9b3601c0ce7d88d04334cfe7b3ae37deb12062c3e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 51e65bb172982c51c8a37b3741f1b817
SHA1 4e1fd3696ecf893aa1a30d32430f9a13bd93bb4d
SHA256 2a80e4675e36bb466739ab78bf851690de12fad33cb1f356828b4791d2ddb26d
SHA512 bedbb7562e057e9a9885731be1316863c0e2bbefc4639029808d6bf4b1400d94cba4332a6091834efe661bddec058bb1454c1aeeb4fa204edc63157a3c17a5ff

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 6b58dae10442ca76578a606eef2d8f84
SHA1 efbb99a19c4e42b8c02d1cb7ce42315b5499f35b
SHA256 4abe76d191a57072b1c7f50813ad0338fecb18c9d0e99692fbcfc3c3b1c2355d
SHA512 be3423257d3c2317dd9df598cd8ad04aa52d002721b9dd11f90ed6ddda235fcd94edae0caa4e5665511cfc6e616febe0daa932f612e39b8401efa889d086f4ed

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 73672d6abb2cc8a68f2131aea069ab6f
SHA1 127bc18c217493ecfec62c63e6d6ca847481df7b
SHA256 54c3292c04811b275575c4c9f3558301b7bf74f270bba94aed92b0c184ffd791
SHA512 68afe9013e28192fac18e347e0fa2d9681aa8775d4e156536ffb5afa78d7ed6041aa0a15eab7fb0e336551c633729940ded64df853d9074ad6ea0b46e3187e07

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 33f7aaa4e691077565fab751b9ef73aa
SHA1 9d083a93d135d84e58d0bf6b63091a70f8466c36
SHA256 bd00138f0caaf5cd7662353aa454a5f1f39182a82bd3e947343da9247dcbc4d1
SHA512 60db93b218a981dd0db75be92b2b1af9040b24b1eaeaf2c995d0ff5216a3a6e0040d26daf13ff61848b40970ff29117652fdcbb2fef2939bc15a9c176f84476c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 db264da3489e6e54cb16171b2b7f12a5
SHA1 0f3a73f998c712d580e354f6057e412e6bfc666c
SHA256 5ff8e190ece613b69676e1e56832ff5d5b6477bbaf912f0d56e41ff4c655b20c
SHA512 2864474ec4ad33f7a4f571047add974eb12ccfa5c0829829aaa122eff07c12e03d0395029c9bc4006ba93bc04aa99d90e48fdeb954a86ff607341bac953c80a9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2df2e4f7a4e5b1087ae8f35c9136e3f3
SHA1 d7e19e5c8ae57cc793995f58760b50e1a042d897
SHA256 140684b4a9f25de8427b0bb993f32ec04c161fcb6d8567bc414ad213644bb7f0
SHA512 bc69fe8f780d6e40a54bc6819140a0d1c2fcfa8b988cf7ef1e73d5e2862a68ec19b067fd34397c08cbffbec5d2bb76b2f7c3209b46c90e547fc549eb4ddb8f23

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 02b50d08f90946e74b01a29fa6149b8d
SHA1 182fcd87eeaf9d3acd2c8ae0bc6d89e5bf431909
SHA256 df46f56f77b7f8ae8621512806b24da6b024142ab938e070c95296a462046cde
SHA512 a2e9d16f14d48bc71a11a04131071450ff491f672ca181285af8182e4e9120bd206cddd6e324d45d8d6e4fc3a656da7e5870aaf653e1e5867613e60bbb36769e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7688e0921334a882e6001b3bf10e7470
SHA1 e9fbac60d155000c410bd2b8dba16c49ae92fe80
SHA256 70f2916c33e4eb4aa4650bafbb42850619be990cbc88a6adf224040cd42b32f7
SHA512 a25f0b16aac1f44f3c02b28c2052bf972c47128b7b9bb060d770cf6cb784beb764c3a0929ec8010bf7712bcc3c73c936cbbfe0642a858e8ef3b8bde0dfb9d826

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f4f212cb5d73336f6f9bbd05c148fb31
SHA1 cec1334da6d07771cc3f4128b34cf0c7ef539def
SHA256 2a2f7f652071cdc255184fe90f69347ab6cded42822b3f3772639fca9250b94c
SHA512 49a9d8b6c0c7fd43b648f88f7428f0ab04d5674f6a9f50129a895bc43c90571c495398ce97c8df6ac5c3eb2944e5f2ef94e6b2c1038fc74d2db62d79d02c6814

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 cf2e87e03fa70bfc86c6e96c155723e4
SHA1 0c7561d2695bfc378667911dd3ed640dcbc567ae
SHA256 c65c5b3695ad6e517a28ce0877a4908f69b59d68f96869823a66501d83aa5a44
SHA512 d3623fefc44d723b73ff0353c694a8722fbbcfc37dfbcc5903251a0409e3ce1373d9082eb651eed8bdb1a505a1151899c70f5730adaf017efeb6a25333fde801