Malware Analysis Report

2024-10-19 10:43

Sample ID 241013-dqrq2swfjh
Target 3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118
SHA256 0a0c6ecb2c9f55c798b51df1f8735bb052720b867c1218746ac4e4d223b64a96
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0a0c6ecb2c9f55c798b51df1f8735bb052720b867c1218746ac4e4d223b64a96

Threat Level: Known bad

The file 3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2167) files with added filename extension

Renames multiple (2181) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 03:13

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-13 03:13

Reported

2024-10-13 03:15

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe"

Signatures

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_096c9e42fe4749d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scunknown.inf_amd64_90993a57907d9959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_9aa94bcf077169a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_bxt_p.inf_amd64_190858fd8e931883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mouse.inf_amd64_822333b41326bc2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\9.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-63.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\DefaultProfileImage.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100_contrast-high.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\x_logo.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\standards_poster.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\AddressBook2x.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft.packagema..e.package.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a94b1801b268807e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..cfgclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_d77da433da044739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4b68bf677bc21270\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_10.0.19041.1288_none_37d879c73b8d1c63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shwebsvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_20b430c1376cccc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvmbusr.inf_31bf3856ad364e35_10.0.19041.1110_none_67be20cfb52b3549\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidirkbd.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_d7ad312b36f7b344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_10.0.19041.1023_en-us_fd15c408e3f9ee19\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.KeyDistributionService.Cmdlets.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmmhrtz.inf_31bf3856ad364e35_10.0.19041.1_none_7ae756fe20c1d0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dataintegrityscan_31bf3856ad364e35_10.0.19041.746_none_20e28a7a89b6cbe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.0.19041.1_it-it_bf074021ac98aeaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-store-licensemanager_31bf3856ad364e35_10.0.19041.173_none_1e3599c3548216f8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-analog-h2-physicsplugin-baked_31bf3856ad364e35_10.0.19041.1_none_5fb69e670630e91d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfmjpegdec_31bf3856ad364e35_10.0.19041.329_none_f76fdbabb2abbcf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_10.0.19041.1_it-it_47ca535473e08f1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_f53fa1b63b343260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\n\MicrosoftFamily.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..panel-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_9fe3357d8beb3b9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_10.0.19041.1_it-it_01c6428c58015ee4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winnat.resources_31bf3856ad364e35_10.0.19041.1_es-es_6aecd74914fdf700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.1_none_b719750f25d4cc37\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_93077b1bb6202083\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_10.0.19041.1_de-de_35fbc69e66ab9cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..rity-spp-pkeyconfig_31bf3856ad364e35_10.0.19041.1_none_0c04c3f13fcb0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\VisualProfiler\images\i_chartzoom_in_disabled.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.84_none_e75b5546fbc99ab5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_10.0.19041.1_es-es_9a3a07531f42a1ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1266_en-us_d2d3ce7d77f34587\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ity-aadtb.resources_31bf3856ad364e35_10.0.19041.1_en-us_62c4ceabb6557b2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1202ec98ef318fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-a..sourcepolicy-server_31bf3856ad364e35_10.0.19041.1_none_5c2a3c301c5125d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..mprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_84d4ddfc726dd4b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\INF\.NET Data Provider for SqlServer\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.1202_none_9269f331f42a1765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tetheringieprovider_31bf3856ad364e35_10.0.19041.1_none_d82c63e587be80b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_xboxgip.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2545739d1a091ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_10.0.19041.1266_none_0786f45d1f5d102c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046c_31bf3856ad364e35_10.0.19041.1_none_b35f101af554bc29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-application..-appextension-winrt_31bf3856ad364e35_10.0.19041.264_none_fc063fbb4414f459\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dynamoapi_31bf3856ad364e35_10.0.19041.1_none_eb539835d47e03b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_03bec04fef867fbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.dsc.dsctimer.resources_31bf3856ad364e35_10.0.19041.1_en-us_e12d832fc8c21b65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.19041.1_none_eadb9d8875f59863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_05b84e3b4287f996\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_318f8fc29c0c4795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_es-es_c759a6ba4911f001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ehstorpwddrv.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f66ada20c286cef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice-adm_31bf3856ad364e35_10.0.19041.1_none_2bd3f47749f98c3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-adm_31bf3856ad364e35_10.0.19041.1_none_af9fea0854cfb9ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..rformance.resources_31bf3856ad364e35_10.0.19041.1_it-it_7c51c56901426d56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mshidumdf.resources_31bf3856ad364e35_10.0.19041.1_it-it_89648f23766a9656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-photometadatahandler_31bf3856ad364e35_10.0.19041.1_none_80606ee484e1ba82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.ink_31bf3856ad364e35_10.0.19041.1_none_3ce933043fb58d7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.configuration.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_19c70cd0b8675fe1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn\f615f628433cab34a98f99334931a2a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..c-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a235786a4d6db0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..epository.resources_31bf3856ad364e35_10.0.19041.1_it-it_6b79bf4f89ab3779\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_10.0.19041.1_es-es_11b6d6b3fcd3983b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk\ = "QJMEELMBVJVHQYV" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe,0" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a10e814d9b98dec5755b5c72167366dd
SHA1 6c01d1061a7fe360dda69a055f696d3c42ed0984
SHA256 f1c5e45ecfea34ba2b14805a7b003d2e4679c17f538c8af3e901b85098a2ad90
SHA512 1dd03c68c53941c542b48b27ceda6f2f0c8e310b6b250815562866c3439a38dabb92440f5a0f16c647275de4fdee2a1621ca1ff40b16f925c25d3e717b0f5f5d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 8be8bdaa523cd7c31262656a44ea6a07
SHA1 1fe97813995ee6d8e745d606bb189af3795d76dc
SHA256 eff1d1a42aba4145ec6829bf97848b89d15bd054d2641a0608013edf53204ada
SHA512 930ebb3a88e8c02a29072c5774fa6d000808bf71d1a89af9a80009d274aa2d35ef6b58665f8dc89622478cff84d1dbaf91ae73607e72a994999de03bff83cc2a

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 3a7c76538ac1d133ce6205a9287b4c44
SHA1 87033c2eaddee83ef0b45515ac91c84ff3fa6b6a
SHA256 b74d885fb393c9b96131aaf4fe238827e5e3480ba75d53d15b4b5230a56d9471
SHA512 1b922e8b5d748f040ac28792ed707ffd6b332fe88e77f953f13b34dab6974f14fcf1836b077218e881193020b78f8d563c7f51385f7acaf675290203b143a8b3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.Zalk

MD5 c47c45d9f5ad8ba77f288e01058d91c2
SHA1 e33d5e28f13f692e564fbbe9e4a41b967489a329
SHA256 d54251fbf7be1c1fe4c96f167474137bd74915dbbc72f360a26e6e3e4af95124
SHA512 97d286a024dfaf71bd42ff71314386117453fca2b4d5bc1f3e7cd5af873f7e5c1e90e9cb8b2a0482187e7d343a8c1e8cdcd73d1d2ca37c15fb366270ff9e1f0c

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 9050069e64586b07aa74a689a13177c2
SHA1 d6fa1ea4c28b36a2a3fcccf3303a78309d1f85b9
SHA256 a99b2d7788dedd0af6ae3477735bb5f5c4168c70a9eaf4f7c16620fea9fe3e9f
SHA512 02d5299ab41224c6638a207fc4da66e4af680eff4b74b6c57f010fd2364bb1a20f214a80c76befca863f99a26623a8fca7c554210a8ccb45edc6c2222136c40b

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 aaa49b3beab823de682894793fea9932
SHA1 12958d0b584168a7d8266059e732cdf0264fb6a2
SHA256 894bfafe85f08bac85872ab90600f5d7d30da51dc284bd572f925d76e10d9fe7
SHA512 39717e5d40e32b73cd803ef1ead0dfdb4793852b8c9eb24c8c74fe5a96c7b08dfdc4e6779eb5f3fb619106a629fce671f9c2e28bde8392f3cc2eae4a5250b2a1

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 5cd027bfabe5edb5ab695efc8c7c9d74
SHA1 3919a9e650e1ed3b515cbf0c3e1934d8110921ab
SHA256 76d3c12038bd5f4f120b74a4c258108a73d1bac719bfb5cbfba99285d9eaf5ad
SHA512 d43003ae56f303766dfc5cbc6647292335ea80fd1423d2d295626d5279d2b134352766811a8bec525d44b2c67f0b924a2178c223b1e108e77c9c7c369baf753b

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 0c69eb5c3aa02e5e933c6df8adc3ac17
SHA1 0179dd4097ea5597fff01059de8513cc5125af48
SHA256 ffc2134de3af0d7f1c37399a8e1bde979193196a89463bb4899b933ab0a34fe4
SHA512 7a69a1e69045f7a4e8f272c07e590412b3e771a8c94a9b43c2e4a336443fda9be6ef11600eb32cd07e79debe5f7918de39b38a361daa61789db7ed73441d7c70

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c74eebf0038c27c3bb996b29746e7e9b
SHA1 8ce2425a5dc10119f214e9865f49017ee7fb4175
SHA256 3faa10ca33c998b4565f469c417616fa0298eab9287655460fc21456e8bdd707
SHA512 a823b1edbdf81e1e3c85145af12b4b32426c5a8601a239d5d1a258c01bd9757b97de3f5415b382b1b7e2339fef3620f3d14c6350c8f076af4d6e66a0eb0567b4

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 39153f808690930e1a692836fcec3769
SHA1 2a28e39ec5bd9711b3eceacfdbca02def8bfb19f
SHA256 cfea6a8ac8aeb07363b72477e784796eb4016cbcdd6fa2888ee8aaa048e6a663
SHA512 35d5a98fc73dcfca412175808ef86d28d65f4faba3f9a2e0f83f579d4a26364f62c71406ec1cc2669dc277172c4d62a25fc8397314425395b63570aa6c8791f6

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 c81fa30d8ae24a696a2b7517856b67c1
SHA1 f1c0a1ec424223818324f1e6e65cb93c3bde66ee
SHA256 9ac843007e7809df233ec8c926e8716846ffa042886a88f15c6090a000eceb78
SHA512 2081a11ee23d0f8a0a360febd3c0fb566ccd509bb4ac39709a73becacbd20d884a10133c6ce582550555becce5b5c3a9e156608b82437295734abcffe886c46c

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 ba5c8924c7fb34049068b825e189f70e
SHA1 e2dfd69af7263b20dea1c1d81df3013e1a8b5769
SHA256 9d16c12a51c6be2133356757a236621c6cd7ac355b80ad86308b59e6898ad15f
SHA512 69d525c4328bed956c1325bddb1e3d875ed7f01ac42839acf4d822ff0495f4cadd04a695d277aa221f89b2d4df8a672a6fed915a8df17fec43ccb31c3e63b2fc

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 1c1a265cf4506e5a55ac603a1f3c9e05
SHA1 621bc7a98cec62d548485ca06f64c2ca35e2be54
SHA256 57676d2dd53d41404669f4abd7c83eb851eebcad8b10e4e868bd60904ddf8762
SHA512 3440796b2267bbf1a4fdb3c1e6a6fc8c26b6fc4488b37a8655be9fe8d2ade16487a81d082a336e4a7286047ca59103f4b2e3a9b65e80a4b52ad9ac4d077df16e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 f95e267eed755f03e0f97ef7050f1ff1
SHA1 b923c21f03e8284e7443715a34ff72af65011560
SHA256 e7bf79dbed21ff6b8c52d22e5100af67d9ab0f43e43ad774564a7508de085664
SHA512 64f3b449bdb3dba5dbbd02cd409ffbb449a74f56fe062a013ecb627b702ea9cbbf3524e7ac1b75f455ab4bffca94daebd3c7cbf4a80aaaae5a809afa953b403f

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a2c035e1f4b86427e4a7565561d987e7
SHA1 35c89652645e1e5af1650d5a396a088656d8ea0f
SHA256 dd7fe22bf5f4895c188bf37fc0793967639d9803bfbd98e7eba9674cd82eb855
SHA512 a34848cb8d9f9215df17d6d83c91bb3094d4d242cbe1edc205d27c8b87d091ac870647e5a3f7833d2a11c69ebc402fabeb915946c0cf5696eb755314b2e672b8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 46d56841d6f3c51990ec804f20f81a93
SHA1 fc9feae0fec58dd50c5144cc443953ee53ef9c72
SHA256 dfee3f92676942b5dcdc37283c485ba734829c3257362df2f3d31b307b8e5013
SHA512 74636fc0884a4318175c483c68d7d087bda0a9c7b5b74605af13fe04cbb475038d26ae03f197a08c3612ab361a0cc917db2cbda01a6802f3e8530338dd509df6

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d5a8e5b87f2a1c0c839d9c7c2ce1b50f
SHA1 b9dcb05609a756202b636f6942f67d2ce382fc1d
SHA256 778567a6ed123e46a26b7fb8fdf0cb5e9b3da9fe300907b70fc6b7354f9421b5
SHA512 67d76df33aefb33f33c595b4f91490cb59d547b6ac1d3432bdedfc67792f765c7759da2ecb6526e21d5bd580ba241c0683ab5e49ec82dca28d78f3a1a473a005

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4a92116137013491f883e45381ea7499
SHA1 e19ac19ee1e9c820c89e2ee73655c58f76bcaf31
SHA256 1d1a33acac55bde176dc9584daa8585c146a9ceaf73e7d2cc390b92c435e8cef
SHA512 e798f908d0903ef2b89b7b4b6b26329384fdb547c963f50a9e6d2c4881c2af330dc5b58d47fab70ef963ed28fdee519cf76ad3d37855049ea4db2f7634e991d8

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 0a4ede1f40b19109ac4d632bd45d9957
SHA1 8d367cee45d886b8b42dbdd6a1dc9b8fb076d28a
SHA256 58e76df2cc9dcbb7c8c8e2b46d4e0a67f1810b5d586a033484b98330bb2be146
SHA512 4e5ab207cb41f29a93b2ea194962d5c59f5e7160517bad2597088cbf2fd57dc0e0e6d33730f913f90630c2710b7157d3b9774de7ceb7675c8734e455fce99bc9

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 b6a2fda86f01b45e2df255273c6079be
SHA1 f9f4f0611aab43da97674f87b544a68c8167aea5
SHA256 4a0ea3d4f58795f09e897ec3498d5901c3a5d9b18a8531f41cf17513adade86f
SHA512 85b3de27c67a94f88cd2a28093472bb847fc7781bed81dd1e4df2ab8a33571c3fa5be6ec08a70d57237ff1e93fdbdfedca60535df5f4210c4c4552b74e801ecc

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 55fc92facea16e9d232c0ae2a99d2bbf
SHA1 eb256baeefcdd675d27c4a10e4ba26ed0d56b9ff
SHA256 a50b5f0b3982870a372d974b6eeaf7883d6f5c98305f7def48bf95b556cee4a2
SHA512 5b152e7c23615bf894c8d7ede0f4b0dc12063ee9520cf201c7e404bffc97450475cbf61e11f1691ec0f80094d4fef393fcb4f803a7bba8bb7714146313dd7482

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 ee302d2e8855162ce1fee66b2f8f011f
SHA1 90f860c5335719bbd5a23989bcd39f587a5467dd
SHA256 fe24c4722c72556a4d7bc883b42a6402fcce9e7d8e42ee04ab4a8ff9d38fe22d
SHA512 1ec0d1bc892143afc0a82bf6c9156b6f275807b72764c64cb18f50b7ad6268577f6db32d8b566c4e946ffaa59dd7e052531270a323f8ccf663f9800732afd02a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 122119797dae74c29cbeac7c26abb007
SHA1 fd0bd9c086fd44b7ccc83d43fd06277766b2d812
SHA256 ce89cd3b9648607a186791bfa5c2fcac568aae72775b9225567e4eb349205b9f
SHA512 bcd67d865bdcbd651ee376169c7b42f1f428e6a035b30104904f65fe1e0c6b20a0e5c7d3c7f932b29e2029420d11ef86988579de679f16b2d4d0861ea945543d

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 36eeab66b10be80abd877f2b54b00a50
SHA1 47996b5c69139ea84e7c3dea1ac8558232ec0c1a
SHA256 b73e4c3c788e4444038118bae4da32a5209ad58bfadff0b5302378abc272a9f3
SHA512 50894c8f6590399e2e0f478d56b45c39be7d25f858376c3e5b2aa36a313508d9ba9773a43016a875122e0d83ca9d600c4b3168e7820a688d0aaa7146e20f3e81

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9717d35b0f6d35587a00935a0eb94a4d
SHA1 1a4fc9bb629372ea8388bfd3e66eb340fc1e4310
SHA256 541ec597348d5ad348bc0b172231907c4c8cb63fc100223baef510a45e499df8
SHA512 e8fdff436ad02213422333f13a91edc2527de9a6bb512395fc8f9246fa0b49dad148e2252565902c8ddb89d883b5b852c224cbecf3f92f166c1dab04ec8c97f8

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 64da603a7a733ff7066daf515dd2eb39
SHA1 83a41e1807c39da5813a489a5b38b999b91bddd3
SHA256 eecce048471185f3711be2519866ce9e2032505319720858cca04107f320268f
SHA512 b244658efd3c8b0efb845dbb0f7036c0529ad75fc96d2b454cb46be416b78250f42c327793b8030cbdbf166965c8628e08947c49bc9b35ac6e69a10dce34e762

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 3a4a45b5977ee2700187310022cb3bfa
SHA1 5ac7622a90e64870cadfe1ba6a1eed6ff60500f8
SHA256 1330825627988f9efc5c72d2c21405293fbbc83a5b87331279fff2863f7f0a19
SHA512 65da2b72e2732a87a8ea2e2eacb73645d084c1cdfd5da8fbd65816a8f5ea9e42e62ad4b4eae8f8cd63104374fb0c6bec9068eb2c21aa0445cd1ff9e8a8055c04

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 1dc94da9d5e21b574fde46ae9f86f033
SHA1 070aefbe641c8d45f86761fb92f70283580bd188
SHA256 de71482c5c3c870f3ca69c1fd84d40d66f223ae28075dd614e0a557e38fbfc53
SHA512 10ff4d11ae7208bde072c877d0bf3c415db009e975782efb496c75a64aad1d386ca17487a463b06712bec0a2f2a2fb4ce47e941a6c25e8a0344d4167fd09b04d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 97998b60bfcbbf4d423feb37d7c8db31
SHA1 26a4a08581c79e1a0f5d3f7429e0980f098a5005
SHA256 012d6913c082b03e2b7282b231940f8700da1a24d5f29766766447b1c25b24f1
SHA512 cc9b7cf88e011af37bc9418dd886f377b030ccb49d91028cfcab8da4c91bf5feea91aa2e36bc11de941836399280164f0143aa1004a5706b830748bce2f9c223

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 d96ff275540ff7936731f1e8b688bc34
SHA1 b1e9077e9040b1b02904c48f54c94b05d05ecef2
SHA256 6e7aa371711db2b7231eaf149c5b8776e365869670ce8f89c4f7cd4af5775169
SHA512 16a13677d3712f2a5dc43c89d6f3f4a49386f13c3f5f6ce020cf38302bbf0f42b2fa69e4b1f5cc30d025dfcf9372d07d10f4526dc7c1e9e7b6fcc77d00cb6c9d

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 272079bb3b042f37658369e0ab23c0d1
SHA1 bf3a495a6b16b3da259eb11091f6004bced98dfd
SHA256 4a5f3db2aae8449a0133a3731633fd03ace2b733b8f615aba0155507e66ee3d3
SHA512 23fa67a49623f4bf6c5051383ac8aeb05fa3a7947cedd3b3ccf00aaf559c0b8e85579649292c29b9ee053166f7f01098e69b29685aa941b9b5561cf6b0167b96

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f1c3246c6f65066a0ba8193095aed063
SHA1 62936edee06b4e9e9c3c08c797b4e8a6d2f13f27
SHA256 49bc8e7ac3e8984c95aa7bdd94ff412717a4c47ba29c83369dff4b7eb290b66b
SHA512 b4656c1c1d4dfaf331224227274096e1c767bb5e72ecdbb6afc5298b0dfb9f47913253f9fed76cae08e9212086458caa1f064bf266cc85a9dbe779cba19751d5

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c9c60b65ad75bbc32e07323050424c60
SHA1 0c76fa1a3b2bf4c45c154218a9b46e8933690162
SHA256 6d0d2fce8b49b81810ae2d8c15153a00bef54a260d05a5f914a4481d2b97510e
SHA512 d50ef3b9ceb66baa05cde8d438722c14a16dd046f71ac05188aee328936334b24baa79b71d4923f1e4f23fbbcdfaead8e2957da7f759607fd01146b4f8034f05

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e9152c07279fa28a19613daa12cc106b
SHA1 853ba3f7a081cc6f32102e2c84689a464edfc719
SHA256 846144fd9f1c5ac7ef6a77070f11b121417f6e28dd0cb872a06c6a49182623df
SHA512 b886e98137d961aabf37ed3b4fedeabbfaabdd55fab365dc96bf931b8ab82abc0a48b8ecaf874e59aca44c1cf369a2e4d3205c24f1d46be25a3ef38cecbbafb4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 917ac1724bb37831e94d1449b551cc99
SHA1 f6c949abb037c4a2b40a3c570349e9084fbf2899
SHA256 0764dd3251613de1db9ad3f744e6a3d3e23f9e5c80aa636b4522bfb7f6c0f987
SHA512 67a783037c4b8c5ef3f3ac31466a64a8d9f3f9ee88fffe61275594a506c574d077f2166418badadd0a07a8c03fc248fb17a677720df6d2e812cf48068c0c5fd0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 4cd4a2d3b86fe7243f68c9c9c40b30ba
SHA1 b60e526c7639193547470d86f789f7ce9612c4ea
SHA256 b796b099c2c71fbf2e2434177cc0feedbe0284a5c5d84294cbeef38d62825ff4
SHA512 8ef14084be95cbe7258220d234ad826316a5f8068bf567efc50c1c65dabe9fb17691f33903989d4d0215018c2ea302ef47a5e8f392b0b1cc2bb129fd79f91fdc

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 470281468b7470a3fced41a721265aa3
SHA1 3ea1d0c9fdce913b08ec9dc39321c3d3c7f96ace
SHA256 56d77906f18aa5c6479904c00b321ee7f9a3f52eba23f05c13d6fc3d81fc1b01
SHA512 31655db069880627cc5d9ed01e7b4863b00f473dbd19efef00f73cb87a1841d82a3e897ff82288ed3d57b1b837bf5badd42b2c23a9b82c779e0a40effd0cec7e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 c9fb3e00c7e43a1614604d9036a7a424
SHA1 49aec2c12c0d3078852fd6a6adcde70121859b66
SHA256 297ebfa7c0d994c9f712deb912a282d6bb7f80ae06c8b1bc24281f987bca04b0
SHA512 a941b2b1f3ce42edbe154380b8fae9c87b2b4fded3e0e178e084af0cd259c2ccf80cffe2f46b56fe060051c7bc8b03ce312b8113325f9673c2ee694dea964b02

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 05212e68be29370fb74e428ac40fc37a
SHA1 e914fef5697b75f25f3da58d7ea78f0fd270b2ea
SHA256 38fb1a65e1c72a8ab29aa8d9ce115f30b34a5d928f3b6a0e98d0ba2ff6b7da25
SHA512 eb350e8a560b083ae0ebde4a2fdba10bfeef908177754be87a54f2bdb33990fde922ffe8f9c40ef226abd22e0a1e3950d409d575cbdd275c587c57280fc6844e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 1f0e601d620acb30267538612f0bba84
SHA1 256f6be56426903686aca9b5aa0041b3ec59b06c
SHA256 2d0dd4f56482ce75bd441431937519e29cf7c5acd36019c021df3ffd680e49b3
SHA512 2c31896bb6c165bab0e4b4ce80a5416341882f00a82d5fe4cbbe019603fbf5fb2cf7b2fd70e71359e369d90518237bb552556e9617f2f073de9af32238632b56

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 40db5fcbfbc3395dd532eb2b51495dcc
SHA1 68b0da07c647ee216eb3203019111337613efde9
SHA256 4e2e732ce122ad44a21591a9996ca40416016d465ded7ffec928f0ffc740f2b8
SHA512 79d642eaf1e0653bcc5dfe7b5c592243a8a99bfba5638599ad8cea5faae5de229c6b086eb861691c6264a5896246f12d1f2e91a6eec629fac53ecbee58eb70a3

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 0195af529372b33825be5002ea4976b3
SHA1 0700ee7595010a70704c2cb232afcac70813d530
SHA256 99a9afab88d2b11c3d00c0a40162b2b02cf1e2962721a6af1db62e2aad75da12
SHA512 431d48ecc3f16d723f02d8d17e1b4f972511aed675f1786372b138fc666f8422784e01d468b461eb87c1ce741280bc3186653ba0fbb926fd6a3a55cd984c8ff3

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 a28200af979214b7a2d6f3379d2fc7f7
SHA1 20aaa92d4dc71ea0950e80682c9ff2126dde763a
SHA256 960419d00382a772c19a5f6e6d079d655e80622aa7a85755d77f5da40d4b2623
SHA512 beaf593eb60d3fff071d8200243e4c339f09170a18b407f95bc4f9d10b780e776dae5d15d365d0d510cc7272598b89f4a5c42c2a477cca81c0a7d32005221a54

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 331077acb44205971c5278c0b897badb
SHA1 3408478f01bf250d047ee9114df0250b90f758a0
SHA256 302b1c863546603b17b3108fd2fb9ba7d6ad3d791c71286e3f5a2da353781c01
SHA512 6284760b24e4a7c7ab57e113b1ae48eebd94148ce6ad64d70323f310a983b212513f7dab3aedc718c648f3df59269bb829ae903415feaec1eec56d5da1984226

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 faa89c18c97f035487ddf284b39adbdb
SHA1 1ff4ecfcc0c8ded4467ae5e2b2787154ce4dad41
SHA256 5892718d1cd190a66b554ed72f9b725ec2bf2b0fdc382ff97f404e4fdd5aa468
SHA512 33fff4d9cae915635e106181bc096a74c22a9cccf1cf86ee69298e5bd2d3ae15328503d04b33fb4503b5ec53b0407e79026369a75b387d27831c08b12de835bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 621f91ac88fc057de59aa00548e3eafc
SHA1 58d77cce82304da60db9feec572f9234c8b4b205
SHA256 3f9a1f4009268b26d2942f9f3ed1462f686329e3567acf56e0970d6b834d354f
SHA512 28138d8936f8b5679d69ef317458ed87c352f1f8104ac5d95927dd61b4e63e76ebf7a2926b5783fb9ab255f5477685f2aa8ec4aff26e612d320c88908451d332

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 d93fc92e9ccbe79b89bd524e139ea796
SHA1 1a328289a0245414c429305480a389c54b5bc229
SHA256 b1e3c6c919df026d4b91554effb203caa07f76153c0b10f99ac48593d7aeb42d
SHA512 d9723c31d7ccd9030770fabffd38648a89a802f0624d8daed12dc94d79ef706ea4cda24b26e4bbd524447ae7ae0e93d92120f3a13be738026000d14dd6b3a6d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 0d41fc40431b9a349c778baa75c2aa83
SHA1 c4cece708675b57d935123218cb8178bf403a536
SHA256 787c0d0ccbde352d906d073ceb7a40192b342105c09ea990c10d0d2ee102a554
SHA512 4808071cd3f81feb4874f20619cd380ca98285022b96535e3ff8055c9a191d82bc3be30a391f31997751d32b5dad01a70ab07a4199f4322ff786705defcebf7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 510f909230aaf50cc3d6a69a08fdb457
SHA1 3bdb09049491b8adc1eee83de7cc1546efbf9b29
SHA256 5facb72d4ef642e47af16e171dbc276ffd512abd478c24483b1c825a2c3dbd9d
SHA512 a34ce7faf97306c2b20be8843f03ba8f33a7ea10820fcb0c56af368e42d206a8eb82d4761702ecdcce649d69529f9e9edd55d5d495d49687a1325983158de872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 fdc1dccaccf58ffdbe07d49f432ff0c4
SHA1 489c1c165af5cbe63577f25e109f114f483c311b
SHA256 ccbe3a5afeabd029f65577b815d3fd112e834b29015b5a4b96962f6c0e71b137
SHA512 7101834dae6dc55f601072f08708d3051f42bb193986e23d7eb971b02c10518f456cb106e67943a0014ce1c73a6b7dea806912f45a0b8d54b860a998d5efb4ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 f4bb06e91a53e9aaac22513a1a285f69
SHA1 152287656670cb081fc6dc6e92167271e6ff3898
SHA256 5821414a8249694f9c916264dadd7961d7b4263b720aa280b9dad59345203b54
SHA512 6f89a6c87a30114efc0f99084c1691b747cdad357f327696aae0210dfccb4bc70a912b2148656168c4ccbece2ca9ab12a2b146273fa5f9da3aeb3a47c6b1cd7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 a7d314a38a28b27617bcfaad1248b914
SHA1 b3a3346e665c0ce4024b7db8e274e0e526655cbb
SHA256 2e31bada29d1d83c9720c9b6b5720184914a9066ee217503584fc3f9b72cfd64
SHA512 5fc0e4df0aaa0defe65349b7627653f8b0b168345b59b46a341eb1a0f7ad1cdff7588fdfd0bf8b619dfff6c385bb7e965d22276f2b1f54f66b58e92a063b9f09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 a693623c902c5dc9504b38b3cc8db9f4
SHA1 c8788b75f2df686614c040cfd7192558de8e504b
SHA256 89b5e16866e9767c6ce9a536458bfb264aaab317ead26e477d73756e671c5aea
SHA512 cfabc08bee40f738f34aff92f43bfc57c4c0069b5ff200936d6f3a7bd7ccb7b16b4917cf25e3fefb163d60ecd6b01b27a909edf0b032a78493fa8738b6a54ef1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 afd8dd3c3e8bcf0544d2c3a5c35099c3
SHA1 e5f35e706db090a42a63d75b3e3d6184fae58465
SHA256 d7d8e401f1f145a1d823c771645eb77f2fffcd2a70efa0583d0184b0859e5944
SHA512 0b8c3d73b594b5f614a0c99bf5f9d78eb5a72adbd41442f8b9a91b08d8b3c956172e2e1e1725d7668584f8adfd3a0e3920a4b3fb4e1806f7080d2733984682de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 b69e42b2e20907f708392de75c40b23b
SHA1 2f9fc7891500e29181bbde91275a042749f28826
SHA256 841800875640c7c64cda1545b06d2855f48489e17a94f770c31fbb07fe65d2f7
SHA512 77d3f9ea04aa9e2cab14997462fa05c3c6873e78b9a4b9804543f0851861ef8a337ac424ebaf94bc3a88d60a967d09faa96798de3c328f70febf10175a37e204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 950d58c5e1d2130c213ce5b7d72eef52
SHA1 f09c0501af3c7b1affb17697a080a5a65b2293a3
SHA256 827176d2f2748f3a2bd2f8fbc415ea85e68240a4b54f4a8725b45b57d255618b
SHA512 13a36b623f4298f30ea884cfc5aa382c52611221046e6b13731ddc842d3efc955f12e3ad75f97f2bac039532c46d750c41eabcd564a8a06ad6162b48f6207ea6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 1d2c7a86c9bbff8d4d7153d1f0eabc1c
SHA1 3ffb2aa11bb79aad1209bb7628f933644b9e8fb2
SHA256 aa9b8a0d745e7ac4e39e91376285444baff1568495cbd4f881c355b364db663a
SHA512 2107665ebe3fa60a516923563cae8fe54bbbdaa5158e6463bac08667d699baa8b97da446dae416cd178f3600885536f457cdcf6cd2b9e06052da628a55800352

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 2503dfc2d1197c249f0be841b920cdaf
SHA1 cc31a894cb50079d95b980b48c7a729a44ebd7e4
SHA256 20d4267a4364696ae362ee72fdd9c1379ba7652ed619ac20e4265089588cbff6
SHA512 701de149195b6c496f4aca63258d3da92e61cf29be2a6ed1def8aa42847eec0716ef8f858c3a9070781d6936e7ac0114eb2dfa3b29b729771aebc81c36c84eea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 61732bb72e0721e5b800d7b304fc639b
SHA1 f0a77c862c7d07f4067bf2a87dddea1f58b885e8
SHA256 de8002619d620e8939924ef27745e4dfd4f8796d42a0c4d1bb8e628d949f88ca
SHA512 72f44c6e3cb77986d0a3b36fa170ee51a8e68d6ad6cf8e2cd1d49e5fe741ef085a086e8d1aac6945ef01137fae9d6f47c809a915e13d298c27f872ad42c2fc11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 f67910d694d2d740480c56435cb96e14
SHA1 66c36dcb5b81779a81c15cc452f55ed127f72692
SHA256 16aac44289307669e349216b202b12ad0334a1a3a50a5afc32aca9c6da7c9c20
SHA512 19d326e3bd43bb8de6325eced472cbfacd0d5333ed94537adcf88262da66b55a308c67e2d1b637626fc43e6267986769cbda7fb3df1a71e79f7cfea04ada0407

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 818e398f12464a290cc6899d2b76d82c
SHA1 aea4b9392a46f7fc890c5216561b571c6a59d4e1
SHA256 b29944af85353f4dbf5f2fe2bee7d6b7bb7c2a95a1250aa8d1ee6336e80158c0
SHA512 9d4178df0a4c88d58ef76f3f03d6562b1aa64ebeb0d6533cc16cde72486bc41acaebdc770c1d0ff735582d3dbd73a088c2ff25eae683200ff17a4e878aff7b24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 474ab515f29b20631f0b52c3ecc9222a
SHA1 6690b15ee830f4e5b8806501fcb1117ac8d3d1c8
SHA256 feb962b016664576bfd9a3c3e186246d7efe26fd5fbb1c9fe7340b6fe5045063
SHA512 c178c574066d9f508ca7da9261f0eb61a78023908ce0d8ca929322926f2b770375185f08c502fdafb14f2b6cffa383a0965cfe17b67a16b365bad538edc355f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0f5f08eb9be803f8587653fe0c782879
SHA1 8a05ea823500ad8dc53fc65ae216c19410a4544c
SHA256 37f797560996a6062328aab1e8c8c27a87afa50fe9d3496c696ce3653085abdc
SHA512 a8047b0acff3e49c49818140ac5880b78b8dafc56fe41a26f45cdc5e7b58df8f5080ca653dc5554125cb025c9f7d50e3dbc65a550e35047dd628a7aac131bd8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 7f890ebb157763380553b4cfa8f8e439
SHA1 7e265248fdde53a651bfe6051a511e54f2438826
SHA256 bd1ee03b0cfa1ce4abdbb70f458a5cfec851e3703b145450bd530dd2b0f205af
SHA512 aa1afdbcaf82b35c49c06c57aed778dd5236ea3f01d3911453a87787da0f5b6d39195995814096a851e5522e801513d2c6623eb1cef33242ad28d5d05456ac98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 7f5b53c835eadca6df96088f9ed1aa9d
SHA1 19e4d795d915f8a6032ccb4b85fe765e9855bf4a
SHA256 fd4be8d4da44ddd248dff30b50d7a6c878c5f3fa86191589ec393ea14d5728ec
SHA512 05b9d1dc40b445ecbf292a85f7668067e5fed3a8f4a85767d6289f530d36ff4b50c06bc4e75a2d878baef8ff36a835530fe2ccf5a8fb6e8ac5c5d8867a998b7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a1d8eac3545fd09e685faef34a5e44f0
SHA1 770047f0ba8648879c14c7cb6892a6e88f7043f8
SHA256 3a473e78a60f060a3abb5a3eaac99aa7112c4d0b91000d77215a0a6b94395938
SHA512 f0a0f466174a21f51b5f020f6428cff6dbf6069fc944fd9c7965befdcd37fd988e745fd24f4203581cc8511aba207d51c959ec76618c8334a585e36a49bb15b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 9da6e1a4f21f8a516ac95e7e0540290e
SHA1 3c3ec70d7507071e88117b70f51f9aa1ae34850e
SHA256 af66f50ee155f09c996aa42e29b803cf62c70bf3469c1cb2130ee74b0b02d36b
SHA512 081dddd5055cc3ad36fcffbff94455e76128e1f016843ad4e288592d8550eb4da2d5c58921d3a719bced91a1175918bc4c6a9c62f84091d422be8851245d3a4d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 9ba3d8a78dde14296d3f88d9a6cf29e4
SHA1 ee1c8b2f7d69186444095ed28d40e1c2de020ad7
SHA256 e6a83b2214cd2694d9d8c8c7d05f0932aaa645a5e9142f75cbf26a7e39501043
SHA512 be248b81fe9336c4e1bab79840f81eb9a8d50671a6c9d1e70bb02ef496bfb3016de8dd8a83cd64a390c0a24d8a6c5b7851a00d96060f638d444e81f98a935878

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c854879951f1171c16b5cbd576fba9bf
SHA1 641bb93c244dc3b047a1ca4b12cc7a626d96459c
SHA256 9911751c815bd73efac75780223cea9ba19fb6b1bd09103571daf4a9a036172e
SHA512 fe35a6faa6f15cba751c7aa72b13ad28ad094628261854c04406689517de4f067b6db5cddfe724d3e3472f815157db0f4a8daa0bc3f667b445d2e1386efc197f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 e08a9efbf7dd2d52cf5d6b6574d1809e
SHA1 9c0ebda4eeb55ee31bea37a1545ab2f6b92ff20c
SHA256 09c3ec1bccf9434770dc37f796032ef1f87f7bf337fc72b9615731212115740b
SHA512 5314e84ef10ed9831c679bffa4f9689c06462b9081a8745662b5caa5543e26bf9ef4e93ba0372834948b0fd631863e4496c88f07c6522510bb81e3d509107f76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 e5812b217e2b1a9eff555ba802307026
SHA1 c57a534a52bfea6c8a9fbbf08369625660528531
SHA256 458a94dbae15bb3f98f9e5989fb01c5982aabc1e12d33791b4348e724cf01442
SHA512 d89df1ef3004241c11b6b6113a6d1e0891e7589efa63768b82a5afc0d286877fd27ae8e8447f43716a8f9beb6d9fb9c168c3310be53abebb1596e2aabb2e1a93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 fd5c8fd57c9703739ad72b86e7ebc077
SHA1 5b3761d78ea8256274dbb1cf2c08fb39b1f8f30a
SHA256 efda1c6acebab621fe0ab065682a911466b2ae6a2c1b0a6e1237515f46c41277
SHA512 16653693d769e2435137eb6f10639f985f4f6fae99afce5e9b871e378974934587c85dc12e4c8432663644bd1a62f0afcf92b35f223cb5c8217d1072c91496d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 ae4d9dd15ecda67982a2826e8f20c383
SHA1 575e5402b111b686697832ed247230d85ecb0fb3
SHA256 97470fea9109e4579cd3926b61aac021813df25a3403f6325c9220d9c93fafce
SHA512 eaf1d780ee0132b139e6b502d6821fa98e4a97d9994429b6c6039f45bfa625a85cc44619110538b1179de66791e82535834d50b894c2af20904e0401e463f8da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 f2f4ed9ff3c53b7f579e0a3378db56bf
SHA1 b573cc1f6d21105fd38a100dcba825a1d8887c00
SHA256 f1e7632586a74a4d1df0fe99498b636bbc42b6b42d7badca77cf23eb9ccf96f2
SHA512 d77d1953ff2d537ffd1790a95fd5721d91a188088b63e5637420d30c589dbd47e43dd49e81c7de20f74c90d0c23ea184d508827510d9d3cca8f6b65ba0b0093d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 c2a66b1134a0170c5967cdeff60b6ed8
SHA1 9179da0c1799d4962d038f9dd78dfde468a6ecce
SHA256 06ecb3181c11dc508b99f41064831f319f38710baddbf8056be79d2388767a9f
SHA512 4062b5220807d884166c99bd83c86944792d4cbcc358f3ee58103345fcc7e99c3b05fd2fd6e185aebae780991314d5ce864308139ce5d2fba460b9ad900dd9f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 b7726b9cd0f24e3fa3f55383c6ccdcde
SHA1 2c094844e9abf697e8f04190d01d00d39080f678
SHA256 9913b0c7781f0674d074461dcf938e6bc2e046e90abb8ad917b90d7760050c24
SHA512 f86e03fc221ce580c67271212da12a3b52adab69b74d428477293b121b22bb3d292ec4930dc7350f29a73015357cbf071b7b3ff26694ef94ed1246d587fc994e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 e298de2e9ec8d6e4c5553928d31f6e05
SHA1 92681b6d813f79e84522753622da1a696cfd1763
SHA256 780cec9cd74d265d164ed25d4030314ec0a6c93dcbc36008f8a0eaa1115ea7cd
SHA512 9eff2100c66507c0375bd0d9db3bcd371436cb10ab76670aad04b0adb216c12b4fdeed888f0313b81b21289c97ee21aa49d50db85560ba3bd53ea6c113733488

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 fce471d1e4675df85a9193fce5f296f5
SHA1 9083c74d8c786330f88788af4126e768f886d668
SHA256 816d0fa2cbec0b94533786de49c17ec35e92162c7956e172c69ead9409569cd2
SHA512 b7c4cfc51ce2ec240e74358f2c2ad8356422d1aaa00521c0d59edf85ce3b634348ee7e1ce1d61b8c65eae67cdbb13616fc562f7f0cbd27c781ec0853f33d2947

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d3c426c265f35b2f5ab8a357a2d4e867
SHA1 87efb1584c75c61b646fdc48da9f26538e529f26
SHA256 6b4dc922f2b55a3534df4ce3f2aaac9ed7af2e0beec5e6b5106a943fad77dc88
SHA512 2f93cee794972bb4c1683af49af00f2bbe7d5280d6dc7155a0e41c47dccf86695320b6185271e72778f94079d93a355852711ca83b417816148a11735554b777

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 366d4538822c67aa52a52469d62c0190
SHA1 d4efa2b851bf65bd5612f21c718e79ef120cb8e2
SHA256 5089f0a62aea0e7543005a78081b1d823e4a89bc527000dc86d57641a49b5bb8
SHA512 f4c6e363195fc4e5a115b24b6054b84d86ae7677897c8449207fc25e2e1f843a50d2b3a6d9c2894c032a937242763e33afd820870ee67fbc250f47d221212272

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 05b094f11d5151a5cbfeaafb8fddeaca
SHA1 d7925cfbf498d4c95d0e4a4a0a572ab272ea9d4c
SHA256 c682da86510ad4a2e68d3e4266ba7c8db1e306cc41238bd5a2f0cda0a171f3b3
SHA512 491a8a11de920549112783f09c03c25a2648eb87639a4feee9e563053bfea696206d1e1744f951a3fe149f4c73e618fe84e3476ef18c4f31ffc9ff6e52cf06da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 47bbd49ce6507b3e2cc8594985d1cbb2
SHA1 372267168008a2f370f95250b039ba0b1c23d5f3
SHA256 d102a4dfe494f7dc480f2c79baf6395c78effd8d244fd854a3a35d57faa66206
SHA512 1f10fa47fcb5e338c9718a32f65ff85250b29acdec44761a39eebd8ba3c3237c4529aae839c3912f8400a84a123bf97d482f2c57ffe98698d72a9fe15b544f57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d05b132e0a7c818dde244ead8b01b90b
SHA1 91d1a846334a8f1707a2350094a6db9a7d4d384f
SHA256 9cfb5bda37abc779e6208e8a66e26505c1af71ca70dc677ea0e2f4e6527daac8
SHA512 1e9a84b055b3fc5e0abd5328356e45525afe8bf271f55bd46f9954f51d408732341c218c59db81bd5a6f25695f74840342ce30f022ff2c71e1382d25fad502a6

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 d83a666ae9055f3786a7b004d382fcf5
SHA1 7072910b6e9d8f854d3ec954bcdbef0ff863f240
SHA256 dc75b2cdb6c35a23e55c144632a6a0d2473e2bac988d83fdc655e29b031241c5
SHA512 94c6564643329597d415a6a48fa7dec4bb3e56a7bec63c29b9aeaaa9892b02079bc7103f2bc3833688e5488eca396b1e757cbc4cda4c554754013de67a586231

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 2c528f79581cecd441af277d245b9bf5
SHA1 c198ce7bbd3c0c62098f2386e48b266341b709e2
SHA256 22a867c0ef6ded6d44a5dd772b7fcdb5c88a8e812732149f90585e8e5bc6f16a
SHA512 7f83756ed96f3d7b42603a7c2daf58b076da549233704f40958cc981c7ef7a361f5ec09b60db5c1d7af15a571a2749f46cd561b221e0aedbf0ff2ee498127fe3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 36ab7fd68dcf1f2fcf8a406211e0971d
SHA1 45fa5dbd06e92676a3d64619437e95384ac53322
SHA256 1149f0da249d001078f6566636c9396f58ddf8c2913d81f0ef87ad26f7e6a8e5
SHA512 cde5fa24f2c4420f66d9f1d582d7cc1bdebadb004338256573d6a084d3146331942d65c6469a763b06ba2f61a51e3714bb7a5cae3dfb376f05548ee04b8a8d39

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt.Zalk

MD5 1579546bb8da351eeeb8738681a54ee8
SHA1 229fae9803966826c7e8d3084bc16e1dcc7a8677
SHA256 8bebc2067d76fc40af07fedca54447697ae560665ab0c00e2866d01b0dae161e
SHA512 4cd088d79dfb8038479ac7898fe21fb95a544570c70e44d33cf7721937a9e659ed98871fcbdf844ba76ff603e8f5d96ea816d870f480c0d8186226806e059928

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 3238018c9533dccff142100a0c1e74d9
SHA1 15738bafdd5a16f861b07a2ab6da72b3615b3f1d
SHA256 760492bb07d6d904376539093e2ef5abda9b26da98c497670c4ac444ae898d29
SHA512 419e615b3371437ac52cdd12db397cf81933bb39b2acc0c70e423fc724acd8201f7a6f782d42cf4638ac1f188de5ad89cfa1dd14326e796944a8566d2cf08836

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 93d135daaa1a855378a269a36506de87
SHA1 d35b793194c200480d493713c1e33bd9d6509f56
SHA256 69035e920a00628903f64d0b14e7acd1e27bc03aeeb63947ffb720e0ee8589bf
SHA512 388d26ce43535f82e5ad8ddde71feaa4b0dfdaf82e2450775763ef1715cc1d5b8eef90f0bb8660fa5ec442b238232bb038c7211c46e4c34c65b97e7990ca2430

C:\vcredist2010_x86.log.html

MD5 08da6407c921148ee0910072530fb084
SHA1 b9f6a8b2460e6bc4a8af0a342994e7ecd2faa188
SHA256 aa79530ca6cd73125b254ad0a4e4a006bbe2180755209119f939d632286ccfaa
SHA512 d58d2a499b25db9dc34e47a45a88c75964c7bc833c9a76c75aa7136888d811acb4dfa0dbcd3a1828cd03313b2c1a4cedfebce6fcbdd85a9a7d64725264a32054

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e65c436c266f089d0117cb84b7d01c1a
SHA1 8e3d709855ddcb47a3590a9d3476c3e99a882f80
SHA256 52a018038c7c81893de3591dca10606abd342b3f52427a89bee922ee717fb1dc
SHA512 dadfb97c13d7b2f637bbce43ca476bcae58dc435b39f1a493546d3a5dbd15483b5e203816babcd79d9b45131c527503317758324caafb11a366350f60697079a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9106222afcdf222c8ac36e23061ce8b8
SHA1 5f7cb394b0e7c2dc8a056a9cd910f91819549569
SHA256 3169d00dc77c64d70e1bc6057603638f9c47455f51b18d07dc2785fea3c74a2b
SHA512 25aa980cbe6f351c041009d14921448423c35abf5cfac655b75e161db7037420877a13338e5bb8d873b461a800e478a1e9f06918baf092ef2d0f72c91a2a3bb9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8b0b903a1805d69de41f9ae1c4e77ac1
SHA1 059ca681146afff11b5273222579220de782cfe3
SHA256 e8231ef76d363f33f46ea6581c4677d8040b539ee67b1456275b8b566f43c3c1
SHA512 8ac2ebf5003f0b376dc61a85dc7cc1583718b2b4897a45360f1e5e8f392b4b243fba101e3ac18ff470c9efe32390317971b7adacbd5a7f7080df51b9ace7e62a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 dcc706c166f8ad7f3b3527c399152dfe
SHA1 53a3316806792a9032ef9a61833b9391cc03f1ae
SHA256 31f03b3aa196ed2e68d922cdd1817fb69a505f18385b04bfd38afac9f7966223
SHA512 4a7beb3f161d8946549c5f5980cb9bc498d9d4fb7e8849399c52466ba7ede09dd0c941babbfe06e376edff51c7a5131711fd357d7f7d180788c74e5e5696d4e3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fe16c7d82033c0bda7fb04e80238530a
SHA1 7387cb598afe0082e1a8f38b712e665b08d2fd90
SHA256 f35c2e37ae34896c66acdcdc86cee172015360ffc9e1cf6fb11dd4426e9f8246
SHA512 da5d40dea158fd7cc1a1b68174d6414926a83284eb108ce390501700d7a0a279a4097104eae6c3c8d9734fcd42c0bf7c9481a6e03980480675d964c44a09d3e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 31aa56deb879ecefce9e319767290c38
SHA1 3c90f4e0d6de54ade5fad24bda6344aecab6d598
SHA256 7cec3b30e082478e63b137b3bba40e49af572ff95acb98cb93e03bc4da8665ed
SHA512 e47cdc14ddbbb345a750fbb6580e479840b2e9e7fca3dbcf83cc71d3c870c4661aade6c051f7541d4a77076f6014cb4b9dfa4358ffc93caa32ec00d1e045a31b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 24356a1445e437f548acd898eb78ebf8
SHA1 b098819d69fbbeef08d6135608712494afa2f5e6
SHA256 b7cd342ee2c9e6d20b8ff44c385f3bf56f386b38f8e5ee6540dc687c33e02984
SHA512 d7aee4ef4b994e24867d79f58930ff2e3dfdf59c1d92f616ce6165af2d15c630c1d0a9135d8a68c8b3411d105dceadca39f0ddc76e120c056c35426a4126ebe4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 9457e60ad00d7a043073144b4bc2da65
SHA1 faa131566748e0e9cd68e449ae4f3426848863a9
SHA256 7f5d5e0e5758d3b5549fa0e0cd8668fba8cf31593769d5234d6f5062e4ffbc32
SHA512 7d8796bcf04b8f4955f1a69fe34c3efc805349ae7a85788f6e54df13e425ecdf02fad0cae3cd925558498c3a0ba378a29431245c5e6834334eec3f1f2581cf39

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f83c0c8090a03da94a8f93123d3a69c3
SHA1 5eabd956c037b3644593e5b277edcb598d55e501
SHA256 d2ec18b87c1039f18a1284475b006b56fa48706a7160b2d3c955d0c3b589b486
SHA512 1373481dea05038123b2bcbd7c4c322d206b0ebb4eba4056d23abcad1e13c7d888ab52925acfc1eaaf12730c51ce5b3b55f5f21fa0f2b201c2d81cb1f67d118e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9669e9651e92291f052b1634e27d99a8
SHA1 be9407382e459343b50c166dc4d1328ba260c81e
SHA256 b3a90a8b9f31407aa6c9de5a201880205bef7244bec84c7d8fafe716aba3a68e
SHA512 10fea3b2a44969192d3376dee3849a48ce3fd2506ef177fddf1566053718b1a2e3995115dac2f7c74ea046a93311c9e4dc21ec7feca8f2f9ffa665a2c5a11b09

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3cc74699442b3084ac6cde16f4d3ba5a
SHA1 c4f0e57377a1a40c58e5160bb80a85af162d4749
SHA256 397ef4201a83ba0c57a83578a9a3f89f180be776cc2ba79a05820abdb639a222
SHA512 d3ca41d7f0c54013a4c041be811e09312ff2b6608d5e813e137d9bb03777ad64985c3927f9c3e7a100923a05d3b034b0f493ccb1c63817da7d675209d7ae765e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e7e9737e9e2025f03380448ed8a0e3d1
SHA1 2f726f8dd128b34cbd7bcc54320fcb1eba9b0203
SHA256 2d0163c3f7c05db841b24d0f8bbf7a8119d4ed79cf2616638b89ca98dad1f676
SHA512 c65a747221696b5ae1a6c2455621f5c3840b275503ffde8c47d0d3502585447cca48363991766f1115e20c1c2cb9aaba05bbb361390041ebcfaf851341d463d0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8be52fec17847ce52bde1ada5b6b4ab3
SHA1 f56f6a8259ff1619ed1fd7b30e2a45de642fad79
SHA256 12100486a7a43200d7591749a3018a4e0cfc30c1171dd851f981553a7d7d0757
SHA512 7eb78949ad97d29836bd3c151e277e8198c6cf395e1470c23215ca930da07986b5e40b221b373bb469698b13a527730392840867a207853fc72d6fecdb863589

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d4dcc5e243efe2e21eb0113f0cf4c051
SHA1 bf5f738f3ff49ef3ebaab3591f69b4387f278602
SHA256 aca9649537afb71133e69a01c28f6aa7bf9aa857d37a184c6e2b160f7af9b592
SHA512 4961bebe83ddb1723c20dce4c6e28763b30580b5dde2f4b55679a51d50bf4dcb25b922cf77449824e7ed58f27dbce5832e950b8058e78066933d27c2a43a99b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c6a19d0ba7997c5c0bdd849fb9e5523a
SHA1 681ac4b0ea3b86cf633d18fd7bbdf32b3ac69859
SHA256 bd79bdc81a0d79bcef60197836a5b9629c13c5247c65beeb3aa25a5d9d1c1481
SHA512 7bdb6f8ff4fe1b191e60b427ee79dfcde8324bcbb5ae045a4e0b278b0dd348239812d2ffec118938194c32592a37e89140d51f42552a2b120408dad3142b613e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 15e77094d0d4b70bf6464b90f8e8229d
SHA1 16f0ac0f1adcf7e275516095a55663a2fb4dec0b
SHA256 5f68f31a81f856bdddd981df5322ac407ac509a88cea05dbdd37c7b70b97658f
SHA512 c1237ef4d84f8c3c5e4335481a21a40ae84632515f6e285274415fce065d5c27494f720f13094acc9bc404100f00571c787f9b758ee4c6fbaed242515c29feca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 80ad11689f3b36c204872c6bfa5c0429
SHA1 345d2d093aebf42bb273fdd9fc12510d88efba74
SHA256 279030e3e4c7d344e4ae37a96f91ed7544d99df4e605414a0a2ce00e636aa584
SHA512 a11fe2feead3178f9174418ac07f6f2de075d0aa8748b2e6aa1ef5a39265ae197d3e2bdcc5bc1ae027b381a549e1f135e96cd73ae31bd6fc246500d679787890

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 8e2e1a3e054a85414b82226b90625b91
SHA1 94f5109fc151839f96dd8f6b9f43b4e440586407
SHA256 fafbd2c33906b4590155b377c8525d08a95adb0870d502b2693feb6e9e2bce59
SHA512 5907d666892abdcdda9a639d5df05befbf70c497397b9f6b5a4c00b6d70aba5e6604fa0603b7e1e0c27732528f7fff287e21d77702adb9abdaf5ef68346b58fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 d9c9c41d9119259e00b13db92de44117
SHA1 0fe36c3abaf724325b6223b7b18d6fc0a4290b65
SHA256 816b67a86eb50b0d554e12a7a3eb4a6c1ec934eb5f4e354d893febdebc512298
SHA512 b715436b01c56fa6fd13211e7146d1f68b4b3efb0b59437857be5b778c509b993b18fdb117a0a516cb1154c3d1c081d3e012503e8f2891dbae7512f1017b275a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ceb7bdc27dcc9e33ee149a6d3b3ab866
SHA1 0122b93ccf797057f9fdf68a20ef2772785c27a0
SHA256 4b392d1e5d02b8226c672f353a690389ace7f72eba1b433c1988fb1c83acbab9
SHA512 c4ef6510fe38d273a5423402bf2c67675db798580b33cd759c1171feaf6fd070dbbc50f9c303894ed5d9e68394773f5239993677d6c49ea64e7c55049e7290ef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 7d35b60dfdc8e621d8e0b3e902244885
SHA1 e009b2f362188f8dd7b46a044ac8f99547e6f0a4
SHA256 b0c61f40caf83c7abb7dfaf01938c74e17b05492fb9cd0ac9bfc21ead162634f
SHA512 39ffab10cff4b764274578ddebe9fcd2db648a3e546d95b2159062cb8b903acbe87702023f567030a9ecaa535d2b7efd491bdc55df4abb36f8a12c32b5c6a74d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 3fb3e17f926b05e72ca0b8af99a0cc58
SHA1 244de41ddb69464702f855a29d8fd4097fd1335b
SHA256 6f572be60b9da8f01bd6d5fdcb485689d7ebe6a8d0cd870f74b467e8a50a7c19
SHA512 0084e79be2b435edd69739f1352a43a23648c79940b9f359633fc8e986156d83992524ac1833a48fe4462981a3fd24354c3867c5dd90b56c9310260ee87f239e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 8a77c2f4f4a07fcfef85f7a5d298f380
SHA1 c61c4a9b08df283e5efa848db3ecb02a5bf88c3e
SHA256 3bd9221620186570efbc45434b40a12b91d0124f6da00260dbbd751cd7d45fb5
SHA512 423d33746d80dca7d4d73f42250135750ae74ac76932359bb2f709a4153c86292e42b28e681424639b46ec936552c13eca6ba877e5c73000a5834e869d1023c4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 21430f159e1d8a3e9d70a341c46ea5e4
SHA1 2977b75926475e7e9ee1826446d1798d50661bcc
SHA256 49b690e345207c0ba331a148413eb73538a67ce9d06b5f90d3eee199e737d515
SHA512 9585feb3d7aa73ad5b61b6ee670bfc1a2fbde3525cda5cf2d4dfb3600d366b2e5f7b53142037cddcb91df52c551e2af5334d0c6b22094b98d6dc58b0f34f86b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 b77e51fd7782e6247a605f72de795dd6
SHA1 0380b116c99ae717423223c3cc06f8672c2af074
SHA256 7d6db2f5833fca151c4d1c731bc10e40d85083f5dce2914314160cf5471fbe74
SHA512 ff1d4f49024ec9b4e4418aaa56f56eccd0d03a23ea912cbf4818a8a87e1968f30da5e6543f447ca6e7c498bc37bd26a4df097c87f83585f7ef75a37c2c40cdb9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 511fd99a08d535423a59da9d368c2844
SHA1 8697de15b595910450bc734437a7f472a3d6f3e0
SHA256 1e751e54e36fa721dd3a914239477ef28714bca4aec209ed197861acdbe9a8f4
SHA512 09c878b5b307fcf3703c172f5f067a6cd088bcdc9f9e0e54f85768433f42adf3096b558d3a438064e656f3bc09a013d16fbfbfc4c4e76d9fa5f13758442f5d9c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 95ac9b11140b6c47522763de17dbe074
SHA1 a82701b1c7deade81c9a290fb96d350788539ce1
SHA256 166a58618a2b24790e5aaae18391c023946775f0bf8bfd429553da0c10b8e5c7
SHA512 de6b539ab5ca359cf288e6b3c9fb38e3891326490407aacdbea9a9be93168181a9ed3b1d9598616bbfecbb0507998e81b37fb1bc26a805c97553955a88db39c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 c0d8794c56bd1b2805e80e1c149f4dd5
SHA1 f1eeac708f13fa5738c4c2cfb086c16ffbf1d1d4
SHA256 3cf99f6043f266bca0ee08d9e71b6fe50a4909e56782d0c3436c5784180d4470
SHA512 eedcff2624386f580a8bed8ab2ca36d7e9952ed8fb4480b62a5736590456ac06c188d954b05e0817742761cac4c3642f47d1bd37a6fb92bf026994fd995bb9c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 1984222b52d75d58954da319d10516d7
SHA1 4eb97c1d76372e3baee1d839c97728d692221cef
SHA256 251d8ec9367f16a584f7c00bd9e09e2f64403d64e828492ea0fbf841ed483575
SHA512 da1164d25266969013b4208a491dd1567545f9c37b6cd7ffbefa623b1de435ae8c0ca7b3f791bb4c09394d7457af8593f78b5c647cb78f2865eadef02e86fb86

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 802730380471cde42b55d18c73245dc4
SHA1 733a31bf8cb7a730b3b589aca6a6536a33d0b682
SHA256 f8a1c5c793544b722057e8df88dc12248d9b93ffc27859df949add3f7dab4251
SHA512 22ecd50c887a99f8d6c34ef673b58b73ae954f9fdc6dfced288f942dd85400ac20b4cd8cdf6be3d121ebb8485466e907af861b6c9721aa8dc2f879bbba743580

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 2e0c9c48540b6204ce8495fb2d32400e
SHA1 94ed6f5be41d1a93293b20183a93dc416d6c844a
SHA256 e01e93731eb29296898d9c3a7d303d0297f9e78f0d507bb4b26c45994180e718
SHA512 56024487eff59a037e8a7febae93e67058ff3045817afac864eed14113cdcd73f38bc3676c5d2b5b0e751610afbdf8b7bded7d05f9bd31871d1d7675a3c69987

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 cc43646debd247adf93cb191b74d0d55
SHA1 e19d8a5a39a2981c96ceb4f0e303ec30aad3d35a
SHA256 cbd790d9549dc2ac1d484bd817063ad517d141cf5d5ddf1bb0b58c0b1648543a
SHA512 9252b3061465e42c28788652b4e20ae2f67f950a602b47c3137a2ba847566042fa9a312a900810a11bbff8b7df3b66a6036379b2851040c987bbdc02be7ac52e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 8548404ac97bd69526d9de3ac1e2acad
SHA1 4c302364dc18c93156ce11b97a631934930fd468
SHA256 d3bae8aa545fd93fa10e9dab697b14a2ba9fea9ccb1783dbe8924775f631c58c
SHA512 8c761893a75bc0d5e57aa8914a8219081229240262eb27fdf453cb1760e01335695135e7551ceec03c46765cfef9a6c5221809da47e5b7d3b47964decf5c23db

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 85a26b9d3d2b0abe1893d45c130c5e0d
SHA1 b10e6f70130174cdec9e5699954ac71d2ec3e336
SHA256 db3da008b3c597bfcee021f8b21204dbe1265cf1a1dabdcdf3bfe578ddf9dc09
SHA512 d1fe218338f714c2c5ff39e773f109edd7ee3401a9213772c4390378e68229a8fa5e62b70a6862f43bf8c51b56f3f6475b7a3e959a7486937388771f0881c038

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 37fe61fb2b47ad243078ea1825b6a45e
SHA1 539c641a73df41d3778b853bf6e6f5817ddd9575
SHA256 4ae15239166dd8d7ef7c4ddc5265df6acc847b543ccaaa5a2fe2cf95fafbf4ff
SHA512 066028cd8b8a8e582fea21f0c7f04b1bb2bc03f3285dcd102f46633fdc41d1ada10e4eb4fba2b743d43731a7a15c011fd3fa87793cacedf8634841afe7694e46

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9e193a006faeb0a78a6f325b9bac117a
SHA1 2ab08cd21c507e505b2afe8d579c5a813b882ab2
SHA256 15758a2c36bd6bde54f5907762a2fed793863cc2b3c930cb1be679db460ab05a
SHA512 cd8ed17eb8f6229116cfb90ff3c32ac4602bc6ac5118d6eea4e83e2f06f1029263c560307130cb029095bfad221099cfc3f27cff51c489e84db74012dbffb3e5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 55e8a405871b76a4f016c01f8c508a39
SHA1 2c31c607b7633d43f0aa58df6dc6a51313d42c44
SHA256 372e9ce486b44468fe9fc84ddee93f0ef17999f83f26532c760bf5466c72ea86
SHA512 e698723f041877dd48fb46422cddf60925e7c6d0549a78d04bbab2021a1ac0c85fcfd15792aceaee1832e332caea7d94da7c75d942c6cbc0c50cdb98100fe7c4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4ff017c4abdf0dfe2db01b44c3c05e04
SHA1 d9a02eb4a6bbca29eab793344dc9eb4166283d16
SHA256 9c95510db56ea0dfee608bcc1e88d3e3e4d1f511a012468b0626cef13b4a905a
SHA512 2f6b76517a21219eaa0fe506c02ed04a00c2571eb773686015406cf36e2fce12da2ae84f8a0951e822782e6b56c70448c9ce1cfe9358865bf11e995be018793c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 853b7ed799e2968ad59a4e0e68568bd0
SHA1 dc45c279dabdfee9b5a970076506cb05ee7c15ad
SHA256 e3abad5d509d2f736d57eb0b3e89f9dd17b69a568bd0b93fe166eecea8d07442
SHA512 7f143ec0963ebca66eb65370fbcf8e1d10703cbe147cec3ec537e904a1d0a6e73c666a549fb42e370f83ddd34da1b1df8b4b08eea99f26a8c96c3082c9e7dba8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 efc3959f68c0117e14f6ff0f63ca60b6
SHA1 c8ee769f5cb024f65e40d4381e60374b68b2fdbc
SHA256 0341e92403a9d298a3dacf2259255409178dc6b7722d4a6b76b06a8d54d54189
SHA512 89d69562d8330094694e7137c87534f31e8895faaf758ecd59717c8c35ca92746acebe764543dae3570b197f1434165103df7482d0cfd35b53479e263ff46283

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 ee31a61b4d88eee9ca7689fd6f37e6c7
SHA1 6b39c1da5b8b265fe5a5d7295f0e5513ea5214b0
SHA256 50f2714e06f9acb4395b063898d6231491d168333011569fcf0d24f1db5dda91
SHA512 a6992d242c8a01572fdd4327dab82476b7d73de2bc9fd6c35faaf443cf2b9a63959aa334296baa5c9f8911229c861f8717db530af5ba63d751791bbbbafa70ff

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 1cfa6a7370038d0e8db9e927d5bb7d22
SHA1 5ad7b71c6df04b93f30a0a5cef3bf44236f7cee0
SHA256 5578cfa7839a4d89f3e0fb0880d6d84d234f2ef272a7d8de7c3f24e5f35bfd27
SHA512 a7ccfd3256b10f4db987286046cac2a9989c8073928c474ba482b6a6e5a248f87f2c4feddb8c10f2e53a223d512b339f9c6627027803a441107813f43a2a2dcf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b3f775258ae70183a943dc69907de177
SHA1 287e6457e26abd21d5190d7d555f342f72b0deb7
SHA256 98306a28980a2b5c9bf7befdb58b90415e32ec6f077ebda0019f2a30c0ffda6f
SHA512 08c632a4f5c37f607e5d77948c14366f132aaceb50340de46b61e1fd79f6570eeca6bb686874ab765a64a6faa09e2b8701120d0187f8608cd5f9f0f0016819be

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 378dca345cba57ce66afcb94cdeecae7
SHA1 999318cd849c1a250c03f77aff50dbc778ef5ad5
SHA256 e2e94f19f0b01e1e6a6fdabf278b4e6866cafaac6017c16371ec5ca4973a4cdb
SHA512 7290e36d0a7a586179f32435c9e9c386a97fc25b5d3cc43fcbcd8dacd0138e106ccfc950b72879d28196fa89da491fabaac86336a33773c7e6f14e9e88def1ab

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 4566b85a11c6c434d0c1a077eb58f214
SHA1 dc77760bf705da9794e0cdefb48b95dfe7c3ae49
SHA256 f0f44408ef7e0847adf0595b64af0b74022575ebe5a467fb6648154f16b53c7e
SHA512 3bc5e8e6431d051fc9b7063e6ccbf639ffb680d97ee16b900757b693dc7a4c120f97ccb7b48d5479804775a87cecc02e3216ace98392c54755a25066445dffe6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 464f108d6c31333274d81e01ca2a1f1d
SHA1 71c211a7b41950701760eeee5a976e1529ffb40b
SHA256 170eed494dbec175250f376163f0a2944c054a5e3f9671daac3e80bb46b8b785
SHA512 2ce6e96d5cc77bae468f3bd7fbb1319c73908376602d91e9ac8e4ae1536a8c5f68df94d6c080730cbd8f9a0f970bf2b1d0fd8cc37ddcd34c11d8fa275e9a68e4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 de55c0bea8a7d3d08360121151a288c6
SHA1 2648ffedb2a7db3eafa9626cfa9c7af300e47534
SHA256 8fe8b1bb9a93178b658eb27929ce1441f656fa9faba5fd3e55f6437cfd5266bb
SHA512 85c799c5f6274de642a9069f65b4e1bfa37d88eb51829174193a11cd4d5b09ee4c8c54eaa7becc476c77898992c681823fc80703a46322a534f1ff1a7cbd9dbd

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 5652201ab9352c0767604a75b49cebab
SHA1 2391d9d972f076bf88bfa31f3f5a879dc09e57a2
SHA256 c0ec9373bb94e9636c3094bba5a48d0099bbbc4e62db1930f1405c0b039baa93
SHA512 3293765a595984f4eb8abe4cf0cf45cfa62042ddd0cf6a016b3159b01ce0f352c369749b9991a6074fde4fb1447d101755ec60811892e53c385aa3b346cafb6a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 0142032e1f4cd0733db089e22c05f484
SHA1 dcac7578fecf69efe2e8bc2b94615108ed4609eb
SHA256 d8a8f93f7b2b74020dbf36b6aeb53ffb38ae121a1fcb9d864c9d5d25be65ee2e
SHA512 6bb914b0770230a211bc8109984ebd8f1346c945f4f34f06cbd587a8f72066ad34a1d773fdc1cb35ade9b9c9a916c28d45bac2236a78655df968251eb468b262

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0fb1d8c2e60792225f1050a5ce05d568
SHA1 87d18a85a95311e6892b2009289ac7b4eab49613
SHA256 3f3391f53614bcf8103dc323d2a1add793de04f47d7bf5efffb0ad5f668e09b9
SHA512 ceca0bf6820bf2523bb0c9e17f65224bf949161b55ad55a00fda28e7cfbb5dca4a30d78b85aaec35dc2dfcc35708061fa15b87600d89875e255460fa8d703933

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 908441f62652a16dd8ed2a33535aabc6
SHA1 e7bb98af0e38417ee2a48f3fed18cb94ae6c6332
SHA256 4e1d71933f2b5e388ae777e2932b3284008ada2171ea07403f7b756778cbb7b3
SHA512 ece2661d7ea47f1dc5ad169cbca0825640910e5538912c6d020f6800fe4893cbf32a0a5098259da0abc2b15b769f6272428138f7e97f5a26fdfdd316c3f63b69

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 23b08ce0482bb30f5ee4383c07d19e31
SHA1 d0ad0842f75fc12f44873e521b0a16d27954430c
SHA256 48f0e2ff299ece25a066e339d3b34b1a1f706530675bda1923f3fedf43c423d4
SHA512 a50b5aa6eea6b6757e2437146dfb2e13bc1540286b2db7d3411c82bebcff897ac6d2b78482af1fca072b1faa447e7fb655c02d72fb26fcf844a97297812989bc

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 03:13

Reported

2024-10-13 03:15

Platform

win7-20240708-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe"

Signatures

Renames multiple (2167) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvfx64.inf_amd64_neutral_194cb6d2ea3a486e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_neutral_16d100fb6ba2e40f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_neutral_2ec26aaad7a9d419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_adc3e4acb1046b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\erofflps.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43F.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR14F.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384862.JPG C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2ae934ba06cca16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bdfa1526a488111f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..moregames.resources_31bf3856ad364e35_6.1.7600.16385_de-de_81e11451db7d230e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiabr00a.inf_31bf3856ad364e35_6.1.7600.16385_none_1ff46c750309ff30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-scanprofiles_31bf3856ad364e35_6.1.7601.17514_none_afe1e41a9e223489\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_5faf9128a3432508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_top_right.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-efsfull.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0b86017e76da4da2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee2eb924e76291e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_22e830f4e8b5a694\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e1aced3797312f8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_lsi_fc.inf_31bf3856ad364e35_6.1.7600.16385_none_c571a0e55bc526a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysprep-aecache_31bf3856ad364e35_6.1.7600.16385_none_50af0698b2bcbf98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_ehiwmp_31bf3856ad364e35_6.1.7600.16385_none_51361f625837371b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-2.htm C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39657c8094a09978\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28596_31bf3856ad364e35_6.1.7600.16385_none_553ea4f945797825\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ionplugin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7a7853e117fa676a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.TypeConverter\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f53b85b846ced058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..nt-winproviders-msi_31bf3856ad364e35_6.1.7601.17514_none_e3a9b3cfb978682c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_06530f80a067b382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehsched.resources_31bf3856ad364e35_6.1.7600.16385_it-it_37d013376c562226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\1047_576black.png C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9b3fbb9c4384a9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icm-dccw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4b773d77d426117\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6b38fd80c04a1d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dumpata_31bf3856ad364e35_6.1.7600.16385_none_c5330fa587ba01cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artcon6.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3bc75f43a98c7e3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0a0533810e792a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c110f4bd66485354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0c66155a4e01171c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_486d6f2f4dff8a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-langreg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fd3bfb25937494ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d3f17da70bee0f28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_6.1.7601.17514_none_67e6c3074ea71107\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..sideincludebinaries_31bf3856ad364e35_6.1.7601.17514_none_64b6ec2d7d52abe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82946e72e9a0f858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..ing-shell-homebasic_31bf3856ad364e35_6.1.7600.16385_none_7c5e0084fc7da6ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f2a688465003501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.7600.16385_none_8156d54dc2123a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c71a98b60933ee96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prngt003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f76d2e58e59d36fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..hared-versiondialog_31bf3856ad364e35_6.1.7600.16385_none_6684415f53b8fa8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-au-component_31bf3856ad364e35_6.1.7601.17514_none_36a5754e72dd8aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60cb57bf22de85f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnts002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a943357dd09aaf46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8f82c242c757672e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e73ad640330455a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_64f2dc1b8938dd3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.1.7600.16385_none_1f7373be61daf614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_de-de_4efe5dee1b501fb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b6c5b9087f87e55a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_22b18c66b73f6810\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.identitymodel.selectors.resources_b77a5c561934e089_6.1.7600.16385_de-de_3662c4eeecc2abba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6a01cab655265f19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.1.7601.17514_none_b85a4f21afbb528a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe,0" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk\ = "QJMEELMBVJVHQYV" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3d7c89c71126fdd72fc550c7d3bc46e0_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a10e814d9b98dec5755b5c72167366dd
SHA1 6c01d1061a7fe360dda69a055f696d3c42ed0984
SHA256 f1c5e45ecfea34ba2b14805a7b003d2e4679c17f538c8af3e901b85098a2ad90
SHA512 1dd03c68c53941c542b48b27ceda6f2f0c8e310b6b250815562866c3439a38dabb92440f5a0f16c647275de4fdee2a1621ca1ff40b16f925c25d3e717b0f5f5d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 8be8bdaa523cd7c31262656a44ea6a07
SHA1 1fe97813995ee6d8e745d606bb189af3795d76dc
SHA256 eff1d1a42aba4145ec6829bf97848b89d15bd054d2641a0608013edf53204ada
SHA512 930ebb3a88e8c02a29072c5774fa6d000808bf71d1a89af9a80009d274aa2d35ef6b58665f8dc89622478cff84d1dbaf91ae73607e72a994999de03bff83cc2a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 2bc5441694c5811714dd74613bb614aa
SHA1 e0c71c5bc28d7a39d57896a1743eced26dbf15c4
SHA256 935111dbf9e3a91812a6952446893db12f87a0b9cb15b4270fb66fa2f50d01e0
SHA512 dbc26b11497bb12849ea99d5cd32975eb9b39c55594dc0c612d392d38b18998beec7c9236fa79a9f8044f555d55c1a7c500a23a12ba7a604fd55b7c916b63610

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 1e30e93851a0166b0cc4a8fe714d8fe0
SHA1 56258a347eae701dc583648fa836d33b8bdc6aea
SHA256 e7430dcc744b56dcec14cfa9054d5408236ec2db93672f5e57d3d6ed7421532d
SHA512 374aad9aebb43b65ce9fdecb168ba1a1e55313b641e416fe2fd13250ab4b7c3721be1373f7863b494d0e7a3df7cdb5ad6abb15d6101249065623663b388e33a5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 54794cbb437141841d639518494a42d6
SHA1 1dd8dae4a27a95273e5028f278235c0ab945caad
SHA256 48311a71027967600c97ed097450def4b383dcc8316efcb658f8f5483f506536
SHA512 42084fad0b0135d304be7fa32b747fb998fd5610712df57ab52e05042a3e6b242ba73479400f8a21b98d2030eb1eb80d8c8fa2ee4103a6cb6040b6f829355377

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 7e4635a276c8c11b5c3778b52335eeb1
SHA1 a145fd88668f236391fe2d5afd2113fd95141401
SHA256 52a2f3711881b9223ea8900dab60f359465ea57659850e40cca2c49ce7449756
SHA512 9b93c12eb15982ee44c3eb0869f4fed606ce19ac2c8075fdfec777de538d1ca1ad8ecf7f3dce4ea84de917383f697c5d2b399f8345e7899dd230459b013ef51d

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a236696004c5bca70667b34711fef5e4
SHA1 eb716d4f40677522e94e611993428388d527ed11
SHA256 b8468bc6ccb71e97b6f567275d431a821ebb47d9d7364ca30afe6488cb3f5763
SHA512 bb76f05af9e162f388756d054d0fb8ace5b68b2b473525209ab749954278b9af9031d2490ba634240876f3f802cab472380989ff077f8eabdd908bf6365306d9

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 293e1841dd4ca529d8437baa10cbca7b
SHA1 d705422d0b0c8d9b5a99a297b7d69e05bd1c369f
SHA256 80ebb6f605e5d8755715980711ab87850fa006a99417e7d2da5f811bd5ef71cc
SHA512 eec9d666a2b30bf72c987e9c0ef712bd651be73d50519b1b00ad52c335c421303018d53184c1fd608c2df727a6077870fa3b2d8b83934285f611d03d1a3bc4d1

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 15debbead5431641d819df769ccae307
SHA1 94c56f0a595ea23f681a334cfde7465a84de6d70
SHA256 5a42610dde68e98355663a5c3c561790449a3d5924bdbf7e1c0af4cc9f83831e
SHA512 2fc8c2aee968a13e72ccf084030b2e049a6f4b49f8d03b1e7ac91d14f40fb45015e409c1bee67d630171fa634240545165130e3329b44f570a906aa66b073e48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 81736c5202d20eae55e23f4f9fb96ecd
SHA1 4a9c43ef1990048db58d21a718868ebb4ab784f5
SHA256 3628ab78be7328b90db74ac370f244192da0ccae5a21b8ca359664bd774a09c9
SHA512 f823617ee81bf1caad1b6a280f572e9b127eb55aeaee4bdc1ef11203b1612e97bb0362fcbc6874cd7a61777add375fd016ea467e58e3e60b75373c38fcce8f8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 7431ad18051888ca3367e3f5cb52ee9a
SHA1 1945e28dbdf5c5a4b5711f59b70592fb6a5b0d04
SHA256 524eb1e99be3bb0f69fa67259a5f4897151a4a3765c82b54832721a3b66a4236
SHA512 040be8bda3bccc5e8a875e0c194e1691459326c89c9fb081bfcf161cd2679d81e2c64594d3eda3d445ab1650b2e9f8a950cb872a3c35a2f49f032c4f8b49e0d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 f3bad0f57e4d162a319753e11ac592f6
SHA1 5ed918b91e58c769beb7a3e1e97640063c41e8f1
SHA256 5ee88d74c7bd05c233364adb4a63f1924d4e76b780ca011dcb0da441f4dc56ba
SHA512 fd65c0d6fc6d96a83a69c129453272d37bcdc944ca10a0a96a216889ac71429d4a71b52bcce399e26fe0c952ac1d5554812a4939e5698f6d2fdbecc68d2aa726

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 6137314f735d0cbd435fe18a0e6aac62
SHA1 d2a39c2aa8dd3963a09887e5f256dbefc526cd4b
SHA256 35b4ad603cb0f53305640231c48b5c26f8ef3b996adb0d34a292ce0f2f130248
SHA512 64ac458855c521b1f0fac04f8caa2fcc614f1b31bf8e03dd2722722d63354caf15c848f54745747ffce9192eb90b6cb5314519d1eca16d37bc275456ed4ca38f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 12d291ddaa0ef01298f024348c329abd
SHA1 40abbf3f0193a5f8d6446c5fedd2d177cd7dcb23
SHA256 21b1e3927d1c91241af2df7ea826c3b9332f691b880606fa79f2ff5d69c3b46f
SHA512 a998130be64cb0ea25c2234bd5cc986e1ce835e47922ff3cb6a18ed0babad69abf76741d463b9a1ffa343c616d4fe47de5d278025094094acfbfb213079a5bc7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 c585b445571c88d5d32ea9a17672651a
SHA1 2e6666f1432dacfc5829271afbd85e1a95317230
SHA256 3a2f7a056b18fdde5d31d9f60d687349a8fe9b194e88ba4f95baafa965090742
SHA512 a2c5cb79dd79a9135a141cfcfeee0da8950779b76bae594cb1e89c73afcbfb03eb140440cbae06a372515f230867b7a36b48ea3564312007fcb50ed56969079c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 d7baa32dc1df7849f67d2ffed8c652af
SHA1 a43de649b902f2af5417267cdac9b9c6b386d514
SHA256 3378e28e3d375a5f93cbacaf3963f05ae0d2c12c1c049d28b26fcc9b55171e4b
SHA512 9a6b646a7136e1462a7a88a4f51f9f37aeb82387bef3e94e4f14ceb2af9d8f76ad18cffcdd54932fbcd17788ecc4bcf2953b3174775543b1fdb3b10080b73f37

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 65f3bbdd3c4dbbc3a3133347cfafddc1
SHA1 fe04805d0e5326fa78fedaf6ff4ec97beaefa7b8
SHA256 669d9f9bdd67695a2890ef475f0767ad0b5aa3a2c0fd737a99241fd963c5622b
SHA512 8247f277a70c1b07a1d2cbbf217439ca75b590e05270ff99c072d999f41b49911d939ad4d05756d0690f4f343038d6ff56b2ce619126cbc51a3c64a7e4b0055a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 bba18bbecfbbaa97a443b366d4e204e3
SHA1 5d0631b85b2320ca4f623cfe76433a63e4ac1c4b
SHA256 549e5a81db7bfccbe1a59f00287a74f363f6a8351bee7b8dc40fcde5d35dac1f
SHA512 3d067b2b2d588c25eb98740a91eaa65ed8478c55c840665c6b44ff595e997e292f7c9eb04f87c9638712195b5b17a45704251e85e0b9266b120512c604979e74

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 3eb1d1d4d4319dcfbdbf02b01618e98e
SHA1 673ff86c96a15d9426e57f165ccc1b339edcdd88
SHA256 5d21a2f39a8a5355f34d8a2874e0a3a66f3fa7f0b5b516562f190df6b12c9cd6
SHA512 b3dcb967de1ee0a4949dd6fecca400baa739b4f6319cd2e36c505107f3ef9abe583daaac4e0c4a2da12e88e85160022b717ab4b9337a41f8240b11a3a649af5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 12a0ef5144160c12387b4fe8970c0239
SHA1 af3125feb79394fd2dea5736149f7acfcf105c64
SHA256 3d43100712fc8ff2cf1b67b6cc356c9e90a984d396dd0d8126be75131420c5fe
SHA512 e1f91df9c2d7afab83567911e79b9f7933ab61de75121819043c7a3935f4005bd6fe29f12f02499e4e217c1d37b0927732b60e342d03ae350b4490f9e6b1087b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 2d4c79d32ab385c2ab563ad7e4b7090c
SHA1 fbf50bea7435c0cea69eacf3b7393964888f0e0e
SHA256 451bc7cbe04c61ffc36164baa7edde4724b5c160c86fbfeb3c539b6bf9125a36
SHA512 114b0169a4e7b8e22ef115a066133087abdaff415f7bfb60aceab1b592dd0995811f12dc73ca2f39729ea0caf723017c0e981ccb0eda82417f91b5afc8fea368

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 de970ca644b31e5301172e2ca41d1faf
SHA1 cac7d76ff60484146dd9a9a1819ba007f473678f
SHA256 ac8cfebeeec2ad3f003907f13479903b31f953614184e92045cb02058cce95cc
SHA512 b9f2394d17fd5282ee584e53d595913a27c0a5439a6b39a12e6c8d69f21130078084362adf901ec7dea92998bc82743bc7acb0fd5003160aea1b6e64390ee298

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 95a6363312cce34c6b67c212d2599eb8
SHA1 fa2acf0cf7aeb8d51464d39f1b4c9d373427a3ca
SHA256 7a998646b2f2dd72569aa66d758cf3e9227494441a720a20c6e38d1a07d3592e
SHA512 3c93e73804c0d91f579f4402d38e7e90b83038334ead7a145f1d1ebd462638bc7b6eca475a149cdb489dc7f11bdc37bfb21bcdabc9ae5af9a7cf688d415eadd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 511001fbe22ca6034b9d23690b373d2b
SHA1 3ee7170eb2df7468245ad1d4ec57d32f8637ac9f
SHA256 21ddd877ef5ede29a66421a1a3d12951067359d35f3b878b90f8fd59c0fe660a
SHA512 6f3f304f4d435cd3b8528b7aac313d7876fa817db99e56fd557558dff156ea5d6444817aeadf2acd259e6460ae51ef8b4196d73b126b8c8878ccfb084cdb0557

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2dead7f6da6a339aa53817b0e96098c1
SHA1 0769bb4ed7b3b0faf9c1e4c33c7c1c74fa217b65
SHA256 bf35016e1944792e9c0ca535fd2da685c3fda91e0a3eac73a73ccad9151ddb40
SHA512 d39be5a83d3318c0d2a922baad91b13aa6e4642058105d8ead4c43cd19982657dcb1ec227727fc6a59ac77b59b0e9ea034f9736939b8668bca7f4670119913af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 5a698708dc05139f431ecbe326574aa7
SHA1 57ad971b73cfbdd8c5aa4cdd18e6531045655e65
SHA256 3dc4f338c9333c6e8cfb644ff04095c1f65859027a0921ac9179cd945fe93608
SHA512 4785dc6cccc95a16521438d79af3df29012f2f7b3ef198c16d3604dcdf6642f7b1fd4454370e4492620fb4d6fe5d902bc40aa2a9450af852dcc10e010920744f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c14321387a349935a2e76b8cddb2e32c
SHA1 3542a4f2259aae3e82b752d27bc2a1437a0bb8ce
SHA256 8d85625c59d925c35391e6da778835ccb5977319a435b1fa8df27df5e82067fb
SHA512 63b31948db2502d2a965742fbd6a7bea616bbb570f4b1b1c92e27c67ea296b31c4c21efc6ad161d87dd49b2243236d1b10821019acc218a06f2a09ce3e9a71c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 962576d932c472907b07e670f85b3f17
SHA1 ed8775fce0d2c60eb318881ba68d4c237a3681f2
SHA256 bedf4164b706bdf591ce7744dbfdfd22ddece0ab21c844ed0b1ec6ca8f63c30e
SHA512 e280e32f39802ba2714638b26e26bd9789927152753e957b2c7d2f3b7cddbcaf5fe5e7d92918cac3bec5089da128633035c188632eded20a122ca0807b207450

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 e18ce477fadc6dc98d9635f9d0c0c96f
SHA1 f8fb676e6a6ca82b7dcf537aa9c7d246262c113d
SHA256 de0aa5d2b78be642aea49ddbf7e5b2a54fc3e4dc1ecd2771d5e879e7f517eb2f
SHA512 588472b9285692b082e36e348e7c97f8b1b94b0de6b6249b2aa35a103dcf00b1dac52ac29519ee7634aa01d48e98cd4d2108350590b454530b797f0fbac96dcd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 b4632cb222e00125ceb1cbaf26782f91
SHA1 8d3a8aa2d24935694e7b1ae5851eec629f581424
SHA256 595ab995e209aa6d09a53ddac74ac0e0bd474b06d1d2526be3447d9b3992dcc7
SHA512 a8b38d6eadea70d3bf12f50a9340958195192432fb7c9fca12ffe0287d4bc191e2a6ba9087eff787c74383689aefd143e76dd504886abc6f801e65e3ed8ee45f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 43d565d12fa5af0f8069a9d6b8ee86d1
SHA1 114ba35ec571be4e6c93b38bbed64eeda11ed907
SHA256 fcf12fe9665a92b054a27e3af5b229c98894e328b5fbca30b72f944d7bd72d8a
SHA512 9ce4a301799fc783bfada305d5a0169da2d60df1019e74aae56ba5aa0ee99d7d340b277debd69a5b1ea39a174327f988625932c4b407857ba15b7b00e69c306b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 01fdaaacb4e203bad61b841090c2f58a
SHA1 639b510b9a0f1441fd53e64afe70f0f90d35d42c
SHA256 4476e2cc55c1b52d07fd3b615fa6183a8ff23b2727ebd05ec782ef098f5b1b30
SHA512 494e211e4942471be39c7a83ed25f20259f2f600482f8082aae2458d6901aac0838ab82d9caa6da0b2406966176301695279ebecd69198f4461f72aa9d78928e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 407e6155b49978812b3137b3d49558b0
SHA1 ba055991fb25ed44d02e7668509191cb6c7639bc
SHA256 969df386c7438a2aa5b2898b77f46bfdeb9305c78adeca979b01de5a9b8c808f
SHA512 d38b5291e54311bcfa3a174748bf7c5695ec7ded3231bf2eaa27d17a64ebc4a42a0f668243d01e89a741bdf98d0ebd76de289ded3c766416e8c7ba5d7f195fdf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 63a29f6317be66f70393e4a70b6011c0
SHA1 0d9c9f8daa232a331776242f97981ac7217a74bd
SHA256 cfe620a241c843de4ca361f93e7b35cd855ec2f461bb898a7b7a8f31b551da4f
SHA512 475bdab6f5d7700813f0287dc6c361e7aa799172ceda7ae186bb4bc1885db2ed70c02defaac62d8f9d6ea9aa46c74f816acb087e747ea8f7864f2fcc01ab0461

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 4ede01bb6a272538f9ddbfff5f364325
SHA1 92ec6f9c3f7c476df56d8f6bbe745327f2b42b6f
SHA256 01dcfecfdd5085037eb4574c6317cb442b7fcbdf4cebc7dea472d76646854bef
SHA512 71753decead2bf3be2ef912e63c1e451c2959cda44ad6a07e10597e69fd23a25545cd25ace95f513745e9c41dfd47e522116d6e0ed655dff3a8486bf25c1f5cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 ae9d36d06c462f783e781615cf4576e6
SHA1 26241fd98612bb30c07600c4a7eba495da340650
SHA256 7eef0cdc77895e15e706e81304c800c1d744616d6e591099b5cf33d63d511422
SHA512 dca83c442b3404e107aa88deaf85b86010a201cefb9ca88ba095ae329ddde57808b3ef8c74db3754eec62e5e0d649a07db8a586f8a472d30cbc9b73c1830108a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 966b9cc78714d948bd12b0c5f9b05ae7
SHA1 c4ca38ca8b17db5b378630ebe532929c7895b1de
SHA256 a1151b71f131b81457374170cba61d2214adf4d47059be1562c1299690c873af
SHA512 0ac3cf645f6f87341866d8c3dbf0dcafe794a9d56fd8108831364d7816db4fdd189041308eea05b75fac783c993c61afa60ed32269417bf0dbf2bc81c833ffee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 58e47a971b9d2aeb94517a74a193744a
SHA1 8f3efaca96d4ca66e848f106dc8ef8fd3860eefb
SHA256 4ca965c33fa7417a065e6d177f586498960736312931aa177428ddcadd557a33
SHA512 a9f346c4531307ab4f50bf51c2a4db1900521b78a9ffd7a4ca35697c4b88d5520340e46d0eae66eea114da39f7e6f097b7c197b1f2f737c06bc7ec01db194842

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 1b72669d681771b46b7ba36e4f726322
SHA1 feb79cb8c04a1ea909ab5c88c9dfd89f495e481c
SHA256 39ddc5f487dfc2d476c5b3ba0146112c00528afb9a1904918ce016becd525553
SHA512 edd5f51f0b2f98aca41b120f2366ae271f15f42dca7b55ca11dd422725c91326095e50b6f2650b89f0666f064256fa46990420c7fd23aa1b30be6c8bacc7425e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 229896bbf56e089c3ff714a1c5c48853
SHA1 d03861d55c571cc348925a72cc2d88c34864dd3c
SHA256 f19dd7c5cf0a31886837b79387a180b0ff19cca6f44549949364425f9450d1e7
SHA512 4d54218775b6b38fe225f99923fccada56493e70ac70e992c5318200a258966d83553c0bc661fc66c625b32e62c88f43dd755410e3269034fc538ed56170901b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 1825090bead28af19661644b74b2fac9
SHA1 9b624b91f548fe75a7f28e82bf632bf6df7500f5
SHA256 69523e6e9fe6ec144f336176693f63e832c8d4caa6985091a309e989b85745ea
SHA512 8272a37f764f48c9fd4433311bc09ff3930689e473031d68bd1f1f1fd938823bf189f25c449fb864e03658c97cfecf2c99b5e0f535801555a216bcef9cd08b22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 368b9fb22e74f84410d4b13eaf51347f
SHA1 54b74e37f9beab713eb2a9959669f597731adaea
SHA256 9b9547800c2ca21f6325da5d7f944d9f8a4a7befe314b7416adbfe5ac446d30f
SHA512 72d451f715114fc858edaab0af3ffa0b585b3a96a0f6663464f0af86428f07903f8bbb5132760a264333efe62402cb69c5d0b881e82971c7ce2efee27ce53dd0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 0752c3fb7576769ab7def2c2bf6b3d86
SHA1 8f13c3d614125bebe55c7573dc39d2933732e2ff
SHA256 b35275b51dfd2a6513b12ff81a30641d04c0b76db977154fbb125bef260a3f99
SHA512 968739071cc76273c1b80553e9028381572d7158c493ba5e83fa66d8b551c6d22e641f337c0240ec6ca8a9952b59931859f0f173ac314a6a64a3505fcdcbdbb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 085bd6124901cd06f734dc24dda86ad0
SHA1 3e19d48ec5abb37c8290c21f2a4537fc319ee6dd
SHA256 b52985ee16558b59ec177180bf1e33d0a0ec1590f7d09c3e42a35a36e34a764a
SHA512 2513676027a71b8a723611971d69c53d2913f5ba5f819fca33e9e127a5023a1ef0cff71c47f3664b116103c384e034761c6921058da5b0c787f50607d750c3b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 33a97209a1cfc7ccba48ffa5bc51be32
SHA1 d52db4a137724a9447896650e9f5cd31f6a7efd0
SHA256 97766719bc08ed77e605ce97ea13aa7af371e271d721aac294cb285d6047e151
SHA512 71d346da599527aee023d08c4ea7786fde261998f9213fe5ef9c5fd8bc8366d7fa427778bfc5a85698090ec7df70ba19e4bbea1a54327b0641633b8e6a07c1b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 62a000529f0482c233ffe842a399e18a
SHA1 818401bf98987d7b8dcb61b74e866e6bbb83d288
SHA256 f86f3cc23c83b215b3f1659a8a2c36d70bf185a5d392e3f7d551a1b6613fd338
SHA512 398dd96544512b146dbd1c2281d7ce677a02c6a552a5fac5aab08fb3585ce36b579e142400765d84f34b90b8ca042c8593c0bb506c261b93051088f1382ddf6c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9dee4c7d1adcf2d42c95ff3f25f51aeb
SHA1 dc2a78546cb240931eea38a1f5002ff82eb0b618
SHA256 1a5bbe73dffc61958d6fde13ceab94b1b3d8c0b63cf10d5db059d65df631e9df
SHA512 e334fffa02ba696b3237547b66cf8735db4db967a51639965e6149d754482019a1e57b720a2cc85fe9b05a43b2ef805f138cf36dbed87e165613351b863e8171

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 5d29c71344020117bf9c8425256a90c1
SHA1 e6b19f41f5c03992dccc1350f0bd8ae6ebd066c3
SHA256 4968eb7b7984a6205a15b6392c979154b206e332255605a6b1ddb7b46b7ffc78
SHA512 7df9e28be9e747bd41f0397f8482597489716fa1e5c3e1ef04f868934cef6e2d9ea6617c628521388fc936dd5f0416f449326e8383d662b965d9ba18de18e6fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c5d841f47289d5461666693e1db8e43b
SHA1 f623e6c27f875499267192bd7000533881b829bf
SHA256 12e6bbda2df5b058c9919dc82ebadee89e1e7f616eb8d57615f4ae3d21f1a826
SHA512 e2428123bb7f222b488d2b681e616a6f78525896d3f22b13b9087aeb0076d733fca17f3ecc7beba6fe13af876bcafbcee937cf6c44eb702df6a5e21d4ca9c9a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 a5338a57eb17d5367d490c67f400be82
SHA1 0eb2d3663559df9fcd550c68e60d3a0988bad2df
SHA256 a3b6a68988513a6f283cbe790f0b88d5b44c4b762f000b7968cd7a5ba22e1e6f
SHA512 e675a25b67b19c7a97e072da8f2e50611fd0cdab1bcf7a7ffaef1f2ec7ce6403936a0ca47fa94e23c61cac69a5035a9a880903428286916063e6b991feffd1f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 a6390519d3ae528af918cb004beb5197
SHA1 3e77a1532ebcc8cfe2f709b23329beb7e1d3b856
SHA256 fd331f8f919b51348081a64e7085d414a4c92d160118983afecb881b1219dfb5
SHA512 d366e4d77fa2ee689a555778370b61b2499e95b6c5a4652eac5b4af1b43b1f26653ebbf6be2519ee1af2308cae83457dd4eb959e7b9d84cd5779d5428aa91050

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 115bb93094951b6bd765ad9b89e327f7
SHA1 8a29541ac841e3f7c9051c87be80b6a27ff2709d
SHA256 a672a62b731487eb0f178bb56889bdf3e580ab9809e9459f40d520bba4c0713a
SHA512 1b29a20b8102c2924da6b8ef1f274d5ba2156223a28387f0ded588fdcc58a5699dfc6d75ec86dcab4d628532a67668f5b60cd0ef13f00eab656bda761667900a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 12c14eb61cacf3c10e151a31aeea4f73
SHA1 539aa531007565da0f5b1e8d162da578a816232d
SHA256 294ccf562ccfb591726fcdb6fc1021ed9f82ad2d40f746da86a61993a281f816
SHA512 2c2f6c86946cce8fe927ce15bc13f93caa399c0225e3e9320d7d67fe3e33fe59df86b1d506ff133c691b83308944fcf5e8f2f89e10d8b1df19964cfd762bfd96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 b8923eac6ff869695e038cf2ac3d4885
SHA1 3167b660d79131dcc6ff62e46b541e993bd3dc00
SHA256 5d55cd0637f2e23ec1eb0b795ad07e65676691b9b667f5838367b658acb4613f
SHA512 155dd2ad9fbd29c205a19db1917a59307998ec7473a8371fc2b338d881345abe2e29c168068e8f7bb28e7e7815bc3533a561a22e26371a5b434ca1d2166a0510

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5eccbf767f1eaca2f69c897ac3c2eb9e
SHA1 93597dcd42491d99e2009e012d76c6c3ec413af7
SHA256 b45522ea47cbbf4607535aba5f54dc822aa2710fdc7aac93364689e57d48fc7c
SHA512 b1d2864055784c619d8d1a362192787b55f9432dfe84c26e1273e7da79e70f8140e66f57a6c2b68a63e74ea10bd59decb747f16e3a77c5edb2d27df8568dcef9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 d1a3134e070ea0f4d69f857937ca865a
SHA1 aa617cf107ab0c4ad91dd03f10b09c6093870f35
SHA256 252adc8f87074bda4a574dc0333d3e46f75716beba9c408ee600e58fb621671c
SHA512 5a6c37471dd4fdaddd607dadd188cbd4a56eccbd93d0beb9151054776169140c1e82c2147d1155e6a43013e60720a0a8ac75fa7e443859b00bd91c1f29ce3e4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 1b1d2d4dd80bbcb6ec39237d9344e18e
SHA1 601d7cdd06546d32c2430ee4628b354c87d9f26c
SHA256 bff09ff392236d78c4e8dc82dcdd02e05fd93ccad7caeb2f50f43e017dc1443d
SHA512 7a9b1820d78c041eedbb4a7e1ef49f83d0cc0c9da9bbd03f09b48d2138cd676d3b7e1de1ef2a7c5e78a0bc4b48ce63b27454c7a1b92e3c0ac8d0891b72265945

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 f2ed0c351fba1ff93be5581dcd7e7917
SHA1 ac8add7eb4a8018ab4dd704f83c0a184f09149e3
SHA256 2741fd1648de573f7666f7ab725a2c6239d0f65105a86a16476b5b8c33519053
SHA512 7cc65d0d71182ae0b9b463c334342e35ccdb5b201b055ec3dbd586591c8397411da2e58e4e84cd6c17bcf2eb724824448d9bb85c5c6efce127263a6c8ac9c071

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 1e00bb6c75e3023a288e48c55614b2ab
SHA1 bff86b4604f8005273ad24a0d31565bab3113821
SHA256 45c0849d112b153d0892e1239d442d38141d58cf5208cc2d163114a0ce90624f
SHA512 79c87e2a58a0f3609f7d5ffc6238fa763babb99a22d58a947ec5639790e7abc647749977e927522cbc65e978928f0339ae0ae7fccfc38834c4172b86516bcd2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f0b85358eb98459484d16ace6491b673
SHA1 f51bb7e8020d1372874026d687071d016d93d14a
SHA256 b3632ea7a21fcebaa3a28166a03d23a7c62fdf3e989de6ada46945003207b46c
SHA512 e633e9742e56748c69e5beafaa1b2259c4e13034c248a55f9b380f66b9e0af7256b323d725a31dbb79dc267aabc6abf193305415535cd45d4ae263f54daabe5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 4fc1aa55c4631193b7ea2c09618580a2
SHA1 27ef2a8d52a8184fdfd76779b55da01e1240f3ec
SHA256 33f2f5deeb3d65d32e369293fb886526535b256730f218a8fb1c3c8f554f7963
SHA512 27eaf2a180411b4e2e68dcd808e414a6af8dc84ef204b642fe53cf52f5d96df70b77d8c1054909ffcfd03b76f7309fcfe32b42cbf1442b4845d9b772e0ef6fa6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 d0e887327763056842d1595b266d8225
SHA1 cc6143d39ec3e8ec92c0b5f7f023682ca671eb7c
SHA256 08a4c3c7609e548bfc52970c3f533aa8d9660b16073c0f91f19014d7efe3b705
SHA512 24c9fd9307695c0705e4bee0c1d0bc58fb6432fc15cd6a81f8043e4b2db4e8b23f266bb39e8466368ecd54895e7659d41aee4d79e5f33c4d9309cade3cb4d8bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0ad3e33ffa9eea2ff104e8be539e5adb
SHA1 282a800090d02726f0859d8bd395bfaaa1e2a1da
SHA256 30bfa387e35900368f6772b80f022abae2fd57a1ac10b3d78ee51d705fe2a138
SHA512 66ceff1cfa9617d338241c80626856ecf627aad3d8084de30f2a5d4e0504e98e5658cf71cdf9fc090692b346ce19b5645bc882a6013069491f459059947a6b2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif.Zalk

MD5 7157c25549228cf77b654b0d656a022e
SHA1 64a7ef8ec146ba2182256fdca5264d79c5d9dfe6
SHA256 0549268f7b5cb68add05431d1736f6657cb015eb1fc41927ea4359be5914928c
SHA512 5c9cbdb4048d981fc61e578c6a48328ccf58a9c2565d5561a258d89263df1be0198ad430dba55dc08d798365fdba2d96dd2137c9facf0a2337d94dbd8fcad8d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 8457ebc52668f03dd03586358554c3d8
SHA1 b1be1a96d77e2cd20138834e3776199fc4bb7352
SHA256 cfd529eb3f7eb346792faa4762c77202e57f80db3860e482ea099c79da390f3b
SHA512 aef1c02181f8c9b6a65d52d2d9e5c0a1ee3c3ab3ed80815e0ea7921de7e38fd532116a2def5b0112da4a228e2bb6f958ac3a57e410c6446c550f793f5c5e41e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 b7102d63c8c041f18924545bd423eae4
SHA1 aaf3352dcd6b01d133e9f72866d7752e727dc75a
SHA256 88bbdbe90d6ae3fca6b483087fbce82de7808c79d4f10a6b7b5254c8f96e1d93
SHA512 262c48defcefd0ba7e90fb5f9a32fca80dbda0ee9f65c6b5174daab9e99b8d55f5401484485f1238e1388590f72a9402bf916b2bf3ca61f1819fd46fb0a4cee6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 58d79d8449d874b646ecb7cba640ec8f
SHA1 913b851dfe36e04b9de43f3c6931b6df53b15281
SHA256 863c99a70c6f60f6e98721d1473c9e3a77b794e046dce2319eced930570723f3
SHA512 f05f66ddbfa10ca855dd193aff96a4b132e998eb2cd2ccf30b7932833298e0e37a18a2059affedae20958af00468e0c5043db0b295b10ffb27bc4f2fcf9aa8d3

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 8f8a6e0d949c8732cff2085251e66529
SHA1 1c8b14862891f062b30471e1ad6398aa2f4db6fc
SHA256 0172406c0d220a753498b36e623163e5476cbdcba2238055dcad9c070569057f
SHA512 99224cbfa666ef17566cd2198c0c3dba486f46dd191feb4076405dc464c1721300d74aa676d319f0f7a90a0d2915cc83d30082835d6a8d8a712b2203be3776f1

C:\vcredist2010_x86.log.html

MD5 163cd7bc41114f42ac81bc26e5c14e77
SHA1 87504f0839a2ba13964f11b8ce682f6850eb2833
SHA256 a5fa5ed714da15d23adf4f0074fa4c6ea0778f227522e99ed721c0c04a883768
SHA512 94459b0ad7e48957aeb3f04ba71c844724966efd6c40b162eb987b51ed8dd34d3812018d9d7f13bb1dfb3bab5d24ba1986e981a50816a84dcb9dd9c1c7586851

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c6a19d0ba7997c5c0bdd849fb9e5523a
SHA1 681ac4b0ea3b86cf633d18fd7bbdf32b3ac69859
SHA256 bd79bdc81a0d79bcef60197836a5b9629c13c5247c65beeb3aa25a5d9d1c1481
SHA512 7bdb6f8ff4fe1b191e60b427ee79dfcde8324bcbb5ae045a4e0b278b0dd348239812d2ffec118938194c32592a37e89140d51f42552a2b120408dad3142b613e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d4dcc5e243efe2e21eb0113f0cf4c051
SHA1 bf5f738f3ff49ef3ebaab3591f69b4387f278602
SHA256 aca9649537afb71133e69a01c28f6aa7bf9aa857d37a184c6e2b160f7af9b592
SHA512 4961bebe83ddb1723c20dce4c6e28763b30580b5dde2f4b55679a51d50bf4dcb25b922cf77449824e7ed58f27dbce5832e950b8058e78066933d27c2a43a99b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8be52fec17847ce52bde1ada5b6b4ab3
SHA1 f56f6a8259ff1619ed1fd7b30e2a45de642fad79
SHA256 12100486a7a43200d7591749a3018a4e0cfc30c1171dd851f981553a7d7d0757
SHA512 7eb78949ad97d29836bd3c151e277e8198c6cf395e1470c23215ca930da07986b5e40b221b373bb469698b13a527730392840867a207853fc72d6fecdb863589

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e7e9737e9e2025f03380448ed8a0e3d1
SHA1 2f726f8dd128b34cbd7bcc54320fcb1eba9b0203
SHA256 2d0163c3f7c05db841b24d0f8bbf7a8119d4ed79cf2616638b89ca98dad1f676
SHA512 c65a747221696b5ae1a6c2455621f5c3840b275503ffde8c47d0d3502585447cca48363991766f1115e20c1c2cb9aaba05bbb361390041ebcfaf851341d463d0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3cc74699442b3084ac6cde16f4d3ba5a
SHA1 c4f0e57377a1a40c58e5160bb80a85af162d4749
SHA256 397ef4201a83ba0c57a83578a9a3f89f180be776cc2ba79a05820abdb639a222
SHA512 d3ca41d7f0c54013a4c041be811e09312ff2b6608d5e813e137d9bb03777ad64985c3927f9c3e7a100923a05d3b034b0f493ccb1c63817da7d675209d7ae765e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f83c0c8090a03da94a8f93123d3a69c3
SHA1 5eabd956c037b3644593e5b277edcb598d55e501
SHA256 d2ec18b87c1039f18a1284475b006b56fa48706a7160b2d3c955d0c3b589b486
SHA512 1373481dea05038123b2bcbd7c4c322d206b0ebb4eba4056d23abcad1e13c7d888ab52925acfc1eaaf12730c51ce5b3b55f5f21fa0f2b201c2d81cb1f67d118e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9669e9651e92291f052b1634e27d99a8
SHA1 be9407382e459343b50c166dc4d1328ba260c81e
SHA256 b3a90a8b9f31407aa6c9de5a201880205bef7244bec84c7d8fafe716aba3a68e
SHA512 10fea3b2a44969192d3376dee3849a48ce3fd2506ef177fddf1566053718b1a2e3995115dac2f7c74ea046a93311c9e4dc21ec7feca8f2f9ffa665a2c5a11b09

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fe16c7d82033c0bda7fb04e80238530a
SHA1 7387cb598afe0082e1a8f38b712e665b08d2fd90
SHA256 f35c2e37ae34896c66acdcdc86cee172015360ffc9e1cf6fb11dd4426e9f8246
SHA512 da5d40dea158fd7cc1a1b68174d6414926a83284eb108ce390501700d7a0a279a4097104eae6c3c8d9734fcd42c0bf7c9481a6e03980480675d964c44a09d3e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 24356a1445e437f548acd898eb78ebf8
SHA1 b098819d69fbbeef08d6135608712494afa2f5e6
SHA256 b7cd342ee2c9e6d20b8ff44c385f3bf56f386b38f8e5ee6540dc687c33e02984
SHA512 d7aee4ef4b994e24867d79f58930ff2e3dfdf59c1d92f616ce6165af2d15c630c1d0a9135d8a68c8b3411d105dceadca39f0ddc76e120c056c35426a4126ebe4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 9457e60ad00d7a043073144b4bc2da65
SHA1 faa131566748e0e9cd68e449ae4f3426848863a9
SHA256 7f5d5e0e5758d3b5549fa0e0cd8668fba8cf31593769d5234d6f5062e4ffbc32
SHA512 7d8796bcf04b8f4955f1a69fe34c3efc805349ae7a85788f6e54df13e425ecdf02fad0cae3cd925558498c3a0ba378a29431245c5e6834334eec3f1f2581cf39

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9106222afcdf222c8ac36e23061ce8b8
SHA1 5f7cb394b0e7c2dc8a056a9cd910f91819549569
SHA256 3169d00dc77c64d70e1bc6057603638f9c47455f51b18d07dc2785fea3c74a2b
SHA512 25aa980cbe6f351c041009d14921448423c35abf5cfac655b75e161db7037420877a13338e5bb8d873b461a800e478a1e9f06918baf092ef2d0f72c91a2a3bb9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8b0b903a1805d69de41f9ae1c4e77ac1
SHA1 059ca681146afff11b5273222579220de782cfe3
SHA256 e8231ef76d363f33f46ea6581c4677d8040b539ee67b1456275b8b566f43c3c1
SHA512 8ac2ebf5003f0b376dc61a85dc7cc1583718b2b4897a45360f1e5e8f392b4b243fba101e3ac18ff470c9efe32390317971b7adacbd5a7f7080df51b9ace7e62a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e65c436c266f089d0117cb84b7d01c1a
SHA1 8e3d709855ddcb47a3590a9d3476c3e99a882f80
SHA256 52a018038c7c81893de3591dca10606abd342b3f52427a89bee922ee717fb1dc
SHA512 dadfb97c13d7b2f637bbce43ca476bcae58dc435b39f1a493546d3a5dbd15483b5e203816babcd79d9b45131c527503317758324caafb11a366350f60697079a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 dcc706c166f8ad7f3b3527c399152dfe
SHA1 53a3316806792a9032ef9a61833b9391cc03f1ae
SHA256 31f03b3aa196ed2e68d922cdd1817fb69a505f18385b04bfd38afac9f7966223
SHA512 4a7beb3f161d8946549c5f5980cb9bc498d9d4fb7e8849399c52466ba7ede09dd0c941babbfe06e376edff51c7a5131711fd357d7f7d180788c74e5e5696d4e3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 31aa56deb879ecefce9e319767290c38
SHA1 3c90f4e0d6de54ade5fad24bda6344aecab6d598
SHA256 7cec3b30e082478e63b137b3bba40e49af572ff95acb98cb93e03bc4da8665ed
SHA512 e47cdc14ddbbb345a750fbb6580e479840b2e9e7fca3dbcf83cc71d3c870c4661aade6c051f7541d4a77076f6014cb4b9dfa4358ffc93caa32ec00d1e045a31b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 15e77094d0d4b70bf6464b90f8e8229d
SHA1 16f0ac0f1adcf7e275516095a55663a2fb4dec0b
SHA256 5f68f31a81f856bdddd981df5322ac407ac509a88cea05dbdd37c7b70b97658f
SHA512 c1237ef4d84f8c3c5e4335481a21a40ae84632515f6e285274415fce065d5c27494f720f13094acc9bc404100f00571c787f9b758ee4c6fbaed242515c29feca