Malware Analysis Report

2025-01-18 20:59

Sample ID 241126-fswtwssnek
Target 9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118
SHA256 7c5395a4c8f0f465f1bdce4487f7ec55c7fc76c513fc56da43d5e37184570f43
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7c5395a4c8f0f465f1bdce4487f7ec55c7fc76c513fc56da43d5e37184570f43

Threat Level: Known bad

The file 9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2188) files with added filename extension

Renames multiple (2210) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-26 05:08

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-26 05:08

Reported

2024-11-26 05:11

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe"

Signatures

Renames multiple (2210) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx005.inf_amd64_neutral_5304c93e2193f237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_neutral_6708ad28050a6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angelu64.inf_amd64_neutral_3d6079dd78127f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\naacfiiknppcffnp.bmp" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216112.JPG C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17514_none_22307ca34c725b74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe20734f79178af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b99b5d32e84c3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_61486de82ffb9ae9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\Help\Help\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\inf\PERFLIB\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7b1202d6a314d68a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-bitlock.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f658b78fe4d2b67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0d3c1b799da79df8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\Boot\EFI\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_24b0abce309788df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dfs-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9a7f8a913f76760d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnssui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_98a94977da085ddd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a9d749f96119054e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_eventviewer_31bf3856ad364e35_6.1.7601.17514_none_a7c7be940756e915\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ee109a95f0fda2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-diskcopy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2282178836c1539d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.sys_srv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ef079b506bfb0485\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_82efffc4fc376e66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_efed75e2fbac9517\cpu.html C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-raschap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bb3aa8c74180ff2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_782d737490d72da3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_359e8f733549202f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f01380ac074756d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysprep.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9c3a907c447933e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky009.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4529dd8217981f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..tlocation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_def1053ac9a29c18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3e357e76593a8cc5346dc0431f4cdaa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\Aero\Shell\NormalColor\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_aa51ef0ab20d731e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4dd33a919e1787f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-8.htm C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1143_31bf3856ad364e35_6.1.7600.16385_none_7e815e4b23b4db5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404.htm C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9cdfe845d74815ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-hlink.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ca9daaf34f0004a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_436ded7cfd5a03af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ab1a9e33c91a3cba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shimgvw_31bf3856ad364e35_6.1.7601.17514_none_192d4c9d26ea0672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..re-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_984866fcef320945\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7601.17514_none_ae4f82d4c031a13b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_52d95615dd870ea4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..omain-clients-netsh_31bf3856ad364e35_6.1.7601.17514_none_58884da45b10f345\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_es-es_18eeaea74d77eb05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scripto.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f8c89253639bae86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs_31bf3856ad364e35_6.1.7600.16385_none_7a67b4b8c47a30e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79f660751417b764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_7.1.7601.16492_none_060bf0a8d4bc1f75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac3f009b04b599c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_17fdb6bbc887fde4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe,0" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JYGLMMUTCQQBZQW" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 96594b0d359c86d821771ef31cf737d1
SHA1 7327da609cc85353527175638b0597bd13267956
SHA256 6d241a856d02fc5fd228fcc97506ac6f965a87c247b7d710b59f3a1ae154276e
SHA512 bca1b5d84186c541816dae75214fff7361aa439cc015a5c166276a2591791bf76eab34e102cdb24d66447586f4596f7b584214827877d80283ab18c8772cdb53

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 59ac0d902b76235acdb7070a9fcd7f13
SHA1 4929ee780399b3674aab28d3c071a376d5172a78
SHA256 e85d151b769cdddbfa66436e5781d7ef4469ee53864550d9ba40d9cc4f5c10ad
SHA512 2b50f1a67edc261efe2d1a4ee37639d917781762a6578e8ff2820f2bd72aa7250ea150a2f86a2b30007dd8ed955fa8b810cc818a876b2b259e708efba8ad4ef6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 c80337caae966c90401f92fd00499c4b
SHA1 98d2088a6cc4344b4507325bedd4f9e11fc350a3
SHA256 295284637272cb892c954723603dac145dbd6306b613e6d47d782d18d505655d
SHA512 9c90b5928dfb4bc70004bc4f1e68bd2d723d22df56ad3604008bc0c70d3646f299428e758efeb6cb18ec4fad4f60e4c57a7bdc494585b8268b2c49cc61c00b2b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 3aa64f0f295459d3bea04cd3f6543160
SHA1 98cd24800055c3566ee9d88a11ce7669a0b20b4f
SHA256 2b8ab35e6a7e3e22b3b7303aab9766191b7e835996d4a5fbb802d3efe3c0ec08
SHA512 ac08d7c770922c21c3eed8fdafdbb06c0772ad9d1d9407477adc0acde7dab2722598c4cc01201a9a02aad973e0412d721edfc6a24e8e9584f39677b20698392b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 4391466b29b1d6271f32066fc3dac956
SHA1 b6f1b2ee6df2a112437f18b1371adb7ebee9616e
SHA256 61688b5d9112aac5ea6ad8fc17301da4384b27650e70a58e2fbc97c7ae42cf72
SHA512 076ac492a1ec6a7a798e272fa7a3034cd2b6187e2daf961587f8aebcfc5795efad55004f12c1168c38d41ef1918bcd5f1211f242542ebeb5728d8d7c36575a49

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 8f8dd244e15e04dba90c852355a5a748
SHA1 fc3f2cbc0c614b2479b3b9da243cbd39ba7163b4
SHA256 59e870b32b1a124aa1c408a402a5a7767ee08e29128016ce83cef2673da88040
SHA512 95770e0a7e0c898189f0ef604e34783f4f6abb812f4d9b3165ea2440fb05f4620bd712b85401d317ff25a31d347cb3b7e66126a37278fb969f4674c985075e23

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 4758c66db1e43a0b8f5a2e591308a651
SHA1 c8787918309d6c7324399694119e795857550a10
SHA256 159143bdbc43c5a72693a8ce37cf29532828dd18f7684044910671e8cb78dc1a
SHA512 ffd5ae7ccff4161778680e4092ec7ec1ade7633bfb6e2b7b992ec4adaa3b8baa2bd166499721fe9475812338229232aa58ccc56103e37d67471143df30a9809d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 f6fac7da162f2441b5fb8fb9dd8a9f92
SHA1 2f0856f4d0e3e63b36c3e57877df8d7552a34844
SHA256 00f06b211d03390a77d1761ffa0235db32b2b8ddb09063a2823533cb6b3c1e17
SHA512 1c76b98a0e252fdbd35c49a0a7babe967aa5809ba689d9110ee14cffdb5bb918d08c22082cea04b40e96a949302fd3743a79864a410b5791900625558b4b3830

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 5314e4c0a668e5c099f8f7851376b4b3
SHA1 a46340c40a4892b7e5d4719b7c1f71ed8e347d7b
SHA256 56977c8a255246fd096b494ef2043f11561f33ae3e56389e0b499547f4fe1fbb
SHA512 10f557f8cc56a8fc1a408a66f4ed42cd5fd07c618b9b35cd7f14913a8b83593b0e76894ac809106a676140f3aeaef4a06b137d9413b9ae6fa351b079be17f38e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 8d968d2db119ee5814bdaa6ebe6f0836
SHA1 79b38bf711ba206b611af5ff0671848f645bb4fa
SHA256 7be3ad5ec0ddaffff80f81b755a46845d0b1f5b5432e5458509d52bb19c5bf5a
SHA512 5e4dd9aedf6fe1803eeb01e74a7e18fd6e160e8ad0272141bea396bb582e6f35fafcbcf8a31d2b369e9ed5f3e7a0aee5e1d307acd097ff11f40919165f1dc860

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 b9606ad1338d9a9684d3eb5e93e5d6da
SHA1 6c197388e5eff5595206f16a4af7c404aa70a670
SHA256 41f147fa895b723a349cfc31a431071b68a8cfc6ca3138b8a911208c60ca96dc
SHA512 3c4e2dae1e482b8e3e8a6a4f353bcb34a0d6a7c66fde30e1d80a434746a5ac286a72b823549b06feac26a27f086e2606dcdfc93927ef99fadb433bd65f055900

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 2b54341d6df011ab7f69d0894070ebe1
SHA1 86ba6d51436231ea3770c6e010a7e63c49ea2ec1
SHA256 1614eb3a59e1e66d1f94f725090c7fa14829d5735e169ceabce0cb7b03b3b892
SHA512 3a9a591591696edfb2541d287e71bbff61f5ccd241fca8785ed14c053b2c81117302f4695efd29992205afb97e08f941289acb477415d9bde64afe3437158b53

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 484bf33725671997a2867bcc4746b531
SHA1 d7589908bcf21131f84553364687e4f046e6d07e
SHA256 0f9017ed81faad20e8c6211eb83c82f134d62a210ba6af0d1b8dbacab09a2334
SHA512 63bb4f06a48f80c342370b5745dbebe72010f709d676403dfe9b3982d88acf5a01dc809f1063f6f71620dfd817ec8581ce1e8291478876f0a7aa0e6dc8bc571b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 e718ea7c03c70f27a642cdd91f2e6c48
SHA1 f705b6133c0c0886de5ff58d3728eb47a8521504
SHA256 7fd104225d753b2c0cecd71fccfc3f423ff637de417557c59c9f431b1259273c
SHA512 4b68b6e474dac633eec67d56bcbb23917e0130a9ca1c7b6948a1259ae69b79987bb8a74e2eed17c1730cbc85ffb1c1c2747c62f7fc9cf63fa3fac2a9894c85e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 ce293aa73ace50eacd0074c8c25fe817
SHA1 3063325681b9f6f818e5b41618976c27df3b0a2a
SHA256 168c427ae77b1d099bb00a4786e11b7fb1ffb86bd12d9ee4046470612487dd61
SHA512 c43a4e7e6830f73d42fc2b8187b9140f4419f802e3d314fbb1f93e87fa8edb493620b3350c4c177482b7f48a59ce55aa3cc157805ca4a86156ba58ef3f2de9f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 9f3be65344929f717abf9d9827bac8a3
SHA1 9b7bc50311ed9628f9d013337bf84d4088418dac
SHA256 0e40e0293b7b4efe1931123a1c7d1982c74d73869f78c55d0d95ff3da1730255
SHA512 effc5e775266d9e6d78f4aac30326ba8c07669677a4a30d8ab165307a7abcb2116f794279f60d580dc11ceceeaa652561c8a77281993d4ea6c4c5a4f91897e57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2978eba29efab367a2844b93596f56ea
SHA1 717effb62611894ca8016da08d7282c7c274f8f3
SHA256 6cbd7d61b255fce47992a8becb63a9249321e93132a5f1c13782c580fd44d83d
SHA512 17f4ab9ff0e279e659f0dc8d7f703408f2fa720d27c258a69d93855b28669a82a5ef5ede8a2cc74f2efa515e0cca3d3360e44b013e70a3a3ecee9aa22d92282e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 667b5c49a9af6ef82ac24b29b5b23e0b
SHA1 90ebcd557db3769ef0e0049ae6c50996c3ba8609
SHA256 e6953b257cc79b8f672f45c2b30ff1104e7784587dcf520ea5628783a84443df
SHA512 6097f23e466ec21c20472434a37feef79a7394071d71c9a9a7a3e4d537267ba018a0297400415341dac7df3020ec852fe9fa7fe1bad4de4e0cc0a931314416bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 e4057f9ee97aa94986509e63c26493a3
SHA1 4c66f4da8c755d395161b259b2eb24c256c1511a
SHA256 0370021f8414a14f7ab4cac1fee969c125abd34936d289e0a3cf2d6aedb0f821
SHA512 cdf4de4ba8a46d423553928983ac1718f1654cb847552d585d6cdfdf7f09e6c5e4de5bf640ad9abce3bbe944651247c6c917f9a8f26ec61df74baec03c0005ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 e2cf80037ec7e6e428893ea7d16b730d
SHA1 a2f8f09a074217dd3b5e4ca58f354f3ac2af79ce
SHA256 a1ff76eef0f59aff112ba4ac214b7e187fba81e365b9f05bb4f5e22fae2208af
SHA512 4a15be4f78c76fdc6e21a33f7a66f42e78b15e69f2e04dfbdbc2ff0c63ad6a3d0a142c4a7d73c6885b954e8e34b724081d3a9ae8745f3830a4aac14518e74e16

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 5b534563a945e0f4c887d7ba5ba25891
SHA1 10d2de2bc63e6a578e6dc43a640fa97e749ea3c0
SHA256 e258c979257785a4d7145f722f26586b1a4900d0e735ac01c5efe86a6f917e5d
SHA512 02cc60c52fcf6f5324e938cd161ed46dd4cf950a06628804fb51e2c891819bef2129105fe2b5248708a9081b29c383a68753ba51ee23b79831c695afeb5a9882

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 b0fc287edf19ff1dcd83b6c0efec1708
SHA1 4c3aa6af6579e20affdc041c63743819c8327346
SHA256 712a2810608fa094262ee99305617895e8624051711162c777ed0cad84547f23
SHA512 361064ed4223cb022b54fd40b2063cda7452a76363246b0f85794a8061b754a4162edd2220e5403cbd29e06d167ac0f4d965e4a3045fc73077f009d99dff7d8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 db988b8fb3b4c1d1764fc922dc6dd126
SHA1 20007b788d500db53d5b828275c90213de20a167
SHA256 4da98f429222c0f4bd2ff7ba9f5906cd82c35882a4868d14759204fbe10f20c2
SHA512 f5c438daf662519c5c51693242ccd3578891e87ee2ee19607a82cf951133bc7437b266a1c32ecb874d623d34ad6aff18e3590eccf581b17d5804ae42125e71f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c06b72919212392f06a5b79e0b9932ab
SHA1 bc090cc1c4308041e342aa7493703c99bc99fd6f
SHA256 6d6d576962a694857c290a2af3e1631cd44a7e7809ad35c3c74212a16f107a14
SHA512 fe1e01f5e0072eefbde85798ec622fd042c5d546579255b9bdc614b64c5e0cf62ac35fa43850354b6f98571662bcc63b519b7b3f96419e563b9d6bcb1455fde5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 98b213950cec23ffd507219a34542f1b
SHA1 fe547b34be6fbaffd9f2fa61aaad3290da7cf3ed
SHA256 f43349553157b50af0a84cd23ef49bd82c689161c0a6967b5d420e3bac4cdfaf
SHA512 81cc21032c084a69b1c440458b7361aa384d960ff9afe5535d39c1861360609de7b2b3e8fc592acd68a1a5dac94fe09aa47ccb8383fb4b18e2c7b67748af8c22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1d7d1050bbf689ebbf33604f6697b6d0
SHA1 67dbc1bb3673a23b3b8c78867d430b10125ab6d9
SHA256 1c05dd039604a1bc8d1bbe669ba0a642ae1fdfd51e6ab9dffb033e0dbb079919
SHA512 97bd82f18d40f5fc3da2e6e2888db703cfb46f955c1541980c5ef4c0c872d3f7f27589e0b7da1a2d9a43fb67b053f2122cf2da98aa4fdeddad4c71ba0728ff31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 38f388c98e5686baa33d781e1f377c6f
SHA1 e48e9821d13401a59e6c32b4fa7419c865eb153e
SHA256 b80b0e6b444adadeb7369015c5fabdd22d5ebaa4857d539a8fa7cc5dcea43d0d
SHA512 0632ae8f6f88d30897e60628f17bb4c0ff7f35bd963ba7d96dbcf10e6c726276d84633d7511765678bd0add08a82f37fcccbaf9dfe8fa999c3336ca455f7c360

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 854e7b9cd7e4902cb3f2c56557c2e047
SHA1 bcdd8d2c7ab5c95b8c60af4d90f00ccba67ea264
SHA256 eca4d0b61a85dfbd51970cb122346f586c941683db4d31d9b540337cef3edcbb
SHA512 3d3134d59a82a3d638a56f0b7159371791625e38d7ec4f732883aaaa0018c2a154d0f54701acac5a529bf24d2d3dd2b12e4eb54084eae1abe34592ac56a8b05a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif.EnCiPhErEd

MD5 99a311e7eacc14e12c2fbf8166fc27b7
SHA1 c7ab696c6d9c58c1ef3abafb2cae8df7f6539ed5
SHA256 aa9dd7b384b63d9cc518bb5237b1d794ea055acba5756d3a2dabfdffb79d3456
SHA512 ce76f4fcc0336a5c5145ea2ec33a23a95c1a439b2a60e515503eee80fe21123b2f5b1001c327485e10addadd68267b1c8c058297c3655e4ea32ed2a435a372ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ef1fc2935f2527cf0ebe2dfc8fd50122
SHA1 0e5acfc33a967ecd4550c842ec82b7d2bc49f36e
SHA256 8c067ee7d3d703349c12bf18789af88ffbe7f2c1d538a7c625d450d24943d7f5
SHA512 4dea3e13cf177a40b93d9c550cfd27c1e86d72b5fe9a7b94f45796d5e2bf03c46112158dbeda835c1f3a8adc6fe915fc8f3a3293c587e0e00e308cd3d3eb1e9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 66aed873ee9fb04661c7a7ff44a00d85
SHA1 024d4a748c2ada2654cf57161e3c392f1187992d
SHA256 ce5abca543b052d64624c2ca5606efc9c16831f2e70fdad45d0bb3cc59c3c670
SHA512 1697b2ea9d5ffb716fa3c70b5a41bd5be58ad06b6e930f7c12aa3094d0e8b2f424695af64912326d60f5d8842743dc9902615b59b4e2195e0be33e676615e339

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 117de2ce98d50a424ff37d14b3b28733
SHA1 85931b333f8a38aaf7271859fa703af56d455c5f
SHA256 84f7006faf2abbdf70ea79702726e58f5b1e0130f1f71876639bd94df5817714
SHA512 95a23f3ac79a0a32072a49891f0e266447008f1bb94e19eba8cfb47aa4efef20766d828b4c5ff31d204861e3bb3c95c8555a813b0c219dbed581d35850f0565a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 00265e2a8de2322e43360116bb72baae
SHA1 dba06b5691c1799e1f3a12cc234493a5638270bc
SHA256 9a171aeedfc990a5752f3a5d663907e2a476f2722a0f35a0833f587dc4cc670f
SHA512 930850d78d92533128b24ca6fd058ae141e59f79dbeaaf0399bb6a14ea3af68650c950f0e9e80809029512ede554688e6591e18107978b1b1d875403a2798d9c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 fdd4e4f23806e3befe8d044eb678e254
SHA1 a4ca55f39f5a1c5d1332af7ae15047ac8d61d5a7
SHA256 ab583093286bc2c4d95071c9351f6e607057f4d8a1344050ad3d3c4ff3713cc6
SHA512 02eb0e2a18e7391effbe74a31286c2ef154b167fb0d4030cb5ea09d0ded4c20167f11fd6cd172cd61bad8efa955efabb5f33aa11a2688f558bd0aa6e9f8df18a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 ee5fa9e67ff575dc6f16abe17290a6d8
SHA1 8addbbe84a6ce8178fc26b83627fc75c4175de08
SHA256 38624eb116cc8d1d6852267b553b269d877342596cfdb8ad65b4da02aa175731
SHA512 fc54c769077cd5c0cdb83889e5bf2ec37ab5285e9d5cfbbbec46562c1610650ecbf97065cfaa6f439651f332399e30706e3c778c4e2224a43bfd9113bff3ac63

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 8f34f0ac216397cad7d4df3304efdd5d
SHA1 5491c95ca561b8effa7483bf5fce14ae6d02df40
SHA256 a6385e43f392d8eab324fb145b768f777b1135778f54cdb0a799cee231492cf2
SHA512 f83819a5474bac0567f5bce6c7efd435058afe329bde23942d5f00e44e1149caf889524c621334188b2d37a3881bbb81391dc308d6361f9aaedd4e7129d4cd29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 ee2ce3d82be9047b147cbaa0ca23b0e7
SHA1 d52e594f34514886ee14377a29b2416e94b0e00a
SHA256 bc0b275797b070714503b449c38f322b70d8ce49860c0fd9e0cc704248bea86b
SHA512 f2892caac3cf90265ab588186041b1e1f7b532aa14938a252e500ee6c16581a789f04154f4fb0d01981030fbb42d9fd67b17d45b476a7819c37eb2d667215da7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 503273554fd6533295bc0c5dd5de6958
SHA1 2945fecd6f2c3716125430db57d9d976151b7589
SHA256 87a29b44c46077723e119b9a4921ffa3c0fc841839921998babda81fed286a48
SHA512 c2cb7e05e0c34c446ac054cf25ef59cafe9f9bffcaf62f095040398ffcb9dd47f08825b14ad87370d7bbd1692ca83ea1dde029dce16aa3be6708c93af5b72242

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 58a04969af0394af33d208d0a2ea8be4
SHA1 59669e53eb8d85a7a457046262d2b1921fd8a147
SHA256 c63c9c32881a88a9747e11d4d20a37c3b76968c42599c2e9ab4071c68fb97c3b
SHA512 773968d29c7674ad3e4ae97d65d3f75c3e1a243fb933bb0bb3f613dc55899d22a80da8eb0755a77777cd987ff0cfe7e6e08523b889cd9fb2633d01929ac387ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ea0e654474762390e810ec370463349b
SHA1 138ba9656ba188047ec75e1f00bc80a77ebd1edc
SHA256 4aa48359fceaaf875c2ef48afbe0ec671bb11b179508191ab3488b00cd407679
SHA512 979d4aebe7db0c309b1632d81eeab06657cd1ff590405b0bd76b4e321dcb75f3b6f9fd9076de7ca3e5ad97e85056a69cee0378973030217c2959e3444daa5dc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 b10ebb8b57fcdf4b29a5acdf16ff017f
SHA1 3c62b90ac5bb51420aef3a1d0129d5ad50101a33
SHA256 1a794d05f690174f7d75f72931c7a58b395fce9894793669cae649b9fc600dfd
SHA512 8c00bd608701668ec2c97feb2f248bab7e9b53e8417b5cf255ef2adf15dec91f95e9dcc3be491442737b22169427ccdd18096eb03ad47dd498350d139aa1d929

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 2b1b1287a1ceaf01dc6ff871f359e0ae
SHA1 9aa72edce8124abc34a091c3880ba8598df2c8bc
SHA256 a8a39a0aa07244942f698d8f9fd44c67b32d61532a93397ef493c14e4341f25e
SHA512 d5817ebf14df75f23539c17510602cd29993a857964e46c7e93309b128ecdcaa151d3446377758a98fdc3a90d3dde5dcddab763a1a6135addbdbf6473a4f053c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 331a076d4151b3612e31755253cffd5b
SHA1 739bf386adf0b88d518423cce0abef045687b056
SHA256 a63619dab1a099db3bfd63f87bc1a973d7bce97615ac7984e74f74902685c644
SHA512 f562ed11e612393a494a7bf5f55a17e52e29de4097f48cf59eabd09704496f7d81f379ee4780297625ec937a42112288470f9ad7f94a1569b93bac1b5cb0ab02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a4b9c7f6a35091371bdd8483f3cc274a
SHA1 6b47939276dc7f585258f890d1b5e28fdc582ede
SHA256 e8c8895ddd84783b5bea56a6eb15e4b20a08c2243ef313b6f010553a1d0b8a25
SHA512 33bb67a63e22c072256b4a4de899541e08fa22adb501a463df5e5557679bd20b6f47b471f661f7e09fb832f726ef8f0f2864b76e09796e920bf2e025f20d972c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 eaf37ddf11bf554284026ab46e828d85
SHA1 206c3adc474f3477ae1e46daa3c483ebafdd7054
SHA256 444350cddec4fe25393429b8b05862129f343b7d95fe24c7f7febef35566bf24
SHA512 9b4eb1a2086e15ee39c92325a9f41c80ed9ec6d16d9f56430129903951ea3abc870545b6d66bd0789041d4fad15fa65be625436827bf45acbd1bd88938313b9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 4c3a8fb312acab1f0f80f493ca32eb73
SHA1 dd565ff4320aea512a0d425843035a1a1130fe79
SHA256 17d456c213a0a03c43abc4ab6a1968b84d1ba1e8ac5e0553a48a1756b0360cd2
SHA512 897ea573583c07cb042b22d01bb24e03cde8d9b555f7540ce85f7a6157570d01277e0133613fab48b803d65ff28948e8199f8a8e73121e283b0d25716a05d544

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 960310e4e560a8013582617bdd0672b3
SHA1 1255baf3ca9960ee0cfc6f81dbbfe4651f276505
SHA256 c892583f2dd2d61c3e8acd8d39ab3b6755b11a07ce32b1a7089211fcd1ec0ea2
SHA512 11c3cdb0e4926d395fe2a37423968126ad9d70f93bc63afd5f8bc95257ddca2bb9701473a190cdf6a644ad1ee960ed2254612d489c6ccff2d7f868dce16db3ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 ac1579091574b98a86ed6b79d7657ec3
SHA1 c74eac9e2f7d2281a23fc0d406a6859d90e53f1a
SHA256 b7489c0521f2c1434b223436665d01ffed0c3b4aa80beb1070289300ee479ad1
SHA512 d7d5da84dd366bbac7b3530db868f56eb1aa656fc30be76bf2b8d65fa2ecdf3c19d98d933b017cd437e985c2bdf803c120a83c807f50dd9d96eb2bdc750b5400

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 2557257ad75dd4c4cc24ae58b54f74fc
SHA1 d04d6c9e031f852e2cfde9fe7d38d90882b65086
SHA256 813fd181e5b4f3d908df03ddbc4d41ec661eef2d77d7ca13184eb08533931a2c
SHA512 2c8e60acd8a4d4c60c2dc367f0bb993df3e814353514aef52ae2a978a22cfecc2a0951936eae28808b772cff31b79a594d9b38622dbf23fa8c9a456f79a106d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 7582a2097a93ca06dab32758f6cfff2f
SHA1 a01a119249b4ef872f598d1b71379602768e230d
SHA256 3cfc07e3639df5311e371e502aa3bae3a62208b59eebb4111f85b6fa412fb9a9
SHA512 c234ba057a75ade979846f1668e6ee5e4e83c1d61442ed00119f175c159140e64c5b68bf1a2169971a6108d36032112796df325234b9aaeed54f78630c84f7f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 688f25b179bb7ae2c082cbec95fbe7a8
SHA1 b08afae230b7c54e6c05c748055c0eff01f53a47
SHA256 b3788982321eee232a52206fe40a8d870b12fe612885dde899b6f7a130b79b39
SHA512 c667ed7cd8be2fbab6454052d4d528490415f5c8a70381b656c9f54b165b4058bfebfab6204b7525d19e2915e8b4befc547a4edd9248f1c71554b40b06203eb1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 edf36cdd8ad8f90ff4207d3c7f3773b9
SHA1 9a710379729679092a7148fa3a943c1aea3e2d88
SHA256 d2d02953815cd73998afe62b28dbf6eaf6ebcaab64d1b226c7a106607d6cc6fe
SHA512 f8d90c5d5544d6cb4d6a7a8ec59d277ea6e96f31365284fc3bb26ab9c6ddcc4c9f45f43a68b2d9e05e69857a375ddbbacf6acc80cef691744066b8dd13c129ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e6507d158253b616f0bde1d8ecbfcf92
SHA1 1776b908eeec120dcb62792591cbf617f61eb2d4
SHA256 913c9f2bfe1d81f8048f60fef7d2abbddcf385f33f47ba2d854cd5464de5a464
SHA512 4476a8ad93cbc4a0b97f568aff59b95f29c40a9a68b8414f1dcc0b1d48dbe94145813b012f01e1f1c56452f69b70f3d0b32f55ca5777c6084f427abbde883c34

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 1ad7cdd79df85e94b28e9fb84127ed73
SHA1 5e348a86331074f6bc178d58c58774f3cbeed0af
SHA256 3d421eb5c828a77606c27b527696f0be331f87317a8ab6637af8895721d81411
SHA512 60ea90aed81fa4cb62caa01fbb09ce20e6eeb4113fb15231f4b467561bd6b667b5354df16e872b4f4d3a69d99154d4717089e233187d0ee30b31d53e251b8f38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 8b7ddd18ab97c0031a2a8032b0dc7c8e
SHA1 84d8321cedf96a1dda997a935f24e9751c8a29e8
SHA256 56bbb00c1023b426ae466c512599dc646dfa6f5494415ad74b575f164c4a6d20
SHA512 cf29626ad4fffd7e06b8030a51385bb7cdd6d273710a823ef35fdc433fe070283a3115163f53567c5b832979d73ae390fe2979ba8f5534a34e26900a48d77cb1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a201ec769cd948a282a9f803c42129f0
SHA1 f5788c01b8826b15d222c5d59536534802f84a91
SHA256 cc3af13223fe6d289d60e43511bce0bdf70a914e594ea9122003cc07bedefd02
SHA512 9ad50da242c3b39f329346f08190595fa95cd9f1942af88de62d15fdf7a3adb2238fba887e458e367e8016df91a38a241b18e8685d1580ddd3b67848c07cef76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f8ec549b4fda0b669c964c70a97f813e
SHA1 5b16b057e7218573204006321468772c90768ff7
SHA256 77a214d0ea36a6b035cc3b89e356c5a0052b363da764c258466664ad27ac9fc9
SHA512 a14776f4232cde30c4ddbb9ef074e169a217a35e62fc4855afea69bceb0e34678400627ea15ddef5ef8061f5b49ebc16087edc42ec90670ae7e4acb35cf60868

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 6f9c5a624385761d08bb3ae69b93b679
SHA1 95a3e2431ed8523698f2290378ce4c2332741f67
SHA256 90bf0148a9f5763e7be9ca4257337495c30f9e487f6f7db0a8baa0452fc0ed9b
SHA512 e1173f1b0170f936bbe0babfd45464fee59a7310a4ed4b55d987a9c86e9d3367cd2ca7d443fd513b961d7f2db72e8147bcbe678c72d0225b67ca9a68edc5a066

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 413c7d8f5c83d39ca70fc9af6517637f
SHA1 804c2ec20d9a1ea0925047c823c3ad2c2bcd348a
SHA256 7ef6eb4d1f65c67146d7071ff68272a9a7086e3718787098f4ac9b9cd8eed717
SHA512 837338715698f266a23475d0e9d014f199cef3e8755208d083305aa51d8ef81b488043f49df600af5a511376ddb326f5f7c14743ac7c365cf48330ed3ce2e789

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c616f62e2c3f6aa03b131efc4a7750f0
SHA1 f993d677820ac1df4e5e10b608ab0f659975a95f
SHA256 9fbf78e0764b461e4ce83599862bcc2148249e1ae111105963e6a1f9dab6624e
SHA512 0fdfa4ca4070fcee63b8bd96acbf9d704c171dfbb8800c1bab517dfbaea39ef7e60eb610292b5a540b75f94494e8a94001678f4b78b8e0247fb400794aa4d282

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 30171f46ff55f9e5e8b960692718af3e
SHA1 8a73fddddba981361fba16d0c3b736c0b0f35453
SHA256 91344697898b5f1c908f46b048f98aa8aae70b93a2121e44fcace52df184de31
SHA512 f565e6018060835adceaed8a6fad0b2129d09e81fa56cfc0941b98d4a1f5b6903b1d2f156c739c0712b32503d4878982c4c0d854f6bdd6a42451e5c8fe7a84bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 1719a75e473014f4ffbf12ece21ab508
SHA1 09471c362f67119a384a3aa2a015bc4bba5550f9
SHA256 e5235d30acaa3a0aa6e3883b1af3df169e74a56945b29a4c7693cca0766e15da
SHA512 172ebdcfbe79126cbbb29fccb7a1c76fe25ce76f546cc50c69ef3be3e00e730c42767e736eba378ef6ae20445bf9002da9dacb222f8c09c2a2f55632da163897

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 47819ef1e432b9d362a78b671671b402
SHA1 b8fdd5e8c5b46a3b56f561acdb90dc6e9317f6e1
SHA256 1a0c69edd41290f09990783ed4a5e73e3c92b1c2b4613b33fbc77905296b9652
SHA512 a3522186f1b8ac647dc893078094cc89e9c20cd9a7437f5e437d4e50d7ed12765398617afbe06650f53282faf9660abaa040f8a13f655f7c8a84888bee09f95b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 405395bcfe6451b9d9859326a2a3139f
SHA1 253b1adba8a9dff5679a4f6a6d70336065db07f7
SHA256 1cdd0d9c8c0886a39e796cead5411529f6a8029fac13ab6e3c1afae65f010613
SHA512 55a2ed44127d20c74cbab8659dfe55e9d68c44b106c697f42cbf8191502d90a229eb08af2e6e7a0ce5bfb5dcfa44d8850c69f5eb2524d0787af20cc209fc28ba

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 c38548284b2a2d6f32c6f0cd9c87366c
SHA1 cb05e22910febdf859b1faf05644c926d794d219
SHA256 9c8ff498ccf8d6ca190bc22aeaf9817235e3e78e04405b5798a6a63a0d15fd08
SHA512 11ddd959506c7ac6154012dd5f8f12b279805b371509f0654e6fdae84b88b2c5d55aa05e06c9425fca08719e750c30abf4507715a6001cc02cc0ec92663ec1e0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fb613ffeec3caaf381851b5ef2e33089
SHA1 2f55718cf2b1eb5176d450f7233135e562c74611
SHA256 dbc21acad79e02bc27d5bd53924df78aee6bc8f4cf6bc180d49f70d61c7ca1d7
SHA512 f38cba15d78cf40f9ec449c56e2fad086edef1d713299df80e7706a11b777e3a16cbd19a8dea22b9e99f27d414b7e6086236d8225ae21752d046ce830c1c2201

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bb99e8573bf8bfd4704486c1e08d1bdd
SHA1 76a5f9763ebc88b144b097f65a2e9536f685a1da
SHA256 b8a91743d9fac5c128284bd2b134ce51070e51ab6db665dbb5ec7633e0493921
SHA512 b6ab88f06282c648963105f8b37edab5d28def0a3c40b0d3c01673ca8364256bd660a57877f55eb70144a24af4eda09ced775de4e2f22ad852ec9ec9b150099f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c27157c076fad4f598ff08af617e7e27
SHA1 0978d169defdb4dfc8e8b2a90f8dd4e6b9962feb
SHA256 448d029a49331fbaeb0b47ed59f7d43273a8e5a983a8f0a5eb3f227813088521
SHA512 e2e9406e484a3d871d65a53e6d1a44ee239da0774fdf91b1eac8d3875a656cfd2a26d1d8ea5710caf6c87dbbd438bc80ed286277040795df7fb4d8044c32be84

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 abdd757d76e61a197968a5827276169a
SHA1 c4f8235e80883653a8e54252275a3bb02b34a974
SHA256 21ef75e9447676c57b8877156e6a9ea2d38f5f6d8eb01513190749f9d166f223
SHA512 2aa7b93a5524aeda98dc90956b15b8be1c8934fdfca608b87e4a3ca500bfaa854be2ecd6cd07df9b770def5d1c661b9e63e28ff462bb5fc8a28403c9e00d807f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5c69998fda6b523c33499a31a29cd547
SHA1 1db1efdfb57bbac9aa7d908bdf3391fcba13f375
SHA256 4d9352a21ffd990a902afab024c3c4936e70551f19b3e5d1171919bb4af119da
SHA512 d81cc8f4d63f5ce275d5a3c9efe888a27a9bf753e8a5a475cbae185d1c0cd37ec64c3431aa591237d40dff980de16f460a4cdb18d2d1d09a64b09d3c65fc38b8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ffe1d46b0e65c48be85a088b926c41f5
SHA1 e1ab7ce45bd4a2b1c7ff4705dc4d10b76f7c683a
SHA256 cd65e806538d56820affad0d29753846cb16c7957d7a9504475dd60a0ded62ce
SHA512 ca7e164c8af1934d95e0568c1d11194bca0daf573b306c78478a88808e1a5dd9e58145b611930adf88777f4d03cc600e997993f1cba6c42ed08caed6e7ebe497

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b2e2478cb580a806cde29dbc5f4d7e37
SHA1 9004d83bfb9a0dc56d0132ab9c5d57fda935d6bb
SHA256 a6a2811761d4895a17e11c6123db54cbf1686e45c65cebdc2f2b3e4fb36bb862
SHA512 ff9c81c828095d856e2deabb1cba6013645bc137cb38869b9b4e3678b1c34860331f66f8dcadca92f5b6b323162f5185b287546d3ae5da6e8d08b6b1b1ff1f05

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 00897d91a19a71caa1d560ff6aebeea9
SHA1 6eb3e74291a95e057f9a95fcf8e5f9631d013ac5
SHA256 b9688d0895ca07de8afefa3017fd8e6e35bd42baff4b9516716597b7127e27fd
SHA512 2c390d361375ed8e8f5f53d6ee9d2b75b34701070d2095d11722836f64c722064eaef84803b40ad729bb634353edb3e82643a21f90aeccab320233f13c750a9b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e8d365c4a275febefd83b9209ac9aa5b
SHA1 0455761f661b4ef938b4427421af16678c2a0ef7
SHA256 6d499e97ccf0ec8f4bc4800e6ff068d4cbef4273877405c424cd1ecc945895b4
SHA512 bc3bdb6e70b41dccf0c3a3319396624a619294f9effab5ae8379fa8ff1534fba0b6b6b6713b5a011fbc3e57d453a077dabaae2efcdc1bc96f2c6b5f6a2dbb147

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 c32276c1a4e63ee3c826afabfa9b6a77
SHA1 61680c23f302cb3b4fd667f833851bc3e584b6b5
SHA256 febbb935306679a813820fd2166773436716ae6536814a9a45bb3d49765edffb
SHA512 c2e49142771da689f628724b5d320046a670575126e6dd77beedd0dfa8633b4851dd4c184c330b5897542b2aeb2e67709ac6f51faed0f298ced2379125ee0cc7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 df2911d50ac88b24ff26384ea46a9fff
SHA1 f846ed88dfbc29f4421b0b06f6b3718b173f7b6f
SHA256 229be2b7199025ddbe6e12d4d5889268170afc8e7e19389d15769a031f688054
SHA512 c2db0ea199ef9781defc4031174e2d1ffc097fe19b338fa8e53e65507842d04a735f3774bb81457db1cc0d1feaa3aed442389fd65c79da47b71f001d7ad92844

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9f1f7a113e1a26e2b0c260b8b93d5ec6
SHA1 e4204683b07559e905e15f5d72098fed21814239
SHA256 107c32615812ec213b81864f97e957656c8e62107673e112ef4e0666482bd2c5
SHA512 b4fe1fa5a1bc6a8a408a12647bbdb38516e95944ab7b4b92cb9e297172991dc93c048c2c48d48d27b0ab8e448eb5b0650e72e18f770e6e20c0cc646f548c53a3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e937b2f25d3373aab7af9ce4de580c45
SHA1 f69ea6278acad958871a08e458597d1498030e87
SHA256 0619dbff6191717e67f3219c21a4a2ce49c125953214ff20c5a41505fc651d61
SHA512 478edf9467a6bf075d8af01963931abb771b957b3f1bf7ae8207e9aeca54fef2beeb5938ce967ed7f80b23c109c97a6fbbdbf695f1e5d488a84c1cae539fb192

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 6ed95d525ae028eee1e04834192f0a10
SHA1 b14305bad5017b68697872d4a49cddb91183874b
SHA256 ac6f2bb6f9798bc26e2e854f03b75b2c162d57fae6682ddc4ddd4570c3d934f0
SHA512 3c725eb39bc487918d904ed7c5428f891b97aeef84eaf774198a22b281d062873b742930b4328b3d8b4ded9b81c8f082a610aa79353d2f4fa6db80a6f86e9a09

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-26 05:08

Reported

2024-11-26 05:11

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe"

Signatures

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mouse.inf_amd64_822333b41326bc2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wgencounter.inf_amd64_f496147578cad554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_9cb7ddc26e30b52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_8375a9378e7227d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\moobdggjllobbdoa.bmp" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\DeleteToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\AgentPlaceholder.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\dd_arrow_small2x.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W0.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\avatar.jpg C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Zview.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\163.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fscopyprotection.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_35b1bc01ad5c1970\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-f12platform2_31bf3856ad364e35_11.0.19041.746_none_8d4ec858a8d49fad\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_10.0.19041.1220_none_2b7492093c8a570c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_10.0.19041.1_it-it_8360e2a15e89c104\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_552d94e931fbc3fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_it-it_3095ed3dfde137d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..s-mdac-odbc-cpxl850_31bf3856ad364e35_10.0.19041.1_none_b88bfb546a13a08f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b2ece2182701a98f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pmemcmdlets.resources_31bf3856ad364e35_10.0.19041.1_it-it_65bacf6f4bba5832\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbser.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_83c723998d4fac65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvpcivsp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_89f43ecda3f96906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.117_none_5e3309e281dbf6f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.servicemodel.resources_b77a5c561934e089_10.0.19041.1_de-de_e5c681aa6cb270ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-e..llment-winrt-client_31bf3856ad364e35_10.0.19041.264_none_42b477d7017ae946\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-raw-image-codec_31bf3856ad364e35_10.0.19041.746_none_683c2ce4934f8197\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\1106270994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\500-17.htm C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..forcesync.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5fd1393e0eb71545\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore_31bf3856ad364e35_10.0.19041.153_none_9a7584eea3d02b53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000426_31bf3856ad364e35_10.0.19041.1_none_9f6aa825022889ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d1ba47c62091bef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-runonce_31bf3856ad364e35_10.0.19041.1_none_d6008c7292c63a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\aero\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..otcli-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_1fb8804b184529d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.scale-125.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_10.0.19041.746_none_c4a8b76973fa3dbc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_d8daa629f412e9ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..rdfiltershim-client_31bf3856ad364e35_10.0.19041.1_none_cae3510e510c1338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\401-4.htm C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..nsors-api.resources_31bf3856ad364e35_10.0.19041.1_it-it_0bdc64ae5d70aadd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgePDF.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..onsbroker.resources_31bf3856ad364e35_10.0.19041.1_es-es_c02708b010b1bc10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.19041.264_none_0b9a2e5cdd119cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..nosticsframeworkapi_31bf3856ad364e35_10.0.19041.1_none_e0e2be0e4a7b510d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_10.0.19041.1_none_6ffddb374fbda91c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sysinfo.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c71fe614e8a4fd21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..apter-flight-driver_31bf3856ad364e35_10.0.19041.1_none_2468034336efd901\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_aspnet_compiler.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_04c8a15d4da2e0c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.19041.1_none_bbc1ad79155f896a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_10.0.19041.844_none_ba9a38592c771431\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-shield-provider.resources_31bf3856ad364e35_10.0.19041.964_en-us_1e9c190e5d0896d8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\topGradRepeat.jpg C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Speech Misrecognition.wav C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.scale-150.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..laytomenu.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4625b5018d5c611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icacls.resources_31bf3856ad364e35_10.0.19041.1_en-us_abbd2db726d27f31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\cssfileicon.png C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..aboration-rdp4vsapi_31bf3856ad364e35_10.0.19041.84_none_2556d82478682a06\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f3f30740e396b78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..erymanager.appxmain_31bf3856ad364e35_10.0.19041.1266_none_20804a45b5801645\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..tion-wiatwaincompat_31bf3856ad364e35_10.0.19041.264_none_38c68dc04ed236b0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..up-prompt.resources_31bf3856ad364e35_10.0.19041.1_de-de_68faace6a65a6796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6832499babb280dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wordbreaker7-english_31bf3856ad364e35_10.0.19041.1_none_fd424f9af59e3fa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..skmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_18d43bcb571f9ce5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_10.0.19041.1_de-de_e323be9dda1168b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..learnmore.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a0c6fba3df81d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvms_pp.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_bc7189ee6d84f573\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_memory.inf_31bf3856ad364e35_10.0.19041.1_none_60499d30bedf2ec4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_c2136dc8e6a2aa22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe,0" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JYGLMMUTCQQBZQW" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9ffd1b37bd1654d13f75b82ed24ecd55_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 4758c66db1e43a0b8f5a2e591308a651
SHA1 c8787918309d6c7324399694119e795857550a10
SHA256 159143bdbc43c5a72693a8ce37cf29532828dd18f7684044910671e8cb78dc1a
SHA512 ffd5ae7ccff4161778680e4092ec7ec1ade7633bfb6e2b7b992ec4adaa3b8baa2bd166499721fe9475812338229232aa58ccc56103e37d67471143df30a9809d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 8f8dd244e15e04dba90c852355a5a748
SHA1 fc3f2cbc0c614b2479b3b9da243cbd39ba7163b4
SHA256 59e870b32b1a124aa1c408a402a5a7767ee08e29128016ce83cef2673da88040
SHA512 95770e0a7e0c898189f0ef604e34783f4f6abb812f4d9b3165ea2440fb05f4620bd712b85401d317ff25a31d347cb3b7e66126a37278fb969f4674c985075e23

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 765d14d7a14f3502e53259c8d750b60f
SHA1 cde810eb38ec9335da4c9deb3e54236592d81ee4
SHA256 1f5648c8b6407f76e4eb764d9d640da02b97e6e38463e6085448433bc51fa0ab
SHA512 f5fcdf401fec74873374ce57799df4ab5b0edd1ee27c97d8a0192a2e5726e62c5405232c14395b52cdd95c3fdc1a045a1c8b3c39283c35f9420489901426df02

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 38b455fe99b7acb4af67ec42026c9a69
SHA1 fa39f0c18a2ba87b77b486e59980e25d44b75800
SHA256 d47354e0562153be9a47ff8aba0acc7397e7cdab3d99e9613731907471b1651a
SHA512 bb8218190d92c27e43940e8a8ae961b59534ba6adcbdc173ab2e780e2549048d05a623eee7efe3da325883fdfc1f3faf186fc4bcb9477fb6547b88a7086786ff

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 2a6ccde417738cddfcab24d9d3df1002
SHA1 9a20dfadb4e8d2703b9aa19a22df6dfd0b2b5b9e
SHA256 72d5b160ebebbcaac7a37f9665214b7d54b4739beb8d9b68d1b19424b5b6aa63
SHA512 8c668f5e6baf87311683e3a71232954aac058de0de3e87fcc165dc993fd1815e1fc8c396fa3e14655aecd4876b9fed44d3b8922a5627c74551342aa581742dae

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 ec9c1f9b1190b9e4e110b882c33ba09b
SHA1 2d8326b385b79d550717653dc30495edc09d86b3
SHA256 afdce479cbdb624db23948e40405d022b5eb40dd812552236e1ed03b09515f43
SHA512 6df18434f7681a194d4e8eb5654c89b27a2fa7068a59a2380dd3c7224a7108fe32e183ccb7e3550fba00fd00d8cb4cc18be539fe40b0b5ec4a91debe04203520

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 cb77798eb6f2c32eda8b53e1f2987058
SHA1 558ec288a929bf4aea97bc179d4a382eea7bcc02
SHA256 5db5ace23bce7e1753373fd330dd80e65844b44d89eb57a798611e5a92f5a5f9
SHA512 de103a1b28c3695456b026e872b2a7603d14d562ce7e1aebb9ff6415f1ec0086112aef91cf120f435ea71ce58242fc9e64fc82575f76fd931347002a714f1078

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 b184e6e96748ab553a84f1c84c4aed21
SHA1 c6a1a047f9273bfcca2d74c10bd14a403ecbff40
SHA256 da538de38cdc078dcbe9a7efd7b2112b59b20af7f0b0eb61b465aa61499f1dfb
SHA512 bfeef008f90b76c9c67aa8d83a4522c329864de7dd9a851dd65aa1110409cf92bf71240356ee090acea74c9c0fa7c3b3b3d415ab1a9d0aa763b44a628986b01c

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 42fe3015a179bdd9c7d20a09b5964a10
SHA1 4c701f120cd799cf48dff8f6b88a390494f2e24f
SHA256 56fbb21a6e92cdf74789ea51060ae2c756989b2bfeb6d269abba603e4d0bc292
SHA512 c49e52917c50ae3afed45df987d06c192f644108df7083ad6c9b2b2880354d6070c7ec9c70a52f524733e7745b3676ac25cdc95d4ca29f8f87d8d9e82633658a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 5b169f00f357e4ef1486c7e4ab5a45ef
SHA1 0ed0215ae24170a3dd1d11c54627d14a4303a0d3
SHA256 65ad5e05f41145cd45b7ed9875c9759a4b0236231ab44036a3c5eccbad0f3700
SHA512 bf7399a4f9173e7a77fa47806f316c73812b3a475ddd95f0af0023b77dfc8f6c28999e787e2de5747116c58ba05704dc58bcf90036e6b4b420be78818c3c2571

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 960d9447d274c63d8d62eae4c993714a
SHA1 99bc4692d448b2eb2990938342972be5e65f6e8e
SHA256 8c44210fcf9e9e55e72ff04564cdd97276039c7d28cc706cd11050668781b890
SHA512 08d509ac0f9358ad3d249675009e35ca02cf2ffe69c7d8fdeeb61ca41d420f20c0ebb81b86cf893e3dfbae3262189ae18bd28c16b8a6d66b0faab5e800cebc6b

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 ea202f50c36b4d706db7d4aa9503d88c
SHA1 1eafb70ace16090eae906a1bf8a88f1e7306ee51
SHA256 6e8e871b4b43edefbbf698d7b36110cd4db488f8abbdd252b6e2e93706b7a9e4
SHA512 46ffb831ec1191721044e286031360388db876e4706802671a8a44cf75ccf31dacc5799a3c323fb0189ca3515ff51e12f769028410ef7d8b45b9c6de14f190a8

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 b2099d1ca938a55f5aec615100c952a1
SHA1 034a5583ee094cc4a75bb37078a775fb69aaf5ad
SHA256 878472003318bf64beeb1fbdbbe1c6f8af194507349de901cb1356bdfbe6b016
SHA512 d6fa1987fc2509f11302e62989ca69421c57c5b36e24ae977e76613bc49e1ba08b720975273823ee42e275abf8ee5c975c700db1124bfeb3ebc210526fcaf4a3

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 382a62aeeb6af20450e33b5c9fa1c68e
SHA1 95e5336f2824065fbdd8b5592115f8db813000d4
SHA256 fc81aaac1bcf93d3f66ff4a37161e0d6ef6bcceb7795cb0ebdc89e9d8125992e
SHA512 5340e22f265feb29af1758f9123d0a28f65cdbb4656e5a8d86716a86094357d1218afdbdc8457887ca9f9fd9d5eaa749c68cdb01215942196e1a4032dc9785f9

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 c589f4872e7d9c341d1d9907d038f09d
SHA1 38f75cb8ea185e2583472bbee2b1072088e5a036
SHA256 b66382ce4e51c88f2ee82ff14de6f9c21f9fcfd6619deab73f3ae2e0138b11b9
SHA512 2e44a22f7bd4d3fd070f205b655e4ae85b28f895f1c448a62946a6a8f417e20093183798f19d3003bb9e591e7921b0ab1df4d8618c944149844445276c78cba6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 2b0a83f0494346e4f1f6d18f81ac955c
SHA1 1d2594c47e9486ebbdad36e3b43129c27fc3409c
SHA256 cdf7f28afeca61574fd55bc273f2e095dd3d08aa7a92db5ab6c1129c956817de
SHA512 afa01b8744447205459f371d10cbad68d5bf2f5f2e81cda57e8084d78e586139821f213ebef58d96f4f210a6cb068fcb2188914951f7370550e16e5c81985ef6

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 eb16bad4a5ee2bf0fce97d09ef17fc0d
SHA1 fd66b41cb210586870c37e0cea4e560273e7c435
SHA256 230fc5b0089d757faed94156af1d7eaaaa79f72673cf897753ddb22afd204cb1
SHA512 c7363bd95bb8abe7e91552b5f39fc2c43b2ceec7e95b7dd6e4b310fed6883fb15d61a54e8171d28ae562556f3d05966f1bb94ce49ce5280ffda4a5dffbf97f8a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 8b263b0b32485c137b1e936fac298b7b
SHA1 ced5a66147f7c1876a4aaf7ca3adb784aaadf1d1
SHA256 996938e0d8ce8050edcdf4fe14606ea511aae029faf664507370e8f3fbac12b9
SHA512 eb3bf51d4f3a07157417b5bdcf97569cf184f5fda601b19f59368cca52444870b0d282abb2b973e40590de504a498413c9eba758284f427d95880d28638415bc

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d2e72748db2fd89446bac63eac63e97f
SHA1 bb136186c832830cbe7e4fbf6e5acadf4307aa16
SHA256 99b08f0096ac98e8d4839a07172374896ea231f446ef55b2c57e3459b9e158ba
SHA512 1e65900607d04a17a7a60d1146a96bcde8eee3707ded2581b52fe16784d8c0617b17fb60b8997e43e18330e666d59e120de78afb4c0ec1f2bb8ca104293680a3

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 40cfe3acff9269c646ddf924d48aff6f
SHA1 1998d9f89943beee126adc20fc49cea32b790923
SHA256 e7ed3ba5950bc0573d5c99bd773b89e8116ceade20446ef1b8f0d746b65e8def
SHA512 4a9423014ece182cb43264189872427560bf3a40a7996ca65e9ff630eda859b975137a3af8f9705e9c287b3da78200e2adb0350510cac647dff010f47cc147c8

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 f1aa709c459a5e0eea4d6e1487c4a3d8
SHA1 af3e42db0afdbf40d0852bc9324b510ed0d31e1e
SHA256 635f7ed7fde28b57d791c24dc5e21a4a937b1911e7c151db2bf8e1d429d213e8
SHA512 dfbcce3926d38782e6fdf32e55f7e9266bc49a980a5e43ab28d6d2b36527a60763e6762af32a6df43f1df43db74cf3ecb62e2938fd6bc671e079918ce0b66c9a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 b86b8f39e71190c26877ee3a5c15376d
SHA1 699dd1704e7c20560057897b30504813c1f369d8
SHA256 a41457b565516b6936cc947f674f60f767471745b52dc410f7a359af56d8fded
SHA512 c4694f399061293cd97577650530805355e9dcc25e95ad8f11bd595c9a0a0a3a802e15489d0e9ff8ca28856cb073e060549ac0d2a4a41f39e425a4eef41721c0

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 95be721770058c85f52e4eb6dc6dd4fc
SHA1 7a68f488b884182d6ebb5bb86e1977db5ae1ffc5
SHA256 e2ace039991861824654c88726fd5abda953e26654b1c65beab1a8cc9358658b
SHA512 313503fbaa8441104c99551915038bb9fbb1c6c7b8e74c56af274a53ab5143a4a0b4a9fcfaa90e6253343f574b17a475b8b2403177d879bfb63ab558438e1ec1

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 0872f3271d23eab6b5c01dc127a8ae93
SHA1 a8cfb52fa3d980e96fb2e6214d38c06540fc2417
SHA256 eed475824591e95c9195c628a3ff0899f24490b8a3534b0ba9a787464075c8b2
SHA512 e4b9cb962f4c9cd68da2d452c0c70c8694d5349529723e7ab3a52c0fc343d7539015f9170361c44f01c6f0a44216319da713f7bd344730069e37200e1fc89c83

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ddaad38c0d3e34ad6e6c1330f283a8e7
SHA1 50f8c755d882b813dfb4629a9547e41f56825950
SHA256 82efaea10eeaf427c1a14f8432bedc2234c4e08d34aecd4c95a4babc7deb868a
SHA512 a68edf7e476d988237645243a40125817103996bee7a8bece9295f2c9f384b72f667f7332cf065ad31296f5b8058c4e1e7033f62a5fe0a8edc081b4b2071d8d2

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 22ef4934cbafe037bcf3b9e9c1a9e52a
SHA1 a4e05c67c8ffb8a792829121f0a3829e93ebb634
SHA256 8624534d944b851eb48c871d6908f3ed41ee2542a1d6056164768ac903bec37f
SHA512 036daada7ca3373b3dcf4c8ae493ba9e0d0f51e71f4f600da9e690db094e478db4094f03538ab70edb51dcd04c790f18d6b685ce9bb1b841461db2dceeb3ff7d

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 a25c6d1d94bb58df26b6d2f73e3b64a7
SHA1 ce6aaa76941e7e62ad309ae3a366e57dd1bd2c72
SHA256 f2a44b1aec443bbb9ba89015c63f8c46ef4c2923be0a3973534c15fd9fcd29ae
SHA512 a4504dd8074b1979827a5fece5c95be978f61b29d05f8b3436a44822db5bbb4a9dc9da714e0baa0ff16ada64c22c3ef5810612959a33dda155b8b620022d11fd

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 dde45b31cea8b56ce6a688ce2c503056
SHA1 7cfcfb0bd74de5229a0b9fd95183b0215063b7c0
SHA256 9db29c33d1b0c4c5b2df2b06187bd003edb0bbad4c56da8624f789b8f9720859
SHA512 51a5c63378fecf38fba5ad8a925afb780a154b3ea757003084ab607f12eddbc43d78000ee8a712c3a3e943951e988730e5dc539243573fd6b24a3687bd5f8ac9

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 3079142c35f02dba4500579ea784f1bd
SHA1 564b6d4121c8db36265efad1d786cad7dc5ba3c9
SHA256 06a0555ff6df315f22740403312242ce6431dec56d17dbcf954e12c618660f5d
SHA512 211bd188a05faac90855e02c10482cf40641f332936d76cb5095fd6d275eca29a0200e8c049023124449e524af7bd2a31ef97e71853cf81f627b4514f7d8b59f

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 261d33d82da53b1971bf21786d0a2dcc
SHA1 c2d65b254c5328f7c416638bad14feb4c633558d
SHA256 9d83796c748dfd28ff7874cea770ef6777cd4de398bf915cfbb926cfaed617c5
SHA512 d48ffe75919f7cfe6456df2f3f7c57cea03604ed8bd0827eb473ace174583fad9d729ba22567e01b8a58f7275358b9b22d6bf38d7a6b61ef5cb2bc7ad46bd686

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 21b3b4e0e9ea800c9e9c487dd6f728a9
SHA1 280cb72cb79625f298307aa88ee1012389abdee9
SHA256 0cd6f889ca0a76c84dd29303983d4216dbadf0cac972e5da87537fad41a593d9
SHA512 583030078831b57ded8321e3aaf9a726d7460a07069de0c727dbc3fbc6da85fce0db81487c6ed59f977f54da3c6c3e0a2e7dc28eaacb2dfbc232bd26d1abcd55

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 31b98c3d048ef07aa32e4fd052b7964f
SHA1 afd07e004637638a1a4e127b7d8d6b09ccc42b6b
SHA256 49220d3bc0d05098b8bf816197adc310f1a03ddf0c4dc447a423345b56ca8e1e
SHA512 a7ea28a18094c025d7483ca816de23cd0b327ae7363133ac955ec80ca347f9f133582807e207974cc340b7ca3d3edcbfa72a1ea2f47553c966c7b97851d54741

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c936bc39eb2d786f6ada8a4bc326a51a
SHA1 0a9fcfd14d9258bf01aabaa9406bae279e5f6132
SHA256 dd2d174f7810f41b3ae75cfa9d26b41f2a3f243af1b2b4ab42f79d840b8014c9
SHA512 e3f3404a0ecc4bc7c2003eb17918584b6a9205d4d3a62c1e1d4b32afbb4fece2580e8f785e0c2530fd178c683e2cd5c91fac0c82030e45b0124f04ddf71ee416

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 263432cd075ac4aa578de70cd09f86d8
SHA1 800ee5e82f41e61180c8b8197ff34ae296ef6458
SHA256 ae16f95178b903faf5a8820a133dfa4e08b09cf486becc9da88bf6994114397a
SHA512 b3195b286adf2a3c68982ef78f64a5905687cf75856c546bb8ef83a7b8c1d86d11e1f5b99f5d1cc1e059d2911c36e25c4452ab5bcd3d4737366aa16deb6e31e5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 df6b9480022d44ca4ef90aa59ba07027
SHA1 9fb8c4c4d14f970c5d605145351f4da370c76e82
SHA256 8426530a0dc44c798856e17c23c9eec604a3d6796808503be216c7a0ec24eebb
SHA512 0efc75e589b03afd5f5073ed1b95355da93cf44c81501270050f3b47c244e7eec2782805298aebf5995a62f08db9ee8974af3ca6de85ec4ea71239c56900fa75

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 d8b432a01db4bdfc41ed64ecca7e2b7d
SHA1 ba6f4877c674b2a83472729d6328014eb6b5f685
SHA256 c888015a5d2ccc849c577f15d073423ae2933945c37e6ae247584b179b79ea6b
SHA512 644868a017ef748b886a032c20fe27f4c2e5516da4aa7e0b9e473884014df904e377d6edcb1fe45d2b6f90659d05d5de48493b396f9cf854e84b0cec4dee6570

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 be819246d423bdc4e8b58d0f120ebd92
SHA1 6ab34355493b22b81fe8032775a5f11742330948
SHA256 1eb8929a875037a2d082253b170e78b4d3a44cca6bca91e269802a672e045a5c
SHA512 f833131eb88320d338be75055d7c741919bcb70ee28cae6795598de12ffa45b95d9cd2f4ea960a544999c22e9e4dbf52204ba246f79943fdf03c965a4ca5c767

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 096601d4ad6c8161851dbe9aa4b0f73e
SHA1 2647d94fd1133c60467ca4638d2dadc140cb54cc
SHA256 3aec3a61d96b3452e949953ae84ffb608e2a894c05faba11aca12592f4c64c29
SHA512 44147c543671f6f765f56c023992fde77fcee863a4c9a1ec1565df7c71b86c8a39cead6de031a2945e945f44b4cf94d11499cec4db8bacf3974e4fd219305dde

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7dd47b6df4258d961f8414fcc572a56c
SHA1 7c91ab26cbcae9ec79842deb740a871063ce5339
SHA256 ef9d3dcd49948e6974cd62b205657f344f5c5fbc40ab16149bf5b0d38227950a
SHA512 1ad2f2d63e2d32442b90912529a2b3b7084065fe8626fc9c5963cbf8f6e4157151f63e2ec9736a83640c190672783181b48da64c4658da6ee91f52f6425cf663

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 f71907c898a8cc2ce42b576f43175247
SHA1 056eae5d07945250db9e45cc1ef9b3b666340b71
SHA256 e037ae26ed8d490f1864858d7a3d0b52592007418d33478fc211b0d00c267b67
SHA512 e93257c8cb3be00b981e48edafe7520929ac30a941906bf64be651f6799085f9a3dda9abb3fef13de84ca4ec64281412dc6ea907b42e9e352ccd4d785c82519f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.EnCiPhErEd

MD5 c55036a419b184b163de9a896a273ccd
SHA1 10231c0f02c351cca5d2af2e96077a8b6d69a015
SHA256 bf4cea4f0c66c88473ca65a811ae64cd20c4cd7510f4c8f7ec84787e01123976
SHA512 be6570cbe290dfd3a6502795b55dc975335e28054e81c1b68f0d83861714e03408be7b1feafbdea005f5b805db3157212e345c765100b5bddd2557c911948dcc

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 92ec38176c41cf23c039c968f5460b17
SHA1 8062938f3a07ba4454d9376942a9ecd4b4d07afa
SHA256 75c30db8ad6aee71949e3269380053a1a21177c2a41a2f07eb2f005fb2334bd3
SHA512 48db6ee333957f0bad45be3b770b41f3f5fa10c2285d0055ac5515f10c4043066d4c9efb551a27171609b5cf1e420f4ac7b54523b77be31164c94a5286291b91

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 723f45a0d8cfc0f00a858fb830a37344
SHA1 d445bebe62661665a4c7251c19eaf47ced86f5f3
SHA256 072b53b30667cb8fe271305f8a37139fffadcc229041ddbc24e83f1ed477930c
SHA512 81eed045c32df6e674af5729e9ee10d26800a2854baee5cb94011870e2ed6685ca814d7ac868264063c9ab793055e7bbf69d83e1345f358edceaf650935e2f9b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 45ca04fc219142c9258a1a3deba6bb70
SHA1 cbe496dd76862b75eb1877aea83352eb8cee051a
SHA256 bb8c594a7d69ce8066f46938b467bf28c884b3faf44b9f730a7970415667496c
SHA512 804c360f933f7ee822f96c87c57c61668396912550b08093066438d7259cd87336395d5fbebf1c0d4908220804a9bc356245666526dde18627c9fefb4132f50e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 4887ccff8a065b3f1381552c8034b581
SHA1 27bbe3ab63b2610c215a5a31a0a0e900b022eeb1
SHA256 2b505b750b874df38d4224cbf808523c9a19249b24b41b70bf65d8b169ffd341
SHA512 e3a5f558691ab53c1f734295caf71612dfc9f1582df1671fd5410629945fb4753d2fbe4d5939287f1fdb8b7ad76ab8a046514912f933c1f00e1258699435036b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 411a1e246e98a662f77538a43191748f
SHA1 f80cceabc2c325efca994fcce0272d672c42d4fe
SHA256 e41bf539d5f9771825d49b7d4d346ff3fd7e52381dc344cd1d2d39beffa4282f
SHA512 a3d2c23dbcd7aea83ca4722f177188627a95b9f222ed49ae2ab75077226179dc0613111af5de0b6068ecc6d7d41fabe0118602dd50d117bd69ec8eba8e60341d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 9ac217982d706d3ca52bb30795f3dee8
SHA1 21c0b66f49b3dfa8d6189ead32ff9b219a8c27b8
SHA256 589d18eb3011aef029fe3c4ecfbdb99edfdacea192bb7c5da5e632bf2ce65813
SHA512 1da44eb083b5d902969be2380956f0edff60a28f53e5268af2769f70c2174ec7ac9332a8f7932547d5f19932ec8b7db8095c29d5bdf5793499f70f87a2fd3df4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 aa2753f0a7c4345b79d8bbc5e2bbfafb
SHA1 0b9f77747a4deca6d7c1636a1fd76d1c5e0822f9
SHA256 ecb221f5fe34fab19dc2eeeddbb3e5ce27682578efef1e8cf4893bccd7455c24
SHA512 79686f0f510375fa254a7df568224ed83039b693af25c446ebabb779bc147e8469a522e04f4d308565b6eba457140cff6c5668c7a36bb1967f71a13e45dbc3ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 cfb0f19c35591992c5e5d7788a2e5a17
SHA1 fdd5ce8e2c20e82259ac5928619b9d655f88b92d
SHA256 dc8b84bfaed2db2ce878af2e9e40783b93e59cf618299f11f3d4e67c8e29c229
SHA512 35e2e4f31446ee850e66a49d2a901b6636e6189d3a548cc194a80d16c331450a9214d5812ece7e240627b70d25770964cedfe8261d5d38bba3f88fc56556d910

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 a759f58de5e4f3685b6ecd3786d2f28f
SHA1 0868bac6b762a0c9b110e0909c1ecfa3ec6831a0
SHA256 fd6ef79ddb037d51f2737e95b2a3fc2cd08e16b67222c9d25dbb44b43bc45ccd
SHA512 36933d048baa3546e0df1f232de5ebfd67ba1f945ae86d5c328778753204aab5bc064a0271ef804b024ccc027c6c3ec1a3667fedcf7b31b1deaf7fbd648a0f67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 fca194a894936334f76a1d244998aa1f
SHA1 088c24b40a702ed0c266ee5f88d046595c1990e4
SHA256 be7131ec980725803b31a9f58cedb9308b591c312a75b8ea20e63cf4ed4d9d89
SHA512 54fe8bd12f09fbb0caf4a77ddd1d891e25baf4ad588bf80cad73366c420c3d0c9242c181f4850302bd028c519fbb7d90d596e9a11a842a87d95c6e2686cee72e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 0d3a68c427072a714dd29d398bf4dc26
SHA1 9f8b9d154452738a6c88c2dccb54d467af75a1ac
SHA256 3c936cba05e0027b759f59014980b9d68938c65621f7099307ec12b6bfbcdabd
SHA512 351e972247ad82e9b58eb9bf0af1fe3f25be93c88cf601ea7abffac472223f6d308f843083dcc68af972e2295f4e3681dd7a6b08444269ccb51a3433296606d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f2b5609444db6002117caba66e4e438a
SHA1 0ed8f1efe9a8521d0a818fbc8f41042aa97e9290
SHA256 e4e8bed0d5f80556304e00259942e6fe213e98e35bf570a626b71da1714333fc
SHA512 3290dde09cc1be0271ff973ff00d92c9b95da6f91138c3c50e824ce1f361b89a64168a129310352e7a57565190c65d91c94ce596190b33a658e517b8ca66b14f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 2d5f0ae993aa0617943a9674144929ea
SHA1 05b42cab67e758a6514c3a870108cf4344d29c18
SHA256 6b4f82a5e46529135cc163e52450e3b91fdf6ecb62734e5eae34d7992981108b
SHA512 6cfabbb617151cf934d432d9221ed72097d38997daaf07c0bfb70cca648dae246f91782782a26c7fe349b4a5a4e856c7e856c777375d736e8f54d7dafc19231f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 4496566100ddcab7cd3aedca918e4091
SHA1 5d848bc4e73f22403a71c3232d0e045d9db9c630
SHA256 10d93b355ef855a085b120462992d0bbd65e4c653ada61f7de7f85e82deb01ad
SHA512 24e8d7f7c39f86b6ce3918de644afb86901ab62e275054dca27fe23e3d7cc11528f0e99a24c9fa1d86b193b6b240db4f76e5408b6d60812edf004ad2b26b7ef2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 324ea3509f4bd0fc89cb40666ea3964b
SHA1 b3db732e79e1889c2cdd92cc633f953cc7505c6e
SHA256 5e42f0fd3f1b347e0b63110ac916f2b3194f9050f7ad7cf08ceafc6e022bd10a
SHA512 23aee39a42b0e02ead6b596941b43017d129935f2a09c4cacb185bfdc337672596b06936617704e8aec82bd0163629d4d7ea7464f905e9f43da3d83d9716583d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 faa0e38729adcdff80699c66f0ea6bc3
SHA1 1d86d775009f005f1300df91851800eab407d5f7
SHA256 5d177210cde31467857d5b254a0ff79aeed36210f7549df38c3759b76b5e8aa1
SHA512 f1c9e33747eb2e90256b71cbda0d832f3116d664c4c228d8fef1c36cba2645122d40ab3752447dd58946d69bfa9ad695039de606a777c6918e545accd1e7f450

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 412c3f8cab79993f221a3995be683c69
SHA1 b7f8bd29389f6950be58faa8dc6f5c9b4857f665
SHA256 5bfb216bf29273e87b03263d7beb09af1c97385cfaf093cd956b37134706b8c5
SHA512 4d32c9e376d79cf4b3aeb2c33fd807e507be5d0acd58c745c0eea317d287bf645c37549db9591250312394a5e3acde49b72f505cc52d1f278d479b9e1421a56e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 3064e700e7a6b4704e7fe758145fc833
SHA1 feb62497769645e9a305e3d883bc07a18e1932b9
SHA256 f35ab4b46e2a2b8457295d08ead5aaa97631c2acdc26d227c16e352726f8faf4
SHA512 5201ce17718f4ea125cbd675ca2b2aa775d4ddbf7325998ea8039978c2c74223f18579b96077cd97cffb6965714e4338ba532c84d91cdaa3f40d39374688fa58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5ceb3c2c954422657f22fb3512889a81
SHA1 1f8795fbd13ba59aba413343fbf0f4a743aa9f51
SHA256 1658865667ec7646cf29c8b4820b6f6b7d72bcc4e3414ac94d28f0bed501b914
SHA512 631f6eb793d3011f8227de4400fce259a2af9d643d12503d49539ef2c1d99fecc139e1ce9501b837a11457b2288505098ffe93637974fa76760ccab513f404f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 71a808f6ce0e8de5c4b6d523124efa12
SHA1 5584f5f7fb10c8a522744ba1e2e9c3d4e33ba117
SHA256 d76fe7daf2533a01a152923c0e8cc9f3f917aaf815d8064ea9bb33f2f364845b
SHA512 92ebd8ed1009ab34e8215a3eb3f1d38ab523c46cc6b6be80c6a62fe96fd9b2cfbf0c8f8643274cdc5f33e60bce85c22fc0b211eb2f85a23fb3a4f83f0d8b4d84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 19737cb758ed94642a6b4c8a899161ea
SHA1 08ef4867b5ec9df0292e6948d73d53deeff1c549
SHA256 90cda8ad501ed9562b9241ea490cdb05c3b729d5e725e011a484a8639b1c4f63
SHA512 72987eb2d9626756114904d6aee9c1e7af63c47bb887d4aea4e62e50be0381fd0b247c5968c73d3d277f0cdd18ec5bf8e9e7beb457f44e8f4a010c46f177e80b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 7a94f498ad79048544abff893544aeaa
SHA1 a1384c08958477f25d1eea14edbd0d5090067a3a
SHA256 141d2f5c9d4210ca896735e6e1fca715d4647f2c6106e791b92cf4f025126134
SHA512 b2f27f836873f86171915f2db77bbc594c7c526a4801f4ac31bc0b96fe023e5b85e283e4f9c28780016feec9f781a36c2e3a6c0524995511077d336895b7f493

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 9a3d982d40deed8842ede6c07d5c1d9b
SHA1 539f1d3e0a0308eb9af1f90da309252b9634db6e
SHA256 b1501cceb956d619e3032fdfe2ec14a9ad237c1880947aec7b8e387ab9e09115
SHA512 5610fedd36fad9bdf29e6bb8f7f2659a0018f2a6c99ce108af9dca601f4876e22af18e7323c24b284e4b29dcdc381b449a7e8a23cae3daa8f2988574e6269db4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 83851c12eac5a338c9f68e1e63cd480a
SHA1 c49c5559878c1aca75b082f69f178a2ebfef6154
SHA256 a460188dfd968c6ed1ea54ada1d2d8c441c8a3588fc1179fc1b2d4e9b9236693
SHA512 1754ef18c995b86df88a4f391442419595cde3d9d20c39b405431db68af8ef3446437b9594e4f98209dc709d581d075f6a2068dfdca677050064cd725d39f050

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 d4a3de7acb020bd46dcee56b0d69ef10
SHA1 70a1d9d93b0c05a1d83f9437dc98a0f9bd1d779d
SHA256 59cd72859bd5823307e9381f02c57dfa83946ece809a4c218ca184ce14023621
SHA512 7dc7117600672961391760b4c95346891ecb77739f7b82c1ea8a712aa80c7c05bb42a3909812f9361b50cb0e4fb3567a32985a55f1fd78808c284e6ad8d03152

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 12c048d56060d87b14b8f387e644603d
SHA1 7b0f355515f356e2a724f478991a19f99a575474
SHA256 21eca2f5ed3ed182fbe5d7d2c84ec552d18304bcd7d7a064d46a1f5b693e8497
SHA512 e9027f7482440209a7bd5c8c0f6feec24c414280559a1f4147a6eb5306289c685dbc1d5b03dad0042b6d13b4aacb278a8f1d71294ef17f427ffdf717003ead83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 82e4579b8dd15611a32e2813d45a91d3
SHA1 60cc57d807f480280ac8f4d865ebe379ee8dc9cc
SHA256 79d5a1b600d8fce112531079aaafa59481efa29586a778f02e91664e4c43f7bc
SHA512 73a744c709c14c002517e1280a1c6f959011090d4cd41e338c5e2ce88db1d0be7d95acb7b3661b45566846549c4a4fa4ea6dba3891a9d7538d061b4b6ec7bf81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 5f829f2dc4b20d3b330a264225034974
SHA1 177fa95b5d56d65fbcff6f1825bb9eca6f1e8f1e
SHA256 602f97b32e53701f0de66839cb8d68b695da85f9f64f93be06198167d6c9e41d
SHA512 5e5ee19a5d38dc3cea0a5816ca2d99b1e1ef68b9859fc547d2168eb0299308af26f39b90ce45a21d78789c54f9673b81233299c9bc355de11eda579fa53343dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 0b0461cbec554ee8a7382d4df0a64dbb
SHA1 8af771ff2328ba3ce5a369f7c0025bf9ada6dff2
SHA256 1df2bc792ebb7f3123a7480f8c7e95efefdc6ff5ae0f95cd6e6e389168e3ce78
SHA512 cfacfa484be9015ab9f894460276ae6e3c818890ff7d4753d9ed5305c14e14417e3b84d84fd461ae9a1871c03a26d6415b0910a96ee519138e612d3bef26c8a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e0b39aebd3b48ffb5d7334918139093a
SHA1 2785b5d98dfaf0590e94de7d4db8011c8c90a73f
SHA256 bba5e75ffe3bcb7b9ee04072d7f333591d141adf1c40f848c337c34838a575ea
SHA512 a64d2562994d819689ec5397df416d216c70d77f9f33fb8395a23022aeff94173c9b58842907059c6b48c496ee840d92772481d1084e72d0753e0c2a8d72b1b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 e1ea1fa99295014e7167b23d2df871fe
SHA1 dccb6b54f8ba77ae56483fe55dba6bfa67253375
SHA256 399d828e516f79c0a8d8a853ecf5a900a5899a10c13b738245555c0e2f816fd9
SHA512 264382e9210e81a58753d35006157ddf657df49731c093f941c2519ab164c1925476fcd8c8fd14f6ae6fc93de94bd291239b1d6c101aa27db3500f3ae7ed9d31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 083776dc325ac605cb5b7038b243c175
SHA1 3fd8b7f5be0d8566a59fe14bf230f6cc4d2d53a8
SHA256 938e8cb7fbc64cda4cdd479e8cf0b1532650090b14416d6e2bb3e6bbd5ec2591
SHA512 891a3cee5d6617986591cf3beca6560639d83b006fd7ffa60653a6198374042f2f30fb1b1031f5054e893aee1e805ced4e5cf797d50bfca01b8ed6078144268c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 a3b99277c3175be875f6c919c98d8d99
SHA1 4b776a11ae4b91444d27a54b383d26cd7bae2bd7
SHA256 2b5f74141a03b769d9e7429839178d74c32ef7273e4f4861bb2507135bd0576d
SHA512 ef426e1d4c1aa959261635b29e30cd59e658fb729d1822b16ca495b0a9b07e08adc2f951f0431f7293165efa2396d3d99efe27a5bb9f6329e08e906db5685476

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1b1ba4893d24a8929243be051b7c7506
SHA1 5f394b8634670a6890114bb515488d72994a47e1
SHA256 3756fca439011d6e3b4db90e8f485e69cb0b4f5e70bd25db567109733c55fd0a
SHA512 747437e02fde090b5276d98934dcd797c77707bf8de0d6fc304bafe3ca60ce9d997b45e1a681b6c50517f5c366c3b9f8ff3055845a9aaafe3901d57ff414b5b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 06c22894fbdcb936cc403607f7d79cfb
SHA1 f2d22d7fcab5cbe8f4f83aeddf812f5dac0e7022
SHA256 1bfaf9105c49d2fadc70c260d6e9817f47654d7d47df895785e1079d7ff9b4cd
SHA512 7a04b546bdbc87c0f4a38a891dcedd5bd4769695bb1500051694445fef1fccf21cba12a6b4fd950d9edf3c718885077a19a70aa572d9c2e2d19954ee4c5e915a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 e21a73f142764cad69884844a05b4d91
SHA1 6eb96d353ab89094b056388f408ac8e9030e0ce3
SHA256 c6a98ba19cc854a5dc43c07d78230fc87a1a36edbdb9b20e1c7020668ad245a3
SHA512 c1e614e07840a43a63b84e032a22483193a51242dd9a900119a6a73aa433dd04b28155fbe7d8429cc6e91fbf5f6791276cb4eac3b261e942fbb4785a78cb4bc9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 a97b096ed5c209af40b922cd5520b34c
SHA1 e6938229582aa6046a1bd38b9ecae177d1f0dcaa
SHA256 090b118736abf95275f49d8efdf9c605d0d73bef673cbd4683b73d70e63a8cb7
SHA512 d510ac7dc2961b3e779c0fae8bcb43d9e7c78625adc8c6cf9dfcbeeae25dc0ebd435adb6d31523fd474285463a4510276948d4bd7aa34364cd8a5abdf44d549d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 4da75eb2436ec0fce14a7803e154cbbc
SHA1 a7cbc6f80fbbe83e0c73d33211572cd81da7cc99
SHA256 23107cac2c35032ea82590979067c4759d289747e5f1f7d715e7ba5acbdba6ee
SHA512 ef6742be977ef7d4d979a5f34aa8da78c0ec8858a51b2d009fdf326108a4268328880d999b6d8eef228bfd29473fa5361f155d3a6077ff1ac8e3ad59a59a1a2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d9447edee421bde55ea394d12284cb19
SHA1 4e728baeff78ed27020fcfda897dac869f8045e2
SHA256 ba319b40c086e110101daa3a19ae72cb021671c7f26be9bedb215d8c3dbc9fe3
SHA512 9f2a9fc6e1f63d3b3f6f465c9e83d3941d10f0a1ed47ace395c23f74c034259ad515b3394fb1c0b4fae1a95e52dca0bd1e9d7bd13e06aafd635eebee97b468b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 0aad3f8888ea40b928a38438718abc4b
SHA1 4385278032e7b942f5ebf0fb70d4009220a0cbfb
SHA256 8d8722fc22f2c4bfb6c1f03e08cf965293d612d8419f12cdf7e3a35475b9c85b
SHA512 021adddd75f4c56a9180cf3187220d025c46c0e1e04bae4a926acc4207e8d7d715da73e0c512eccaffafbd4f5261e2e84c28c07178d5d54986adda5c08780131

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 af17938ec62e37a3c41bcebb4a4a9e92
SHA1 63a05890923538afa8c43c34b0c75656342d9c0e
SHA256 81db171e3161d6a97067882177b58ebfa670c68604b998888adda4e351c77a58
SHA512 4924a27df8f3e150fe55a1b7b934a55b4b199c1ccc200c506024f1e5dee9d76aadb04facf628eb9971f03148f6471ecb4cd32aa22972638ce9c56cce7e8e0d2a

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c030364ebdfb58d12241bf4eab0a42cc
SHA1 571a15482620eb17e4b44a465dc5ea49a764aaf1
SHA256 cf50159a31eb2e45d04b15a6e80af820421136e42cf8bab624c08a2a09bdaf0b
SHA512 aee081eca4383f82fd6b44614755c2fb6dda2f545181b4c3579c3d0ff48a05714efd888711526427e19103440af8368a882eabaeae8f67d3eb3c7dbc0a83284b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

MD5 3d1b8b01ecf78c8237b9e336ebcaf235
SHA1 1a4ec31ad6e029bcaf23e9d733a09c83645e00d6
SHA256 c2bc8bb01cc96e11e672ab560c4c5770414da76c29a937f84d6e0e3195c5e53d
SHA512 9c1aa092d3d1406d865aaf42e41b7c05f91b0b4fa3c0a22c387f92b677ade6f386c7266b26b75b35b45b22e9acc322f282639f0cebdbf45aaeb8e77c8461900a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

MD5 b492c53976eb0d2934289a8d25918b2d
SHA1 75120303aabf2fe4a0a6e046be70c063d50dc5b3
SHA256 a70af329e7f1f8e13f6240d8f1dc50ce1e5c34060f0b28c6826be3228dca9efa
SHA512 1f63bac0dd209e0790b1d533e58e71bb1842764096a32d39b020bede1ae3a3413d4fad60b5cf526030172ac2d2a78f5e83f7cb5f3dc45debdc8cca9d25e2e00d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

MD5 d67ba1cdb64bd7f68653b95b616d9d9a
SHA1 3c4ea2fde7670e20302741d21d65d54f9fb16dbf
SHA256 396b18cf02d7dfd50e7c52765593586c8b9393fb704582952f942a1d7315de83
SHA512 20122ba3c0d3023eecfad8e19b3df4bbcece1dfba3dcc818630e53a50ec7d852c059510bf9340895dfa0145deb2551dda277c05f5922ae340e1026be7580d053

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

MD5 c14dbe86a9d3f1de92010799dfb3d205
SHA1 dd90104b7ade640610ae631091454b4f9b30cf06
SHA256 f76114c8fd809dfd58bf8e6fe3ee94b6507a9bb0430c1bf78edacc1e51685845
SHA512 8df5fc45da09731c4fb44bff1b4fa4792b0ee5b2485411d22ff5991a33aa4371b8b6687696dfac454270f4c40e7506198c57fa9bc80fbdd969697f6a3d3f8df4

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 66faff0ff13c768fb202950ae369aae0
SHA1 fa54c11626265cd2e4a141b60abc6d1d91264af4
SHA256 471146a86d6c402b4941a458f298470174c1d20ad02a2b8d1f96bbed8b850034
SHA512 73021981dbd1c26e8cf282872ce316e304686f427abc304516fea7a14c4d6f41abb50e275c48476e5ce5171e62393253468b56ec3b3700a884e2021bb4f936d3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fb613ffeec3caaf381851b5ef2e33089
SHA1 2f55718cf2b1eb5176d450f7233135e562c74611
SHA256 dbc21acad79e02bc27d5bd53924df78aee6bc8f4cf6bc180d49f70d61c7ca1d7
SHA512 f38cba15d78cf40f9ec449c56e2fad086edef1d713299df80e7706a11b777e3a16cbd19a8dea22b9e99f27d414b7e6086236d8225ae21752d046ce830c1c2201

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5c69998fda6b523c33499a31a29cd547
SHA1 1db1efdfb57bbac9aa7d908bdf3391fcba13f375
SHA256 4d9352a21ffd990a902afab024c3c4936e70551f19b3e5d1171919bb4af119da
SHA512 d81cc8f4d63f5ce275d5a3c9efe888a27a9bf753e8a5a475cbae185d1c0cd37ec64c3431aa591237d40dff980de16f460a4cdb18d2d1d09a64b09d3c65fc38b8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 abdd757d76e61a197968a5827276169a
SHA1 c4f8235e80883653a8e54252275a3bb02b34a974
SHA256 21ef75e9447676c57b8877156e6a9ea2d38f5f6d8eb01513190749f9d166f223
SHA512 2aa7b93a5524aeda98dc90956b15b8be1c8934fdfca608b87e4a3ca500bfaa854be2ecd6cd07df9b770def5d1c661b9e63e28ff462bb5fc8a28403c9e00d807f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bb99e8573bf8bfd4704486c1e08d1bdd
SHA1 76a5f9763ebc88b144b097f65a2e9536f685a1da
SHA256 b8a91743d9fac5c128284bd2b134ce51070e51ab6db665dbb5ec7633e0493921
SHA512 b6ab88f06282c648963105f8b37edab5d28def0a3c40b0d3c01673ca8364256bd660a57877f55eb70144a24af4eda09ced775de4e2f22ad852ec9ec9b150099f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c27157c076fad4f598ff08af617e7e27
SHA1 0978d169defdb4dfc8e8b2a90f8dd4e6b9962feb
SHA256 448d029a49331fbaeb0b47ed59f7d43273a8e5a983a8f0a5eb3f227813088521
SHA512 e2e9406e484a3d871d65a53e6d1a44ee239da0774fdf91b1eac8d3875a656cfd2a26d1d8ea5710caf6c87dbbd438bc80ed286277040795df7fb4d8044c32be84

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b2e2478cb580a806cde29dbc5f4d7e37
SHA1 9004d83bfb9a0dc56d0132ab9c5d57fda935d6bb
SHA256 a6a2811761d4895a17e11c6123db54cbf1686e45c65cebdc2f2b3e4fb36bb862
SHA512 ff9c81c828095d856e2deabb1cba6013645bc137cb38869b9b4e3678b1c34860331f66f8dcadca92f5b6b323162f5185b287546d3ae5da6e8d08b6b1b1ff1f05

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 df2911d50ac88b24ff26384ea46a9fff
SHA1 f846ed88dfbc29f4421b0b06f6b3718b173f7b6f
SHA256 229be2b7199025ddbe6e12d4d5889268170afc8e7e19389d15769a031f688054
SHA512 c2db0ea199ef9781defc4031174e2d1ffc097fe19b338fa8e53e65507842d04a735f3774bb81457db1cc0d1feaa3aed442389fd65c79da47b71f001d7ad92844

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9f1f7a113e1a26e2b0c260b8b93d5ec6
SHA1 e4204683b07559e905e15f5d72098fed21814239
SHA256 107c32615812ec213b81864f97e957656c8e62107673e112ef4e0666482bd2c5
SHA512 b4fe1fa5a1bc6a8a408a12647bbdb38516e95944ab7b4b92cb9e297172991dc93c048c2c48d48d27b0ab8e448eb5b0650e72e18f770e6e20c0cc646f548c53a3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 00897d91a19a71caa1d560ff6aebeea9
SHA1 6eb3e74291a95e057f9a95fcf8e5f9631d013ac5
SHA256 b9688d0895ca07de8afefa3017fd8e6e35bd42baff4b9516716597b7127e27fd
SHA512 2c390d361375ed8e8f5f53d6ee9d2b75b34701070d2095d11722836f64c722064eaef84803b40ad729bb634353edb3e82643a21f90aeccab320233f13c750a9b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ffe1d46b0e65c48be85a088b926c41f5
SHA1 e1ab7ce45bd4a2b1c7ff4705dc4d10b76f7c683a
SHA256 cd65e806538d56820affad0d29753846cb16c7957d7a9504475dd60a0ded62ce
SHA512 ca7e164c8af1934d95e0568c1d11194bca0daf573b306c78478a88808e1a5dd9e58145b611930adf88777f4d03cc600e997993f1cba6c42ed08caed6e7ebe497

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 c32276c1a4e63ee3c826afabfa9b6a77
SHA1 61680c23f302cb3b4fd667f833851bc3e584b6b5
SHA256 febbb935306679a813820fd2166773436716ae6536814a9a45bb3d49765edffb
SHA512 c2e49142771da689f628724b5d320046a670575126e6dd77beedd0dfa8633b4851dd4c184c330b5897542b2aeb2e67709ac6f51faed0f298ced2379125ee0cc7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e8d365c4a275febefd83b9209ac9aa5b
SHA1 0455761f661b4ef938b4427421af16678c2a0ef7
SHA256 6d499e97ccf0ec8f4bc4800e6ff068d4cbef4273877405c424cd1ecc945895b4
SHA512 bc3bdb6e70b41dccf0c3a3319396624a619294f9effab5ae8379fa8ff1534fba0b6b6b6713b5a011fbc3e57d453a077dabaae2efcdc1bc96f2c6b5f6a2dbb147

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e937b2f25d3373aab7af9ce4de580c45
SHA1 f69ea6278acad958871a08e458597d1498030e87
SHA256 0619dbff6191717e67f3219c21a4a2ce49c125953214ff20c5a41505fc651d61
SHA512 478edf9467a6bf075d8af01963931abb771b957b3f1bf7ae8207e9aeca54fef2beeb5938ce967ed7f80b23c109c97a6fbbdbf695f1e5d488a84c1cae539fb192

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 6ed95d525ae028eee1e04834192f0a10
SHA1 b14305bad5017b68697872d4a49cddb91183874b
SHA256 ac6f2bb6f9798bc26e2e854f03b75b2c162d57fae6682ddc4ddd4570c3d934f0
SHA512 3c725eb39bc487918d904ed7c5428f891b97aeef84eaf774198a22b281d062873b742930b4328b3d8b4ded9b81c8f082a610aa79353d2f4fa6db80a6f86e9a09

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ea9ca66e3442907d66700c90d59dd243
SHA1 1138c376f9c6caa4a64191f4af861e8b90356bd6
SHA256 def5276b7008fa9c93deb38f4d8754616f955ccd4f8f5c4a3bd16bed78abfa30
SHA512 842de4d5e750d3a7992ea11f226802196a38ebcc4aa3bcd4545422b74ca786dbb889eb17a467c7c353ab19c3864caa196c9100e62089283617055b5bfefb6394

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ab7c64db760829bf25f310c79df5ef4d
SHA1 d2ee5af0f12426b7d196b071b2138c72e917957c
SHA256 ada23268dadda732579f0127fb03cb760c71a885da72d6460e5ed61d4ba80a8f
SHA512 24889f6a0b80c70a92c7e381a6e96e024e2e2eb7a6c49092f25ce2a1d3d684db4488042d43b31d0c952d2b400c8e9a1cb3b2c06eb47b18126d1c47175644daeb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 63beb618928d011f8516b82dec1279a4
SHA1 1c5a019d7c65074954d2be77367dd59a9de6b21e
SHA256 e54cb75d18ad1f59503ee222b9d69e6e3d2c82d6deb17274191735c1962e3cdc
SHA512 d20cd12516742e6ac82aa8a9d4f2c077e929450b957fc1051de25a13c5cdaf7c5234138bb843574461f58c399f42b873e2f4623f8163d395e356e9364436131a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 70c339ab7d80eeedcea8c3f25c06daa5
SHA1 7a82ac6efa95cbb8541af9abe7a1ad5c7b1b9ad2
SHA256 88da70753f4b41219657386c371dbe8bf39fd9db06014108460fef747811f102
SHA512 5f5a6751605d6e3bf63c4f00028c0995d1eb9e48db883f1dac18c7545907b4b55b2af4600b319a87226484213e73a2f29f02182f21fd1ea5c6b8a481346b8a61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 7d20e79c4b76b5ee048776a6bb70e890
SHA1 413aea8f5702a520216da6a21a395437c4807022
SHA256 a85bdee71eedd111e61385232e06dc44fcfa0a97b441dab6bb8cd4b3e7e0e761
SHA512 09b4829ad8462b8713b9af73da53a908e68f2e06a1b67fca2ee9526e30527ca6eb3b4aed8e707d57e8f4181bebe6bf38b9cfcdfd7f42249dc8351c794c902520

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 b91c273c0c923e0e29471f15d57c9fc1
SHA1 0ce331accac6059e3f3d1996baf7aebd72e74acc
SHA256 c2d1a8653a7fb0775793816408d66ec19b6fe8e9c536084bb56beef1d1621894
SHA512 4148358d704b50874ff698a76c48c34abfc084f5f263307dac0be0a04e83b47b9f55451b64e9978960f2ad024212a4e01ff95153d30eb1e9b6aaebae2dc8a092

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 2776c2dd1fa9acadaf4dd474edafbce1
SHA1 3f02607079288fb408a4d313563c65eb8ae7b82a
SHA256 b969d642b6e0be58b0a1ea20168126757007e94430ee8a5a79e9920b628c55d1
SHA512 72ec07078f32a628ad37a987a6e8099fc6f12f460bd49e0dc2573ad3dacbb11ca60036923f71fda266ff9a6b3d82617238d0544cd9ecf6a80bd317dc66f55337

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 7eacfa2cba7c7ceaf53e4ddca847837d
SHA1 04891b4b6ec666fde506b977563a845a8e98fc53
SHA256 e11cc871c790e7104363c4dda69dd282a3873676ad60e1af531547923b1d5f3f
SHA512 c1189a3e9b7428c565f4529986bd6040669395d049abd51e6428fc575ebf43e686bbabeb11cdb38f22e352ea358f9cb58f48088d15c059c82f9ae1e5941a89bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 51e9f4e7a803d7e7d1faab6c32a47a12
SHA1 3cdc7032cb9c98ae9ed201d253e7bae052faabe7
SHA256 2c8d1887e689a1965a47179e5623f3b459702477033d304c03cde9e15b52644b
SHA512 d1a1d496a91d8a7edee893b4f3e50fc2bf8471e8e2be1022003fc58d38052e3cda9089af3c0c95f211ef060be3c4fb1bac625949fc01a3c1666f2e4319d2770e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 b634b815b87475b86951dfa29f784195
SHA1 9c8d941cdbb35c6692731059152d6a6773862f8d
SHA256 5e894da96891c42a9080cff37572d475704e311e3860720758c6b408d209dc25
SHA512 31e018bdbeb94f6ab7f367eeb11918bed0c5ec908a205f16ed7822f507e361d73518ae45e6095788ae52be357df4ecc7b6fcc646cef1966b30113e5998075607

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 6dff0fd97e7a51078e929cce6b6db62b
SHA1 c65828cbe38cec5dfeb2cca4b0ade2f90c73b64f
SHA256 991cff537a1055787f16d1b2bdac852eb59226b99d3dd3c3f7bd2c7587040d40
SHA512 7f870fd82c140eecbc4aefb8f59fb707d4191bf0bd87982808a81fb0a60834e9bcdd2d473ad91f43366c1ede205aed77a34ae70cf1f580260fe37bcc94159bd9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 27b60514730b6ff4ba4601a12a034da8
SHA1 d52709085b642f2c4c99f5c30a293817fb6e6f71
SHA256 353545d854c03cb158faed461769c44d061f4768d2f4aa464fc3ab7036598cb1
SHA512 5b98f550b61f2b0b5bec3c453ee63accc9b40b1f1dbd9a55ef208ee6279f092d84db43bca6178f4e774c1277daee1ca7d054e30712d524ce737ce93e1c9edd29

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 0b26c6af5aea4cfd1b14d67239fbe34c
SHA1 d4da954cc1d12f4a1fa887e0f576bdce4c87fb58
SHA256 6a75a682a205bc28c41e5082547b21b9c5ff7081b8f600637eeda861ba2c3947
SHA512 6c5885dd33fc07b15844ca90ad6d910945456076a049e171f27b4e16f5ea2a4162f9eba18b4e5dfca90dcc2ce97ad88f14fb1e403ea8287c03c5aabb317e17f9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 4e67fce2b55972e55d592b127747ec4b
SHA1 6d1a43cb84b24ed71b5de7df0d494fde9dc6d4ee
SHA256 046edf75a4a0e1f10cfd68414c65e8091c679e336a075408ca39e97c22f3288e
SHA512 c9bfaec0fdf4b095e09d24a53bc6480fe676ab1c1ba055698787d8034c275df607590dc0d542419142c355177c98dc6babc2c191d1f44d7d40f0e1697d53ab37

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 409036199dda3899dd12f6f2a455b2c0
SHA1 bb21916d1dd35592624c85d465ccdc62e26ec016
SHA256 acd52934e7057ced199c7b25063174c4a48fbc4f9210e2457b2ea49b2fe75f24
SHA512 f3084c681009a8db790832ea0de4a42ab2f33c612362813d98cf4f449364c041a94becf02c04f4a177980e3f276f3529b4cf5b2f8ed80a255d89c14e964cfade

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 769c2c1d554bd8fd34afa6b2914c22cd
SHA1 f1f33de38ddc33d87e67a85ea5bf7bd77d0b46f1
SHA256 2c9e9d449ddef167c430ffa009764f592acd0c7750a2ed51ba45a8a088f4abb8
SHA512 1935fbe14c3f5fc5d360334d775f2c758d97c7ea3ac6a9ea22b8a9ad6e30b2ac517970e03f8617da70d3f01424af6ed1ffbb3693192c04b40c7999e1066eccab

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 f7850b057798691abb1e57d68b57833c
SHA1 d250df1f2fb5a5b28e65595d6cc3fff39edc7af5
SHA256 a234ec4e91d4343aa47393a00b5e5d8230e43a8b5e1d25e1991c68bddd86f176
SHA512 e6759c9eb1e3d9985191bffc5981fb6eab2464d04e122430bc5a56eb9b627475a6dbf7efe5a395031a6fe11a6cd6f66cbe644d1c0d37de5b0a8e499c1d3e6c13

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 8371c7d02e6eb3b780ab63ecda8b66de
SHA1 7a1c94770dc821ad4ebfe5e89888221f8dbbdcdc
SHA256 9a156babd12fdd301b9ec29ed793cfd3d9066f0936321cdadc16acb1b59a6434
SHA512 f7ebe4017126001846f08ed355eb74f7efd7f65e84e75f9f9c968050caa1b741ad03e0820283204d32be5c24cabd0c3aef4e7e8e6473504d4159afbd396522df

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 e43af6dde7d999cfd7adf3497a0ea85c
SHA1 4cf028c4e0cb220732ccc1e6cf0a40c02daab35a
SHA256 540fb9c8b8d3e90a3462db96c9765cfedbfd358311235e673228121a956bde9a
SHA512 d3b32899f45a10f1c68c2523cc040d54b855c7c246212c0ba776b5a99839c7cb4aa495dcf1607d1e7570596ed9f7f565b55ab531d44e993e9815763a5d5181ca

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 5cc2c7955e90bbac70bcd0bfa00abca9
SHA1 f291f7575318ce48778a578bdd9f00794017a255
SHA256 f6b4115450ed03a94189a932af3c828a6bdc03451fcb655a3e0bf7c8f7907a35
SHA512 03f3d2d32bf0660a09dc3ae849d7db0524032062f0862fcef9da51af9ac6d38c5c70ef12b2bec19d8c5d651bd13c9f3e68cbff3eca5022f2f3ac5a6bfe5c7eac

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 18aacbba031ace7eebf9a64548aa4dbe
SHA1 4ed04448ba49adf9dae5487c76eadeea9816427a
SHA256 b7f565dc6553294975df11c739752bab854df9ec83a4f18ae7dc246751ae9a1f
SHA512 aa629723b04497dcd04a500e99294e45064842d7b9f90428d934e119a8e3b721e62ec108024619ae87b7a07f241ab1c8becf73b4b0ef4daafb2cf3396a766d4e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4a14f692e9e6ca311bea9c328d30e55e
SHA1 853d69b098450b4acb6b7c1b080799deecbe6a7e
SHA256 641dbe99b0ac25670da7e65c4b0844d2006f12aebd6eae369271190d9b869890
SHA512 f12d69b58865cd12603169d076b3960e409b44322252f564ba78d12d3bf73124b02dcd150c0e73b707964d9dc780c57af0f7b7533ed9b7653ead698cb2d631d9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 61a6851a03e681a1f3db482d91cd1ddc
SHA1 855721ccec1ea69a7fc3e1e4689faeeefad6982a
SHA256 ed5d35b43e2769334b247913d31604e8d4697f2521fde8c33ca101b513592ff3
SHA512 83674057503405f8a89e7a47c44b038cca2b94f53faadeddd7577e0b5aabbb9bbb9c91099f5c13067fa8e6a9921db3d94d5559bfed6fced5b6dee2437ba178d1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 7c61e0d30bef72c092c8ecb7afcc0151
SHA1 46649e819888b87f7a787f17d4eb28e97d4c7136
SHA256 f31b0289239d7a4adb4264be0ebe1778492ac917525f2af764e4d886a944f6ea
SHA512 4c6d22fc48c9285c52f78b28b502f1ec446c8292ee7f90fc599d96e1e617b0ff867e7b207bbcada706f2358bafe2a868d3778b4ca9702d6044703856110cb963

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 032ca26222ecbef48ed209e77ab3a3e7
SHA1 a768f3799063f7d147824981daf69dae46cf44b9
SHA256 1f1218cbcb418c1bcd524ba716c47fe7f057aee534e5cdd47680cdc26eccdc0d
SHA512 b39647c338c16b5b9b0e1925ecdf4f45243b6e663226cd8d05679b27d769a824fb79248714a90563a8e5463904df481a15d022c32b5d07c54e4e43b5244af2b8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 ca58157752e1c66088e531c91ed26cb0
SHA1 d46cf9a420b9baf6d73e0fa8ef222f984ac6ade1
SHA256 5a6022275239c79ed236e5db1ec84041e49567d6b645f1c583b3f314bbc2ba8e
SHA512 f9bd9cd806c2b2f303017bc2aecfb1c7edfdb028db5b8b56312663d8a39b411f46c881abe5c0f766ba29ca91bc40cba26135f25efe595c260efb811977f119d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 d9d3998ed63cb5f67f4ea4a3572478a9
SHA1 a7ba9255e4108bb1c7352c9d512c9b30abff5397
SHA256 f495974d78a29eb98dbd6468d5fae276ebaf11238c54ee7e3cc7de25db2aa445
SHA512 8a23b53cf88dc3070b3f4ffde8b54f8831ad721ac6a4618ae36f9b11300f7f85e4eb2ad0d18f97358c0d0d5902704c13688280924d41c9ada656f125f7210f92

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 f1287f4e59481a6af4e6729c2a69cf90
SHA1 59d35e64130aadc8729cfe72c78fb32c3435f66f
SHA256 3068311bf45f0436d7a5f78c4301f1d55d66adf438f5ee9658cfbb36db538def
SHA512 015b362f1360e6e7ca35202ca0c7fc9eb768ea84d68e573ec032c86caeb7b98913fa028e2485bd9a1d852d5135f39978a87ae0abe7028b863bd44ec1a4b412b4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 dc3c57f32134ab9735ecfde0480610ee
SHA1 24dcdf0df48bb54927d9b13eaaddc04aa23475f2
SHA256 8c6b360dd1d2e6fad4a3341bd11b56fc51b934a9bcb1bb6e51e87cc37f37bb69
SHA512 7c425e849ad8f0584dd151bb2882029bf40beac834194923ba927d41350e41daeba8694de5ec99eb9e59fce2a9f8de62bb43d27dd55d6bb216b5abde60b481ba

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 d0f034619c9fe1c310426bf7f77b0268
SHA1 bea5c8f18e2a7933486c53eaffab0e21998e074f
SHA256 12a28093687eb53c08d9046f1f2282b196b20e3dd2863ed8519270984d3e2d12
SHA512 98c7918317346430106fa704b7ea86bdf857200b208258f5bf68e2fc5b522f018d253c8cbf74f4b0f1781d68d3ff3abaa23c2c044a17e78f8d2aa7f39708914e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 56c328cfac51cf600adfc5b6b82b2bd3
SHA1 9d64fc2871312361bc9283a04c6cacd38b069a0f
SHA256 13ede2481f08afc58f94827052b1ab33efa95f415d24a3173f4e8e0f3f97d783
SHA512 a85b087b1bee41dd4743c80f3013ca33f5308415df37bc047bf1cecccd8cbdaf7024bc5bd703740ec7e9eb824a0276e18d7c5dcbcd63128144106a9774cddfb3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 fd198e4ac2acf632feed8c64b2644497
SHA1 0b4835fe850053c76c6d26442deaab3ae009dfca
SHA256 db51d01c4ad67344d3306d0dca71905de92e9959dbf0983576dfe37cc617020a
SHA512 d69bfc559a453cfd37a244e8133cea2234e1b765b9c395643b211e76a315cf0fd3762a7fbfe937d841bec94a75eac62f0b450a324a872eb3bdb7e7ec597ae7ac

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 bf896d1ec104481b868bb5b6cf818ba5
SHA1 543d443aabde169afad1d007e24523c756d4bd01
SHA256 5b326185ecf2d8bf89607680dc3d91b8fa6f54cc080496c1578ef53384d48a4b
SHA512 ee1fdf2ce0f62890fadee06dca75cdb0435b1f84d7e74bde7998f89ba3be3f8f0fdd3339e57e86b1531d2bdd070c4b441cb7b802f2408e7bff3a8ad37811f288

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 29927d1624add97969652a6eecb69826
SHA1 8e3f9ab8574c98a578739b558cfb3dd6ff27f8af
SHA256 89e79d8dc1a87280099f7d773aa554b9472cbfc9a87deb434cb589f71c96cac2
SHA512 779f1d3acb23e3a3184eff22fa100be169ab77abae64f3995169594a8b261fe6de4422142dbb6c443340d7daf922cbd45748313bf42b1468dc223790038ddf1b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6482abe49f622e696a71c5640bb22027
SHA1 8408b558f7840c4a121e6437e3c16696a09c3c48
SHA256 cef1fde924dd86f2a3d741c3083b854e1ad04099176f6128d838f62b636e3b1f
SHA512 f6ab597e0dba4a53e83e3ce86f57a353afed51ab3c9a36bcf1d0603b077590b89ed2a8b4e3391741a12dc0fe71ac0747ddeaf1578a851f44f32a565ac9a06709

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 6c6abbbb6665b27baa8d363789acc5e8
SHA1 bac631f5bd80b83fa06e07556cb8c648800d196d
SHA256 1a6194bdc213a5ddeb81585c9ed6060534037d9bb84bb007295b08ff96a84980
SHA512 d93f39e9aa7cb25572dd650d4600e833214e4b44f29f6d3aa1d83cf26a767faa23eabe3fb746282cddcaf80adc63459b6dcf92c5217b810e054d88a30cce69fa