Malware Analysis Report

2025-01-18 20:58

Sample ID 241126-g2zgtaymdv
Target a049d5d690915345f7c30672a058dc8a_JaffaCakes118
SHA256 e593a473ce7a0d4d255f21082f2526dc4aeca3203e908cb5ab7d929e205bc88d
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e593a473ce7a0d4d255f21082f2526dc4aeca3203e908cb5ab7d929e205bc88d

Threat Level: Known bad

The file a049d5d690915345f7c30672a058dc8a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (643) files with added filename extension

Renames multiple (1361) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-26 06:18

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-26 06:18

Reported

2024-11-26 06:21

Platform

win7-20241010-en

Max time kernel

44s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe"

Signatures

Renames multiple (643) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\server\Xusage.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile16.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\drag.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-previous-static.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circleround_videoinset.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\add_down.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\30.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\passport.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Chrysanthemum.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Circle_SelectionSubpictureB.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked-loading.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_search_up.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\TitleButtonSubpicture.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\img26.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img14.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\trad_dot.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_dot.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_down.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\2.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_search_up.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\16to9Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\24.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\ehshellLogo.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_m.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\3.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\push.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\img25.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\play-background.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JXJQWHOTJOGYETE" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe,0" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 bcaa63c30380c92c373c591124ddff0e
SHA1 8a48287df78c7f84452fd1c68fa6985664c4980b
SHA256 a2052fe76bab5defbf4d7955175164a398844da028fbfb88ea84f896a01bd0dd
SHA512 95eee86c7768a0c0e92829285bab031f01ca5ea0e7fc461b16f4c72b6889d1703c6b6afc44dc7aa9f0516a4d6e9998a175e24c045145b89cde35c8fecab2fe20

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ac1e562ec8567de7aa21424714dbd3af
SHA1 be71c90d7da448feb0b96f32f57372db8000499a
SHA256 be12741f48efe2e7677837b1b9e60bda6f9db21bcc6f6ffd4f8ff722e5959fa8
SHA512 24e0cec4af14e76b991aa7c05b277ca0d0e1039ef429b355addfc990964b4bb784092e0d27d82eaf44a9e86ea4ebaef50698d84368ba40a0d251d5e108b244cf

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 361995fc874e3ebbe9597461af955755
SHA1 e7494d2db0ee477110559c5603c94f83f5781535
SHA256 2df9ed0d8e19e5ae0a4cfd58eea54e38f043bab78c1ea8276e2fe4ff8e880470
SHA512 46c0e0cf28f32db474c988641993ec7e5cd463b8424897a90ba8e8ed0266fa67c6b9da3fec659a2d9d98d14438e29e8fbc15fb1b349ece812d482e28a388fc30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 7fa2a02c2c1699330fdd2b01829424be
SHA1 52e7983b01bb82c20d902e428377c870561c9d06
SHA256 8391a2e106085d21ce7803f08c05d8c86c5fc1034cc0a9ad196e5f22fd5b0e50
SHA512 21bac50e490eb017cf0875ec5c5bce662ce36c97592a7f52c008b885ca61f8478ddf468e0bc692d4c553c02711b594ccc1ad93d054de99ea338fe2ea262bc63f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 754ceb8f2ad9e9de7a98a60dce03cd2d
SHA1 905640db439cf27871d722ca8647b50e21b7f972
SHA256 68cea62c3de690f94503db839a5f288c08d4cbd7dda6181660ced567c098ad6e
SHA512 a087fca7750581232855de9093d3bfe99aad10fe221071e9b64ad0b33ff6346d5db4cb9882d19d3ba690c25f2b93bb3539285792ada3fcd2b3d17f811c3054ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 e560f3a02a4c1cb5ce5af799deb33584
SHA1 25b3da07d67dac0be81ce1715ba8bd63574516c2
SHA256 d0b40a9e6067adc340a8ae3f0422ca513e261eed6dc9b92b0dc3e6ec94830438
SHA512 eaf8fb6aec5f5236c5e078327ba8747c400a9ad47cdafdc0fd658c2475bf22b89d44ee8f27c360d25662a54945bbc9ffeae47bc671744423e4c1771867f1e418

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 313c7a4643a0048f455cdab6e971b70a
SHA1 14309dc219c5dedd3f17a8bd72144cccd384f9da
SHA256 3a8b8570c76bbeb9a50564756e3c50597068235f7723a7f211f9d3e15ef3955b
SHA512 7ffd6e8edd2aa271386ea1cb72b2ced9a182d32e3cd299bb06876ac054b529677d90e6c04a2e4370f0d6e577d444072592b8cc96cb4cb3980e95745c0fbad211

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 edda91b246d82df280ae7dbad7709c70
SHA1 3fd6a39ce0a06ca3e65cf453b34b4dea141c1f83
SHA256 8c2c958ecb7e3ae1645489fcb97148d99d81e76f7bc894f5d0282f928c61399e
SHA512 f45e36434d5fd0c11cc96ab2f967671b48c274d41497380e131f96bca440d00ab289508408353453c8d6f976cec735a30c20268b5c5cc45214c2fe80ef0cdea0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 a4dc5ebe45f42cecd6a21f522ea6a3d1
SHA1 3298e93098e9d8e88cb5c07a99bcc18de2ef0ab2
SHA256 c20a6071059a0e0f67ab55991448bb7a364b008d5d8b5a3889a46f2959d9e3a5
SHA512 2084be2872118ec7c4296e50945090909a9e8d1548337e3ebe612c7006b9928fe2a1f72240fc28d75e313b81d17cc6221297bcf220b949c59b2a9b2b8719f104

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7383755058e0cd2a01bb411c165cde58
SHA1 c30dedb05a35afd7e03b682f6d9a0ad16a9c7201
SHA256 b972016874d51a812bc675aca085bcb08e460e09c58fcdaf70243387bca44dc1
SHA512 6d17962bc334e869c937727cbf4d29d95359f259733f38263ef7881cba0207de6c534c6b0a947803b5b1ec192f904134708731191b647a7ceb7b9b192846e1f2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 690aead534cd824f57fab35b1193a777
SHA1 9f87b9d594454aed0d9e3627cf5e6352675871ed
SHA256 900b9c9eaac551d937b0b6322bea29561da31422ee955b22c52c45bbc8ac326a
SHA512 f3cadb755eb51c32ab212f7ba7eb428ec13ec5d72bfe7ba45cdbd4974491d0cf8fde0d348a3faaec8aa6043580bcbedc200008d9fabe09c3a20ec8429e04c61e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-26 06:18

Reported

2024-11-26 06:21

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe"

Signatures

Renames multiple (1361) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer10Sec.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Spider.Large.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\StartScreen\Tips_Image.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Medium.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsStoreLogo.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MarkAsReadToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons2x.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-up.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\MixedRealityPortalSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.1151_none_7f3073a2e8d33842\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\11.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..x-musupdatehandlers_31bf3856ad364e35_10.0.19041.1266_none_5cb9102dd03b4c98\n\SvBannerBackground.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\i_warning.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_clearCookies.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\KeyboardSystemToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\WideLogo310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_multimedia-generalmididata_31bf3856ad364e35_10.0.19041.1_none_3eae594ef5c099df\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\22.txt C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsCloudIcon.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\BadgeLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..llment-winrt-client_31bf3856ad364e35_10.0.19041.1151_none_cf4e41b223626fd1\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\logo.scale-200_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\functionIconMapped.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars32.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\TextReply.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\BluetoothPairingSystemToastIcon.contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\BluetoothSystemToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\topGradRepeat.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\VisualProfiler\images\i_chartselection_clear.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare310x310.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeWide310x150.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\logo.scale-400_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\contentScriptEngineIcon.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Theme1\img3.jpg C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Assets\Square150x150Logo.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\console.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\Icon_MMXresume.scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo44x44.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\Ninja\CategorySticker.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Assets\Close.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\SendPhone.scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\RestartTonight_80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Ignore.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..esslockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_15e5bfcd83a1911a\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\addEventTracepoint.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Outlook.Theme-Light_Scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\wide310x150logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\NavOverFlow_Warning.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\nextTab.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Light_Scale-140.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JXJQWHOTJOGYETE" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe,0" C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a049d5d690915345f7c30672a058dc8a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp

Files

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 dac39d31eff4bad02f47398d082bfad6
SHA1 f4c4772aa7a1a95901ca5153d046728fe0d4bbbb
SHA256 1531fd321115fd6fa3f3259046be73645139caa6df49df9810534decdac5d326
SHA512 00d84afb10ff21498207311044694da7343a6f9ee9b64e57603c7534dbd80c5b48da830e7a496931a51858a282bd403f38416a1ce593726a736a40c23f772814

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 fff2689b60f86fe745e8f4c3af2ee29a
SHA1 ab6a044bfbd164dffc477d3ab330be5a969e940a
SHA256 9d18a673f3924c2e2fe6c37c5f229a2e57ce704825aca0f9cc6be079171cbb7c
SHA512 e2899bcc652451d5530f0609938bfdf21f85c11de2f4e400eabbeac2ef705229e25026df15f616a30ef540c939be432fca856c4c1c973c604fbbd99818aa43fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 e629e760fb680ee0fd8fb22f8aa4a691
SHA1 13a4b8e96635bd051818997d6acbd0398b3fc8f1
SHA256 73c3001bfc486b427756d007d742b5fc2f6fd801f63a5bef3e31e1cdb6bcb704
SHA512 7d387009ef98c7f73b8585e38e36091fb2c13540957158618aecb9b069c4ad392e45af5e30b757bbdd4327f8bc77a67d047038ae59b6914f20c8c3c0f6659ded

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 77c9338416691b018a96d4033235c47b
SHA1 438b5ac11d1ca18c4103294bb3083ff835e4ff70
SHA256 03cc7c28271c82926b225a81dfd15fb9da88668ca2d10149cda84cc7e4495bc8
SHA512 5129574555df20d4431d3952c4b151f881d385e4b09eae8d9304babb40f581a4a117f09d20fc419585b11961c7f6d254262877d44042f2dacbb9b2b708e65e57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 3b7d44889efc4d1d0acf8d325e0e7db8
SHA1 1e0b1a4fab693ab5239da89b4f4256fc66d3d80c
SHA256 b72875e999744dfcea8ac99ca5e923c7f7eade60231b4bdf9a2605837de43e0b
SHA512 bb949097c9bf5763f01835e5d4d68a3d4f5520b774410ec7e46ee1e4474fd1228a4a53e71eb2ab324812068447020a1a5461bb33e54c60f3fa6f63123b895761

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b81c023089f041354e60f0ce374d86c1
SHA1 cd5085208a429d80b5f0e84a848f7f118690c9e8
SHA256 5c1e82c9649afc045de72ee723472d343ffb560f5f7f8bd726614efc55e930f8
SHA512 7f73e5d51bd7c7a89d8b7256bd9958e9a81824adff34ea18235f435fd5b233dc77678088960aa3a207ad31d6707cc83f22eb5ad451137fbfecb14d77f2a1a3e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f56c505faf6688da70f40fcdd0a14f0a
SHA1 e95e415299729f8d993897094f590051697f2da1
SHA256 29d7c4149ce9b7e232d7621f70083e6d29584bd44c24766119904a3f0f221426
SHA512 de8466027e52621679161eace7464886d0b870f673ea5091e1d03df20b910e4c3040cedab5be898fd1d3548338bfe643e4f9a8ce1c3dae62281656c809f79c96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 b506380e21e91621473ea31cc44b66f2
SHA1 042c7fed46910dcedd462bc2cefb77bde6601002
SHA256 8cf79aa14f4f912779df0ae3af472b445c58274129e11d1ba41100ee423d5e97
SHA512 6545ccb0096c6b94ead0764e02430a4087254c1e7669d9d138d118cd79e1b6bdac8b70ebd0de14d0b6614b35828cbc8140a34c5549e648100ec3dc3a045f1f03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 568a12f186a6d06db6e9cf57ae83cca4
SHA1 968494ffa3a3421f5d64627977d2d0d9a452b886
SHA256 7486f162bc4cb01af4b1ba00e42bbeb80316f73c9c69b7e4dc1a2cfdbe2bc915
SHA512 73377f9f41b2a9701e2d0482bb2a1745c3ddbeabf2baa77508705977ab46a582d58e1bee5ebfe818d2ff7f44766ce389848810a26a3738317ffddb9b310ce052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 68b49b553cf81f4e9c679b40348a33b5
SHA1 c4e1bbaaa3922488bd2d930760e29b5d4beb34fb
SHA256 9f6c42a4b7eb9cc3b0e3b79626e17fc89be867093799003efba70850b53ca83e
SHA512 387623bff876cb759edcd49646eb5aaa7e7ddba6fe261dfce14179fe71b79257a5c039d092cd6c81bf6e4342f41336259d45e1306d79fcc81e45eac718954193

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 c640257f67f4792e39f63e23b85ec4e8
SHA1 20e936f2654ba660a6a78fa49c8713ebbccb3fec
SHA256 52731df7efe184a796847d6c7d0d0eb24a903e1efb54fab5c27b3cce4c2e3cdf
SHA512 b9baac8ebd58dc81c8a62c0645946619ccc25c600d8abc12313f106d39bc94898701afc2615fca5418286b6827a2bdc5bc1c34a0aa14933ff6524de1d71cd7c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 a697bba4ab9bedca6c8185bd5aadd368
SHA1 cf15abaa865192448eac660101892b794de9e10a
SHA256 31e15761fc28101caed9b613e1fad12577eee56e8f14d90a3f5b95e939b19fd9
SHA512 575dc3a466efca003c7b8954137e9fb69ad8c22516dc4af671c8f6464ab619d0dea9186a5a8527575c18bcc62eebb7d47f52fbfc9903198066f1e4391e9cf88f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 0179831b958867334f562c20a4a089a0
SHA1 3885ac4aa22d047b94827a00e6ba8841ce9c074b
SHA256 b91768ff8f1cdb4f728b486129e283fe49a2e7ca1813afa40090f3e8b4d0b36d
SHA512 37c7344de6a1d19a9b4aa3dd0f425cf21608c6a4941357f6d61cb6ed43bfc50c2a05476675d7070472385301269d4c626425d440a0a70c206b953f759e0b43d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 a8140642c098f8ff7cc34d5cb331d7c7
SHA1 1d4648adbd2e59e140f9f6d2add908a9d2ebb17f
SHA256 29f88549889e87df50a0b3e0776a8126e8317cabe400b529a2b2642a41968001
SHA512 3d967c1878c12b6bba11df5b0f01848fe345b6bdbc80ba17f38ca33c7ff0db460aa32de52d5dfa288c853db368d3f42c92cd0c51b848390d2678a37c8828c3df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 696fa80d30f2d791fd80c2bc6181dcc0
SHA1 07b6505f2a48eec49a092808fab2d71f6bc77ed9
SHA256 efed47fceddf41715ffc1d6668593bfdedcb4413aad266f09ff89c0294798a0a
SHA512 013f42ecf53682aa0cb353345a86ab2c1d5e09de6d1792ca8ac7171e312c2b39f9c2c2d39b0f944a4d1220efa79e5aa621816f7e3a99721116d9f1b48c51b3d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 54f7ae1baf7239aaf3008ec4bfd611a6
SHA1 d9175d2eaa224ff82c22c4343d84cf688cb3de8d
SHA256 8fe6a8e37c2fd63da0f99111c3d1f7d3319c9f5db8d1bdb733ae03e5e55f3ec8
SHA512 db368ed39d7570f793bca9c0c0783afc9c902c3f73f5a8179fcc203ff533967154c447133ecf77608ff1a4e6ecad7de3c40852fbc22aafb4faaf5937882f3063

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 402b5f963b409013a6293914c2fda320
SHA1 2da09f5ccca3131d7305df60b459790aa74570cc
SHA256 f0afa0783a9e0430220df02a4cb30a435b34b8a6790a9e40e335a4845095ba63
SHA512 2e3a4aa6bde3342078a2f469852d07def76982dfa96471710e89bc14751d8dbd2251c4c7e2708e327568f2f6db2def91d24eea7e02aaff946170c94ac14c97c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1c1fe1885f24054f60e712fe75b8462f
SHA1 0d3da3b5b69abaf0abfa6da6e7421c8132fd75af
SHA256 9f0378d36c29cb27d558570f6a5f9f73195a90f8cbc1db72b317b52ea8377e7f
SHA512 cecccc57db56e6acbca7dc06e5980ce12db0810aeb2632d3e0b504a724ffe90340a24905d5544f83441b92afae5940c237059260e1c1ad57b9583d40ac0b2c95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 286a92fb28db715f882adfcc2b0cd5d1
SHA1 0aa908a0174839b8b46a80b04c6923efb27f38b9
SHA256 36067a78511960826d9db821fe005b67dd66ff600434f142868c153fb9bfb9e8
SHA512 ce7f657bb43aef4f5b9aba1d7062ba8464204146db132877e6d74f105f4f0a9120bedbd3300cd5c8242241b4723e7388a7729e0051edc359805c86988544b138

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 30ae16f6c3a80c2f874bec1bd34c01f5
SHA1 a6214914f8155cba6a29d32eced9ec4fc4c15d78
SHA256 7f8ae2d5214d744a74e3ba6efb8c29db5bda5d4dd6b6127ec480edaca99ffb13
SHA512 585716b75f38ae990097481c08f405b12f79029e1d89b7628ff38c368d92e4911d0706fd5db20f15b23f3a7cba84fb1258099efe24a94a1c8bf3809daee42139

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3da6c190bbbd065712e0113d7241d455
SHA1 48d1c062f998143ed4610359e547352e20005825
SHA256 294b498cdba53441c434b75e685939e62cb01523e75fa89ef13cced7911f655b
SHA512 cc127780fe2c8c37bfd4812dec77ddc0b0028499e9a68018e11546e40979d98ff04dd306cdf74be84def4c1a7778f34d107829c77944899f11cfa6e46e953c0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 aadba34d71e28e09da3c4273a9f8abcf
SHA1 3d152ea49ae8c63a187956f4a4dd9aa69b67107a
SHA256 b352632c7c070ebabcc0f2131f713deb7a03ab86a43e9e57486f8d22bd4e39c3
SHA512 faa1eb764926785b5cf2f969e6f04f4a602196700bad0d99e9dfb4e47d7eb93cb2947b3c0d2965e21de5b585bf78a759775ac549e389912a4d561585bac0d0b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 484fc27165e89cf5e71d20fbf988c35d
SHA1 f30c31616a052761881f380b311c55d071976108
SHA256 a0bc67da2909dfd18d5f626f6b44b33da8b1b317e1a817ec518d83230306e840
SHA512 fcc512db9dec76500c44d4128e47df4088150a8151e134f9c691c5d6974e87286b6982fc88ad51747d333d90ba7bd3136ab325a0b9fa056162d9718c2bdaa9aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 1f7bbb45f6344ee3512037b072fa8bb4
SHA1 8c210ce6135012a7c8050e187099c4d523c593d2
SHA256 8c758124f7179cb3eb582866cbd5d7a8f894b2ae68cff516d5117773b5c41fe1
SHA512 f2d5e0da217196a4f125c3e8b554492356f9d4aa0b9625d98917eef0b22c98fba982c7e690ce74e69042c2d19e2521f5085b3c95b7e784f7904b6de3dd39679f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 bf05598760afc71639f243fc2225d3fe
SHA1 7f7d4c83b2faaada79ead6fe6103c4fd01eafa81
SHA256 3eabe2a60bbe644ec9a91dfcdf31f7155f3b400a18f4739636275607d2ff2023
SHA512 01202c42afa432ead8e19af61f592eb9081fed67605692c44270ea7f3a721e63c6eac0ea92ca9a4337a6edc2d9444dc2efcf0fc50b22c7ddb24f74236e075d46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 ce407e092074ac5e5497d6d895ddaf02
SHA1 d455342325a1965cc03388e0a16fde33b24b89d8
SHA256 eaebfe217a7594221339402fe9da8ac2c0e87c88bb49405165342a064f913ac8
SHA512 23823e96bc804d002d88f4e27d4a9aa752e8bf15a6a71527e292c613fce1f4596c91be730e6cf6fad599a0b8e2bda867417f9956cf74456e35a2b78c92a56c25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 4836b9519293d2f8189f976afdc4e892
SHA1 78025314bc3ac08c26168aa16e1830b28ecb08ef
SHA256 881776a8d1f4bd034f06235b36bc9b21a90e0115723e01d27b719fd3239af900
SHA512 8c57df1b90c5c657f9b62171ca3d8859bb983f1d61702e9a96070a2da4eff384e1cc32f05944ed409074705858afffe5dffd61114b056a49d889153d66d800ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 fb69323324272abeeb00b3e888ee8785
SHA1 a3aed92d24dc5b34923d46d2aa6f059297130522
SHA256 2e49a62b7fef30729246bb8d111f15e71a63be2f9f1fae41c74c1b70b056a5f4
SHA512 0f391f464e1c916751c8cfb3c219e44044756c34c0f8f9a72df4f419129ea613a6ab042c543a5cba68d5f950c4783ba43c9d1cf73968b042a6461b31aae447c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 e1ab20f9a9376a049515fc01911331ff
SHA1 03e16079b85cf91e9d6da23ccd3a896548143515
SHA256 e35a90b029f7c0bb288e4a04a9c579c28ce335407e35c9e523419bdc52cd0288
SHA512 12a4eaa8d3f1cebe6827bffa76713489b7bde4e266a9330903ebc46c1507499a6889cf6b16083ab28f8b956dfbbd7c93cd57b150afb15f314a52200a75895f88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 2c32988a58a8206adca75576fddd0db8
SHA1 964d6efbeaf11c4c3864f7a4a2909edf428ebb42
SHA256 10622c99309f63920690895fb8f99aa81f5b6603cd8287c9fa2999ba8f3087c0
SHA512 e9b8cc090949de448f2450bc439abbd5060b7145c7bf6fcd67e58b85d8cb245a46daf7ebab1951c85877beec74d42141357611fafa3e39720589f52deb58a0ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0dc4a9b8b439740e353d4aeab32d3bd2
SHA1 3f196331d4e127749eb631002b7ec25f2b0fc133
SHA256 d473a351c87db39841b479a6e5e23eb9de8c9053763d27293ddd51006e49f6bb
SHA512 de5d1fa2c090e89afab452ae9b6155bc4413e1bd7bb337a5a83a53eb693ee0bfbccae3d258b8d027d1ab3b648ac8e535533f7bd21862cab3e594c0be85acf98e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 554f9200d43d8e1a7e847d787c4ccbd4
SHA1 b90c3714c7b975a6075efeb225cdd4a21f2e5d45
SHA256 439f7714b184e43fdc97952c2ad7f054cf6a8285d6779839ac7ee9da6f43257c
SHA512 431ddee55510f18324cc0ca8a4bf476e9bf4f5ba8d4dd9a17e9e3899161e16af51d2b3c89e1cc29d32abb189afeedb5880e7e0c68fbc8cb6348fec7fc66ad0d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a6bf4b3268bac5644aa62c7b90f2de80
SHA1 7bb30e65b1b21e96a38db55b0c7605c23757a6ac
SHA256 7fee0d6ae62265a1d418c9c9febc6471c588c54facfeba770c5a5ae1e604d365
SHA512 fde509013caa8a97d31abd642a6180a169b717411758e8c607614c1a1116def9d48a52b2c6d2c94c2915849e631c1772d6931d9a79b80b9da7b2dda82aa24d08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 b6e88079a286c07507a9c152c821a892
SHA1 21e0fb3a649733cd8ee5dfc76540e5929b6482fc
SHA256 5910dc716145c2357ff65a434e23c20f0c2ebbde92a95eafc7401dc9962e4e53
SHA512 0b7f182833517a5621bb1e069a24491af0be1faecd48dd4a077850ea52a9796f4ad8d98aaab39fd80d2a3e1c4e39b11abceaa6b505e0bc0f8f5c2fb2790d3606

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 e926bd31c02a4d320310b285d18fd48e
SHA1 4d8a059c908440504a113cf69262ef2719e1c969
SHA256 4626b90db9a187b686886b5b394d7652c90fb5ccc5073e3161c94bd39b8abc1b
SHA512 ac859c0d140995f353d9543a8d46f8bcf2867c895711ed8e59377fb9fc91e8ba546305d803c947d5c5dc045eb1253be70b0d63ab606a3e54e50e5319f4b8af81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 123c917f13e1f1dc6014d2b00aafbb40
SHA1 36c47f8413c4614dda26fba533aad1f85a0a10d5
SHA256 a0684fe4dc45e8693c6ea4ee3849afd62c61522a358ab3c0445f22d2ff379485
SHA512 a3667f372a0ad1b324e850f20cf0b65d871cc25a9a4426c6a09b895c7f45925780da8bb4f90b53a7c2ec9e884ab54215f1665700ea588f7b9487ca404773c09d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 68dbea44ef614eb79aeb004d9ea29766
SHA1 36c07d22c226ceb5725cd37f41f44e7e75518777
SHA256 8894f4203f55071011690b2f049b09ebb9d1b7344c9d94d26a93d2ba7f6b2549
SHA512 582b156e9f00b082e251c5eb74766d6e7f302fe1e792a57a81a08c345746a6112763a0f27d935e553667a41c6c3aff0dc971912e9c4449e097c4fc496e271806

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 da45f7011f0b7160c3ee0a8493515d8e
SHA1 f33ccb5d1881551def9be8cf85190efedc137f3c
SHA256 3967006c5afd30f61a57483f4a3533ca1edcd9d57b16abac5f3a0de0f77547de
SHA512 32754c25f6dd287f1bbe84304b9deee215346e7e42a1572fabf4507c386a57ae971cee6d0b160ea50266630f268ed162ddf0e5521d8c9db438d9100f3f70c9b5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 7aba1cd500bd431f3e7a2ea40c44695f
SHA1 890f48c5762d9090db0bd81ef237c7b0e1398ecf
SHA256 bba9035084a9b92f6424fa94c134d08afba1e457bc9d45e33516397550a7f99a
SHA512 4720cd73c6185165977921062d90702bd26347f6540feb6af87771488a6226cf1baa47003ea20ed264e0423499ae0073a4284ed03e90377059c95dbe9938415b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 6ea3144aee19785f295023cfdbd0406a
SHA1 4fb8a2a018b3b062e5969ac2b36bc468ad4054bb
SHA256 857e6bc927eff34e1ef1125790766dd389a36e02043b9897754e979e9f1ac819
SHA512 c6b1cebcc099f61a04b0ce3b4dfcaceaf3cb165117e4db3e97874f957b106011fc9b2445065883efb07873d5162830a7113ed3519ab0601f689dc05566a8c60c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 26bcf7cec2e282d02c141dc4f656f369
SHA1 dfba24cdf4105fbc3d7ff15d5e44df1c1bdbac6b
SHA256 b76d6df6371e587df7e03820d3a47187d271836917ce39acb17714dcada7973f
SHA512 be670c7576b14bee0d47f725cdc842371cee3bd809b5b9cfcd09482371abb1c8fca240573485b18fb599c536df6a3c51f4cef5d4bbc5dff2a5cfae7077f88c44

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 eafdb1e8fc0b23581be90160cf538c09
SHA1 1b086029b0ff4fc0ca52328d5bc23620983f6186
SHA256 18094e99f5bbe7e35134bea1b4a1cf89add8fb900df2106020e9147440cb2675
SHA512 c571c0313b679f0037453930c151ce604bd14a149c9d79c1954a368250f63ea740b20d4a54903cb7207efe00ee67bbcc2eefee08c4d31621ba3f9d5290221bcd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 edda91b246d82df280ae7dbad7709c70
SHA1 3fd6a39ce0a06ca3e65cf453b34b4dea141c1f83
SHA256 8c2c958ecb7e3ae1645489fcb97148d99d81e76f7bc894f5d0282f928c61399e
SHA512 f45e36434d5fd0c11cc96ab2f967671b48c274d41497380e131f96bca440d00ab289508408353453c8d6f976cec735a30c20268b5c5cc45214c2fe80ef0cdea0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 a4dc5ebe45f42cecd6a21f522ea6a3d1
SHA1 3298e93098e9d8e88cb5c07a99bcc18de2ef0ab2
SHA256 c20a6071059a0e0f67ab55991448bb7a364b008d5d8b5a3889a46f2959d9e3a5
SHA512 2084be2872118ec7c4296e50945090909a9e8d1548337e3ebe612c7006b9928fe2a1f72240fc28d75e313b81d17cc6221297bcf220b949c59b2a9b2b8719f104

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7383755058e0cd2a01bb411c165cde58
SHA1 c30dedb05a35afd7e03b682f6d9a0ad16a9c7201
SHA256 b972016874d51a812bc675aca085bcb08e460e09c58fcdaf70243387bca44dc1
SHA512 6d17962bc334e869c937727cbf4d29d95359f259733f38263ef7881cba0207de6c534c6b0a947803b5b1ec192f904134708731191b647a7ceb7b9b192846e1f2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 690aead534cd824f57fab35b1193a777
SHA1 9f87b9d594454aed0d9e3627cf5e6352675871ed
SHA256 900b9c9eaac551d937b0b6322bea29561da31422ee955b22c52c45bbc8ac326a
SHA512 f3cadb755eb51c32ab212f7ba7eb428ec13ec5d72bfe7ba45cdbd4974491d0cf8fde0d348a3faaec8aa6043580bcbedc200008d9fabe09c3a20ec8429e04c61e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ca4e72d6839e69eec26ab0461ff7b4f1
SHA1 5786e463f76c31b290d135da294c1a925c771b7f
SHA256 a5285abdef65de89942247c61a1a0faffb291eccb652c556526edddbba01f4e8
SHA512 a07fde3f7659cd7ccb1985984532f2fb8ef9f4bdcdbc9744d9f53b24fb0c6110c102746f4819ef44b01b6e24e9448e4e10e7b5704a026e905085285188f2f042

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 39978f0c5dcd9c0daf0b1000a8d7b567
SHA1 3ea7240ccb143dc82e2df847f653b875750bd569
SHA256 7bce3f64eefc9dc9d0c5e61b269fdbec161bc7d798182c21e4a3a559cee41cd0
SHA512 c9ee4cdc53a16976d68a01aebc7a933b6fc3b4deeb2323ca868f414aa35f393a644a685ed87bc5b71eafc93a8c5f2e2673f1c777080868c490d3f3a2bac26a2e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3160b7be6b65ef575e9fdafdc4778555
SHA1 d5a41e968cf19dd2d5c65c6fa47b54a975c6067d
SHA256 4a3fdb921cb1bbe9f17fed4402340af351196d23d3e18d2e3ff41506e92fb030
SHA512 b1b020c9ae9f466d01d3f6f514fe4275a3b0ffe07b3566443a672b1fa83487dcd7fcd9a871120ba3aa5baeca984bc5a938b577499c3a26a42bb5f11f80e5a633

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 83fd00bebe5667677dbe53a45ee7cd59
SHA1 32c869db25ac61fd5c4fa991338bbdcdd51a7c57
SHA256 517a4d3cf1550bfb7a5dcc55d2ab385599f117c545a8c59247b6def3e097f355
SHA512 a004e4585ca8d9be433a10dfdfa0951001a80c2b5305260df1b554d776333ec342bf1ed90adab8281f69265ab33dfa65b59e3e99bfe40c0aa436da004494d957