Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-w7fzzswbng
Target 237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118
SHA256 fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3

Threat Level: Known bad

The file 237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2189) files with added filename extension

Renames multiple (2206) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 18:33

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 18:33

Reported

2024-10-08 22:54

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe"

Signatures

Renames multiple (2206) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CLICK.WAV C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_6.1.7600.16385_none_b6bc71f2aed192c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..plus-admin-comadmin_31bf3856ad364e35_6.1.7600.16385_none_8d5620dbd8b24529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-programs-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_31dd540fb439b405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-at_31bf3856ad364e35_6.1.7600.16385_none_4cd7fa8ce5381b26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_88e35d5cb2d54359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_6.1.7601.17514_none_d53d54cbb43c056c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmvv.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef3ad939fe178dbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b9cde5d1c5d5daaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_en-us_07ac7898f54f1ff2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.7600.16385_es-es_8ecb40c7ea83231e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9a802c5593c58745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ds-ce-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0dba992e82d697f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c830372a86675a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e8339c195243c22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shmig.resources_31bf3856ad364e35_6.1.7600.16385_es-es_db9cd0f421593a31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ncdprop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de29ca0f09dd6ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5705fc855fcffdc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_rawsilo.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d5c276ad141427d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_8aa0c2aae4765631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..re-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b9d9dd325071bc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-desk_31bf3856ad364e35_6.1.7601.17514_none_0aa8deb62f9d0152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.7601.17514_none_d72e0000a2e94e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1143384e9ab8e550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-chinese-migration_31bf3856ad364e35_6.1.7600.16385_none_d701c6600ec6b7e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-2.htm C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.1.7600.16385_none_3fa5b5a70ec7f461\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_70a2ee76fd7676ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a3a02c2e4f8f8699\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..snonwinpe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_41f7174efb723425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_551cbf74c93dca64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bg-desk.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e5966adda19f72b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b9a464363bedd28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_53e1c8c7465becbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6cc813a7e1906cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7cfa76ce49850c44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4333e611117e6214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_6.1.7600.16385_none_58f183d86ff11e2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_6.1.7600.16385_none_4bad5745e75d0468\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base_31bf3856ad364e35_6.1.7601.17514_none_21307555294142ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.1.7600.16385_none_59845d50dc8f5a77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_669551a13072e8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0c7d754a6dc5046\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b29c99e3d86cbe2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1dd6888842f48185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sideshow-adm_31bf3856ad364e35_6.1.7600.16385_none_6428ec4fa9609b9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_54d003ea204bbf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_ja-jp_6e1c9eb17ab633f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b239ff27d91974c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fd8034aa86b1c41a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_698a4a0ff29b819e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\74c8f5e75ec10458436bb476c2cfd9fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehjpnime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a9d639153b108386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KQTFNKNDNDOSNQU" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe,0" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 58221d3d113f68db73dd3ef8be50c89b
SHA1 d176d2d980455b0f3979887c367e46aece3ac630
SHA256 6bc78001ed96e327800c88dacac9c2ba1bd0656963339ed0b05d3ee79237a141
SHA512 478b7d3fbe7e99991c7fea9c9a39e30f6fd06816c1b53b33504dffc276ccee6c18478ec113807f88bdd920546a4fcfb22f91ea1b6d70283d6157fd4dc6bbeafd

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 26cbd43370bd938ca450352b1f3e629c
SHA1 52d8c114b1d155826b7aa139a16bdf03f0a3f99f
SHA256 380d01b82395c24ac583aa812eba9ceef8f74e03f23b5d7635874844e778d248
SHA512 15db57ea61ae160e07fd903cf2365e280c5bc6a5b86b03756be66dddf90e9264c9802c2f81dd3a9b60555d87bd60b8770793647ba7b00ad9aeea8dc89555b22d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 37462b9fb36ccd84749044d55d1c3a86
SHA1 195fdb3f9a847396100ea38a8804de9eb0843cf6
SHA256 2c8417e421caee85de89a24ca1963655068b1507fcaabf96ebe70994c19f09f3
SHA512 bd92d5d0114a0671dd48b79874bf529946ecb660aeaa0c6d1f44d801b3933bfbdb8479115890ebafd5f4f9840c3868f0cc78d3f785488a2e1f61266ab55d4ece

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 f9931502e4c98fb07f7f7de43f95ae87
SHA1 b711c534af106f170aadc4d711942643e34b2b0d
SHA256 144e519f1365b39d441451b3ec48da6c33e98b7e0bec0d61688a2d0ce0524896
SHA512 a4dd16f79a06d567d59a3a60b37d1873cf2e02cdad781c9e135753405d1040ef6767a2f7f1c32ca877e24314aba172622f6078331837aa59ac6acd7e02281616

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0d7e3688a86dc26feab19b08a3656c62
SHA1 7ba6266ba612362621bc108366d6c6541d90f791
SHA256 7af5f826ff0bc8aa66bf3618a27b31d4371fcc3a7a3b05daa10751f077fec758
SHA512 0f1b27cea3f5b190000bcf2a695aa19d3a3a6b966b0928e2635d68a1b77bfa6440f029e5b388529f4cf5d878510d769352093069283343bd793651aac9e4f882

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e9ba603e5a5a0daa2c6a356cceead773
SHA1 e98972a3a4ffe18d943ea2585e7c673b8d1cce26
SHA256 f94523e0aef4690b7c433cf7478dd3008cd2addcd8a21146e8863d078e0e4e8c
SHA512 c28bbdabe281d8cebaf2cf69451eb73a5ec7c50bbd9ea3eafd1e3a657c67eaecf84b3380409cdfe9d040592553bd54c7cc68581888b2311341c18356854d6308

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 d05929a258b2ca4336f4b2471e2c4f7d
SHA1 e8d651e210f3d15811be3a3dab6c96a3839bb696
SHA256 ff1501b5da09b5f0ce64a56fb402bcaea1f1faf548d8b09481df9b897524c47d
SHA512 f70be6b1ccbf4f5eb1c1f232411c2e7d503ec882adfe7c1d04fe2513c9d14f2c760454afd08b81b43b9065958224eb28d150490d11492163f35ac4919e7b4769

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 0e1d96c0ffafce86028f12b415eed7f3
SHA1 c48b4b80bf821199a1dcbb9d533856dde0d81c12
SHA256 df01a7895b51407a91c282087ce3580c9a1d007415d9fcca8135262f993b3c73
SHA512 7f33ed6242193c40cb095442db8f128849b76dce0dcc3f643670f124091e93b53a4d6367c86c7a178c97c7836ad37725877d1b01aacad83da78258d5334aeaaf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 f1b6a91af6cd343663af90bf8fd9290b
SHA1 698c348cb0066a203b29ce5ac1b4c866a7c6898c
SHA256 d12ba45871bf2d86dd6fadca7d9d1a42a37d825f69721b76623e72a8b7f9ac66
SHA512 1ff6dbef129594ba223d3027596530ddc2eb96aab620e3211bf03ca15a81f30f9d8fe2d849efc22acf260816d6109d3a256f27228fccef2c213799579957911a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 9357f44a9ef3c040e4f6185b7338ab39
SHA1 d741de0a51dd1fbab8bd9ebebeb862649569a611
SHA256 31bfe456295005c7aff4494e656a7de66db4b1c10458d3d161c800d00ce0f88f
SHA512 0c84e4e502cc5f3b8cdac326caf27990fc3fd0af2fdaf44120ac5c98c637e630f6dd87e28b0f51c7438687deb2601436f79b534ae9eb6f3b9b8736d4794226f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 48b2b0bbd4ab3372d1c1bdf723431f27
SHA1 b5f1e006fc0d151587bebb9b056a7fb4b720a0ec
SHA256 f316955f04de0e467a87662bfeedc6ca86a9d96c643033e6ab7c58312c84d0cb
SHA512 7ef67590c5ebe12f0eccc52524145744cc613368cd0e0ce4ca73afcdd20961c0de85b397547e656c0742290eaa0c115e133ab67c94f16c3830bd96c448b6b380

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 70e25d2a0d9fd5df7e26a42a2da8926f
SHA1 b738207b35b3797d559a5914b3141ba19107a613
SHA256 24106269ef04f670812c5c204e1af93fe9615abccad8ca4870b71571b527e325
SHA512 cc58a89ad0e8b83bb913e98bea919dbd89d1919f19b7ae83527ead394e863e83bd877aac5d3314e9aab86447a35b59e23794729071e7a8fdde15df4da24642e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 4baa553370762d367392c75d2151d2ba
SHA1 77297e5b765ff996f8fa5096ebd33e5db373d74c
SHA256 085dc2d72ed90ee26892981f791a5a5aa10e2c70359d182985a1c5da911d4d67
SHA512 18baa3cc097fe3cdf6790c9ce8f1b7b243746861fe9885afed5a422ff53c5d6a2e6bb01057f1bf977cf1ae6002cdcb9469047706c1d7a9ae595ee7b2c61a744c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 f49f084b3218c804aed8e2700d76bbcc
SHA1 ab5f764a128755e7bcf78d99e36e0df4cddba56a
SHA256 2786af896af8d62d765907b3e1097fab1e666d263c8b11b4a5c9cae41916dc33
SHA512 7b9c0b7d38156b0ddb30d70e7d44285d3fe62fff0405b3a4d229ab72f0f79516c903c3ca4684358060a484d73e456999a03272c5da7971a537794e7066cf54c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 679acef24bbc769cc13035d66e01b39c
SHA1 e95881b78bb3de55dab3e01928932d758f2bade0
SHA256 e506e310df99f26fd8f85269531ed3c17005be5f8d3ad6b44f804bf2cc5ea325
SHA512 36516b4ba78d97a930a6047d56c0220547348dc0add18355e9dcf753481d271bb83af86ac65b37d1a1e3a9b635311d6fc84a73ae31103b62987bcb305440c3e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 a3723639905dea352ebeebada0b58a72
SHA1 673efe66bf1444e363dbd63e9d4cad1216ea876c
SHA256 7d5174965b8734060712f76d5db4f8ff2a65c33e2973a55deb1df5ae222359eb
SHA512 03685a6e3c71a1055ebc7dbef6a818398006d40a1208b7ddd7b5d9f5e6b043640c1c149c364c74a656dd0ffb92f561074aee23f9a162f6ed5a4e77658eb33524

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 b2b1941f2f4759aa9f851d3a8c422c68
SHA1 5b4ffb265c855cd8430be440205f0b092c87813b
SHA256 f219f4a4743ef2e2a14c4477c8131b9892ec178ab2dfc5c183667a3deefec558
SHA512 61788f97c9c2d8964d8e1b19d5d334113b448b89268e3928827764570978c7a608986d14abcad7f0d08c323ad3ff4419122c0ded314a9e00dad20b951aff07e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 9e52446f2d81b8314ac29d54cece416d
SHA1 6a8cdcb92ecd1bd07b85b11f4304ff6c1fd3c714
SHA256 a4a1cd3d5541a0b73afe99b0e708277117bb8c06d6bd57e8f020473f0402a937
SHA512 d19526ca7c57b7b358894d6b4dcae1c1c6753fc5e8e3c47b90eb46bededa194510e783e363cde0f29749ca5f2eac62ae12bd84254130bc49896eeb79431fd079

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 6102249390a6bbcc41cdbb902acd88aa
SHA1 da209762eba543fffe4bd297223db6f8969239a0
SHA256 b3778308c5881bc10660e0c74b467b26b3f7d93d0a9f826e3f0eb2352941c233
SHA512 d4d7713e3afc5732643abc1b27ae0480f23dc18009e7624403978db73ff0aff10917b965aac7730d73c044d78815b38e79064b0b75e2ff02317aef5947695d65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 ab59e20a084a307e881d3b596d2102f7
SHA1 4252297c1b985609e9ca77c62aa5b04e3df96aaa
SHA256 ca8c331881aab48c8b440a753bafe47769d61e8974aad902a86bfa65f72c574a
SHA512 747a99b14b9e508894ebccbda16d314abc54575c8570302c7b1dbfcded94047a4b03a77cbf6686658e37d33d6cc0ab144a6599be8e6fd489349db7143b3a1a03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 41ed644946790d84e3f9a1444a3bfae7
SHA1 0f2dab6e5cf2a701c3c28f4978bf965b8807aaea
SHA256 4348b051fff40be488b26e06b5a5dcc500de25a5f9105c62b54bb9c1d587bf3e
SHA512 86fe55f672bb2376b511ec301ea76317e07c3e849083d4c423a006fac9c379349bb58ed430c7c164835067d34d690f295c7272977d63bfabd4ee60aa62d47ff1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 83b257fb6c4a41c1cc4fb5116b2cd8fb
SHA1 a31df99c8c22e60ecf3264f957c101e6b86b9d69
SHA256 ce72a066cb49429086faa5216b3452af0c9cd03b233c9eff3486140f8961fb7b
SHA512 da2f590c6684abc5d54bd5be7c0e1ea9e20af02b47060e2ab782df9c78ff9ae5e4d0a08a6488f7f390f5b65a452e253ad37505e8c0cb123dd59f8448e2241f72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ae8154c1b87dc316dcebdfe4c1c84497
SHA1 42074065086cf7f44a476a3225cde97cabdd3de2
SHA256 def0c889d7d8ea87424e51fa6aa2dc99e469df2e82180fffed190e9060c53cc5
SHA512 6d2d207208b1debb026f8aa78690375bbac3b0c6dba9f59355b90cd5f6e66130a3bbdf9175e37fcf3fb904940b0affeb79c63f422b97f043f51424d0c1254fe8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 f760303559c5093dfd934a0178074260
SHA1 c1f3c6c1e48548862e2cec872ccf54406d560658
SHA256 6d307f534b53f39c5f7f41d2a6728337bb0c7496f1814835091d20888a18e9ea
SHA512 da8cab29f913c48596cf07733b18708400c552bc4875881bd431121ddd6e4e17c9dc5f953029e4813639f0d8411648eee5170654edcc98e2b2cefb155bcb42a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 53a4d48535dd0a8dc948a1b2511465ee
SHA1 de61f4db1282f8976afea30489e4e0f7dcf027a4
SHA256 8b6264325de8eb05e22aa1f769f53a744a6d0bc8529a91c51844ace7af061d2f
SHA512 6aa609ea0ec6ba3dc369394e3006023a74e0fd56e29935489bd407724922bd203d0a27b5a3056f81a3d53d94afb20ff41dc2b61a9194d5091aee2d97e4e0c2b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2aa9e781a2c002a45b9ecebfea3b8e38
SHA1 442b1f8748f191540b965754cbc101308ab7e3a1
SHA256 f727c8c4d578b9df269506c0bb542a6684ae9f4558959d9ffb069f8de93cc8d0
SHA512 df97e60983fe3dcf96e510fafe4c5406b9325ee291d4a9f8d2e43d7c5b8ba2d3bbb866acaf7eccf84381831f44c0e948b826de4a14af32fd4cefd9e3e0247927

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 497e896dbd779e0d4c385c56b8c545c5
SHA1 7d3a3307bc303ac1fc69e828cfa20975de5f7761
SHA256 c9936e3186118d92e21de46ecd71847c7b37873aa7b041b0334308e075893724
SHA512 ea0bffac400cfc54b9535a08a0cb880149baf971f761b50db86990877381cf00b7e60596d74553fdbcd5a50f1678e43be3034374ed5b97aaace19bab83a70961

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 2eb0a6a527d1975f781ced479d23c115
SHA1 e4b8cb4df2c4d2925d0b258dba227f54b14149a2
SHA256 e296c2443858d8b11271c3098352eeba7e1dcc660a2d225e00474da0c64a6f73
SHA512 455331f389349ac66f7274e6fc065682b755a805ae0db4ff488c55eb507536706513db1fd287c040dae16d8daf568bdbefe98ab4ed4959ed190a9902cc5abaed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 659689c0acad16e86966147b9563c308
SHA1 a558d1d05f6fb2e2549791244be71052339b8bbd
SHA256 b94dc1b7706b0845a2e3c1ae5b1fd855fc27883110baa85e7fbb65e77a9571b8
SHA512 9e94a02de4d862f2f551fa12ce076cc856398b40e49a78ae7d638bcc5fea620d0420f03329a28f8ee839d9f62201fe2a6a3008f62a516d0f4f7124c4377c222a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 099b395c205f4536afd3aa29f0c27cfb
SHA1 e3747a55d538c5eae957098f09e62c6b1ba6ce27
SHA256 5ef2202069ff476cc730fa16c54a42e0b4c7600634c9ab58d56325485a43ebc6
SHA512 9b351b96000115bd5bc885d7e78152b3603270d17e3dbaa0704d13594631e39c1e93d8e56e94b17b05e8ea330514490577c5ceaf65757d827eee318ec7d68914

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 0b1dddb8f49be9d7a0230c9665e73988
SHA1 6ee7b5c5bc3c4c6a759f4e326517e65ac7dbf27c
SHA256 663c3b878785ff4050015bc8a1c4c406e04830580b926fc76e785e0f8e0fc22c
SHA512 f831674a33b4e5e4ec5f68a33696eb3fc58b869bf5d425884a26a5bc5c74d5c25de1aede348c0e95e1aa1d414205e92d42c3b49dc42e2918996f94dc97405c33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 fffd7927654143cd56d252eb5400708f
SHA1 8956c8c9e1e0b25a3e7d076f771fb525170a1a65
SHA256 f89eafda1268a240a907aafaa0cc5bad7d490b9b872f5a114112b7a1970be5a6
SHA512 a28bc855aec544e2426179a61c3e5d7ed7ef5a7297e2192dc7a1a263250cd43ff22da226792e7ec5313842349d3246086a597a80661653d8490572b9e05133bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 b0170e486f29055ab96ab6e4e9fd85bc
SHA1 ef6d2b47635a37675ee1a6262fa1dbdbe6face6c
SHA256 ba41a83c6d868ab1660bb82d949b700c8e6bff59c73d1a1834ff47f8d3fce725
SHA512 420abac84805aaaaa2cb5a16f174e45a3d44f81ce1ad242c6c0defe031590bf232d961f22921ab0ee9e212310bed77fd7d12c3a319120237eda9bacfe696ea4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 3961c3c50a6388dfa9c9c22e7b7dc55c
SHA1 010a7a788490781123ca73361838302b60011047
SHA256 7d0ddea5e72be8cb6ca8fe2b74727403b488a723142ab4199736fb10fc99ba39
SHA512 2b298c72cb6865665900fa20a23752b03a5af327a745a28a1089d238eb1c777c8cd0c4d134116dcd79dbe48ea5ff146c69763994f628abe04219b8bcbe18a9de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 2399a20a1fd38849f880239b29701347
SHA1 20f7b2d4c79f593a9a59049c5d3f71ca06b14617
SHA256 2c25678148c8a16f6294033142e541ea2198cf60ba849789022881f44c9264cf
SHA512 cb15d27ba33fbaf29f8c31aef1dedef72acc2e6e6352de6a8636f0bca4844ad7473533e7ff02c8c83820a7aa6995113fc56f3c3ee7db3b7e6f4abc86beeab42c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 6d4a23e71862d577e3d1891f3486a7d6
SHA1 a87f917061ad7b02644b1e612f0c3f6614d2f427
SHA256 63e542dea5814e0bb0af2fb1fb0449cb353ba5e79c5129d143f8ba96a7ce8dd8
SHA512 2aa0ed65d694986143989752adce6e90a2d0220e0d7755d02c1d6e4386d4e40b0cb35e5c6834b8164d90ec7289a1de66154900087906672d099865de3cc405be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 4d10f77334472d7b3fc73c27142851aa
SHA1 47b538b9a8a7cae8747c453f4fecd190c0eff20e
SHA256 e8893153baea86964f0c47d8159b7a6fec76d5dc752190504428151f60760c7d
SHA512 13997034aa0cb27ff2d01f3d37bcb38a857c5cb2fd6740761ae855e125681793300a68e5abbd55cbc985188b6069e3f2078a019723269904f52a23552ab60e9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 696db452116f26b30151a1ea78b09b44
SHA1 712654b1ffaf2bc5f56fdb7745ec3a22a7d6dcfc
SHA256 59faa70938fb70555e6431a68ba25bc3e509fc44f5a49bd86e18317c3fb42783
SHA512 cbbb5b489d34a29f68eb900e2b5d6e87a51ae03d8934ae52dae9f4636eadd1a3cf87cc0e1c20c739c2b30ff430b4d121d2464cc982c20d25536e6740c490f4a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4ae5d237bec07759c47f6d0486b4bbd5
SHA1 3262b2e8807563703203a01444bac8d4c3e931ab
SHA256 590e73030ed57666a509135b8da2fb6359702143865f892f17d157b46e618516
SHA512 47e0bfeb61ef769be68ad9ab4145fca9609c37009cb88a92737067e643b43370118ff09b5bb1247254e046dd14e84c318e18fce3586de8a607cf37e19d67c7e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6035f9af4269122e33922e5c2208b4e4
SHA1 3d054a8797f280f52415102fbe90ceed15a40f1a
SHA256 5c9e57739abcb2496e625f1b4ae012cc20d3f9f2f2b64210a742f0b870fdce22
SHA512 a87268aa677063fdcade3a07194b375afb531da5bbb66accb588fe7948bc35f01aaf342ffe65f0cfa8e20786a7ab62d3090f300e6e00523bbb84fa2083da6034

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 5cca478227707bd268b3a8d19e73b043
SHA1 5106e020aaf8a1dc5ce9d1b6d08bbb55b54471fc
SHA256 9aa16b38e1b325aec1935f3a32aae17df050182c5db0ddc0ac6559a75098ed62
SHA512 740835fab92395b85097a547cb2cf0ea36e77d3108ca0df3f804922817d8fb1f7f541bd5b8e07b4e30644dbfd989378084c61ca452bf9e2136ee402ff5ff2543

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 9610f64febe6a671e790783334657de8
SHA1 99942de1a526bd742a3070fe459cde5d73038816
SHA256 7eb8c35fbd7b2038648fc751c147766d698e42bc7d78fe7916495a5b06d46a14
SHA512 a4d265c0b2ef3b15cac3b60d1c29ab3b2fdee1f394681c4efcc20cff2e0230d0ce1337ee6925bdb6d56a87408c4958cc2855485f54f6c59ffb463249d0391155

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 581e22ea54f30f2c8009ac62615ff134
SHA1 07a8eadf62b738ecaf6595d0b84ae6447514f68d
SHA256 749a69459074d53ac0b71e3077304380f4be893dec05063ce40d4e85ad253b9a
SHA512 0c11098ca04b9f600e8e64dafc449f3dc9efc8f4ad018d899d8c8c8dac7c1566a784b0265886eb8ca6f06e63fcdc6b1248b7b4e4a2ba09a230bce94da27aabfd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a444afa8632a1bdaec33dd9aa4fbd50a
SHA1 c34081bf3a081123f5e656bb901534c4bcd759e8
SHA256 d189328d024a7c0656fd715545f5e54923bca048017e5e3ed6e18883d4f2da0e
SHA512 80cdca8e07f1f9a5f65f72a8b49d3f1312df2505fbe4814917c3114902e6167f3a21b753b2199551bc220a210470aeaf8d5c91a38fc5f1698a554f0739cd720d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 2daca834b364cd8ada4b992d8bfd9ed6
SHA1 c7df86938ceae8abe140a553f3f4cf270a70c880
SHA256 cbe8b73f44b46f195775ce2140ba8d75003a7399faae9c285ecc9dbb0be7889d
SHA512 1c473854036efadf608d7a5158eef08520493536f6b50c9be80bde4357ed148b0cd9fcb66bf0324e588bef185223a73a89dd92ba0b7d958e27713405ed3d7fc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 b1b6ced07882ed4e9665a5e25cf12262
SHA1 c552cb8442a791e939ea30f9c6e586aa47d5312a
SHA256 2faf637375dfe3b2293f5686169455bfe69568ca0093da2b3a56a444956678e9
SHA512 ffec4fd043733260c37171d1c1c19563a619b50a5add8e0e6acbd8f0b0a3cf26b49c3e2c0f75bbca7018d10eb9816f9c233972f7e0a9a343de744022997e5a5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 101ee1d06be7ed885c2123cefd15848b
SHA1 55914d611915e833c4f1da8579b9421704a1944f
SHA256 b5b688c29981aa943d1fcc0ca4b31cdeade442021242f9e23b7ef8f4ac20a939
SHA512 a62189d9bcaa04a65b46d7a288d0378fc0443dfa15d7990f5fcb8121bded7ea3dd5db9cd04404c3ed33a2b021c4f9e5a4f81fef75f3ae8d8c75c75a9431be14b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 c70b9b7e8a369cb959a4cb354dd8feb0
SHA1 e80137675bd9a799b1676d768b418df6da56aeaf
SHA256 fa094de541086bea8251eed02ab36ac05b634cfa77948a5c79b1fc294ad3cbac
SHA512 c56e9c9a9469ac84f989c143aa26fa2fc7be1ceeea9c3edc411975a716ff5b640f8e2f39e3e41b913319c67ff00d9fb8735738dd692ecd2cfce24cba0064f941

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b1fca341a1519f78b5c9ca9e3f897526
SHA1 8d3b391c6298a212dea03ee319dafba712c25ac6
SHA256 8d2553d04bf999a35e294b3cd1d6b178e3c367639696b6f2f44c14e56f9b6dbc
SHA512 632716fa5b00340af981d830a9dddfc8d7375cbdad6ded2a4a92e37d2bc1d1bfc89bf72a054b0d0e505b3ecd16ac37567c9cdc707afd7b4d1ec008322ea1bfe1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 f3c5361829a03efa50ab261f85471342
SHA1 61a4d6b5d61c26dac97588a0c9da777d6fbd69f2
SHA256 2c46f1e847d91fb48d5146f7bd4507b097d6366c557ad128a7418582d5583d20
SHA512 9b63d1d6365db5fb1da64cebad947a92aaab31824f5351551997e78b6d95a637c21bab13c7f555d07c48ce9b0cccde0f965fa1b0a15c4e9361b084325b7c1352

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 9d730f336070a0a9bb03a7c2369e7e31
SHA1 6b31445353dc0a88ac75fa76f345bd5eb8cc37b5
SHA256 d5f36d7adc61fe024532de541a910f30d63167e497504f65e6d7196b4bdce755
SHA512 dc121f12f05083edf4c12d2efa534e1d9504771d0cd86ebd47c14eb897dad7f8ce6cc9ac0b30a60bd11825c823092ebdc1271f398c5a47ec8c91690c967e845d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 c8fc541c41bcc7b69bee3847904029a5
SHA1 6b8aadfdebfec90a923c06394d3cd87d46193d1b
SHA256 85f1e85c4d8eb96255c69483a5a774aa5b25847bf4422af0a9de076e2a9abb9f
SHA512 d68b58113eb9266205effb7f43986fd586328473e38a9ea3bc25405b05140cd783462c2af89d94a07bace076ff049d5475c6a8b3540eb94e289c1a89d41fd096

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 91b7fcb05db3c96d51320eadf4f39938
SHA1 ac3a0ff5cc0c13944c1b3dd6d8e955fe1484d999
SHA256 3dc5b7c0001e2337ff5c718e96d08c9e4a592f9ffaf0a2cf78e8d6de0ac4daf0
SHA512 1ad7c44ce8ab5bb01140101e025c2bf6bdd1ca6457bcd8c01944843e0b33987ffd5e20757645ada0e74f0e97ae4875140b1b329c09b50cb347d143909322c9ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6a3f3e152af1bd0918fc0494dcd164cb
SHA1 6b536eb2e7cafe8a106092a77a527f35fec40276
SHA256 7a675db70914e3c5248934ce3fddfdf67ee73d77a518a5432d1eeafb70c31e44
SHA512 593eadce78902557c8d73c89aadaec100829f0711bde9597473346790253edb8f54ac8e84bbd72728359bf6bd7bf0fe3af53676ab1caf536fd746aab42d5d8e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 298d16af004b8268dfc494df8f7976b6
SHA1 2686441e2cdb7cb74debdea3bda40d4197dc8532
SHA256 dd7ba52c84410bad1cde313a8ba3c2c895fad206ee68a0cdbad39514fa2ca29b
SHA512 447b0cb0d50b393f330602370eefc8056657df7d89a195a452cbb921e2088cfd8f44ac76b4e421287c12bc90afd6d5a0a4ad17956ef06caa108594d98af8275e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 21195eb3f3223ee85b3511d8f1581ba5
SHA1 c8d1c54d14f16ee83482ab312f9241decc56a4c4
SHA256 f101ce7aaa5b488a70776983e4a76d2b439073001b9602de98657cee434e1378
SHA512 3b7fd8e5e432c042f48e4f956eb4ad2ebf5427ba2d6d6b91c35059abbea2ab4535bbb6416043cf18aff6afe4c0d3d0ac8d59cbd5d48e87e166e5867cbc850244

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 151302c9f65eb16be2b1c725f178bf5c
SHA1 b930ca95c23b48dd6f6424d4fd6c26326cd7c992
SHA256 952b0aad47fd63a64e82daa0a8e3342a4bf3867d5dea4a1be3a7d18ad50712f9
SHA512 8029624b083ecd0717a4dee3d87345401183faa69a0909ee2091da0b8d81ad9685cbfb70905e3f68f8784556dbc310173c63b0ef6c498a1e0e006da0fcf121a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 e33fbfdc650da50294ff67b7fda84c68
SHA1 dbdf93925ca331bf8ece8854ecd7176254ec56e1
SHA256 6b796349b71ce15971afba1a37c0a5f4596cf48567c093cf2bf7b60815b34771
SHA512 a4ea9a042b3300946362931b6e7faed3c02bc8053dda7db58dc77ba68c81bd763bfa40596471a3d4e03ea6f6b81676459fbc262b79f6e9c6928a5ea897369ab2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 c043b3b21368079c3d21dcb8d16c6794
SHA1 fe4dee224e1261588b9e04847da2b709a7cff31a
SHA256 dc66d12331492cd2d673ef8135f1564323cfce3c525b3b562fe823726e7e5af4
SHA512 a87640544538d679152a600a1b1b4a6be6e8a2f40067e0f979034e78cb05154f05ebad1e694eefbefaad836d6bf254b5d24939e8c0c1db4797033e0f22c12960

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 71f005b17c40593d39e17156e0b1fd78
SHA1 04114c7a2560992b9de95a3cfe2390a670e6b228
SHA256 cb01ac569e33bca0e5ec1d96ad4524a556a4b4bf55fc522ad4fea34799b23338
SHA512 ad90147917499d3cf24d9c6c230ff9a1964d2959f588e36e239d3e478ee87750e51f9b14e97e796cbc8b8dc18b68993a4582f64c66a9cee4809a67252e0a88aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 c76fdc12cdb9884a5891b9d8547a02a2
SHA1 ee76e611c2766ff5403c140e0fb546e46f493d79
SHA256 2ea58a26a9d58f9d890fd15a3cbcb67b8580f577313bf6580c3c0a365ec01bbd
SHA512 ea66cd229aa262ee762a49482202bba51e76aa39df5eabcb0243253ac4cf573ebb20b09183ed4cc247dcb6aabbcfd43d734796189150ae00d96427954376784b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 dc230498e3d51712e9aed7a5b48cf9dd
SHA1 a846895ea47e03deace4e651a6e484134d6b5ddf
SHA256 3eae2a044c55adab2235a2ae8e60320ef87f7c516affd6d6dd693b130056de11
SHA512 7d3ac63a2394bafeb5f85fac96bfdd8e8696471f90cabea501f88d8e0e22b947f7de5be49fdcb3bc4f182794b382e7e1f23a7c5f3d3a0d1fff9aeee140d72864

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 ea173cabf71df1ab4c55c237d05d6470
SHA1 e8f4b5e81ad89fe367a3c654dccb297e49a02192
SHA256 e9884dc48a5b6d696b21b2fe2130c461939045b0937a3e6e99c0df557ef3bada
SHA512 1c19da3bbeeb39ed35eb4e5b3a12307fbbc2395acbac8ff6ed6a1f0d110932287123057b347f1381df43eddadbd4c497b9886756dde8eab53f35fe28e839e467

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 3681983d2292e993aec9941010d6e920
SHA1 24f75295ca0fa73c1e4f8c9017b40bd8664483ea
SHA256 ada0345ec1ebb5ac96db097a432eb636ac89c5a840f36ae04c22ab5dc3ecc620
SHA512 26a518d926a7b838b96161eea17801deccbe34f498cfa2af891ccdf9019348ee55108aeef23df066a22f68458b7d4b80df8c7b0d482ccace0fa195525f029c0d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 a61d4de716c9d3f5abef18fbe84f55b2
SHA1 9c18cb00bf5bf8ee0e270fb89c0fcdb22d3fcb8f
SHA256 5bb5ac0d570bb43448ff7e76f0a888edd1aa24754f98bbc4768c5457aab11b22
SHA512 ef5769cc7ad4aa3cc3ea060d2388923bcbc59f1cc614553df46fda34fc0ba8f264d6bacfbc979b8b6ae1c3d3aee3a5d8893f56536541370d1f43a8d8a4003b90

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3b43d41fcab5736f10e26735f6bbf494
SHA1 f03a6d7c69d87468f3102c992b4e341bde6fc6bd
SHA256 2cd80b9ba3be52f66ea6b2a071bb37012be2fc2a5d3cb2aae3ffbb6272c2fdad
SHA512 5e75b0454d71ab6216bb3e2ad27e04d329cf364885fc7c50f85fb6240a3d833d0630eb2f244e485cd095928b38fe22ea60cc7864bc2ced6d4fe9d779c28f3950

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 16948287696bd83c728117bc9d368d88
SHA1 13d7d587257495dbe88f4cde05bbd4eb4f4307cd
SHA256 c22382209c6180de8e8142d77550393248c6ea3c04e36293fc833dacf096b258
SHA512 f19e35c5ce6c74269e6891e83aaf7dacf9645ad8e841c932596b51f1cfd6406aa69f3800018602c7f88c32f5546b9d7609be7abea9a37e297ea13078e5a2a299

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4d1185abd85958c143819e0c25b67952
SHA1 ff2b136e06f09e3436545a12fe4224e8ad6a4a40
SHA256 476dc7d58c2d2ead5293364a44ef9e07637139b78249014b464c1f4dcde39f5b
SHA512 cdfc859ecb57a96327f702294e9d475371bd606c23a5327d159f2a7555ee73624378ded36d5a8260e2d798d3196c9a327e3ee9f019c867c1c475c88b19b616d5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e0e517055c8b9ba9ebd2e75fad8cfc32
SHA1 f77fa5d377867ecff2e029128c21b4a9f16a5c06
SHA256 164c574f5c638087059537fed1a5dc48200a0998ccfae58cdd13763d00d4c707
SHA512 a97294b5cc5af95206f736fec2817b5b847d15591c831e5a1e7f84b8c245ee95c5e9face75c559fff8e6c6c33dc82f59dd33b85422c9c196536ae8b9aabf16c6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 93d2c229a6e4cbde2c5ac89661ca6bf8
SHA1 941d8ab81652912d895ac35221b1849afd438732
SHA256 204626a0d8a123848f2dc552d3172669b3879ab1ffffa1a32cc69507c92cc33c
SHA512 9886a7367719856ab2ba979dc6b4c222f7df1219048e196bf1c931a03b68c198dc8ae4485cca692f3f5365d9a0226e553d13180f2afd684e5e33a221973a32e0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c6c7ae36428ac2115da58029311ad0c0
SHA1 eaebd7e709f1654a8b3b63af0c8d13dc3d08a61f
SHA256 ca378e95e30046cf7bce84ede0bf19137dea8d70ffb3463881805b298b2d520c
SHA512 a1268e9c04e1eea1bf1c0fb4414e7b8e4d53b63ba71dca8c5d936f3198e8a1ca4150a690b5d2b41a5a2d02bfe49a3ff63d2bbe1f4ed7c241d3e8db88e0bea963

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1fdcff365a3d380aa5cde4fdb62652c0
SHA1 d6a68c67ef185e2cb90f7c65386bb97405fb2ac6
SHA256 5c056ff618bc35b5a6a074502107958ba2229120679c79e6e4c453b84acc207a
SHA512 34308f479f279114e684f26d88f5f5e17b47fc605a83e30d8c17ed52fcbde43013058f6e6f405fad942650f38402f88e0c6ea873fd45123a228bd4725f4ed6e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 587d81874565f88e90514a8072c47813
SHA1 e4e0a9ceee3de48c588afd14643d0c05c3e72111
SHA256 65eab9bd7f513c62e751b6d984a7be18442d7d58623bf01fafc03407971e2b68
SHA512 1c887a6f61aa3bca28766bc045ca1671023a10be4d6e024bc782be64c2d42fab1b56789d70dd6722401c55f56a7ee98ef9caba794dc23e699bb37f39037d1922

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2636f672a35f63e77073dc4d3a6c985a
SHA1 690e5e320fcb6b476a7c66dc527988b1e546991d
SHA256 9835832f637f8533ef4db7f49d0ae881e86f69e134106a9bf48a4f7f9d935eb5
SHA512 68276265ff09eb63a53acdaa25edbb6a15e07e76993f6393a0c677d1125d3254dd158aff7d0e43d924a5d5692c9f166e4461b86be540885de997f06850b17cbd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c3756582932bb16157b4910d4fcdb7aa
SHA1 01f94ab557b643f3fb79db10cdbefebae4d5eca2
SHA256 c596ee9cd91b557602ade0f537d091918e87192fecb1871b9fb860191556f604
SHA512 23491db7e6644199db800a2274615584a6171edda73e9d18480c335c3208a5ba8a3c2dc20f748a7e21972a41661d359d7e400414f56257fcfa2fa1b85be3a1cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1121a016fa828fdb1e7b3c5b35dc1554
SHA1 d61c65ddfb56e73c1e0566d0e5d7c95061726cd7
SHA256 9dc8e3285906cf3d8a9795bf3089b2a8d5e40fdd3228a32650ac3bcc55dfcdcb
SHA512 f129ed57151f9920486054ec2729748ae6b7423094a2fbf72f3c8c984cb7145d296240a859f8b0f25104e4dc07507538b0c96149859933128a7b6670a397f7a6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 09af5e19ce3e054d23b4a22dab0333c0
SHA1 62be0cb08d48e8c1f547fc1b5c6f01c30a2c6ab5
SHA256 016d9b76cb5dd977f8bce8e990ca281179ab4452b239e07ab1fd09e76c78ce38
SHA512 079000655fc98d28cea3ca47ee4f2c78f0bd46c584199b9b4a469555c822d4068e5dc98c7f4eeac3229c243669e7de1153bba67a772a07b0eba9377c64b96c79

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 491e120b7e3d43f0490ded73c3595cf7
SHA1 54f717fb3ead5234999d5012055a280c4b67564f
SHA256 b4c6283dac0c0748867d89ef54fa543d6063b0deaa1c1760d2d15fc39f206a2a
SHA512 ea295a69acf3b90a87f8b2a67a5c4b5e900cee87c672135d1aaeaee5898dd10cbfab6cc8cedccf60a325f6eeea6322694a7952508aabae6abcefd5de688d1e66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8b6e92f319c58ff46663c9fafb275423
SHA1 2714ac844cbc7e7229acfe34f9693c2dd5206696
SHA256 7afacc8582f3bf2cf6186e8aa7bfa29c147047b4c1f3677d9dc10b67707aaa4d
SHA512 d31f9eddf61ebd4c21fc934c34810676bfc79bd33d624ef7cd2afb0046e7b00b0fada38209747bc2ec3c656d74aae0020291a1797abde557fd77d11fc608fb2d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 80a60f1abcc95946b6a1c9ff7b9b19f9
SHA1 e60ef8d370a0c9cdc97b801bec3cbc6fcac66066
SHA256 3940e340ce8b21ef912cdcb5b63b358e5901aac1cd9ba25a191869f982f96bf8
SHA512 7969368486c7bde6d81903b264827e462c06b8894d14636b2e0ce38ed55e0d89ef1a43200855c879f2d06fee5a7f8494517e11a3cc9a497fe9405a0a7a1c67a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 bb433ab049483e4dfd3597be7b8fbc26
SHA1 b896f521c41b9dc9b0c7df85f46b30e86f03c4df
SHA256 a96d33a6daa105c759a0053a4da20e993aaad7d8942bfa4ea16f97fd1f2ad29d
SHA512 005b34b39c55ec5880b6edc3243acb9f058715130ae344550ab0019d027acb1c6950587937ec13dd7bcf67c2bef401a8b537b7833becdf6c79d9b316d0ea6db1

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 18:33

Reported

2024-10-08 22:55

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe"

Signatures

Renames multiple (2189) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_ec8de8952888a618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_bfabc750039f8ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-300.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_CarReservation.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_crop_handles.mp4 C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\34.jpg C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\logo.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-standard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\go-mobile-2x.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sunglasses.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-400.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-30.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-high.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1e8d2351e4b5b533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..framework.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a04570b150a7b430\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..k-library.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f35ea54cdfa51df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_displayoverride.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2f57001dd5212de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_337d5f4da62a8707\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b0e7a29096d0bffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..2.wizards.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a4ff67c7f0e3947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..gprogress.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2c9267dbb073ae63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-windowmanagementapi_31bf3856ad364e35_10.0.19041.264_none_26ca468925376c84\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..nt-uevwow.resources_31bf3856ad364e35_10.0.19041.1_it-it_88d440123ecc9cc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_c47fb20821633815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-usb-winrt_31bf3856ad364e35_10.0.19041.746_none_5164df5c9eb66696\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-portableworkspace-adm_31bf3856ad364e35_10.0.19041.1_none_fc2489f095c3c852\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\SmallIcon.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1081_none_7026e5572d04c054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-atlthunk_31bf3856ad364e35_10.0.19041.1_none_43d799d2707b5758\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tssessionux-library_31bf3856ad364e35_10.0.19041.746_none_58a2a6ef1d633015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_10.0.19041.264_none_917d9ce81cc2c3a3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.entity.resources_b77a5c561934e089_4.0.15805.0_de-de_c5ee18a81338ec5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-basedependencies_31bf3856ad364e35_10.0.19041.546_none_eaefe316bbff74b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_es-es_926a12b055a64339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..c-keyenum.resources_31bf3856ad364e35_10.0.19041.1_it-it_afe76ba4c4c8efdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1_it-it_a65df33be4649fa7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_heartbeat.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e4d0aa3ca7d42488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_47b4329b39048b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.JScript.Resources\8.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3a4838142c006845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_95263f064befbafa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_99f5acb2615945d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Tpm.Commands\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_56b9c0cf76f27918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-diskquota-adm_31bf3856ad364e35_10.0.19041.1_none_8d510e04248c4151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_10.0.19041.153_none_1eca1cc1925dc676\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_system.transactions_b77a5c561934e089_4.0.15805.0_none_985e687a1501d63a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netk57a.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_61cb24ce642d4b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2530eafc6bce81be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_th-th_640e7758936c63d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_10.0.19041.1_es-es_f9dce2515bf76973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..2.wizards.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_021114ac2b32446c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-lights-winrt_31bf3856ad364e35_10.0.19041.264_none_07e328ad529f76ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..nts-mdac-rds-ce-vbs_31bf3856ad364e35_10.0.19041.1_none_baf6259f295af1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-dv_aspnetmmc_chm_b03f5f7f11d50a3a_4.0.15805.0_none_903145418de7e82f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_d301880cf41f9418\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..baaupdate.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fadf45286f8796f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..peech-ja-jp-onecore_31bf3856ad364e35_10.0.19041.1_none_1fb312c05431feaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.19041.572_none_90e9bab3cbbfd71a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userdataaccess-cemapi_31bf3856ad364e35_10.0.19041.1_none_38bbcecd3c71af70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.906_none_d7047ae9908e445d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_ja-jp_ed3ea94a706110ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_1a58b811d313579b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..-controls.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e936c21bca73ef2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\SquareLogo310x310.scale-400.png C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-van_31bf3856ad364e35_10.0.19041.746_none_8a134fd8b7dae7ea\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7d7c8fdfb35520b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup.resources_31bf3856ad364e35_10.0.19041.1_de-de_f959fff6c3e1afee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-lights-winrt_31bf3856ad364e35_10.0.19041.789_none_fd7de9731e4a5d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_6967b274b02ffd1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_10.0.19041.1_en-us_f23cc2348b0c63aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptbase_31bf3856ad364e35_10.0.19041.546_none_4db3c6cb412a03a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\unifiedEnrollmentFinished.html C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe,0" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KQTFNKNDNDOSNQU" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe" C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 137.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 58221d3d113f68db73dd3ef8be50c89b
SHA1 d176d2d980455b0f3979887c367e46aece3ac630
SHA256 6bc78001ed96e327800c88dacac9c2ba1bd0656963339ed0b05d3ee79237a141
SHA512 478b7d3fbe7e99991c7fea9c9a39e30f6fd06816c1b53b33504dffc276ccee6c18478ec113807f88bdd920546a4fcfb22f91ea1b6d70283d6157fd4dc6bbeafd

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 23117f649d028815d479923191014646
SHA1 4a47c58694b60ed08fd5d3aa3544d19e1896da0d
SHA256 cce8d22e0c853a5df66273326580115ec47dbbb92c96c91354af0631021c03ae
SHA512 2e297171c456a2e665856830c98b528619dbcfe0d3ab6546a115200885e6993e248bc8969fb91154a66441c6f0054ed2bedad35474ad808d4a882b12ae716c7b

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 e1f0604e1573a0f5cf88c61631d3cc14
SHA1 17d68253f8441638fbf7a6a6faa49f95f8b533fe
SHA256 93dda3852cdb85bb54326ee13889136415a2ecf0cffeee6c3a99d97e8161fb79
SHA512 eed1d62e6873ab0a43429d8ebd5286421ee616c6e33a5113a7b8c04ed5efd331c46c365b0d43d6c7a33f5c16249fe9a6ae920dd5eb7a0ac64e2c396e9590b81d

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 7bf3a3f8b2ac6ab0f21c0142de1bbe59
SHA1 f263be3cf739451b8fcd95a625e5e6fbfbb1929b
SHA256 6daf46af292a0fc5d5f13d9b1aeebed40773e54127faf410a75af4cafe870d1b
SHA512 d6eb2dfeab79b64ef131712897b79ba1eab3f23b3cf33e8e81d0127f2ea1143c07d20f3ab4b866b55debf530c9c48f5c918748fd7f419b4136dbb3864aa8c6e9

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 1736aaa940d4ecd0422c4096535a1019
SHA1 94e006b520bb7b5f6c9a278757fae7dc6ac055d6
SHA256 24d86efc289b88c19bcf3a3b754bf85be7e9fc7ba7b3399d3275a2d2faf87035
SHA512 1596bec9dd86b7c3f6bcb183f349cd6037b91f13d71d13afb3bcade296c23f620612b7d5def7cc20239d4bb12049f7c9feaf5162671144e5ab9e8679e2d47cb4

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 2659d0965dbee55cbf1016fba5b4a7f0
SHA1 c21dd329cb25e78e039ebcb5b107e01860819be6
SHA256 371e2b36e05396a925d06886cb83117fa2ad904c6ecbb3f3657e7e972fcfac5f
SHA512 e060048cfad122df92d1f28951470439cac43b3e39f30182a23e6df023c3afb94c18f00be22936fddfb31d79b7fef958da4dca391ff9c69bf8ee988780eaed64

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 6328e78834b56c790e45f013c75c4f7c
SHA1 32c2fee614c4248ad0655ee5ccf3ddc98a254eae
SHA256 46db7db91078993b65d1efe82ddf759ce31f59b773dd8f68564035af586fad39
SHA512 0132ee4d4e649f1d3ab2a9258bdbf10674ee00f1b18c6e863df7878550c6de7b5bc75c6aecafc48b70f91dc8f83e6e910b36744d35dd53c22066398ef84aa7e3

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 956bd33d2352dc6fd0bedd3d02ba18b4
SHA1 8d98962085186905cd35933615b38ff430567a18
SHA256 b1fafdb6f1b3061b31b286253a3df000328020edcec5c8c7043f91ad4f45cd3d
SHA512 4929dfcd6a8f9d3107cfe0ccb0723fda087919b4c0b897a2d7a53403688e382b47582b79c7e389fada5f1071e82592ab502e7f4c37a6434f84271e3bcc618371

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 4622a4b682b9c9c05d22ff3836554f6b
SHA1 70e67311c3a55ea415428bc1f1e393b7a1b7affd
SHA256 fedc445f95beda2569038658a00af4033f5cdf0350edfe31a96ac63eb7aa62de
SHA512 6687ee0627833f7385d4c52b452cbd9ce55a481b9a252b877cc261ed4b906408f0a9c6f760121a8a34728bdfde6b2848d77be5cbc6217ae3f30e18586c589ff0

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 8f60aca315909a979b00f03e27c4dbf6
SHA1 4d9001ef61165f650cf9255c55dc77ae68ed0af4
SHA256 26299c2318557774df9c1c32d4ac0d08a76d1f17f8a5ff5223df374d6649d552
SHA512 255a1e192bc62e7cfa00e59cb6c956cbbd0b49219a1ce7c20ecc16bf6983b98b4c0d7fc8bc177e8df13a347ddc8e3b01005220c8b798099fcf604dcddb623eb8

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 df3e435c1a7bca083419797ef277be58
SHA1 766e36de2565b5daeea2ce8cd21806ff4c91f268
SHA256 1b19a49d45d19cfc5c3c15a0345b3f715e249c0cc5548681f138b5365b6310e1
SHA512 4ae2328e51f28e7ef64d36ee5f0efc8dbd8d2c0533723b0172327c948fcb4929bef7e2a4bcbb0a8f69b55de76804a9b074a26ee41d0c7bd64242886b2e005338

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 7a648e92cd9c688e75c3bf9af7062559
SHA1 b97b4e1a6397dc248bca855364c3662da2094723
SHA256 9c0a234637c75c659f34714d8942b04bfc5623a3d6f51e1626d45f689bcd4f81
SHA512 924fe2f56ba075e59f58a3dd1c562a3a62b61a7a7cc9cc1b99c3b540bac00d568986c1b93f29aa904494b9040157c7d4955b230f12142f922f96fcbd2da0b22e

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 2f2fee9aa71c1084ea10d431b63bd910
SHA1 a888a76a564691ed6d2e234827be642299b55aca
SHA256 1995869b211049f8aad20238dd101e0af0468c3dd70c53b0dd350f67b9b737f3
SHA512 a150dbba7d8f20910e922d5b079e4dcc8ade7bb95561dcfff18c152ee9e5616120131a2f5ba8db3723decf57a770aebe9669c2fea34ec80dd95f30ae49e2ca3b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b8552a7a39891d7bd9db6b0785d84ed7
SHA1 2055b8019400d503655e2d49c0167a94f8225946
SHA256 047d6f7aee911023060a2e4fde551d2c55ef39ffee022441d009847ad8955946
SHA512 da148a2b3fb914727bffd471be42d2b7bd01eaced2dc09239505a911fbac24f24aef37740c8e201bb8f942bc759fb3fa63a76d8f159f033d4998ece4bbfae70c

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 089d6b1f0f68001f2e6b1eaa9703ca0f
SHA1 be7b69571581b0ccf945ad10f219dd766bd34827
SHA256 778fa42bf56e451891b381212a0dba7ef9c16cd40a963b8b8b6bc16004692b8f
SHA512 1254dc2721608545ddff0094c893dd1f78e49a688898c2991e8b4ab1042a65eca02df030e491315855c8f4b3973482daebcd6e7e979b31f417ce3a1489dd821c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 df61914a7cc41501b38250b1849dd3f3
SHA1 bae176ba35606d5160a50387f2e00f5d9f08e985
SHA256 12b489e54cc47d059f686b40e9b39a16562e98930440ff1a2dcbd5b59187c028
SHA512 eb67bd6fecb553f43f346c1bf15b55352a2be73e2314e348cb704ee32d899e8baf393050b9909d49f910bbb78b5d623e00663e82aba11f5f7cc1ff46fb7ecf95

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 51a594a488d7084fc590a078d2fd5f40
SHA1 be489b0123dc3f0dc6174e2f13832d12a6969590
SHA256 912f4b717a93b6778ce91d47bb0fa830149a1a7705ffa51cdce9820427977cb1
SHA512 30bf6cf9344318f3157203268eb4e829a75017f587ab677182cd0046ffa9c12d042c450cbccc0268bb395d638eaa063ea34039917236a1e9e5a85e73c98c9d60

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 533123006c95c44e9659d044338682ed
SHA1 d0629ad115fb8576a9f16b338efe48d8df605543
SHA256 f9ce1434bea370025574a6232844c1ef10ff54e132d30c02c2d68a2d93da5eb5
SHA512 9c997c7293a89c26edf71642c5e468e81119cb6d2f5fc0a73acd065f72e21d35fc9f8c2d3a7d31f1548a174d8dd05ddbaf17554097b112eaf0ddb39fc136c76a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 bc1649c03267b9fa8a0a7009a4d715e5
SHA1 eeda3c828e0e23e9e64a9350aaaf7b0485a2e4f7
SHA256 ce8bd8a8c416008cdce04ddf43b0469b4f281098b904c615c454233a8423dfeb
SHA512 d15b5fd3cb2740fa06f1b0b341ba7b6c5f98069d215a705a6491db2789006e9d23668427e81bc488ccda89b5a0e3f2994f78b3f047b32623bbb1423ebc55cb70

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.EnCiPhErEd

MD5 6c815fb8c37379cf5e178cd2538bc8ee
SHA1 6ba1200f6c471224e24d2d3152ede77bc1723589
SHA256 a1636a6ae560c28a646ccdf57d1b332d3dc36a2c7bccc9c6e6fa9e7829f7bf70
SHA512 3ef952b60c8cf19d3ea01bdf906431a9601b7432e4504dc29e90c7a8ad4852a5eec896e89d1feb74d25c0028a9bd9aa555d26a554607213a1c92153d23f25ca1

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 ac853d70aaf5b8afa5c0d422ea682767
SHA1 e7e83dc879abe91dd19db8bf8db8905abf375d4e
SHA256 15d3fc457045915564829e225df7cc98d05fd458691f8a9a407d56be60253715
SHA512 fd68dde4ab72361ebbd9627389f266989bbb6830bc95f45aa7e3c2ca60b5ca98d163b9299ed057587db2a7e608056eea97a9d9b98afca33345cd78431436427c

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 37ab2f311f59a07e5156b38eae93faf2
SHA1 82244fd83850509c5653661a8dae646bb2d02ddc
SHA256 98c058139f90b4cf0318ca6a23fa08732e226a52380f16ae15f6b7b5779b3487
SHA512 91e54f42888d01818315ee09877134a2fcac2eb4e0f6b6734ee158f7110cb09b4507596ac1a3887a97b37ba6ec458f8d8c12d6396cac6845bcbb1f0f0fdf478e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 384f62b65b53afa05fbc6a2b4abfbae6
SHA1 6e5a4407326015fb80962c0f09d436d14b63d67c
SHA256 f73dec0237df1c56719f672b754c9e0efaccde4c211e1064661a91c374b96f8a
SHA512 8b441d2d0cfacc1a24638eae1cd80c98c0376fbfd5d9537a7c25bc3f3d6bd0dfeda8642b0ef9386ea126fa6e225fdf4419fb5c340793afed6ad11f56ed5ccc20

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 ebb34a42d837f87d5eeb9888a5a6395e
SHA1 ba6de136a75c5fa1e7c1327ef2ae8e179ff0cd5a
SHA256 5f18ea6d9f18cdcd37ad956007b3e7200ca62cce002ac90cc411a78336127ac3
SHA512 c33e1b5891716d38c141f2a60924d232f4402e8d36f987d5de28faabbb855931d2759aa869fafc7660352006beddccac89a564db849c99739bb3f2377b0c89ff

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 b53b58928cf530dfc6b50026f84c7575
SHA1 a87c309332c316f509e332c965b9a9a1e0cd91cc
SHA256 bd22d1ce520ca6d42d372a90b5562a41ffa5d7f7b434beb007b228b6dab5fa75
SHA512 53d821696a3ce99b4379909b40eb6295c073dd75489c8930842b4efd8dbfc29fa90c48be462a7b02f17f7d6b914eeaff29852e9200e32652f2600cf038c381ba

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 ebf8e1d9bf92bf43eaa6ea5cd5f0d833
SHA1 c1adb6b00fb30ee7bc603967294a39794e54208e
SHA256 3fd45e1b05f27ffa32fb1f5da846c108a8c4436ef681be27cd7ca7971d0f3478
SHA512 2b8557bab14ea027055d8159a97e79dce1328e43516bc3dd3605fa6ff3c595fb57d14ff598b436d50057f13bf9645fe395f56fcf859845212783f33e190143c3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 5cd75bacf793eacd6843c9767768b468
SHA1 7e4648a784edb382a07bfc85eb6b577feeed0d5b
SHA256 9cab701ea2eecf898fd580e360867b70aa6295df1500cba8a596f6d6d37ef0fa
SHA512 a821c5386084c765491f92f89c74fac906c647c4fb205ebc2ef350447233e613c11844935c425d32ec6d21f730f13d65891133805556250a12ce8689283caf00

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c1e349762d44801d7872528b532a6148
SHA1 497158a56e36f81503a0d6a58ec7334cd73ed87d
SHA256 7d4dbdc594ad2d1fbf2621024300ecbe3a30f0d6708ae065439d67d65bf76ab7
SHA512 ac497a49bf9511b13352c2630368b268f2a685791dae24adc4ace9b0a0b5d30a0b5d086342855295a4574fb2c2fcc5ab0a2dd2982898e885f7aa1bf48c9fd75d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 29042642abc226857fbc7a04400e6d2b
SHA1 aa642c3828f8039359a84227d562f735f089970a
SHA256 c435c7a17658daf73b49f3b8c751ead70d3bbea006521c6ff07854eb85f8c958
SHA512 29e592087245dfea8c94c7a8d9754b0fe3e1b169a82b730e579f3f98ad62544ff8281f07f009148834f011509c7e0f25e62b3a85e8a92ada0407c81e49092f6c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 2cbf59cfffcba4c87d029d7145c33f76
SHA1 f25ca0d73a82d6b87076e12d334ff95f715011d3
SHA256 9cb8242f95bc4177f9dbd01e3d50e37e80c5440457a8aed0a452894fde52eb3d
SHA512 91f559775e086441777440ee4e881cb2876e8cc344600d61b4b2154d3bc09f13ccafe03d8f77d6fc665e1683b8bcd57f4fd72bb704ee3b796df1d7487f81320b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 ba16486f2e81abf0538fd882ab41f25d
SHA1 2b35677bfc982bff7536cd39e4ececba450e75db
SHA256 d4885c0e4bb9e60375297c955cdd704fbe0bba331bae3b4d8a3877683a22c79a
SHA512 537db4f2c2d3cf257cc82e0fe3a39aea59014d0426f4f0301429cde9c425363a02d33d72799ed40a4ab62b1d9fc75553307af57a72b6e46ecc1cc4934093d7e9

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 4082cc27797626addc25a0409a9c9a26
SHA1 930f7ff5ee5d9531be11a31da04cd1a9d56adb49
SHA256 778ee88f0348c2923aa4c887a7519e20f7afa19c35a60f4ce7368daefe561099
SHA512 bf7058eabb4ace02c7c7dafbf2b666a4aaae469cb7cc972151078af5ab2d81514824ebd42222e39f4a863c238ea868df499630516b64c5a7bc1874f68e31b5cf

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 766a96290c1e2af85302b8a9cd15cc7d
SHA1 e1254d1d0b5c23db24577663b21227fd1f7f8d7a
SHA256 5dd6957869fb5d9cf99213cc6f68d49868cb99fbf6bfc62973b5b833dff972b4
SHA512 31bc9cd49dea8c972883311036f33858f2e0c13cfb8edea1bcb257ee6128905c0e3669e92d53316368debb8fdf34c9c61577963c97909014d8b5f94b0ff4b833

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 88ab1240130aac065c163f63dd40cc2b
SHA1 8cf011af764085cb1cf83ba686d76c16ba445c0f
SHA256 2b3cd5b18bdaac3a47d33154aebc84de119c7a6901691840bbbfaf90a88d2f96
SHA512 a3e89e564fc2dfe40e12b7713e1039610052687c30cb9b42630a0dbe438b9d87c37ab66924b0a8924426c627acdc1b175ea53d50eea58b76787d07bd51d704e3

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 ccd5eda61262d2eed9a8779109cfc1c7
SHA1 6858a6e944c8b3a34f76c3ecc68a052552f73157
SHA256 0480752c2cb29d7ee52c35c191a1dbbac081ae043e101849fa03696c26997f34
SHA512 7064442ace681e8a46275fa8c1a3af45d5d591c4394e89bcbe72a17a76ad9b52e1ed607e79cdca120494c71cdeb320cde6b6d99d9ef00147afcd4a35622d9d73

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 7e1c06930ee582d17af1b08d4b7fb853
SHA1 3ae66870b7578fd77bc108d8f89b62c5b832c03f
SHA256 27116d88d6ca5b65e7335a12ec285020b2eef7124db3f857a2c5abda38794aa5
SHA512 822ae2bcd68afa26e77f5f457723a846041da4f7be29995c0579d869148714c65c99605cbf85bd94d8601b02b3c25b932c6bb46fac06a790c0f5ad6a16f4ec01

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 0704762388d63276b608cfe75c5e6ffb
SHA1 f5ea4460e8e54b87b5c910ec2154bc06e529a13c
SHA256 2d94ed766fa0de3f208005324537a8ea2149f88ef80ace71c94ca4a0d1799092
SHA512 68e7eece3891984ea249a8fd05315ac36d0cd33a40d0acba98751bdeeb9960eabdec05d1d29e98a43ec54bfc8714ae004ee6d38e88097bef45fa3953f4aada8d

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 5ab82a454ba7a05090c92bc5e873f6ae
SHA1 5b9030989f8561cb80f90301e42156666176de22
SHA256 99bbaa627b9d775b7e23e816ba5bb23fb31a8ce21af97e2506e613df6b7b7ea0
SHA512 e2858c73072233e13a1753e36d2a75ec52eb88b8666caa7d7d0ab9622c940d306103c666d56a734734552a718b9b7b02a4601b9717bd80a5809b76b39a14b519

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 a76286d67e32f27a9a3db23d566c3916
SHA1 37622362c5c365545c310d914ad7bdf518b01b22
SHA256 5c3e61112c618e92f139928886d1e2a06f991ccecc7a74fd53c5a2975856fd44
SHA512 20e11c99d451749d7aac8c459e559d3e720bc41aae6c1b9b5a8aa9d56b97baf5c94d4136fc29206ed6b8f24eba8abdf5a7eff6a2e21e7ac2cf7869742abc9095

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 69599f7c3b9e9d13ec42a36b1b4e1af9
SHA1 fd57942d34671f939c0d931aad6214a6237d9e6f
SHA256 1959cd233b29d2db99510785aa5684e8573f2667eb136ce7a9c244b1f4fe89ba
SHA512 bbd34d1522f365cc2ccdccf9aba1b8f5a9b433968e10e9094f9f1a0dc32de58695a5327323c82021fefa53c7f68088885b81bf6b2294a6f2b91cdbf8f3c7e20f

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 722f71ac26a3d3780dda3d6854aad6a3
SHA1 4075c1d848d648d94a36a6c880f1cb14d84aa150
SHA256 6ba141f7b0c9410493fa091e31263e8a21aa30748dc38f1b6171aa330cf6db2d
SHA512 5bf6c14ba3f72e84fa71188dd0ba32a29fefefb0e28f23cca6f09d6c50ffdd370c31a6c9ecc42475ba1eeff568fd51b19a81ed7a1acf4e345f61d80df8397d2b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 41a9246307746d942132514c83546804
SHA1 19991750c6c2e70f0ffdac03ade5aa354d75e067
SHA256 f215af58478c9c819a8eeaae436f492c9b46d5bbfbc242cca767f9761ad2aa51
SHA512 c81ed365480e4b0eb7086955f946cb273f064983a54350cf0077914a0ed7ed28e8cf589095b4f3de74b2e3b9f59c802366321c0a7686905b893b2b4f103a66ee

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 d15cea1cfed312ba54cdf829a43f6e66
SHA1 f4907e570d21967104c2c84a4f7029cf07946506
SHA256 9c142fbc847787bc95e78afac667bb72211e36144cb93a29500de33a19b79114
SHA512 e1ec50b2df3d9c068f1600acbba3b6fc9616f258b35137e1585fcd118908b4ddb311971bdef98a2a58d33319dc5eeabf566807e4141d562f4e89d146934b77d8

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ba3f80f7c23b66950dfbe5ea59ab0f22
SHA1 1064ff531cc54854b78608fc6264d61a86e801c9
SHA256 0c9bfe4b4646ffde7ca02a0fe65c5be642110288ccd606f29b1a320e1e7bd6b7
SHA512 bf04c6175ed4a6d03b185d05fe112bb692624a601b5e2a314619a8e1e028d78146d9a2af6feafb2717b812cd7086dede8460fda5128a01b636c9c62114573f3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4e067b7a59da1c162e91c5f8a8317a3e
SHA1 f7a47bce304792620e2c153cf306bc3218f01bd2
SHA256 fec66876f23da78eef8501fff66beff2a2158c4dbf702ff3ff1e4e110d73ca66
SHA512 743677d982aac291a5798edceccef8b16e6ca44269597c2686743c9d1eade4ec9b78ea50651fb2fdaa90469d40eab8abe6add549474c486cce61617ef9f0e192

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 7376eaa875a962de0d6ed939ba93e371
SHA1 b963fe98785f65493db0f1ad73dceb6decb14ce9
SHA256 7bb3e05fcc2e326c74d9d8d6b84e0d795366b0d7ac0c361bbc21d0f183b0958a
SHA512 5f645cde7c16efda09cbaf71efe05467a87e1064e373e0f888362857909968ed6784e10b3715d06f90ce4fc1f6b1ff19f986e165f36f91fc19a389bf82d65170

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 c8dfc96f9cf38ceba8edaf6e48d9cb46
SHA1 24efdc9e48e5ac8df6830cae55031288701ab852
SHA256 70cd029af5c606678c5f3e371fce3d9a8e8e4d6355fb6bb5cdf4637af22d73b6
SHA512 005620e50e250637ca8cd9f79076fe784fb331586ee1f6de9b7d6bbf95b03bd38bd621ecebe4c3efa098b79b8de8de8fa00c0c98442388d2d0d26d1913ce185f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ffa4eb64f14fab27f5fa43e77938c0e1
SHA1 2c6c0d24efed3219948efbe39499a571463c2a94
SHA256 5af10aaffea787058491aa05b2814b921235899884f10f5048cb1ea4d5c222ce
SHA512 697759c651a4c1f629cc47057645b9ddc5becf92d810e32ba1a562ff9afea0beb5b235b8392e294e46b8c026eeb1b56e9dae7315fd9b14b89ef644474ffceae5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 5e1786b6742f29aa63bcfb05b0663ec5
SHA1 404df5278d6302cf413b8d3e5804271ed41a8d7e
SHA256 4fa065f8b04c54c5432a9e43f6793608dbef685db052ab7ba7d88aa9a56b447f
SHA512 f79474476ade697e73be9cfeae550ccdb28afc2c6c3e7e2a6f4da6f393343d734f6473c3d2dfb2ed0068fb246fdbf3e5653bd511ee234349a9f8258280f78ff2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 96f05581345ceeab785415039e0e5148
SHA1 1002653e8b5ef18bc2481699566cfb47ea2ada0d
SHA256 2e358a27603093280299194eb2d1e81c7cd46b84960c05c4fbe16095c6af811d
SHA512 231ede6b6fadf8498ce43add1ca6e8496e44acd83b031809d9484869467b0f9323e2817abca76d8282e9aa50c543f8301c0ccc120d50acd709f294875bcda272

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 1deea9c99afaf3586f24e3b1c5e9ec70
SHA1 7a548f8f9f1e3fb84cebbdbe3e4bb10b5c571620
SHA256 efce53421117569c55576b9070efda9d779ef58cc08f02b98c0a843f0fb585da
SHA512 adfcc2e72881df8b9de5e24242bd6c3207b9ba787c87a230e4ab37efffa82c05d8c7f6816ac031ac3a4f7a4290b3ed2a33031ee8b55e3283769952ab9c0197b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1985be7bb9130d94d831a6f2f12cdf90
SHA1 457df652bc18a177aeb9744de6e4d7fc4effcad6
SHA256 e1ed23a09bc8df4b163ed7146b3917289731a4ef4616eec13b6c08ec6c5e2463
SHA512 663837c9e38670503048cf06ec70429a7bd3297e45c8924fd30954be7c387b6ad67b30b23da0f739f7c179ae611b202cc9d2e8564a042f890a4fa25632941adc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 5be2c51e841c51d2a7ae9db970746ab0
SHA1 a8d9ec3af3af79f20affb470374a8573c67ea707
SHA256 4b5cbc7c2a13939e72a30222224883731fb1a6d4c95b5100791b0ce03d230f5f
SHA512 4b3aca97086b1418d917ebccc8e8bf7655149019b0cf0b390bc3a398d7be2ae9928fd4d331959ffb19ee2a08472a202ac13c63375df799648b3f3d1d89f2b7ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 210dcc97a565d2bd815d50c841d189bb
SHA1 349b0faba5510e54d62390a1db47a4f3d52638eb
SHA256 aaaa630886a8a2b200c937f393410ecdf47388c7a1d2c047afbd011d73e05cc8
SHA512 b5f48f7dc4b1d4044ee55f983bcf057242f38fa1349be2f58b005aed5b6699897f51384c793ec2d6b727f9544de5bae7d9d2bdc055f01c856f545c21cae86db2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 1ffeab528c1dfb21b2e5852f14f8dcfa
SHA1 6611acc3d693877984f2b0a5911e28aa3db0c3e0
SHA256 e1c391f0d95dde14453d4247d8173926c4acd28ce65b79e3c973c533186c42ca
SHA512 81b8e62dd8223a22ba02842bb0b4cda8f3a8da2a362ddd6da631b073dfa37c38f4d4e6c6a2e613817c714b22fa960d4c78521bfe99c4e38135cac5aac0d1a895

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 3e29bcd72eb97a4731ae69a78a9c56e8
SHA1 2fce4980e52f3053fafb4a7ddf80c6abca8d60d9
SHA256 81f1618eb3d71eb222eeaa592d55582ce952c1cffc94083073f74e2cea6314d2
SHA512 ecc5462da1e1a72c4b9793ac2c4186f86ac63c700ab6f762ebc8100391a4c711466b14f0fa50612ab99a155d590b4720265db0a2835e1ef10e6dea0fe3f4b060

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 0347c9c26ff7ba3f33b2ff9fdafab2c5
SHA1 12764efd02ac33d52e5b01ca62a1ffe6bdf07ff1
SHA256 c706396264169e72d0eedccaaea052260a528cac01a2ee07f70f173ae73704c0
SHA512 9ab96f032213db180625f814ecdad58c5c6e7ab080472300a94592d0994d18c666e2d7a373a1228ed437914ea1f5251ec096d87dc4278231e73e4570b5a825dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 d111ff883a471aa22df511d24239b099
SHA1 b162409714dbf2d4d6021324b341400ffef7d2c5
SHA256 b9cafb1a6d464fe01b1ebc494f954caa3b4afabe588842fcad8bf76e3d44c883
SHA512 9736a26b7294a1a20cb4549a4cf40c431b061de09e8ab58e1f5fc1a6aca874129ba09cbf7cb1bbcd283f406826397920255d2d2410d9b91c779077f588e17912

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 64260394eb2e72aff3a8eddc9eec3647
SHA1 e09a559761b8b0ea3a559f0ae2300f7f5f54ddf7
SHA256 812fabace4c5fad4520e398fbaed7596749c5cfa1a9cf9197fc745766c829b7e
SHA512 a741e3472d58f06750ee024448d43beacf143c8e7028d5cacfe238814ca50eed87b68cf0959281f6f6857dd9e6a618a629144a70de71cc5e9ac8d79890ecd89d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 947400df9436ab6a42dc4282a36f55cb
SHA1 6ce552c8dbd4eec9a5a620b6176e6ea2d6a3ab29
SHA256 76b2ce21e9806083eeaef6f4d05473bab1b0dba1043dff0393acdd8690c0c85b
SHA512 80dfff38e6c80ab18152c0838fa70c4a5fd0c348d9b29b9663a30c1c1406fc03f7938d402f49e4c6c1f4b39b575096c50fd14098830c049270e95be264d568de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 331cdd7851cc6878572374bb2d9d37a8
SHA1 4bd07681572d21097ab3b43b38d006f28a3a6cd0
SHA256 2e5a228961cd0a3e94c12cc5b067eb5a7e5c694ddba525c9035072e59b19d065
SHA512 574a329cce0b1a1a0a249a8ef50fed8174ee3f64d10dfec68350e83142d7f8842cd8c8e572d2fa28570b536b99ccf9a997f313c275b10147f4b70311e5ee99b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 f3c91b5d82fd980e6d310166d4aec66d
SHA1 8b67628946e097cf4ff53852d56788481ad5de6e
SHA256 fdc06873e9936b3258090f4f71e3a9345d7d0177f7da49185417e7aa399979f4
SHA512 aa4a73ed47faeca23872a6e3853064d4b0e864e17665047d762e354691ca868e273bf83027d6dd2f234178e981de75d9a312a59a8bf20e9aa413608998f08fda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 978e49440b82e6f41036ce7452c28674
SHA1 03797b3e3a64442b9b187cd12d19456802b0934e
SHA256 bdfe93c3693778a66d001413194f4845dddfe1e17c324f519f9eaec64712dffd
SHA512 3b5b2d6152885002b52201622430a72e0aaec9188e10bee63cde6834b48c9383ce2804f31592a30822194fb6a928dca05e83a3bbc2e2da06a647c2ec3428493e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 57859bf81ae2ae908ca63363d5fe78ca
SHA1 41a9e71d335299ebc001c8f9d10439a530093e89
SHA256 fe0a03d9c3e956522a6f5e8949c722c551f53321f2060995c4775283381e8b62
SHA512 953f4945d27968c11aace597973ab83cc97b3116b2da8d34f08d930127115a030c52a4117c7dfbb3afb417b9c1a7f9d594a1c6777dac400921df7973749d8432

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f72336f99ce3951a88014af31a521a84
SHA1 314f9206230c0f7d3a55ff1ba63f6fe68ee203d2
SHA256 5570372b5bdb52fe44522e0b61d7537c5d11c48ed2de5f203753b011bef8f53d
SHA512 6c0f24163c74a417a5f05fc0e71be389cf5ac4244db59ea23e3b75c1cee5df0ab3b23bc711623830690debec587d4c75414671c9a21050dc0337f628c2b974c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 3638a39ab3dc607b80aea035ae0f2e60
SHA1 0176f3469bc99a6262e7529d1b4771678427d430
SHA256 9261f2e95925c4178d4e5d87f4f34f57bbbf6ca5add71465bcbb1e87ea348153
SHA512 55eb2111a0da17697b2d227f46d3efff28835e76bfc4ee8b256e40c8c128d25ed6891dae34c5cf2504c36fc000eb9fa74b9d71c4cddaf4d7dbc01f0c93ac9335

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a611f93cde4a3ffa89c1ca01acd6e95d
SHA1 b49d31d0e5719e4a9891a960e4cc91a523c192e4
SHA256 52e2f2d9d25f64bdeb0bb946b7681aa380160018b2a4cd3f567bc4941515a60a
SHA512 c6be82593e60a7ec8b04a2c7cc259067b3d44cc8366b85efbbbbb03d8be80bc51d4e54693f5ed1b3da5bc2f5ebd8113bc87c9c98fbcb64203ec19def7e105a9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 6ce313819f05a3365a00ff7200725c5b
SHA1 f4cdd6c36fe16e6e5820d11f102d58c2d5208a59
SHA256 cd8f3f6fbe043bcbb0773e55f9e56fd6cb0c837ce4ebbca79f57cca2efd7920d
SHA512 2d3c0fd7e8a2fa5369b20d76fbe9f43fbbc551e72f2e9a779d99555147d145259a426a2e300b92bc7a6f543704474bd0c1328345bd162d85377a843d5d28c76e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 f7267caeabeaded8c64b93e4e3e1d5b3
SHA1 9c261e035b1c8cd1455248a9675b2efe83f4997a
SHA256 4364243c3687a46256deaa07f18420dab889a308cf4f56f8611fba75ae7192c4
SHA512 562e306743830070a7029ab5a422fc45e77251f9e41faabdc74a03ff696b73a5b9718d0a90b8d79d6c259652e450df086eb4f6f0c61e635b222ca06ea64ff295

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 be13ad5c60c73f62208359bf80db6225
SHA1 720efdc388bdeb23af84ded63a532404fb819d41
SHA256 099a640a2aa1d6cf8021caa5b898c438a072f2829763aef184beea37d8f894d2
SHA512 a79ac177f3c19068e61457b00eed6dedeef9005cf03cffa8a9cf1b56505897364d00911a3ed96acfe100fe8999c02701c8215a478a12e0eb98491deff2adff01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 95af49facd5ef3e9c4950bead7dae157
SHA1 8156ebc4dad9e99949354cb8055ca33b74e13a3d
SHA256 3ac7766f2fa430698e96b5fa54062039f7fe26e32d78ce9e9c6c5f4188cb2e7f
SHA512 3a83ed127e0ae08bb0c8c9f18db3f1a7d505ae1cd4cf6ae02a0a853e65df20016b01ebdb856d5a6b1f9c154e3c90a31eba17dcb1f9cff9c10939232213ba82f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 0df53a1591c70496ea2c9c09069d6eeb
SHA1 6b000f70c6864374583f195101d0ec2b53ee20d5
SHA256 a71766856132b0962863ea027f9b5a45c1e1471c3d82e25b329a75f3b3afe472
SHA512 5eb2d7463292ea4a901b0eaab15776117c669e276040e31771750a28948753b6299033351b814d16c69667e8f605d7c18da7704c5532f75ea932cde97a4e1671

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 6f2aae859222b256dee9cdf51aca3bd9
SHA1 6ed29a0e90d11c121ae1bf6c2d26349cbd5601bb
SHA256 d270a954facd3c17f46ed4b925da4cff60bacded463c3edac148a9e08a4a171b
SHA512 fa09b69622fb2a17dbb1553dbcfb8933e75b8ab9f3ecae7cec24bf0f026180849c64c8f75a8e9e8d2b774ae53345af43bbd59dd42d1fde54362bdc8bd8f5877c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 297f652ae9846dce0489ab94e5286725
SHA1 693f087651527090274c810385da311e09005435
SHA256 73c8114c09bf82cf2e361bfda399ad856ed476d8deca6598cd1a40cd2f122ce8
SHA512 8d3b2dbd5ec3b00c5f89634ff3db3f5d92477924ab8dd3f336dce9ec79cad01d2186254edccaeec3958d0412a7f2b9e912fa53fa4ab54b818ad4f1018c35784a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c3d09588014c821567cd24f0dca4ef6f
SHA1 e55a2a704699908caa90659c97cc2ecbac79ac7a
SHA256 4aa4a610856c736db1f2f9a3bdd0a5d88a79ab132115bbbf035d62fc2a5f86d3
SHA512 0ffa0c1a8e5a717d2569a3d7e1599d048b97d7230d0b177d2825318989a5a9cc93f0b117eb98c6342296bbf4ecaecfa76828bc2143b787e0d9f388238cde0bec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 3aa545af672c2b79492ba649d15937a5
SHA1 0dd8e6c95768029bb07ff43920b85cbc0d5deeab
SHA256 5321889262b29951207b0cc26130ab24499729496f1d0c35a13904e44e566efb
SHA512 9c9f4db4325dde1013f5491e97458e562823c0ac52b4a057c85711775141ff92a2924bacb3c7940f49bb59446255a3acd1eb88c83c3558b9c85b97b3f8b91245

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 38ef4571ae99cf366ae5aee1c23b6529
SHA1 973a6c013c5f2d7ce2e0b33a1f66a9f8127453a6
SHA256 a1fe8a32de3290ddf5631aec5bded40d7aaba4c73b181c54c26bf42c65de2f3c
SHA512 d05c2d36d0491d6e70dc6c77ecac8c24619e5ba6c5f8f2d12fea0658b3166ebd399eb8fc5caef04325d5d9f830095fb58d3b14a0ee357d4adf2dc63f531840cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 cd7cdca706dabd5890b288fa6dbc57c6
SHA1 1a203d0c2b949842315b9b3badd1d5a86a5b7305
SHA256 3e89744c103964a7ec3a65b73c232fc8df9fdaf8b7b603d5eabdce8215e75ae0
SHA512 499c7932cc0581e000dbe7618a4fb9b2bb42888a0c458b976d66d32bbcd217974fc68ad9cd6eecdc1fa143d0a904372b2ac259c9257077416ebad857376188fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png.EnCiPhErEd

MD5 87edbffa4ce17e8ff23700437bbff814
SHA1 753be6fb7d68bc9c883fedc3ab44edd64256cc03
SHA256 d284096ea63c690f90ea10b783e99d1e5dafae6a9f8718e9370abc6e8a16a705
SHA512 27c68cadfdeec53cb9ef277e74c3c7b64c76d37bc31b59aa6f968d6e60e4d77f2009ad2acc78d2c149cfcc7aaf876d6b95195d8a7c2d515586e29d6f09f2c3d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 d24519dedce36e56be6d31a1caeeb494
SHA1 cdf01e89c36781709b4b4061997de4e8fc093fd8
SHA256 d61a76fe2c9010eccfeb876430c5c7329bcd65d561963c1dab6401f9a2ed533f
SHA512 70d104482e8f166e69bc157f6d5c27b1357f8b805525ed96b7470a05bfd0a3b88ba022a85268b35e73fda777af5798cd98f90c0afdb39905074b5bbac9749244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 4283b4af24740e70a39bf153171fffb0
SHA1 b89f4820ae616eac32e249702eafb837fa9017c2
SHA256 8c7c6934af919bc58c5a974f90c6cef82902cce519271ff37d28125f115bba4f
SHA512 72d84489fe5b58327e9e5d5e1bd3da016d4c320873c9a95dc9f2bef5e282276db3da1715e6b0e09d5f9b705222169b9824ca146674ac87b2ac531a0bf4cd4c24

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 b4a39331b1bc28cae26e57561c1e9633
SHA1 9b9ab915c92ab90082123fd3da32ae9a4f9b8a4f
SHA256 eaa11292e132d36d59d4fec583dc6b4f427a8a9891f461cc07964efb4f160692
SHA512 93449c194b382c682ca7a57d54addeeb8851688ef57af55037f6dd7d3ae0e946e8b89a2a2b863bf0014a8934f9d4a0235fda450b0e819735cf47406de1b506c0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 80d8394cb6957354d847cbafeb7b03d8
SHA1 d98b25460194977bd0e27ca8486feb04dbf5d534
SHA256 b080c11b2301cca3ea0c2293ba649bed1cb735696590ade96b89652ae1014751
SHA512 bb735faaf79d92edbc6ff681721a8d77a51d632c6cfbe7cd9cc64bc91776d7bbba00afddce6f54fef7bef31071e6342355e16df031a34e2a692d1b52059f61a6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 0cf5d40d115aa737ff237a24eda58d0c
SHA1 39cef9824d195d82554573a75e4468707eba537d
SHA256 5ce3a40811bc4375395d2a8ada647254a8fe0745cbb0dec0c01053a51efa4a43
SHA512 44dc7eee248aa80dc2109c759851cc952c2864f9fb39110816f2c9fc170a569ae2907ef40feddd40c58ceff780c48999f97e96685abe6388636973b998edceff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 0721905f37396ae7f9ebf6475899b87c
SHA1 2f9ddf175679442b77599f671df04d05f38ae20f
SHA256 ec2570e74c8d340e7b531e25b9bdcf342b0315afae6a023db315fc194dd62fdf
SHA512 fad2c03a7d47091eac9ac1527d3ccf3e11d3037070206926b441df9f2cb96e5cfe7134d537bdc8c8e135a3667525ca747311091c0154428d791aa91a31a8f479

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671421639851.txt.EnCiPhErEd

MD5 ade35395b0e62857196c5d3a011a2c5a
SHA1 fb39e1a51e2c249fb0e38b54016d0fb5ccc01dd3
SHA256 7c5ae09d259f889e86da1f817a3032269e1a29eb029bb13c8d41a492e2aa3150
SHA512 528adc991f30ecd6bfbb32420a61feb29081a4e74593af24a99948978633a230651da51a20b377f66054c6e52714923b078adbe81b025905860d1ca95897d83b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 c97acaa29c88a1acdc5b4029332c455a
SHA1 739ff0bb295d8732834e110b299432a6fae7bc94
SHA256 ea57fbbfce709064a4e8dcbbe056bf424d46a0ab59ead729936b40bc6b6b4bde
SHA512 8ae2ad7ff4d219754f7a6a65acc9dd9eb0322039b5034263e65047a985064ca6de4381a1f2020b224167e517660f41bf1e899e88f87e783721b4be7776fa3ab0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 16948287696bd83c728117bc9d368d88
SHA1 13d7d587257495dbe88f4cde05bbd4eb4f4307cd
SHA256 c22382209c6180de8e8142d77550393248c6ea3c04e36293fc833dacf096b258
SHA512 f19e35c5ce6c74269e6891e83aaf7dacf9645ad8e841c932596b51f1cfd6406aa69f3800018602c7f88c32f5546b9d7609be7abea9a37e297ea13078e5a2a299

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3b43d41fcab5736f10e26735f6bbf494
SHA1 f03a6d7c69d87468f3102c992b4e341bde6fc6bd
SHA256 2cd80b9ba3be52f66ea6b2a071bb37012be2fc2a5d3cb2aae3ffbb6272c2fdad
SHA512 5e75b0454d71ab6216bb3e2ad27e04d329cf364885fc7c50f85fb6240a3d833d0630eb2f244e485cd095928b38fe22ea60cc7864bc2ced6d4fe9d779c28f3950

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 bb433ab049483e4dfd3597be7b8fbc26
SHA1 b896f521c41b9dc9b0c7df85f46b30e86f03c4df
SHA256 a96d33a6daa105c759a0053a4da20e993aaad7d8942bfa4ea16f97fd1f2ad29d
SHA512 005b34b39c55ec5880b6edc3243acb9f058715130ae344550ab0019d027acb1c6950587937ec13dd7bcf67c2bef401a8b537b7833becdf6c79d9b316d0ea6db1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 80a60f1abcc95946b6a1c9ff7b9b19f9
SHA1 e60ef8d370a0c9cdc97b801bec3cbc6fcac66066
SHA256 3940e340ce8b21ef912cdcb5b63b358e5901aac1cd9ba25a191869f982f96bf8
SHA512 7969368486c7bde6d81903b264827e462c06b8894d14636b2e0ce38ed55e0d89ef1a43200855c879f2d06fee5a7f8494517e11a3cc9a497fe9405a0a7a1c67a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8b6e92f319c58ff46663c9fafb275423
SHA1 2714ac844cbc7e7229acfe34f9693c2dd5206696
SHA256 7afacc8582f3bf2cf6186e8aa7bfa29c147047b4c1f3677d9dc10b67707aaa4d
SHA512 d31f9eddf61ebd4c21fc934c34810676bfc79bd33d624ef7cd2afb0046e7b00b0fada38209747bc2ec3c656d74aae0020291a1797abde557fd77d11fc608fb2d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 491e120b7e3d43f0490ded73c3595cf7
SHA1 54f717fb3ead5234999d5012055a280c4b67564f
SHA256 b4c6283dac0c0748867d89ef54fa543d6063b0deaa1c1760d2d15fc39f206a2a
SHA512 ea295a69acf3b90a87f8b2a67a5c4b5e900cee87c672135d1aaeaee5898dd10cbfab6cc8cedccf60a325f6eeea6322694a7952508aabae6abcefd5de688d1e66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 09af5e19ce3e054d23b4a22dab0333c0
SHA1 62be0cb08d48e8c1f547fc1b5c6f01c30a2c6ab5
SHA256 016d9b76cb5dd977f8bce8e990ca281179ab4452b239e07ab1fd09e76c78ce38
SHA512 079000655fc98d28cea3ca47ee4f2c78f0bd46c584199b9b4a469555c822d4068e5dc98c7f4eeac3229c243669e7de1153bba67a772a07b0eba9377c64b96c79

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1121a016fa828fdb1e7b3c5b35dc1554
SHA1 d61c65ddfb56e73c1e0566d0e5d7c95061726cd7
SHA256 9dc8e3285906cf3d8a9795bf3089b2a8d5e40fdd3228a32650ac3bcc55dfcdcb
SHA512 f129ed57151f9920486054ec2729748ae6b7423094a2fbf72f3c8c984cb7145d296240a859f8b0f25104e4dc07507538b0c96149859933128a7b6670a397f7a6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c3756582932bb16157b4910d4fcdb7aa
SHA1 01f94ab557b643f3fb79db10cdbefebae4d5eca2
SHA256 c596ee9cd91b557602ade0f537d091918e87192fecb1871b9fb860191556f604
SHA512 23491db7e6644199db800a2274615584a6171edda73e9d18480c335c3208a5ba8a3c2dc20f748a7e21972a41661d359d7e400414f56257fcfa2fa1b85be3a1cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2636f672a35f63e77073dc4d3a6c985a
SHA1 690e5e320fcb6b476a7c66dc527988b1e546991d
SHA256 9835832f637f8533ef4db7f49d0ae881e86f69e134106a9bf48a4f7f9d935eb5
SHA512 68276265ff09eb63a53acdaa25edbb6a15e07e76993f6393a0c677d1125d3254dd158aff7d0e43d924a5d5692c9f166e4461b86be540885de997f06850b17cbd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 587d81874565f88e90514a8072c47813
SHA1 e4e0a9ceee3de48c588afd14643d0c05c3e72111
SHA256 65eab9bd7f513c62e751b6d984a7be18442d7d58623bf01fafc03407971e2b68
SHA512 1c887a6f61aa3bca28766bc045ca1671023a10be4d6e024bc782be64c2d42fab1b56789d70dd6722401c55f56a7ee98ef9caba794dc23e699bb37f39037d1922

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1fdcff365a3d380aa5cde4fdb62652c0
SHA1 d6a68c67ef185e2cb90f7c65386bb97405fb2ac6
SHA256 5c056ff618bc35b5a6a074502107958ba2229120679c79e6e4c453b84acc207a
SHA512 34308f479f279114e684f26d88f5f5e17b47fc605a83e30d8c17ed52fcbde43013058f6e6f405fad942650f38402f88e0c6ea873fd45123a228bd4725f4ed6e1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c6c7ae36428ac2115da58029311ad0c0
SHA1 eaebd7e709f1654a8b3b63af0c8d13dc3d08a61f
SHA256 ca378e95e30046cf7bce84ede0bf19137dea8d70ffb3463881805b298b2d520c
SHA512 a1268e9c04e1eea1bf1c0fb4414e7b8e4d53b63ba71dca8c5d936f3198e8a1ca4150a690b5d2b41a5a2d02bfe49a3ff63d2bbe1f4ed7c241d3e8db88e0bea963

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 93d2c229a6e4cbde2c5ac89661ca6bf8
SHA1 941d8ab81652912d895ac35221b1849afd438732
SHA256 204626a0d8a123848f2dc552d3172669b3879ab1ffffa1a32cc69507c92cc33c
SHA512 9886a7367719856ab2ba979dc6b4c222f7df1219048e196bf1c931a03b68c198dc8ae4485cca692f3f5365d9a0226e553d13180f2afd684e5e33a221973a32e0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e0e517055c8b9ba9ebd2e75fad8cfc32
SHA1 f77fa5d377867ecff2e029128c21b4a9f16a5c06
SHA256 164c574f5c638087059537fed1a5dc48200a0998ccfae58cdd13763d00d4c707
SHA512 a97294b5cc5af95206f736fec2817b5b847d15591c831e5a1e7f84b8c245ee95c5e9face75c559fff8e6c6c33dc82f59dd33b85422c9c196536ae8b9aabf16c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4d1185abd85958c143819e0c25b67952
SHA1 ff2b136e06f09e3436545a12fe4224e8ad6a4a40
SHA256 476dc7d58c2d2ead5293364a44ef9e07637139b78249014b464c1f4dcde39f5b
SHA512 cdfc859ecb57a96327f702294e9d475371bd606c23a5327d159f2a7555ee73624378ded36d5a8260e2d798d3196c9a327e3ee9f019c867c1c475c88b19b616d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 acb635df96a84ff22785a9fe4030fc8d
SHA1 cef89dd63272c25a55759dbeaac0e80299c018ba
SHA256 b099ff737322c26a850d566eb47f1200297c8f4c4e1bf9b8d1116291ec5526c0
SHA512 07fe94b237a4a865067503156de05b6b6513e0626d4cad7e976a75839a42045c2a80d52938ff8041d1ead1296bb31d7da24f2c35fd725dff0af2d424e6a92054

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ea1b667392cc8f2d0d7927489973fb42
SHA1 dec5468e5ee5b1422ec4cc92d72f689c52ec19d5
SHA256 028537712153c7e60058012d6f950e101ac7592988b8c59586066395a036b5d7
SHA512 421adbcdd3606eb68d30d5587582e0c9fd4471aa012b7b8bbc67a7e7a293359ad32eebee95c6448652ba9a3aea21ca72429d5abe194bd6697f75283e2ee20624

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c3d9785a3b222b73bfcaaed0e587ef07
SHA1 6983fab8812abf39950bd8f3fcbff9fb463cfce1
SHA256 4e00a7717a318dbeeb7be9442ce03dd50d19bc52db8fe56e0d2dd70e8520636b
SHA512 1547479e1f15b07f6c00a848d2a6c9e9b97e51b9bddfed485dc755405837cd9c47048a392109048ef6e019d73aae096cec9ebefddf6f6a107373e7c6efce1eb9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 606021b96d062679749afe29fe81b09d
SHA1 ce2b2291ef46f4f74090e1445e4d6236e0737b2a
SHA256 f88fe3388e260d77a96b1f5a168f1091962dec4cf88bf3709abc219b42df8684
SHA512 a531fa426baaccfb994e20e79a672142c8f56c1fa40ec849e351b1b047f86ef627dc54df4d81aa7fb1e4e715a333da6c7512bfbac00822853e4484a02a8d530f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 208da73a73c73a11c76f87cd487c3ff5
SHA1 a6a57df223c83cf1c245b2e089a953204d49ddec
SHA256 75dde9743245840495147065e03e62a0b505d14edef676926994616dd72b11cb
SHA512 49a017b7cf0b36ad4f27bf80ccd6fcd1690764eb3d16ee0a2bafe03b043845bf3714340e1d5dedb91e0289a80f001d45e98dd3e4a488e1c550bc3094469a24e8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 83d19e3616867bf2708419a409b2d465
SHA1 5229ca5088bc31afba45827f8e260c4c485fe848
SHA256 1d7987a4233cf145f0d5e86dc7869eccad70dbc15f219ec6c9f9907347eedeef
SHA512 cb5a4054db36c3fdb33397e199c41e458111b2cd150af97f6f2883e0ad6df245a863d88b48c488e05c172f6113f1a49fdbd6de9d14a6733661eb530b36a6cee4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 9c84d2e68d71a683884207dffd9837ba
SHA1 bd9644facb2113bb3f0d94ed660f2a57f47a8a66
SHA256 69b7dc44e9ef673b56d8f0d2d23c6e9007776979186c2ff8f87ce11cd53b9b1f
SHA512 76d12ca382d491c5faf440430dc37c3d86c84510dab9be1edcfba0d3d58eea392fa58935d4afb37146a3386f28c9c108e7904cc4affd97277ad23cc25a6633a6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 06fa7547f4e3ab6bc1a6e940847d9650
SHA1 d58e324760bdbf4e0686162be81496166f933e25
SHA256 2e2fd792d5f81ed130cde4215d0e30de85325b074b85a4258463c205904f19d0
SHA512 598fa2f226d42b6c689d83ebac94e4fa0e4327cc5d94a87b724a504558c4553b5cdfafd3ae5b5c55f4cf6858b63b65130ba179c732ad693cfbde021387d47b9d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 0041f73d580c1e2798f33ab03cb6e435
SHA1 e73516abbeaf6f6580cf256d3da51054ac889806
SHA256 80426e8d97e3e628c409c6fefe950cd85000cbe626452a874686831194e86b75
SHA512 06ddcec1e7bb2ba0a5b7bf40cbe4b6293aa71b50696638905d5a82eecdd982d5c875c21b128e8ddeffbcacbc7b4fccba9328d93703b7910bf5c2677835abdf48

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 c67b4eef5782edf5caea4262ce82e743
SHA1 a2eec0700ab7d47d1ce6d9d55b3b362776cb0a72
SHA256 6450d3445e30e39833e31873252cec961c9e8c135a074078566167b005fd21ff
SHA512 49b260682d2e32dddd5bc09754429095d352ea94df454526681602d1c10264c63eb75c681542a7ea2114df903eaf3f3a4af0cff41524f9a7570b314026e0f96d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 9755fa3f03281ac03996139a8772eab7
SHA1 8e91fcb4e4aa409f4b4fab386e3201c09dede429
SHA256 7b585dfc7fce3e1812da8e66094ebd940a63f5de9ab90dd7e52a6b9887e21ce3
SHA512 c9e785c4c79efac7dd178c515d88576258a63f34581efc889a055c8b026753dee062aba2d66796377eeb8b204988e99a47368cb81e5c4aa9199037c06c2ed74d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 6f1d91c316b532ed25d04472a1a04f32
SHA1 b3f9de5fc3d0f0126999e2baa99785d2a0f8cdb6
SHA256 9cbda5d2187619992274eeb7c5f53fbe8e1c8f793aaa7239875a2290ad35c888
SHA512 fcf727badfc9fb6aee1534638a24d435d67ae34c62ff6848b286c8eb0d0cddd9a01003cf61889c7960dd24f0d43c1aa7e8adecfddbc4be961ba61e1089e079cd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 fa9362790dc230fc1f45c97821a68c5d
SHA1 c8b00e1c1a8c9c91ea644ccb481d76ad624d44ff
SHA256 578ff4415796097f6f068f898c8595a3ee50d18b7d93491458eafa0e0fbc6fe7
SHA512 acbbd5cd451d10d2479f995f78ac492f054960cf62958ae9757dcb6311c4754491dfb9b74999b2cebfb8e59190631b50404663c706a57d5b0f53979a5c065036

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 a9e8104ad8ff11b449654a75498ed95c
SHA1 5f4893ba0c356f546d429226fd0e1b396ce277a2
SHA256 c481b66c6815e23967efb65a39f6be2d91e942cc660842f6dfd8555b5758b25c
SHA512 4322e77dc8558dd4eb62c539cecbb3e6d36ffd2840c687efcd1f6ef0942090659aa88c43808ac80d0be2bc328da18e6f7e0e4a2006e40d66204fb179226b9465

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 927d0bf37bea49b73d55f18d0fdd22da
SHA1 fe4c28ecd10ce451e411ee47b26e88aff469b3aa
SHA256 0cca4d7dfc44e941ccc93e6cb5c7b01aa3d76915245d24aa428496fc6bd99450
SHA512 b00e3029b532561786b2804be6e52b6238ff911923cdf95dd863550fd0a72663a04f90f2cd4934763309789866a8813653437f8b9de0299fc4045fc4ac1fcff0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 a22256662349c3623127297363cf4fbc
SHA1 327600f36bc4b80dfc1e10023f38012877fcde58
SHA256 5ea97d03a1b08639e00171a31ce09ad9a7fff370583f0f34161bd3c250c7aa50
SHA512 89876bdfaf130dc45f77bd7ea4287b539cbaa0d9543d9f332e4c8556fb2aded12340b8a373a8af430a042181a4426e0dddefd56a2793d48a98c43e048bb85cc7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 ff421d3537c2586eff6970ea851dd7db
SHA1 5fb38dae1acbc08dee0c6f7144a7534f86af46ed
SHA256 58661e6d2d5b3dc33c897a5889b3b7d584d5ed4f098842cd64dea2b644393536
SHA512 6d99d2259e543eb8495ac5e04eb1eb0c9ce3d84d3829a7df3aa077c0153b2ec3a246affbc43dbd1b33114303c8b14de947172a36115bcdff0d75c8cdb58f4574

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f5ca80a7d39afee40ce33e52c017f535
SHA1 a4a5223e2055c881c1e1b76c2531b0dd03191b34
SHA256 bbd83e4e0617a4be7c2b6327b97b05a6c486b92af3fda4797d5c65ae4ab008ac
SHA512 2998718fd45e980e4354974fd471c96a9690e334b01f9ead1f24b7e27320b7dc8e3bd27f593885eafc1137aca3bae6711aa63d235a10ea597a7dbcfb5a77d42c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 c0a3debdf359747e132c422054131b4c
SHA1 b2f23adb3b619b9dd705b3512d068cff85e6dff2
SHA256 1c79ae1a93e47e126d61c59e52a2e27ce1be85c1644b3c480955bead6fe3158a
SHA512 d700b50026fc73551fd8d7de6634e72d40568c89066febdb81b50b8f2071a414bf57b6c7c8773008d5d7ddde9e595476d4cd56b59fbdae25c06e9522bfec52c2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 05ee5d1aae8e8d9853a03b2f34c286d6
SHA1 22df091a9c63249ce0d5390b38203dcf7832abc9
SHA256 a14f3092048a2bb635ef9f262aa14b99aada7f231c802191f005dc2229199939
SHA512 427f0c68180e47d0c4bd6b0d21315d98a61d39728891c3f5bdda63f81c450bdba12c5e2fa6986d54bcf07f8f710983b7397b1d9d4595eab9cbea35445b40ecf5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 2f7d2ccc6a44ab76f08cd85bdbd9af98
SHA1 4a00f444a3d7bb3ae6eddecbc1d4831d230f7cb8
SHA256 6b902fe40bb1fcedbd6787634b77ecd86c040b8b84241f9eb22c7f22430ad1ff
SHA512 5daff3e1687a7404e3ce2276b334641b7cf9e1de9703c6b03668ae52f14e50ee48a98488578839f7d2b21f3941a264609cb0df272ec28bccf1cb2d14006d94de

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 455c856f8721a3c2b422e48d1b315b16
SHA1 0d7fdd51080499b867b36a467da69392a33ee578
SHA256 bb91e7c1cbf2aea0e97db4020a28b385ce5a9afaf6c1d23bacb21ff038fe5d4c
SHA512 62989cf0d1bdeffac9cc6ebd93476bf79aae3a3fcd0cfb02c02bd05af7943366a5cf7fc368a2d02e48c1c637ff31c8f3acec6f559cbfda7c89cee5c3fde40b3e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 eab78e4b6fe5726b771b5f31ac85b9eb
SHA1 ec95d17831be0087ed16109d3ed978418f9ed6dd
SHA256 c0110aa3df192d411dfa1cf97c9057d24129d186ec51cb87780015b7819b3c75
SHA512 e63f58d8051413f70027af2feaa2291d155e4d05d4f6e59b468532c78c9cc2ba4e6ee5aabd9f0a6bcd50d690c851bc002642e994b6645dec41854563dcaffbe6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 fcd9f25b4b2006b747938d779d3ddc76
SHA1 b856415489c4913d12d6d5e884db81b2c6c5ded9
SHA256 d3f35bd27287f0936cf55516300b3f2a3a81e98b8f06f7acbb58d2d6a919082d
SHA512 c8de147f591df0bdce17d5ba65ff578a72c1a40d236d6bf661dd6168f086d0ee5ec69da87822a2628b920a10ba444ff6c6bd972948bdf794be4804b03d9bbfc1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 8a3c909830ccbf751594e12d6798a6aa
SHA1 0f72c7797e14ae322f0751e0f8bb83ac8489eeb8
SHA256 1f8004441e3323814260327c9843280db698f22cfe6d59ac3da301dda539f8fc
SHA512 33d7a8d129c7929f687da8ee2b13c66cd9954a7361d71cb99d6de4ce1a20318c63f4cdfd274fc3538f9f17daf1605707c68de55b9ea42aa1fa91407d93e787c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 0f036bacd5de93b771151636409bd076
SHA1 50a3b932c9d6a4b5e75af0d51fa615a553f441e4
SHA256 3632ccffe7d33d6f294d3fb3863d3dddfcdd3fc30822e6cb4d3cd964d37ca7f9
SHA512 62f7fc4df51800a6d4e9705d2e5889a217cd69a305302dd9e86164980622b038f733b048518b8265bf586653733c0644a0e945b80b9bac0b4c5de397e2b1c46c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 92e710f0089612af1903711059de8fec
SHA1 52cbe863b3d7a45be1c23df2bdf8355a4befdf25
SHA256 da3eeb0fd5e547071a0303d9f132e89a038d671bd73029912ec013ee1fe62371
SHA512 032c4b8e49d856dc0991816b28e3274478cd4e22e02b1cf4c9ff5e7c45da3c98c17e758091b4de973b70e122eecd49e361260b3a822cb71507a264656ba022b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 9819afb1de9b21544054650a0ab8842c
SHA1 5ea60027bf56e191856d1e422908e5c094b53a5c
SHA256 fb06dc6182421daeaa0fd2d33f7de1bef3afb63dc9b9e4c066ec45092f4cd4fb
SHA512 a4d4fb88fcde2807e2e3626d8d0e72c48789c3714e5a032064f656ee9f183a16e335b2e981c16ebaa965e34fcb55f8193946ac8e08215b18441a1640e1431876

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 85568ac308ccd832b42720e1e62e2ab6
SHA1 d824905f9ffd3fae432574b069ee995f57f5a47d
SHA256 d86bba8af09be486951eeeb9d06ce9fe7b3e8b05261bc1a528f83dd797d07385
SHA512 72f158c61ce5d08eb45867291afd68481a54c685c852df1f6806aac7e1ae3bcd72944ab022a849ebcba5c8e9f7e5d923052f73f1f8595496454e0292f8fe9620

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 6ce8551fe9c21a331b28c4029305d393
SHA1 62d739115a841bb447470b702f36f20b8c410ee9
SHA256 c254f7c9b842ed9d18b548309d48d574148fde66e19ca97980cd71fda79b5ce8
SHA512 cbe4d8ab691d8862c198914d7de0de2c8cc75de39384d8071ca214004e807b5dd09f90e2d4ca4611ae45dfdb11c2737a31e44ebdaaf5f6249283c15cb989390e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 d24b290a278a6b56741b2daa9286a816
SHA1 08550cc2ec93bb32a3c455ce482c6f0bcbd81684
SHA256 d14f7778a578e5a3a872ed910f68a34164240a2afc225b08da83419448fe0e22
SHA512 a831af9e40ef6681203cd6cd1b49b24533023c72771977dbd05e8b4b267a008f5f276af79e87a249155feb90c681776496864aa1bbf08e46e492179999fe5057

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ad4fe32d9ba9c48c091c93c6290a76bc
SHA1 662c188a5f86afd9e253c3990343b88b5020d6ee
SHA256 da4094cdd4bf1e35ed95d67182077c4e6af50448270b7490372885090d799cd2
SHA512 2f4e67faaac368a95bf2d001ad27901112f46f2bcf93429864168781d2bbec44ede69fe56bf16429e2332e607ffb185a551ab642b7009e9327827e078fd58158

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a78fc0fd0712b54c7941ef1ed9958a1b
SHA1 10d8d6f7f42b645d10bd7df9288d796437eb7107
SHA256 849112d4befd9e26d44c73023db2a62ad01e0c8317dbaf2e5e7f7025b3140ba8
SHA512 c56820e142f54f80a15147f83b38540313dbe081fbb447aa7ae86e9dd91c3cdb453337c77e2b2359ae2b251b20ec75665fd7ac5cfba4e0d56f80caddc19ac31b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6e46bfa4deef0c6d4d4c6827ea6b8a26
SHA1 98ab4c96b03d371393275257c1eda9c5923a8e7c
SHA256 723f1a63a920d1998250cd1a1d9876e30e5039be9a4c4b17051cd556a11adbec
SHA512 e002d46ef4859578404d44428a94ebb825b37eb4a18103327c04a5ca41d47dfca1676c829446a83dd631ab1f3d3ac866780c6e26ae9658a1c4bf58d6829ac18a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 fcf939a6c52fb6c44a92437895b8c03b
SHA1 3542b1d1caef06e671c9add8141b53f6cb8e78c9
SHA256 c62afa6021b374c41d7b56cbb866ad66ce1083e6fafe2167961038b2c9a00e0f
SHA512 494b932f929c88915803331606455a47280b9e7dddf7ff9b1f2e0a821ff663f9d49f7507495a35bdbe06423c9199a0861452b73da3008cd0f14f94343feb34cb

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 7872073d1f142b43d9f93e3ede1b0a71
SHA1 1c1729960a08275586942587ec9396717738309e
SHA256 b57110a81162c0fa1269c53aae71746fac7c35122a90be93c6c3110a4beeb953
SHA512 a8c469e9278dc62b2a5af70a4348a20df7b1835b9cffc309966251f8cf67cf28657d6bdff7d8140e86736fc89a017d81819aeb8f008922c74045b56cd7e8bf89