Malware Analysis Report

2024-10-19 10:43

Sample ID 241009-b6kassvbla
Target 28a2ec8263fd530d7f10621742f0e152_JaffaCakes118
SHA256 34aaafb27ef1d8216791e585f567ac16ac0fa4d39c374fc6c92eb61c97fdd17c
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

34aaafb27ef1d8216791e585f567ac16ac0fa4d39c374fc6c92eb61c97fdd17c

Threat Level: Known bad

The file 28a2ec8263fd530d7f10621742f0e152_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2188) files with added filename extension

Renames multiple (2217) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-09 01:45

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-09 01:45

Reported

2024-10-09 09:27

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe"

Signatures

Renames multiple (2217) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_neutral_e5693eb731048022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47B.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc916ed3f8940682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-microsoft.build.engine_31bf3856ad364e35_3.5.7601.17514_none_91e5fed2cfc27cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8924ce806f001f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color32.bmp C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_74164a8cec787e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5570e06e25ccf01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9bade638c86c47a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9ce4c6a9711aabea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0f1266b3c8108e21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ee109a95f0fda2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b5da002c52680f4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb683665513e314f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a50ca627012e104f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..r-tlntsvr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_054c35e9c2e5f687\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-streambufferengineres_31bf3856ad364e35_6.1.7600.16385_none_eb86a517749854b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_eaime-traceproviders_31bf3856ad364e35_6.1.7600.16385_none_4707e1890fa7a633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4619279608a98a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_faa53288b11cbb02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05872eadf35937c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1543c3c503d80bbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_6.1.7600.16385_none_ce52d479e329be32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_5f5928533e6b72c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Workfffcbcd8#\8e020cc06c4052a50083fa7eb060e92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgcs.inf_31bf3856ad364e35_6.1.7600.16385_none_018280cbf469db17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.management.iis.resources_31bf3856ad364e35_6.1.7600.16385_es-es_145dba5b8aafa6fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_be90564719d92783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0b45804490d366e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_en-us_38539d441ff8acc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b3303c4a2492d8b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_23b1ccbcf82bb7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hdaudbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c7c43a447533c64b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Default.wav C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af8fc72c3de10579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21f4c9c99f29759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\401-5.htm C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_6.1.7600.16385_none_6072917391cb3511\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.1.7601.17514_none_278509352a8ef540\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_81784b57f0eca0d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f2f2b7d0c80092d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc005.inf_31bf3856ad364e35_6.1.7600.16385_none_227092d2a7af4a58\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_927d3057eaaab2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3504beafa788c5aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_287b0a356c80901c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_02ce9af6fe2baaa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aa4ed76aed194472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_faxcn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1e3474e874c099f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_793d0bb8e6e170c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_931fa6e8d461efe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.management.webdavclient_31bf3856ad364e35_6.1.7601.17514_none_8fba96db23caedf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.1.7600.16385_es-es_d863840be88e280a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_083ed574480707a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_71be2beaee655289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_85f9af7cfbdc2509\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\activity16v.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe,0" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JCJNKHJASLNTBGZ" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6f648ef72a22a7904da3de08fd4a07b2
SHA1 6dcd74b159f584c64375b97d291497ffbc7d34bb
SHA256 c210bf789f938a56da9dce3d5875d54c05f9cec2946a35ec8eb3b36d13a47912
SHA512 c0a5c9d8f852eec7dc40dce74346c66e85eecd2f21524a5ab3ef88d938d373fadbf93d171c0883b081ec1a998180a949ba1d33510751baa2e81661d2cc2c3ec4

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 f99f517a9d62044a6ba96e5514ce99e6
SHA1 59d39f93c7f3a6469361e25f335f8115d3cb8248
SHA256 3216891a9fedb9e9a02e4fc32b56c2ab5f8b6ea013e27e1d8ca26e7f05642961
SHA512 100f3118f495aaf087fb638314a5572b5ff06b147d206c6ae7f5b6551b97e39a514338709313c224acce7b2f735adbc51701676712eeba50fd681b86465f8c2f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 73e26ffc2f27f3bc58fe6d23ad2a6655
SHA1 817cd7793af53e940ea29d1be51b25665d9cf639
SHA256 6b87a7fc12dcd4a25d31ffa7d488191730f333a06ab9ea3a57c236488a196fbe
SHA512 f52d66da22b576ab9e20867510d40f25f9f5896fae1fa24f3175587df32922fa112edbb4ff77517745a59636e9440544c08cb8e1c75fb9903f4065b3c6f56aed

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 6fe875f535569b7bb4802491bdb9ef7b
SHA1 3043d3bcc53afdccf42df675e8e0dea2a1615535
SHA256 3bceda4d694af050395914a51b8b48df9bf222e3dd217bccd709b9ace1faba83
SHA512 bbb9f9e8baf71bb446af15e66f2a6a943b613cfc18bdc8e1f46cab4575b549f9db663c82cbf2755644786c35b192dceed8876f4f7b537eb62199e1cd746482da

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 720d4201758e5272ba502fa08e5ceda3
SHA1 0d95790ec67b7e9706c132c77a4e62ab05851e21
SHA256 5424930f701154fc9e05d7f610372c95463c7d7fa0a09056a658d10865a85553
SHA512 951cff8429c6d1a2ea63c0feb8cdb520ed386bbd896fb8ee33bf136da1ce8b1aba47a83ee84a634f458a8017888c0c4415acfe0a15259a2f18134c0843630ff6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 baf26a0658b5abfaca9841c993ef5a4a
SHA1 75b281e2f0c9756539bc28214952e7c4cfa3d901
SHA256 572921cc25cf5f9e59009ab7c02c9a22d5281c873bd3184b35cc91e9d98c8ce3
SHA512 9cc95d4a985f48e33c50322be663930b149617d0d637e2c42fc2df6d490d300e3543916a43ae7757c7ddec800935c104be9c0d63f65bffa5ff1c57f877992385

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 38ad9d588edf742ad594a939893563b7
SHA1 e47a6a2feada7cd9d59fb77ff6dde616c142cabf
SHA256 5c83a8ca1fa93b5ebd4932165e4eb3d11159026c58c548bed028624c3cf35828
SHA512 5317ba65e4a4224f4f92dd3b14bf642a322ac49ca40734d7d23704085905fc494abbfd697f402318a5c858882c5aa481cf91618c5d1b4fbef6095d9ca996ad4c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 7bea46d5960d58104f0dc54fd4a98d36
SHA1 89d93f8573d78960cc5f1adba6bc4dfe97458a98
SHA256 d22ceb226f65b9d7e5a0fae0592655ceef3678c919751e83909f4f19001bf6c5
SHA512 a6e91d8a67adbdf506dcce95bdca37fbb58966e0262767cd0c3bca1c1c4fadf37b6df540adb6c0a127dba8cf8978b51932c20d9c5394e8f0ccf0ab668b95efbe

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 e6c48604215542799106bb24880c83cd
SHA1 f8d8fa91a71c24e38414a463c7a4fef05dabe36b
SHA256 f511b5683321214ec2e21928afc6df6587decc9b480dd1467bbba60014955ea9
SHA512 50031f74c37eb879491d6f844913da1a803b9a978106970337eda0420cbfea2534f6a0a5bc1b0cb5d5ea3d5ad2aa1bccae55470ce3afcb80b04ff579c6fe9977

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 577864f5baf598cc30647fe14d96ff9c
SHA1 eed53948e3ef9af30fa48e78da91dbf999a889d4
SHA256 807688da9a712d855296883ea9562d99da259b1d88308a005056d38242307e1a
SHA512 a0ea7947ea0dffc1abf38d8da50a4ec2095ae9ce87c2a35055e008a6c15ce2efa3d2cdb6577b2be7b64baefdbf38507d4e8351d5f803ab03e40618ce706bad83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 2ca632fd110c97d7a02d03538ee14483
SHA1 b4589852ae41fdb836f977097367cf49be682fa7
SHA256 d33697912a4f8a71e4a215165f2db044d4d0cf05e1593445cb0cbe9fa930433a
SHA512 7065352e23445c6256f56b80cd05b1084c4816488d6da071328b3ecdb57c8ea72e6de4b3f78366573fddcae0054d4d7f51d160b8ff6620cce976ceb2abc20c14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b84351287c9b0e6ad4ed4f44964a4bcd
SHA1 5ed70eda64edfd99816d859741203c1480282cbe
SHA256 8abaf5bb82347500aa591318f30ebcb8c6686f1e5bbe652764405c09a864fcad
SHA512 859a161730179249fa52379d4aa73eda8e549f9f731b224c2752dfc5f8ae76689225ab24552fe8e18052fe035ff2f71c2e6ef91102f5f5429ad9fa5aa2ad4bd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 4696c691b12dd49d9e563117a8f66c0a
SHA1 554f1ec36167c192d965a5d7e538c93d5dd7cc85
SHA256 8f3f0d0a0754e758426635bf8a08204f32aed889ef3a00565939ed8b3fe42a70
SHA512 327a1f8be48a5a1c1d84c2147418cd173288161b142c02af1a687cbb18938f32c4ffe7c6994590e68d03def5ac59a0da05a4a4f04182a36d1bb50d63594ba383

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 fb467ab745d63759f9d7bf1216df7f2b
SHA1 4d25641eb12953b1004058310820aa7e4eb3695a
SHA256 2dd264b7e962c74b328ed35b1fd5991cb8473e74e1429e7547b4292ad608f58e
SHA512 7fb712ea10f3724fc1361f46057b7fd046747d59b26fa4d42f069774f605116776f01bee0f2f7c80abb120d40b465d4a5b5aa0548d3d941865e5843ce732117e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 a98e4beb06bc0aae0e0c18c7cdfa70ca
SHA1 aba50a075297fa2992b9379d54fcd51c1a371ec9
SHA256 e5fb6d2ff5bd2947352155182b2ea5ffadff5c8e6ccd450d54362060eacafa88
SHA512 a850ce5e304a4d61555bdd7d03e1e231b2b3f05df0692415c29757c9bbc5ca56b3d6d8d4aea068a8c402fcb52315c06badd01bf04797369899020c79612024a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 41ba9476425a50b81f5ae6578bcabee3
SHA1 b2b32cf630f48659c3874fb519061b3f223240fe
SHA256 532e6f28b528dc8a09a383fdb4438b7ee7fb7a9ffbb1d3a0d183ab5561cbbefe
SHA512 7d66283d7fa77ff3a1b696fa1c4db620880007f2d7366180ea951eee867e676efd1248a63c9eed325fb64e1d239b8b5ea3f5ddcfccdf451dca6851b6ce266f3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 32c9ba068feace298fc7710ebd035a9c
SHA1 e98b71e1998f34d7c6f2d8e9182d50eebe4cbe42
SHA256 a444c837e3408d5d9b7e2e1e010b2f132bf2a848793e17906158fa807ca00e83
SHA512 29490a40a3e8af3af88e1dce2c2cc5709e19c9712e0d6b7bce4f0a36dc68532c1c76d851a16cb506870670a3511d8649755098644a298c35434f767affc6f784

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 58f6f39924f48f9ce0ed5cb784d91a72
SHA1 c0810f8806ba4c535f8055fe91363a7052aa026b
SHA256 c3e515ae5c28cdb6ff6a476d76f58f43c05c9c6f5104d63d462bdab978a55a2a
SHA512 2bbfff67cdd0f708f25e25a987f0bb985ec58420cb2a114ed7124888d328a1e5b41af2807d8340fa655519a88505465007884cc9977ebf0a6d746ec9b1a8d46d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 64a40701f7a43eeacf8f3fcff3b41e10
SHA1 022767554976feb4041b0dcd3af6d5c0bd30ad70
SHA256 ec6fe3afeec30b996807c50b0f7c954f8ab503ad4233c7b81bc81cebf71218cf
SHA512 556763e05fa3496001b0835354b6ec212d186f1086200f028542c82dc25f7c7f38e6be460e8a960c4b16d175f2999e4493b6f71abce6c707ba1f01dfe1a149b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 26adee8cfe4b5b8ba187334eb7474999
SHA1 264711f8eee5d314e8afe7d58fafeb30dfb7f1c7
SHA256 723a7f7bf8bf988568d259bce853c5e2818a2626414d712468cec41f7369f7cf
SHA512 96c868bfe08949030d4524f52a62a16c22e51648b3286b0083300baedb28d230ce7ada03693a1cca7cb12d794c3dda3bb2aa52d5eb67ec4a15cd895e7e6dc155

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 c6067b885a18b6b8db19f3db3e9e8e54
SHA1 1012548bdd795f5b0cb76d4294ba3e0d5f9b9a78
SHA256 d6396d4fccca4c6eab0ad84e312ad4ad10cd7dec1c83fcf28277d2c1234eb259
SHA512 835d62972edf14a9fb5b2f8a807f3a80fc4a3e19c858fdea0c9a54591f8f6c2b9fdc4a8704e4cd194c1ed08743d3901b79b09356b6d119e516416315e7e6ace7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 abe7f09fbbf00d4cda4e2b1c5d106e29
SHA1 d234eee2768924093382c15b26f676a626fd3e28
SHA256 c9646be0320f3db2bff205013dfc48c1ab645dcd92c912c869b98776572a8ca9
SHA512 0fb9663e89eecf03eeadcb49280c0096d9461e1eea54d8e0d1752625e91bbc5bcf4721966b79c1402e62e660b96beeefeffacdd9d13f233c2ce9af3be5b66025

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 b4bb9945cd9be668b41860d67c8c4e11
SHA1 1e5ba8264e18950e605334026155622226b0939e
SHA256 17a691881f509db091e9cb1672156b20b1530246e72ad5c5f41f9a2f9c5b7a87
SHA512 f8d3b52690d80e0fb8f1f2894addd9a0f6cbadd51c40b97605dfece0d716231895b55feba60504f678f59c485a65a5335844629d2af4420192fb9cb6c78c1250

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a2a2b9f367d2d4c016c80ad267bb848d
SHA1 3c3fd8b3cf923e5926e98af13e4c09d5c7db3473
SHA256 14737cc9bf1b25b8e802a4ac6404923d970edbe8c7f197bb440c4497ea8b8428
SHA512 22950f7f7dee8bc752e558af1a2b9f3ac5f170b153ca240c78244be8d5a58e4da85def49fb9a42a35077a38b82cb1f8b8c9a772149d4d07d976cf73e7d00879c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 2323a3ec9d5f0a345c1919f301ac18ee
SHA1 6ffe77d64b4d50b5d6a2f4ddfe030ae9a642f3b2
SHA256 e001c9c479fbc0723b8d8d3ab4ddde47a7dfe531a0478164c8659dff529ff127
SHA512 fa2b27b14e5aeda0580adcc3a5ce7519e9f3235946df5434e8a5fc30e099c5bfa3988ce06fd8a8b7add4a89211577e526e47a9a24b13903920290266b312cb33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 da066dfa05d7b304db6f91acd585d8ad
SHA1 43e71f4010865facf8331ec2855f35d23af88e8f
SHA256 3417605eb5d04dfb12375d70d9792a458a3934b0b710b87d1875eaa57d1f932b
SHA512 f478fbc7e92727b9570a6351322dec1e57a8687a10e15d4e2ede8ac0995da227ddfd2305c9a8abc495d40aa4d778a1d28c4f1b89f6db983c6feb504c39044d28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1e4f83c2a0abac52a735a8bd9dae3dde
SHA1 9453502d5cb5a1ad5608eb5daf69fdd0d940d149
SHA256 4dda1d07fff2a97827c997fca64efc7876bf735affd2efb9c478b9d4e4359694
SHA512 ac056d385a4a8386ae5d1198ec45099607ae456f138859bdec01d8bda9a0649994642e1fb07bf0cc9ba16c05bf70a6efab6d7069c91cb8dae4a81a9bd8b21fb3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 29ddce6613e95501427e0c634d57d104
SHA1 bfab163ad83bf1f1799b7b66c8f142d6f44ac6b8
SHA256 db17c1de05e7d31955daa34c7c13b9cb867f4702ea2d32ab31213770be5f2e28
SHA512 17372dedcf033b8356e171460044ad73efcac81f03aa327b3a14867a4caed18cc5ec370fa5aae7c0e085378fe01968e93a386776080be1a9a99cc43da8b9989d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 805e6a03c166895a9277f83f46fc6837
SHA1 39e85c4607346899a15da925b380a0c3707ed166
SHA256 2531580c09974bb8f64e45d2bdc6db192ead95ed53532a60978f07710bf45f53
SHA512 a9c97fca772c86172aed29323a4c220d2cea53c438d718079907d3a0f42efb7d5bff709f5657521663df55e879d39c6018ceb7934ed30bcd9e4876c5a3f98f87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 e1e7e8bb8506c2088b243b434cd3a1dd
SHA1 754cd6202a727c94fccf2170c5ae221811c5733b
SHA256 8bb367f00770b4778b06be8a262848ea1ed3aa2030203168fa83bd4844f3bb31
SHA512 099b1302652c2caac8d77776fe460a3f1ed199e4dd1b7412ad6e2355ea8b285d10a2e00134bf4764b10b396105c808e740a87a9a79eac703c0b9c086dfb38687

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF.EnCiPhErEd

MD5 cb028f7887fa736534be7ccd1267c4e1
SHA1 2b9f6a658946d7691ce873b0d829a340516ef7c6
SHA256 d5750f7e12637941a873d2e4f77d5c142cb9b49a095b603cf91fc1d8ac67ba99
SHA512 8710782431a9634856eee24489223dfd41376f55e4eb54fba84ccefc34ea9f6ddc8f0ec2d0dfbdac5daf16ba55dcafe423fe70709c3cc75a4e63e005a2ab5c5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 19ec95c328989f1854b9fe1b02786cad
SHA1 9409dba6dfcc3fcd417bc8e3569f1af54a6895ca
SHA256 d4dbfc0b5baad77cc34b8d619f0db68c4003167958b311d164817b606f8f7b55
SHA512 d02a2b4ee9dfb1506d052ffa377320fc8aca3f9f97bd4ab248cd749f153661c10cc945c0088f4977860d479d2ac551633255f23b5ece8d2550b330eab3f35fd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 1cd955372f1a49d6e538b20301944e27
SHA1 794e82371ea5eba3020e4cb3bf09b7a9db1d5985
SHA256 ef3785a60edbf17dc262bb2ce71f0dc76d5d13d05d7ac6029ae5a8292a0d4c75
SHA512 6d073e1ee3e71799c17c5e685cdd6eaae17420b069f4a418f8e4f7a7969154d5d5eb3a60924419a795db21f6f4f7101bace0344c837bbeb9a7bba4965b1674fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 53ea6fb9d894f0c7f898e0e147d72815
SHA1 9489f46882c7ad0fcde366924055d6b75f323c30
SHA256 1a676d430c2c9ea9eac43bfbcdf4ea822e862b6d4a716a889d0a4d2c0e6214fb
SHA512 0f40a7833ecbb66f09d9e41bbc05bfada0df49ebd88bd474f7bb71c2f36f226a447d52d5c550d3b7366423c82fd3f6d423c53b8e67e3b025666595e2684f59ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 249a0aa2ec7bf0b07b7f241f1aefecbb
SHA1 cb2d3c0ae6de124e0f5967dab3010372579918f1
SHA256 d0f527f5381a00e53d66dc09978170632b0ba66591c8b63b9ef32fc55094de63
SHA512 5e2b2e03f05b299338cbadb1f0881c26a2513ecb621345a1ad15ce42bea1d2800e6c591a44d4d6ae8502f772deb5c13667787e9bcb6adb7deb2dab8c499619bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 7f057f63e18b78445d42758933086d2a
SHA1 e978ba33af70c0a00656078c62658d8fa21cd982
SHA256 b545f3fd2ffb364d709fc163653f710f1f73b34419bd9b18f11e773b024682a8
SHA512 8c200bf44f017d3ed9161855d787529e00238618250de28b6a107bf5f0b6b6d387967852a71041bd6d4c0bd7afd2e8b38f3a30fb11888f366ce666ae10100f0d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 35687fd3f34513b1b242fdfb509d27ce
SHA1 7bf1973b3cfff3eeaf1336ecf914de2ea462e3cb
SHA256 fc2ddaa59f880e8f3d7996bd61b36e9c3fd22b7980459d218d7eddf9c4d2ac4a
SHA512 2f531b15686b27b109a72b74248ea339f65a59d37064d4a2a1ca8b9212d884b6b061805f03d4dce1164afa999efd2ea9a9fc9fa099a197f872fba577cd1a435d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 18a18643c90a16fed7082af83e17c89b
SHA1 27f82f48ee87795815e192f77a10338ff91f5f3b
SHA256 69e81b22242ef9135ee4bf6e03b234da71555b47df267765140f85e1cd1a4be5
SHA512 817f81fe8cd4ab5f2653f66c5c591a1a81ced26052e2c5d37c830fbbd1b27cca34caf449cbb0b9cc9e184bee75a7782d0f7424a108d88f1f3d1d65a1901a0e17

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 c9adaa03684213a9e23009f2b1116099
SHA1 8209d8eb33a6eab2f897a44d6ecb4649445dbc4b
SHA256 9ea81aa4e63da10a529349b3083a48458ed8a57790244edc22ec10bfa224eb1a
SHA512 592d6ef77bd808470a0ce1c9616e701aad275a61f92cc05521afedf88d45874d5bed290662826c0ee4022208b1e847925dd702bef6097333722d837755d5f737

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 b7f1516f48768f27a432a67f2df6462d
SHA1 cd22854e15c35822c8c3e400b273af8041a15b0b
SHA256 f278cd0bfd2e19254b56534e0363b7216230340c163335ecb3ee9382f3df4a7f
SHA512 3567f5de6fab794974efe92af46a20a82295332975e7b3a12520906180c5be6db9050a6634a28fce7ce6fcf70a34a8ec8ba726824fdc3817b52e1a558c39e5b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 5ba3e287921eb88d2e2a783bd9179d4a
SHA1 6bb739bbcdd2092154d284757897dcbda669d9c7
SHA256 1e63cbf06a8f54f5a2827ba2dd946ee4ea4e4945086affeb7bce002c1e04dfc6
SHA512 5346398970f327a292ede7ec72aba7484183f7e6115abc1a3654d71fa52dcc97aef48093b3fab41c7548c837e45fa5220ee8bc5f3f4a0d9a74ed11a73f4c871a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 812f026b50bd7b1ea01e71beb3776e03
SHA1 12a21f21e004fecffb859189c2fcd038d8113144
SHA256 cd97e43d7e563ef030683adb669da3acaf9d1c968bbf3ab3676ea477a703ca09
SHA512 0e1e30a3d1730769de3313814a0da618ddb77a6ec9a21c0a32b411100af037c50baa0b6e66344bf2393166e1771f1b5b0c07d605c99fa8bd1c984d6a49a6c9bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 3b1dfa154fc74aaf54b8d0c4f5c1c74b
SHA1 97844fd9ac37a3c2fd5dfe04a4ca713c6acfc367
SHA256 ecb6dadd9fe17530974b5996024b737273ce02e620fdeafb2e7bac36fb0fc1e6
SHA512 098544b31495c37ce21c93d233756ab61d6ec467cacb82a547f027361586a3d887258f7ccdb0ea7ec3919efda6fd8969b988f6d4b6d5b4a7e6725f7ee694ab33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 468f3032e40ba63d116cf99f635a9fe6
SHA1 17f34e9521a3166cf656ab2388f524d1b736b4f2
SHA256 e78004c639ee6efafb9bda3e1563afbb37e049969bffda28d27c96958a2109ce
SHA512 37504fcdb67bea6c7097c41dca4655809385133576b763e81874b1b3b283b6357e4648a8c79dbe8d71737545a47d2b69aab21540187b714f9854ac6fdd26983a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 c11bbd80c52513f37929b98e8a4dc8ab
SHA1 db3e8cf4249ba1ec64b3bcbbcd387d83270098ec
SHA256 7f3d3da4c335689ddd3d6bf64911d59f2d01d6275d063db2b43076101a32d745
SHA512 f53c2c09054cabbc402990e3e597695bbc651aebee1952c72ab5534864eafddbe0204fa92f48722fc978bb587ab1f0e68d79c774b3f327ed9fc843cc6d2a63f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 100a534178dcbf448c24739a82a707aa
SHA1 83d46d259132546304d4b5c1423390ff0117f5fe
SHA256 3b0234f1884257a3ae5287a10b60b9cb96a6adf25d505d39db956827a4857fd1
SHA512 c54b96a293c1e79b3146a24a82030e91415e0aeaef650aa6072e5f5f5c7442099c9e5e6c6da9cf36b81011b8c6836de97ba7940e74b2e44f1435434fb61728c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 db5733edabe7a0b179dec998cd34b7c6
SHA1 baae6b2d41227f15322087a16771d614c1bb24b7
SHA256 8e2cb930b8249829f58c69bd455577a658f62687ea59f51f4c764f51e196a3c2
SHA512 7154e921f2e35230187bf69bad7c2488b19a6510182cdcb186c31e96b4664bd58a5c3321d6843c7bb66f7f2565e8140f3f1b347910bfc8060e4a9811ac471a38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 4136ba98f6ac72f1117f7258679f58f5
SHA1 bd7f2e996e36d64bee303ffe257b5e49a5dbfe3c
SHA256 4642567889570d650d06de6f7f9e742157976ffd7bab39d7fff2cc8ae7bf7725
SHA512 aee805415a69c4e0ee63382967d698dc69355c3a7194ea567391f9faddd7dc16c16c779b9e7e1bec8ab40505c72446ce7fac9f28df042bbbd33e07d4e7196183

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 61dc187d50c676254426b470d51a639a
SHA1 d810a46a81ad489911031bb47c9b0e2e3e8e356d
SHA256 882d58b2e319b1d6420191fd9a0201389b3c942c65af44413119c9c1f180abe2
SHA512 4798ad9b0837c694a3c565ef4e968e34766617dbf9275bd6271722b564899d6136ea32e4e75470de48191ad13ec74f8257a41b0d701b0c86f5db717badef455f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6d0fe54aaee6f96da6d42886b2ff29b6
SHA1 dce76c6320052b120c446ad31166a37fcb4188cc
SHA256 067cac75eeef4035c1de088119b7eb6b25f0864aa7767497149cf27ffe74aa4a
SHA512 13fae1207a678e7d2b7c48fdcb8e7772df9cd02cb11d7a8a8c84d50e94740191bf9c369be6ec24f61334fca2620c3b2d4df1c56ee32a0b5051b6658aef30be74

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 02491390de637110c9d75c622e0fd1f1
SHA1 2653edab4b1879903cf65182e49a85f06b93699e
SHA256 e2ed9fe55d67fea0d6049d505f6f23a001212cf59c6e4447219c6d7c9c431d09
SHA512 25cb95a97d5dcea8aa0c87dc91639778da2ed93e7e20871bd41b91c2b1ae7d29311e283901ed80b2299b5ec14a955e27dda71157ca51e324ba4104d5a557630b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 672a93e88109abc9ec30174b10f33b1d
SHA1 7756f805789aea9d1c5d6a232fe8e13bdfc0fc88
SHA256 4a3b3071439eb05bfbba484fd4525cb36dc7a947a6ca59ffa0f2ee1fa5ecc91d
SHA512 91d17b640bcee3f6af4ececab969a26ae78fce94b6073534c5b82b26fa0f2992f32269b1baff05f9b004105e5ab024b33f2fd47e9f9cc81a50ee6c0192f955e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 0df2295721edf93a94408de7c548e416
SHA1 1b4eaa6766e9c44d61c3b5c32ce5d69ac8586e7f
SHA256 9c5ccb9a80b4938c93773a1afeb17f8e3629243a44e9fcf10c194bc6cbf9c203
SHA512 da2e8e35dd716a1756bc91570fe70481ee92632b3c320583d6c1f3fc9c1e8d72544da8682a1f1124d5763b52896fc84be0e376e8016ef674697ff39230dad870

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 daa0b6e36ce670bfc9e363893356ec64
SHA1 beb6acbc3f42173348147144ce9c84de1bba38ed
SHA256 ba4bad41d9165308e98bdbdc2a5ad6db4a2c66f865bb02f1c5a9fa6baeb9fc00
SHA512 da94e2a915ffa44d38f122cd69a77e490607a4f9703dfe5750a4e1366846c58dc3c0af717c6c5edd83b57692afe54dc5c71561e4d454d68fc84fca8e0f1857b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 f7b4ba8a604c039bb7033fa0a3edf397
SHA1 33f55d7358e88a5878fd9fd4dca1b2892efc5267
SHA256 e1a3f3137de3ed8c6f8df4a35addc1e8a06ad98ee117c3cccdd2ab23558f2562
SHA512 12ee08dbd37290c4347efc3fe9a9513e44bd8602c6ed1e9fbce5ee8b8df8f6cddbd4e3da8b3c69c495899a4047d2be0f1cbd74515fe7f7fde849680a5e4aa8c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 dc1d89bd1d74dcab82c33f71db4b8df3
SHA1 5e736e0ee83f5b0ea85cf1339b2697be43e174c2
SHA256 2c954f0ebae81832f49c6040335d22b3a010ce305f5bb9974f4c70f0b1c12f09
SHA512 7464c2b6684ce3fceceb7a9d59bd5ffa08e310d7577fd5622c4651e1e7f0cbf5c5c3b94d1c537482d18fba11c54370ce197e025f511d3abc481a2273b7f8f3a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 291b65465f5339296ba78bae9f757d9a
SHA1 86ed692b645d46f145f7ae52ed4412c944327668
SHA256 21bfd3e9e70bfca4f68d464d62f05cb1d3800de56e619d7aa8c14f1cbed9e98e
SHA512 4f923bd3244e025f29ea1520acde604d610f9cf453d804736da41bcaa88675e70967eb466586ff4f66cac59db1dd7739fc3eb91ca359392261d7492a8363d66f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 ff1b4bdb676f19564289b65822fbf254
SHA1 b0a0e0efa2155acbece8ddd3e04c204322c1b806
SHA256 ad513bd00d5d2e9707887868a434cda8ad975e33d9633faacb21650bb0ad363e
SHA512 987e3e8dc6380af1066bf396e116cf3c9262852c0a3783f9bcd2d64fe86067d8af3be33e66317c7bf12db58be31d9ae34bd44b25ce13dc653d0a3eaac038368e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 165ed7d34792b1f3cd510144d2c04d25
SHA1 dfac2d536e61d1aa5c5a3d3e4a1a6f98c3618e60
SHA256 d683aa4788ae465fc40b37b6b64213815375c888525f8e0f548e0c8386b5e2fd
SHA512 6b2e9e5db4a35513e2014084ccf6ace95d9d8f6706c60f69a3c49fa986f6a720dd04f4ba5f995dcea0b29658f5a17bdb70a3fcf3ef1b797de67cbd2e8dfecac8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 b899bd7a68dcd72d572b30884910f04e
SHA1 454f8f948762fa42b88ce62c660af212bfe018d5
SHA256 ef5bce4ea1ca134cfd16bd9e86a3bb473226ee37de21f827c0f68912c34d7645
SHA512 10a6597b064c478d88a2479e462570365dd0d6e319f816db77ab0fc480761afb989a69d537ddf1a5bd2e22bc3d3c71d50dfe4f3ad1bddd718f98c20b50463143

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0251e651165408ea0e1c25e1ceed6d4b
SHA1 e1dafaa2682dcc6458a3b0065bb5987553a38c76
SHA256 eeaffc7c6399627542c2ba046f933ad4e8843296c697260695c9c79f802cd0e7
SHA512 99c30d02fd18883d538b0c093cb28fe0ac5dbc3acf0a93b3cb74ab97ce1624e8789658aa3dcf7f3160b3b02b1ca72898ab2827cb4ad51b9add631836317dbd54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 65401e0a3d4cf27ed4c57c101da7c033
SHA1 19d62b3c21eb4b36717edf5de5ef78dfe656b2a7
SHA256 d03b41ff98d3c40ba812a67f4dc15d8be34d12c039ef1da4819338874bc2a5ca
SHA512 0305d64cef65166a7460a41da81076aef3a71cf080c7f7faffdd60cf7ea3d62bbc7868cee9f9cbb3af9e13c38f630bd8e633e271ac1631621ae8ac4e0b96f97f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5719b3659ea7b98966ea625334be1228
SHA1 6ab9608b2654a6f03eca5965408c0100eb2723b4
SHA256 b4f61df4bf46c484d1c42bfcff2e14905b213a2acf577555f9fb819d8e9a8254
SHA512 8e9f3b822a118f1e2e6641b0ff92b5ed49c73410c6d3615b88f94811f61a31967f0d520a687ca9cc3774a7bec7b22f18b435416097750d6b03070a34d9c576dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 77bae7919bd515c03d1a20fff390749d
SHA1 04f1cf53444d85bf430aa9c16debe7b752196f4d
SHA256 0be3b726e4e545dfbcc893ac9101921b75323ac53aa359b1af07ed5823e9c749
SHA512 fd2f94250de2161c5d74e56b815657057c38df7a5b658222b7095b9abb7eb8296c077b5a6e0ff4191afa8e45ddb6c3aef073cd718a3455de2a0463e1a36dddb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 16da124d2635c0c039cd8df530b56814
SHA1 dfc92e6202939029e525c985fc423e23d4092922
SHA256 a1716aa49687e0a644b0f6c0fe0258dd39ca4441c3844abfa34a98b44a3d503d
SHA512 b7c401637357bcf0b4658f42a33b54085be1a8c746f53483309fab3b1ab1619448cf7cb3f324b72d4e22e21ab8eab87f4185c8473bb2df1539d6b3f92a52efb6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 30fed964a05a7f31ab0a596e089cf240
SHA1 80a284f7aa5baf801f83206906c4e414bf1d4db0
SHA256 01a62d02069cdff10c707c9ea0b353e5700012ea73e21798431340f9f9b18b46
SHA512 53686bfbff158f85050835df176658133da39aa5157cb8dd17317d047eea8d6b6d90b8bf7b8f35527d13f3c61d51f0a61adbd397e50d061cd329e973cc6d04d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f690ff8f1a3fa6157c8b4c5757074fbd
SHA1 a06aedc04dd3ac525561985e223c6d59a12ff1d1
SHA256 b52bda519d461d2cdadec6b9e55467a285cd2d0fc16146934a2e40f283377c27
SHA512 25ba47cfc074827bf3986d0f1e993491363984d62d423e50212844455b5dcbefaceb2ac40ae8579e60cc91e1c92ad62c962e799d4cb5e01cf2ae5c90f31a06cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a530742394e42076d12a656c62e713ff
SHA1 35f804e3da6801c74fd3f89b013cb154688ebed6
SHA256 98f7fbbbf1e522289bf85bd1041b7a000a75a26506148bf1c4ade3dc5cdf4293
SHA512 c5649a1025f517cf023dc5ec6bc63f0dab8448cc5b01fc6fa49a6491c6241c0796d2349353b577f5445eb5254178d2c8f12d6a63265e3be4b5a3df56ef89ef36

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5045fb57000d2eba0b6493db4776bdcd
SHA1 f5b82e684f4ef3b8308072726a3d2d78a6d2d57a
SHA256 d24b0b6902aba9a08ebaff2a4d1650372566e38c22e16c7e6680869a0cb2bb29
SHA512 96b687fd46a8ae07cc118c6048a63f3a9690e4d7653ce50ee8a32a575fc712d60f3c9e8c225e3553467f096987a658857cf89a8e44a3afce2c806b396a0a34e8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 8932eb3d8d98be3d6b7b816f9b4c0451
SHA1 db4c03ef9d1589db0397d90a8ad5f3d2205cf035
SHA256 ee2bdaa1fe5f183bbedd703682d5b07ca62830555bf8b20d8883ddd5483b5f81
SHA512 4fcd1ca131c3e932bedcbcbbfd56a08d7035296ecab392ca27787b885063a5d65f3b95e1b991d425c445f60586b3bd334def157500cd440beb4958cdeeea11a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 eb1130fbbdde8679c783de428d40459c
SHA1 b5aa5acb5c5ed87452a209a2fcc43b65e9eb7c17
SHA256 ab3bae093e87f682d46bfe57f1fce7644719240a1ad001510576d2c9ffb7ee90
SHA512 065ceed4938857cfaeee5fe889c2cc706c7bc51d773a3e82bfcebc29826d708e5cecb29a0b8868643f213f86bee66c3cb6e1abdc8a62406eb141d04be6ec17fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f0e4931ff203bb8f312c220ea7288e52
SHA1 51e463906e2b9cf85da5d4610aa859f4ac9480a2
SHA256 48cbafb9dffd320a878aa4220383e2d61c27027ea9c4b39dcb6cb94a5379dc0f
SHA512 d086a205007a19ee9eb1c5eae7fdeb41912c97fed59bfdd98812c9af0077d28c75bee571e702f53488d006e245c58558c37cfb9f3413a553b7fa464f1dd710ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1adacf2cdae6b6d9ad82fe1bd73721b4
SHA1 b11ad374423beea4934834cdfb5d4af4ea015fa9
SHA256 c3b2892ade1d41e80163b79f6028a312963f524f1c388d4bf27448ec83034869
SHA512 6b61333571892e7f05102f0cf07f34c53fe7bb16bf4f90cb60009b81809e2efa1d3abfbe0c49987db091b928bd31bc013510a1e69f6bd418d19e812f73fb01d7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 77bfa2b6d0f3357b523912f66a2d3fda
SHA1 3d1d9dd1815fbf273bf9192181bfac55c39a2a51
SHA256 e491d17e6d41efb534ec224abc42764c4c59917fca6a48cd09fad6c01ec7d5ac
SHA512 83b398bbffb018fd9b3a058ab52b7c49e380801304422b77c2cbe18500614e8b2c7e159505f2c08d6b711f75e6930b18322208852f56d51841719978897118c4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 d02f250b3d163e8667201ac3d22120a4
SHA1 c53d171ccfe80b49214c4d4698fd48f26a40fc77
SHA256 a4277c1b5434bd3543fec53f3a49547f9e08e235b068eb0661e2ab8e1330cec3
SHA512 4d609a7e0acf23671030fecc01da013e6fc69ad48bba19b5f01d7eca2e1a5d8a2856fa308d878308c21270ff67431145c44962bc8efdaaad81a1648f55036a09

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 93b6a746956237bd0a4cb2c056bd7f12
SHA1 d51602b5c2a10308c58397d58fc934b54dc13535
SHA256 28d9da29ddac12cfa49ebad9d26d7dfe822a947864ad68ebbe3a70ad728f2168
SHA512 1305bd5b8d60b3295f2914854e2455e2161452932fc3d4ffd9e7d85fff592ff92bad0f8aaeee836685090d270a62f5646c45930f361c23d2e750c8d1374a5d94

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 03d03e51e67959e9455df43c06bf58ea
SHA1 a360804bffe0dddfcfd692dbe5b2b977207673b2
SHA256 30e7fad37d3498dfc5da9f21cfc57496b2ca43be39a90f9eed2bc6f1ce62b0f0
SHA512 f4c58b2ce4c53401cf7b0936268e589d097931c3adb174aefe4eee553653bf825d599c1db3298af43a0187c1acdd417716a696d50ee762d5f075d2dd1e5457de

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 28aa555accaf835adfb8031bb9b9b69c
SHA1 baded71e444e155d76b11954aa859a1c657729fd
SHA256 77916e19fc970aac1f38891440604ea3311752ba17794cce99d082a5d7b3d630
SHA512 b4997e8055ffa2a8234e71d15a142e2a52e482d2bc874b1a4abde172fb86b91da47dabb2ca2ae91ee08e722315fff5c0ff6eaf20b97fb8021f4cd3c43ea4eb58

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d94aa698224d3c806c512be368d747e3
SHA1 abb2ba77fbb3dc23298feeb96d60b0f5c67d4b94
SHA256 bb7ba5f7ba5762a5664ab18c3bb4863d9ff118cb6c6ca4e515056983014e0a32
SHA512 4309c3e8f226e832cf68e9de2c8d324023b92bde385229b54330cf113a95a124a8493b0d7e75e6e314dad6f1f49af3f827695b754b013b67fb0015de522898e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9671317bf2072377df40b0b0113a99ed
SHA1 3eb6295495848a2a5622a70b9b321e4a8d81f39f
SHA256 562c3d3e1e99079a61be54568fa6e2f8e616f0cfeee6863fc90ad21305398713
SHA512 0e58c6b3fc0848f83c1f4df45a205eef7927539163e0a98781d0422192c5af56c8ba35f46a289ce4746f506871c3027530e8f6897e10d2cde68d4612d2bd1813

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ef239de90088e1d350b01f820fb6ba17
SHA1 47c157ae8f766b540398b27eb096e0a4767542dd
SHA256 4a17b86b63ec28714d1064990bd7030a091c090af8361a79ba41a83a0e569add
SHA512 f418b4826de2d79401eab395fd987fb5b0ec4b8b8ff52b0f70c168a5256e762fb4f050df6f64f037d55e3f85286aa3ee72595115259e5f03aa98956e0caf6540

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fa4cda5e2fe8b69aa1a92d03e9934223
SHA1 72d69c52c24af369bfc2edd6ed11099f28375b3a
SHA256 018881290b2d1fcca6fcf7252612c317af6fc99b8f20a7d46d35fe6df8ef4509
SHA512 1953a29be80527c0d8aecbd1e7891b78dda6c23f6931b806a5ccc73942282b913abd4863547f0e28dd9183d032854ffe14f233d912810f58074bf67cd7539a73

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-09 01:45

Reported

2024-10-09 09:27

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe"

Signatures

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_d2feb24c2d3b69d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mssmbios.inf_amd64_9fc7fe03de136fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scsiadapter.inf_amd64_efffb8c026d3abc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vstxraid.inf_amd64_300cb04282659e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgip.inf_amd64_90ed6b3fdc759a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_fd7b06296b7ac679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_46dd0342577f43cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\PaintSplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-400.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Large.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Portable Devices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_32x32x32.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-140.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookPromoTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\MediumTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\AppSplashScreen.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Eye.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\MapLightTheme.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wed3937f9#\9e1be8aebe4ad662b0eab9d59b87b087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_dc1-controller.inf_31bf3856ad364e35_10.0.19041.1_none_853d221fc52f54d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wcmsvc_31bf3856ad364e35_10.0.19041.1266_none_b3aa3849b7de2dfc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-onecore-bluetooth-hfp_31bf3856ad364e35_10.0.19041.264_none_e9819b76c56ac9d4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-winproviders-assoc_31bf3856ad364e35_10.0.19041.746_none_1528595196b6dc66\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.19041.546_none_a0a14858c07bcb00\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-web-app-host-ext_31bf3856ad364e35_10.0.19041.1_none_27f9ac9e1e27585b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_10.0.19041.906_none_b3d883b27a44bce6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_10.0.19041.844_none_44e2e924588745bb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mobsync.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d4156ca4ac1e8ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_1201ed76bce38b9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_10.0.19041.746_none_4307d8b3f589be78\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..datautils.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f40e51f361f89565\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_vhdmp.inf_31bf3856ad364e35_10.0.19041.84_none_8673697827b26b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-d..ier-tools.resources_31bf3856ad364e35_10.0.19041.1_es-es_82d656ce9ae127f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-pkeyconfig_31bf3856ad364e35_10.0.19041.1202_none_c07f390521430f25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ernal-adaptivecards_31bf3856ad364e35_10.0.19041.746_none_9b1483f60e0f7122\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_he-il_9f1826237f70e5d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..italian-autocorrect_31bf3856ad364e35_10.0.19041.1_none_bdfcfdcaa8511603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_de-de_417582fd0561da77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1202_none_26ae8647562ae5ff\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_de-de_30f77d836b1b94cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\406.htm C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_sl-si_90401850c469bf52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_10.0.19041.1_es-es_37def251b58edeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cloudfiles-filter_31bf3856ad364e35_10.0.19041.1288_none_15222f9b449cad62\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setup-cleanup-task_31bf3856ad364e35_10.0.19041.1266_none_b778c19af878966d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.security...cymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e9441e012d5c297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptuiwizard-dll_31bf3856ad364e35_10.0.19041.804_none_a39946334bc3ad6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.117_en-us_1b3572f483fa94f6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\WebNotesContent.htm C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_10.0.19041.746_none_f5aaff8bac37a543\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mp43decd_31bf3856ad364e35_10.0.19041.1165_none_33589018dabb0088\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.746_none_2703bed0ba809808\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..anagement.resources_31bf3856ad364e35_10.0.19041.1_it-it_480ce55d50e4c09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..maker-mof.resources_31bf3856ad364e35_10.0.19041.1_it-it_e2cbdd05bfffc26c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-wsdprintproxy_31bf3856ad364e35_10.0.19041.1_none_47845d0f1fcc412c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasman_31bf3856ad364e35_10.0.19041.1081_none_e1842ff6051356a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_uiautomationclient.resources_31bf3856ad364e35_10.0.19041.1_de-de_c03aba297e179147\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfasfsrcsnk_31bf3856ad364e35_10.0.19041.84_none_c275b8df9f14af92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmmts.inf_31bf3856ad364e35_10.0.19041.1_none_b74678889777cd67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\retailDemoAdvanced.html C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..t-console.resources_31bf3856ad364e35_10.0.19041.1_it-it_b233a97791bf91ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.746_none_faa675a077e207e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_58b6eeb326571c20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicesetupui_31bf3856ad364e35_10.0.19041.1_none_35b852e63e427a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_10.0.19041.1_none_4e3242d2283f5d12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_tr-tr_574408f40586c01e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..k-handler.resources_31bf3856ad364e35_10.0.19041.1_es-es_34d19a4c20c6729f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\DefaultPinTile.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-undockeddevkit_31bf3856ad364e35_10.0.19041.153_none_3063e84316f81cdd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.19041.1_it-it_7e50ed0bffde76fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.19041.844_none_52d476a2172491b6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b506077ea9e14e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_miguicontrols.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f19d1464b590b71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-globalmonospacecf_b03f5f7f11d50a3a_4.0.15805.110_none_0022a926983d7d38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Security\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..grams-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_0af04cb6d703a106\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..pointmanager-minwin_31bf3856ad364e35_10.0.19041.1_none_864c9e3e6c9f9e12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..n-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dc2a1b37bba7890\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JCJNKHJASLNTBGZ" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe,0" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6f648ef72a22a7904da3de08fd4a07b2
SHA1 6dcd74b159f584c64375b97d291497ffbc7d34bb
SHA256 c210bf789f938a56da9dce3d5875d54c05f9cec2946a35ec8eb3b36d13a47912
SHA512 c0a5c9d8f852eec7dc40dce74346c66e85eecd2f21524a5ab3ef88d938d373fadbf93d171c0883b081ec1a998180a949ba1d33510751baa2e81661d2cc2c3ec4

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 f99f517a9d62044a6ba96e5514ce99e6
SHA1 59d39f93c7f3a6469361e25f335f8115d3cb8248
SHA256 3216891a9fedb9e9a02e4fc32b56c2ab5f8b6ea013e27e1d8ca26e7f05642961
SHA512 100f3118f495aaf087fb638314a5572b5ff06b147d206c6ae7f5b6551b97e39a514338709313c224acce7b2f735adbc51701676712eeba50fd681b86465f8c2f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 c61f23b5064d8ace52c7a9d2a1f9d6f5
SHA1 c542cc794fbaf99f357296e21fec5b03cf6c422f
SHA256 fca9f9e32eb67b0b48dda2e7d91fe2d95009af4ee9bd5cdbaa86d2e5a8797b9c
SHA512 58ecf5f2a35776b2c3b3a92b5dafd454805944b652b9aefe566ce6ca2cc99152f31f6be18fdf6da45b6d909f0d51ca0a9bedb1a7e9141c44cc9c9269910ce2a0

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 12ad81c0c89e19ceafdd317fcd2769b2
SHA1 a76a74fb2dba8111f6e58283f8701c5551ae4044
SHA256 b302a590431a881da2e4af6641c95d495c5bd878d0394b4fa211b4353b080cc3
SHA512 c76c035b08257e08a8661c6aa58f021dcc2f957ae0a8bb40d55706a6ed5d51249009bd23707903704a610ba28dc5145c421146f76a87bff0a6ad3e7da274cea2

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 93431e201fa7cdc547a8760ec6e66172
SHA1 7eb9b7ebd2e73eb36172fa2ada49009e3785b215
SHA256 5758e6948c6eed2e4ce50dcc82f14b144bca3e65d068da1358878021a06d1087
SHA512 d8098b865e247f2bb3d7ccb3c37af41ae6ff78273f7fddfee626783c1a2e9e4e50c87b9cedaf8488ec8b1514a73ec597c77587f2d69f6d4f9801b6d887e2090b

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 8e8b032e0191e6547d134912394236fd
SHA1 141104987db64d95dd0808e246638bf161c80464
SHA256 e01303be9a422d33cd64bdeb7bad0a088131ee2e0aebef32db9ed414ac6777b5
SHA512 afa19ef2883290d483161e03c01766174b0757cc49386775cdfe46093d72c55f010d47387ec454e8411ebdd9918757c9e6503b1b14836649c74af84df05ccb1b

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 c26a8789205086eaff5126881cd994e0
SHA1 dc41eb24def8cfc232a96128ff0c526f3c430ac1
SHA256 ce204b722902befee63b7e1d1bfe9981630d6c6d8b20ee721e9de9f120316127
SHA512 6782a86aba9ffb2d4795565411b18353c800d9bb69f9a9f04e9e5c915bd8a4f24d90c85ae09563af1818eaf406a5bf67fe9637f9de83cc4f522321106dcfbb33

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6e2d68e2ae9ad84ead8ae1d4dc9ad398
SHA1 bde90b0d5c11d76e35b49480749679443e4c6137
SHA256 5fea6042b73d0325aa22842f1b706b1e7e140265175b9b62a4b1e56f3e1ef460
SHA512 28b7ec575c4fdcf4a79d7940de2562e3415394678143b5effd887c128e3666ac641c2e9f82bec79656ac2076a44a599316e3ad1c76d49eb72cc3e27b8050191d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 76b8a1e47f54048dbfa66c446d69a4c4
SHA1 39fc432bbf946f264583e1309fc7a70271339f23
SHA256 10147d2609a5c01a1a927647c3628671988f653fb0078a77813891eef5917640
SHA512 3aa34fe5b43abb9eb2ee9908a39e061b35fd083ac2ff489473742d75bf84d526556cccce4e3970c76377893293386c6e3d1454ad531e34d9f48b050aac3ac36d

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 791f352d03252db98f8e515071fab2ff
SHA1 30ebe87703c558a4cdc2291804c2ad798b760413
SHA256 36737b279d36a47ca2b816b1cfa64d93f29bd9eaad57476d21ffb1c7ab598a40
SHA512 390fde73c9fa9afaefb968df5b7ee99e277353379471660590e38b42c99d0525ace52188355a23e36c4d758368e23ab5bf1326105fd7d301098beba041c571e1

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 c21d0bacccc825dc2fc6903f1cd27ded
SHA1 b42e35e7a4eee92a0c87586a86b3a8b739a8e506
SHA256 3b6237d584abbd8efba8000470faa2151ab5b0ece50bb179dcf7d9429e19b730
SHA512 8d34af00b2d4e3cd41a972564f9f4c5361d40ce83eb04ecb97d5e0bbdeaaa9f1dd01f6e6703dbcf6f60d1d18ac5e1cc3e002c041248a9523d4a609c08d0b6f50

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 1812d70257f4322227ab32deb1c3b641
SHA1 73f39d0f420bf37818a6bbffbe632beefd1cb8e4
SHA256 7e72c2ab91547179dd9ef4e58014afa2538bdf7f08855a9f2f58249213effb52
SHA512 5fcf6b82bc7b02b2e4b9a262d8fb9e6a215d303ce252dfdfb663a9d07a3a8645b033cdb25528fa60bcfec561f5c183334c76b6121fbb7ff36e854347d490ca31

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 9e01186ba6ea3a57e16c3fc6db317486
SHA1 c87fb0fd92adf763f61026408a633bec0e3933cd
SHA256 f276a348855d5468e91ec6af9a6f3ac6e603af831efad15d15626ae9271cc096
SHA512 01600b30b27acaf9871e96e44994905492bfe26d06d1fb3afca72700f7efc4b5c4e44df054984c88102d435b5d6482f77376a5e083e5934c15b3d8cdfaead840

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c8577bcec9758155d5e326292f90f1a8
SHA1 d3ead5b8f8d612c777b98108cb67b666581b15aa
SHA256 a67de0664d9fa2856ad2c7f01553bc7863c731164151e688da0fe24449d50414
SHA512 7c954349c290faf121b3c0c7d752dff3269a1e0888090299f13da5940dbc22e261a0f5401530c3fa45bc31b0f47a18efbd0fe53a54fc6700cee766ed08f20091

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 8f94b63898ed5c8545fbd4bd9af1f95b
SHA1 0c7ae8f401031af215a46e9f34f6e64b186932f8
SHA256 65eab31b300ce45f96d46ab4e8cf4cbf0a1e22f86fbb2769a3b15e65c5d347f7
SHA512 09818ee7c20e7c8a80979634e3144ec4cadbe73b2a2affc6f530ef50b313553dc672bcfa521799a2fbb4ededaaa127c60488e58d7d4b1d375ca74fddfc468105

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 ea6b2b5c3b42d54b6d6b63afafb8325d
SHA1 114ffb9f23f0bfe7bb32957668f5d1d46c603a70
SHA256 b12bcbaab8a53845a28b3a9fd054d5feb106e04dd8a845555b95545878f09deb
SHA512 e4b9a762ba0b0d88ff1eb3a02f8280207b2f387d767a0fc8634a33ef02e393ee52ebb3c1b7c6c9e2930148b8a6786e7aef92aab07e966a19a96b861b77716959

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 e731cc92872ef61eaa299ddea4807124
SHA1 c40382086ebdbc517f130625d72348b879e60c36
SHA256 fe919e967071f3da87b632278a53f94263f61a9fd7d38d2724926b970ab475ab
SHA512 cfc923b30bded6a7172cd6d488076fb031cca2e63cde746c077e569b1cba9a4905a148f622450090ce40bff02852d9d528517c1817e5ffa430c8b84b535d7cdd

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e38a6c1cfc4d27686970e550b15dac73
SHA1 bfafab72050b1063f3e196b9239f71d12b5ff3ad
SHA256 906fa0848e7d6301e340dcacb6b882679f7dccb16d87dec94409d4e7159323d7
SHA512 96b273b89efc80214f623eae59b1c465ace7540d0222b658ea1dcecef0a7efc12f2a6e0d7d2eff0e1d186341de4af2399ba2a969bea16aa87ef98efcbabb0153

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 35254b82f147a444d66b68f8cb229e84
SHA1 1471f41f6b3f93511af0776b7d4bd92a36989bb3
SHA256 f106c6614d16a2ec5f01dcf7a1454152d0c16c347930a2eee9205ac5c94c5f83
SHA512 c302e58e9bb6bccdb6d7821dac97584329086b1b5bed105ec42696ec05cd466f78118c6933d682a157cd4df24f4f67f1851763d6e0ff04533b4661a2892c4114

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 87f1a3960aad99153b101e20fd022164
SHA1 58ae7e52c5bcb2b585a25bcc21b8bc70424ee054
SHA256 c6f0bea195ca662e4f2ee6b8f52c764b0edf87cd42d3a8c32a034b5ab8aa7f09
SHA512 50dd0d38293d637fcc1d10b0efee4b893e43a43e1aeacad696ee28809726752730566c7b393b9fa71d9eb0af3fd8f8e527c7c3ce08bef339a1dbfee107c1f431

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 cbae8036b0883d3b6729112af69872dd
SHA1 34059759a75639516c720812fb8411d72cb1591f
SHA256 270a4913b75a6d52322310a352cea9640b6270bf6e8d7835fdc92ae857918ad8
SHA512 096a732f25ab29370a54e5be6eff070d06a61920ca1bebd1d40e4858594cf434c7c3ddf3c8f35be513d73403077fe6382cdc25843cdcd78d5021cba55593f7d7

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 236e6066a32dcfac3b1cb7cd96b5a946
SHA1 56cb27662339eed5981f6d45730cce7a0fd7936c
SHA256 e2f080aa26199c73257be013704e3fb65cfc5a222c6712a5327daf49e5342668
SHA512 0beb9ea7e5c82986ccf9f9dc994b1b0e5bd5edeace149a5b14126b250bf4ee460b1395a31e00adfc71c847b0433e49c7e5c2f18583a67cee21f2feb0531b21a5

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 eeee4b9ccc2dec1ab54f110425c61fa2
SHA1 39fe26d6c40e1e813ff63c7d620995d417b2f5c8
SHA256 03dff40e7b9d5cff5815113d9cf4e61db0a47819b2cf354279dc83846af501cb
SHA512 ad4da652ae791245cc468f2a8cf48e474bda5b4a2afff70a8c151620e5b44c51f894a08edc4ce0a2d3877e7467ee20f9936aba4db6338f905fb0f5f14c34d39b

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 5c8986effcd3bdfbe9cc73ce7970cd03
SHA1 f784da9b6cb6524a2896fe1075069f1428af5df8
SHA256 a5cfdb02179fe9545316646cc1929f001c9a527c457ff3c2a4ab9791bfd56113
SHA512 c181c47300eed4d03e45247e20cca405b1702239c12e41c390a1c029e2b4fe18cf2a4f891a2329d49ba3a0a659917e09a74950edd25cd55cd01d9a2d22dca35a

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e000c0f0e9cc528697346c2b0f021751
SHA1 60c70a2c8a9f74ecf32c2f4b8079d559918d57e0
SHA256 4e81695d7cedb3217f207411737825f75ddbc92a1ba1a434098f8e4f0c437386
SHA512 08ccb4de395b4fe0dc4d9ce389c73ec0a813101d78e671a9aab70521e811860f31b4e2439e64490ed2bc4caba0d72e1433f9d57d1572f35279218a3a213767e4

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 2cae4959dd6cea2c884ebe12ddf80fcf
SHA1 d652e03eb80d975f663f9f18d3b35d4e926fb32c
SHA256 7107938aa41501883428937c5855464eba04e48f0628231da0a3ca648d8b1227
SHA512 3539e56ff1f5c48eb3d09d4a84316b5031c3cb061d03596320a23a5995492839f89adcd6836c888394d4b14bbbdcc1c9b212a396e7b5ea5f6943778cde49a35d

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 2d4d9fdb47fbeedaf5f5814ba51e7ba4
SHA1 5d9ada906befa15fa3e3ec5b4cb4feed3a9dc9f6
SHA256 fbbe25740142f58c15cc861447524eadb699ce7ae08438d2c55e4616872462f8
SHA512 c56fbab959bcb652473db26ae5192d046b5345617a85dba39a3fa9a51ae0b267dab6ba8af4e0cbd33f7c2152be411be00ade9e42abae06ae73510ee7696f09d7

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 159a936162c07629765c38e5a67bce52
SHA1 e17d0c687c8c8c9432856510dbda534e06853cb2
SHA256 05e1a77b21cc273e34715bd17dd249ae23b5257d9b10e5971e44a06c1daf0ad3
SHA512 2cdc37b897c6b913cd8e45bf916bcbb0d91677796c31e0f60b28e3de4995e75ce31a66e2957538635ff6ff15c6b21d65fe246d79a74d6eaa790ff661908f5878

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 096a0e55ff6d4aa624680e365fa05fa9
SHA1 89dcb5bde03953783a6dec7d9528d0dfa7e6bb29
SHA256 031b6f5c9653bdd22b3cd844325038a4269b7e6f757a7cea9349a1a25a4d1b88
SHA512 88afcc4b8a2299d75837de042a2cf839a9f9c2847ef87f429a5bf7f37754bb25aa7b6834ca044483b04752bca813db67ed240e8ea4379d6670e026bb193a8eda

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 760bfce3e33aa829236ea16810957b11
SHA1 92fd322c4756b08aeaff060b99d077b739b1364c
SHA256 e96c3e09a791996a13e79db189decd1ccecf215519159ec2719c0bbdb68e5633
SHA512 fef98086dac1e026f93ffb789624ea77181ea18ec708fa7b0e63f4b5ed6b6ec698bd7dea128e64de172b9a869f3168ed16b49c5e02a12246fe77da5b5254ec0c

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 11c2773ae4f6c922300f3dafa02e3137
SHA1 3f3df23c411bfd39a7eae5a7b420153504faafee
SHA256 eb98f2fac9e4793c07061678c43b77925eababd2f0de5f943285d06391ecbd9f
SHA512 f7dc9b4c7bc02a2d0230b65499e692f1454af0f75d478a03c1bf3e3c2994981cf9dd3af1cf478e02e601f7ebd96621a0c19e30dd31336dc127799f24e38f4959

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 7879594139b3d984065fae756465d400
SHA1 dd9e568168254631d37284b7c6bbcbfb340d3202
SHA256 188fcef05daaf4c829b6dc929519c0b267aa652803da026f39a3dd9ff07e6b76
SHA512 a5535e743af08b006c4c396f710e23515d577da1afdebefef54ebbcc8ab0b26e77e14abccfdf743582185fecff8b045dd3c480257133efb9a6844063713157bf

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 fad3ed29347b5ec83e89003bc7eec4cc
SHA1 d0abe76aa10f1e8e88f9be47163ce39e84ae2d8a
SHA256 b6b90713cc51784e2981fe60c22c14a527c666008a0343222e992a2a2a52ac50
SHA512 1bf30a7fdf174bc8df356024e2bcb5471642a4d8166e7546eb1d3ee56dd92d0698cdf7590ef6313d6d24fda80e264b5f7343dc4a2d3563408c9b953960f1336f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 933e22bd4da6eee411c2a42b076269fd
SHA1 4ab0cb5790f3646c81589800ffd84b46afccb206
SHA256 7ed7533292f759caa6eda35235cd094df17f97d9d033344bacab74149ae1cea9
SHA512 83fffdbe861094f5713f2012fc1ac034484f956fc9c33e0e78f6ced11f78c31018905f549c760e44bee96b38e24b03f1073f8838530be22d4649a6bb6dbd0b78

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ef3f7007eef7c6f242aea0499dffdbb4
SHA1 58c988d82301408be8ce9fd66f7d163427fe18b4
SHA256 33584bde8e8f648d57ca596902efef58acd10a0f1f360b32e637a2b95342af18
SHA512 bcffa6b83a338e361f44aab24df1d26143a3bf1dd7b985924f4b2b1ddaa3ed6bbb177abd16916984fe8935ab1fb71fa58d05a66de2e8dcaff20ce9df879d6f05

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 7d01419d408dc0fc7cfe51e59abff322
SHA1 f64852bfe8ef7b9067e08cffd5714527bb6d9bb2
SHA256 a07c0354b2adb1fbaadd3d603e9679a35870fbbbd4e7298c462be0398b6f9410
SHA512 3ea314dbb7c309c089193ed15bf880067604c3cff7e812b88d31292144de274c5bb83299cf54605d741dfdc67e66a42f0eec8297cfce83f20bcb0ef73acf3edc

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 4329f453c269911aefebf33d0f65f7a8
SHA1 34694c445fb967a101b2de74f128b162bb300f7f
SHA256 a281d74c2e8480ba7645ab73556ca6e987655a46efda1bb0074f8de10dd6c9d8
SHA512 1927744ce46a625071de5e7c197578e11955b829530e529ee1db96f4b8737fab0e1f2638e30e1af3838b74a0508e4fdce2bcdd1d0f812b547c3a0b31065a396a

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 6ff6ba48f3c9aadea72b2011ce12e350
SHA1 98a4d37da17bc6c6c5f468fcb0ae9c977891b333
SHA256 b7bd896cfd1689d9b1d6f67389412ba35dcd32551f0f38cedb8e8b1377e8067b
SHA512 828a65ab3c4e363fffed6fd1b75c5c5db722039b0008b7b9d5f7de3e6816854d831173aa301b2df24685b2af1da94d5db3a272ed4c88fee0b35a7ce7f8629896

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 9c7bbcc040d265271f153c67dfa4e2cd
SHA1 d1c71b086ac9ac32537113b05248605813942d7c
SHA256 905e2a4bb112ef9dcc2a00f43d73d21b4cea9868e8b08957000912b784d4b153
SHA512 b95ea8529c1b55346ca95fda999cd566630083e48d3b325c8907b4118c59eb1004a40eabd3ce108ae3df8a893c96f22799f54938c185ca623c9c2a1f5ae58f8b

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c59d1091cb9c08869022d359bbda1d10
SHA1 5cbe6d8c3844539c415ad1dd21f8cff48c7f0cd1
SHA256 073284ef450471aa5c17da8098ed395017f658b0899f4325b19b17ee19addb85
SHA512 36c3f30b475bc91b5a1f491d728af0a535b3dfcfdecef18dee261449335dc77555cd3b928adc77c896bef5346f9de52e21432729df6e611fb47f25d38385198f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 a1bb091b9785db647554271a8b1a238b
SHA1 a33fbd4ad0dff1ba182758b3f7849b22dd537e15
SHA256 9b3e58ded57b9856dd6b7d3af774487371884742d2b00f887babc6ff1b7e5579
SHA512 c4ac927bef3f65443475ee5ccd9e1e868b60b8cfab449b4fcea49c05056f26b7550b610d7afa1772b71f6a0da23a1676edd18a3417f9570acfed70ee9ebd02a7

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 be2a916bf667eb32b3e9a1240738920e
SHA1 028dafd591b961446e397aff23119576734080b6
SHA256 238b610827f7fd1a7988f30259164bb896c9bd369767e6f11a3be603d6953991
SHA512 328032a98e5f2b3920dffc522d3e5807112f91fcc810a0b80311137e288f35a08f7a0c2903e83ee7c8ee02bbf03bddd021067c9b87f0acc7caf1aaee44ba8375

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 7912d921ea1c5817609ef33d195fe250
SHA1 9b9f6aff13ce825c60ddde2b3a1a87943dba1690
SHA256 9e2f7471475a90ac2299254768d23b3c5c08b482048680f57f22cde3b475dc26
SHA512 5ec15cdc6ae73540d54b971017690438160db0b5329cc28e72308a5f4a405bc653329c746134e3a4c7a487c6e4d4e8996ad2a744a3756f3c29ade6f4cfa76278

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 01c0a0f5d8cefffedc8ab9a0005d6d27
SHA1 a72408f17cc56e0cad5435ea444b51fcf7fb421f
SHA256 41c8a8a0d4ae7a59becca19774cc4771221db8ec46e9dfd0df35e22809c3e4a1
SHA512 061c6da5b02bb3a771a46dadc16df5c6b5b6f996e423ca9401b985c16403ef192b74401a3b5911478206c244e68cc6c9ce4242e5b5e56184dd0affab199b013f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 2f66fe8d3f8ded2765e3455a43af5faf
SHA1 b30eec945177b65f5de21a7ffea40f12a5e59600
SHA256 20e6a1960082a96466b2a78c5f6892fca99ca466c41d473352c85eadd7dfac47
SHA512 93d449c574657dfd69da81a1698d368e1609310e4de4049fa31a413bdb558effdb399e764259d09a40828c4d6e2371e59aa31088fca7be2ab30853936de78bbb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 94f6a63ea99178366fd82587181935c7
SHA1 31dc0f0f4f559484abd8dab2c98413b6d59896bb
SHA256 dae52e39ced324d31677129ee60ea044caef41fd7629c053e09d20bce57a4b8f
SHA512 698c9d5aed4f1dadb943ae3d4162f123f07a4f2358eaf528f749093be29d892b26df10f410471fd175d845cadd8ecfb9848fd8027b0898dd9e15a6eebd45e86f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 efa7c554a896810ddd2365ae170beb5f
SHA1 76795fa678065b9bd13942b6e148d6ee013fa1c1
SHA256 bc04021ae8c78df8bfe50d05a040faf14d121077a2e1f8ac4e7fe90c96804555
SHA512 3257996d2e0d450c1fbfb51add003c66f215cf533ac99316b7b047d6e69e7f7dc95fbab0d9992d4b9a00d3dc6219c47f3be56ce7987a09ebe007426952f2b260

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 0356c0637e9638a08c1bcb0d6c3798bf
SHA1 77ddcfe544492b6bce7b555d71d0666a94f9996a
SHA256 23c475df1c02463c3459f13cf611ab3f67370b5688a35f890b3d2bb4350fea7a
SHA512 390b92352e22957a01dc59ec110e768eae6b6579ccf4424de5fcb581087028ec053544be921b09e7f1671427aad5757ad171762b2a741510f5aabd05a0822c2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 738444dfd467772b26ae7fe5a9f7095c
SHA1 12cdcd9041efbf5bbe9f0b0e905f08129e94372f
SHA256 4598f47ddbb3fd95afa2c28ef48794fd278954059ba7ff87fb6f399c8123c617
SHA512 7127abe79bb9a264b6e8de6f2df3ef1f5b51b8804c6cff53b3b868b4eca78c9c741c336f342fe1537f0939a3259383e4fd0edb1aee511817df63f664ae0b1659

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 41580aca1756c5ac7fdf37e0db835917
SHA1 2602644683c614410a1ad1d5b64c635f42f3e1eb
SHA256 66d809b9d8e356a641b2099ed689dffda359e2124bab2f590e0d1c30b5554ab7
SHA512 22a0e89f75ab3893419630d5a595112b8206b1f08435776d64a5a0fae26b0f308419ce6bc194e23a24c99824499af4558d9c7232ec6e2472191e5b1b96fb345f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 71d03f43cc632ab87d20007b066f2cdf
SHA1 93cafd82ff75b912d3aa54fa0bce37a51cf853ed
SHA256 8c6c62a11eadb70c849f1e268c2466e535ae492fcd4529497938aca1fddb4dda
SHA512 63af6be5acb464890b6a98d0e39ac6a31e9d550a0576e5eb47657bf8776b61269d10380ac2c5e96510b93b275bbdd05a9d3be57bbb1913837a0127e3905fe752

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 ce4d1a86ab2836c0c06b83bbe8a9bce4
SHA1 9c28a3bd2199594d7b5a21d97d1175407bb0c97f
SHA256 4e720ca49f2e982a03f8230090ee8c4cf64f5371032cce7dac21ef1437fe7f7d
SHA512 6a8d0f8a5b5826e4e489bac2fe329a6a7b69531917adbe5db704278404ac542b1bd40c683046235f5931824b7fce4a51de0fe3fbc92f667a79a440afa7ce9037

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 2f302d76d26c39ba701abd0d3403bf6a
SHA1 b4e225d2c495af566666825ea59fd8954ae7788a
SHA256 913e825a66dcc26ed12f0fea64ecd7b45022a3da9fe31f9c8950670f6823c9b8
SHA512 62b17c181c60697f70e7a09420e5c90523a21622d2f2f948262c301c596ce5c8e9311d194ab78117cfea1c6dbf24b75bc4b2e089162cb59bd55547e51537dfde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 864bf0a4ef8332e0c79ae9ae71fc2fa2
SHA1 61ea8655fe15f6e9e61fee8b47b9f15f2a68f9b1
SHA256 3e2d83a07aab9a33dc445081bf7d5c8f5fe90694e5cedded7f5f55f9ab3836ab
SHA512 c786a7723dd9ee7f959d45a701813678355bae6f56524e9098733b9101436f6caa62fb0b90aba85bc1d467e0d0cb34870313d542f285d0e54c41f9b6b1975078

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4266f7894e97271e325f0bd02588c4b5
SHA1 a06eb517ab4f5b5f9851f6acbafea5cb40c9aaf3
SHA256 02e505cc5423368b15deb986ce3664f85af4cc7c986c6980a4d3b7df351ef0c3
SHA512 d484a8dde49a4abffa782e9a2303df73f243c21376ff913ab636bede59b5974c4b4fecb15694c86a9a5945fc0a12f879c72d65bee0159a47cd7d7e6b7dd54679

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 8165a61c4b870b8f102fbf559b2f30c6
SHA1 6c2bc7effa1988d991a08be0b520c23da74e042f
SHA256 23330b5586a4d0a73295b5d7f6dd45b7f0fe6bf00075c23a61131ce37109e018
SHA512 6fb5ef9d69e212a74ba75160b332abcd8f83681650ceda7a57597ba045d3469bc0c022cbc85b5bd9c3afd499622c3cb961c785bf12ae4f0392ccdaaddea30a90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 a9e76af50f55e4039035e7c283198158
SHA1 f65851a2b1d1ed15a5862e502816d84d670599a8
SHA256 10e89ef192a9178085e8694bf0a874d2b380c9f627ea24b499079fd47976c167
SHA512 9ebc2bbecdab02223caa894965855a9738778dbff59ae340f72fca9f68674b371051d2ebdd9190c591675fcd75cd614ff17b168244857e5539acfb0092317e43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 7804b73171e0a2995d6b478fb2fe609c
SHA1 8d6a4564f137579d39679aaf85ce24bf5dee7a44
SHA256 4fc1114f3a6785e20de11a4a420abf1341fc903f7a16e03877a5d9411f1bd736
SHA512 4c37ff05153957634a2efeca5810da32799b6986bdc37b1a38db5ed40e38b50552a54fc953c858061c58c647d9ff5d58b5902726eb521e9ec8a0736bda268a40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 8e60b89bc473d4ecaf2d2db35d052208
SHA1 70038724b50400d888e71e4bafb78c6ac2aba697
SHA256 7ad47c85d6a1ef343ba32dbbcc86adf22da36967c3efeac62769d7bb91de5916
SHA512 8edbed23e43acc763f69e798a81970c50502f6d2cb13185a4c2b3f990ae4e36b58eb991c6ae5d23ec7eb13e107c98ce5d810e0f0722496780b7e8f320c3c07c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 f35dbeb4d1cea5adfafa45a7fd7dd81e
SHA1 e3f8920d071a99ae0e713d186fe6c494e179519f
SHA256 948b3f076b544e5809ead48d5ec9f1801de5a0572af3a2fed572119f547200fe
SHA512 156422d3d709319c2fbbe97b05958cfb485c76ab98a737a713ec0f0e7eecb43dd643af1579e249dd7f3ae06b88da60c1b6762176abf1ab58c65549e0276d455f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a9bdfa62f21a9c6c74f5cab53a438386
SHA1 a762fb7f230702920079e0f915a261a480a8758e
SHA256 dd1fecd9a539bd4730a2c7993b9a2dba8357b9e29217864ae7d3fbfa71887e84
SHA512 c82e20f09c2d60ca8fc382d4d20702ea124bfe71dd34c7efa80d957fdbcfdcbc7abef37f25cfc374006ef9bbdbeca39c7a67abfdf07a05d8d9365e3a79fed5c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 46c7da46d8dccfaf82e6cc5660085182
SHA1 30c5bbea36bbd5092bdc264fe4d98810a6cebf1c
SHA256 e7982bc598db1b0f09740297d3487a62b21311559d0e9f38058061d5dcdbcdd6
SHA512 969ed7fcd1733f8800bd84c6d2f4bee2c0b8155633b300966dcd70c177ba5fd0200495d2b08c266e4b355e9421d8abed2f1abbb3d72e923ff663eb5c835dc755

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 af470b8978922e0cfa656f347d37ec96
SHA1 ac3e90a73dff8339589eb99d15da45b68cbd2502
SHA256 e1977d37dfbdf39d1fedff265f1fe78b0030402d28f06983c147a0816af35a8b
SHA512 4f3349659ed7c8269b8cd1353d17e00d31cd3f84b7a8dfc8f606bb446a820463fe56e5fb4155017c15d91307fcb563c8df6ed2f26c3c072e276f850c0d58dc06

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 e18800ce785a7c608579e47b369776db
SHA1 682697d1e856e80c063978b7bcded262a50ffb22
SHA256 d51afc49e6234a438a8fadb7bc0ac6188322178c1a84705b3749867dfb86a10d
SHA512 c0491d23b09f668442815d2051b99640c403571c593246d7b0e2933cb75d9a1562016a64fdfd1b99c12e2e8310d77db119bb21a56f32347a31f1915e25cd9d1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 a4a9c1aaaab75b89872e92bf9198a0e2
SHA1 73b37affcb284929727ba8b2f6a1c9829015edd1
SHA256 ed6d11982af40dbddad98a14859b5bc630876e273f9092ea1f9c474d67bd31bc
SHA512 5173bd3cd8a21f33f5f0fcb741deadb86eefd0c0e1fd786cd552acf7071cbac77a1487fa8dd0a2d9dc53d4d45ac3a36cecdf1fe28b55681a6d5dac6d016892ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 188c88513d78a41682b6288ab222ba52
SHA1 03d256183050ec4c7c54978c0a75a696f91a8f30
SHA256 ca9d5f8a7bcab6a21973be3bbd1ae60b1057675b91e7ae15477f62efe3825a22
SHA512 e95cf433470c6150273dc9e100284d1a5b0b2cfa61ce1021f6d71008d4bd730690935e0a0cd860836cb86f79258dbfa248e421932bf8537de1c6696ea1400e6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e3e83904bc3bfb948c3fd0891deca254
SHA1 775fbd6fd879474691a0846aae03975a72f5b704
SHA256 97371b374e53519384f62da529f60c5b1f786b79f115b69b768f702565b4cc28
SHA512 b890872d6894c34c82b239ea51edeb3c04439b458178ebbe322877bce527893050dde874de65e3b505c5d9833a29391c521f4b89a5784bbb2191c2a917b68870

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3f72c3ca592ea6253872e61af2c0fcbf
SHA1 072de84fe57cfd4dbf7207dff4439ab773388647
SHA256 6473cb30eb82ef3d038a72bf55f002b78e5835f58fb05511bb5d51b54c6c495f
SHA512 3ce9a3895fb59757b31643d1f770ad786c048a2c6a2e3d17e2ba530c5fa0a6e4d01413d9f4975d30226bdfddc78623b6dd9b35df73279a259e6047d53822d543

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 15e20f6e246d8b5f977d9157bdcbccae
SHA1 2df8e1dbc5381dfd4a10adefa0188f4fef1df321
SHA256 87b76128c041b5dcda3960c5af2451af161ba1820261226de991e6539e951d12
SHA512 1455d3b5c0cee20e6d6b4097007a7ea6cd0c8ccda60c96e800404145d84c12d69984f7e4e1c12a791c00f26c7dbc117e56921e72e0ea6faceee92c9a011e9529

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 209a06a10cfec6c9b73e877e9d9495d1
SHA1 c780ecd572bb426f9f314c529abf74388912cd9d
SHA256 b31ebf2f6daebe845ad445bcc2b9616823a1364c4681bb0bcaf8cf55be8c18a3
SHA512 483956fe4468f5787e6048bdeede0afae3ecffba625a8f30ee19046b9960118ce4c3e9739c244a906a75174e51939c86c770b5ae90730afc32241d93a3f15bfb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 604a4071f0fab0f34968a7a010f5583b
SHA1 86eb9cdfde17589c91c1946faf881e233a394ab5
SHA256 ad168aaf1a6f645c4116f79d23a1827fd3427bebc91d890d1b3e239d84dcea3b
SHA512 edad1f36c7aef289b63e47c1c6d4ce508974702809830efccfeddfed12c9bd31a3a2f1c6a30a2186b6413f7b0e5ac8c7abe1bd39b9ee8555c2b96566f16bbc5b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 b8bb988f127339e6c7399a62e6649800
SHA1 2ffd89983a04504b6a78a137e1c0b67ceb910f27
SHA256 8f8b3f9f52e98bb3d991c8e4bde1388b8c2d432c1b4b32a0dc851790582d6386
SHA512 84edb50f34fce65bfb227b2b55675bbb341f665a108e4ef6203637381492c8fddba157bfda07c2a93e2dc3ba588bc2d24eec6ed1179dfe36ad9ed0e95cb84ec2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 481c5193e79e6277fb2677f8c5073819
SHA1 adedaf8d6b23fa06d0850074f30504b8e2e09980
SHA256 7417abeccce42808f5711d553ed03cfeab3e832a9acc7c13e9b853fd51726838
SHA512 feb1877a1f5035d9cbae4c4e5bd35bee1e2095dfaac753a8a5b1016ad2adc66359da0338a1dc616c0e0fd70f6e3a2ab0a32efbcab543556f0f498ee4c91540ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 21fdd9c9ef4e34e576f02ede1408006a
SHA1 dc8eab9a1c98c997e17fde66394389499a7f94a0
SHA256 46a9ddf44ff3770043cffff3dbb67f1a2b705b5729cec0fd71f31c2084aa5a61
SHA512 c057966d3c940aecb0d762f41a60f78d7ddada295bdf2187e222e382a1e3376e570ff2e852e983f239bebb134a00dd6165e19f7d72c51ba41561e8c405d73a38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 8631d4b891f8cc07bb9b92301cbfe97b
SHA1 9bd2dd891043f881fe942104811f6172f653ef50
SHA256 0a0524637fac9ba957cbdfed6bc56c45e70b61b2adb8a2738ccf38589c48f39f
SHA512 e9768adcb7b378beedb59931d51a6b246851b551793b8ea81af17548423d66dd4c789b25523fc6cff04f2864da81adda737af892151afac6e38c73fd3825004b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 1fa4428a081a9808f8bdedf39d2176ce
SHA1 8a1db57c03359909f37066fb0165cb46ec574efe
SHA256 ef50fde200654a0e3ecf98fd599cdfcce675dda6e49e7ddddf37d7d281e9c99e
SHA512 929ad157be235b55d51c7ba6621d4a60b1949d40441e69ebcbd575d1900e77ed890278ef68407b508fe7edc2db3544679622d5add668d8d313003120de31cc00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 79a24a6aaf3d45574a0a9be7507e334b
SHA1 6fa8acfb8e731d7e2b52fe1d240818ba437c5d0b
SHA256 19fa505ff2290d16ff88e557880954fbe3ce06a7040d34a5cbc04965fdf7395e
SHA512 44e1c6e146b4396fef44eafb3af84132dc21891528887c856a48d7e32415ba901ec8b082a16a0d04d8b2b52111eed23aa53487efade1d9bc43812481539aa0e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 c0cbbce912050ea5d4e9c37035d338fc
SHA1 d37ed1bd1d2546b6be6cc38d99337f365b3a560c
SHA256 632285510e38207d4852b62844e5d0fb62bb6fae84ad0283c59bacd0368d2154
SHA512 62fb447f446a494b5da1a0a2347f8ab316418cd12e017fc8d15f8c7f000df4e0125f35bad567f4704c1041bc31646dbba02c7cceb61315e5e31cfec3cc1983dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 1589138840fd4f1d87040d911f14fbe6
SHA1 493d6be997cf83c76c2d5912b044d6b76d5e06fb
SHA256 2c2e06d600fcecc54839f38ce8074c2b31dd3185b5f5e03f92ffdebd3a8edf22
SHA512 5f999a3091af4f280d99f2f30017cb24ee83ea8529bbe763e641fc2edbf134730fca362f2988dbe68644fd7f419d07eed25eecfedcc4f54bb9a4c270bb9914a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 2804e7779ed624c9797f7c034c580b31
SHA1 b5d640510f200cec5061daee10750b8c3fa2e98a
SHA256 de4c646fc7ae2d5b3612d6bfee64eda7d28c07603023c8a1c0118d1cefab4d85
SHA512 db378f1acd104f87efb7feb8da42117b3cdf3f72421e1d08086efa575ccf725d525fd9151eeef17126c9dc369ae3ca5244d70347252f89bacd5afc1ecf32f012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 5896f1a4ef46eba3958de8c5dbf81858
SHA1 81cfee0cff091fabfe53f87972d2b963c94e3542
SHA256 7702064ada50bfc1b99533a0908ceb66cabec1b0880cd0ea2d75646301b75555
SHA512 dbf925c3287df94311545be4875d3ade7621d789124c8e0f4a6c3ddcad0179d72ef408fd826db3a48cd7f48d37725d27b1967b28fe5856e0ef5986856c0c7f12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 6da30c83cb826524cd1ecd8fa924a6fa
SHA1 7db592b652b63280b04ecf47b570d5ce9b505e00
SHA256 6a2072c79755f3cabaa06dfe99f6407b85924ddc79af6145ee83dcb4a8f6b03d
SHA512 25bdc7aecb7dd4325d8695a55383f48506aba90a2e378e8eb1f5705453ccfdb96d6c00c02f4f8f3807305bd1fa7fac44b035839beba555ed040086ce667e6caf

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 157054fd8bf66bf5e0a6967ee95b61bc
SHA1 5031bb8d3023de02bedffe22c2c7024f81bdf761
SHA256 4adb986dcce408dd57ebe494ba51f6ec6360a924a38e50ea8168faa3eadff3e9
SHA512 82644ff90c08707862751f2d5b290910b8d394834bc7dff36d2fa720457afc45354cd31b732dd36a6489ed493ac16d16abc68d2b3665eb992e3ff1401066d63d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

MD5 b6fee986d5f009cf8a6ca227bc2afba7
SHA1 21b0b2aa1b16e73a8fe8e6646912f6a518bcd295
SHA256 3897fc544c98a1298ce3879f78a42959c0dabf3a64b714e77c53988e81072793
SHA512 79c31a2bcd01844e7c9e0d04ff9e52270663a3489e15f8ff54a79afcf4e9ca0757944a5e211acdc1dfc45f7b8b1eaf9f8a886f7f64eda82b1b4250b40e2b2ac8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

MD5 750520bd7a8991cf069f2b9cbefc5226
SHA1 0b6d467a2b1bec9c49fb89537ad009c94d8e4c17
SHA256 435f8a22d120eb7e1cac15c503ffd04777f37de95fdd39e4a75b172b2f7d5820
SHA512 0464930965944742bafe38b6489766ea28b64fc57ec26a385f4f6801d3531c724ee0bf4a802e92f46ec681219eab7d296fb90632048e6872df6695fede2ac33d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

MD5 b46d5a5edf910ffcd16195e41989bcfa
SHA1 ff63b377e426e8c08d30bfb2bd37cb5ced8f4cbd
SHA256 b06a1286067e0e054f8f5e70b456e9be33595e54985df5f48ff0787b5ab3c1e8
SHA512 af3277115efe63a6aec4cee85960765fa32e8eb32009b8bb9777f79b1059799ce025d9dff9b27d67a4bf69fecb065377ea799bb2556f49643dee075a571d2603

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

MD5 635b71873df1976c29122df831570f6a
SHA1 c5e0102f61557357baa645cb78830d2cf6eceaf0
SHA256 dbe27d8466970206097d1defb0f12f2da715c74bacd64116b61d98a374f0fa05
SHA512 a5d0ba41e373842197f427529f4d04aa99ccc661d01b1e458c1e4c196948f4f94fa7b46fafbaadb74b54dcfdacdb3c84aaccc6d2bb64ca9be315a48b9d00aef7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 87619ecf40553358f2c74c491afc1925
SHA1 0fe1c09c028e5b4200380d70fdf2cf0e027e2f34
SHA256 b5cdf89be0f5a2b6e95932203b819a3546572b05d57ad78ee1c249c97ffb6493
SHA512 9a92ed8d118a657a907a94d498301bea49e465d26f6970501b5f0228aea5fd908e43d0a54ee97f4d6e7c9a1dc93e134d69f3a363ffe1ce8f7f1d3650eab0c1ee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f690ff8f1a3fa6157c8b4c5757074fbd
SHA1 a06aedc04dd3ac525561985e223c6d59a12ff1d1
SHA256 b52bda519d461d2cdadec6b9e55467a285cd2d0fc16146934a2e40f283377c27
SHA512 25ba47cfc074827bf3986d0f1e993491363984d62d423e50212844455b5dcbefaceb2ac40ae8579e60cc91e1c92ad62c962e799d4cb5e01cf2ae5c90f31a06cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5045fb57000d2eba0b6493db4776bdcd
SHA1 f5b82e684f4ef3b8308072726a3d2d78a6d2d57a
SHA256 d24b0b6902aba9a08ebaff2a4d1650372566e38c22e16c7e6680869a0cb2bb29
SHA512 96b687fd46a8ae07cc118c6048a63f3a9690e4d7653ce50ee8a32a575fc712d60f3c9e8c225e3553467f096987a658857cf89a8e44a3afce2c806b396a0a34e8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a530742394e42076d12a656c62e713ff
SHA1 35f804e3da6801c74fd3f89b013cb154688ebed6
SHA256 98f7fbbbf1e522289bf85bd1041b7a000a75a26506148bf1c4ade3dc5cdf4293
SHA512 c5649a1025f517cf023dc5ec6bc63f0dab8448cc5b01fc6fa49a6491c6241c0796d2349353b577f5445eb5254178d2c8f12d6a63265e3be4b5a3df56ef89ef36

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 eb1130fbbdde8679c783de428d40459c
SHA1 b5aa5acb5c5ed87452a209a2fcc43b65e9eb7c17
SHA256 ab3bae093e87f682d46bfe57f1fce7644719240a1ad001510576d2c9ffb7ee90
SHA512 065ceed4938857cfaeee5fe889c2cc706c7bc51d773a3e82bfcebc29826d708e5cecb29a0b8868643f213f86bee66c3cb6e1abdc8a62406eb141d04be6ec17fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 8932eb3d8d98be3d6b7b816f9b4c0451
SHA1 db4c03ef9d1589db0397d90a8ad5f3d2205cf035
SHA256 ee2bdaa1fe5f183bbedd703682d5b07ca62830555bf8b20d8883ddd5483b5f81
SHA512 4fcd1ca131c3e932bedcbcbbfd56a08d7035296ecab392ca27787b885063a5d65f3b95e1b991d425c445f60586b3bd334def157500cd440beb4958cdeeea11a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif.EnCiPhErEd

MD5 d02f250b3d163e8667201ac3d22120a4
SHA1 c53d171ccfe80b49214c4d4698fd48f26a40fc77
SHA256 a4277c1b5434bd3543fec53f3a49547f9e08e235b068eb0661e2ab8e1330cec3
SHA512 4d609a7e0acf23671030fecc01da013e6fc69ad48bba19b5f01d7eca2e1a5d8a2856fa308d878308c21270ff67431145c44962bc8efdaaad81a1648f55036a09

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f0e4931ff203bb8f312c220ea7288e52
SHA1 51e463906e2b9cf85da5d4610aa859f4ac9480a2
SHA256 48cbafb9dffd320a878aa4220383e2d61c27027ea9c4b39dcb6cb94a5379dc0f
SHA512 d086a205007a19ee9eb1c5eae7fdeb41912c97fed59bfdd98812c9af0077d28c75bee571e702f53488d006e245c58558c37cfb9f3413a553b7fa464f1dd710ba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 03d03e51e67959e9455df43c06bf58ea
SHA1 a360804bffe0dddfcfd692dbe5b2b977207673b2
SHA256 30e7fad37d3498dfc5da9f21cfc57496b2ca43be39a90f9eed2bc6f1ce62b0f0
SHA512 f4c58b2ce4c53401cf7b0936268e589d097931c3adb174aefe4eee553653bf825d599c1db3298af43a0187c1acdd417716a696d50ee762d5f075d2dd1e5457de

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 93b6a746956237bd0a4cb2c056bd7f12
SHA1 d51602b5c2a10308c58397d58fc934b54dc13535
SHA256 28d9da29ddac12cfa49ebad9d26d7dfe822a947864ad68ebbe3a70ad728f2168
SHA512 1305bd5b8d60b3295f2914854e2455e2161452932fc3d4ffd9e7d85fff592ff92bad0f8aaeee836685090d270a62f5646c45930f361c23d2e750c8d1374a5d94

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 77bfa2b6d0f3357b523912f66a2d3fda
SHA1 3d1d9dd1815fbf273bf9192181bfac55c39a2a51
SHA256 e491d17e6d41efb534ec224abc42764c4c59917fca6a48cd09fad6c01ec7d5ac
SHA512 83b398bbffb018fd9b3a058ab52b7c49e380801304422b77c2cbe18500614e8b2c7e159505f2c08d6b711f75e6930b18322208852f56d51841719978897118c4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1adacf2cdae6b6d9ad82fe1bd73721b4
SHA1 b11ad374423beea4934834cdfb5d4af4ea015fa9
SHA256 c3b2892ade1d41e80163b79f6028a312963f524f1c388d4bf27448ec83034869
SHA512 6b61333571892e7f05102f0cf07f34c53fe7bb16bf4f90cb60009b81809e2efa1d3abfbe0c49987db091b928bd31bc013510a1e69f6bd418d19e812f73fb01d7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d94aa698224d3c806c512be368d747e3
SHA1 abb2ba77fbb3dc23298feeb96d60b0f5c67d4b94
SHA256 bb7ba5f7ba5762a5664ab18c3bb4863d9ff118cb6c6ca4e515056983014e0a32
SHA512 4309c3e8f226e832cf68e9de2c8d324023b92bde385229b54330cf113a95a124a8493b0d7e75e6e314dad6f1f49af3f827695b754b013b67fb0015de522898e9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 28aa555accaf835adfb8031bb9b9b69c
SHA1 baded71e444e155d76b11954aa859a1c657729fd
SHA256 77916e19fc970aac1f38891440604ea3311752ba17794cce99d082a5d7b3d630
SHA512 b4997e8055ffa2a8234e71d15a142e2a52e482d2bc874b1a4abde172fb86b91da47dabb2ca2ae91ee08e722315fff5c0ff6eaf20b97fb8021f4cd3c43ea4eb58

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9671317bf2072377df40b0b0113a99ed
SHA1 3eb6295495848a2a5622a70b9b321e4a8d81f39f
SHA256 562c3d3e1e99079a61be54568fa6e2f8e616f0cfeee6863fc90ad21305398713
SHA512 0e58c6b3fc0848f83c1f4df45a205eef7927539163e0a98781d0422192c5af56c8ba35f46a289ce4746f506871c3027530e8f6897e10d2cde68d4612d2bd1813

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fa4cda5e2fe8b69aa1a92d03e9934223
SHA1 72d69c52c24af369bfc2edd6ed11099f28375b3a
SHA256 018881290b2d1fcca6fcf7252612c317af6fc99b8f20a7d46d35fe6df8ef4509
SHA512 1953a29be80527c0d8aecbd1e7891b78dda6c23f6931b806a5ccc73942282b913abd4863547f0e28dd9183d032854ffe14f233d912810f58074bf67cd7539a73

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ef239de90088e1d350b01f820fb6ba17
SHA1 47c157ae8f766b540398b27eb096e0a4767542dd
SHA256 4a17b86b63ec28714d1064990bd7030a091c090af8361a79ba41a83a0e569add
SHA512 f418b4826de2d79401eab395fd987fb5b0ec4b8b8ff52b0f70c168a5256e762fb4f050df6f64f037d55e3f85286aa3ee72595115259e5f03aa98956e0caf6540

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 9f93feddedd0ac9a6688e3f56df12ef7
SHA1 d92c3e810449b8bc0e29787c3a42869bac0161c3
SHA256 8695ac58e020d220014e1be82ff252c5427af702472827278ff67a39aa9457eb
SHA512 b147e74c7f7671506d13fbb9730ed112e5dd7f1b8f2d89ed01ed579046158651adc65c68a06a2fcadabee913ebbd2e2d9a95ee85f4320a24a8b14f7e0d6d93ae

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 c406f0fd5e6cdce4174645cf9543283e
SHA1 4842dea0f43264a046f199ff24bb7dcaa2dacf69
SHA256 90de9d650de93d43e09a0ad9497dce4d52efff5403edff145380a62cf977d676
SHA512 cc34127c5f3d239e3e0bf82b3627cd1dff01a840945e5aa0ebcd981c2dd8fabc05523ac482bc4618c3f07bf31270126a3f938b2eee62084f66764542ed6ace4a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 68b2ee4ac55545050063325d980bfab0
SHA1 72cb1eb84346f2002111bb3832f56959f4c407ac
SHA256 e5d288eee35c121e1865a40701811f79635ebeecea263d642a40450bad18d759
SHA512 d01473e3f3d8ab3ba6216c437597f8da7424dca2609395fb6c88dfde008928953a7cf876a6046b2b974e857dd6261e2ca975757e248a7305946d8d9400e033f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 d8879e97121117b950fca061303ab412
SHA1 3dab22b3b737c46b19e52ebf4f5653f2dc4bd465
SHA256 701d3947dc0211971bb08d3d6362c683ad6e02579b7cf6bf536b20c4f256ab52
SHA512 932b8586d2ac4e4acfde0e5df652331744c3a92f3fd71bf5b865e17566565adb13f7fbc4d3a9fdcadc09d4f2e6014781e9ad9e099c0d6b8d06eee7f934f5b7a5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 50c9856572bbd54cb823782ffa8a7f64
SHA1 348837651046efa6f4d4812392ab9c39843d5ccf
SHA256 1161de4ae166ee5048332ecc02c6ac48324494a81f54238627cc2f4c58c03b27
SHA512 0b81f517ed2cca345c5d6949039873fd0178dbc671a9ab00c2c1643a003221f36194315a9cd634ae37acb90031c7d241440685b8e27a71995900791e7a82fdb4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 d09a8608f3780e83eb309724e6aee809
SHA1 7afc1f637514f21246e4f2156758f809b07648b2
SHA256 dd91f99d660ab30ac6c1c35d606e60213b0fe5077f9da8a0113ab96ff29ffba1
SHA512 29e298b6d748d11a85b6c1758192d36fa4841cf6908e058f7c52354c98dd2c6918911c9a66a8ca95bc4b4f0c0c0c8a4d2abbca0aa67a724f7a5830cd435e19fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 c2ee7c4c89b2c627f9eb71cb4b4b4465
SHA1 eab4995596e1419fc00ec374e11f192828b721ea
SHA256 7b7dfc76943776b3ae4c5af663985045e6ddd811eb87aa03cfdab9d2631f1743
SHA512 8c5c438193bfb60462f0c82931e0eefa2985c621a2bb66668fa86222eb93ca5fba91c141df53a38d56479c54fd9c3303ecb8bf8bd3ec385c248ac31aa0efaede

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 5b60eae7b5a689e392bbce27febc3858
SHA1 f2342c34a03de3fd01ebaa29a5b9955f1e56492a
SHA256 da643777b1cec5fc6ac12d5616e0b147d74e3570acf2a23978af2428a2afed00
SHA512 4790b049fa51802f5bc660eea53a4ad41de2e6752813459735e8de667a780d41d088c8a3fb6f9e52a563f0a4f648595fa2715bdaee8c1a9b5862cf26def26c70

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 5545bd4c46fb9b81ebd608d109f906e3
SHA1 55eb3187e84d47b260154b4405d4ee471e0ed5c9
SHA256 10e8fd714865e45d64f3d5ef546b0850c87aa74c028ef90d5b20e138c70c9574
SHA512 799d4964a1595f12001b5d342d7dcfe1935f8166066b932435859d754e95af5bdbb92413fd433820c974e3517698fe8c34e9058b2c630549815261f443af19b5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 cdc6204c9d3a83df00539c6ebd343d45
SHA1 cc18ad613664b84f20eb733ff5c7b8c4cd8937e1
SHA256 27d3970463cb66c847b74affb78eee5a9b5d9607793ad65b681dd106cee3c140
SHA512 b4f8669d038ee7f2376d9e084b3eb0d82a1fdcb4c619b8b229d76ff15452425e4a4460f8ba8e5850766b656824cd0fcc854d7f643a0d8cf95537ef2545a29b07

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 d992c137239647d17a7d1ea16c3b5f6a
SHA1 8b418bd8906fc238df27dd72cf5c213a71b764d2
SHA256 dacb8c18d7b4b48678b0c8b97becbaeaf28f5b718681288cffefa2ac9ee07cb1
SHA512 d485b3551bffba4c9c12dff89bc265bb44f8d2afe87a348a669b8f7a33c94fa0242b352f2275fb1ed82cac275c0c948edd202ae9c64744d8845ceec73111ace0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d8306822d97e293666caff0bc1353a4b
SHA1 031a49bc0dd8f1a6a47ebe7a32477b93c328b6c2
SHA256 4feddd3b7c3142254d3d41cf4d5c1849a2d5b83971904f7565cd939d93d29148
SHA512 39b36eb570e7544c44256f9a6926974a5839ef89097b68ab6611ebd75c0af61c255766be1b105d0e7f3f86e3d57b0baa229e9180472ad2f46b4368cefa8f788b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 e3a39e1a44803abfff21fd0ade6b7d46
SHA1 2f8084a48e5b34e3249c20c519b13d2f4cbebc7d
SHA256 fe91f98adbc9516e90a745a5af3ab0ca836aa5e15a1329f05801eab35233b492
SHA512 1aa6fe23b6942e0f72d7fe1b7a17473b39497105d2390dae7d6968c6d6f5d01b445562c603542921147c8e2b88a77ecee8dbf9c6539de0ea2f94ccbf7bbcf108

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 16daca036e6ffd638058c3dd084a2334
SHA1 693405e2297731c42fadbb93d657fe63e106331a
SHA256 1ba0337a138102d51da638b86ce6e9b53141e4722f674c710ac26189825aa6f8
SHA512 61172aed44735dbc0a4d0f5165c5be32ddbb5d4d5ffba4a2d0a21cc27147786ec272b7cdfe9f709cd6f0092f6fd28feb804b1176fce46af840f9d0ae875b6b25

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 f8b6647e83ae480cb9bc028a71ff2fc3
SHA1 5c20138ea6eef77f81d940deda0f361a020adce2
SHA256 0bc65071b84b2e657c5f54e73128d24da62d11f8eda146caedcd6d4befd48fcd
SHA512 b0c6728263cbc1ed472929ac1effa9b592235a82a40e7277882a6ad4e9767c011ca4441a1fd5ea0464c227c76b6be70f2c922c1bccdf201044cb5e1fa4b0a6c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 3759b1e60c1cfa682ce150c104303914
SHA1 763f595dd3b37b0245d38c2255f3ff063dfda7d9
SHA256 362ae5df63ca0e9dfeb84df1b7ae7f06fab555686b15fc4a22785fc49fa87360
SHA512 465db531b54039328df9d76326c2224992dc369fd7603341719fb367ecfe0ce51e47510261f8f6be4c298c8ab815ce9f3e978688514564f38e925d095eb65315

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 be4fcd9d909cbf101025286b4b5f37de
SHA1 7fd3d622e25946cb7ea8f0b26384f168acf5199a
SHA256 6b5e9f3992e204662ca34654aabf817342d90546cce7583fb1b8aad38857936f
SHA512 ab277f06eddb90ac6e654ba056170a8528dc32e41ce5f01e881f01b48816516d9efe0aa318f410e7bd157d563d74571b6a9d60abc5294c26b742722ac1844213

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 764b71f8f2773e172da6c2ddc7ba6122
SHA1 5641fde13c0b87659f208b89351ce46a0fcc1d3a
SHA256 f6dfd43e6a909ab9f74b961cf7059366ef3e014fc2538a654e4c0574a9d9c1d2
SHA512 b20933e1d0053b9430c0b652391fcdac98c0b3848074450e9eee25e97d1a5ade43c506697b0e85f851cc036174e620e5749941a1ca2b9aec3e01a33b39d0a444

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 0376b2d2b4b59dd5a3a46ef43918ad16
SHA1 a36401b16751c4f8b93b74f8eb2e10cc148bc4eb
SHA256 02a2a9746cbe0ccda6af55a2571d4f8bd86d33e768492b33a108a70451f42be6
SHA512 b5e8d4639af5919c4bdc6498c553d64fb91c91e7e2c6400bd3f8ec0d98e14121aa3cf7cd567594b64430a15f6fc4e361f8d2889576ed26fd3a077270b44327d7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 44fc159631baa8839930e611ad27a0cb
SHA1 c89dec066719c22f9aa766fc7622a07019ed6ede
SHA256 0cafc3a740d1648d09f9ed996ccdec5001b256cdf6018067ecc0cf3dad09a057
SHA512 9e63c64177f5dc1c56a0fb8e6ba20d51c9b0eb3806ee3e897567598f3a6278530b246e2ea28e268ac21234592f6b0a46de3ecf9e796049db1e9b5cff4329f03a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 8ff88e7fb76748e1b0e0289c2afeafbe
SHA1 ff74dce2ec2ca13292ce407a78e78bcf66c51bb4
SHA256 c725d77c9189227293509638130fa3df37c258f2798896adee8a970ac7be0a8f
SHA512 b610f98e5e5793486058b8db0b6e7381d9f481841daf2e5377cbbc273ca309d3bd0336fa42d92ad6b414b2eabe502adbda7ea376991caabc70cf77c8c8602e2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 8dee0a72a6bde81f81901ff6998d9d90
SHA1 f98ac65885f2b74f668cf6043450fba3b69e39f4
SHA256 58a574ecd05d84bc299c3af248952cd50e181a5fce3837ca330e7961b23ded8b
SHA512 51b5632d5629600a22fce5c6a8efb196421c7235edfcc7bef228293cd480f45b7bfeb42eff16a504d625b80f534e23c83154f53769bcdb899be06c7f1a8daa90

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 df7765cd4ee2d46ed428b396751204b2
SHA1 fbb349ecb1fb19a283c5b8dfa2a09286d1989e19
SHA256 5c432b8faed0619764a275e553ce466c8f4a95c424625d95a99afe7b1058987a
SHA512 cef9da9361bb67e1f42955cc85f25a110710ad2cff4f46354228dbcbb5c16235033988de6ce5fbb497771a9f193e3f76713019e426de447d469b96fc0a412a92

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 7df89030362d4ee5a5883612efc67112
SHA1 3710a8f6680c2a28d8c42ef41f6a644d3dcf4b1d
SHA256 f2094d9601c8bda5572d3a423af3e6009b2543e300b7a90f69609f2855b27281
SHA512 af81759738e44f5bc7a2ce2109a0498077a1836fe97f15dbc71efaa5a2c65ed62935bf8c2b24c782dae31b149562c42f1a8e9e1f142967bfb47d21aa29e55601

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 57d17c4703dc1084cbefefd5bc19cc34
SHA1 71dc1a92cc274901a1b537410dd915f15e7fd977
SHA256 4c13b4a7a57f94e77b0402bc4779378d99e788efebae038e181c267b73b50486
SHA512 048eb249e89a2fe707f31e5a2b9a78e8f6409142fdeb04e17ce659dd05ff885caf3bafbf5682850f1ef99afede3c8b7761d26b87e7a48f1852056e473ad8eb57

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 9aa853132a878b4edc3e4945b375f8c2
SHA1 e46d309b8a4c9199d966c02e613b4c894ac3e9c0
SHA256 94439feca529cbec1d9cf080e67304f1989eb4e3f820328f3fdb4bf190bb64d9
SHA512 9fc9d59d6e9f7d0d2a3be50335749e6d1d9f6d7bd79921fc063faa0d682f8a91953c0ff21002daba96703096aa7d533990fe23aa91ace2a3f1fe7ea9eb2ca784

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 ccfbf27e4469fddee25733ddef775374
SHA1 e3cdf1943f59a12a177acf8ac0e9d46e6e4b1109
SHA256 828003af8cb5d775ecd05374b025f8c20f34bb66c751dee8f670e56750f17cb5
SHA512 e9bcd93ade724373930993f97723e79162445525f5c38e27370bb4ed76a1612736b975aeba156fc82dab2b702cad596cccf74bd3b77b7edbdaf44c552bbc867f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 19d94794c224f11e37c5f8e21e08dfdd
SHA1 64a98fc7797ed1f065ce87ab08e258afedf40f9b
SHA256 ad02d1c5a9ca1b5329d649f82537286799df9781d436dae4a6359281fb46e613
SHA512 0f33d91f8ac26960299cac900bd87db127545252bda520bae57318643eed3ddc0fa756114bb305eb5a320a828e91791a15ed4d9b4a7ce1d76001186218707d08

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 dc6a8cd11e5ddb444f20a31597b03bb8
SHA1 3f62ba759c2e1907b1b9ac3f08e2c2a5b10e09d5
SHA256 999f28a913458a0fbe8e9fd203d131bc8fc0b820280cb668e5f5e322138b1796
SHA512 b9f20ad14d51aa4fa55437fb426d4a13209e67ed9ec0dec09f99d82c0f738b29511d689554a9302428f0d702429a075665913553e27d963228e786435d3ffcf2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 43018aa4a6758e3dfa491a42beb3b368
SHA1 32f0b3d4913ad30d1c9ba5835f803e7e8c60e751
SHA256 c5f177ced6ca139e93cd21482bb151874c26f9a0507b4595aa2b6f4c90d9ffab
SHA512 2400c7a72602afe99f9e7b5669a3e65f2cd3088f50482dca6e463f6181abf365aa363aab2904c09b0d3cbe6836c29443a8ff8dce121ffb857ee07ed1e6766ddd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 ddbf5668ffd14a4ff0e3f6cc407debf9
SHA1 521b3aa78e6abfc1ffe7699b20c95fad826735db
SHA256 5c5c5fc6823d93d17600198ea519d49063f36f73af3b865d1e80118248f04331
SHA512 c4609d99bc75f48fd020217c7f929e3202a2ea6fec670064a65b112e91b2f44f55707f53481a651bf6ea26364a03011bd397107733ed3284a972327db4170f5f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 522314484c5cca93f9c8f14c6c81bc29
SHA1 2c301632de9ff0dfa3deb1df223331383ebe9dba
SHA256 39b931ad6a4077a9e7bfa374dc959711627362652777d75abfecfb04e3d3aa22
SHA512 245c0abffaf24ac9b56b622cd0587c6049073700e5192cbdfd885a18adfffeea21c6e55454abdb49e81c1e9f1a43afbecaca43a9dc034afa1105f941f4cc44b9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 5f82ecb768ea52ff8fd49977fa7ef048
SHA1 e7f7a994996fb6211e8bc9fb88513191f8cd5679
SHA256 69c729350bab6849c4e13dd8f3f7d12ab06ef17a6873f92b87510edac6fdc77a
SHA512 a286dfc7b9db956e0b038a2e7a3c3e3d6fddc67fb4bf785ee9f5fa0783e64d1bfbcb1922bbd05c33a3cea8e0f76b0dd43d66fff966e7371ad463a2d503037cec

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6ec126626f34fd9843dda85ef42b95e8
SHA1 96529222b3574497ed6ae4a86f7f491f42fe9c48
SHA256 5db4dcd9e028b814310d703a642a120bddaf00db723954ba68e5e0fc162222be
SHA512 546e034df0098c9e81f8e2bc2a39f7c5c3cc7a3a53377cf0825046d559111ef1d49060b67a02db6310787bcc1c853819d544c6a1e5b62a3fc2cb37b21047fe1f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f406276ad837da11112a97fd4d8f4ae9
SHA1 fa46fc7b64a3b76670c833dd4712b051b0cf2b5f
SHA256 978c4fc44c563f1a031fc85acb334f889cdd1974886ef33b6dd08f953636673e
SHA512 eb96284407791c0833aa54cacef19ce3c2e6a8df8b5ad66f0930c9137782aded5b9c369594bb71f441dde0bd806e249d9f4c5e782d68e90d735c86b00622fa38

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 923efcd32f536ecb43b14e4fba8be3c8
SHA1 cdae707c777d178754b91358d2e1dbf6f85051b2
SHA256 6e89dc0351897740bf26fad1bd818e791efa4fe1d0badaee3250090ce1f7575f
SHA512 63ff0643d14adcf66f1b5a52596a18c3958f78dff0f5cbd5dda0fe75a904c8e04a6f3b6c09489b058e1ce225b57dc6b9293caeaf39e6d7480c0b28b578e413bc