Malware Analysis Report

2024-10-19 10:43

Sample ID 241009-chzagsscjj
Target 28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118
SHA256 190ad827c14a882cbba0c7628e7b5a0420500ac34ac7d552dde7059c0303ae70
Tags
xorist persistence ransomware spyware stealer discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

190ad827c14a882cbba0c7628e7b5a0420500ac34ac7d552dde7059c0303ae70

Threat Level: Known bad

The file 28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist persistence ransomware spyware stealer discovery

Detected Xorist Ransomware

Xorist family

Renames multiple (2859) files with added filename extension

Renames multiple (2592) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-09 02:05

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-09 02:05

Reported

2024-10-09 09:45

Platform

win7-20240903-en

Max time kernel

150s

Max time network

20s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe"

Signatures

Renames multiple (2859) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_neutral_46f893a4f998bb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc7.inf_amd64_neutral_348f512722c79525\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd7100t.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpj4500t.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd4100t.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\KYW7QUR6.XML C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\smx624u.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO3300T.XML C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR38F.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49F.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN027.XML C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\SetGrant.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Austin.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_mdmbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_90fceb5183a87a8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmpenr.inf_31bf3856ad364e35_6.1.7600.16385_none_14e411db1f1fd8ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a1d2e2d9caf6cfa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_1cc9274696810e2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnts003.inf_31bf3856ad364e35_6.1.7600.16385_none_1a5ec630d9861d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\907f5045e26c39e1ae48024201b6334d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_87e73bddb8b5e46a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_de-de_044d0c87d24c9e52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipsplk.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7201b59c52bb7dc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.1.7600.16385_none_200d6ce74f773a9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\Help\mui\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e46542531b4cc720\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-13.htm C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_394e4511a97d3bb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-radar-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8337bb3044ae8e15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Performance\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9c9024d9542111e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_527b308b77bacb75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2242e72b1e80255a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-netwpr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_67d018097cfcc2d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_1c918720a3336dd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0c7437d863a6e69e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f3ed8132a1029ee6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6bcb1599605d8e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.management.automation_31bf3856ad364e35_6.1.7601.17514_none_236c706c3e93d144\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3f0725fa3b0fc19e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..ctivation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_af2e6e6bf7599701\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e0ac3a3491076c7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_6.1.7600.16385_de-de_628461385a122b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\29c55874e34f9d5cd3ea739262f48adc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c49107755f09355f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_de-de_67611fe1e3bbd9af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-networkprojection-adm_31bf3856ad364e35_6.1.7600.16385_none_f05570c11bc2ffef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9b3fbb9c4384a9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_78704df40b217710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.con..sion.v3.5.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_c20e87a359c633bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artcon2.resources_31bf3856ad364e35_6.1.7600.16385_es-es_69afc2f9b0b0ac66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a273bea4319a4a31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Notify.wav C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wmi_31bf3856ad364e35_6.1.7600.16385_none_5d99275dbb91746d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c34b4d1dd2d587d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e8cc54fdfec885a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tpm-tbs-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ca0e2dac56f4fa30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_e7d7639870214e02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_da73688896f64a95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artui3.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0f37ac17e20a80f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.16428_none_6b9751d6a62f28db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a91fb2cbfd3260f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm\ = "INJIUPKJOIOXSUY" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe,0" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 413ba6421e1f7587471b8de3c817feb3
SHA1 43e8d409b58c0f51d1e23b26c13530f4596672af
SHA256 61d82995ce8a7771b180d4721e3c902fa6df441b437196471e6d28763c2d3bb5
SHA512 ca373215d864651d3c551f690d31a335fe2457b01cff9b943b2cc6244d25be7b9383584f7e8ef003fe84db526a28e8221d18f37147d6e292f7d58f1e0b7e886a

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 7145b5d799b9931efeb132d90454928a
SHA1 f5104672c1b25eb12ae5a4158922181877f6902d
SHA256 6b6ab6579db2a0b585b46f12d0faa1b43487cad973b0d070f400605feb95e851
SHA512 bc5d22d59bdb80fbfb8711d1535402e1d6c7a62cc84e5dfbe389e6249b5db82566af4f11736425d3b0bac101dea3b37039a5a344dda7ed55a44b79f6a236c184

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 9a1501263c58b769984b0a6bd5dc8c33
SHA1 eae8e38abf9dd17b6eea9a9f5c1964eceb0f3684
SHA256 5b2c11018310a1794e7482b3fab546a1ce0964d548c481860ad0e04545d882e8
SHA512 24ef8bcf7787c11214e3cea53a4c3f943a0058584cea7e1908d0d262739eba96fbbbe8fb86177bb9f96e622d3afd04681f760aa1d41965ada21b6d9b04c89aa0

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 450393b04dc910f763bd367bf5fb27c7
SHA1 dacc91ae197a683262b3c0ae24a865036670013b
SHA256 b3a475c39e68f80b3ea4f2a3e5b958fa876b849ecb3a5a3e5735d00034c07b57
SHA512 addd3be27027f4d4ad1ed3e7be248a273b300c61682aeed269579c5d2655fa8ffe5740c3a808298fc95c1888eedeaaa825f4643497059f576c5c80e490ad7f90

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 8093c5efdab27a02370705c8530a0e0a
SHA1 298cdf9e245856a50e72037683a09066f52a1e7c
SHA256 84928d6fc2fbb311bc3e3e21c3f81bb341785bf0e9d9649a2e5a1ab8c4b90537
SHA512 7e0841f30a893b9929eb4361883a83646ad1e13ca6ac9f5531cbb319645997911e2abb563a6e4117e4112a3489f62bac908d0ff19d8f5a04d71e8c38d0c7fe0a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9b495b9dcfee5cf63cbd214c6443e619
SHA1 effb83398efc281922211086883d114102410f15
SHA256 faa0aca966d4379d9c8b7d21ad3c5e0782fe70b08e02575a13caacdc80c89bc1
SHA512 458de11f6121fc1d5421af6cfab7d592c1f3a60bd7a2fe68690e37b044e6106dd720a65b549748c87995b36cb933a20e3725c401be33021e8e6c4b70cfc4d244

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 cf66499c0c2e908c13ba990a763c7b31
SHA1 3fb9f899cdec64d8d08c874c7456f120fca4c3ff
SHA256 ff5539f4cbbc10da9f11d3bca482a23d3bc6703a82f81dabe238da67c1269ff1
SHA512 0aec796f7177cfe44de0f3af55649cbccdb94e1b653fd3828f9d145fa37a5d16502c41f9ffca5f739632e03561d9c618f2cf6f880b354b46d1b2c8b18878c15e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 5e5de0f65da5884d8c302fef1032de6a
SHA1 ffa3d9d1dc950a3908487da7bc26fd6c703b3bb1
SHA256 3b76b272f637cdfbd8b6255105fd8ceec1e26f2ae0ad9a056173bc13027b0589
SHA512 8e9c43ddd692de8605b8760ca8f2fa9cad3520228cfcc94bf7a7c78ee60825caa199fe18cb538f31e94bce24d734bc032db446ea708486798183b9afe4492967

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 746093a48541cebc37e84b04140609ca
SHA1 b431c1a5ff2cbf4382f9083e748c7eb4bc2672f9
SHA256 a8199b22610652a13720ef7d635a3454b09cfb92539fc7d0b8eb37777fc4e139
SHA512 bbc67f1dc428646063f3924462bf6ebbf5b407a647c610a1ca7ddb82b98d7eb89fe9cb31809b4f44572d6c5edc7ec0f01990472028f1ce1e05833d008f8c722e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 871a22c994236b808e17b1923be2ca7a
SHA1 5f6dfd08d1b59d5816efc87bfbb222c290d18464
SHA256 c2ff947d54969a506b8c158f668df6b908545392a46fecf59ddc32395dc3cc41
SHA512 8b0f215197eee3e66d4266b3ae6edfe56d48f7f68e173f176fe7408222a90360ee8089788b7ec45305f3f52a45a9d840815ae0bf2bd0c7d6ba27ffb56f835c82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 8dc13c1db337f79419460f7f8e2ce4d8
SHA1 fe98b99e3ad8346c21f2cc5320dcef611a3fdab8
SHA256 fe0cc2a82c63696bf4e61d284cf4860b6b39da745e088644130a97d6facb1661
SHA512 06b70925edc011b5b2b0e3fc51f23762c30403386540ffa2453322172126bbcce9052d668a54d33505f28775b4bf522b9282019dedd6b967182c9eada58243a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 300d9f09f18a59876d9196dd6c5b218c
SHA1 0111e2a15ffed1f261896202ccce6026b234637e
SHA256 e2b5f9b9a8af6e7dfff270fb711f7ebce0fcf074aa8506b3a33268a6fcd5353c
SHA512 edcb470f99ac0c2000908b9543c5d994aff74f590238bfbaea19b8f0916b53d4fc295a4610b9bdb253d92decf7001c8fb89d5369077752421b88f70f41758240

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 517bbf76b045ddc61ea60981be3c4cf7
SHA1 c058a5a4b8539bc62a042cd7dd7c88368c0164dc
SHA256 a0a95b7440623aecacf1e8a5816e3b2238278be07dd526619b8cf91ded85ad6b
SHA512 82ddf354f374a2178fe57eac81b56f763bc778bc0140b961133e86b636dc45abceb1565db6c8559e3f0752f31fe5da026d8370f29404206ad587c34577d42a03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 14f99c71e3d84f64e621cb50f5b88f32
SHA1 d320c754492623b546bb050d4c718a6b57a056be
SHA256 e89ee01854e0fc4b233403a53109223768c12339e4004270649f60e894372259
SHA512 f54ec53d845b8103508ec2a7c78436bea94460d2a7920ae27994a82a0d37657db9bf405f628ffb89b177fadf4d3c5afd5885ecfad61b3bf7a59642158b96b280

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 5932ef9341d579e11c151025ff01666f
SHA1 b77be00bb8db3b8dd1df7cdc6d439fb4cfb31b02
SHA256 04536b657b55cbfe8a1244dc7f1299d924e17fc469d398b9f159edff06d57fbb
SHA512 eac7052a868824798672d7ea48736b65f9958f9931834e5cc8af19a6e80986af1c4b98171f84eb9a1fb06fd241c584df8e9ad373ee3bb1d50264117b73d5ef69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 975e181ef86c093dc308fd1dc2736bcc
SHA1 cb72f8aae3511d2bdfe89c63c8effa9d80d7649c
SHA256 9347b155077b6171b13e4b98512d413148f6a1122c253f1d80f3339fe904c283
SHA512 bfb71712e8e84e9473c78045ebdde7455085bbdfed0c718dca5e5626b9fbe772235ff2179a160a0ef915dc363c4ab14bcecca04980ad824bbb2aae788793cab4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 8797914f91c436e1fa0d4181c7540f98
SHA1 6c54848f0c2cfbd223087d4ab469b25f1315bca8
SHA256 ba3fa2d59a45101232dcef3b7860dfcd0ea1b1abbc10c85c5868969627894447
SHA512 a2e8d343d2b33e0181dfad7d937b95fd4c41d04c93c8a55b11e68bb63b4090cd7db34eebb6d734ea1d56267a7f52c13f031b192a9c1c3ee464ff38709be9715d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 33459ec81862239e184e8a8089311d5a
SHA1 1df27e2b13ab8f31ff82156ab70f98c71414fbe3
SHA256 1478cca98df5b155d794e4e2514150eb04ffcb6e717902a43bc0c130c8215825
SHA512 f719237a8b95070b266e9397dc4045de034b91411a160270144e6faf89085f1ba69185dacda030f5e6a85349877cd46e15bd30ecb194664a8f4724f0b18f37d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 f3e6f7fdb334ed1e41a5463ffd4dd67a
SHA1 7c9d9639cde2aad5927a5ec6b7178d8974b9045d
SHA256 12ffda645991300ccebeff1352dbf166f5135988090c2dd8b37ee9e745fd5c03
SHA512 98867a0d80adfa4a33bf4392a3e3c2139e43c550ec842a1e1b14762d54e6fb9a29e921b918b9203b62cea8392cb612fb9a622d9fac970c45d1bac4dc0ac4eb2d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 2715b10297e1fba7bcc5d71ff19093c2
SHA1 3eceabe3d0a8f3667578e46623b654d1440a1c89
SHA256 938210b8c46f2caa606578ebdae80491db41b4fc3384b8d035fb12b756c1b036
SHA512 4cd9d7c64dab58264f0e7c63b21bb1efd8e7653e4da6bb40218ed9ae38374e16d50b4203e6648c61002c4903869f4875565bde96d4683aaf523f61282049efcc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 7588b52e8fb87c8ffb28fa95565dd5d0
SHA1 bff6c9233f79c94360e0e739272679bab160eb38
SHA256 e4ec916eaf67fbb07c3fd0c9c07a3f1e59b34a6b7c5dc254050eac0359529100
SHA512 ae90d07b71d46c1692207135f5b4d277ec39f7f67f21f4f1646bd9f4239bfe1a156fddb57f639dadfc3755da7358f91a541483a1898b245e34935e4f909f7095

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 8f1a7221f652b6cc9f7b9e2485d2e80c
SHA1 76de41e0127029e52219d70c8df6a45ecaeaaaba
SHA256 e0ad71602d77edd9b8c5aab5dd4dbac6873759bc9dbdf4d48760326bf25737f5
SHA512 08de67c623316cbf7466776dde3ac9356576e92ed394443e4eb2df73b9164c4acf0f3622b31cc1707268dbd34bbaa2fd4b416d8e7862c162171b96e1e0701296

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 e2a68956b27631d8b07fd318360cf9c6
SHA1 72ca43eb50231c444fb4bdaef1b7aad22dcd9b68
SHA256 d1d41b8343caf8c62578289f20e3e9231dc8cbb2adc8f77ffd4439a61bf02acc
SHA512 3e4a55833ef164e4f612ea7beb7bf073cef26c0e8a5770d6df4e9827baa3622f6bcd07599b516f9365638f6d9a776e4341af06a6459e09bde6610fbb4afc4d50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 4fd269a6b4d3ecd0ec4eaf7eec4d38e3
SHA1 4032718d8c19f253d2ebdfaaff2ed031c8ded075
SHA256 43b6fb723c064eace4e7e8412646e2d36a94fab615ad2c797dc450bcd066e1c5
SHA512 0ce22f6816eb050c740e72f461e3f97045519f3b3d67fa52c9056ccdc3a765d36884dd5770035f05e1aa2f36c45198085129c2b52dff840f723d9736c17b2b51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 1ab1459f735816f18fe85d1b4147ad60
SHA1 e81abec73ac3e5354be6e31342f0fa879cd57c1a
SHA256 9cd9b00a1bcf07d9ed94545a51276bece3eb2665569ee7830423508bb24af6b7
SHA512 855e780b4e699b5dc9580b6ffa522c1c4d01643598a186a7d3444ecab4ec20862a084f7d21d2930f860061c6730c888ca3a4b2fe89c3e4eb9eb31845515fe6be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c7b774e16b9b9b50d44fb0b0bb213e61
SHA1 d1d8b93b75566f8dd737e00e198eee43baff4d9b
SHA256 668ec8ee2c5d9692df8b849ac39ce1ee076c47292966c167f2c00ea99e7e76b5
SHA512 41b16a2cd3e38444c920280db244f96147299a0b9eda260c71d004aa46d488554ff61cad738eddab7938384ee89cb154900d02b6321a1ca95dd62a90a5910d19

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 24a5c0b9bb5e53b0fab212544f61faea
SHA1 8f91bc1c7ee6c6b92958b8b9b7090f0fc7ebd17f
SHA256 2655452025681c19224474943526961f6724a8504160ad71cc604fe809ac1400
SHA512 502359b004700a274d6c57ad065fc7308834e097869ed9b382775948310c194c594fe97bf9a82bc3079c2c3a018ba2ee600e32ca69cab7551ff95e37b4530862

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 cd8b924b6950b0f6c469a859084a61df
SHA1 0a3d75984435cb5613763ccbc3f87a865462f93d
SHA256 81aeecf181af6dccf47361585e1be6404b1babea37b4e9e393dbcdcd88abcdaa
SHA512 09141805a35fb606c40ee3207ab52f579ca28314c040c671ca1d02affd1b358dbaf5eec1cd8dbbd90fedacd1243140ebe420c28c7dbadc937b52e5612879c50a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 3bf7a211f5b0c6bfc575bb813d43230e
SHA1 b4bc15b7db5646bce0ff525e4b322471c4f90a74
SHA256 dc18240dcbb3ba876717a9d6c36bfecdb76f42d86edb4b2f53eca4822075c69a
SHA512 2cd82a8682f23d5e01f6d2f414238bb6e9941b474ff56f8c686690ba9df6f54f56018bb79d943013f075240877deaf119db320848f1914ee790189453313b602

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 14aa7ebcf0d0435425a675b1145b06a4
SHA1 8238189ad92fc3f05481338fe1814be8c0bee9e0
SHA256 ae16cc7740287a7a869e067df32335b0a4b876822ed6cc6ede28c0a0f8056c0e
SHA512 81c0e0f7423d246712d7fce2c022f2a80b376636dd33392cb8a5be485076f198056221ed0f4ddf39bed7443acb3cae786f61d17c8a38a43e81d4703a36e80cf7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 40602689c20737eca055fb3f60f3a13d
SHA1 de0632b9119c2f0a0b33a9ee1c59331853b15639
SHA256 47e96c65b5c546828d9b28cb3c7d83aba41fbaaf81c63b77365505f67f516d0d
SHA512 5243a92bd8b191323e613c2c3c8bd1afed5f829de63cee761aa2d4a273b49f223eb5b46741fb81ce4a2ef3709b512fa807b8b28402983bf06b73f90348b8cef2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 b656ab46c2f3ba9dbacc2e9c1e6e7910
SHA1 249e17f1f17f845d8d8bdb3b6104cb71cf446635
SHA256 544b51d654b476640b5cf9dc1af6f24a9b745603bf15438c41bf4112df3e3151
SHA512 7018378f06c16a506f8d868bc286c5f77cc5eac50025ff8de7708c6423b22cae8a2ddbb2d13e9518ee8a273ac5809738290eaee5a7cd615f2ba366369178e01d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 b836acc6f23e8302beac75d5347eb970
SHA1 2e92d1133802b8a7f9db1ee469925dffd2d039a4
SHA256 f107679ac768c1268d15c044b5ce61ed6207c0a6549829d89d72d25886b1bc50
SHA512 78bc42296f037413c382c33da9c1e790f4f587c68b217c4f4aa7d1b71b8b29d5cda906a23447ad961268a1fbd60288710ed5587418277dbd5056c4c17d722296

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 af33c42891ea64016ea7d23f317a0105
SHA1 a56c9dbb889fdc2d8666269dc53163369e9f337c
SHA256 09abc7cbe16f4da9e4f81dcc14fb58f3b9c53cfe5e3a16607166a4073aaaa286
SHA512 3dec0550d1226c630a3458955bc3f2c5dc4a2dc90f7a904c34ee721248d377ebf1e7fb2f5a675ce4721b287b74fa2e3b351a4d3be65e1e1de05a16bf4543d7be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 37dbeb5317d8837845ef9ce40ebc2dc9
SHA1 1ec63c8c7084b71cef2ba21388cceaefc5b06625
SHA256 d7868aa9d8ca15ebbb40b1269f86f29e2a096875b36fce8cd9bbf2c9c7f24c6e
SHA512 49786522502b9b8fd7a98315c9d8d61d68b8ae12f5bf6e1ebcc8e7eb991948d7dd0dc0c087ee116fac3c9333ccc8d1767c91f2feb4623661fb2e17590044c6b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 c87aa38e06ea2015e2e4e37004864af5
SHA1 09df8a9093d2cb0888b3b955ab47da054f362485
SHA256 7982ba89df02826ad4265b3d811e8c58558f37284503e6ec70e869aca8355935
SHA512 a1801d9772bbe7703ba033b9280a9099c7c74f6b2a5164312116fe03bd0e5f7375fddef8ac04d0e7f5f44e4d13735bb86e9a212a8965ba1679cba11c3eadd5f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 04ea54c14a6cf50f1d0d06d7c4d151f3
SHA1 c75cd129ce0c8cdc03224a13ed55bfad6926057a
SHA256 628e62b849c0b4ea7077c18b3bfb047304268ed0c472fac74b9a05e5bd01b767
SHA512 6b3f0a86285c9503bad4591e388bcdcf03581b0fee01d17b10d31738e695d1f19beee2473cc9b030a8a718d71d53433bab74099cac0f3f76bb93e6774619bce3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 0b68ebf6511998409b56a4c934972816
SHA1 b19172f0382db354c885297ee2fe06e431671363
SHA256 cbebc043695efbe455416e59972f7d29f2f587e05135f2cff33a75866e6dc529
SHA512 eec552438be8c62622b16865bb6ad0e0518119c6f5ac020607f1d9deae8302ffddfd5a78f1c4d1afbcdbca0eb9e0ab357e0bfb6c59e8545966e744addf46e9c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 2c89ec51fe4e785b8ec939d030984cb3
SHA1 7a9e8da00506d5e269fde5a1eeab1814782a2342
SHA256 89acf13909fb17fb904a8aba4eff5bb4c6cc563cc1889210f657e6616e6a2479
SHA512 61e4eeb1ecfc29c571d8b27a36fb15fd7a9dc5f364da91a3464f52c7d9fdfd8d78cee8b9b095cce54a63ab9180a178b92c404fb2b3b2565e1409bde6f5595271

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 21df7245382bf1b838d5081b0e626279
SHA1 a81588d35e8cde6b6bf9f0c74d61a44631f89898
SHA256 b142990518f1af5b9bee528c68b2cea1962095726420268509a88f38636b568c
SHA512 86db0c9483b07ffa444e32e07cf2c361e51b93fa25bd42d5dfd10533bf24c046a1f578f23beb7d0a4b0936a6ad2837ed4bbb7d2c9ce7d9393f36665b8c3ff67e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 572e61a90b6082a77cc434d51ce7a057
SHA1 1589ab0986055187fb458e4ba3b9ed1ce8eb99b8
SHA256 122460e6e92513ec27c5e56711261060debebd1b3dd8d68addbe24e323db9d45
SHA512 77b359ddb6ac3768f6d6f70cbcb2dfcb9ee0f2e6d2d28a0a25d28080d0620be162daaa858f9cb755b13e6090185b73266bcd04f6b6374b7cb4a00fa459783f0d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 240f84e917d7205294310df603e01529
SHA1 c9233000b1e28906b351d22e8052aa40c2588c81
SHA256 e1f370d889a59b48bf207601ae2e9994aa0eee20101b03bc8720bf09bdfd5db2
SHA512 3297fe412105f37f21060fc03a3f38567c1f3e2cd9e1476168301dd5d7f23a26f412091373d54efe69f7fb817d94a7ea12439c03f93e7eb1741a3477aa0d5072

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 5149769ebbb230083992bc802b802a45
SHA1 f9a032f10afced6d0ba9e7cd5df3393257f154fe
SHA256 9db95c54e816ce634dea1e56c7077536ef7a5df3492454e2f25448ed44f67248
SHA512 5e9643948b67a279c089a6b870ac82b7e7652704136b144c85946561171e6d27ff0a8d70cd4bfb91122c29330814b31e130817338b3459c97b7c2508c82b7fea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 a6677f920142a92152a3fdd4a568b463
SHA1 5cd456910d95aae04abc889ce7ad8ab4cf901616
SHA256 ef08bb3fff8dde4983c1908e4a61a6c941e34cbc1e012866dcc8b20997b46460
SHA512 688ef4fccfaf07f22da88fe3bd06edf442703635e3c36df471a02c6acebed2d5f9b666462df449ba3d551b820c6feceb8aa78b43a6ae45c485ec7e586342fb39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 06ae409bf3b11416873ff2a6d4c31fb4
SHA1 c61e7a0acb3bb9206bfa850e1fb04c60a625bb28
SHA256 e33a738d1f5ae460e607d959bd0a9e6f0ef7ec0dd6613818a6891cff9fdf4b61
SHA512 20b686ed6de79ca1cbd1c052a3fcbf392a1f6c4396188d20698a6ea641c74a5850614233e15a47dc3ffc13e7a5460a880d0c9cbc55dc8e0eb4091c7bcf7c0a47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ca67d34fa5bc577a61a9f716550aae81
SHA1 d7f101dd64ddb39bb43b237ef0c8e10bf9a2e81f
SHA256 08ac8fa1c6bc95ead95ff00e94622359b08d4aa87dd5194867861a7993fc0b89
SHA512 fd49080e820382e8b1bbf70d1bc08af21e49b6fb67304ed4c4af4c43e33025b5dc2c1a6529a5ef24b836e2c653d4f751eed74e06f238d472d99cc5a2afe89366

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 edf21d489eeba23df704656f462a852c
SHA1 2ccc7bdbcefcd68919aeac34dea9abb2ddf035e3
SHA256 3d3e8a1a3633d6168ce5da4b4b37683f8baad68f7eb8c7b72478b6903abeccb3
SHA512 a6aed28ceafe83924310b95b3b10a44ee37118bd4791cb585beceae4d76e672b55fb60351d3f39e55d8eab7c96813cf137754eb0513a029e6e06cf569ae7dbf7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 fa622bf291aa55ee8b4ef32c5e125f49
SHA1 ddb38711517d77cf85efb37774fe771aa337c54e
SHA256 75de02805208677b7da04aa6c37cc399bb2d4edbcf38f597758807ff3e9b00c9
SHA512 3c357cd9ca2e3b3713f7dbef014e075d3cf02a5cf1f0f2631ebaca500b57d54f8f41685be9ec35d9d22f6893e0f7ca075ffe39f0ba4c5f4acb694dffe7d60c77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 bb8443637c4c8cc674ee5b4e13447b3a
SHA1 5051c269f33f124bc8a848db8bb16d84ae4b8a24
SHA256 2c93076e6faab9349a990006f0feedd8cdd5c11f087c17f7599fa6b1fb43d0fe
SHA512 3ab2adfefdcfe16dff548123c9c7d2bcda9b1f1bf75882d8737216aa68d456fdbb3c8d57297ce583f96ebb37e74c00f218a17cae2ea75a6b88faca5762d41bf6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 76b3d5ba1e97295f43fb62baa81fb88a
SHA1 9005d3afa8fc8cbee4bb52b79cdebdf63802fa80
SHA256 46c8ca444124d9f6f7c5d07158dab7f3786dd5782478b3b988375568cd21180a
SHA512 b97c159ee23e64e1416d9f21462170b26b96aa4b9797e67448fc607f80603658b35bd49d84b325a0f3f4009ed91fa755e30eeeac5308e4cc776e50f6b4ce72cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 243180077c4ca95fd5899a605c23c2e9
SHA1 8285fbd6daeaebb36fa3a3eb13f255b770d5d2e2
SHA256 1d71309ff667c4ce5e0908433f667e9ff96e340a97f0c52760bd4e6443bce2d1
SHA512 5528bdde88b0b205075c95b700d768cb5d0aafbfc7ff19c4e18eec3c7819b0adbc36881372f4392a5d23a310270b54607f34a8bcd31d62828e90c5218c13ee8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 ea5b90054063dd946136915d6ed1c619
SHA1 8aea74830bce798ab773edb89905682a1de7d030
SHA256 fd09d866d8be134a6fd44528e0587db14d5531915f4f86362c80e1d212db3ab2
SHA512 3cfed07d17d6c9cc4015a1e37ec67ea4adbcf8e009b3a3669604e4274de52ec68d770d75a3b1ecc4c477d3ab0fa622b8640095e57a8878e4512bd9c268a8380c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 cffb71bc21508669592c22ca0c9b3334
SHA1 8c6a733dab5c5192078c183367720563629f6c87
SHA256 acace6395f4ee59ad63e82296d00b430b365aae4ffb5ad09375b1f62c980d918
SHA512 212f873b2527aff7fb329e537cc57c14e360b9329c598feea43383380045c38ef8dc1fa3aedb00abafe907cff9e3ae599a1d04ea142b4794f1c07d643db67a84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 72d8ab7fb12a0db8da86f79255a2b8d2
SHA1 65a06c3124d37c6df42ff9ba28ddb1e6ffcc1fc5
SHA256 4f2bd15cb6dbc071c6f8feeb59dad17dba848a4fa69f7a6af6607469cc6034aa
SHA512 53b5cd2d7f8930d9b4f188e8c3139afcb02df54a0e434346dbeb937708ea8f1f7c7db17d20043be8e3829c3b568ed463087a1beebf81a37b8c2cba6227b6efd8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 1bf8b1b2f37f4f7f280e2cf7bd399227
SHA1 88e6278d37e61fe7f461a7dd5193a89911bad6a7
SHA256 3e44d5dc6b7dc84867be1e6176765c3819113df406129dbab9e74604e319fde0
SHA512 400e3dad9ac1b7ecc547e69bb9746da7cc7e9f02c5e7188c8ec1f530c2a68e93dbbd0298566e58bf7917d7e0cc3fbffb164ae531a16b4f89fc82ef8eadb58ec8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 3a7956bc1812ad29f408c8199835b564
SHA1 589b8fb9eab5476e02e434255d35fd732cd111f2
SHA256 eec4672e08469cc5e8c037be660acadd794de51dc7aaac997dfa8c41e3389517
SHA512 f404cd26b3c8c3424759cb607c9a3e36e515862d87086a2b830fec23f4dd1b9166c22f8d73544da36c516cbfc23aaf914639b9d84b849a70cbd99e83a723000f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 c2bde30e28b20653d3be322e95299f0b
SHA1 231d6c6c294fc180ce62e39bf53379e207712634
SHA256 2bc948b3ff41ef0f003175afc0a5b0e5230b700caaf24de36071d3b36f761f21
SHA512 e5f2e1f8749a4589adc5737088c5c1f422ce24029af7e1f5384550a22f3e937e8f1bb42345fe12a8ef2abcee4fe2fc0c944ed84665eaa17a698acad66c458973

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 644d27ccbd159cf83d6b4644d04b2c32
SHA1 29d050fd3a67d4a8e72bf5cbc33ae0302df4710d
SHA256 d846b8949d7152dfa1d6f9727653f70444b27c0b4435ac8411830629f6335b94
SHA512 3462848fefc8f37eea11430dd2f7c39e4058e86355de89a1dd61779591b6981a5e854e453374901e2a54ae830159e245a021c56309b0be470bf6a0e2dcccd1e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 20f3bea80ca97966e7cb3db39b9bfff4
SHA1 2d74ad455f81c128ee8db649bb25c3a546985b36
SHA256 a4b3474c73734a5ab19099ab7952460c620d79b1504cf37f815d169a5bee2db3
SHA512 494067f5cb0da6ee313b5b7223bf00b1401eb1483454e2bde0c959a74c1b4bcf36024c317bae75b3266c6581a6aa0577402110c1f3857f2211ab87d1101d1d81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 3324fada877a7f6cf3c5651f8120de0d
SHA1 8a91efeac88905ed37d1ce20ea450d3a7421a1bc
SHA256 4a8b24d2ba3a0f50de012b792b032e84444db88af2963032a8a08e7860571e54
SHA512 40a910688046dabaffe0a52f4d2534ad924b29904fe90bd6d3b42a6489834b9c0b71e4bca601a310c07111aa790d3a4c73cab65987d85032172fdfc7ad8b59cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 47c5d81d8a87ce0a76fcaeff5183700a
SHA1 86635a64ef93a7a514d38fdb60afcc04b246184d
SHA256 6cc6f96f8bc2e35cb7916e91c9e09063274550680c76d8080b44c11aa87c518f
SHA512 5793a3aa911f7e96e53c81c1aac885160da4148dc5f1beaebd948c2a7140ab9c4146431005d8db8e9443becec047c29328415aa5d0250d38958e356ffcf3eeba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 c6eef88151fd07efa08a983a3fbd5ee0
SHA1 4cd8f01ed40684d02927e3240a552ef5937ed601
SHA256 69aa9421712111253a64f6f5976aa1aa06a78eca2ed8c93240cb3745ebe4fe2b
SHA512 eda67ed6b965acb05b7ed16e5216bde5680aca3f0464f36b608d811110e44547558b8a14b9176b3503b16f8358e29c1043ce0ccc3c129621d4f964eade1e6cef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9559cacab1df47845f8b05f7cf54443d
SHA1 b85b92058cdcaeb8c4563dd6259f1429b4c55940
SHA256 1d9e3ffc12efa9a075a0d4279837038b8d05fd172060cb513d3d03e266370d97
SHA512 bf73f3623eb9a7edad92b1e5c793a979e8855053f42d0c820ac1e890fe9066369d2a5d18feaf876026ad29bbd4ede351f543dfa94e270a07dbdf8e23cdc1e683

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 d0285ecc9a0212a355ab96174409ca9a
SHA1 9c2f4970de0257fd4f5ba23208809a9171c52650
SHA256 b9c5218fcb3f280203a842c2098d7ff7d07b19723c19df20e92c9efaf34a059c
SHA512 ae4bbf2599401a4cf967ae9f2e19775238ce9d2db82842c224907fb58eae347d1ea77252403f31cdec73142e423bef566308345d8781f32e5a9a909b2c2c5296

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 7489def9a6f80417dac50e5c0c429f54
SHA1 afdac87e233560818cc19e9227cdb9df49945c9a
SHA256 8009a5d5af3ef6c417f0429058d7dca8a0ad7c90a206fd45fcb6354b5a2e5b9b
SHA512 11eead0fcefb3efaec3fe0af97bc5655f0106609b02468ef1c274392ef9bc1a87b475b14d01f97b38d7ce995520c1d24a18b26f90dcb5ec3c811d1f5c41d751a

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 3a739db97a3d7e91cdc70e280cb46c2e
SHA1 71e19b569a9b5186bd9db2db01317f1e1eb56992
SHA256 b66d1e317412ea20599dc09fd581c01b5f054ce80d845bd579bed1c18774f03a
SHA512 aefeb630c9a35a8352788001a53ae49022e970df101354820d91b311d5b64aace122bbc43ed61a0fc4aa4346d922643ae5f69cc87b2f7625c684ef580e5e6e4a

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 a9a65ab37756513e5b59d41c3216eb8c
SHA1 121562d94d2a3728d4b4a51f6f102d426cf4d181
SHA256 2df80d00339199dfa9ee9374262314255f5056825e96d37574f39c4a5a363388
SHA512 0196609e3629447cc3b812b9bfc7dc9c9ea67557fc5650f9459c3be7a5f83537b079731509771e087ef21851d326ead2d6a3df00d639616d423cc10ecb6d9ef3

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 c90a648cf8898312cffac11a9b0820ba
SHA1 945457ca12f9b0aaa3ff404c4f89ca1c303389ae
SHA256 5a90cf1ee3fa59abf9c9d92d932a3fea5d87d2a803434c7b0ecced8ddd2eae1f
SHA512 ae5f3b8a6e67c19326849d1fdda9454f6bdbdbb9b8d2d7a911402b87837a910aeb703b5adec992ad33e4a469638fe3b665e6d65985bc7aeeb93d6ce2d1acfe53

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

MD5 4f4364077ee37d91cf0c8f77229327b5
SHA1 65631d1d03860e32067c35b4dc8462044c56e9ba
SHA256 61accca7447df485ecca9dd5957d0e8b49ab204c8639a2d6c0bcf75e74b1ba61
SHA512 828659e1108c09db49a15b036ab562b482f652a09051c13ebf73011209f51c1ca553436ba8d567d6462cf16a61856818f0da2184317b71e7f153a281a4d19416

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8c0802e3e077b82bc6938c5f150bc445
SHA1 2ea910f95c70f81530945c4788a933edd1acb119
SHA256 a5bcc746caa5e07f2582121eef48a67278cbde3074880aa4ac094e13f6b02a03
SHA512 0ca130bfe5abb1e41f8f8c659a5e5a4c8eb1ee070ea96351f8892cc2836f58473ef2be8d3940b150b019b53219983a80486f55fb79c02a8a965e2ad7a42f9350

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 b3cfa311f10bba5769c1637cdfd6a058
SHA1 f12777d8e2cbcb8572afdc62be52415380738cac
SHA256 8c9f6598f2ca76713924a3a3f9850457faac138b5d8f1be96b15081e89dedfa5
SHA512 cee60f7b0a4f052b982fc686e6e4784da21eb56cc91f75a6342ae5bb00d2643b9a771268b33b3bf7031aa183c3574e5edbdb2282c074cfed3c310d70e296e6bf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ab6e164b141f0067ede111150147fe48
SHA1 93e997710902083ab9e80a634e9ff45c32a59109
SHA256 94103fa56f49515908bd436aa1ef0fa545d4a0a6642336f23b588b675fd784a6
SHA512 00914bfceaf9ef5e1c89161e1ce8953168329aba95b2d3e7b55c1fe822468dc935cc296b09408ae88696ffa241e0931948653d0b5f8ace088effc6e3793d0727

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 af2881ce84476e13ffe98bb410ac8a62
SHA1 c07ad8f74b89b5cdddb3455694f3c61d533a05bc
SHA256 c24be7a6f41cf4bfd840a001005251e6f58e93233cdd9759dbebcbeebd7dcbc9
SHA512 d1a7fcc1edd65550173b631c3cb930017dcc693305c5abed3288fa7aaa323d6837258a1667db507f0f67fc12809c38912cb3d102160cc78af2cc0ae9da733b61

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 8b41d711a76941fa28177eeb5d3c2f4a
SHA1 9ae55f52eecaf4c4e4c8a46103dd8aa957f5389c
SHA256 65dc85676f731bd8133d2bed66fd196b5944b9623e46e46375b666cd53e3e161
SHA512 9f599cbf20f6b5df804d0bc28381cd08b30f8128e184b6681ff3691baa7ba7a422907fab641e993abc14a80914d811db58572f0fd80ace7e141ab5397bab1f8b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0409e995b527ba74673d393e2996e6b2
SHA1 c2bde88beba536a4ef2e2b892f5c952969065f76
SHA256 e6d5418e3ad983ce580c7a21d28b391671e1a6e59defe79fa38fa2a896c70b87
SHA512 0729aebf45ca42721b17967aa8249ff228bd837121f8c0d9d74b26507a18fd2f4861b78ac5d065e0635d6a073951feb0b99c1c04b2a36601adac51dc50fb8a82

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 237fe1b770f2d8ca11f2dc71a9765d21
SHA1 9143380cb1c2be274869d5a65b34f57456398e82
SHA256 49cfabd73923067b2270893d282299757ee366ed1118699ea9fe5d4bd0e22595
SHA512 c7a6ae832248bf722c198de196a55ab94f72a03aa5958fdc915dbe29928d371521559fd3bb359ca2f30555c9a7508bc87ca5bb51b870e4bf2b96241b38becd96

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 64c69bce1f01f617aa86f3a71912dd8b
SHA1 d8d2f6deae934367daf034b6c5936bc1d025fffe
SHA256 cde373ec91341cf167ed0c7663605fcbde03722e949d1e74c9df94b4df9df2a4
SHA512 bc5f241aeccfd9127f3fc40dbfe36d73416de87bb40cf7c62e41430a6dea0c95f727f5c144ca9e17e26476368e3b576a557296667f8ce073743b230e801c4530

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4f20923fe9b04f2cb1aa8cb3b348ec31
SHA1 c93cb5e3829c618b45bf1386d9945aa5ecd503ae
SHA256 b679e3b39093fc9f755d7acd5fc312e6e1a3059d9e66ab903ecc5d5e7b1dadc7
SHA512 1094d5e17c62763d6ed5cdf448d0272d9681f5814b82cc8809ef10c7ff954e42bbc511131feb0b3a4e99ef42d20e664b5620a6ae279ce9b331e1dc687e05a784

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 3a1aab894e40c82f6e9bab34ee74b2db
SHA1 9ee1de63a81374078c9c6909913f65eb7c632207
SHA256 0e74c9db8608e069f09a32b42ed785938cdd260e396f91cf6a8e7ec71b315c23
SHA512 a81d85e202f0b1aa431c883f159ca31a9e53071d3ac8bb48c6b58f140001e205611e803373da68d9332ca8b0ae72e8af79a6e407b75d4a0706cb25cba0f6e44c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 43efde16d237ae0984ca17d70a4502d6
SHA1 12c40a27ede36ba0c8def2a9addf14d163cfb372
SHA256 3f4d1750de790345bcff0307b7a9e03f8da9cc67b64fc6a66a972aa8a074d56c
SHA512 d88ae318b5f972d34773bc0c76dc5f403612723b4ea06e4498225ccfb3fa6cfe30d50211226d0a219d202fb892ea4e2bb9456420432602a4e6f8999d14682e03

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 34da1c6b9491df0e52ab0d6d1748c927
SHA1 10f314f989ade8ab791cb41f516306bebcf3e4c9
SHA256 72a01931bd70a45e9e8d9e03bb46f0cf1a65f33ab9bc024eddd7cf736e71e01c
SHA512 abc019fd958b10cae9630de1b395fee4239ccb800ac0a108ad6339610f9e53ebfa07572d05a2d9a24a3b8c4a0400444bf40a675653843a0d836e30ba135f4416

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 03d7778de012f6307aab2cea89b448f1
SHA1 7678789984c16eae5886da44c1fc2752f2a8ee85
SHA256 26388886b8ce98c3ee53a71c7e907e6224e5e074263606dfa410f9f9eb8fc1fe
SHA512 012512a1ac1ecf5b32abef78b23c23994e736de27ac8fd47ca76d9e0ac1173cb1663425edfe8cc120b6d43a315de846c1c94511e2a3fce482cb1a25f71743419

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 41fcea8975fd581689995e9b3105960b
SHA1 f44e028efd65a725e6190ecd46b13a3211c71aa4
SHA256 2e8fa6dab561b00c553912102207e1ffa305fd64cddb64f4ab869c226d085f45
SHA512 cceac1b78dab5f733299cb1d75a7c562755d781d619db078ad77df5d3f43a2414b4140708bed47cc9895b97571506dbd7ca9aebe0c9f13b688660edfe8d5f4d9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-09 02:05

Reported

2024-10-09 09:45

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe"

Signatures

Renames multiple (2592) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smrvolume.inf_amd64_1d430c5b72323a1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\osinfo.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp.inf_amd64_614ec8e6e63777b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP-pipelineconfig.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_5b5f11128afa2611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\unishare3d-pipelineconfig.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\91.jpg C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare-2x.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\et-EE\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\excluded.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\JumpListNotesList.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\39.jpg C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageMedTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\ApplySticker.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\avatar.jpg C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d5.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\WideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\Welcome_Slide01.jpg C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_dual_machine.inf_31bf3856ad364e35_10.0.19041.1202_none_8111a792f090a2a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-mscoreeis_dll_b03f5f7f11d50a3a_4.0.15805.0_none_e8ce3a49e6043e06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.security...t.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_54aa693ea123c660\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_1549648a439c9164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..es-smartcards-winrt_31bf3856ad364e35_10.0.19041.746_none_282a458c09a25989\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.Resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_it-it_044e29050af610e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..erdatamodel-desktop_31bf3856ad364e35_10.0.19041.264_none_432060dc96bd1c61\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\pppcfg.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..nt.common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e4c94e98a8440764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..onfidence.resources_31bf3856ad364e35_10.0.19041.1_es-es_109d94d71a64049f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmspdmod_31bf3856ad364e35_10.0.19041.1_none_b020dd120f3abbe4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-l..layserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4375057fdfdef72c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1202_en-us_86d6239ab7fe61ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fdpnp_31bf3856ad364e35_10.0.19041.1_none_1a16286703994ac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..orization.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_dfc7c0614ba4ef91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1202_none_fa14df42dc2de4f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.servicemodel.routing.resources_31bf3856ad364e35_4.0.15805.0_it-it_5e385f4fb37f751a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1266_en-us_0ccc21d8b2bfdcdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ThirdPartyNotices.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_it-it_56f5a080e59158c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-gaming-ui-gamebar-component_31bf3856ad364e35_10.0.19041.746_none_be75e3e54abda527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_e4936c250d024436\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Light_Scale-300.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_10.0.19041.746_none_72c371d007415876\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\413-1.htm C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.entity.design.resources_b77a5c561934e089_4.0.15805.0_es-es_e42431a06b28fb67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..uetype-yugothicbold_31bf3856ad364e35_10.0.19041.1_none_654a2ee635334877\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindowssystemrestore-tasks_31bf3856ad364e35_10.0.19041.84_none_2c3254d57443e050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.19041.423_none_204af7ff19532470\tokens_frCA.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_tsusbhub.inf_31bf3856ad364e35_10.0.19041.1023_none_ff9fd02b1f531a98\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-directx-database-fod_31bf3856ad364e35_10.0.19041.1_none_b7ea10a2240a7af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6fb6e6e49393acae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..agerdesktopprovider_31bf3856ad364e35_10.0.19041.746_none_108e3b6acc12a933\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..t-console.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4f920f64f5afd2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hdcphandler_31bf3856ad364e35_10.0.19041.746_none_65c2c08a23dfa2ae\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bbba283d4bcbff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0808e417dacc8ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-etw-ese_31bf3856ad364e35_10.0.19041.1_none_8fa08a745a1a81a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-prediction_31bf3856ad364e35_10.0.19041.844_none_67ae6f79d96aa66c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_02f69b5de97b772b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_de-de_80a9ef9c2b6bb719\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\sqsaLocalAccount.html C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-raschap_31bf3856ad364e35_10.0.19041.746_none_fb0cf8240a7c7da6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\previewTabClose.png C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_a5a5fe7757df26e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-game...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ae01578c67d7fd35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.hyperv.powershell.cmdlets_31bf3856ad364e35_10.0.19041.388_none_2f655558eda5822e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\080a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..streamingdatasource_31bf3856ad364e35_10.0.19041.746_none_31c29ae741516d9f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_1.0.0.0_de-de_bfc26d1aacc28d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_10.0.19041.1266_en-us_2d9ea7f6426cfa21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-msmq-installer_31bf3856ad364e35_10.0.19041.1_none_d4e41732e734a8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\PLA\Reports\uk-UA\Report.System.Wired.xml C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.546_none_2e110dc7e116d9cd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..riseresourcemanager_31bf3856ad364e35_10.0.19041.153_none_0dc19df0ee22434f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-idctrls.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_aa2eb87bc9458f24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm\ = "INJIUPKJOIOXSUY" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe,0" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28e6f83d4f38b3885606b5d47fba779b_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 413ba6421e1f7587471b8de3c817feb3
SHA1 43e8d409b58c0f51d1e23b26c13530f4596672af
SHA256 61d82995ce8a7771b180d4721e3c902fa6df441b437196471e6d28763c2d3bb5
SHA512 ca373215d864651d3c551f690d31a335fe2457b01cff9b943b2cc6244d25be7b9383584f7e8ef003fe84db526a28e8221d18f37147d6e292f7d58f1e0b7e886a

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 7145b5d799b9931efeb132d90454928a
SHA1 f5104672c1b25eb12ae5a4158922181877f6902d
SHA256 6b6ab6579db2a0b585b46f12d0faa1b43487cad973b0d070f400605feb95e851
SHA512 bc5d22d59bdb80fbfb8711d1535402e1d6c7a62cc84e5dfbe389e6249b5db82566af4f11736425d3b0bac101dea3b37039a5a344dda7ed55a44b79f6a236c184

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1f698c1f954bcaab36e974f6f5395ce3
SHA1 017d0a98c85ec0716e4cf8f06a2a78a017bbaee5
SHA256 771a271d96bd3578bbe36a7da6445bd3f7406fd7ddfd93352b24f7470976007c
SHA512 da779ed2ec600041faa90f8eeae4b60d276b8dfc35eaf74855254797e8a1d9df3faf69e967509c3c653237e60521ba93c7e8f3f4324a4f601a56d03c7f9d6922

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 81263bded5cbc4637a3febf3a080c568
SHA1 fdae953de9465038cefaf39ac6bbb414b4893266
SHA256 4486efe13309cd0490839ee866760e6e07557b9cd20460b64950d4749cc8fca3
SHA512 886eddfd2c5ac25d77df5a6b517a10dec00c7b6c41f1f67c051bc6db9dc7cb64d07eeb84accd230721b6d64b5b75ca9a57951e3608af7bd7e9ee10542c07a8c1

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 eb7f071d4a8ff2074079ac0e93791d14
SHA1 be6012796c2bf8436138c9c3c9bb4aacf10ace38
SHA256 0fce5a89341503b8d807b8ee9179e0d6d614fea170c22c5908eaa4b00d300849
SHA512 a7b5e6f7155ad0264ee140ab5a579ededd48fd50f0223eb059d30a73624b0fd38b433a3abed6b1ef0e56820ebb00519e60cb3e9960f1d7a6fe8348842e77fe5c

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 cb361f8b2232cce98a6db9cbaed0c073
SHA1 5465e75a6d8510097ceefd99ba8d9c9a856ce7e0
SHA256 957cdb4e452c2da412b2fd393b786cc9fbb5801ce918572aeaac2d55d8fc5c41
SHA512 cd8f3bd2036690c302d7437236ea9ec16dc6f07a4cc351604926e4fb101ec8ca74a18962f20dbe20ce1c9632083643b9d551dc4d445a56ac3fa473a0d5fc8bfa

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2ef90d579302683b326b443e3aae71ba
SHA1 57c358e1d2fc931936050c5841201aecd53cc9c1
SHA256 95a62070174f809a2b0b157fb82c4b009f8d9f31fcf54fdacee2527d44365c68
SHA512 55d12200755a5051e0fb719b68a628cd51d9dcd0109454cd4dd4502bfe6865ed5b96caa7108f6e0ad60e6c2492f26ad025ba4960aa6e7196c7af38b76a0d25b7

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 12694658636236441df48f95a2aa19c0
SHA1 95975b196c95087c52462cba44152891ed9a2c21
SHA256 600c36a14e9043420f2a2fabd2fc3813952ac3b2f8b4900266a434910e0003c0
SHA512 53108cdf09f087d1db290c8d9b6845305de73967338b4077059fe3834bae1e63c413ec06855a1207b266bad5981943b79d7b77cde5b0610698526a8eafc86f01

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 a07ee34251caefda6b78c1ff34683026
SHA1 24cd424456f4cb21c6f46365b1c1c63e473877ec
SHA256 6a36ad111fa66b3469a26e15f5cbbe928d94c44b3e57a6e4fd5f3d6610d990bb
SHA512 d5044e452f2a5f91d00b5849554de6ba9b40b47c479bc5d699413c7072e24f2721917cd6caf86bd04670e261dee03e46cf0b603c80fe17d481defb7337bbb538

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 6fe741fd892f5f1b0d2f1a3b664fef5e
SHA1 f2ccb6e3f7c1a169f6142b7f9666a541d7a350a2
SHA256 8972fbf3fb9eff283037a7742b3e68fc08167d35cd41bea836f23109a803b3ba
SHA512 029994f781b51bb0123c089893b3e7efdd9f0dbd510782407e5fd57a9aeedd2ab1414495cc00bb8f67fc4e0e5a9e5b80cb95b8c443afdc25704306d74dd2af56

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 bd9b337ad9782307e1ebb37395673ef6
SHA1 a143ceaa1ab40a61a65a1432f4ce451c3161706f
SHA256 8b0b34ad40d0978a5e77d69042d2df2ad40528d13bacbe782821edaf4fb0a59a
SHA512 db4d3482c52fec6d7cb4cf00c2f3f3424c316b3d785f24b233bdfc7882631e447f7652a6e362bcad61832c9aa751a3f4e770a28beb55bd6aa074183fbe3e8ccb

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 7a85b06b1e743a93bf9548c1ec5443cc
SHA1 292b5906a4d8460b15271c67a7985d09dcb11fd6
SHA256 5aaeac2a563b82d488484046ebc0e67c994ad3edacb5592bb5db13bcacc13e2a
SHA512 2dbd7098a55656c7f21e9b60224e150027af93d51f62e329cd76b8e075e957a442b62f850eed113dc76ef358ac57eda913583a67a79333a581ce9f0e306d2278

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 39fe8c1fdbd0e5b30d9a7fb71343b41b
SHA1 1a4bb8a3d00bd72cc46a5d5d635eb6bb940c2122
SHA256 e5a3180c314c1402158e0a97ba333fac79193606791105b483911effb103de9d
SHA512 aca2f9f1f0ba34e2fdabfac66c8813294e3f057b58357e5162b636d1a4adf2b7fa3d18dcdf6e6d104e6a4d6512f79b215aa56660cd351e1b337aef456ea21325

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 17f703378d20035f1b1fddf342c8c549
SHA1 1f8f42bb70928eec9a5d8ffb35e4988f0bb799ba
SHA256 6a775df772e604f9573f5200978b6586a74fe69985d71653edef93a09f669c42
SHA512 209e232d3c20084b86b3914fef40711ae377375de024e11d7bd7781e1f3eff14b200aa08e50109a8c82bf8c69ce709689dbf1b25fc91232e451730d41d742efe

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 c4ed8339192c9fafc562d2afc8deef08
SHA1 4c3ff8f2898f321435b185a561d1c2f780727e1d
SHA256 d95c9ee3cbe753413ae02dd8c225bfeacb88e320f1f54aa284b2af25e3be481f
SHA512 90216a43a8a9bfc852751f80ce7ca3d220970a401fae026aa3c9cc464b3946ba8a4ddccf48b1068d6b98ddaf150da7345a5ba6915aeea643210f89c316830b71

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 36e28b536695b72005685e962966dd93
SHA1 9fa2bced91703b054e8c2551f48b85201a4f4eeb
SHA256 f6de7b9225d271af843da1e4cdc8eb376ff42e502d20860c7ea30ff1a928da18
SHA512 a48a19f7497ea6447175b2eabae997d0e856694fb97ae694417c4ea0effee1ebf24e8003e9be5f00e44ff2af515aadcecc02a4c046f64586ae7ecb0932acaefd

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f9176f17d3a705284a93c61b0d5e12f2
SHA1 6125557c8cc3fe5f0560e07a68e413309d7078d4
SHA256 7b0648bd50349ad1a3051507bb6000f3186a3e2cddc7f2a59c9a7b367197061d
SHA512 29ac1844877e50a117dcacc8ba4a15a78f7872a2457e6dd2f97c420ee6b5f6b44ef62e7f2ce650346a7731fe3f78b22123af52565e2fdaa803f6347a769746b2

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 d0cad5d991bd304221cf7304a5cf03d2
SHA1 be9ece7a2e5f3d992c1336a7e601b2b951713bd8
SHA256 fe3b62ec34740c99dc94ff3e2936962540f357751c09e5de8503a5540dfe816f
SHA512 e92f99565c32f5f3972a15ab7b5907a5aec7bddeba5b53c9431b93bd9c90286934e3cae44204e26f8cedffed0fcf383b41cfd7eb78fc91087e71e2348f005c16

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 2bdfa77ed5ae933287564d391bb353bc
SHA1 7a8cb37d8a04dc3636673f67e90d9cf1f03c5ed7
SHA256 bb4e9f4193411453c8ac5a1339512b74888b5333cf9faaa4eb86216c1b2fad41
SHA512 2b907ff5c6991ea8c2f4308496be175f761de4a2e139894aef12744f0cd2ac4f38dc6bd98488f8968456632effaaf17460acf30183170f17731ee66eb6abbad9

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f35f7998b15236b3780c03ab006be59b
SHA1 b3e427873664d526b8c3f369f6d03513444891de
SHA256 d51674aec60138bfc59285db5c94dde2c44e5457535b6773745f79ce7f7abcb4
SHA512 0192188f955a74464978f08ce1b87d33a54ad4f9e62871a51baed59391a31c2c54f7f7d08636adf0d676abd50ce2a347cad2bb18a81e52913448e53f409623fc

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 bb53b8ef62916aa27067caf55c491035
SHA1 62d77f019e4ff81f0216c89be3ffe201ed272650
SHA256 2f429d2a5f79531944e1164c6de6861e7a98327501d8cbbb2bfc215b81583042
SHA512 811b20d524919506cb898f1c7a95e0de082e9393ae7aa507434f9c2184f2a14af5a4d3e0b8347c4fa8471fc1b73de8e4f9553f7242d77e10cd618939c86a5b65

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 b8f406e038efdbcfa67a4f20d9da5f01
SHA1 e3ee4fe5afccc8fd0141545124f0086749cac614
SHA256 7c257770990af0970a6329537d40de9f8244e223fcaa66474a835ac6998cc3af
SHA512 c01e75c4ff9fd990027195b2020fa6d9bb2853799a6a390521b512875f6df1a435fc726c58ab5f82c3f38f3294225459361a259bec8001b9917555e79899ca74

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2fbf77e9c56d27c015bea39ca71fe2fc
SHA1 c1f0fbe28e56efb184cea580140aa6570e3109a9
SHA256 195b01c6a585d96fb26e8c58a0a251b1723cc0db8ceea3e6c314851cdf0053fb
SHA512 ead222e5882b565824e3e40cc5fef277b123eb76985288c0fae847d9c347b93399db0bc257bc5a892964c836cdfd1ce83e11c276a94c9da639091b499c54f61c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 03cfdd7af0923bae4ba8acb353670780
SHA1 7d0d020d996076d4d3ae7ef2e2deaf1e5052b26a
SHA256 fc7040cf3dcf9931340c2b7fa7fac5e8d8d0a8063d32873cb968fef7a3a50c0f
SHA512 2ac376e5d4d19549574c7e44908919641e00843facd5ff2ced405e892d960f7815703307bde7530fdbf14e2d3828dd2aba049e19d161f603bab05f043cf1fd58

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 8868948b8de7f9e6289d0b16f74c9382
SHA1 b0ff3c4ecd3afc0a8788cc0b81beeb8373116a6c
SHA256 ef3c3b281fb563e4dcda166937a854d2792dad9fc056ca5c9fe0e594d5633273
SHA512 75b335b63d4bf44d4ad15bd3526613fad5938ab928f41e80d98a44b4ce795655631c3b5c5b306fba3ca8bc7d3f0a4df32ff587d88f9ccea617d0820d9a1a5080

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a2ae562e91cbc84550510ea648150f87
SHA1 c6398e8ec663e5274fcef73130eeb464311ac308
SHA256 12f7395596ae5508ece32283fd07a32c7c004cb526bf73f5a3468e84fc140be0
SHA512 36a1a189e7132af149af04907c9d55d9ec84b52b3ca258c9895078abf90f3d07ae6c48810a7e13c7218af7c056f6c2f3a4dab3352574a85f5c3010854b18af75

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2124c275338c5b870eb447935e2c12f9
SHA1 082a43b893c7537d59079f6e511e39d287b6e6da
SHA256 0e16e7473997aec150bc2d83a0ce83659c276197934ca6c4a81614ef03e05925
SHA512 3fb57c29cc6a4bd93ebc2810ece17a63cac589802a34a96a21e18bfe6009dd4af60bb0a202e80c98542f0cf4bff419bb1377f2a0aca5aa190170f74f32fe48e1

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 894641b00508081c65ff8d3f226091bf
SHA1 ed2a3f119e76654e01d93db5361d2a7ea1f6102d
SHA256 73cdc1c15da3128bd33f4ca951e107ed5d2a04a0dc788264f5842d05d607c4c6
SHA512 283e2f2fe7abce7695b3f1c93db2a655a8138a5d8bcfdbd3245090631c2756b594981a599dee46b020955892db98e4007e7952b98b1fbd0ceaf0f85598284b3a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 7819ec67a0caa7d83d7cca2d145b1e1f
SHA1 7d68642c201f8a7d4fb33489ee3a609829037816
SHA256 4cb6091c53d350978da2152f141ba6104c247db9d5804740587a343ff37a09d2
SHA512 ded76a6d8cd4687434bd1524c4d54db4c000b7a6f0fee54eb69558756654e60812ad0c1b78179ab8f6436b9b4a6feae833af1c3957dc7ad1987c569ad1c8e0dd

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 9ac43a46e5c90bb3f6718069d7f646ac
SHA1 066dde829d1b70c4d3ea19bbebc0e337228b6f03
SHA256 90b598c9624cd6346cc7ede09d3c8693d8b7e01666961852db350fc80f803fdf
SHA512 64de5c7e2063f3cb511c187b7a0c7cc6d2f1bc2f50424211e4288ebc4e7792cb361704d10a43886e7fa26faf62deb4e2adf32c7b9956da6381d83204f0854375

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 2b76f2f56e0dd7afb790ed375d59eb54
SHA1 973a5d5c4311e140e3fc280dceebc57ee9d7b06c
SHA256 3bf9f74b3807064c890ca2b1bfee7e25d71dde5ddaa0670437e0f67629ab4581
SHA512 29b3316cffeeb462837f035dc4ae618b2d89cf51cf962438a0804df9ba93f4f23212c655f83bf6d1136ad393200aeaa0263f728fd45a5263320b61095b70cc49

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 fd7a587f26bd5cfd330741741d0835db
SHA1 95793e0d97f2860b0d1f2bbc8b51835a0a43a3a4
SHA256 f7fc506bf52d94e4719fee19d5de212639179ddde64074689a3be2662588143d
SHA512 b8521e92bcbd5ee07d01d22e799fe9c02d6ec9282fc4bda2c4052eacebe21a91867d7e55a0b252a7a19c17d98efe785a3cf8c3c58443e917ea7f018cb542eacd

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 516e8299090f5fa0a051935453093464
SHA1 263c3361aec0e90134d03a6c4309ef8ceab6b4b2
SHA256 c2c2394b9145309068e73596690c6a83df2fa9feeee0ab3996ce7258fa05db2c
SHA512 5843e04f1cce15e9cb76a14d40591ba49ab204b302fa918e19851e284c02e594c70dddf99922ba29d4e49ceabb5566bfca3a1cafb2ec1801e5e30dbeb6ab5587

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 a8dbdeecf8f75a4dc396c5edc636e49c
SHA1 aacbcdbd0efb64e95e243cff88ac35c178018055
SHA256 5783edb1ac9e6306beb2385d71229347e974e9ac5ae2985d42ff1fec65f8fac1
SHA512 0f354f5dd119e1ef6573c747d39d0ec10b1d8d1162768f7f8a6705c6c2ba79c5bd1d47b85a304d477e18220fd3e53a480bea3143ba4157c9a5ba526400fdc29e

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 522b1bc248186d1d313ca464912795fb
SHA1 f458bca787caaac0905099e3f0cdf96320953be8
SHA256 3a9834a6b5b129beb830481d4933951d6add6b226c1f5f238ee6263e9d05d702
SHA512 8eed65b30265ffe4ad6a65f6afee6680d45b3c4cdcb55983dace1133d3e2c75770fd9ce627f58a0f9b9849c350fbc3f60d2323d611ec9b91956862d08a9cdfa0

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 2a949af3ec7a0d9cf8745a68de13f6bc
SHA1 6e68d9d15940c8fa5df904bd2319c88be4b0c81a
SHA256 2b54010a471883bc4d5396ea12929048550e46d143e184f2039efb56b9134787
SHA512 f2bb80b30d178c49f1cd9de09e36b5b0735fb4df33525aac8a27d5626c364be3321483654c3bb14070e99676914ca52307e7e0920fe074a20ee54f14365350e9

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d81fd5552dcb4f458926a430b9989459
SHA1 46622f17351e03ec2982e494d37804b8ca9a4618
SHA256 5eed7b5abb14388d8e28c19bca0f16ccb21c63d27d7332f31b28723779b379a5
SHA512 d26cd0e1e851c77d207fa55b8c75452a0520d8f40eacfbcc70b297b6f31ceff7d8799a7acb9b75d3532b9a6b7550dfc1ad9f330ddd57e9d05f262c7471af79f2

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 8dbc4375ff3c274acdd3d508e3ae79c0
SHA1 49191bc32fe29fac9ad70f1f977da09e05667626
SHA256 476e1d62a1b86daba46ae09fd3c1eaba2e72f2b865818213db1bdd34e46c301c
SHA512 115c3e1fc9ff8b6e4334bcd2aec6743a40fbf784dc565c18dcbd613d4872a20af48e1dfe53eb82714477d9651403bc299adcd1356302eb06ee79cb897ab3444b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 71ae33744bb4972765e47d3030d4a9b7
SHA1 1f8c59006cd93e3899e31650b944555b96203637
SHA256 fd2b083c976266653355b5de10ba188426d3339304fb1a3ff03bf3131c1934d4
SHA512 2dc868817baeef9d6c538bf253d3eedcbd46ab69ecf83a0387260cac0d462cc46df3bb8913ba2ff5aef2edd184e322d7887f5b55f6ae93a68364cb05d2823f58

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 47b60dc470209ab46765eeab47b17d44
SHA1 5f49bda9ebf107a2d853e0ad4c07669b06d5147a
SHA256 7b9910175f0192f7dc51382511d5b207bf41378dac9f60cf2a50888e7452527e
SHA512 266bbe62e3ba57f15d28d46ab0a221a03dd2ce1c9bba01615eb1a1130707474fd5f0c7cb1832878c59ce6870332280843c1348265d353c54e36786eb09d17fda

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a8ccb0e423418a8cd0cfa6ba58c07d8a
SHA1 c1ebc6be5df198f457fc906909af6e38d552d576
SHA256 f657db21c5a086a84f6370efaaba34450d500d68b45d40a332bed5c2ce8a1adf
SHA512 6a5351ce228da8c6a54d0f1a017c1be9febbac9d9baf52ff1510c1f740c673c6d60373ae4a3d86af4124a6612ea842038ae0cb4243afea97400410d56e3b58ed

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 5cbefd520ae19bd78b56bf4d719ad4ba
SHA1 f46cc07efe948701cb3301afeaa304adaefcda9e
SHA256 003ff199d99ab99e541001c65444835515d7dcb71c84d1c68743b9770623970f
SHA512 bce3de57beb78834d215d1734d11b876f982921d3becb7ff9a1e9c840123bc0dd961d4a39dabff4831955220950480eb426722267aef6227386a1c7254685248

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 80c14807f00e7a9a6a11aa12ab7a6752
SHA1 adf6d0ce1a9d9880ec671c78409b6b9150686d6a
SHA256 8ce48b0769b23b0bf9178578bfbf20ed2ae73d7d8e9c0ee000ee7d2c7ea38eca
SHA512 ab0b8e21bc9737a8395ddd1f7b34f4c6607625ca3ee0c2deda5812a9de959f2cffed497baae60ad6936e639f4574db6c052daf0e17a308dec90041a2b9680822

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 b143ecd708546aa4aae177a3094f5e2f
SHA1 8a044bb6b488d369a74cfdcb552d2a4ce36cd290
SHA256 9aecc5ee1fd6c4c99a2f242115e1cd902048756dd539a92041fbe487b8c5f929
SHA512 17d3c9e572d2ca27b46c365222acd0135b43a6217c91e6427b96032ccfc063a676ab9935e0d41e346afe125f6abca526ea67b126b387c7c811da6d06dc778096

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 5aacce6448aa0e03161c036f640c34f9
SHA1 0c99f22248efc8671201d13b4c7e81f2dadb233c
SHA256 8450b4f7f2c59672d12ba5f41a2d6db80a5c7b78749f232f5dbf0999f9289230
SHA512 e5cd6274724adbe809af9fe403e11f0431f7029435a26e3a4e368a0a99eb8eef86848ff5a76c620d18a9023cb61dcaea9446c2c0fb4c2de88ec76dcde54063e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d68cf07e98554d342215143cc997d401
SHA1 7515d7bf764530504c36dda7929d233fa9961e7f
SHA256 cf4fc1c5acfb79f3c1fd2e16229868c2e0ef770eeee1955639684faded5f0a87
SHA512 87d1506331757eee0b58dd590588473fa3b1b8b48966be7f6b963adc0a49ad301583df7e6fb44942d7b4f9a33fe93ba3affb5046502ae6ff15dc5440f76d5253

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 8465df095ce747710b477cb8f4e2e2dd
SHA1 7eea55ba59f11e8f0bc86991b4299ba626ec793a
SHA256 e412f60b94de3ace88b254f07174088014dc5114ba793aa548acd597a251a723
SHA512 401707e4a6a79dbdaabc65619436e17111522ebaf0fdd7b549ad7145ad3945a320748e61cda0b69b808252e43600f930d20eb4bc267e9cb0f920778e79decb50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e457548ba93a0ab0b22113e325f1bc7f
SHA1 86c62dce21703445925f9092a50c8770294a1e04
SHA256 2698195bcf5f82d6e42ae8e2afc3b4aa762f6adb3c551dc48c7c3b5ec37c13a1
SHA512 e29c60ad909cb92518753b8acc05e44b28882d23163bea246fa8bff694ede54498d474f128edc2b990abd1affe1a63a23f49432631d20a3b4dae8929f6b16b28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 09d99c99133c57cab046edf97180bb52
SHA1 7bd769a0c2d03012a720f4585882ba02316af3f5
SHA256 81b39d46f5ae231efe8c3c369047a5c3a3f23eca8d736dec25e0cce4ccee43ed
SHA512 18f3e91854532f05b01418f0bef845cd2076e6aad48471f2b99fd277d5116e50adfb9ddfd8f1ca33685cdd93790aa2add46598f6f1525fcf0b636378187fdbb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 7e5ac4573f6cbca5e5e5b430a9b04b41
SHA1 fa5fe17e09032bc4cc9fffe9e3006262e5249f3e
SHA256 8f17f9dc855a5ef3a67c798b12b523947b31ad5c4a281cbed00f10778caaa57f
SHA512 eea780776d72ae6ba49282bfb067db521482ff128d13b46e55d20d4998a1fa7640c7c6522ee9d446c1967e612631e5fe0174681a919f83ee41d9cf94e48a5be3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 bb4161c097afc4d951bdab3afbdb86cd
SHA1 a4aa42e5dd5fa0508c1bdf3ac008fc9deb81ca09
SHA256 257ebdc9dc640089b53a8fabeab91fad000d4dc231a01fc11b9df10d05c6f888
SHA512 d2c3049fd867552df833cbf52e98ee1b154c1b5a8183378756d20517797edfefb64e43141ed23d696bd3ca7eb135cc7f00dc64824d6d121d66901a33f5b2b961

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 3266f29dcf214b348038489ebe65152a
SHA1 9f873a2a32123d0a590a834e360cc0781d1bc619
SHA256 128f65cf7250cefccaf40e121a00785dc31fd4bc1a04e854161c11f4a125138f
SHA512 2b8d2907427d7f49c0a5126b419e75dbd6234b3a11549b0e33d67292493ebc0563071fe1260f91cfc6da9dfa4e99e24cb6a5d81fa6abe2e1af71fadc881da8ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 9aab360e5393485f0f1694e2503f9b95
SHA1 17908ded0f3a55a7bc92466048ef52f49f3161f2
SHA256 5a7ecf42c751d55792cccbb74625c2a5b2f568e7649d1853147bb01247bc40b8
SHA512 e46c84aff7428d2ceee0ee4161cc4de35b2c00fe9879ae2185807a10029ff889b59bd0089b433998e40c00270a917fca2c6a1c642c05726af50e82ee6582b39e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 7f14139c6d6ac8905776bee73d0d9b25
SHA1 b7584e332fc68225e51e1d470e0d6223be8c6c39
SHA256 c6e03dbd5279e75cc13e1f260ae0397e20a6dc148ea8548e031aabec9554840a
SHA512 1646629afd31e43bac988fef55b51b797eeaf89e81c226704906bfeb417fef82f3c87fc6f0be828f8b77f8e3a5d85bd4361cc9874687f43521f0c2cf90e40b59

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 9b9e9ef9cbcfe6828fb9ff711ac159b9
SHA1 903164214a4da3155bd01a552fb3a84dc5c7cac6
SHA256 7a6d48feea2a40d0e5e58bbccec47a98c4de80817f29d442cf79593b3186f2a6
SHA512 acbebad9b0b1351ca6f97322d64c6408bad2e09fbf74bf2379e6790a37f05e0f71d68f1e051d22388f388d321f6945df4619ffe095935a4170965742ef016f23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 12f3f0cc9a750eb1935c0c69e2584530
SHA1 e0fc99217d3c59b37e844739c7d9fae67c00fad7
SHA256 cce94e09679eadfcd24a37d4bc7bf4bc7c33d086f59f52d2628f53b511a24394
SHA512 32a6950184bc578d5b15b6e737221a3f5b7682b4be857defb554aeaad43d2f2e3016c56b8bebc8c14dec339feeb7ec0093bb8f99365e08467b955b8d73a7f32d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 8d2e8ebaf396c3594b530380a7444afc
SHA1 7cbfe3eeb3f682ca8e410511308439ef31e8cbc8
SHA256 661e9e43e792420eca7cdbd60eb3def472083007c4d038b93c2584515d8f6b09
SHA512 b286aabab6dcc8230816a15e1af9c0f387a4b787e9f5dbc2798979e1c1d237cb5295c71938d9a5faecb4dc3ee1c1ec13085b96f0cdbb0bb1df4582002283ef8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d91b3890432e942329ac882944e443ee
SHA1 f1df326bc8fb16393867f71c2db7f9256e1a6d4f
SHA256 89562d8866b76dc8daac97a4b0069ecd11e5e5cfcdb3846d809255a27c712df7
SHA512 63c62951eba7f7a624b4afaa5f9e80e50ed33e8cd4d6975e820e174936f186ec939a9c200fbcef383fadbdbd2c16bfb9cf9ab5db2015415a6c484b365ea3c379

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 94afbe8c322659df03b10db5ff2f222e
SHA1 87541929bdc6813d5bdcb182b9d4d2aefa61a678
SHA256 6ebfb9d0db2df410ac1f43a63e155f6b0824ec852ba144d0e13dfa49d20b5afc
SHA512 1eda6016a2f95eb1aea9bc9aac9b8411876ee3559be43bb474c2404e76568c5fea9bf9bc86ad7d9efe05b941825c662c95de67997336c5c526d536bf8ac9c39d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 3eec41283855438a51f26a46a0ad574e
SHA1 6b22030bfc809d51fdf74bec896d0ae4903b08cc
SHA256 9c4a414931f87a10bf51ef154f032f5c96dce0d3f7dda5d5611f71c002b9c322
SHA512 31d2a4a756a0a8ef8376063d4569d4c2a3b1afb4c21aa7e6627f4307b39d31439e018e57abf5a8060794183f2124dd5a3d958a9471408254d9c1c4165673c07a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 139fb0ffdbb482998c524cccbd97e533
SHA1 a9fd2b8de7040d2f07e6c0808c2e9a9ba1cc2831
SHA256 a55baa64dada84d9ec833abe3b5923d88c14950c988c6a36d9673dcdd4ab6a7d
SHA512 94d8de8ac171f7751a0e7465c91afa1b1e906cf750bb5cd77b6210d473c96624b40c78a9e9f4e9b5a406e0eeba90a35a90e26db618429089d577e6ea400f1956

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b1608e33dcd496a34dcac87783404fff
SHA1 c578099658061ca335c33e0d16949c75a5b4c63b
SHA256 f00ff5326373077dae486d2a7e5ccb395f259d8b9ded660b77c5ec017b533d0c
SHA512 91fc072c004f3bd596835af0c52cd9001cf15f630f7ebe6148ccd09fcc8c30685c1ff48e69285e61974ebfd4b1884ecb3ac054c7afbac91735fac0a828f0a02f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 e3c2fc6162e16975573891580fc0952c
SHA1 75ffc4ae35f96a1d4ab2db0ddc17b7ec555aba99
SHA256 6fa29381836f8123664497e684a79a6db8269576bd2cad5efefd166fb5464618
SHA512 9c4a7a512cdc13f7aff12321ac7b9b7681bf20a3d36076e1aa412fad599250e86d18574e62168d5c490cebaa58cc4141bd3ca99989e4552c094e7cd803972719

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f25ee19ee40c14224d10570199ef16d6
SHA1 27c1e3c2e2fd5faf7537bb689c8ca1e7d184dcb0
SHA256 c5a68fb22317ebc0291c0195b491537a297b8969468a9285d5eae30b57f9ec3a
SHA512 1af7964c6216217d45aa0efcb3b1078c84c2f853eb4bc254ca8b00fa1a493c84b8b6e2a4419f2a9017bc67102320636ff3bdbb2aa3ee42bfeb8ef5da814307b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 33594c682cca34b9bd295d38697ad428
SHA1 74cb160b707daec73ef58a8ee2f1d7e9513bbd01
SHA256 b64526a69548f5ee5a18f1c88fdcc4edbaa0e4c11fde12caba601f766660d8b4
SHA512 832c2233c3ccb4b494335b2c8f4984be8b92e2dccde547111b3d01519b260123f4249e9bddaa1e099eeb813814c010c06318cac6efb362755ffe6252f22f55c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 5853cd39d2bac24675ba6ca3c8c65892
SHA1 2e4565014f8efabb5bcd12154cae91011f2c4de1
SHA256 d46e755c5901a952e4719144392ea0c3eb0ea14797a1d86dd706af26625191cf
SHA512 567b877eb3e982f0ad08449d769d5afdac5dd95838087b680ae4e939af77621e6b5be244a31a21b1ed36478e2fcfb6adb289f37e42a5c8ea427c535f1889ca25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 df7c96008e228a9abe902f7591094f9c
SHA1 809d10419b89395091b2078667bc94c1dcbc39b1
SHA256 a9e55f6cf8755fe789f82c3c6f658713ceeae1063d897c6db7e17477ac767cd8
SHA512 ddf7f188a8c9112fb2c5da27639410712edb57aa351afecf50e0b36228941890a6b51475a243e54d008480dd7119b3a856f9a5e6cbe9d7e55a61f1a5358cfc33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 9bd4c38528840840ac72a6bd67f42b76
SHA1 deb25bbd232394be1c02a9601a63c56737208c32
SHA256 0c091f8f517b57e1cda00b781287a273af6d841229a78913793796fed7e387a6
SHA512 42c64d09c0a03f4cc14a7c105d3c71a8afbd34e4aba82c1bb621fc90656ec01c3cf8700708f7450db98ae0d2194be29d81322965f3c1d721b22805d201c3d771

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 e9c193ad84d78aa05aae6c17faf58ef0
SHA1 df3abfb09dbcadd715f64109e0d67a6ad77a1aef
SHA256 cc58be3a0a518fd335ee28ec751c0ee70c201b7236489c87055c37db8e7834c9
SHA512 36ff416511d9fedea2237e026041f1fc241323b6ef2078e2b9c0dc239e229074d0dab8eafb8a009f30d2727ef541c0baed915880f9cc48fb538f751514685a99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 21eb86232fedca29ab770de009104f54
SHA1 9b8bec6d65e8a9eea8669baf18033f9eba72b686
SHA256 e91dff8dd44f32f61c77fb7ffd132d22f2cd38c8b83d1b9aea04324ffb7ee586
SHA512 6c34f539fe586e96801fe76d7fb55e07e86fbf5ea9fc551143e01c1014e1f61e77e24b8241e3051967b196a2a35dc04372848e6763324640fd28bf9dbaf934c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 6a85a93d2e3c2e5a0c4c9aa0847b3536
SHA1 6f3ee2600f392f90c1fb3058e671fe67956cf265
SHA256 0456ef4ab5fe68b923c061c58ce0f9d89fbe0b77040a57c5a3e177c7355b05e4
SHA512 93c33765ea099d7f54e701efe491b908bddd687b62ca5e78ff7d0c87623eb65a2f2fc513b82d1e47cb4ce6fc5c97efbc28fab241c0e8096af680fd3543546cae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 e745c79c03d1801654f4a50eb83b44f9
SHA1 0ecf5bc52490681268aa0f5db06d318850ecce84
SHA256 6c32fca895b9160695aa78766c22896e8993461731f5f27cef87119776634a13
SHA512 a3bae58958cadfd9ffc5e03f07978c750b5e223a0610cd97f67b166c9d91dfef0a33d8a8a6b6a33417c6bc95d65b77d3818e9ceaf94edea8a7296113bdf75e53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 4a8efbead878a5c9c7b2ffa617bc694d
SHA1 440bd3691348f1cc04f0f8da7076c352112d8632
SHA256 2f7ca8c65414cc3f75adfbda7ee8a39cf2c1e9c0ab140c81abad50f3fd8d55b8
SHA512 e4c8f53eb54956fc0112b405e0e8479f4619feef9a373269a167be1ff58ff7aa713899296f651b16a401dc7ca2f0ae8a6bb31811fac0d7fad15663a599901ec6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 d4b63d898eda119502afe3f62a6fd301
SHA1 58fd300f0735251ae247f905c13983cc9769b507
SHA256 66a584a80be5e81b44b8762d87a69e82ad85517a8a48dbf3193f75d6a6f05011
SHA512 831c3c2966634dd7e37d2479431634be056113cea1910c9b79bce927b4c537c07b8c051ffbf2a3e2e75a69835a5164a97163d4301e7ec75f3eb67f7eaa57e20f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 db08b6833174ebf6accad7dbc3c3c2de
SHA1 5a81ccfe8838b38f474eeb3b8700c8a515565621
SHA256 26fe4165f47e0a6782e7bb87c77a4a95b59aeef0a6c9100678182c3fae248bc2
SHA512 6417c6cdcaafcd0a9f158c3a3f465e2dd70d6b659ac669c00d3132d0b3cdc0350540145d9a0ea14c13d6db4bdafb20633d16a679cacd1c2ae5a9b40c8894eabe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c3c9cf44323ac37770759d3f883c8870
SHA1 ae68c70885eb3f78bd4bf573b024bfe424ad7ac3
SHA256 875a0ccb6f9730ae2310bb599d1854175539199f2a31754bb7688a32f7d82562
SHA512 dd5dc369f0ee147426496e83d2c21013f2c93eeaa450d46101b0ca46f2410a7c90ea18cdae2fac31c5ab66f339b107aff2d0a275db6fdfe522e5518d8ffa9b31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 1822f35a77567f11065374125e698b7c
SHA1 664af3c02dc260f8cff3238982e3796b059da461
SHA256 5cb89b6ad712588aae9ef76e7802d98c9db290b04117734404f361fe14753a2d
SHA512 5385b95482c6dfa5fbfc9a7ab193d8d5fa551f48089587b42dd68a9a777b05be2acd11ab9a15603e8e2946cccb3db889170401031d72839b30ab1e098ddbbcd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 320802353b26e92bea04bf639daf277e
SHA1 e53c0d135488cde7e82e060ea4f85515877c42c1
SHA256 f4acb90c56512adb4109ae8c4a41d0da40f2d4421cb1dc7e130c96cb73818b86
SHA512 7d7b2d5391b69fac9f9703eed142197d656db0666cb9019ef1ac584174e14329321bdfc676cd7e4088e436e1450bcca6993f1642639a31ed5faaae635318b0c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 71b9094397343241ee68241f4c28b268
SHA1 f50996d3e88d0fe900b1c653057881dd8be2d707
SHA256 22e416403acf8a66b6235bbdfd6b7632c5ed7d8a2a9224ef27bf25ed4e9fa86a
SHA512 cc70b8275583fdc4804f3574937cf242024b1b523051606a8208a8ad1abca413ef51a4a6ae5b49d6535e187a40ca25a338478132c86d1557da4ce13a9de3329f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 de70c6061df73b5b9f3ca34ae7bb76a4
SHA1 ed1b800bba0c1400a6d072f64f35d912a0009f3d
SHA256 8249e8eb042fc83a3068a46bd7083dddeb0e0dedb6c69fa42853552d5a44a2ad
SHA512 0a80fc66d94f490175d72a5444d5c08307953f24fb7753f44b4437b13db4cff1b392b0cc7d149e5a402780c43afc859cbd3d31b9a075b46e38e8b33787ea52a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 f7f2cd392892f347e59cc0940efa48e8
SHA1 5dcf38326c61921db00f0e1f129162f6090777ea
SHA256 0ea0fe655cdcf498763e8c645359ffd0a214b4ebc9e263743679d39518eb28b1
SHA512 42e3f00981c69ccbbd2f5a9b0cbf3dedbf613c70f8f108d158aabaf75955593ca0d5594c8621df05c3254c58ab1d107888f8b75f8c58bb1e912937862b4da84c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0bbe0753006b1b138b7b7d9d4be1a7b6
SHA1 6424ae7b835e8e180da0bdd633fff8f2917fe588
SHA256 61c89f5ff9e4470da72df5f7e263c85e9f860e2bff52361c007d585c6525e014
SHA512 ce10492d92cc0736ea516de49ca452fa58a88d9f98568fb805307af15ae46f042b34b234d7c34ec1d33ce693a8a6bb6f6fe109963aab602d0972ffff6add1379

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 cebbbbc01edf68190556e7e3772f9649
SHA1 6348bb74fbd93881cf668525c8c0037aea8b6aaa
SHA256 7c8a9b8084889af79cbf56f6927613ce9ec20c07f74d2bf222ee916217a733f4
SHA512 9d0fd629486fe959c505762341d2712f31bee482b3f37ebd84fa30b38ebf75b590e4ef0a2a936c07c2c2fb34088f6a677faead1bd2108d46adc5ce19d34053dc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

MD5 060e750916f3097543a2439da15d3de7
SHA1 2f1d458045178fbf8c050e4b1d2651be668b445f
SHA256 9361beb4affa9e86185736c2577c76951d41afaa0506b4fb5f7d6987aca2f117
SHA512 ff46b5187c45162759f818fe6367cccb156a54ab5e77bbc5807e3ceb6630374cb91b4198cc3702119e5aaa765481cf89f5f6718679e401e022f3190fefa5910c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

MD5 23851e010b323811ff1cbaba5a1bea79
SHA1 d969e0816c27539cfa09085b6b9f8a7b7be419ae
SHA256 b1e8e4579e530e01e1c5ef0f516dda21d81140579d4670558dd12e84aa5655e9
SHA512 f3ca19dac118b230706f4f36b3a8103f609bc293e15243ffb63ec3eb057b21cc0ebb61b406e58d222041fe8450cffb400b1dfc5ec9ec93bc3843a5e4411e55e0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

MD5 6f3b0a7e4ab45c809c49d237be9fa3d7
SHA1 8a449718b6513a0e6821f94c339ab63406040d40
SHA256 0babb269831021be084c170457d61f622d743faca4fbd93369520df011810d3c
SHA512 8fba49fbd73b7c800742cb5e33da3b0dbc0e43a4547385ff359b6136485c46792d9ebdac77be1d28149326485c1e8d2d983eeffa9a7e6b269e94f7cd636b542e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665714398674.txt

MD5 0d19622f24bd66366f414c72da62afef
SHA1 99b6c9b87ca8b92ad0497726f7ac033b957a0f3c
SHA256 9d87c43873edebf49369b1336bd6a07d73803da47559d5b8caa9d0b4df84c93d
SHA512 87721f1d8e577da951e03c9caa3e44c8115f69335bbbe0a3da31c13f02ca0e6b3d79ab9f47ae124099c8989e428e80eaf6b7467d5fe643257eee2a93bd4de1b6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 bff61b43f5e8515f666a3a81f6b98311
SHA1 973e9e867e34d0ae7a50f1d9356016f6543abd0c
SHA256 a5221e8e4283e8b138d13fa262380818760274a524435a863b3d838653d3b6eb
SHA512 8d31fa13bfbc56e3731bf1210656d6f49c74c01e0c1f7efb804fe45e4617199e2e1a16cfbbcfc99d58d0d2f7809fb0fabeb5a632cd08512bb393a15333e8774b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

MD5 4f4364077ee37d91cf0c8f77229327b5
SHA1 65631d1d03860e32067c35b4dc8462044c56e9ba
SHA256 61accca7447df485ecca9dd5957d0e8b49ab204c8639a2d6c0bcf75e74b1ba61
SHA512 828659e1108c09db49a15b036ab562b482f652a09051c13ebf73011209f51c1ca553436ba8d567d6462cf16a61856818f0da2184317b71e7f153a281a4d19416

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 8b41d711a76941fa28177eeb5d3c2f4a
SHA1 9ae55f52eecaf4c4e4c8a46103dd8aa957f5389c
SHA256 65dc85676f731bd8133d2bed66fd196b5944b9623e46e46375b666cd53e3e161
SHA512 9f599cbf20f6b5df804d0bc28381cd08b30f8128e184b6681ff3691baa7ba7a422907fab641e993abc14a80914d811db58572f0fd80ace7e141ab5397bab1f8b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 af2881ce84476e13ffe98bb410ac8a62
SHA1 c07ad8f74b89b5cdddb3455694f3c61d533a05bc
SHA256 c24be7a6f41cf4bfd840a001005251e6f58e93233cdd9759dbebcbeebd7dcbc9
SHA512 d1a7fcc1edd65550173b631c3cb930017dcc693305c5abed3288fa7aaa323d6837258a1667db507f0f67fc12809c38912cb3d102160cc78af2cc0ae9da733b61

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ab6e164b141f0067ede111150147fe48
SHA1 93e997710902083ab9e80a634e9ff45c32a59109
SHA256 94103fa56f49515908bd436aa1ef0fa545d4a0a6642336f23b588b675fd784a6
SHA512 00914bfceaf9ef5e1c89161e1ce8953168329aba95b2d3e7b55c1fe822468dc935cc296b09408ae88696ffa241e0931948653d0b5f8ace088effc6e3793d0727

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 b3cfa311f10bba5769c1637cdfd6a058
SHA1 f12777d8e2cbcb8572afdc62be52415380738cac
SHA256 8c9f6598f2ca76713924a3a3f9850457faac138b5d8f1be96b15081e89dedfa5
SHA512 cee60f7b0a4f052b982fc686e6e4784da21eb56cc91f75a6342ae5bb00d2643b9a771268b33b3bf7031aa183c3574e5edbdb2282c074cfed3c310d70e296e6bf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8c0802e3e077b82bc6938c5f150bc445
SHA1 2ea910f95c70f81530945c4788a933edd1acb119
SHA256 a5bcc746caa5e07f2582121eef48a67278cbde3074880aa4ac094e13f6b02a03
SHA512 0ca130bfe5abb1e41f8f8c659a5e5a4c8eb1ee070ea96351f8892cc2836f58473ef2be8d3940b150b019b53219983a80486f55fb79c02a8a965e2ad7a42f9350

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0409e995b527ba74673d393e2996e6b2
SHA1 c2bde88beba536a4ef2e2b892f5c952969065f76
SHA256 e6d5418e3ad983ce580c7a21d28b391671e1a6e59defe79fa38fa2a896c70b87
SHA512 0729aebf45ca42721b17967aa8249ff228bd837121f8c0d9d74b26507a18fd2f4861b78ac5d065e0635d6a073951feb0b99c1c04b2a36601adac51dc50fb8a82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 237fe1b770f2d8ca11f2dc71a9765d21
SHA1 9143380cb1c2be274869d5a65b34f57456398e82
SHA256 49cfabd73923067b2270893d282299757ee366ed1118699ea9fe5d4bd0e22595
SHA512 c7a6ae832248bf722c198de196a55ab94f72a03aa5958fdc915dbe29928d371521559fd3bb359ca2f30555c9a7508bc87ca5bb51b870e4bf2b96241b38becd96

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 64c69bce1f01f617aa86f3a71912dd8b
SHA1 d8d2f6deae934367daf034b6c5936bc1d025fffe
SHA256 cde373ec91341cf167ed0c7663605fcbde03722e949d1e74c9df94b4df9df2a4
SHA512 bc5f241aeccfd9127f3fc40dbfe36d73416de87bb40cf7c62e41430a6dea0c95f727f5c144ca9e17e26476368e3b576a557296667f8ce073743b230e801c4530

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 3a1aab894e40c82f6e9bab34ee74b2db
SHA1 9ee1de63a81374078c9c6909913f65eb7c632207
SHA256 0e74c9db8608e069f09a32b42ed785938cdd260e396f91cf6a8e7ec71b315c23
SHA512 a81d85e202f0b1aa431c883f159ca31a9e53071d3ac8bb48c6b58f140001e205611e803373da68d9332ca8b0ae72e8af79a6e407b75d4a0706cb25cba0f6e44c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 43efde16d237ae0984ca17d70a4502d6
SHA1 12c40a27ede36ba0c8def2a9addf14d163cfb372
SHA256 3f4d1750de790345bcff0307b7a9e03f8da9cc67b64fc6a66a972aa8a074d56c
SHA512 d88ae318b5f972d34773bc0c76dc5f403612723b4ea06e4498225ccfb3fa6cfe30d50211226d0a219d202fb892ea4e2bb9456420432602a4e6f8999d14682e03

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4f20923fe9b04f2cb1aa8cb3b348ec31
SHA1 c93cb5e3829c618b45bf1386d9945aa5ecd503ae
SHA256 b679e3b39093fc9f755d7acd5fc312e6e1a3059d9e66ab903ecc5d5e7b1dadc7
SHA512 1094d5e17c62763d6ed5cdf448d0272d9681f5814b82cc8809ef10c7ff954e42bbc511131feb0b3a4e99ef42d20e664b5620a6ae279ce9b331e1dc687e05a784

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 34da1c6b9491df0e52ab0d6d1748c927
SHA1 10f314f989ade8ab791cb41f516306bebcf3e4c9
SHA256 72a01931bd70a45e9e8d9e03bb46f0cf1a65f33ab9bc024eddd7cf736e71e01c
SHA512 abc019fd958b10cae9630de1b395fee4239ccb800ac0a108ad6339610f9e53ebfa07572d05a2d9a24a3b8c4a0400444bf40a675653843a0d836e30ba135f4416

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 03d7778de012f6307aab2cea89b448f1
SHA1 7678789984c16eae5886da44c1fc2752f2a8ee85
SHA256 26388886b8ce98c3ee53a71c7e907e6224e5e074263606dfa410f9f9eb8fc1fe
SHA512 012512a1ac1ecf5b32abef78b23c23994e736de27ac8fd47ca76d9e0ac1173cb1663425edfe8cc120b6d43a315de846c1c94511e2a3fce482cb1a25f71743419

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 41fcea8975fd581689995e9b3105960b
SHA1 f44e028efd65a725e6190ecd46b13a3211c71aa4
SHA256 2e8fa6dab561b00c553912102207e1ffa305fd64cddb64f4ab869c226d085f45
SHA512 cceac1b78dab5f733299cb1d75a7c562755d781d619db078ad77df5d3f43a2414b4140708bed47cc9895b97571506dbd7ca9aebe0c9f13b688660edfe8d5f4d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

MD5 7d24c05f490cd3d8c2b42a17db72136b
SHA1 54cd74b93dff38c3f1796ff2855b159a2403b897
SHA256 4c96bf4355ae5cca7f568a5068340bc86357103cf3c356ff8536194271085b6a
SHA512 0fd995df58de99890b245842efaaa0d757c7003ab5d1ca69f8e3a35c4fb2a04e03a8e25d0c11e84f15f675848ac3e9fb5234c19a655571c7e8cc0c625b6b1dcd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 093fd0c5955d3924011db634f409c7f4
SHA1 c2466197eb671cbca13a39e8a1fb0cc5c88424d2
SHA256 2459a61fed094198efad28aca13c40058f5299c29940b0a90b21a47a0a058f77
SHA512 607d1eaa82c29ed2c7f9eb10eb9ce07ffc54613d0b7ab77a2cba541e5769b761f56181b75f871aec883ba6cff9b205408ad939b0580e12f3714f1962eec5eb5f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 fab5f2ae71fbd2a5872c287ac4d29c8e
SHA1 3885681e58f210828f0045c0cac549aabacbac3f
SHA256 ab19eb708b2e0d30d308a35c3b6e387f334526dd885789ec593792a8128ac315
SHA512 b5dfddd1b71972a84ab461a756dc4007d33d5881f725d8c14d8a79215647e390c73b0f0af04230ba6fc280ec061d70e5046e183abe96854e25c9ff9d967007e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 67517bb60951a9ae3daa0d29c43ec588
SHA1 47d946d88ca5a6bf524bf6c7c00c22c90866177f
SHA256 0e02b4a9dcaef76e16c4687fb9a0f8e6b7b55d1773c396603175ce34a11aeb35
SHA512 091ce15caa2e0f009a17f410d8b8e2db0ea3bc0c76ccd9b67f667cfe372665845846ba282f4f039617a6aac21790bc2998bea3acac7a3b0bfe0c503e27284bbe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 c7921529942cb84535130e12ec904379
SHA1 e7eb805fc286e8234812bb0d7e00648ebf770d74
SHA256 44989e910bcd39794f6f65e7cca0c29e2ca6bd4689676d0c0672cff076b7ae71
SHA512 52f36aace5680c19b47981a6da7bea8026e9e157096981727f996814b0030d7a1671c01b685728f24e059a6e5ddcb27eff608829e1f2aad452636aaaf09b3895

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 9e98cec40f46375b178b1d56623a890e
SHA1 f5a80d07a7257b90c6842beaa0e310643a7e8a0f
SHA256 a766cfa8c1c8d0400d10d26ee1cc346ce69c1d691486909bc79fd85167bf5908
SHA512 e06aa00a4c7000b20a84614ef625bee57cbcd69e4aa4d98d816ee085fa47ec2f90e515120a8e59283b6b528bad9d45b2de17a4442a75147c8f0df87db9b0da81

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 95ea4c6bafcc916c32b8ba073f4bbd9b
SHA1 d65f2c010fe500c23f9a3041a7f5aec675320d46
SHA256 28b39babf917099d37001e2f12179aaca39a432e4d8541f5ae265f26960f6853
SHA512 3c4c3714f6fcad6f7202ed464998bcb590e7b2f457dab15a4f50a116046d0e7940b0ffc6e9ce7b12732cc8be9a1180619939e1fdd0cf4cd5cfc0f61d831ef1d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b128eb6aea3f27d6241217b238aa0a5c
SHA1 b8f18d23bb727026dd8524b4a9a0de693fcd1c25
SHA256 dc84a0639ff9f6b6a19c831d91bfbba413c05026ff7c9903317524bf6f25aa2a
SHA512 273c399af8f0ec2a37f81af02875fa4000800847d83a744f24ab40e5785419aa920b27dcde90e776fb72b22aeba24847e00ae4c3fee31b9681b7a188d4b6b2bd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 837985450c6594278d830232e7f51375
SHA1 c72421371d07d1f298fc04b50fac9749dc876e0a
SHA256 867847dfa4a849d4ea5ccfd12a790463883137d7e37dbc9b82dfe04029cdd763
SHA512 a3bb6237b7da195dc3b8c3409889d24d3966c3a1429af81d425af1d12c28f701e5f5c45f10a17f1b5855a3866c65f975368da98e1f5db71a2f1e74b5ad4d49db

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 6dd066971f271d74ba4a58e1701750e4
SHA1 030023abba882ea80c33e704c87d70dd94ea8ffd
SHA256 4af2b02639ebd19aa7e36ea9a67e42596899ee7f45a9ccdec0c4db78709dd5b7
SHA512 d725f22dcd11964cb950bba890ee62b0f750ed1dca97805ecbae6f780d903565f64eab49ab8ab549874bf98fe30673b01bc4195513ef2d43e042717e9d059107

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 8096b0d2e66f4c25add8b525545392a3
SHA1 3c92e77f9cdf57279570cd69b9c561efa1083299
SHA256 cc789615487c142771c183a389eecdb0a32149f7b0062027ee6762582ec0794b
SHA512 296129012f7065b2e6c2ff7ac99603febc490282d80451ac21831297affaa3d2758946d224fc991cde7ca7502edcc6f9cec2e142b734cbfd0a9779dc3d354f85

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 3f49b89da5fee3e8d67c2780ea468c53
SHA1 ed19183bace43b2936301527c46ade65b384806e
SHA256 4f0678787cf3aaf70859885bf6ef42ff1a6df77ea86342fd197da7714dda12db
SHA512 dcbfc7bae7093f557a0ef08579da54a40afbc578a96dfbd956e8d3fcf519d77aa82bebb044a784e5050dc6bbd43d7e2308227a7a725848553dc072587187e98f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 8f79c94621a8e4a669a7750803b84760
SHA1 b5bcd482376e9c3e4c905e35234980143fae413c
SHA256 a15b5656d17d8f459faa86826e811bfefd049f65e1569776511918800e6e2738
SHA512 db5208f641c1368f17554f64fcbbc52169bf9a7e50d8f0f61b405785d26454d42ed11590b829b3dd35c39717516711d357f0720c9ab4edb660b17e9d423246af

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 76a7fe64495944b8c6e2d8d5fb18cab1
SHA1 6d9a4b33d26abdb8e3cd66955aea3c751d7f3682
SHA256 92e104bc3d98cce209147224747ba9104e0fb7ab06b46c8a24f2da1d57224d25
SHA512 1fc21bd52e168741edab4c690c9c469d0fb8973dd37cd16637f7bb743506b4fb87dc37569b803705cf2ee4e301dc0c3be2ed834a9d317c86230a3a3610b10eb5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 9ee3eec4987ff22401335cc0e933b795
SHA1 a9f0c4e2363810cc9bbb844266c422f1d6f54b64
SHA256 fd3817968d9452138d44b5c12d304da21b4de2adb372b39a879f32c175155b38
SHA512 33e4456683ababb04585fb41d8022de2424eccfdbe2ebbe8d8e2df7e06f9f89a37d826d0a9cc409b080747e412bbf5b90dc6559791824efe8110cf5b4c97e000

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 f86b4f06406c66d1034c95093cc56be5
SHA1 d68c3726057b7d29769806cb38f5e704c1c531a9
SHA256 f2724efe980a037603241bf8cd77e86c36db02a99b2c4e16e64376795617008b
SHA512 903180ae47cc4d80e2a3c1b21f12e0914065efd00798757f774b9ef2dcbe4533f09d210ecce709a40d600e8f88af9061d16d7a26942dbeaa9efc89d6115c24d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 09619644394f237ff9f6b9db36b11ddf
SHA1 6e02f69612b736383eb679054907889565e908d9
SHA256 9c505f5e6d7795094f3309a986271c82aa57041a434ea2f1dbc9a4ffc4eccfae
SHA512 c436c36d57f8df20875658cc8806406c90073214d70d92ce33b37684f6712a63d2d0832d17296971400937c1cf0d189ffb39490409f679573e675084650c78b3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 34a609b3e24a98ace17dbc72b0edb9db
SHA1 f1047b169aee143051a7ec7dbee7d6a94f820c58
SHA256 e4d04a6a8ecd6001a36c4530f27806a39476884ffab24e6546a0a49ecbc39d1c
SHA512 1e5f8568f94fe8c13bf7a7a4218bff2c9b22023f3a3c4b6ad007a7eb576b58aa646e3fd1faebae38314a00969024796db31af79e1739fd608dc5372977fec7f2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 5f72bf4874f7670d261c85458f2eb39b
SHA1 c62bd7cfbc935a724e7a6dc3beadc3063698bfff
SHA256 51f495460d179412e70c76c730884fa7e03216d11d7d8ae205b5718e92d67997
SHA512 4b1b13d1ce71235ddf2fbdb74608dbddb15626bb72e9c34ce7d85d602735a3180d1c87389a36c12e5986b84b5555f9541b864b180e124c881c567688a3758257

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 e36ed447ca9c3ea3935fea7d457504f1
SHA1 db59b1e27196d6c1e5c8ab5205f49775008ce3e0
SHA256 a41c8519cd75652a01e6e114f28b339ed8772d99825910ec385cac967b1e26a8
SHA512 17a7e79f75c68c2c34c540f2e11a5abb523b9b0cf7d6146f4e6bc6e3a26d95588ed54d3ee7acae821620f2251867483211f0475ada7ca329d6d57c5fe7d8dd34

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 c661da98c56158c120728e2634ad7fa4
SHA1 71b528736fd6bf6325c2c918be7717e71054c1f0
SHA256 bf604fdef27f51bef8d5320b514cf7bc4b3c6203cc1907961d0228dcee899634
SHA512 5901590bff8a995997fe06e0f49e5fe55b6ccec551a33efb5836737f01a7a260e97de754afcbcaae139ff5d74d14ce3d65824d35b9e1577eab0810428798e1bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 25ea2729142e325bd4c28f797fe1933c
SHA1 ee79e7652701abb84710989b65a17ed5f3f584bd
SHA256 834045e394cb6f6fbdeb5127dcd4554b5d62ccfc9368c7a590890b2c3aff1b9a
SHA512 2fa17ccf0f3fe9b4060ba46b6db5df7894d70d0509fdda8da2236d8cde2cd174632792a66d8823eb81a5f76ac1e88c633b270de74e82825d7a8cf8c7b7994bf1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 98b3d85aea497b0ecc82094fe208693c
SHA1 6b19f7ac414f0ed36651b921e529b5a46bbab870
SHA256 1312a2561a93d5a360f555db04199e22e419ccb8b3ffc8562434ff08f00139c5
SHA512 db2adddcd47ed57c0fe5b05e78828448cedf92cca40c165a2bf57de687702eff73f0e934e6ad115d75653fc5a9a993bb61fde23f6330f90eff99e8c28a51bc51

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 f0f709d8c9c0c6e9167aa9abbe0e72e5
SHA1 051cde7b3a9cc17edc4775d77b927ff75d75c1da
SHA256 a90d9ce58f7fddb72a0157f1cac4b061c79fc37319557fc6297fb8dcd9da2e92
SHA512 f9c6444d0afb4fcddb7d97ea833c3ac7edb1e6c9d32299d05e5f626641bd1b1f463283f1ff697f9a7f9b7be180e6f8bc1ccee4e0a62b1ae5f0c0aa89983b330e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 5cd5eebc7dd522fa0b7e82d0374a7a5a
SHA1 d96b408af48a9b185f524b1f7e9473c32a141e0a
SHA256 6dabc132edda78f2b59eecd12b0518579d1fa3e5d40b44ff0879601aa91990eb
SHA512 1aa18583ae9a82e38a2dafa05a2fb64065bb5523889bde2e90975412347112282c1b259df2b6d605c8f81082d98d415c61a2062b14dfcfd0d7182b2d62d3a3a1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 0271655c18afc81c1d96c2f8e20947c1
SHA1 9ff9a78128698382bb898374e46d985e0ed15b0d
SHA256 51434494b6d6285a2f2d95cb8cbe3bbbcc0ee2a162b4b0ad7c7c78eb0d1e6128
SHA512 48fc6805511aabe3e9abc87c2203a37f764b589e8cd0f57e9bc5328c1d39f4876364619c87402bca6a5738cb645a0ec27a9f6999cab25844b5f9928e14cffe1c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 0bb65fe3952352f03955c0e6944d7c81
SHA1 496d16d14ea1f7c008fdfcc0f4df2c1b063d8e25
SHA256 996348b58e75e20d42e781481ff6bd9ad82287de9bd573f1cb6340efc919cd50
SHA512 aa06700d6d04c7d2a555b82a4596a4d3aeca125f293d5bf4186cb299351315c273084e0fe427bb5e1973fe7a41a07c9524f038c60a05d3782917ea6937ac2a34

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 e0a2a5376a0bca5421aff45374c2d097
SHA1 394175728c13f313857df260c74e44680b7bb7db
SHA256 9ee7e6d63cf82d4fce5b9d9d0717f5667b62fc683b53b9c325af8dce744ae160
SHA512 ef1d386657be3c2e26459dc4d93428f2774aad94076724f510fc968d98107bc7f6047375ef1790599620b582c28639dd330eabe646a56b7b5b08ec2de1a38734

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 fb67c57b2dfd41420fa7cd31cb0b21bd
SHA1 f4a57b2c95a08f9c5e4435b4a224c47f965c75be
SHA256 c8c83e0e12487194852837db23459f7ccb742f7b2d94cc359bf06e0a1ae05bfd
SHA512 d84b9462f47ebfb860f95bfdccf95c2751adb17d0ff6099f37fb3c11db5373935b0b36a2d56709ac95d3b778e16a43d42bbaebe911c2fd5c7302042609f9ca49

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 126d974f3cd908500891376297d9fc09
SHA1 44427eba006c9ea083b4273463afb6c69594cf1e
SHA256 5e96e426e0c7b42135b6e252e68747d47a7afea8486c9258ae6e2950d7b1bf8a
SHA512 72fc2e559ce53ed62c5f6c5eaef3db08165b5e916f40b475a0d75b7e7179e69c8f959af2aafa4d9e59350124efc1732048e0e0dcc43f22e50a7e0ccf9ad8f123

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 47bfed768c66e24203a613b0f8e58bb0
SHA1 0fc3c0494654b2d60052f88a822f6250b4b692af
SHA256 9a51f5c50fc7650bd7721963591c838179286463cfea2d040393a2e667ae9688
SHA512 99273e5ad40b6832988946e793647ff4bb6d3119c8808c4d125c631ee82faf09eece1a52d17ba4a149708ea31a67d1b54cdb0aad3c669898e6516c992b49c582

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4f645801c394b89394f1a074f3f26a7b
SHA1 ad514ba602c580e5815642e34f81b1854450acd1
SHA256 959c796866a01a8c79b23cbf7bf32e72054601074186cfe0e084ce164fd8d0fc
SHA512 e5beb0a7852d90d9bae1fe037265b879f5f9b32f5a1ec8bab291478985b0a907b71545ba90c8ae0ab4e7aff19f582571936b610efb850dc3799a2ad68e705187

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 7c83919c251d0791fa4dde31c3f0199e
SHA1 cacf55ccb7dab3b45709cda71581cd9a9f496a78
SHA256 ae8a11732fcea1e73cdf5286739b402b5a47b70e74dc704cba313ce86397139e
SHA512 ed3a1794123ce85fcebcab9877de0999214041700bbcc6417e3ede79a29639572d952356be9ec6eb7b36808fd8db5f13944c990909b2104f9cced16181423dff

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 4fb654869926914750533c5f179ce598
SHA1 f7d9a38f64c9e6f703db54c06cb449fe42d4b555
SHA256 baac67108ca5a9a79eccfe21f5e3dd4d90221e72357773c618808d34c2aebcf6
SHA512 efc88f7a068fb2e5bcac7191edfdd3891e39a956db4f0603ae9a578487e7bb918fecbee5edb393937135f57aaa987f9c384c7ab4eb96c333c5fd211f68ca6250

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 93da3630e54eaeaa2dd3bede99ff56ea
SHA1 a26947b1c85e8a4d3553b8c9338637db60d02016
SHA256 163d9d1814ddee6ef5d24006da0e3a6750f5ab545f7b74111cda884aa09fb9bd
SHA512 acd9eb67b3ee964df11461bf8f698d53949986016ce7ba8d07e7ea88c698d6bfa0b7c11c14595efbb2612b6ceb5969a81fd28985579a1bcf9ea63a0036ab1a00

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 32ce64fc620f397591223e774401c69c
SHA1 838283e36110ad4aac848baed193321b5fcb4bd5
SHA256 6625632dcbe2c7295cf8abeb8946853eb3053b33534dbb6dbf765d42633247d2
SHA512 fb12538108d5f1663d6ee3fc225ccbae8143a919fc7acf07f388fef81d912c936e476551743459f3ce2cfb8a0df70979f878dadaa8187d28420fe4d8d567fd69

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 2a6e0b5dd78e4653c56629d62a3599f5
SHA1 2ef87dc4005a8f719c1e3ad6b126bd1bce6d2466
SHA256 e8e0f369091f9b850db14d51a52ece94edd1869a2ca6ebdaea3322070662285f
SHA512 077c7639dc7cb9e9605873ed9b353001cefe96b5805d8814980469a8402f990e44a7c91ceaefd172b3605a507fa2fb014e8b2723f709cd3da7f3ded66db584ee