Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-1snhqs1alk
Target 36fc00a9095273bea40c8154b336a648_JaffaCakes118
SHA256 c6f6e0d1fb9cf86b134e5a273fd852a333885604d9d4ea3a79334e6fb3b45b07
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c6f6e0d1fb9cf86b134e5a273fd852a333885604d9d4ea3a79334e6fb3b45b07

Threat Level: Known bad

The file 36fc00a9095273bea40c8154b336a648_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2190) files with added filename extension

Renames multiple (2214) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 21:54

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 21:54

Reported

2024-10-11 21:57

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe"

Signatures

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4B.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\SEAMARBL.HTM C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SplashScreen.bmp C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_87e73bddb8b5e46a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c828af53234803e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-powercpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e61d5168cebfabdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_899e766051c47661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_it-it_970c208e9f8f3615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..n_service_migplugin_31bf3856ad364e35_6.1.7600.16385_none_5e24e56caba0b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a41e6c19955d892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d4f1b014f6db1cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_auditpolicygpmanagedstubs.interop_31bf3856ad364e35_6.1.7600.16385_none_7dea25c08325286d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_6.1.7601.17514_none_8878ff5a9e1a8a48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-4.htm C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_48b522f56a33d033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_357ae31b3a829900\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_it-it_484a5ac5d5c1ab46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnsv004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_678cdd7af8035f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-_vsavb7rtui_b03f5f7f11d50a3a_6.1.7600.16385_none_24e6a98ae7855ab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Process\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_174810fad121184f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..kitengine.resources_31bf3856ad364e35_8.0.7600.16385_it-it_e7719af82d7dbe6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b1a10c571895f60e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_092d221039709f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ffe3cef97b18e5ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6ddafcf31a29080f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_695e87bc431d5e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnso002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ec6f9ff3cb65d89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-legacyhwui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f36e4f388e096ead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a61728ea1279d393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgl008.inf_31bf3856ad364e35_6.1.7600.16385_none_d0773839df918237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65b0ce353b009c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\DMR_48.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7e74b84fd24bf5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnin004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_caa92d1d6639bfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.grouppolicy.reporting_31bf3856ad364e35_6.1.7601.17514_none_4c14798809666596\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9530cd2e8e5a7fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ation-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9682022dff2e0500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b54c2fe3cb59c96e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b176a691d8ef141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-dll_31bf3856ad364e35_6.1.7600.16385_none_c67449ab74075edd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6b26efe4de8fcb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..s-shellui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_89c12f5f5317f4bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_9edcb4a706944d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.17514_none_0e384c71cee8c9e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_elxstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7366d223bf4b0182\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9710ce79b161a562\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bf035cdfc3da4515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_44c69dc0653f7644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbcir.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2efa34100d05bef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_43da70e526c7c1ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7c10b6792f5a6f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fc1589e2218d0bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wincal-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8a9a3a2e8e288e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnnr002.inf_31bf3856ad364e35_6.1.7600.16385_none_b91afcc7c666b4b2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8998becd52aa9938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.17514_de-de_cdb448a9dd826b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_fdrespub.resources_31bf3856ad364e35_6.1.7600.16385_it-it_41991f13eb65acc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d60f26ec1d0d389e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KDURWVJJQCGUFCX" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe,0" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 1c457787a1c96541945a1359daf94927
SHA1 9bf675bd700951cee6f697f829684502f820d4dc
SHA256 ff9ed5289fda7edea0eb79d67702d2972fd78d57a0b3370b8d43199f056aa221
SHA512 c98a648ece7f5f32dcfcb50cc12817ff7cafa4f82dff1725d5013214754d4f4e1a4e97093eb338388f08653ca6e1bcd3b661f7ba2c472310ca9a6dfd946275b4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b64715eaf974c78d4027ccfbf5a39fc1
SHA1 c41c2b9785788e3882d6e890c1fc9b929d865179
SHA256 620b03e809000a413603ea5af2608c10305e8325563a896ac82e7e2ffd178a4d
SHA512 5b3566c1ef65eff7a6dd639e8ba1c10d9d1b551b55ff234ce18234b52e6a4f268b351aca3460a3a6e2e08a76603d48b31905344aab66f8ecf0f3b1d70ad9538f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 22f5f667f611b2ad609fb214e53e32ad
SHA1 4364fb68f1a080c23efe500ca89e51569f8f149e
SHA256 08946abab55b19d5ec36e5a08fb81e450729620918021e29b4b7e3f0ff6f4577
SHA512 f232daaad99934dcc2270c0e0ed2b8c21715529d6757ef4165a5796234784c0c278790a7eb776d28fb205b6b6bef3276d04237130bce88aa576c31700ffcb394

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 65685a90c38804d12aca42baaee614cb
SHA1 30a0074a7432e14c4f9a23f09b4a3d702346db19
SHA256 86776c7ee46af38250e726c47ea4f93268ac09a48a4a2d2b45f37d1367e44dc4
SHA512 26c0f86ff3916f299d2346c5dec6aa74be6553bfb2fa52298c6b3e139ac9f942545a4c57d45d8509d1a8a6df72a9e789058f5d9e1fa58591c09d423924191f51

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 78e38d4753db1f5a3fb6013b1974f9cf
SHA1 1655134640d8c2d37965fa47cc57858b3b6b1352
SHA256 02f6a7d777b78a41c8d2bec0a254815de097824050f68d868397801eb3bc7ba8
SHA512 d911cdcbc6dfb2c8beae29b8b2437373c51f4445ad22a3e9801dd7e83c5c7d01005ed6d717394c3a1e5a98c961ea03d8b8170ed812c0229b4e3bc4776b360e12

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 bf61a340f7cc162ebdc7410a1170bdb4
SHA1 1cde9aaff2faf70628b4eec3b6ac1cc76b4c7645
SHA256 030374f0b72f39939ce85292109fa3b58d173f0afa76d59702c1fd558d905d35
SHA512 022edfde2aa0b0c959f12a3b3f2c07daa43bc5449a2ebc1a8968f9934263d354d68ab675880bbb56c62b9759847658c94d68068f16f674452454719f8b4d7f7f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b07c67283044d198bd8987dc76f073ce
SHA1 449b6a648b51e642244a3b4e772c6ae5411cf7fb
SHA256 7318f993c8d700fd31ef2a15c505936ba30bbde1c4d905dafb9c877af61e30fd
SHA512 82ad7ad9467b03996f2c42a9334642869e25995bd19d2bbf2b9eabf5d89e573e754d88fbc55673bbbc4dc2eb2a4220e65850059a5c82aea1017e9e4207d61b3b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 3b6e4721fa70610f2b89fbaa1133f2a4
SHA1 a0e864552d1d4fbaf8a0edaf6fcd1330d33b9809
SHA256 a13da031c53ad7857f9f136d380f53e854bb94420cb677e25b2303d6a7c0ad5d
SHA512 e714aae0514ccdbde21e82ab4a799749ad3bc230fca06ce1115f86a0a4094804deb8e9ac701122966f682bd4914bc8365bbebc1c9e57444ecda56682cfc64bec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 7383e6e695ee60b37ff02278de07e202
SHA1 05612061701c7e7193deccf3e7220e2228be3dd3
SHA256 332d66f7e35eab921933f2e06c7a7200ffa4519a5a4f50153e797d571f8e4fa8
SHA512 29940d8729a2a099d64a2666ac98a92e9d88a9667e2f6516ef0fac9205ce6b64e4df38f1108174dd5bb28273faa49cdbb32c257280d2ccba913dd15d71c74a43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 9662a8d1da0b5feadb42268dc728a9f4
SHA1 3c5cc8ed75de990592d311c0737080961b967538
SHA256 e9e1f2415238b6022dca53188db5b0d8f37cf50654d5c551d9cf3614716ca672
SHA512 c061d430f0a91ead23e0a6a2e89511a85987db4681c26607d62d27a938a02a3726287301d4d752600abccd6319f127f74af2443c531ee71fcff6a39c3d7999e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 42f59d27d917a27c63a847d6a0a18bed
SHA1 2b515ff29e25040de0970cb8da5119ed7915ea5c
SHA256 4c835d61a7a102af3d494e1a89a77a5bec91ac0c73003c97a58da90bc2abe5a8
SHA512 719b5a540aca53c3d4df6e5f5d1c08b9fe8e9ec9ae2e5bfcfc6fc4a6aa8fe0406ed7f8e47ee2493a0f26a63d59725b17d503f1ef8dde45e8df54fc2c7e4f9bb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9d7a3c21e86e230aeecb35df8c66904e
SHA1 64183947d67a15581bfaf70519026b3358fb5a28
SHA256 49d2d4397946ce8dd4f35aead5a25e44a368d86aafe361687c9d2fd4dcce6235
SHA512 e0dfac96e145cc5759fbfaa97f10782dc193ebae7996ed147d0f5ef2843d73bb13ca933719db1ff64b3735867432dfc2e49c1661fb7e6ea53b22d126d63cd8b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 4e2549bd3d74e484d5b7452bfde3d736
SHA1 cd9cdeea51a5118031b816dbe436ef26f03527af
SHA256 cc3d5e41cfc3c3fbb77776e0e445bc26786429456f9f240fe643e0be14055cd2
SHA512 25776e3077753424f1670926320e0ee645e768d08742e1edb11ca36e6ec5b667e0f3e99669952be485271ae474dee4b2336505ff647077dd477587c4284e4da2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 5ba07521ae707a57f179bc7bd082ac74
SHA1 53382c6b5e84af3df4767f83f822ec8beb3bb89b
SHA256 a9ede85c45ddaf8d972c075e9eaa65e61074f711a1ef2d46210571ab40f7ea9d
SHA512 9c2a6a563d544c4be8b07127a3b40424cfa5d5556a069b277fe7701000c20143e831daaf328293ac223a69ee8975758dbb6cfd1fc8692199485b4274fc7264ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 08851b2d6cf003ed2a3d8b7fbec93a91
SHA1 3778a27a647800a1a68fab83e1b8371163e9ce58
SHA256 8ad713bbb70301e96dd2c9b1e2545478ed50155ac8e3f1f1bbbd222f559d1f0d
SHA512 fd1a870927b42b7cc96978e5be9b533abb52dab42ccdd281a7b742a8b2d33af3520863a4baf1eb30b968790d4b38666d7b6432a901f1b21f0704df895ccf09fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e95a69dd87ea53565521ada1e1ee0c3e
SHA1 9cc34956c03b610e0b7d1bf134a5c185e949dbde
SHA256 40e87faa26bccabbca108649596b9707e3f31df0a011060ecfc40b7dcc1b3254
SHA512 ce2112532d0ae951d016b4f739448ac71f9a3073d86e336141cf2d1b7d8559ca83fa4cf0c36b24b91bd4649c385f613660cd0288e6563a4090b9a419edd60bfc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 7d120bef82da0f832deb8067c2f2c43c
SHA1 beead598265fb87c322cf46cb3865569f63bcdd2
SHA256 7051c1741d61e9fcbddb2695bab98ba0358db4639d8772e0d29f130948c82f3d
SHA512 5afca9d79076f8dac464537c32aaba546e18823cc2fd456584bf546cfaa21527ea67e350ed4bb26b52d3479d584c01b02321139602cfebc13e78bdc1f1f42786

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 09286d5d16167c53a10b1ecf98fd9dcf
SHA1 fb1cc6f7aab6d5dd6a0eca46d06fece5d3fb0c2b
SHA256 e4dea2c7002d28a2a9c6c392e939089464e1675ea512d7cfcf71007ae50c795c
SHA512 2d226083e758e661996dd47f0ab2f782890d29859c9c228cddaa39989e91d51c4d2b9934947ab00890c9a953b78dbcd42cd0b29735ba1f76ae3e6ee56c7de9c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d0c7fd1f579f850e6e45200cf3d25730
SHA1 a0721b9413b0196269fe76bde73da4ecb8a77e92
SHA256 4deb56f1122c7c238a43615fe794cfa749542ac65a1397bf771f063447dcccda
SHA512 0a0ac0ebce6a481b36ec6a2c771ad882c29a1d1df2e7b5200c97b34e76b404f177efe3ba5f291307b82e6122752a96b139824a7ed4f9937419dd9e57840484bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 5a246ab8cdb64f64ac7db8fda875ea65
SHA1 d908a35035aadb2ec5b676255060b087f654927b
SHA256 6042c10cae581fa498bb0f50c4a351cbabaf905a625f01a99bb96c4d1d567137
SHA512 a7b531b2b6d8216cadc1a3797c19793a36e915f61bb2ff513a67a7bf6675b43888a1a807e35c5bb91e43c3a73710d05b5fed8e4b96283e11843e2ab621b39560

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 fbfd48ae29ba81ded662103d2784eac6
SHA1 7b9328a4a5c9b943d03e1b10077c2f7c3c8aba8a
SHA256 3f17a92bbf4e5672610ddaf95d29351ef5783d85666a6eb07bc120e6306db04c
SHA512 2961bb6e2e8e3a44ea971c24c3c6c96cb18bb4af59e48a087e9ee10f2cb13ec5f8a07dd00430a09a8f842b50f8c68f81d15b0e6ed208e03066cf8814ba4742fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 50493865ef408e8eb4ac37365b9924e4
SHA1 5f0dac6870385fff93673b81cb57e2e589bb2bf2
SHA256 2b0b8b8b08b59391df8874e7a33a0e9316f290679edbf7cbbe1d24a194a6b0fb
SHA512 47cc9505936afeb4bbaa1cf665f6955dc6c409b6fafba40cb842abaacd3577383b5bfe5c5413f76200a1f3da9abd34b68906d04f901763239cf9a441143e45de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 f91343590202ee42fdd541fc0d6582a9
SHA1 9698f7b983ddb9872afed800bf20a9cd9035df58
SHA256 ed1ce2219a31ebfa8c120398aa241ed9cf06d7dbf6b7abb9a573c3a6ae269198
SHA512 29b9b725e4c1c2070921d6b20c212c30b03d99d1d65d7dfd52db20a213bbb53c34f30f6fe1379fe94e12d63be20c5f3fda8ebe637a2897d2af4760103c8982f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f5b2cff6594fa96abc6575102e08375f
SHA1 840da928fbab26266fb683129f2ab8f9b71d4d86
SHA256 bc7946df754d838699e1869ea38d8f31bf97ef3026ce0bb3902141f1b8811564
SHA512 8eee9cba58e2f8b25a274485ce81225bbdb87f1f940006b405c440781c0598f6289a467da76f4a07b73ef2776491ce262e5caa4042867a44a1be19b710303f2d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 5df234a0310f0d28fc134384d6705c50
SHA1 78650b5e08d675bc9bc04019f65013971976289a
SHA256 9b98ddb654a62a6706091bf02a93a8692dfa2938df0a85c8da8db30a547910ba
SHA512 173c77d74ad1ca3e505dccda2633a302406a28437c2f4a34bb9d87381ddd718194f707e1d1c6e3c9519dd42dfa20bfb17b038c09cb3833f8f9f63793fc9d908e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 6268fc852c28dbab7d13296378b8d676
SHA1 d3dd5d51beb73ded956eccf01a03a3f3edc068a3
SHA256 48967c181ac1738dbb1114b8f366fa0779cf4ff594019c1993ee324a7fd9ee88
SHA512 7b3d11d37f62774f28c4909d8a778dd77fb5b469b59736a5e5381acfe16d86fcc3dba981e6d21f936bb00944901f0745f7c3cb06328cb6b0ec0672efe39bb18d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 65f4db49a7ac1135daec2080e7da3410
SHA1 f8f746018afe81654ed058d17744f3bd762176cc
SHA256 2b0746e5cccc1ff566e1143646d505ef92583c84e8a199ad30352d426e2858c6
SHA512 c889b658036bb99bb841ae883479d43d19a8ee5a8405ef3a3f6cab1fe709f5cda9c91a450ad271239d24efe5df720f31ad0e3ea8e684671ac648136e9af98400

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 a4cdf3d1a0183986dfe46b9e405c18e3
SHA1 4a25f34f0cc6708b1efda617ce200701da24932a
SHA256 c3c1b1d062201dda02b3a22e905207dd62bb6e0de354056568e329a0c58d1f77
SHA512 9981dc265de89f6df0f16cc1e43b05409e828bd3868209894a1205062b168e9beac97d95d2243a9e539160d6b696a79cb78a08c38b55773490581e5fce17cac8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 def4537e90738442afcd9f383d081463
SHA1 9523379192b2b53b1760f002a27dd3fff97b4948
SHA256 78ccb9f43dda4b7ee09fc0c28a7636c6b4601629c189465068bc743d1400261c
SHA512 a6dee4c4ab0b70204c18fda76f7da7cd62aa35572aaa3ba3bbecef53e02a632f8d36bbcc550c681c9d809cacb55183959dbed204e2a088fed36d634545e7ee00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 cbe137e46ce6b4220a69426e566643b0
SHA1 888076769e990a8c4a4ddaa2f8baf59f63edabcf
SHA256 e8c45c0ae5571340240f6f8a2916ecdddb28e2a1bda8c1b1d629de1e1ccdba59
SHA512 e69318caa814d69458b934bbd8b8df4d41b59e43122cc0da42522c8f7098ff2f0917cfee5a9ac55da67f2beae8c3526a71fa23b017468133c138d334f2a42e90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 58f21d7087f6696d916d9ff993eaf423
SHA1 62905c597b9f4eec2f43dd6e4c3d580a337d7b50
SHA256 01c6876a1bbc47583894854909f1877488e1bcf8989cbd31da5dddcef7a3fccc
SHA512 bfa719fd676dd0ba8655ad5544b60005e83a3015f2be594a549d7ee61aec851a658272ff47e2a7aab06c6a0737367aa3f00d48de92a310c29c3b6417e54b2b13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 1aed158656f88181359bb154a0674e6c
SHA1 8ff99701602821ced9f0f9e838b33c92cb1cb2a6
SHA256 749908cc995b965e469ba9423ae043ee455c77f4c7b7cbe5df42ab53ac005371
SHA512 c2dfcae59328b1bd232272311efdb1517faa8fd831a052309c61c392207c94866a4efb86df20aac097fbbd3187941da6f9175e3a55767901716f7f698df3dca5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 64194f7da27ddda4fbdde19a03cd4b2f
SHA1 7b6ebac545bdda572b00a6799641c8bc729a991b
SHA256 e2846569d929cbb53ecb48c158a7557dcc025c7114c5934502c836868da854a0
SHA512 5982ffda5f5f33d48a794d83ae5cc58b32d10082f8dd2710731ab0864e16104003e2d6a8f756e0c8b0b14330c526a8679563abc0098abc9577520e638cb17ebb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 43a947364c695ef3a4b9c36644b85d29
SHA1 d677a67ecf0dcf0b505879f7a4da4534ac30144e
SHA256 d45e01cc2307d54dcd4946ee4c612838ff2d96ac51e3a8361967ae1b97cdb093
SHA512 2c62a5026b4d5c12d44fd0c5cf4163aea48bb4a9b1f29ae07edcf1fa05b51de9b01ace5da068310c216eddd098ee05e7d45d236ab4fd791efe8d8749b78ed789

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b6536beb548962f4c6f95fa5d9059caa
SHA1 042423bd4d3727300e436c3cad38822e009fe951
SHA256 2b911d05366ef24f8ed0b6a662f47e3495b90a0383566ecfb6f1f4c02e08de7c
SHA512 901062899a829da991bf17687042e19386888f5dafa7cdeae7221113458022d5628840114dbc921e002ec9afaa568573605489cda714a9b38e1c9c8e18d37cde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 00cb1114838cb5ee34cec8c32e5f8e86
SHA1 c3ffe83784536e7582223afa28086448b5357a43
SHA256 002ae6c591a4c475d0162179a6c328ac6933f1cac179e25c7a63c3702ec5e785
SHA512 b2b50a1ef1777c6ceaf4a6096bb42f0f0bc32ff505122521d387799358ddc86d65ca4b317a1f620edc3a6d2015ce934b7eac05a09baeba70ecc2839d6b772d27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 74f3f0f7b3174f43910733bc75207162
SHA1 66a011ca7a4b4461c75a156f1e93193aabd5c1cd
SHA256 f051b7ea4bdf98e690e4c9d007c2ee672c2184ad3cec1f8fbeafa3a77dd86ab5
SHA512 4487162ebe49638c641558eb4c51a039dbc7d1333b0936655cb4622044ae26f17b4be69df26c93bbef47be45360975fbbc2271fc6ec46ed1a882efc8e2c6db0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 b53459d485b77814a4cb0d5430eb7442
SHA1 04dd66f844664ff98c57771384b6f10ba17769fa
SHA256 642b2bd15e93db93b1e85a892970fe42439f3828072888633592322fa6a70402
SHA512 42b9d1d361b2111b7b83baf7ea67d9e2f38fcd5955eb583916b4c955c36345f957c4637b8608a763f34ff2f63313a9f6cf67e17dedb38dc933f13ca00b2840bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 d25a6e5aef13d5bc514675c56f78e1d9
SHA1 95139b700f691a430ccc3e8e9405522a53b3a19b
SHA256 bc6c6566302f02dc89346b7d5092cc5b7808b30a4dd1c043b1c6006c456b7be6
SHA512 14281f9cd40104cc22bc249f128e5b29ac9a51013604b2ae0921bf2a8baf143ecff74074c278460b64c6177cfaffc49a39f0530eca3e8bd851589e923435f050

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 28de7d67c0c9bd403de895065d3318d4
SHA1 35777f9905f24e74bb4fb946243034554216372e
SHA256 393cb7c35c55f127bf67af8809a358333a7f8a67f157fe0eae1f0d7290dec0e2
SHA512 b6da8dba95eb342a722e4d23d6b4db40600dcc5725b4f27fc83a7d31d094187465ae4772430bff63a03fb42f82e8c77203d9335df79cfa06d750030f59c542b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 11ad25162700a7313ea0d6260a880de8
SHA1 a53c10109cd0055cb74ad289c27420f3152ed6ab
SHA256 c41db38b67270f7f18d380eb96f88389a315409d8c2564212f5699be5d8d105f
SHA512 1743f74d8c824ea35218667a80fc311ef71ac4459ea0b2cc6a64f29a5f31edbaeb5055d5e63e02e66ca0685127c2face7ade6fd501647254e7f7f17969d1ac9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 0801127125fcf5f4be776a0d401bd3b2
SHA1 a9359ab6e8a01110e3f797a23ace267833c67bbe
SHA256 df70f873c4ecb8348b55b2df6215767419e8eda90757379f11d8f9ff00f43e6b
SHA512 0c19a7ba3bf5aa00d1ba4e3f03fba5fed26127c5df407d275f9bb75fee7ee4aea74d583943117d52aa47786fb64c363fad2bcf8aa390da718de5cbb3c93a3653

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 e99567ab4d4b4764539907beeb7cde74
SHA1 7dc9b5240f5a1ae660cffc230d75f83faed24876
SHA256 63a90498682768a6c0764162a0d3cbd3d3fa43cd7ce253dc8b3ab2f562ae9cac
SHA512 db489d7b35e97a333154d24abf1988c18ad8fb8ed63b8634cb4f07793d86b59220efbc76af9cb211b435d29af09fd62205b670edf1e644b24eb7f194c070c5a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e62420ef9ce261aa9fdb087f72ed93b8
SHA1 292b7360052bae93dd2ed19cdb84dffc17dd0949
SHA256 e92bcca88aaa1a3221186e69c8637586ce9e0e1c96efb7153a0a3c63c3a4b9d7
SHA512 40a7759f9d92b54fef7d2fde1a792a582367f1fa56e3e1d5f884cd19408472a64053c1668c24388832bd9c8feea5427b78d4f8acce6f6fc01f8b6ef8df684bba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 082cac6c80b0cbe95b222f9fae891ba3
SHA1 0c2d300d9c86121d10da90ca9e81d57d0faced9e
SHA256 8ebd5a701f97f3a4eafd7999e0a03e866454330e7e3264dfe1b7e2a0c1d99c2c
SHA512 c3ef73618d18199587f4034e4d3262cbbb299046393e2c682203e2017d45555ca648dfe7e9976e0c220410639129fa17df6d282c65cc627f2ef430602f293a3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 96c94daf863a120fe0a9916df30e57e2
SHA1 94a6400ab6c4089535ca861bcf25ee15787095c9
SHA256 3ac65e6d0b7eb6fa1d491bb6d2d93a31cd7b17153fa7d184147dcbb9f0fb0d3f
SHA512 0abd2d652bbd32c1cdbe7ff22defbe72bb5a448ad564c54fe16c7c2746b977e432d771222071dee495ed3b58ebfb8dfbb0c1e3bbae088a50d1a951261ef02be2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 e74b614e2742b81adb966ba0d040a20d
SHA1 9a85933a35f93601fd97f697194ff98002f05d89
SHA256 07fbe0afe55fe1025ced512d77bf5ec440c9bc6cb4a1e23cb35f16fdc942627a
SHA512 c84677b8f63c42bf1bb2ac375f3359e81e0864837958f82b685c055a69f73202b298760f019f9cc4683ec38292786d72684c2c5f00ee800973ec961112f98ae3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 127ce6c1cb78c77a14340f92ea59ac3e
SHA1 bf068b264689ee4248301f9525d928aa7da7c847
SHA256 0c0f0e773fa45fef7efd64496d63553576bf99e3c5ce2e6a30ff84fd40dbac7e
SHA512 c25f8fe97300fed2d81f03701126ac3cdd0c907cafe9e2a9aca23d940b64e0f3140af5286b549aad7ddade3bc9d4532b823dba7da2bfcd4b95169f7a55509bd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 70533f0a8a9ae552ed4fc350add9b158
SHA1 f2602c243fefd6765d875b6b13d96bc93495d819
SHA256 8fa35699f52392369e363de5a571fe199bed5ad7b09a0fa3251fa66a39ea5eab
SHA512 947a68b5a42c451d1f9bfc6fba8f93d6ad84e68ffbabac717cbbeda89c4acb3ffb5e5adebabec80ac9f52a300730b9ad258cb3d931532efa930954ebe7d9ab42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 c568200423c9ac426ba466f6db612c64
SHA1 f17007a61c10dda906202ae235d84a246b5a3703
SHA256 b374f130a1f68f83436af45c301daf5ef8cb5d8cd20dcf542d59bcd59828b7ba
SHA512 7613b1f03f70b2a2a3b52201eaafdb7b563b5be3415ed04f19be4d370788f31c5d7611c108f9667dec2539746f7d5c3425a9be1a6ee663865323c390a981dddb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 8bb2925bd42c1ecaebd6151ca031d741
SHA1 48ec7dfa6394ce0bba33c38709b6ae40c4c9a9d0
SHA256 392493cc5be2991b2aa03b3e2423125f5d385eae5596a2692733e9dce929ef55
SHA512 0639dce09e70b927c33dbf2bbab42ae60fa8f04d4cad898789c295270d24eb017262dc9a08819f451a53bf27e2d5e02d4dfa2a5dc4de330757f1af044d322c7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c64829de78ff97c5caf1fcf482fad348
SHA1 37fab928f1118b2c99bff0ed6aca649f64385557
SHA256 af9aabf2a884f96e3a921d3e4f8e4080678d3d3bee7a7e35ad36a07c0fd53a3c
SHA512 207e3c70154c3c8799d6986ae56b5c78f5565de25369a2a31555055aec43af32ec3cd1ded92d2f6db877978e8d7a769d0b535a223a5165c3b5885ce93228a02a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 c27e99fe4ff53ba6e09d3068858ebd38
SHA1 143a50c7446136a524d6dab519c6131bb0ff04ca
SHA256 4fe754823743a327916e66b1952cd2d08809c91a742b8df98c473ac862889378
SHA512 1ac01efb9265c85a9d32b668c2132eb33b51a0a6e18153545e83aed4019c9dc7501b93d5a7ebcedb68ed184cdd5197247aee7dcb1c81ad5cb4a657d7782cc627

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 b92926e3487a7f6965fd3170b1e5a587
SHA1 3e1237a449cf369d3e6285448ecc222aa85e5ecc
SHA256 7983d00df784b713539a2f9419d3b9a614ac999aa6ed314cdd55361247e09f50
SHA512 a7eec54ded964dd5127b2d1f91320151339687976989c0f64607d9412718cd9d9a9ecc01b9d0b4e2850d9d1f8f69a4fee1da8767700b73ecd14374d586f1ab58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 0c8e86adc435ddb39043c389fb81da99
SHA1 9fdd4bc1305685feeb8abcab29c0a4770bb7cd81
SHA256 58a44ce50e717416765b2e2b86edf826f87f2aa4ea25d5cdef4d7ea86c09eb43
SHA512 7260093250dc05cc30ee37ca385b49c75a194c2c4a11806969cd5dd2d47fcc1c2fd5a283e42b5e7c8f685a1b3cc7cded5762153d393d7fd22ce376c78c8aa921

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f2f9b30ffef2b171a8a2db0b52190cbe
SHA1 133aaa16c48547824896710010447da288072ea6
SHA256 ae5eb93a363f9c49d96f59aa34de290a9d2a235467f4a95d72f85f4e438b0a53
SHA512 85dcd823a2277f4fd56df78f31fe6a38cf3ee9989d2dbf12acf9b09428be1af243c8819dd6b832e93251551daf37a038432670fe74e04a083808f81becfe34e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 d5caa8f6f0f425446c454fda373b04c5
SHA1 75bd116b7c0077d8013ea1cfd5ffdf638fbbf6f3
SHA256 aa19043524e21148fd81f31236b29cc653b11096d4382f22c547397e94abeddb
SHA512 c9800222275bb3a7d8f3e37791c404990feafb643782141cef8632a9987a3f241ddc8012ff3e323640ae34575a375bf73f24816d867a770a8a7c687585591be2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 314372748f7af79968686173104ddafa
SHA1 4c4ef5512190ada93f3639a52cee8abc0dcf28b0
SHA256 4390412845c6d3ca379894e1f2090e625eed56cd09f1a26ca3ac04908c12c8a7
SHA512 69d45fe3a176f1ee07896aad2dccb4320f08ef266f5bd2aa20fcc7ec00d02e9a0caf07fc32d8780333dec43c531f9856c2c9c1e4628ffca04d010a9cea566a8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 67c57e8525b5b7880a4db3d02826d886
SHA1 c5aca752c0d135b1dea18b46e807e124dbde4995
SHA256 cc878ba290eb50e174981001fcd5a26959c9543a5df7fe5092707c7cc7254904
SHA512 e9bd442ef42d24d1103ca459fdb4eedbd3ebdac668402b7ce79ef746fbd299cde8f385fc0dafb06586258afbe4a1ba7abfb702bb747220d785cf81935ea44b46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 bfcd7c333d4c02cae0baf1558f726a73
SHA1 0313d95bfa7ffdd74606c1a1464c53b906fd2b38
SHA256 6e7ca230d3630b8b865144a6c15448e522cecd315e19ee1e9eb3bcf5d3366fdb
SHA512 3f8dd6abbbc82d66df7a4d84e20b695ee31e65d4240fb070135b4710b1d82bd36218ed50acb2d4cf0920e9d4fa62d77be26055473a187b14efe95b41e5854558

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 7fc6489918638fd2f0e9045effe58b57
SHA1 050cfdffa715ad9fb5b23bebac958c7dc0a59924
SHA256 c24efe07c33fc196986a0a8af8290ac496ba669152ca3f2dfdd23d57f7caf341
SHA512 4bf56a8a533551043baca4ce0cc80b51eff3e35696366aa1364b8f98fe22ab5a28be782fa5156ed8edc5bae50a2b1d84b7691e1eddf9b2b6c4289518a4981a9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 19d2459827072894d3ada20b6229d4ad
SHA1 234a51c14a91ca76ebdaf8683e1d0e0e314a0d98
SHA256 bc65b2886bbac4f14332e1c4f3376d3bddde306e22eeebc1662274eb9ff0b265
SHA512 e3fe0673c488c5a7b499ececdf3eefa8ec92df5a44ace2bcc9c2c68cc3b7c2a8ae6d0c0f34d0fdd012b8759f0c6eb9835afa489786b8e97ca2c33fca819f4ba1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 d5446c25d5759512fe20b4ead9c636da
SHA1 bf0cfee8c06e0112a92b0ac471ad2a3a87b225bd
SHA256 d20b9fb614a4834c6479c52b80c4dc874e8c0a107c38b7849068e28387811f59
SHA512 599c6b347302d344c84e26dd0d8b223e69835704a54eb54ddc4c5bc6cab351336ec57d16b3402ddb0cf3a318075e2de8ab294b188c9adec61a9235e3f583e0cd

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 ec6140a45c9a0213d4b25ac7dde7e6c0
SHA1 ba28a5e66d0738d819cb92a804e6aae0c29bc4f5
SHA256 db9d172d4fcd48c33ae12228ee82ce3ce58c21bc94a781284b78fcf6a017f663
SHA512 fc3be9757d0f8d23f475eb5572eb7a60281d955bf162a4f0c9a05f32d5cb38518f1da85303d8c2fa8d1fe4bea19f4546dbea1b2e35f6d35c3d244e6ced579122

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b3e6773d86e62b5a3e593c1bdfd666fb
SHA1 fe131afa5643c176452f6631fff9d5c5e6690dd5
SHA256 05a4c1ea30b24fdba061d4cdaa2918adb428746d526efbff9c128c9117667378
SHA512 f82ef287c30715311e8a8573a4eef3160298af1c84aeef3ac4b1cd89ed4c546bace7ee72be95824f77845c678c2d2d6f31175e4061e086358898bd76b060fa4f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 605835cc89f8c453ed9a47ec55beece4
SHA1 a909e53128e49016ebad607ef14067db15dc192e
SHA256 cf84f4601f8f135e9376a47ffe2f6726ab2f89f4d36b38ce5d56c1159029f873
SHA512 e67c2998064b74e04104672d649dd7f27843f11f6f62a31df74118859cb398f1dc243dc84959c80316b10850a76b0f9a106fb8712a567db2c9c0dbcee50e14b8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 949b18627863fd743d3c5a12a291c836
SHA1 5c287f46db8fe63acedcf57368e3e161ac45f7bb
SHA256 5c8680a6f21948a0b550234b563c8f9ecf92d9c7106133a6f0cdcf2bd3723e06
SHA512 1dfbc527ace32318fba9e2b413eef76bb25d7447140c5a5ab2029f97a1b01b2a4dc7b74e2f44fa4efef4606e297f95f89e311d9f254328aa8c4a74a68ff04046

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3eccf7a0ec02d23ae792a90dc5955b76
SHA1 5288a0e0a6ead74340b7237c34d4013e7d0158b7
SHA256 0abd2da2d76ec0fe2886f5c1a540f6bd63969b4296ebf76962035e48e2079f6c
SHA512 128159cfa16b2c870c61a6e22d39fcb7dd310a975b9d75b0edcfced89d49fe189d874bc380d58b197dd8ea9cc55c816c4f597d1d9d0ce707c66b8f3b7c18f012

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 57d2bc66b4cd086855aba75bea21ae12
SHA1 93a0b2604de296f43a050082d95cfbd5ead8e1c9
SHA256 6d48d5713832abb353dfaa5776dcd0604370e5581afe9ca57c8503327646c2c4
SHA512 a47c0cb7393c1a0950751a0294103f9a5d10843217bbdf3c2251e81a75a147e374b44a8a195b86397a83b00cba961da856428d70e40c7a67e78973d84a6c431e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 fe803808886bf32a8a2afd925a57c94b
SHA1 9a310a28780fc6e82a09334479b6575df9c47c21
SHA256 33835ebf4ad918232dc940f452d250e8e9e559886274f382b58378009daa3d6f
SHA512 6ae833d559eb97bf9bc197dca7ee53169f5f45352c55f0e9802c53584b060a0afc9092d57b18e1f43b8a57e1db5c05a1aa14ecc0052f0ef9b3b3ccfa3dfad16b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 80568f7484f2d7f03af9d93baed7c668
SHA1 560642d59022941f2c1e38cdb32c42fc7e86772f
SHA256 79222e9f74351f83e5979080b8146252fadf375e483477f594b09fd63b288e3e
SHA512 597c432c5c8b4a2fb0072c4dc704d530f61386f1ebf4ac3a018a39ca637983640e228f85b9d87d5a620185b1b7769a971cfd80dc33b0b408a4ad21e77114aad6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a72548c44c7de13e0eb67fc4902e1dea
SHA1 a0afd4c9f350b9763e6da8cb6cf2e3551b4d17f7
SHA256 aaf12f261a084909e0de91e17ad3f7f0a3cd686cdb8d132ef859f71c22d0a5ba
SHA512 c89958e95c388dbf6e40ca8c00b0b17bd2d01220c5435edd5044f12e434380edc28c4b86f8279df2417c1a30db77f77f91bea597f48d9497ced62b4d0a415fd4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e18c0f7d445db4c4c06308e43a3ad46d
SHA1 df4a482de1ff1af27694ea7bf7062c0d14609e3d
SHA256 a71d5c6d547caf766931be5a2fdd1aa44bac8dc0cb0a70bb4e5d053e585d8e54
SHA512 431916052c78338714d41573943cb3cabdfbfb11409f6c0838423cfa0b6e9dd26c21560120fcdd86049db0790877953caff975eae5f46e21be95278f3fbecb22

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 93fe34f92fb9f6bc3b5f585ebe96577d
SHA1 71ed8ccc063018a8eb7eeaafda1b64c7a80f8b30
SHA256 a0258819117f5f0dc7bdca3f64f7648cbef34c6c6b2d7c36fe477cd0e8d86163
SHA512 e4f1934c1e2fb83dcf25d7b1dda9b862ef886d4ae12a1ecfeb54d97f4ea873a86787114f2cd2c39532f1a661101e499293e37fde73220514c4697cb9a14391bc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 c9030e6ab9e7eb8c0a91711c4696fed4
SHA1 848cb283a4d660c8aa228f4c693507bf2516338d
SHA256 1bc74c40ab10ad1c48d6f9546511cd817cb844932ecc7377e1e102a8c20c187f
SHA512 cbea5e65bf9565b91f931d30537520b51e23d6928cabc39a20cd840af30357a4eb401b014dcebd8d67c358debf7c69f7e0f3ccb6a54b08974a760d384eb4dbfc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e03c2d2a3bd90227c310dac5fe00ec2e
SHA1 801415d79fc6e4fb0044905b1e87aec0c9cb2d71
SHA256 1777710a24499be862df3aee02cd1da066b139850b0d708a294b51a8bef9c5a2
SHA512 b8847723878eb869a6dfbbd4ab538e9581bc59ee0229b18d9ed2248369996b4741d1cbc9ce5af8aa4eb2d48301dd07e45d068269c44753fe54586d40df72f7a9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 21:54

Reported

2024-10-11 21:57

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe"

Signatures

Renames multiple (2190) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_6360d736a6f64e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLashEye.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\Retail_Get_Started_icon.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\156.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_02.jpg C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FlagToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ArchiveToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Wide.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..resources.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_6c1aa43db0003bcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\images\smalllogo.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.264_none_97d9b43333298975\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..pertypage.resources_31bf3856ad364e35_10.0.19041.1_es-es_ddb9f4e20e31b05b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_msgpiowin32.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_aac7473ee40faded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-web_minimaltrust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_b77b8ade8ec16b9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..tionmodel.resources_31bf3856ad364e35_10.0.19041.1_de-de_b895dfb4643f17f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\WideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f730c5a1ae947fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l2gpstore.resources_31bf3856ad364e35_10.0.19041.1_de-de_384e42ebc23e32f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..recognition-gesture_31bf3856ad364e35_10.0.19041.1_none_74a4677fa85a716e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ApplicationGuard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-repadmin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_764170bb5c22a114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmsys.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc30520cc1abbdc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.867_none_14b972285c05175a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-proximity-service_31bf3856ad364e35_10.0.19041.1_none_35dbf7d43f206dcc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_roles_sql_b03f5f7f11d50a3a_10.0.19041.1_none_abe1548cd340f389\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-ftpextensibility_31bf3856ad364e35_10.0.19041.906_none_c1cf767a9499fe30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_de-de_9c4695f6a50bbb8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_it-it_19d0d8db3bad695d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_a7940cd7ed29ac79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-overlayfilter_31bf3856ad364e35_10.0.19041.928_none_d1c78425a25a44f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.configuration.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_e158a02f3079137c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_665a0e5c8022f7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_10.0.19041.153_none_1eca1cc1925dc676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Ignore.scale-300.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_10.0.19041.1_es-es_0066d2d97c89ff45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_zh-tw_a566087bd822eb2a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.746_none_0f6b99a629591478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-websockets_31bf3856ad364e35_10.0.19041.1_none_708c3c1af3943b36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.windows.presentation.resources_b77a5c561934e089_4.0.15805.0_es-es_0854f439281d17a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\napinit.resources\v4.0_10.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_251713da05484b05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-updatecsps_31bf3856ad364e35_10.0.19041.1151_none_292d294e6c1d57f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_12ccb13428eec5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..settings-searchdata_31bf3856ad364e35_10.0.19041.1266_none_02712bcc4c459e88\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.264_none_bad3ba5692b129e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_45d1ad95ea6d7669\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ececcfbf6bb1cf51\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_d2e78d3161d60585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-util_31bf3856ad364e35_10.0.19041.546_none_cc8076c97817971b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ier-winrt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9aa9d6f291812d33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_de-de_f1e5ecf3c650dbb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.264_none_33cbc8e23aac35d1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..wnlevelmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_78b1f5f5c57dadca\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_vsmraid.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_4cb6c86f92aa3267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvpcivsp.inf_31bf3856ad364e35_10.0.19041.207_none_e90623c3f0674d4b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_en-us_66cdc97910f775ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a8ddca6b99ce93c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_windowsbase_31bf3856ad364e35_10.0.19041.1_none_f0f15c7316a3acfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..anager-unenrollhook_31bf3856ad364e35_10.0.19041.1_none_8ec1144d41f9adff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsantivirus.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8b26807666a42ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool.resources_31bf3856ad364e35_10.0.19041.1_en-us_73077e9bbbdaf816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-usertiles-client_31bf3856ad364e35_10.0.19041.1_none_df86f0e7b84bf07b\user-48.png C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\KbdSpacebar.wav C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.19041.1_fr-fr_96b33e1f86c164ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_dd5f2e51b631fda1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_10.0.19041.1_none_9cc539e103db20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KDURWVJJQCGUFCX" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe,0" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe" C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 135.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 1c457787a1c96541945a1359daf94927
SHA1 9bf675bd700951cee6f697f829684502f820d4dc
SHA256 ff9ed5289fda7edea0eb79d67702d2972fd78d57a0b3370b8d43199f056aa221
SHA512 c98a648ece7f5f32dcfcb50cc12817ff7cafa4f82dff1725d5013214754d4f4e1a4e97093eb338388f08653ca6e1bcd3b661f7ba2c472310ca9a6dfd946275b4

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 0faa6abded4af2108c107cad65c2722d
SHA1 bf774a6a9901a40ff78fef1ba143f24fdf8b177b
SHA256 2e0d4ccbc7c61d2cdae63e77c19a1a3a7befc5f1ff6df2800b89ccfa7fc8729f
SHA512 b23c1ffed136f19548b39b82ef70880d152e4d674e34dbb89a7528a64d3dc2be819c9d5df9fe6e713863258ccdbb43f935836cae95589721ea80eae71c287392

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 16944ba5c84aac1386bc9766d87da974
SHA1 1f5409cb299f9fb7ffce09ead68e366080a37c4f
SHA256 82d4f3ced04e65ddae46bf50e19ca13ec62ae81d8befc3952229354f9ee8cc4e
SHA512 1f3b3b36b6c83eb22909add2fd3f49daa30f679ffea00d4528f00419ad8e68e70257d6c33efa1720cfc0328c8472cffd67be26db4b5f117166ccffbb9db22ba0

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 75a87c87fede9e91de944c8915c0173c
SHA1 f0670732d2390b5310e161afe865ab668df4ad2d
SHA256 ff697fe14ee5b9d283de96c6fdda23a39aa5b0beb51f60b297e06d623d60c553
SHA512 8f586b6ad39e92c3feff48c94236eee980d1f739e731395fd1b7c5b611fd3ba12192837725d99b606fabf2253efa59ef5b716721ac105a2589db262f5ac7e993

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 59fcb61fcf2f34779196a662a3224a26
SHA1 e6039de2b17d7fac45090144dd4a6abd5fb282e3
SHA256 ddffee5695fc8ee5cda0fb73ca6e5647d9c8953260d3f8626c312c510728a1b0
SHA512 51b90e3a9dcc9cd2f505f156a6f6422396957b52890d0357cf72fd2186569a63b464d0c21f571722d7c26658df44826eb177e8b82b94cccbb90fcae938a91259

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 800e618080443e8b2d7d9871cc51c99a
SHA1 bc49732efff35226f6fc37cf575b9ba17b227ef1
SHA256 4f6ba12499283459e7643732d895d8df5ff4bba1a5631bf70f7907105f6a38ae
SHA512 b14ba356a8977ab63008f89ae0d76310b0d508592cbe19d2c0fe1b14a990a3c06ccafae1e5cb49ab851bf85ce3a912b376fc993a858effea9b529087623911be

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2cbdb8eeb0f92434a44e159710250f45
SHA1 341098748e85b3fad8d128223274559517539be2
SHA256 01164685bbd3c03b1864e87918fc0c469020f2f84b51201af4158a9d06aa62ea
SHA512 9909ca5c58455ac62cf5154dc588ddb8a3776b10d5bd8ed542e0f11934a327e2e037ab66124e387af549aa32bc65aad5aa41c8a702d3dbc88a1095328b61276b

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 47bc453f9f28a4db03d315c0f3731ca9
SHA1 cd116ed9cfe090a9e310aa222206e80c2d882b84
SHA256 0ba3ecba071a2a1aca83ac1b757a20a87844da450574b4955476837a218c5102
SHA512 e3fafc885cae9eb2ead57867dfc84ef26b073d68a109b8b7a1882b52499f1ccd1cb3852b550527bce313f1ac0b7eeeb52d807f67e063369098a3f5f7244b2827

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 21067ba7f3a2500b33776fb6edca7761
SHA1 555e3312568945080ff7abebac9a802326bcf867
SHA256 859e83926e8731f0242f71690932daffa76540194933d89379cbc5ddfc0efdaf
SHA512 fa1ef9c92c06b07c2623d40db425b177459878ce2238567ee203fa2219577cb8769149b71d931c917a8d6fd9ef785ad8792705b050976d08dda23cfbc2d4b5e8

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 cea374ff8926d3e31bcb8916726863e3
SHA1 046813dcf208e47e200e3d67b8b758443143b544
SHA256 b3a86d37c3ff1bb1dddd9073be733135047e256ccbd7dcad8189fdeef2131d68
SHA512 6e612f762c3a33ce64106dbddff4f97f2d18f1f69478055112488fe9823040857a79e40df7f27a652cec816afec943135f5970b933df99137cf701a167a2f632

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 250ee4af88148843faa8185e63a915a8
SHA1 35cf28ac2dad2f2de7ecfcadb68ecd471e2d0986
SHA256 feb88393fcd1ea42fbfecb6c1ddd0c4fe26fc5992b672d4d1aa1d3d6cb2ac529
SHA512 73275c249a5eb7e2ccbbc4e880e2e50c2646d2064df522c63d389a239c6900e1de147b259d05033ad56dd860c5d10351fd02e50a0bc6406809ea8d5c369a857c

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 2ef3161a22f3b3f1fa103c1d8dfa75be
SHA1 da8f6c69bdbb2c7f0956266243e8b335541a4e0b
SHA256 d8d9d3fe566c9f88fb8aca1c48eab527cab341e400b27cd8b800f4740cac5cc1
SHA512 daab8289ea8f932bb74fd98b7a4d0a19119e4f6e848a12c8bc4d967f00f94f65857fda89ce5be4bdb6fa54a449e359c975fa31b486253df04826da8b13c9f8b1

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 4d6b279cdbd52e0c8a42e7a71d687356
SHA1 7b83c0516170136b1aaddb8ed03ab0e4f3b2c96d
SHA256 3422dbe515b4e0f5eb06f4c091783a5628e2e1c5ebbe2385bf7d63939947d2d5
SHA512 217dc251c7e1087f3b7ff4bfeff923b0866712c4ebeabeb7b046884c129819dc09bcce70d2155a40e146dd5eaa31ebab198b510d606719316530b75afbe8a6a1

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 7ffce84e0f95e15f33522214e3729cba
SHA1 e35ea7f4029ca84f5f208062247b5d8c4a9eb161
SHA256 5433202f1a58c1af62820392a5633b5e786fef7f00ea64905fa5f7e75ee7c4d4
SHA512 c69954827b013890a69ba4141823950eaccd9d72c0fae133b08e285be85baab5ca3381185e7f2d732d7fe01b0cfe6a5e9b7d203d9bb970afd9ebe20d7619a8c9

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 10d7e3c07bf984fbbbd0728daeeec842
SHA1 8732bd583496d069c193a38fbb5c81a5c2c16c30
SHA256 03da44ca84b856fb47d2da72ae652b085d6fe7522de694d5ab14e876e1dafbc2
SHA512 e833b0311850a228c3b1b980b6be111ca551e72ba3d0474668d35c58b8037de83fae59f5cbc9bc69979128cd9f90f78ebd5d58651b9ebe88e582f88ec3641f03

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 150476fb9f3d0fd1dacb5b4dd3879e61
SHA1 84f3375790e39648537fb0928e5be154dfc1141d
SHA256 79be3582032ec1c498bc6652684bf1a50f4bda2649c5d25815fb48974079575d
SHA512 9e0f0197d7b5767c99e2f7d7f8c38460a35f6f791538bbffb7fa4f96143c0ccb6278825179bc05843c18b36ddbdeb3482fb3e060e597b2017944399b45c2d5ef

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 40d40c1c6066f20ec8a01da0eb9e1420
SHA1 96d23bd00693a82c742c9b8768c5333ba76f6bf5
SHA256 4952b43d71df984ea8b8ab3e07317361251a81cd9c7afbf06822811f87eb4a3d
SHA512 59e4820a7f4f02e34fdc94ff5b4b0b1a48f3bc66faaeb8a600ede396dffaa08616d80bff5e4de2bc7da2bbb7ef909d4a821134e3386a9460e6a92f9459656b1b

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 f0bfd1b67aaea7bb0d0da7e328d22033
SHA1 c34edab554d4871cfc48d648f0601e9efe466249
SHA256 597c776d2002f7b23ceb3c2a79d4f6b15630b5ef09e7d3287ca277c3d5f22b9c
SHA512 f21f941a142a66525cd8fd31a60de82734430dc4424822bddf59f18779a833fd2e8716bcd5604823a6fecc75055468dd3414727bb5fc981602f22fa87ffe9712

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 18e240f0ab0e8a1006d5681309af8502
SHA1 bdb04f9cf671d02211e0eb589aab7a672af4f883
SHA256 c590ad9dc486bf0a4a4af12808a638169af4ebb93754c296eeb56275f3a0af9e
SHA512 5d8c901960880ce0844775a4b74ae45c8495676292406023510f94e64682d464e336f33ebadb969baf085fb90cd4ee894f9dfe1b4255607697fc7c00e10bd28b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 7d06e8730daa6ef20e601a891471b6e1
SHA1 f45a51cecd519b308da57390ad9e21b5e0af66a2
SHA256 e57e2ac815bbdf6ae7c2e76f74ff0c44cd47a8ab766734722201cdf0ae8676c6
SHA512 c796328f3c1777deeb49ca9a68b8fbf02fac123507a565e2487bb03ad6fda16c3816121d29633d75ebe2c2298ad9add3d9f7cf7981f4fc8c84cad071c41332c0

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 29a6dbd9d33f788e51f419864a5c77a2
SHA1 1b7275e504c0e8ed576454eddf5d48235a686ca1
SHA256 68e72c8396c694afac4e03eb5eab4269cba53fb12b5bfbdec60d2dae5d8d5287
SHA512 5bf336152a09864cd4ac2bcdeb46f9954ffcf55070c4935093847a71d49c7a1f64ff9ab8ae3ec43e88adb2914b15eaa59a1c8e23b021822abd120b8c7b2da410

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2f83596eb0253379d3935ac4743a5add
SHA1 255377f42b584145b6e5be40c50fe26f674f7414
SHA256 f3d19bebe0d98b81d78751d918957d4e29bd7fecfc3480db52600035efe9d815
SHA512 ca3ebaf16a847365e46fb4740a62c2d253c8a26ad60c03edbc8cf9278cfc75704740d1bc7e65b825adc408351ced1881191961c8ad2dcbee514666dfdd28d04b

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 5ded34037bcf6104ca4af068335ecd3b
SHA1 15ed340cb36476d438247e8efbb2ee89c288fe10
SHA256 ab1265b06d558f3fa834d0343298ef7f432c081bcfd4f38736e10e1c1f4774e2
SHA512 b9b4e88e4af90c7dc6ee397d56edba4c120c29e9f02ef8105d5922b25ca43cab17d0527627f525c0b21b3fe79237f1f90fea0f55a959675a473455d2ab301520

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 42987bc1ff147348272ffd4105d06b5f
SHA1 26ee6ad2136e23011c390f54a0f64dfa6f65a31c
SHA256 5f2ad29516ea96f43d466fe1834a44b1a4f467f34a9bd84d6e0cdcab043c8ba1
SHA512 3f245c0fcc394b2d00ea21ba14e3f8a4bde127c5d757729c1fc3c3befcdf793e56386eabd30df0325af716aabcfcbdecbb27b9b1ec9ed80a61005fdc4298540e

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 18f20b845451fa25425525450e42f2b7
SHA1 080c0b675abed59192a4a17199c8f3e57469250b
SHA256 8095f67ed52d383dd6dc689ac54852a440828489df5d02a8ba6c31bc2e448d9d
SHA512 2da9d72227149f445702f4cfb8d0abade88704a2c9ee90f87c006558b6952dcee088dc607d72cd771b7b56e21882fbcde7370a733e0d80b486480b932f565700

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 c46225ad4ece4bc4531b781d06c5b411
SHA1 8b8cdc7f9102741d267bbdccb7584499d0d26e89
SHA256 979d2d6fe4b793d557b01e8ea8d630b11b09760280821afbebbfcf7482eff093
SHA512 8a8426125795e48fb51a338e1d5c8428d39eeb34dd73f2c2136a380a6591d2a7026fca379fb6b845812df9f0eaf6554277afbbdafc0809963c8fa0830a21948c

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 b8932a0fa6c887c4e80cb5c56d637d12
SHA1 bd46ca5da851cea651b2a7206f7d80d66def2e28
SHA256 fa7ec230e1d68ebb796030ff1c6011390bfd52cc082df4e780fbe50af13c9877
SHA512 8714b9b9a3bdae93741294c277eadf7fa6ab516b6b083545e851e042fe86d989d68c823a28cab4f417f514be214a58142f116ac0140497a27a8d81cb3b728a6d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 0581180b62f0b3b1212ebec1deb5b6ff
SHA1 d7f85eaf3ef69ed3246d3cafddcc18f3e9a71bfa
SHA256 39b1411ad2ad18de4cbd221cad426788ecd019acbf52fcd001e54c9ade30b592
SHA512 9a66303710d06c7dc064353088a28ebbd5f37437f25b61a3a97e6826816693e0dfab9adc721ae49171c496e84ed15b29d140fd2ac2dd30305f66bcc2df86162e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 6aebf324b80c185882624cb77d7bea2a
SHA1 d454dc99c07fdbfdffe4e5e525a2f00c68be447f
SHA256 01956ba777ba6ccb7220c23c8f2fbb0f00cc4017f465050ab315ff8db663b264
SHA512 6417024a92194c7f17edddff7b257c14a20f6f6d9aeb9750609bdc5ae6b1845b25dd19649a1208df224df951fee941c69ef1bb355abdd0d2b7b79d66ea6d0afc

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 95a53cad001eb8b5ca7e24f9e577f274
SHA1 ef1a1c786cde752ef47ba8227c4a680b633683e2
SHA256 de84761a42b7d4e3e977126374314488f7289d12a769e8d413babc6d975d0c42
SHA512 ce170a43ad87d45967b0dc6bcbfa804a77ab9388e5d49df8cf5fbfb6b939d254bcaeab5322dec38027f37f1dc01be360628cf6006bc9fe08ad2c18913750f418

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e3f3182437578bf5f96b1c94449c9705
SHA1 364b635059f5f886c552e76993a5258ba3b59732
SHA256 efad8ccca42db7deeda018daf5655ce9eb1a092344e99a09db088accef39a580
SHA512 a2048b836f11329aec06b12d81291d7ee9bb8ac757e4ad60266638dc99c702bc553274c1792b744bd1a8164794ba8f0da233c51f0328550a39fd75b96d89de41

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 90a5f7b30f518abb196303ddd6f2ae3f
SHA1 526a4abe6c42c9b331c679babe5def1d31e87d13
SHA256 975d953528fc5b636b87ae211b7c1d33be364c725de89e2e5a1d9ae8fdf07666
SHA512 7774cec409938294c4f6c835e96d19178df0e6c111f43439e862d0700d99be9c0e4725894ec546ef79e23ff609719b1f8cbcd5f36cebea6e6af1e679121089ab

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 2c5690207103e15168a0588070cf7ea4
SHA1 2c8e6b1fb03823e0245c2d26bca4f82f554dbada
SHA256 2e779fb8efbd58b1adaa804975f231d6e4e53bbddf165ae3354a4b8600b4af36
SHA512 debf82c2ba054ab978a0f7d2e708c78ade28663e410787dc6b5a65d13dd46761df39f7e449abc8291d991b8914992b4e70c7944243cd3674508e1068b5a843a7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 8ec22671ce0938896ebc066b4d66de25
SHA1 d2c13ebf3c6cc18a8e9b88edd0d6cb30e80859b1
SHA256 e26c8f889022d52997b2bfa5c23617e586da02d73d2bbeec6025729360273a9f
SHA512 5576700f89fa0597229a1ac3b0b9731f46939229d6b8342f03b31cb81e43618b69fac76f7b653e4b45f9ceb6be807ac88e070416431c90f208619f7d88802718

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 c630f3c40141429f0d3264fb1f4fb89c
SHA1 c530e1c8faa648d34a2df5a8d5899d9b3feb38a1
SHA256 2d6c7aa870a2ec913f193efe1302db5599afea4c8d2ef0f1ed8d4c3d4ff2b1ae
SHA512 9a0db40fb4e6e81ab3eba0a235fcc2c46294bd9a6aa2e13c653110c4ce5f1e48d6a38929873960553dc9156178938abf53c5e3ff125686524c6a041e150d924a

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 f19bf6bc5bb7a0003ba9cba07032e1dd
SHA1 3f72e8412770e8adfc8cf3436d56fa76f4e981f6
SHA256 fecf9b4e23fae1abd3574666c7bdf1ff734dd6d21f3181a192f42501428645b2
SHA512 eb7425d25d86234025678126c32bdb7815609749da7cdb662c355ec0166525d1364af88dd3cfff7a51cc215907e7782bbd40b8013ded22ca2771175aef1ad513

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 814342731b9bd8f2e32d91b2b05e3867
SHA1 01ca1700f2d475b841911ca09ceb7151f3a6e7cb
SHA256 ea913a67e8a63ddfc3e0158c30993f4a90d8a7fb2f4bcf4b5d96c03695aa90d2
SHA512 32cf7a55d19d15453da8e1ffa30005b26967ff3f7a917db6511b82da12dbd4ee6f9b93f46b67d9012cc7e0504cfd511902a7c86876de44840de6cd5aca562bd3

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 5bbb67ec38daadb79b11a7874ea91bb3
SHA1 55432cc95355158faf0872ebd97138edfd523f2e
SHA256 56b056601ed0433e0391fa49bd7e14c95c035da5aa7f56ad701fad3f9d0e6403
SHA512 d9ddd1f2487f6ca42657ce0cbf1143f911b702a052f3cab783791c21b9a3b5133620aca48c96f5548e1d6d5fc209724bfaf93902bfb9ed0d3c0fd60fb7878da4

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 39444724c85c15125ba9b340243063c6
SHA1 4f6ce7cd0b522efdca5066a81d880720cb50e92e
SHA256 9284b971fd3fab09f0632d6f6fec24563356f5d5f218ef9496abe1662e1fd324
SHA512 c30d846bf65bd29e85b50dc95a5233ac2f6aa31881c320ce72c58a30812cc3c874507cb853ccdfb8e278d53f968a09de1107bf6e56b5973e4f151d5d6143f312

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 2f3a25b1f9eb264f4b35e9cd18588d54
SHA1 374e83507b48ec88082bbc45eea6d8a971ff40ca
SHA256 f03b099d1272e25768c1d52a229f420ce02297537b1f2d892545adde602b17dd
SHA512 8b33368dcd370c77733c66a4a77af47b7f9ecce1402b87fa7caf0a9cd8530cdf0cb248cd9b1ae0138c6b4bd262c1d0ea2c09461f57fe76844246fe7153d59c5a

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c62cb32b3e489bfcf26b0a955cdc1cee
SHA1 6196a9049c7477c80e7e2b589d3d7b317e867cb5
SHA256 4178cfde84df63ec2457baa3c801869bf752756a7ae8b670ce3810a34f11efc0
SHA512 c5877ca4f3cd5650bfe5aedee7ca1cd6f375da7bfc1866865aeb6d578252196a171eaff715c1fa5c6e322583541bcf210d80dd7bfa0439df233fea56c392e65b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 064fc60ff686ab1fb85c1af45c0549fb
SHA1 0ab79eed531dd3731409f8e7ed8fe291a6bf1519
SHA256 5bd50a502bfdd33b91a7f1725f873a747dce6474f9aecf71375fe4ea6551ee66
SHA512 987a4b70e3b4fbb77556199e8430a6b3b89c0da0d32b4fc22a7a798634140c94d88ccb99484083e5ab7f52113b2c263407ff79f234c2811e173330c521dbb0de

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 123acc597c4a91c9161fc3d19245830b
SHA1 abe0aa77e58aa3b477a6d2a06b55b59b00d59802
SHA256 61ad517d97ecd0ebf89aac1e35967288a820e0cb97abb5bb573603c37b085c6e
SHA512 b628abd72b6ecd38d1e588e834407aea8f4bbf494d22b485f5ef0a3500ee660259fbef86e2353651da85f84ffafbffeecb3479cc4f04c69c1bb226231a8bc20b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 ec23995707b17effed74b6cbb994248c
SHA1 0d21b23e5a9c83a1cb356ffe45d1d53979275466
SHA256 f5f8416e78a01cadbc49910a616aac898b553414d55a6f44cd73b7b00191c09a
SHA512 96e7cffffeed63a2006c172994923014daeb3f32559c2790b6e169835ec28438f5489240c684c9c6e10e64aafe1bf3c72fe1b59f4f32feda0cfa0d196c65de86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 b79b880027c4f11b09ea8e23d3924791
SHA1 c607abe7c44c289f3997f30f57dc932a721b7f21
SHA256 94ee776487d8df43ceecdce76d65d185b6fc4a32227838515dbd3b7e71970fd4
SHA512 430c175b6d4a42a0cacbe5409f64bab9ee6df91b3b412772f1b17f3234a52ca608b7972598bd378a922869f54cb2248624bdd0f231ba763749d0f0af2f6d170c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 3bc2b48fe9ea09d02d4bf1b647ee48db
SHA1 82646380c557ff78ee4188a161cb9d604d887d6d
SHA256 95f5972a87a97925a89e7d58b67313f165d8a849b9201e5a0a176d0bccda7c30
SHA512 c63b9cc6c01eb2f353202a134f0535d036623999790630ba4421f7a2f341017e90a1c70a8914e0cfe0443a6511fe974f9ff8fdee70be90a1f9d9afeef19ec116

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e7f96f6f4ae9eac86704af7e6cba1677
SHA1 c7509074f179c4714a63e1848f4119c0d2f38131
SHA256 d9cf49f371a3f38cdf81e364439a54c09d9e42d2ea76b32d80e9fedfbd4ec009
SHA512 87efcd9c7a614450245df0af0f13786e084627bb0aa6d045c8bf6bef730ff0b841e1e8baf6752b3f38914535ab18f8027cb456aeb5a04af7094d994f42df4195

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 57f34cd3df4170bbcd5961bb6199b7a8
SHA1 68ef0388bfe63fff748bb6cb944475e4ee1f791b
SHA256 6c2ea99c0cb83d7dafc442d690949235f178d17b7669c72ac75520ceedf879d2
SHA512 e036bf6021012e59a92656597f719dcb0f47716694a64251872ddd218dcdbe5815dc3834cf97bdfba56a1408bf9359effa0df5590c52a8371cc451ad85c507ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 50dcb7c174e0576335b8478141716b8e
SHA1 a5f6fd744952e9bf107dc8431b1261865d9b130f
SHA256 bbd348455a23dbdb6e4644368ab3295d0deff796786d2ee577e5e28fba041e52
SHA512 19ee265a27ea1ee738b3f9bc70a5cb7e56d7e56c58e342153417a36a6f175c84f462afa1a8254744c7ddd441bca0518db49882b3c7648c449d0244deac501714

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 7a00e67550afc9204435a024b48b5d82
SHA1 9c2816c20986546d77652599cc22f8149cfc4e17
SHA256 3919fb45396a9c64f743235040eba49e13d2fc7541160ab78bd4a4e65b272cb4
SHA512 1a8fadc6647e8b5a246c660d53765c5c8c1991d54fa4cf60adf50919eb8409f4cdd616d8f0cdfee584b495d8b0c0395b613e409ab5847d76d7756f012ee265a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 5d9fe7d61bc34fe178689f5b5c5ffb5e
SHA1 d77e50aaf0f69a7e987306b0a7d8914ba4ce3f1e
SHA256 f38abdf88b9b987818edf8e4e1f3416cf106ff0c6d4a9839eee4dff44f54b4b3
SHA512 22a1c542dd9e89ed731993a10c3f4a914f28bc5ee9e0b766b0e6dbf184f061da2ef7a2be231a2924eef1054ea024ac302aff01b8461197fa4f3a4d1bba619cd8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 f9794b1faade6803fcec009cd5ae4d2b
SHA1 4460d4668bc0d17620992ffea8519b29df48bda8
SHA256 e000bbe9d4470fbd0e5a38fc922610407e549f8e4fceaa6722e7f4d413b4d974
SHA512 167bead34563c43bf830387bb41b070eba83478f72bd52c69c6d53f3a5907a0bbdff2170e02054745cc51662985ce5a901499bddac3ada93a8259ad97ada6ac8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9b1e5511ccc938b6134e0140c784cd84
SHA1 0721cdcaab11e102cac6637adb4fd040f2de3902
SHA256 acbc82c723e22810ac44b9ac22cbae1140de9f792166a89095166be328f8eb5d
SHA512 7bdeac3c9de04b7b02e3199f80bcd694bcfe713e4008cf77709b0ca766def8d36cf052fcae9f24c7f2a029bc37c701ccd153967f6f952ab485c9409cdaf233ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 e2e5027b8d06c8a1509f8b11db6f508e
SHA1 aa6ad110f63a745e78eb1e9420af3c9b1968dd79
SHA256 4a3d049c1b2855bd14d67fa968cd359ca653812128da4092258ce77fdf673d1d
SHA512 599fe6bc301cde074b40103ba74ce846d3f25eeb602593cd81bb53a98a5e17b2ba0c804ab282e0fdc7642169e569e5f412b89d7d2b9a19af1170151e00a106e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f07cd0911b6bc391cf30f6162e9ad10a
SHA1 99378e726de208afdc35234b792c4303d542681a
SHA256 38b0932f66ec13985e59714d64484d33e265a5d362d736542eade1fdb26d7586
SHA512 53bb0ff7b48202adb40307856b65fe2a81b756feb8e1cece26bc3aff2f5570d4dd9dd5302298d9f4ef14d32b226c5c8c4400becb4c7792cd4accf43323104fcd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 5184a37650fd958812c111b935b49b09
SHA1 7517d63f3adaee28f9221bef6e2c7cf371e8a01d
SHA256 566010efc693c6537defc8ba2e8efd24eea734bb9321fb699d36ed155d51b63b
SHA512 0fa73c4d422aa314b06bb6eb1a7a813e640da7d80b88f04672e71d0071cece5cb936ec818cbd3dfcc001bd140e8a4b9093a10b35b9089e973908c8381fd10f8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 6598b9f2e1b461b4714215b415ae6b7f
SHA1 9781ec92085f4355696bcef71b2ead856dcf22b2
SHA256 155654e48f4e11f26ed569de26d1f08b356b11b90597e6fe28cea01931fcffdd
SHA512 9c435458b1c001140e92ac45345e1173c2674d7fc7f133a709c87f4f2ec8d9d4d4a8dc069989ffaedfb0196e15cbb45af63cea1ef4f9f0feff5e012125f1a6ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 e7fdeb93360747351ce39ffacc44589a
SHA1 ae583ab0336bfaca09486d661e579f7088c107be
SHA256 a902ae929c0d42b7748df73e1102980eaae4adf904e00965417aa4828797bd85
SHA512 8852b56929a0a0914cfb1449f9b0eaa446a36cef2b842e88a0911ac62024cd3deaefdb5ade5a16274133ab8b2c63dfa69a6f00a031723435636006590ad01d74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 b7b21cdede20edcc446889932a36011b
SHA1 f4924fb2ff2383b22022915f7d9b819777590ea9
SHA256 e805c92ffc74bd45a6307eeff7aea2a2b6c7503194f5486acda992aff111de8b
SHA512 95535b0bdf536be7dd8141e881a51133bdf3183cb632284e87e3c7c2ca1822ad185fd13ddb354287e658326234619bfead827412e7a3e002fa36fc15de20eafe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a0abcd04c3b5870a73aedf34c48b295d
SHA1 6ccbcd050c256d7fdf400d29ddda6d0f2ec4a77d
SHA256 25aeb5c05d20abdfcaa6fbf48e14549d778091b2b86e522b8e82a6d49cabb04f
SHA512 9829b1ea6a64feeada489d8d9fc1ec6587d45b856ee33e95108b6e0830d0b6282af96fdfcebdef1165b39e5780be0274ddaa1c0cd273124e4eb70d12fbd1c6c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d8e350f1637a04bf497a29d04a9ba0cf
SHA1 19f9efd060e5c53829c736dceac0a84b11488b1a
SHA256 83b185c92463bddb16b40352ebbc2658704b42129c72269fd1ee88cdca453868
SHA512 a257c513dc489d5fc38e73512d515f31241c39a3bf65e865de6ff716108d97fb86528035bd8a503255535267df6f00ccf9eb1bc01fbf691296d92c16e88f4a2f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4b718ab7b1825110072625db4be5c955
SHA1 2ed6aa40eb7b89614ff0be6cb69b7d28c790f5c5
SHA256 6fdbc7f1cc85e4398d8c0b0e944436667c27c75adadf41af203a6404a036234a
SHA512 bf148af0f770d13b687d120299fe0cbcb6a29f7d75e3317a6fa26bc892fee79baec51d979d7ade4aa18373912e7403f5b8ea8d59bf55438f2b00ad570a4b73c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 951f50d5b036786fbe310a613636e605
SHA1 8d6cf8b8b0c94814afd771459408881ea5783109
SHA256 853a346d6c23cc1bf7c04794b128f6adda8c8863e9f9350deb513e39c2ff16fc
SHA512 d040555596b39b5d0cceac633ac63881d78ad0c57775a6477d6b8f0191c74fc977bfa697584cb0c744a2606ce70c8087c68c6f60b1f6f8629f8b9229ae5202e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 8e719e36968c4f10223e77e21d74157f
SHA1 d11d566a1637c3ce9947682d6e4d4d505ad42d21
SHA256 fac8b0b487092932fbaa7c11d7aa0c8a1ef0e8f487fe926ceae0f08ea2235954
SHA512 a893a1919779fee4ca9b13b0cdd7e5bb17b5d06a2a5ee99f1c0002542dc9cf5276acbd918bba4c29557b79964965058560560a6597fb0daed0ba815679b440b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 41195058be6bcaaed1b6d79ef1c1ac6d
SHA1 8acf684b36ff0031ece6539ac23ce4e5eca95f66
SHA256 1a8e68adb3b058f68d3eef56ea2f9bf2e156665d07f0c9b16ddd8c94d394fa20
SHA512 3f7dda733fa1b50146d2a3d15576b1092dd78dea9e7b576c1f93418aad74aeefb902224c0381afb1bcc88dd9e75dcc3fd9dd0d17eb867e67865b438de1a0ac5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 0782b0507a1a5341633a9a4bd9138e64
SHA1 6d115849cf40d835fb8bc9d7dde9c3c418e5b97b
SHA256 9f71809ff7530123b8abe47308a6b87cbae042add7c346bb419c751e12117499
SHA512 7fc846d68cf99b33b1ac151ad18e86fce37a7a3c2859b088654026290bf9831b551692bac7ab880b41c640cbb67f3ac2e014631f552c15954eaa7a15f60811ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 824679380c406933030f7e625b6ad31e
SHA1 5e43b7f7f7eeff9caa6f683d5bf29df92001e6a0
SHA256 a91785cac4056b984742125ba3a8c596784b05c1376faeb30a0ce7a45c1dbe41
SHA512 0a4506568aa1b07b8e98cae631524b43a062f6e0d1475270f3efcbd1267f86e2dd1526045fd8e544a8bedad99414c4869ce278104a1d0f571b32a34357e67e06

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 16e3b683a397201300f9758b6c7736da
SHA1 9257e8a9413c0ed6d7e100a069c35245edab1be0
SHA256 22c04901a7225021d1c5d0e56b6be37dc9d14be9bca6e03af2b0c9fb66e75d99
SHA512 f8f197c7f0381761c17de78dacd58ba0e0c73088cbd604202f3020ea807e2de1397ff2830023a55534be4f4371372b0e32708ebb0a9cfeb53ec1ff3ffae42ed9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 2bd313e89ec51ccf84d57737bc0f1c47
SHA1 dc624749641f1da2d277ee3caded1486709adb9e
SHA256 d1565cc8a4f3c1e890dc3a9236b1eb94dea47e363b3f30bca77ef1a030667757
SHA512 bef7935e79044d1aa9765459334a950192caae61cac925ce51d5b8cd6453ecbc134b9cf086db65b0f09d277c822233b85149e7e01b6397edf37ecc82cf0b69f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 3a13b51e9a19df37b079ae34a13089f3
SHA1 b26a64a2f7e87d6d14e014c91cece3512ee06374
SHA256 a791d25f5dae9d8a491243682f5d1552bb48c0bff81141fa5efdc09848b5d809
SHA512 4f01abfbbee7b3f1286ee7632b6bbd03cca0a2af0df275977810973afd45b7f3ce8090c6fd9d2132f4f24d16dccf56edb910e7410af5d6f06fbc453ca6ea12e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 7700667c530cf8100611587f95419ef5
SHA1 044e80add0b00d7800459bec3a7df5954fb68529
SHA256 523faacbf3847d4759fff495311615d8478c2f5166e9e55bdfd1be21dff1f5a9
SHA512 69e863375e087ad957f525b42b4535671df07042088a4a83474b89c32f98864e7514134111cc741dee9c8e49d3b8d4508f86c688d8808d8b8b097321298a883d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 28faf132bdcaf80a25fa126a77bb7ea3
SHA1 f606ebd8ef5118d9d819ae659b8fbe772b40e387
SHA256 5da2d07f9d853bffdae71d22b73fa675258db0086035f36f1e0dc9e4287dd23a
SHA512 de94e87663753e0796baf393d720fb3f81752ba82c94052d9c74a5bbe5241deea642b9bf179114a91bd3b9f9a5add5a95cea9dee20f99f43d71d335d2d9fd7bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 4bfa826ed25e3344c424c459b73288be
SHA1 2b5da283e9f250e158fa8f3ddf17eff99cc32bd3
SHA256 bbadc2323a008127ea1bc5b377ed5e42c5955b4634540fa217c19332e963bfe6
SHA512 df49e423537a757af1076eb1bf7e35a39d559c1f9dac1e5c7e252efc9e908c4580ea5a5f7f68c95038de76ba482cc01584f5413207aa33f915d177974764b474

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0b49ca26cee9088a712971397882c8c4
SHA1 94c0b70f90c872a51409da7dff00c00db31d3a69
SHA256 ceb6e9b413d28fbe024e1a3ca8b05bd39ddda1af1a1a7ec5934204ff10009429
SHA512 6c78737b46d56ee06547a96c121aa945ef2365ca6e3cfe4fa7f772d99950de53a2c2cc06506accc8709dd44149c0911ef45b4850d019e1ad90f92f5c7e997533

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a86aeae59f23e4adf6b4477038df51f8
SHA1 6412f9be3c0c5bca24836647817d413a778e9b66
SHA256 dac3210a3011109ae98c061d133107ba380ad184e0d91e6e8195b3573dbcd8bd
SHA512 53dc20a8b07e3ae1e1f045c0e81da5ad628b6c436af0ce6238e69ac1da2c0023a7873ca6556d2d52849d4b6311793ceaef93f396ad6aa65fd5ce6359692fc6fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 5b278110224cdc78933fa86a32f0cfa8
SHA1 a8e358b5a8015b67d7dcad22a8f87929013aeea4
SHA256 af2300d5b89f219bdba80e16907f555f7765df8b721e97194568af9b479cf95d
SHA512 7c7a9390906223e947c6caa540dfaaaee47fa330a3acec744b64ede095e5a032cd5b3b2bcecbe4c0525c6640a605b2cf531c528641731e0cef5f643f9999e06c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 16d04fdf48fe1c3d23bafca227fe7429
SHA1 9ec40217dffe061f2bed51d377283a5f2331be8a
SHA256 5a0affdb1fcbb4ddcf6c4e1200aa8973bd8324544f8c47846ee8f7275cd6d824
SHA512 505858aec1b4d84c430dcb33ff2e3ec5524404a530904cb12d1387dbb636e9fc9e1d57f1fae979b485edefbd9ea8def99372b518004911ae7b4c60fd629bbd1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 76ac2180a9bdc6a8d2e0cc3eed07c178
SHA1 1676a3e24d80968d825233c0d93c86ce339cc7fc
SHA256 d9dfa64c1af629ceb719dfb3002c93f03a2baf303bf2620ec745f8690eedc610
SHA512 11cff20204c6257090363beecfde3c0fd45123eb08aa0abdaad6788a9f750ea655df1b6c25b18422dd47afff5a0a2e2579b5de6b6eb93e805b1b9870c0fc2569

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 ab10dc1c0df861641ba9160e9b57ed3b
SHA1 d1beaa14bef3fd977be3dfa6a3d997c0c9e94968
SHA256 b81c5b9d8f7eb36e619d2ec95663bd8aa545344ea5a5fd8a24d9c60ac50b9dd3
SHA512 0ede72080a2091d46e9957a52ba7c3fcb68fd71e35256b3982dee004df141c58bb33a4a63a61c56f0cd7e120d6587d7c1b78221cceb1d752c8090e725ddc044f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 d0ed9860bac14fa0609fb2c6522ce07f
SHA1 d106d5836f10474aaec5f4199e6635dab8080093
SHA256 811d44cebbe905b12bf2c66dcef90f4cdb44cb71ab6b05c24167c71c87c8c83f
SHA512 8c1fac13af6136921632b92eb86b9b25db40ea2b068ba9cba28b9c396596d610afdae17966bee76954e44ca1895f6932f7fef0425fbbda64689ef49a7a92d556

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a56873c9f07dd6d7348a0fe00f824cd9
SHA1 c8abff95fb17bfc67e1b590e0734e0cbb14df5d0
SHA256 db4ef24e0dc62311750d87c1004d6658b26c6e0796edfa09fa0c549d9a3e591d
SHA512 6448d2db9cdd454623796465243a3848b2f5facbaccc43d26a056c361518e790bfb76864f179475acf3a967bf7386097d9e4e58344d47f8b2c5ed29ff489921c

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 b3248079807a24643b947e40e516ca69
SHA1 abc8861d0e7533f18e523ec3ccc9aeb678b2aab5
SHA256 bae17d4ecb8eabfabc3eef1e8ed81ca16e58081c521514016443b12fa6c65943
SHA512 bfceddf649d77b7e58af8bf720faf9f133927fd264c3f609a7ba06450a539d7306e9f501f5a34fd30c2bb0b08adfd8f131b749f6b048e34bc96dbfb18fab9e2d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 bcc3765e7119680468dcd37fcbbf1b7d
SHA1 db3968e5f021e5a4a7584a8a71e5bb62ddc9e54c
SHA256 6d5af7187e9c46395cbd0c63dc3fce79d6deda28da199e544a9ff59e54bc3f41
SHA512 05f81098aff2832ba8405b59284c5fef59b6146fca422261bdd97786844ce7fd9b5421364eb4073f6c700d3cd694f564b9c4a5ee8082945d7c8a0d026576475b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 8bc9a46c6aa591308e382022f9ecf050
SHA1 52250745c8a4a16f903d9cc607c59323a4fc7018
SHA256 e576bf1ca3ef244af3be3ebbaba68e5f73f3faa0dfb0af362848a294be3f1d44
SHA512 68fafdd882cfa43d66d320961c9a0c4b2b2fc4e01f28677fc3357aa9f5fe41b163c69cdd3e67a32cf4d00b131c1f8a616e3410fdde8831545fa3780605f6dfc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 8b87fc2c6b0b8a264d69af27e460dbae
SHA1 b92640f2be6b2569800e32156438ddf1aa617461
SHA256 389b697863ebd3ff109f3a98e31952b75c1096810973b7695d2cf6212ec25f51
SHA512 77150870be22b2a792af41a8f3d26bf01252fb4d3a39a08dbf26c6d3290666b82b33a7eb87389871139338e0e3e08ad4a6f289613810d063295f5705a93d8969

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 2ec541e3b87684d1b9e43d29715cdea6
SHA1 d3a10b43a9e3ecbc417053593cd5627bb7b87e7f
SHA256 54bf2925af4113b74416c21de14593b890d8c91a6df229b696fefee748e3537b
SHA512 cc2f6b97c84c90d094d8f7b1bd2e0dc685daaafcbac4cb53cc2aa0ffab65bf52f107015ef9e0d0560b60e6048292182ca4ee66c16b3d29bfa6393391ded451d7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 2a727db094f6e229049b75618efd0a62
SHA1 a15f4e57db2dc19442bf6303d7fb18341345ee06
SHA256 42b70dba2b728584c5fd2473dcd0b13ddafbce6ad17e85081762150bca0d9e74
SHA512 42f30eb13268788127fe796ff836831f71838debffea0419a1d6bd812a0837bf95fad12b59388a2c6a8575fea2233ff4d36ace97e2f96c9b79cacf72fbd81d5b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b3e6773d86e62b5a3e593c1bdfd666fb
SHA1 fe131afa5643c176452f6631fff9d5c5e6690dd5
SHA256 05a4c1ea30b24fdba061d4cdaa2918adb428746d526efbff9c128c9117667378
SHA512 f82ef287c30715311e8a8573a4eef3160298af1c84aeef3ac4b1cd89ed4c546bace7ee72be95824f77845c678c2d2d6f31175e4061e086358898bd76b060fa4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 605835cc89f8c453ed9a47ec55beece4
SHA1 a909e53128e49016ebad607ef14067db15dc192e
SHA256 cf84f4601f8f135e9376a47ffe2f6726ab2f89f4d36b38ce5d56c1159029f873
SHA512 e67c2998064b74e04104672d649dd7f27843f11f6f62a31df74118859cb398f1dc243dc84959c80316b10850a76b0f9a106fb8712a567db2c9c0dbcee50e14b8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 949b18627863fd743d3c5a12a291c836
SHA1 5c287f46db8fe63acedcf57368e3e161ac45f7bb
SHA256 5c8680a6f21948a0b550234b563c8f9ecf92d9c7106133a6f0cdcf2bd3723e06
SHA512 1dfbc527ace32318fba9e2b413eef76bb25d7447140c5a5ab2029f97a1b01b2a4dc7b74e2f44fa4efef4606e297f95f89e311d9f254328aa8c4a74a68ff04046

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3eccf7a0ec02d23ae792a90dc5955b76
SHA1 5288a0e0a6ead74340b7237c34d4013e7d0158b7
SHA256 0abd2da2d76ec0fe2886f5c1a540f6bd63969b4296ebf76962035e48e2079f6c
SHA512 128159cfa16b2c870c61a6e22d39fcb7dd310a975b9d75b0edcfced89d49fe189d874bc380d58b197dd8ea9cc55c816c4f597d1d9d0ce707c66b8f3b7c18f012

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 57d2bc66b4cd086855aba75bea21ae12
SHA1 93a0b2604de296f43a050082d95cfbd5ead8e1c9
SHA256 6d48d5713832abb353dfaa5776dcd0604370e5581afe9ca57c8503327646c2c4
SHA512 a47c0cb7393c1a0950751a0294103f9a5d10843217bbdf3c2251e81a75a147e374b44a8a195b86397a83b00cba961da856428d70e40c7a67e78973d84a6c431e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 fe803808886bf32a8a2afd925a57c94b
SHA1 9a310a28780fc6e82a09334479b6575df9c47c21
SHA256 33835ebf4ad918232dc940f452d250e8e9e559886274f382b58378009daa3d6f
SHA512 6ae833d559eb97bf9bc197dca7ee53169f5f45352c55f0e9802c53584b060a0afc9092d57b18e1f43b8a57e1db5c05a1aa14ecc0052f0ef9b3b3ccfa3dfad16b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 80568f7484f2d7f03af9d93baed7c668
SHA1 560642d59022941f2c1e38cdb32c42fc7e86772f
SHA256 79222e9f74351f83e5979080b8146252fadf375e483477f594b09fd63b288e3e
SHA512 597c432c5c8b4a2fb0072c4dc704d530f61386f1ebf4ac3a018a39ca637983640e228f85b9d87d5a620185b1b7769a971cfd80dc33b0b408a4ad21e77114aad6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a72548c44c7de13e0eb67fc4902e1dea
SHA1 a0afd4c9f350b9763e6da8cb6cf2e3551b4d17f7
SHA256 aaf12f261a084909e0de91e17ad3f7f0a3cd686cdb8d132ef859f71c22d0a5ba
SHA512 c89958e95c388dbf6e40ca8c00b0b17bd2d01220c5435edd5044f12e434380edc28c4b86f8279df2417c1a30db77f77f91bea597f48d9497ced62b4d0a415fd4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e18c0f7d445db4c4c06308e43a3ad46d
SHA1 df4a482de1ff1af27694ea7bf7062c0d14609e3d
SHA256 a71d5c6d547caf766931be5a2fdd1aa44bac8dc0cb0a70bb4e5d053e585d8e54
SHA512 431916052c78338714d41573943cb3cabdfbfb11409f6c0838423cfa0b6e9dd26c21560120fcdd86049db0790877953caff975eae5f46e21be95278f3fbecb22

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 93fe34f92fb9f6bc3b5f585ebe96577d
SHA1 71ed8ccc063018a8eb7eeaafda1b64c7a80f8b30
SHA256 a0258819117f5f0dc7bdca3f64f7648cbef34c6c6b2d7c36fe477cd0e8d86163
SHA512 e4f1934c1e2fb83dcf25d7b1dda9b862ef886d4ae12a1ecfeb54d97f4ea873a86787114f2cd2c39532f1a661101e499293e37fde73220514c4697cb9a14391bc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e03c2d2a3bd90227c310dac5fe00ec2e
SHA1 801415d79fc6e4fb0044905b1e87aec0c9cb2d71
SHA256 1777710a24499be862df3aee02cd1da066b139850b0d708a294b51a8bef9c5a2
SHA512 b8847723878eb869a6dfbbd4ab538e9581bc59ee0229b18d9ed2248369996b4741d1cbc9ce5af8aa4eb2d48301dd07e45d068269c44753fe54586d40df72f7a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 c9030e6ab9e7eb8c0a91711c4696fed4
SHA1 848cb283a4d660c8aa228f4c693507bf2516338d
SHA256 1bc74c40ab10ad1c48d6f9546511cd817cb844932ecc7377e1e102a8c20c187f
SHA512 cbea5e65bf9565b91f931d30537520b51e23d6928cabc39a20cd840af30357a4eb401b014dcebd8d67c358debf7c69f7e0f3ccb6a54b08974a760d384eb4dbfc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 d5890ba9b8a51419f4f42d3a0b75f68b
SHA1 acc7c3a6aef2ebf63109232454d1213c0136f3ac
SHA256 a350895debd5ebdfbff92dcdda563f59e6260530a23abc2a5f9f84465da22d89
SHA512 c950b2ac5b67bd163d6c397d85a6b0a323362e2ed1bb1c81890b408fdf53f35818b0fba28f4852db1a1bf9b5a08ab2b52967771eec09da98c08b567ad540cad5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 d5de9a771f89a8f58aa01e9a8de7e908
SHA1 1d73d359f6d1986e36786820dd5747e69147ed43
SHA256 f5f280cdfcb299ae558721fb705c6193d886446a5d489f2713c1a6df62e99bca
SHA512 61265c1abf75ef4fe9097246ffa79397c3cf158e577793edad21c1f251a527088518a9d00d3d29070262e19ff11cf7a3d7afbade5af97c57308429df9695db4a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 ded44546b0745d2dc4d8ede39667b9ff
SHA1 46bdd19e087418e519a800d087dda9ad777efd45
SHA256 17006a0b466e244e38342ab098758f9dfd73689e1dca3d613679836b7c7cec71
SHA512 5573e09c0f1841c056d33cf48d6ebf7a03ee2fdec59692686c77bada9e7fbf21b889fc4afaacdac6a64501cdce96540a8295b79594cd85290ceec54fd18c716d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 da478314dec2972a7b6b8c3e9380078e
SHA1 8dd35e055911a8fc781142314ae84a9d77d001e1
SHA256 a2546efb3a51de3d21998d48667a8eceeb39b8813e555a4fbd75e76e5b32e443
SHA512 f4bfbe9a4a6f45a3800c3d7b901f39f87c11396a2610ae5ef945ce898ec07404e2c7e6f221f985985193e589986631422af6c0b7d9ef748f076be9ede97f7314

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 237e1324429ec12f6e5f516e9be925e3
SHA1 aea5910fe8fab47f68512855fd55bfa88c63e169
SHA256 f068ce1e83d65c491fc93ad2c9611cb10c80f229ff1f59f609e1de46f91d4e8e
SHA512 61cda29e05164ef3c45e26a02f045fb0ecdb808cc30230d9095530777be7534b3131bb540d02508aa7a9305bf0ddcc5881d0ad50708312e8d3d2a0a40fda102b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 9f85f767f6ecd3c0348390a3d764dc2a
SHA1 86a1a0b55ec3f5be6a92a0d154d162fe863ac536
SHA256 97990ba0cc4ef3cf01b57744a1a86105ba1c6ddb820bed818d9783283fc3da51
SHA512 8e652ae8817a80fc6d91c31dedbb686988319dfa373db86a090c6f125ad2499072864c426b8443d543bd72e031e87fd0da98354ef998dea23a04193bb2cf6e73

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 66217b5cf483049ae95fe75c00a45fd9
SHA1 eb0ea63ed001d5ae35c6b548746ba82135494684
SHA256 989c63e048ad9161ceacee25904013a2f69b7ab5c6f7657af607fee58842700e
SHA512 b49aa9f1ff76056a0d2b071153629d997e3e63a8e8dc0e81e3f7fe889ee02422cb8de5ba52e61a9cef6739e5ccd59263d1ff8b8abededa162678d51ed8e18b5e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 4fbb03539308d2f4056b43b305cf0709
SHA1 9ee63fbf25c8062f2481eee532240d416163bd63
SHA256 1259b5f89874346bb5cc245363c22cf29d24306a7c8cec4cd76e6b4ea2a92f6f
SHA512 c76f9cbdec0b6e47da1463285af25edabcb802b9f422977d31f23a183be165092983280f64b26d0450665b4b5ea30224b92b48947fc2054d99d675747de3cf55

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 6cce374931e868b3f7dd34783d7aaaaa
SHA1 ddee6bb3bbb6fa4a6f95c96c1e51d69564551cc0
SHA256 046e6c136a95bf270e5bd54e5438570b42e86e98357972d31f9040dca8631af9
SHA512 f3ce14e68c73bbac17356a94a9ef263ad63215fccf5cf70df3b19286f79ddae01603480e415d978bcde125325842fadba69b03e756c60623202fc5c0b4a0b76d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 81b230ed4f6b8443774af3ac2c3415ff
SHA1 08671b9db78d1c203693524eb3be03f750711953
SHA256 6c8b0997788b121428a4aecbbd380a8178adaa147e2399d5ec5a3401a4a3836b
SHA512 9f62d1b91c4c84c37f3a0fb591c1328d6d2521d251e9fd229506a56d5465fef35ef1a67e700dcd6f31d79664de942fbe9d6a6566c7236fa6ff12a1cb010e85a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 2e5a313b81cd3e43a28e1ece94010447
SHA1 716e169794d75dd0f3bdda359f9049611c631326
SHA256 5d590f633a26e71b95b285f0fbd3b22c223adba7f40bbc9550130c5dd9bda632
SHA512 b9b128b1ef66ba9c960b032d2427bb3cf6a477c18174e62a5591e7ac28ec4fc5645e343161243af3353b6811b548b218bae633db5e4a110df32dedba15d668ea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 fc93114ee3ca7fe8886cd3f833240a7a
SHA1 6c93f4cbd2f6cc55ca6027d3eb49f9facfe42647
SHA256 17f30d15d000a8aa4a11fb83c127a1f09f9ea7b2953245b382b6922d00a696eb
SHA512 ea1275f8f591f237475759926c9ab9a6cbf460101f322920666e321c973734f97fdc905f70b17e180feb3d41895e37ad9ef41854cc60028effb43016f688ae9f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 431bec7b7bf901e1433c1f315cd9ff4f
SHA1 0259d321ae03c47e55b27e4a221b7fcd600ce464
SHA256 9548b2e5d8cfaf71aeeaadf0d51ea9a8fa7d35678e11892f247a7f52477c88b2
SHA512 4cf9ca5828fffcd679bfde599263cf3f8ef22fffd505c8751afe8efc72b7635f848d36e4f9452bbda5a5002db3e543289ed7b5fb1f8ba7d5563c097e3679bc33

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 aad565a68c89ea2b0e11d02b844634d2
SHA1 7901095721f61fc1801e5cc2553449d854d7dc12
SHA256 18d058d74c025142a0d00692bf1eedf21292cac26e7572af3b99f34655f7cce8
SHA512 e31d537ae8297b3b2ece26a044ad3e36e8e4cb16e3880df9cb2e630dccf7603e55477e9c63eeafa100d786f9ba23dc61074d1046bef59611504ca6e52ad22e62

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 7bce3ba543558629930c73cd369b4f35
SHA1 87a2afb047a2c80556e369b220a97f65fe7d8a77
SHA256 609bf41ae89670ee3ca4c77cc7eb90a9a15a867dfba413dc1e7461bdfc6d8c87
SHA512 df61eae032628298be825e14764f30a2166d7e2346c91ac4f9f88841c6558fe37c06dae07e03af093a081a7516446c24667aab6889e9505bcb5409b2dfa5338a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e6a6c127005052bae7ab43c84afc5aa7
SHA1 d08ec67fd30112f1e80c9d98d0a9839f5cb005f2
SHA256 31839585c09550543b8f3019bd90c18317f6ac21c93eeba85ab2810c013da330
SHA512 917d5cd2990981e0c86d1266ca0ebd6cab9af8b281bbbd959993c96504b35ef0ab089ada753878adb7544180ad46441d1df781abc963924ab5b8a8b91c9eb62d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 e1ef4de9acfe0559a964d0101f550ad8
SHA1 060fc87e46438b19eb8a2c5add8af967ed9d8bac
SHA256 1f7cfcb3cc3d83294e41950701f1186bcc98c12dfaa9c8f97b0632434cb6df91
SHA512 a1db980c83587c2ef73572a951c1e3e607e1e36e3db1f3a04181490765ca3287dd3aff9f8297478d70034b77562f5033cc96d228c9e2567b00a3a551db1c561c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 a2402b71de3ba5f1f3bc6026a8d58481
SHA1 62603d1da166da59035dc8f01d864ae6d141d208
SHA256 ebde29f00e26674a280b7ae51e32298e4bc7bc6260cbd50bf0932eb3f0a2bdc4
SHA512 49ffb57bd3072f22f3ec214e094c3afc0fb5226d20adf4b015815d23e459348257b09ef5de51c7535cc8ef49440100be5bbeb45f39950b10778c1282ba56c4f8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 be89bd59b58535efa85cd0e2adbaeb41
SHA1 19cee2d05638ffe9f520767fb806b7346cd8cf84
SHA256 9a35499959af5ce37890b36a6923e0a15ac8e626d9e5cf161f8b1736d01767a0
SHA512 7061aacb707c7cdbd9a5025497f8e41f6513415f2fba863d345f4ab544daf0137c5f6716cc11643f013549c14949493da91026fbfece1ea970971a6e9cb10922

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 eb43182a9ce3261f43ae128eda93332c
SHA1 73df67d0b40faa61e55715004ea74e9913ac10f5
SHA256 02bd1be22144311c047e1de0e09baa1d05c47bf23ad1b4258719cc22043d9c29
SHA512 2e8b9bfc421591c033238d33430232a130f349beb90e1bd641f33f31835fc30538e8aa79e90728dd206882f7393355d5ead8780a0bdb366a965cb9472ed14772

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 00dddc0d376d4efe3027512a08ecc7d8
SHA1 5507da0e9c8132e2510768cce2ff846f7928f029
SHA256 65ac6aec9dd408881263614d77b9020ee584c447f5e110548bb41cd9711a6541
SHA512 398462aa895d4a26c62b452009484c1edcc70f6d3dc3e41a0c385682faa4a6d6a40493c423546f80b435825099d96ffe4e15f08368116d91c48d6fc0e52d69ce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 454bbef0ceb30db7a04b956db36c3a59
SHA1 7f0bf9a19ed41d83201e12838660e51900cd3e94
SHA256 51045ab4b3ac7087aec54633c79be5485692dfb207aa27ad778b4f2fd45405c5
SHA512 d23fba0cddcef6c332f57e2688a4b3de8977e7be3c9a4015617bbaecc633b5e659c5624d920b7dd0fda9e1831df290fd405b148c1508fb6ab461f734418f9582

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 7ca2d4fed4c497e716e4f4e2957d1e1c
SHA1 bcdf5232a34145bc7e4238cfec6b73d3b7c3fb1c
SHA256 914ab9619da37e179ae2e6f1c49874e1d74a63fcca91ed38572f299067b2482f
SHA512 232c0ac31c0a371dbc20d2da9c08420444e69611f82d3ea35aed2f57496f8e2cb224fdfc40d26f7c9fa12261ac91c2680cfa3fcfe382fa4f1326ea17bb8dd285

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 539a7dd32a405f9035ff7adc79ec75af
SHA1 6ba1d432c485dc5b942d94de50014551142fded1
SHA256 b7429c76f6c963d7ff42c10198bb983b9bb25756228287996fc80a78c23e6355
SHA512 43a09c3db080a373608879a89fd954e61b8512514da46fa3f7199120292642bd9098529b5064b59066a208ddc143ba51ac0f91a53c6ef201c78720ad54d9187d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 76f92bc90744a18a242f84d0401e6b79
SHA1 7f8f8b8fc4f3f8d2609981ceb757bd046aa7868a
SHA256 cdd12fbc608e53cb071e5cfce48a62545571d521ff54dd917f1ee1f275b2cd56
SHA512 16dd77299b6b9360c73750756ab150a0bc1aa7a10e10482f04d4f373365fd25e5d413770321a4e8d901741c0f6296a90e9df6447a9e0ef2659c4d5a47b30e704

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 5c2870ff26ba358133ee8c4d55539b30
SHA1 ca4e70bc14ad35a08448c0601b8410d32e263645
SHA256 b80354179769b6758964db2e791a8059208f81837775b7542387e0b21668f1a5
SHA512 aeda3641bbb4ca55ab8a2de7b43eb8dd4abeb1d3f592cfab5f045df93f44b984e7f752bec2d1164389e41ba8e72fe9db54e4ee86359ebb7a602ce60b23267bf6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b1a7077aff710928d3b76b616a0e9c00
SHA1 ff87bc6856b3048d5dd8d7e9157fcd78c99da814
SHA256 da69d1d291bf7e4bf7c7e0360b4a49eb464591a55eb98f33e01a155cf2b79cf1
SHA512 a5c96d10fff93319eaf51a65306b5e91058ba7da6ee0de1e554643201f0de339a2138e99f08df885efdb1273a25ea1d6a4afa7f1e27757ec1573d8f71f3e204e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 1bcf2c00c2aa413fd11ae60a0f8a6b9b
SHA1 cb877addcc4fe572b9937a6ac3a35d622f93bfa7
SHA256 6d90f1111d522213e002d958cf20023172973a7d9716c7350f7772192c279e75
SHA512 d194b325da46f4f5b6b87bd46ca3123eecd7438e692f1ff9cf2d6f6f31ab16c07817ff20fad270370e6a30b9224f1a555cbbe8a6783db15b260421afc0549aac

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 36c36592d7d17f98a53dfa3dcb55f3e8
SHA1 c649ff947aacb90a1bba39764a9fb565ea13479e
SHA256 c0d08fb5532f7c99f61e013a83b0ea36c4e8283e0e59b49e5bf17d39235a936d
SHA512 0cfad0d3dc3fd342058714c1a16db37637d9e6fbfa079ecd0a768344a405597e185952acc3ee512e84e41df7f9f40bc0e827eaf0ab9dd15870c775855d71d33f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 4fdc4d5c2f28e0103bcfdf3d8b38c66d
SHA1 88f837cd4ca537e12c37599c4a8d87ee715904ab
SHA256 f4c8936fa0571e11213e9daa5f517e68cbb4067b7ad121c6e1f44977431d0730
SHA512 3c249bd51d81ce5cf689aa2d8e054b174df93247e62aeaacdd586cf2dffc5189959409d44d11208aba0f35407de5940ac9aa180c3f089f904d20eb0f0c926fac

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 8d681170e1514b01657294246932251c
SHA1 11b19611e87bcdc2f6ce2b450a4cbcf64b5290d8
SHA256 c3a681e8f2d0d0c972703b6e59ece88235e05ce1361d5a588c13d62f0b19a419
SHA512 d908ced34f3ce194e00bf50aea137b8585bda439b8acabcbece49ebf7eec658ecb2611cda157af9064b9e89b2cd250a99765fc5a314f03f931fe1bcd0262616e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 bbe127b568c7b63c3b60645fb39cb3e7
SHA1 be877985363d6f7b370523c70a64d037f0bd6d4a
SHA256 1bbd9ddeb7de83337a14ea0763503a77d2c45fe0fbebf98085f44d0998b68e3a
SHA512 d2974e18d0930a6be28b1626f540977dd53fe4d1e3918aad1c1a72768fb69da4e560effcb7ce7c9d74320abfcdb27ac8469f8f3faf7d09555847ab64b1be4356

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 ac027cf6c912513dfa47d6b30918faf2
SHA1 8c074e1fdb68f949fb3255d9712c2cbf63f7ed76
SHA256 5e0ee342230020774f6b777d58a1c8c7b1906d4c554fd07a37da56c0b2685cc3
SHA512 c3a039ecfd2d498849ae6203558a1a5305673fa0e8efe968725be7044f18c677a19f6fa9057603bb862b634ac0e833d986ed5cd91b9ab14f1f591075926c0d84

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 fad2d9e306347b16d99d6177a148ccd5
SHA1 d33d6045c651443e4e88c971477b61141c3f45f5
SHA256 d8ce5847952a22b7be640a19786141934fd16e4463518b283004ebdc83cbf210
SHA512 4b3f621640266c6bc709cb288a3521a67d9dd027674f2fe02670fa4a533ae1ce8594b0b4d7fcccd68f26babd62a58d73fa998480d15081d8e68ccfaa69d60a16

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 b03397eb2288f26ac08c686e39637d7c
SHA1 125cc287751d3099440f0bedf0c3f863cbc1ca53
SHA256 198af880a31a65174fa44a4b901268b7e82bb73ac6b22aa6347d991294cdfbc1
SHA512 5f247f866ff0c922248fd2ccf820ee322122e1f46031aa8a29229aa15cf204180ab62aa127f68d621cf830b27787db1478c29a4b41061026458320322cff280c

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 da56ca859d8d1f5ccf1f26c2c65a6eb1
SHA1 2fbef040ba0a38bbffee09a971a1b72a18586bee
SHA256 b63e1d025b39efe57d0d1cdaec1080ae891f8e814c728d2188cebde64ba2c2bc
SHA512 e0bd411873fc22c0528bd0443fa08858f14830be8fcea384c6652b2a697fe08e27e69b9c46e57b685f8932d8ba66b4327363f3a1e28265148d1f71f4ed1d4b1a