Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-fpr2ja1hrl
Target 3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118
SHA256 afbd82de1c80c8508b0cb6376e248393cc04b5276680c604d7df1e56fb93cd26
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

afbd82de1c80c8508b0cb6376e248393cc04b5276680c604d7df1e56fb93cd26

Threat Level: Known bad

The file 3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Xorist family

Detected Xorist Ransomware

Renames multiple (2195) files with added filename extension

Renames multiple (2203) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 05:03

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 05:03

Reported

2024-10-11 05:05

Platform

win7-20240729-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe"

Signatures

Renames multiple (2203) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_neutral_15940559c66fe8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_neutral_548addf09cb466fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_68988e550e69a417\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_neutral_7e1053ab483310f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-mfc40u.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7945f461443e5b92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..portingui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_77c84383a7d2600d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-utility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e5eab10313a5ce3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_it-it_6d6b27713a307bae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a5dcf356c5ef6c3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_h.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\Boot\EFI\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..blauncher.resources_31bf3856ad364e35_6.1.7600.16385_de-de_62191f59bfab52fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_18f43c9af640b849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3f402d2a88e586bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_de-de_1f6d0e034bc137ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_es-es_c82940e03ac63534\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_31dc108b13bfe951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-class_ss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb135982b1e0d229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e6e1fd85163c539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_96f3d2049dfb9360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1f38a8d85141d004\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ff34ccb6dddddcb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7601.17514_none_ed47f623204af12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4c0fa9d495ac562afcb136f3e9a87cb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-docprop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1a5e5b2d54fd27f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmcodecdspps_31bf3856ad364e35_6.1.7600.16385_none_e344e0de5741a951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr005.inf_31bf3856ad364e35_6.1.7600.16385_none_c18fa02953594dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_01f8ed0ca2427752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nete1g3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f96826a4e6f9360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_420a748df5f408e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7f7f1dbea0773732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7600.16385_none_573e4501936daa8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Workfffcbcd8#\cf2bdc6ea201cec2b6e7981aa9f8c997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fc02e5c66519f4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_6.1.7600.16385_none_42c577fc7e31d54b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3c874de514e5c249\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_it-it_c9ec6364712ba864\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_b3e16a4588cc61f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3e1624a2e1aba7ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ab06ed6b52dcaa10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_6bf4ad2be86b185f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ee14e4b1ee589487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..omponents.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3503ab6a5815d0d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..p-provsvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_71f1777226893da3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e596ae5ff4a8cd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_304988749d91936f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6b94920933fd47b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-charmap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_73c013b7234bde63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7cf923f66d81e6b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_it-it_df3afed57fc21196\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17591_none_c027b35ef893d68e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sisraid4.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a287bbeaaa72af42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ab892e3e837a0b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1686b23f20c9b4ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2f24102adbc57b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d2590890fddbcebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-6.htm C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00c.inf_31bf3856ad364e35_6.1.7600.16385_none_9ac8d37e98daccea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_6.1.7601.17514_none_13d71710bc471de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZRBFRVKEZVNQLDH" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe,0" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a7d769635d5ea3f099e19639c556901e
SHA1 2db39400a4d7f7c0603631b5f6e1d6356b2fdc75
SHA256 a4a94d8fa8c598c6f8166fb8606b1b853918dc0838e958417e675b246a1ad913
SHA512 1291cd08c9df59d420174a2fc2d1e334d0e1ad38584af20533ea33e6272a7ce93b6e36a198c56772d9828f5edde050b782e8fe356f4619212fc7a1b4231bbe38

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c1ed8d70a2fbbd918d4cac4cc78de217
SHA1 1e0d05fb341bbf267f58df84bca6450a9a118866
SHA256 9e343a26b559c398cdb3e89efe2a5d769704120fbe230bd79955ed489e3ca0d9
SHA512 717309b9b928015d34a3267c6987e6dbf1be5e787c062681aa27cabfe543d7e7b3a3dcd15dde23bafec2d49992268e771683b1a9565a2bcd10b38ec3a7454119

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 aa67613a9808e594e7b23700e24a278b
SHA1 9e60acac065f54066b95351f8a67529d59b7459d
SHA256 ac08fe6aa1773289e017a6299d2a14aebfc603a6cd44e7abea8c3dbdcfcc1316
SHA512 7dc69e27366fb8dc98140a7a7320467303eac1791194bac144fe9d83383c04d79a2f10406b3f7a9643810ef735ad197b97993bde4da5ecc7221a21ea8cbbf55b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 aa942cbf71565cac098e5cb293d1734f
SHA1 cf699dedf863e2476f58e74d3cb67d8b6b14601a
SHA256 f45b2e639291d26f015730339dd5896a4cb0ba3155577475a4cece44652c8db7
SHA512 b8fde5224529ba750d4a5df58f4804f123d8323f80b44e8df9cc8b8411fb9a6b42cfd52dd5c2bae959d400a592ca655c1a559c1ce48f1222740e5d3400b2bd0e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 d14cd4b732038fca059e0364dd12db5d
SHA1 72c8b1f213bc8108b93db3a960e032b191621447
SHA256 ef2e53f979e911f316bea140978973f6d03c49f49947503b1733160f00c640dc
SHA512 7011413343e7355cdc20d50390a6bca907016da57ff51a667ba8f87b3c89e5968fd35421d114dce72052b75907b5247d67b6f4d45e3ed0723d039d89440d1e01

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f8b08c75a0a824498eae47f98b9f5a1b
SHA1 dfb9d184061fae911ec9fef92224e930f27c5b46
SHA256 56ca98663230517bd229e174fbcf2e74e50d84bdde37f0f30ad24cc48ca562d0
SHA512 a8bb1745a670f82037aa70ea2cfcc48544cdada2a3e422f7dc7009f3351718a0e32746a2c21489043b1c2bca6bc7a04e7c8007a5253629a1d121163aad6adc30

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 eaedcd9726dd04bab6d699393eb61fd7
SHA1 93172319c1dd29613b072b7d3263f14d380f83a5
SHA256 82b913dd60aaac296ebc126440930cd81c8010bd161a39ff86393a0dc6215d31
SHA512 ec1565390dd40ee0e30f9fce86ac209d6fef79ed6d1633b39a981cfcd70981e299d6e2732be2e8e7664012ebb9ba9c83fcb163af809bd605db439388b914b20b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 e34fd39d49cf57fe71ae50728fb28623
SHA1 c99aa47198c21a048f2e533d5218aec41273ca63
SHA256 f5ebed5ad6434b5975f790e09dae592ba483b4d63617a3301a0068e2febbd83e
SHA512 4ae52d703322196e2c07c0cb08c7679728da4ebf4ba963cbad2ebda5f2fc8d62c2380e2efcccdfa69fb2eb945bb3a7d8dcf61c4b13a117a46c1e9d87509b03dd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 e6ef91ca310432cd1b7d607e22fcfe0c
SHA1 31585bfe3f34f9755f53b162892d40042ed0f35e
SHA256 5f469132cbcf554aac1d569ad760863150e0e2f3902ff881c8bf8ec88437634d
SHA512 c1611482e50d79ff8c67a0d5df63b5ab2b4ec6219a795cc11af25c7625b67aad6509e466500b9d0a23c020d22bb7e2d2c7384b07357401abee04c39662ccd9bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 5f6e12eb8fdd5ad3f0f8032cfc5a9cf5
SHA1 6a52712ab052d2c471a07f43d7ebcbb5900780a8
SHA256 81a93d1d72ae6c75b66d42eaf664b90287d55abe0c4cb3ea62392a928bad53da
SHA512 824dfe18a522f94c5ce89368052454af8851c9071b6a0650898506d1ab51dccea5d561e9e18a0710f3eb4fb5c5cdab8f04178dfe2ead9be6152a1046f5ad13cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 6905b5a7f66b9d92ea9001bccfe03c56
SHA1 53d6bf295986db9977f5708e7ad663ef9b0a4953
SHA256 fc342078cef069abe0859f032a192591451d42296247f6181969b3629b90bacd
SHA512 c4fb677ff830b785005e4a0355945d9fd64f50421155bd28814d29eb2150da86a6fa677af3a272e6481836f6aa9dc15298927cd5772b802f95d9a91dd03c0bf7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b12c50aff48334c77748f271e17b73ef
SHA1 6c55dd7d626c301fc4dd8a5ee8002955ca105c4d
SHA256 204b42619d22ffe43520cd7b71f517db3d56fe36f884f13fe87282d09940cef4
SHA512 2363591105332927469b7f78739df1cc89bed2f6da9b849b7172f7f7adeaa33c18e15cfe415f12b5f22f42af12979cd05a6f7f33ab3181db6651f8e4c691b04c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 d094627cda9e9ef345519a010b3a8712
SHA1 4be98801372ad26d45062e191728e4218afe96bd
SHA256 96bf2a2681be409dad6b7526a7ad7692830774651b9d74ae6dd8ed175cf95da1
SHA512 f87ea0276becb5aa12b82eed5d93074859e48614d6fbb16dd373f11b8a54490b0c62405f1eaae2a349a4bb9f1676193cd9bc09ba4c58b9f75c066506d8a51f50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 37b739761cdb1a55cb0355d637a3b6bc
SHA1 10fd504eeb45bda65ed86a031582940d14838eff
SHA256 bd4efc61015957cb466dd177367de4dbd7eae78dc90633f644705cd5045f9df0
SHA512 15dfee324b90eac07e53afa2f7d4dd3e6f139d935d87c8f477c24d9cd0f92742e3377574ed7948d869fb0c34536629b991e6ccdbc819f34df64a24aee401ebec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 38fda553de9819fea6681d8807188e1e
SHA1 e82fd628927d805295447bde51a84c8dd31bf0e0
SHA256 33b27571455c083c4f8ef94e8d34bd7f29f07f53fcd2374db88a0c82b931a761
SHA512 a81d56f5ff0de3fad9f35c2af45fc7e24710ff97e633742607fc10cc810bcc3ee3b8173884110d2579cd5357d5663fa0aa7b906c81ec5c63ea8fab5189d611cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 d46e8a93af6c480c9307ed5ea5673046
SHA1 f5216ebe78c4fdce5c71be6c21dd08c9a3335395
SHA256 f247d993aaa3c8c3c7ad10982bd9a2fd0c6adb6bd2e93492eeb611230505cf70
SHA512 51867348805420cda45d0467b80e62c3751595135eed7384752ac5741978b99eb1c725ccfc6c2521aa9feeb917d73aafca3bf4d8a8f656184391d9cc004196bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 2691daf65059b781696c823c7cdccdfc
SHA1 ac1aa27bd087dd17ca51e17bfab534c11c28a5be
SHA256 3e35eb17953b05dfbea824fba60d0eb6a41fed450a568b010b4309b99be2cfc4
SHA512 f12274c35d10d3bca52eb3d6157fc58fae91199ce3c9dbfdd6af950438773936c6c670acf501ae8b66b4221c09cde8f39191ffadeb4ba7bac6b129857e3cb536

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 a6aead35b703e61cd6825adf2164d637
SHA1 4681ee654c7e5a5f52cba384f1a1b5384ee09794
SHA256 7e7f952f2c7e9d319907f601358a2bdff197b3ea95896dc77420f24a17ca723d
SHA512 397e1b0fe8a2bb575fae4c5082c47030e51928501b13d2e8238c95c2788b275d2bf4dd746fe7ef8621fb5a4cb4d9edc5eb272fd19cc4fa4edeee8184bac55046

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 1bb89e80c4a41d67629b5588623633df
SHA1 40c7adc98532444af24945e636da9d627c97a38d
SHA256 fc4ef3b3317ec53cfb0c345bb3d04f7c3077463db696f018cf1557372d5acdd3
SHA512 5f91222d3a8c3a433e05f42635d973b5d8e99e20450e1f11b05eaf172d147b2ebd61df144ffc5c0276f54ab050b4abb293ed64bbd1bf3bd007a22e6713dfc3e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 a179ec373cadde6e3ce6a08474bd0650
SHA1 4e602f9266697add8e5fa6c5be4ee207cfe8173c
SHA256 5477fac7dba5cb9fcd72822e56cf57b14d1d04d5571748b81f96e2f5e0c656d7
SHA512 49aa55fa5459211cfe4f67858030e769866ae4b05e454dcbd494be25da6ff53c091db51106e52a1fe3f75b641a72da2dae34677d2252253a7c9d95332d538845

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 41478181565c65d9836ec19fd448553a
SHA1 acd30469d63d35d1e0bbc089327edfda83cd8b51
SHA256 23942176b2017ec02f90b505afc01b5ea9003097b43fb16d83b293b437fe7954
SHA512 2ef9a26becef1207ceb7b23a9c539948c4955a98e6814143b638a78de6df181d9d68564ea3fd0cafbb68ca037ec020ecd95542fa1221568c2f58717ff7307f6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 149b34e79d13cd371dafc5644aa4f7e7
SHA1 ef5b782f960479bc5deffe1855fff917ec357446
SHA256 2afde4c8ee029dae59c6491c590dfc1bc8066ffa7d3b6f3dd46713f0b46f699d
SHA512 379c7cce062ea40eaf05c26c83dc5bade4371a3451505a33a63715c36632f9d17c822f89eea599e7e390551016888aee1a61a464fc896795f47d10c8910df7a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 608a288d26ecff3d391b59d09538cc9d
SHA1 44c931d28bfbb244d424fc27d41742189912af77
SHA256 d18ee8711ffb48f8701e88dcd4d8be310182ec85e5f9c36af4303d501ccb43da
SHA512 71ef6b1c1c855fc16bf108c18ea9c3ca2e842b57497a62dc17b9b3f1c0dc3876ab76c418bd4dad1abccd6d43d85676fef1fdaad253b4df200507d5909faf65a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 83ba4afb34bbbe0362e4caf46395ff28
SHA1 9681ca08ac0105bb33eeabd10e6b9265ef9f77d7
SHA256 06343881f3c3f9ce0668f2f04afeb8ac668c72e8df1766ff7037d15219a3eeb1
SHA512 9f4e4fafc3f5b8895450de90a20041b4bc7d56b8d85b01451191ebe01229f0df3b6be767004f4d0119889f34105467c46bf53383651eb8abd9f398e98caf77f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 4dc810128f327dfd7a7d3ca7be52725b
SHA1 09d1939a8cde219684fd01af845744d73b0f9b46
SHA256 6057754377e5de30d3b5746445c0ff7f3d75edfbf4e9a549f67cf4cca2f8422f
SHA512 a3453e6ef8fe745f0ae1d307850cbca9adc08205cbfe577dce3f1dea927e206fa0341d0ae2a58e9f1cbcdaebb7990e095ad4337f59005a1eeeffcde186df5dba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 916e43947ca02724240d80fd86f52021
SHA1 8e209653ae96db78b5baa56981ec60b506cee0fc
SHA256 f9c47e04ad517dac18aee4baaef2dd35a31b013dbcbc722ef1debba4b1a17223
SHA512 c36abc714d0e028d7f9555c46c73c018a0246056274593908f52bbbb2f327a4b04659e403c0b181ca5aa6ebbb2d78c815f11a21f9d826a1e100e7f3b041c48df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 bb2c64766e77d87ddd75e5715c52541c
SHA1 d79ebbd79730a51a75ab331bcccd7cc495b53cb8
SHA256 0050d519f20cf00a96235658ef316997d4cab1cac98f44997977a2d1aea777dd
SHA512 f38e564fd9610f6f8dbb65ae5a5fbc252885ddfe8470305818f9a8ebd6f431f38eda2362dacda051ef2688086ad6350cb962b595ba078d87c097cc5b2cf45385

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 8e96e56bdaadc9297778b9ed728996ef
SHA1 78c3ee31ae6823109f1c0bac140a6caffee5aef8
SHA256 7c1c4fa647826b0da0617fddcdcdd878ab97f9fe8e9bf65dea4fdf1dc0315388
SHA512 5d4f1b0b26e1289355b731475c4368644f6a5087bd7202eba38260c850cfdab085b7614e191158b38c23e5149784e6ec778f76f97f390ca69fb1767c588bf703

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 752e3713bdd1eabc111a1bb0a4baad92
SHA1 485fa52ebce869a092e0e096956d7952bd44faa3
SHA256 da39f46e07913bfc508925183349cc12d16e0c8d3452dfac6947e1f38b670cc3
SHA512 b16a4bbf09dfa28fc637e8f49d1626d9e9e1480438906e30ecdacd25f756ea5d480a716d2333631a23da7e74563efdafb108d7074a9e4ca847140451b6c33a64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 75b157178e99b68c50bdf726cd056599
SHA1 233c09d3f35f3b332708c7944094b8507b14a0a5
SHA256 334410e47da5ad714a0ada1092cbe39288154df27cfe75b1eb97222f19f0a867
SHA512 d09301829cd711e6cbead6ecba5c00ed4573fea5a8dad43d79d9d689b7ed185dc406331f741d4f1d7cac6ec74942380da96ad8b0cd2780148a5be802f629c515

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 d6c0d9702a9960e021263ec3ca042a54
SHA1 cb99e1905a5ec562b954b2cbf595947bc0775eac
SHA256 d139c9155e338ff1901b41e0a22a2111c294276e10510d29863106a5a4579a86
SHA512 64a7a0a011a45b455dd02dbe62497de84328b872945257e02aede23ee279026e9505a7905fbe4510176ba5165d79cf269c69df83e0d2c291b53422100c14fd73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 9562eac8ef2712b72d854636b4f19d9b
SHA1 d5d9fb2b51bf29a2ffe7f965f7606001e13f8317
SHA256 a85e1d1fa96d31767363e6912e80774953248ffd1743725c14ff8ff764c8fd94
SHA512 f5bd7ae73d9cd970e1919b889017b7b0c943126e8ad55476f6cc7fac25889e83bec849676353cfd282bae6560d4e4bc7141f9fb4e4161787f19f7bc54fe25207

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 839a3dfa53acf29127cd30a8da07b0c5
SHA1 eccb73fcb6cbc90a721ebdc7681ac6fa1e2f3867
SHA256 90fc08ec678b5fe13da4cf8c0e0726d656a4ec0baf2f873b5d0dbefc51236cc4
SHA512 ec5d77ec7fe0df11f6cb88b9a5e689f65a9f2c265b0fe19b23d6e742cf2ab70799579f4e78b323bfb34be48cdb9fc98a7f57ee24f7c0eb8f834624f44ce9c7e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 9158228f25fb764a5498ca9970efb69e
SHA1 304f9888aa3e91071d2dca859270477b19c9b35b
SHA256 5317a8c3a4b5692b5add1bde8760b0bfee7b086f1fba15a89c5f40eae63c8bfd
SHA512 03f367df6866ce86c9b5889e3abc725ad713d49c90c785184eba81c24a9b1bd94cbe180de7bd6f0b57555b56b7375c38be898265f586c4a721cf5bf8f259f104

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 237147a31ead51b636dc84376b4bdf58
SHA1 d0a7ae79799105114f621a96d0317b69eefab0da
SHA256 c8186c5740a16750c37543253be222343e5086027eca7980b7581b0ceeea6453
SHA512 24c26c6d8f198da9b14b3c3b9e948ead353b7cd0aa92eed5c61f049331f9f7e07a2234f278bcf62f036d9203900ed3c6a9540cd8d9c1f60895283d995a237c25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 a5879cf0c14b01a0e57f853eb1719892
SHA1 2c9744b2f7e70e7af0da4a9d10e0db163e3d6a1d
SHA256 e35df610d736a96153bf51ef7330309724188e7500dbdda43b435dacc6fb3b50
SHA512 ae7a150dd90b4612543783cc7194afe6d3eb43f2dcd99d0c34b22517504e07c6cb00b5b079a1bf053e97cbf8225a9461cf9d476799a2a30c8306109354a043f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 9db96ea6f43831838417e209ee8d8b3e
SHA1 43b51bfe4774db1c5e9ca49b65d4ee2bb089c821
SHA256 9a904434393a17e93fcec291998dd0bf9d86e9c98e875f461fd3473b8fe36515
SHA512 ac8585cdd482ceedb4e2f85a623f4c3d5055d3770b21445dcda9cca61e3e05420b7ef7859920132de9e3954644ee53178da3a705e695723a405b8fcf836be879

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 8ac25cb472deb41ab05ccfa9ad59117d
SHA1 7784fabdc6b3e196a644b1f068b78cf1a8b9e091
SHA256 c60f86deb28d0034903b20b3645c8888d4dd12f6849f9803568f5850485baf59
SHA512 fdd5d0e81e5780145dbc788d80824cd7932dfa0525e6a1b1377bda275caa99f5d6d1a57a0ecd725e2ea31802e4e452947f98d03b9ebf924ae13424f8980a15fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 05648abde092360bc4ab6b2deda5e291
SHA1 f448bf5dce907a40f2111b6f351742da38ea169e
SHA256 8811047d85445445de434cdb8d49a6b7127c1519dbbe12b323e9e417d4949f93
SHA512 4556c6ddd5bab702b26225839df52831dd5fdc0ec947e6bbd2e6d43f5d95e8229cab9d624be3b47398fcf527d67947083af5c2ffb646e31d649a92ee70f5073b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 b2985a8e4c063fd26b57553b70cde293
SHA1 b5cd9d58dc97ff44c00016352350ff9b73455474
SHA256 cfebd348ef1d13276a556c215c29dc58498e0c1ca555b0f2fc97dcbbe2ccde22
SHA512 0b44ac1f8f8b4476488b380a45f792ba6a2e710c4bc7136408c51e8afc04a49de83f852dbc8058765417e67d872c7cdcde8cf634049d80649d4392d04a5eedb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 94ebfc86023a82d1e3cb2702f30afafb
SHA1 db31ce23551658fe26a0f66ca700299cf7cdd510
SHA256 cdba42d930724dd49989f900d143611a36205ecf0d4620971438f623f4a5b7b2
SHA512 e1c3f3c15e2b190c513c66ee46b76680e4955ff8cea8ad61df81b6ceee1bc99efbd6cb17a370651b548529edb2dc544a572564a8de6ca301056cb67ae25f1e29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f453e9655cac9505715de0724fdf9e81
SHA1 0525daa91af17c5c2e702a5a48348a50ec8b5c3e
SHA256 f3e8ec1a159cfd55421ed467796ff157d72f91c9c7cddf1dedd62ca9c36a0a78
SHA512 4cf7a345efddfb4019bcd034eb265e15d4d011deca57e220388ab39363b4e50ee6f5a80f1969f09509695b3892f8380746f3e4bfa97c5f5e431fafd44915fb15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 ca882b63ee26864c5bfa1a94beb27a2d
SHA1 e0d9ab03e3b2cdabf02d8d15424b30d81e1bce04
SHA256 ec238f0170fdcf9b64528a9c489351dbab1c7ad29fe14a6911172e848070c2b6
SHA512 0d99a857fb3b6fbc78d75f4874b38bfee558874ad0f1882b47196de1e21a983c29b1f6fcaa026e05a6f206e2ded637658b135aa67bc2d3baa187d651b64ff672

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 3b5309ce4f840b49b95e7b3764a08cac
SHA1 ce781fb6a60e31188d9124c07f9ac11825dca715
SHA256 019ee2999ee7016b315a2c38b559e8b1f1e30494d0c7c26e30d192922f73a7f3
SHA512 b796b66cb9421261556edd4c4a528c85f60cfe26703d425c24fe0fd98b0d04fe406bb45cca9e641e3302a062a19642ec6a4783a300c38609a8acfb6875e59368

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 b94b64090fb7c2f472cf19bb66503837
SHA1 788dab19ad86ebc00379c0a31d043ceec367d801
SHA256 8d7e21e68db47e8028d0b472efed90b8383fd0764e0165348f91dd9cc6dea9d0
SHA512 1163f1ab3505156b151c8ba30ddb38d6f98801afdc08ccec8be3ba55d83591bbce0c6d1639a4d96cd4b8713c6136b3f351d95dceb185fd8eb431dc80ac415b5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 4414ed635b1277177eeb7468ffa4249e
SHA1 81bbf99345a8f7250228f16054c55c1c828c8552
SHA256 de7502af8c6f5f6b4fa407f2ecca4acd4e132311c33d31532665689e83372b90
SHA512 61d5b2ba8cd3177698d8f9c0c3bc170992c7ac2892217cbd0cd9b9e3e855785b27b319534619b36a2baca64294b0669fa7c2c72f5bb11e9452a0260dea114c54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 cd49ab787ed32703067cacde49320397
SHA1 41784bc8a9b1179a47f41fa2339839f6d535bac6
SHA256 0b497402dfb7f8431197c98f3a649e59a9b7646cdf1d52854dd705e5846dc40c
SHA512 bdd566a65d5bdc7dcf56e594b49fa00c8954300c9da758dbac19934ceae798e2140a2817c60c60a24ecc993b3fcc028cc4f04adc016480c366e743680bb993b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 d1546853d7351962e0e2e372464ba0c8
SHA1 30084fda95f78774481c83a4f12673e7b3af3c67
SHA256 1bf17c891a78d8a811173d25c5e3e60faf2c1c1c1097c72d4efbb55f0e078a44
SHA512 65e8851d91e6bb3e7e4fc3f53b40173b6caf74b52a710ea2a891df6397097e980b8af7c00fd3aa4c2651444972bc0ae21879620b5a26d3f1b9f403413bc9ca94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 95d91e881eb81afb521acf9fa68e5c88
SHA1 699416f8c489b1a164e9b1be82d2cbbd4dda86d6
SHA256 e63b3be174c1b52e5e93aa2a4929dfd9b71c1e5ff9dbc07f31cfb5cf588331b1
SHA512 b1216c0a2cff1980d9e677a753e33d8cbaf12cdb158cd2e73b0ace7147d99ab10ea77dff5ac1676537e6c479c7bc4876e614f000e8e6054501c4ae94395d0df2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 de8fcf9e8bbb629a135cdbf5b36a2698
SHA1 50d7b2ec9aff6c1571a005cb62845e1f3cb1b382
SHA256 577c0263c7eeeb3e48b94b2d14080787daad41cbf0e3c0c4b5f881e7a999176d
SHA512 ae039d27f356d7c1bd3d93484f27cdfcea10409131ce8c8ed5148beafc96fb8f6beada68c7156da8809d4bdc697b8f06183a1c9d368238daa7c1eed974db37dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 94db039e7a41209686f48be751e470bf
SHA1 8e659e147bdc68a7b1eb8c8c0777bee489184634
SHA256 f183331a79c675d3acb3e2e292bec05409034b91099ae2ce1e6fd8aff75336b5
SHA512 84dbf4cc502a6d6b819a22b84d0787c48d8c4b1d0e1f8392d861b2bc0c25ee25d07295e0bcdaca0a375aad54f8fbfaf7b55cd4423bd1340e8e95345ad2dcda36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 31ff98b753326ead702ab8bd45a7dc5b
SHA1 2ba6a9a8cce3eb4c7e601cbbae50069cb0a4bc17
SHA256 71cc7d95f62c217d04e68082bd4f074bda1c0cb1d77498d3977977ac10cecca2
SHA512 98d49a6dd245a29110e27a541c7e4ea1126e0bf0b5985ab6e3898cc1f9d03a56cfde5638761c0f5dabcc3d4e5cc461dd2e470ae7ac0ad976a9c7f991bc71f441

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 4da4ea1aacb4ddbc6c419ddc56635e66
SHA1 f9e7ec70ab545d90bc4264c3a975761005ee8320
SHA256 3ebbd1fb38042c2bc4b5223af133d63125e5143d42942ccf794f042b8ebf3e93
SHA512 2dbf912d724e3b207a9de823b420e011815246e6de03be2d441eefda227a3d3f1b976976b30b9d5cc914ff52bf499942d0193b31a0170957c1eec738c2cb3f59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 90507a718ac6c63e3ddb07520bead47a
SHA1 5e130327d0f2157b9c0c06481a8b081d6e72320d
SHA256 7289eaa56e4180a9e4d9eaaf230790ff0fec2b2c623f18a45091ca3e15808cfd
SHA512 ab0d1fa8226ae975b111af667fb3db7d485fe615d2c85e67886821e5fede53b1c40068e765360ec3395b032e9693cd63d208fc1ea61afec56e3c464b7a5320d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 df5a6edbc6894045b345946fcf693f6d
SHA1 d70f8880eb9fa38a7c103233d273d6bd10285950
SHA256 9cc84006704e59a5d34d7eca84df0c4abebe30b951e510fa88dbfe3a54316ed3
SHA512 f4f488a6dac87dff59d9a9113e4ba2084fa3a54a03840143dd6f892c2b9662a28cca43e253f9c6cc185ed58a1609d50c042d989f2b63e582c6dfbae7e4000010

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ffddcc796657bf469d98101c8fdbcb7f
SHA1 269246aff1ddb30d78f89c1b6b1f8f825bdb6acd
SHA256 ffd08f10670333b7026a96190d70e7527fc34e52f792670c638058e678acc7bc
SHA512 d573231e6ed4059ab445d91b069104f207278c1b248f03d2182547fe838cb8401d799da3caeec73f0645e0d7b0be12bd9adeeba1ef89d66f7163c3f9a5958a7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 403252830d2aff1664af45621743a6f3
SHA1 c8227a221e296788045fd40b6d74a2ef1fa96917
SHA256 ccfdb28d8c3aa5337b99f51079979bf89797a2db228ebbe8a086aaecfd4f193b
SHA512 12eec0419957007525de630b05937ffad5b35f98b29695eac2b3464094479a72adc3e27b03c6c82268fee77402f895d82db2918a8b62cd86bda4471bc3b90534

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 c1b41f9961a0d7e3a678b081e89e1e2f
SHA1 b1ed00b8c2d8691f9ad0281cc2f323170458f04d
SHA256 17fc8d6e562065bc3af0837f369b000ee97e53ec81b2a770838ffac7d6b15961
SHA512 b94f5c0fd294b5ec41dc2b814e4a25d310435971321e7e763ee5c0461017ef3b602c0d76dd51a06a2e5b38a1219ed894ad506054d5380c0333e784785196d3c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 03b590624f79c9ed662425a728cde85b
SHA1 b06ba7b448ad6cc8d0eb2f07732ef5fdbbf4ba4d
SHA256 135ce2a877869c3dd35a0a5e1067e24a38ea2ee69a96008b7102b97dc23d3da7
SHA512 68dbd6ad1207f1969400e341ebfb1e870dce5c76e13fd5837a9d737248b2e98019a2262a16af78362ed152e1d5148467bf1b60fb3aa1c776ec3bf95377426e58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 06c8ed15e07bb36dcdab7b499e42b3d8
SHA1 57e5fb4048cba06c3be81a1ffed5a001243fdc7f
SHA256 2684a7521b36581a98c0badd6cb1270a82247cb93acb893eff1e5aae0555d1ba
SHA512 06ef83fa2fdf3b3b27ea6d9e5829b8f1ddd9c3fb477e60ae9e24e76dc1904b870b96102bef6a75321ec9c4934fb68e72192a84e55971e7a77f864b1a5cd73048

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 cb6b2ef619b343b9a4fce933a82fb088
SHA1 98ae66fd61fd31eb6a6f0c32fbbc7638deafbb5f
SHA256 517e4730bf974a5267ea9496d5a672c8b98b5509e8f6382633d0586b2bf53061
SHA512 d1e69b69cd08854d083f2cdd58b0f8500e36e76c2dcf53e1ac5edfcd837f5beadf57fe847cc69914a4e8fa33fb5e575b101b278a807208ec55c14a48ab098083

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 89af43235e34c7b34a4bf96a9444e706
SHA1 bb75c09905e74675198edc96a52f85f8472180bb
SHA256 551472bada284cefa5ebb48e710a53d2b0494db1753891ddd9f25690d5bd9159
SHA512 970b2f1290c96ae40e56f5d437ca08124e6cf6579d6dc1c78854a5181522f702797963ce057c006f4b665b26d37a5e92dab589119dc0aeb276bfabeddbec7608

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 c13efeae9b6a285b0e19576fcf7de7b9
SHA1 298801852910434defe4d5ee23f912db58f99de2
SHA256 78dad7c95dfbe0d66641035dec127c7df7b0a5a9ded3cdecf6fd649c3886310b
SHA512 383343a18466b63e72dfe85e1d772b60ba51a5e072e7c6d6daa070dc10aa803d4a47a72b87a6685b5facbde765c1d57b2def50a1f2b11fbac6da87c2bfdedff5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 5fc353cde79393a6a24fd9267c8cde70
SHA1 de3706cc8dc9fefe719e2d50a1db5637b326e4ba
SHA256 de9ff35b92b024b2e63f5da5635a892e6ed6906337e9ecf567772a75635f5da3
SHA512 284dddb0d358dc93390932288830aee5502f62ecf410cda89008d8d24883dfb4882680ffcc8b5d838a98d19c7e973312d529e6bc7bd1f7cf30ca98cbaca0ac05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 68a137e4fb9e62cee686c80b4e57e80a
SHA1 e1ccc01cf8fc1e1010f89c16f17a3408d25dfbde
SHA256 cc5fa2a9a4bfb7b4e5fbc752873bf37de753d27eb0bff47d1411e93083cdebe9
SHA512 c85240689e8bb9f38bbea27036d5c7dd3e78d39354c48e4e956c40be8b45e4834a1f4d3efbb69e37bf79205e882e93ab74cde51780df1426b853708dee49c2fd

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 437c5d33138c8d9009efe73c1226de85
SHA1 10543672df01c68e9138a97de989cb2de1213232
SHA256 88430d7febd4d5ef78a8e71d65d0c4cf5fc27305a07a66a6b9f9980c8794e2ec
SHA512 4a0f1b908dc23824c3cffe844f4f476005421b63a387928adf26c4ff49139bed2ba892851918e1e2b823e56061784bd531d116bf371b4cc2a64c9d6807443116

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c9ad6107b6d0b968cb7683d171c0cf6c
SHA1 1fe5dc9bdfe15a609966c07e1babc2ed9528c294
SHA256 ba88c8e86f73620dd5fb524dc1c208ad6341e3d4728bc239258fe01fc29507e9
SHA512 1039f30f18bf9c8dc1d31d289b2491d1b9ebd7a03624e1a9463ccbcbfe070450213e2822491d1cfbc9baf74f2367a523980de3dcd253e2f1686ce5e56bd8b4db

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 45679ff00745ad58afc10670af38056c
SHA1 373492d5d3d3f944a5166168f31b14c6b73331de
SHA256 3adbebd9030b7f569989667bee0f535864a166d2367e66cc5be54bbc2172ec70
SHA512 4eb0c675eb2b8b75d289e85c65cffbd40f1ee86b5347d82ac1c40e70285604e5272feb16c372b4b2683e25be44269ec9eb058a6e0fbfbd81d548ded5f2e2e0b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ad479954a843d1bda6af753b1aad67eb
SHA1 14f609d859a8575b545cefae10cba857809bbbeb
SHA256 49a84b15b8301c6c0b1d085f0bcc97e9910dac10cd067be08f4f261ed9f5e75b
SHA512 17266049bf165bd1a6231541584936bcbeaaf8db27337c9c18e01c9dce61a0cf105eb0eff6f9dd743f9ee7aa0bccaf2b39543aa45f97703f2402ee57d39e902c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8a263424dca2800839fe2c58f221fd73
SHA1 7acbb6d8369e7197842d91bbee42a0acb902700e
SHA256 1080c85816e68553d88f102f8b5ea066b2cf553dcffb26d36f9bfac5613999a1
SHA512 932a447d8322f4508e0ec62249e5056eb948202da8eaa56b1e1d728e67dd767d42b846739cebcb1d4fa55878a698c113cf648fbeef6ea3d21319a3ce576395e6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 eb2a5e791a819db112ad1654c111524f
SHA1 1d5878df732686fcea7cabaac1d1d5c1719389bc
SHA256 8406ad9fe30cfaa52c9e73128cce96a92b523371f18a9d68c62dc8eb03790e00
SHA512 099194657ff48d5e7709bb830eefc196da7155dc7efc7500d62afd631f8bc816f9dcab3cc136e70ef6d784cbd5f50d13648e145ff7f4b811bd0ec10c93fa5293

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2ea82e72d3e54826be6d68a83c0d925c
SHA1 c5f6a8c895f29b9d7a0b19b83e51cea289ddbfb2
SHA256 b3a7e4ea222f7715710f524ddaaa24696bbeb46c23702eb9c6602665dfed53a1
SHA512 9a78c178bd80cf0e56602ecb0aed3bb2ed63da4e16f9ad5e0f653c76d1b96140d692547d051b6d6f964af3669f4e006ff5bb16eb96d6deea4c9322be88b2aec0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 588727f45f9add683f94b88f2c72ccad
SHA1 4e94cc8a1994d1fceaa9abcd1123c0147ea2ee55
SHA256 39f9fba3bbfa9b69dc24a6cdb75f56c1ced8e528eea4ad46463ecdda3ac5fdb0
SHA512 4c48ab695e3991af4fd9f0d29255216f92390feaa4827e6e9d3c9b44d0b438acaf40aa5a0ae30eda8c01807c5faec6f25d6d9932615fc25c8b389f44e1b7919b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 1617d5339e8b203219783eef534cb5b8
SHA1 3ffdd34334ba6c9a7d7147ddacdf3dace23c234e
SHA256 a9c8f544caf278a04d25b3afe40e9f1d66935a8d78fa576cff992750744e3065
SHA512 624077c9b6e75e8fd330f0a68efe8539d9ee434444c5b17acfabb84386bc3eabf86d70f6daf7f36edd37ce69029a324661642a9d2a11a8c21b59889de5de55fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 66076005a1e10c284eea6ff22899b9da
SHA1 444848b795da1f6964e5931e9d598ec6592a2608
SHA256 a33de7e6cb51c01e9cf0de1d272d1017ba90a8b12e2361f57e7913416a9c868b
SHA512 086c4b554530b51dec6d7abf583e4911428869832ea1d8596eae1188b202ca44813faee21db2cad8fa04c4a56d9211108421bbdae6967d4729f67cc7923d8bc4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 81abd299f8f931f569d125d9216c635f
SHA1 e8de35ba8d1be99096e3d41d452ee2aa4d4f4fa7
SHA256 e942e9e0dbaa1c844bc57539f39db4d9db094252943f591175cad0338c994d41
SHA512 6ebceee82990bcfe4d849b5827ab9825a7ff8519aeec6fd3c51e7790720a4ab6104d9170da8f9a7f6799db6254e64a3e83a09fbf7539f6a941a42efcaa43fd2f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8ee64a6210a297086f824d7d4791806f
SHA1 217cd640229fc23054667678bfbf1668805759f3
SHA256 1dcf604ee2ba55884e323f21d53e3a047c373379c44d42ad76b67c0fb1adcf56
SHA512 5701443b0e0265e3f3dbec4d9f2ccbe342e9daae9e93d34412a392368a5a6ecbd32cc9828e92df84c2537c49634455b9b9a5740b64a4290d812859493d02cbe4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 cea490a8b275f022d789293f958c116b
SHA1 77400c2a93257b61c194bd33d7db919db86b52ae
SHA256 5dea768e7f81ad672d621e1b1b2cdd287bbf8258437b3c0eb60946f2dc6a3f26
SHA512 d12e0b817d143381b9431e55edf21c519a1365c0aa3441bf75c71dd4539e81877285b25099b6ba2821f7fa44ab7090bef8c9a36f446043bbd9088a09ef27a18c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 859ac8c7ff6f0261458f1d5eda8e618c
SHA1 6c845d00ce4ed48b38e5d783a047db20aadce4d1
SHA256 3fe6bca63d9509ed5a6b78c31fd938c8a31a22753e3df976055ef99fc134c7ff
SHA512 19d2d18b8745a79c99952913c8c347e3146184209ddb15a5d3351834bb0b76d4db698e9b78873cfa0df116862fee98f50a309dbd0c8cc8867a510dc11baeb02b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 295ee021be75531e2d65ab253892965d
SHA1 e27e60b5a33bf74bba0fdc131b2e9cc7f52ae8c3
SHA256 0f884c805b9c1904136fee196c4d98a4b558687c7f1952953b7577ab3fc5c4f6
SHA512 27fda1ca9cf80ca9e02aaf77aa8e41244ee5bbad88b3d2daa5922edc8132dae67268db6b2afe1fadd9b3e02040614a6c9383e1faac3a0a66f79ad825a125113d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 05:03

Reported

2024-10-11 05:05

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe"

Signatures

Renames multiple (2195) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_3e3f05a8a446e75f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ISE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\5.jpg C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\TestProtect.avi C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-400.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\cloud_secured_lg.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Flight.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentDialogDesktop_456x100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyVideoProjectCreations_LightTheme.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\WideTile.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_BillPay.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_en-us_58f169c91b49eead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershell.psget.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a59f464c27ae98a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\continue.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_10.0.19041.1_es-es_29ab4751388ac9cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speech-pal-desktop_31bf3856ad364e35_10.0.19041.746_none_68786e9a1d40e1fd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-bluetooth_31bf3856ad364e35_10.0.19041.264_none_29a6c6db7320cc17\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wordpad.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d4f61ee330466c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-accountscontrol-api_31bf3856ad364e35_10.0.19041.746_none_505a6ec3e9633287\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-machinelearning_31bf3856ad364e35_10.0.19041.264_none_de9177187385f109\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.workflow.runtime.resources_31bf3856ad364e35_4.0.15805.0_es-es_410f86cc750c1bc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools.resources_31bf3856ad364e35_10.0.19041.1_es-es_bd93a56906e27fd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\dockV.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ries-german-fluency_31bf3856ad364e35_10.0.19041.1_none_c1f0f83abbf2af88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\splashscreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.84_none_e75b5546fbc99ab5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-globalmonospacecf_b03f5f7f11d50a3a_4.0.15805.0_none_c0a9a6dbc8bad28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lders-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_8a5f6eef2365dbb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e0f74a9cf837bf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..krecognition-forime_31bf3856ad364e35_10.0.19041.1_none_f9d8ab7690adee48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd1f2ab62caa00fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..-universal-internal_31bf3856ad364e35_10.0.19041.264_none_660eadeb8dc39506\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.transacti..ridge.dtc.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_c4e441e325effa19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c0cc162f08509a80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\MediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..on-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_984056ae25c059b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.19041.906_en-us_723764f005113fa1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..resolvermodalbinary_31bf3856ad364e35_10.0.19041.746_none_277171dc730346b0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_10.0.19041.1_de-de_fb4702e550312952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-windowscodecraw_31bf3856ad364e35_10.0.19041.1165_none_09c62bea6ce5a482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aa811bb8eaca61cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmuidevices_31bf3856ad364e35_10.0.19041.153_none_5b8a700521679de7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_jsc.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_fb5564c597750fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-system-launcher_31bf3856ad364e35_10.0.19041.264_none_c1b96dbe7635847c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ar-sa_145236b7b8ae34be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shell-setup_31bf3856ad364e35_10.0.19041.746_none_b0541d78486f7361\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multiprt.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2e9df617b6028a8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_10.0.19041.1081_none_910b623cb0085b53\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aca5841061962736\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ntasn1-dll_31bf3856ad364e35_10.0.19041.1_none_7024fd8a6432413d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Uev.ManagedAgentWmi\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.264_none_aece47beb3db0927\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-userdataaccess-cemapi_31bf3856ad364e35_10.0.19041.1_none_4310791f70d2716b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-media-mixedrealitycapture_31bf3856ad364e35_10.0.19041.746_none_9d150441eb807271\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\view\common-toggle-template.html C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_554cc60153eef744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_10.0.19041.1_none_d8075891f4a05d3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_d8f7d0cf7e2906f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_10.0.19041.264_none_9a64e210d3a49e6c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_10.0.19041.1220_none_37a8aaa7c02a782e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cryptcatsvc-dll_31bf3856ad364e35_10.0.19041.508_none_8dd6307051cbecb4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ingengine.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_348f72bdfa95a286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.546_none_63355db9a7888b90\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.virtualiz..ent.rdpclientaxhost_31bf3856ad364e35_10.0.19041.1288_none_1c08636f2ac890f0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe,0" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZRBFRVKEZVNQLDH" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3359dff8c8b3855e8cf980539e7fb300_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a7d769635d5ea3f099e19639c556901e
SHA1 2db39400a4d7f7c0603631b5f6e1d6356b2fdc75
SHA256 a4a94d8fa8c598c6f8166fb8606b1b853918dc0838e958417e675b246a1ad913
SHA512 1291cd08c9df59d420174a2fc2d1e334d0e1ad38584af20533ea33e6272a7ce93b6e36a198c56772d9828f5edde050b782e8fe356f4619212fc7a1b4231bbe38

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c1ed8d70a2fbbd918d4cac4cc78de217
SHA1 1e0d05fb341bbf267f58df84bca6450a9a118866
SHA256 9e343a26b559c398cdb3e89efe2a5d769704120fbe230bd79955ed489e3ca0d9
SHA512 717309b9b928015d34a3267c6987e6dbf1be5e787c062681aa27cabfe543d7e7b3a3dcd15dde23bafec2d49992268e771683b1a9565a2bcd10b38ec3a7454119

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8d5c4a1e2cdda01468d5a2f40848d81a
SHA1 c6d7f78c045e22cb85c6f95177ed4ca85259b22f
SHA256 0d085317f3fbb83ae5601a5e7083c28c762e7c9f20b2258c6d45f252b859b006
SHA512 17793e1a80270388d51e7ff9b0801e3b0a22074a6e8259c6cda04e0a809c7cd50755bcda31673fd4cea8e8757d99038f99bba7b2b431a4e9a93207203a6a6cac

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 fc7105d1a794a78dc5cb7239fc595034
SHA1 2718eaade77be955887494e6ca95616b2794568d
SHA256 c84e310541da0c1d9f673164bd5db4ffb9bdd682d2ff437900c417832957ca8d
SHA512 c9c74660d833b151e07cd5c3a0fe514353da7c8978c7baf17b9aa8b37263123473bf7b92f23991eaf54bb8f23245f48416c081612f0470b3d3b26a7693cd2017

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8f9de083d845236d33247858a241f2c6
SHA1 d3b713d97b7e369bcfad36b8adbe3f57b81800ce
SHA256 79842a2a63e2e111a5b2a1515f026c0ebc8f617134883b326ebc1f6134bf0cee
SHA512 cd57097cec6bf7ec5b0045e0f822b881bc39223524dca83e3c90f81bc9cf6fb11fb68f4a65d86542a3f7f17fe2469e4308d9d6cf6cb79455ff67fbe545ae22c5

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 c0d982fb9e1445a1c09436371cc335db
SHA1 6eb6de256f7d7b53eef46f171d9e12ecdfedc197
SHA256 66e889662732f94958d94450ad515077260d988ebaa12dfe63315fe818e4690e
SHA512 552e3dfb3bfdeb4b7b1e52c347ebeabd324dfd3164e15b7e541641a3f8551b732d591c2ecf72b3acadb19ee96f1616d7360bc1089f2392e80b15867a8e36c59f

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 a9ffb836b9e40729e095b91b1c7709a6
SHA1 eeec1f458ee1848c0eeded1501ea3a9950a6e358
SHA256 bef51fc8abccff0c2a47cac2919396624fd0d37436ebe8a9b4fb431ae5403fe0
SHA512 ffe9dcd9c6a2c7dea5670c697e655c137bd7a03a81be48fa44d7c3557d93891a8ed80739b762b1d39cda6b5180ce188df9e3be04a4eeaaa77362d7b35dcb3a2d

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 da153859bc1cfcaa116e2a08ae1b8ef2
SHA1 58e43f830b828a897ba66aac5be252e6b3ebdab8
SHA256 847be65d773ecadfb832480122ac0e893d7d21cd461e0daaad65e39e23e385d6
SHA512 5f6f27d9c20a0d3263b87dd372feaf06bf6db518732f33641798ace626d26533224aea81c3b7dd856155ea37d71c1003ac8289be1733fd8a56f9bec7b39659b9

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 8b321c263f3291b7ba352a081b69406e
SHA1 0b526ea1f8106f61358dbc302cf6d8814cf5eac9
SHA256 b24634f4d9c8612356c6dbc5a88fc853d9f7e80c6c9f08624450d83fa212f2d7
SHA512 477593fb4f0cfcae62be331023457211f8c0ed6aad7dbf15752a0c20062ca09a55e5365e2dd4e7776b2de847da15d112b57a447bb756cf6111db249dbe73eae9

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 40e525b0c817fb7a50dd510af8dfd3e5
SHA1 1062922b67cd440e9ba75029d46b42492cad1416
SHA256 1e6d5de884186a526561827fd92e5890bb6d0571883cae4cb311a5775e3aeb76
SHA512 8acc1828af26ff67fbcfdec840d90201a8cac6dd5c29b4374e8c8dcd15ba49ebf919babe27f1bd2b6e1857f364b11298dab704eab9c5240ca2fe4dd0ea42f9c4

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 3ed4c8146d76a03379a3cb7ea02d05ed
SHA1 7453f2b7ff69b878cef81e0af109a4cd0e42fa34
SHA256 0380e0103b26470e8d7a88e973e2d3f08f88660108bf2bfb8541838b918cacd4
SHA512 219872aaeee7193d062ccfc2507e94f2de50f80d12116e59222e223a865bfa62f9f46eddc51ff9472c8ee056bf0dde03b226a936f8f6ca153b45f5a203a70e51

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6a6ec21eb5cd0f789aa4a693b8338e03
SHA1 2c9e03de149d699ffd69ea69a87d236b6f0a0106
SHA256 8a565cbad9eb4ce7b3e3721d1615d6408c9ff43467ebd1a0c3496741c2bab05b
SHA512 e6e7d66c0bfa6aabacb619fe514884f51a5a5f13b07b8eace7b0ba8278a690e739d87fd85461a26be73cdbad7284a5c23544c5efa43b876d62e5a4a06c03a4b1

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e341524bcb57fa1560b5ff17b0087881
SHA1 3abc6e5d8529c614cb162c74e32c67c86d648c20
SHA256 8c1a1ec9b113678a06a4aff36981d6884b359b6572ebcf13c562ac261b6e014e
SHA512 fd3c30c207b5868d4828c67c88740560bf4b8cb4894dc5e839ca8591c1657778da64e7b0c0fc572a4a6adefffada12af3043d48186dda52871c91e23bc556fd7

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 7fdd42b1dc51e8cddd34e5180f2e40c7
SHA1 b5b0ac07a591af49c857fc4ac5c8382a29a59a79
SHA256 7ce9942ae7522cc9664a7c0ee55030a9012c1e89f87a96a3bf2b3b42dfadb229
SHA512 04ff39d665bc6423bcb51ddcb27622c568077662019ee484e849ca4e8ed2785ad6b2425a8351b121b664feb6273156cd3d7102b04f96ab8dc19396975b5ef94d

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 0e290e00e29f6801e69c50fa6d39423c
SHA1 11035e4b32f24431b08a98a7872a8bd6594d4627
SHA256 3ca749acd27750a9bab4f8ceb3839dc7086477a393066f2b1d07a213684018fc
SHA512 12678ea2a93e28446d47f05b803be6deab02ee5793ccb22d5cdf18edabacfcaa2f5704b345fe5e806d7bf943d423bb8f366231bcc0fa39cc01c0b37381dbe442

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 2e14ade00637e7986b16e4b81d8bf049
SHA1 8f23881555a25f0ceb3d8ac2ea7fb05be94bb876
SHA256 c695a58b5352f8b2fc7a87c5ef402a070a188f208856b3a6d4ba6de71529be4c
SHA512 d41c4f8d37e20067e876aa16bf9d8dd1f50e82656003c36bcb1c32a6afb0dc9c8bf1e79dcef38f7b29c0a2b6f97194143b5cf7f3971d90e8200e5d7d5578cab5

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 515d7b0a53173e93b7f854864ceaa889
SHA1 8f917b39d7e6ba2b12a12e40253a7249c10c38d4
SHA256 fcc60428051f9b8380e2db627fbce93a8eaaffdb4fce5fdbd38abb794db26c03
SHA512 7050b929cba80e242479cd88aa2e7be7b79817d9122701057af1757f0820e1f9439b152fb3f02c2cd4cb33d38be73cef8968aa666fec175541335c0259757f8d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 e494c07caeccdd4d0bd5df715d543fc2
SHA1 986750c3d0adc8048871c0b4b850bf9216a2431d
SHA256 edff516c8abb67a9172bf2082878cd46f515126c4ea0681431df79278707b160
SHA512 0d04fd14dd35a9ec55e9a93200fac0f0a2c41c86e3ec6b880adc5d1a5ae8d5ff7cdc6fd1925d96425d032d98acaaad5d473ebf9c1f78baccbc79e1125f29082b

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 c6132482cda0cc6239e92bb24a3b631a
SHA1 0aa41c98a44f3a1144a97e63958a5033032571c7
SHA256 805156bb627fe1a8b21c2722c729b0af435dae0faabfbf8b9acca193f14494ea
SHA512 279baada402452503cb95be10e9196d1530a752e53785e5114c7da872d73c049491c8e39a516187b9b3e31804b3d55975a4aaa3a78fef42201da2ab7ea1e0799

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 8b6476fdb25323dd2eb1f277e2b6f18d
SHA1 53aee3594598dd80bc7ba4f8763fabca15ad9eb7
SHA256 9a20fb1f1f7e55bb2348200990f03cb9413f82defc8b25d21057714f1f0e7705
SHA512 6a62bfc307f4c01c4b86460bc41019ae3037f28ec5d84b2a2e7597eee468a1006d0307455ec427ef3d4fe125fc9c597be140b6a6daf3730becd02024dfbad607

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 78b3f0f14fca09b01358594cfc5da940
SHA1 c012770680062003df8a8ffd10c559e7da40aeb5
SHA256 c98d91013ceffd00d1ead8045edc0827730347873babd5d96cd21c74aca6b396
SHA512 35ddfc843f15f45c0085e14db643ded050224e4954316b6fbecb940c80353409cdc7368e17b4921f8f4e0390a3653bc14a2f5d5e6cefff2cbf684ea1e6f10264

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 0a34380ee4a8e312c2f9b2ad74ead225
SHA1 b1c4d43566658af06c557978038776cd2a384946
SHA256 a5e0036730f6c75ab5aa4a88f561259e82cfd6a15edcb62797b8c0e340d491b8
SHA512 0adcaa5cf477cb1b72f02f4ecf74c2d74d71ef7b7d7cebda32c5fa28587e527682eaf63b508dcddbf62dfbc500c5091bbd5a2bdbcdb935b67ea7a8ddca8daf42

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 4967d671f8d4b31ac42309c78deb752e
SHA1 66b55ee56430662236d87b8e46c8bd2d018957d0
SHA256 ecf614d7708fea3cc0fd1b66cf75da3c8b1135f3c02b1b2ec885801c5e4431ab
SHA512 581b347c531c351e2d7c9c71aaca3881dbc32a454fc38208f04e534474640d2c0b7eac0a40c3026f80506efe847f0de5bb8acbcfb296be25202e3e4cec08ab99

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2c6560aee1a236d4959ad909c8069127
SHA1 29984b1e9e5c2739ef34eabc485a1dc9a25b260d
SHA256 b68e866ce7bffc87dd3f2dfad6987bd264652d1c66dfe09371ac60208043ccd6
SHA512 2d116cee5a84db5a99d106273a0b8baeca779e93ba1f63c876d1562e11dbb03fee0a462c07683cfaff438ce095477206bee9b9e4b33f91182290109073f2d41d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 0d2f2ecacf54969160c3522f8f07a091
SHA1 a963441bddea6b4de31e370602dcc484014d3a24
SHA256 468316270a45da65a55a070e430abd3410d848151fa474e589e6b19b6c085920
SHA512 7f5ade2456f301597fa88cb53a1bb2a4e38b55be8e1a859d8ce2c32389aeba31ac3cbf7a80a976c913258bddf1f0a89cd8a9318e97848992fb255a9986808d36

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 be3606afdeb345eb8b976f4215bf05df
SHA1 a57407145bae6824eab41ec5526d96bdc4aa2b88
SHA256 4b9788d43e637662c5ba8275f02e51566bbfc0a2b3d3c7b59504c791380178bf
SHA512 a638d27ad0612bbc202455101c89e5f37e497fd134a02a29806ea943ed8a844451a83eb2aecb4d045f2a6adfff5770d1e4bb9efb030dacc3172def1ea2bee4d7

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 456ad44beb4ed06e219fef6791ca27ac
SHA1 19dc2fe43780e88ed3bc6875c64e220e2184565c
SHA256 4f35ac557d08f6045bea83bcf668e4ab355db434bb405ebddd3de912807f6494
SHA512 ad2b1380d7c8e5400316bdc5f556055601b4315ab6dd700501f9cc5363fa10b916e607dbdc192d12cf670861b9c580f99f0427bdc3c8bdcee3f359a05772dfe0

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 1b6603ce52c29fc252cf645c8e40f124
SHA1 49df1a90584496e148667af9ab8a5fc2cf3f76c2
SHA256 8816e23703db3e81bff7f6b19353a1fb4880beb4f67b490edefbc2b243d6d588
SHA512 cf8363adfdbe193d24cc23fd3f65f82c44a582db1a5f5b6803a057eb701c4cf88aca7e5a0ab4fdc61c732aa900f2a659bb00ccd908397bb97ec2d4368cca2327

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.EnCiPhErEd

MD5 87d224f5c20def04c6e454a4c9a1a286
SHA1 ab568e8c23d1f5d63706bb008c2b37a8f9a1ff6d
SHA256 5aa533733747ee48d0a68474723b478de73ed82b706fce88c27f96f1002a1413
SHA512 3e648fdbb98b886d028bcc612d3455a75a3f8230f89fdcdace97ea37928d11a57231c4753dc1803740bc73bc8d3505ded0c34fda2cf21497335d73f0e07a7d84

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 0c1025c47e6d6ff1228c5387efb22898
SHA1 863bd91d767bcca218a50c07f0af14d0c39ab85a
SHA256 dca758250dcd50d637fc8f3ef39335f948b819c05115fee38d699696f70cc38b
SHA512 fccd3d682cf8f4d1b4545159e07099a0ba1892812af12199d3165c1bbcc63639af74e01626eac1ca3831bdc1bc0c60610b7ff8bd6690655ab18ad955ac487830

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d0ae09919476232f21e238d1685f707e
SHA1 12eae1c92960ccf7d1930d0e360e34e25e579bb2
SHA256 e0099f80d8a9e60ca707ddc6458339ae002fda3ef5c7bc58bfa08986c6bc70c3
SHA512 d4d3918b38903d625c593057661a39dfff5703680b67b2413b0e05357d283aec1dd99781b4633db50e5861438e7841753dd18f6a0e898780ab228a851aaec9c1

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 e5f90194ae95be81cfb78d45f3e46c69
SHA1 c6d015e6a8cf815fadee72b6d9627f85c99e6439
SHA256 1113b05ef48cfe85095edbfa7310f693261b7a18818cafd31955a0fbb729ad1e
SHA512 e7b6b0dc68d5d730faf456484f68f1454ed73fdb28c84fc643be25a57ad0146b756a3e18ba593cc6e476a5858521290b6bf370d18086d52ee406e1ab70ca6ec4

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 989d8b89500ddc47db369d6e54a78d48
SHA1 cb298b61528f2b79f2db8fb83538f2d6223317e1
SHA256 fad9d68a2da3b69dc8282ee7712842eb66e3860608cb1e0ec2d908d4034d92dc
SHA512 320f7a91088c97c8e11fd1a8cabca234c268bc1484daaf0c650cf3dd2238c9da6f69cb5d8f3ee206bee458fa21a5dc98d34494b62fa856503db81b4f925a3cd6

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 e2d7f1717ca73b18c00c1610f6767084
SHA1 a7d8a48d3bd842da5a5aaa30e11fd1aeafff0d61
SHA256 5de862f596d2d6c04a5277162a13b4dc59ce7b151f52de6d71ab6e0e8030ae20
SHA512 5f9f343e8fb0cb98ada0c8d1750b0b5a2aec663411d8c1178ea88b15aeab5551692ec29e51e4e2f8deabc3442ea8c1f9d5a9860cdee627f49896c70713b58b5c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 a322b2e8a042c40d895e9ee117508104
SHA1 0c369f4a2dab515ad3b7a4582204419168f7470d
SHA256 46c51edaa6f535ec8cfc338ed8a3679f1faccae3546ef5e6d195e421606b6289
SHA512 72358f922475609b609c948593dadf456b010d95b405dbf71f2d63db52110c393dccc8202f6cfd1356dece2fe4412ff9da07c1fa9906dbea344176b6f43b0c2a

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 7f9575b225df566576f340a217703497
SHA1 5bed4c6f76f136afb2e648f6aa668a9d60303144
SHA256 6e829d23675f4d2b53fe064a526614cd447b0761d54a774ba8f3f43bb4a25bf9
SHA512 dd851b835d96bd342fe4c0eb4851c65f1c815cd093145021393359473885a38c12d71d2fb9eb5f44bd28cfdc1929d1f85d47fbadf0fa0e880055faf6aca38d5e

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 ef14461f88200edaa6c554f6169c8db3
SHA1 24bac1af769d8370e2da10348ae5ee1e6d1bafa6
SHA256 f406c35d2c8d39154379cb38acc630e908e68b262c9dd87d63189fd16495da94
SHA512 d617d8177c44dccea3cf7035345acb47d507ccb06c80fd813991782a00d2f38c628316bcf2887928ce980178bf86836026ffed4943c21daaab55915732e8eee6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 2909788a2f952f834df7827f989813fe
SHA1 d5c4b380958315bb8c580a5df8d36e340e451477
SHA256 1a417a159090fd006aa792afa337ae6deab390aa235df4477cff60a86d137eff
SHA512 36154b2597cb8a447179f4a82e4e701d7767f90d3016978ce4cf50f2b718a44c0f2e69e63aaea49abe15bdd6cabc740a3e69d3e9c640f1d07e3be08af56406ed

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 2fc4f9626399cf318800a44223d21dcc
SHA1 6cf682629045de6e19cfacc09a69a090fb74e927
SHA256 076d72d95db3d36eb5d66a826939af5bf2d84e1accbad41beb64ef31ecc65691
SHA512 5799e5b08c264446a68a39fb280de1a09a3533cbec1c58de762b73e4a9e7b97f0dc3a1eaf864393449bdd84b8f7e533c25b74a586a2ae69a773e94bf8ee1a81d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 7256a9f90400e42878daea12df80a7ae
SHA1 1336886c1c80a3698e2c76d3b842743bdbb46455
SHA256 a3c8e14038696fe2b8e5d5828e2ebcefc3d09559d908ab94abde7b0ae9fba0ce
SHA512 e92b0ebae5f751f664eb67a0d650e1fa23b0c3cd811bbe050f0396d3bfe8b3a6f778a314a818fcab15637fbcdc4bb5a5ee8c21c3d7bc4a973b7757c7c0cff60c

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 6ba1ffc884f92c165c1a11313cf2595c
SHA1 d52e68fc829785f1eee272f07cbfc875c2cd72f7
SHA256 dab77a62cea72b96c4effde01d9009b070777920dcdada510e3e0766824edea5
SHA512 85c345819f2c07e8b293e4fcdf9fafc6866ab0a7feb575168e38ba92b8b9257de0ad9157254f7782fcf8f9175779725608c2c84b488a493e1391572c68868894

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 3d78977fa4b01e2ad24d055ee6235181
SHA1 371166d743995897b7b747e9cd773acaae3f296d
SHA256 0f14607258db217124e383fa0370d37bc8ab214ab270beb21606399ac704785c
SHA512 b16b42c67fbe37070fd8ef1c0e90dada8b714e3aec4bc004350df7110d83981b8e31fd6501a0b174d93e7b381c1b3ef56e65613aeed24ccb2daeb09c59f93ced

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f8b264a9c8016c6f0f5c77418fe65fec
SHA1 d090c2349c8d1db869b72931c5991ad38267cf36
SHA256 589adf9e0b56a926a49ddd0c0dca31c95dca32be51bbbc7943aab1307fe39384
SHA512 dc028d5bf1d419f11d1b988b754ba438023d818327d84a58f565870f7d094992057801d4e7c42345d1be503713f5eb94a84b31d70846a35cda17214f2d24b879

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 2da6f7dbe7c96b2da7cecc6c59a87b9f
SHA1 5056eac80cc2fdb16dc237715f5c09714250b125
SHA256 3da093864c2e349613364e59ab995a5c1e0fbff3c139d04bfa44f92f25f4c00e
SHA512 fd30e819b0a11f400630da26ab7e383e05d89c8a84536af65a892481c54eb58f12a22f07865180f2af1a64c51896bdd008c95c15e060affaa97cfdb5b0be708b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a23841dbdb11ab7ad1891ac98119c2a3
SHA1 40294c5c8a4d83445ba79d7a40c8a169258c7410
SHA256 cc2021dba5dc8e54056ccab11da05274e264fef69f99804f0db173791691b21e
SHA512 5d84140a38ab9288ed9b6dc2dfdf5a03f74f9cecb321eadc05b1ade2a7038161f16e90114cb25479c6b4b631dad20619e85d6df4316f4afa72f21849b43e9e1b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4021436cae20c035238f2242c27144d3
SHA1 e38b4e63ca3cfa3a68a51074500598cdbe98f03d
SHA256 9370fb758c5226148ef38c94aee267e4ac8ea2e9ba51fe6ab3c2bd05ca69bdd0
SHA512 2dd6020907f0e711213a2f45b6d0b703c2567d137c76bbd261da2459d5cef15a0d8678308983285029fb68f96c373118bad945e8e4c80985ffe2949684ca47f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4adaa5e4f4bc60f30dd7eb99204ba3e9
SHA1 53268c76d71a724688e8f0919c24f7484531c6c3
SHA256 45a44da3fe1a055ff7176beed7dac3ee059cf7e6d2b9ae447c0d192bc5a02de4
SHA512 a2cfeebc7a7193bc9d3f8c0c077e88ad77e34e07d03c8f9904642b8200d89cad9557fd9dab462bbbd9ff5ad1e5d0e3abd07ec46d5797683f158dce30f8acc596

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 6cf0437c6bf964e373ec948525c180c9
SHA1 cbe8d2bc5d7d6d377a81a62db2c91dd002b58200
SHA256 09d983bf717abfa433544287707fa395366bb5af3ffe1591132f3d11f8598d29
SHA512 f45d5301785c391e06227b7756350a2966ba5e36e5bfef5597baa5e2b12b038c2a92a72057a16c0c7377f4949dd5b221e90380ffa7e9ef886b7ba72976c580b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 289373985945cbbdc6b26b0159445fc6
SHA1 1df88806157f5e12bfdc2e8d9a292cb23bec2abd
SHA256 a93b4bb2958f5760fc006e8d5b7b4bd098b7e2efc18ceef13dd982090b44cc64
SHA512 d658c4b98a3b265210bd09f3169944c4a75704510568c87abee022a26d91792fcee2b7b1defc810990737497f29de7b7bdffd2f156d1999cbf49415fc24a3670

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png.EnCiPhErEd

MD5 a602a95ebee9001cf3958af6af9c8423
SHA1 d86325234b100afc13df844ba21124c56ab2eceb
SHA256 4ee80a4b34d533eaff295b11b636e18f357a76df3faabd91d670c707b7ac4ff3
SHA512 dd78ccf725ae48334dfcdabd905ba5ba156226ec78f5facf3d29614038b9daeed8eabee9b97693df8cf9d7bf7775d2262407e756a266a3729abeba9fb1b87d9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 f65fdf74bccfe8e43d4447a033d2965c
SHA1 dc1ea3e59f74bd2fe1dd9e213f7b2be4796e70d7
SHA256 bf17f6ab0481bdc820dbfdd2a4803a7f392c5920bc3d4c500ae56b4254501833
SHA512 74e99b8db291d28572a59cb4ae1dcd44ba5e240bae710673cebf65fe031a6831b31c780bd964248169ef741c0023c2b2966815704d32a03f9bb4f1cdbe869f57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 1644e6db421da5af2dff31df7411f9d7
SHA1 109f6529470ce8a21e8f34f23dd197140fa2045e
SHA256 1a79d0b270743db24018b643c2b1dc60b71c3d73e2d0523fb2936858ace55f41
SHA512 a25a321a150f7a9c3c67e96165dc051d420fe09bba699ac1068e2da6628a1e57c26c3d58d7e5100acf033656656be265318a8c4e7024fb367467a73bd91fee99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 aee60c26294892d908e8caaa8ac8bec3
SHA1 93bef836b3517e64df5231c15cdeccbe85559b28
SHA256 5d0b1337f934ae560073f134b441bef5856ed159240551c3ead0fab062683542
SHA512 4b821087fb5fb33b401338c624a8c5df3ad466e56d25d67e9e2c09ea3caff0e2fb1d33ca51db9f84721dc248bafca32092113baad739f7d3c4d7957bd7e88a54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 47b04a79b43a1439307aacd762364605
SHA1 71d8ad58c8a5f93524a53ec680adcb1c106472e2
SHA256 0b51ea17b2b9ed631dd1c19fad84fcbdfacde40dca202f406ded3c519bdd7831
SHA512 51edff62fd8fc7f3a100668df83d1c4ddb89875270cb5dfe9699a737150988e54af671d4f9b001560979bce4b895d8fa7338b546f647dde59763f9709c6a08f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 2a9728c48e4bb996e5d002d30c7a53ab
SHA1 21195a4b9a3696b49c6e9719da851bd051c09cff
SHA256 6eb9f5c31f1d522d65dff6aca82287548df2b7f65513651abfd5349c37dda297
SHA512 7fbbf4b873b51bf26b370d5e816767483a49790bb4a27f01ebe3b569648ea948d22ed8b5ddaee9d9c997ac4b93fac46b614e2ef9c573caa2c3105daf3d10b20d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 ddd656362c804899d0373d668e92b19a
SHA1 e75434ba0d112ee3ba6dafbd6fdec8edc606594b
SHA256 0c9ec6e36fefbc7ce1f612ae20319592e13fe7afaabdd25ef396ad63f958d009
SHA512 3b9c7d1e6eb61b108d3f12fae59dfd7c2787484e907a2086520b4c9dd001b045a668080be73156f7a6989c0f696846b03dc3783be98ab890a58dd3fb53d0ba0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 464572248b3eb7eda348d73267da5bd6
SHA1 26b6a40d14565d9b1cd65317a86e487994b6514c
SHA256 84140707ad10dc13da92dc6780ca9dab5ecccc3c7fbee225b332d9f33525ad65
SHA512 16db3ad88e779f7fb8b60bff1733ec5eef466132efd1e7927c91c0a9fe2c5ff0da516f40df13d7a108a6dbf27a01645f414baa0d362b025b5eec3f276da64632

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 8b1f8f68335fdd33b5b5576e5feb9a28
SHA1 38cdbf2b6743fc321c7b194694b60950d4acb8c9
SHA256 4d51211abb5dc290e92898587cfd8a7ad53e4dbacb3fc2bf5a3271df41fa7c48
SHA512 506962538e28309e37ed173e3ad4f89f84f6ecd497707db334e62c3c092d9ee422c83bc4177e3489c02d6c5bdcf84c9df5167d88a89e09f437c9ff4d659825ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 078f02f33a644dc0375030b7e866da3c
SHA1 5a36c393d39876e925ddddf871deaf742890d386
SHA256 f6df9972bc37dd7274f9634ba2d09cee3cc3651f3ec8f1fa32d94a62d545a120
SHA512 9fd264562dd68dd52e875abbf37900f4cc4bbc090d4388658d31665014b8d99b2399bcf316f727e1a8e74315d2705cf1995d632246572afcc85cb7b2c5327ab1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 0b961d0f173ad6f2b2f506a87d71b744
SHA1 f68414f64db143abcfacfeecc3e770e7cdd33813
SHA256 4c14902ba57655fbffe4f431688aaeecd2344d05c15450efa59591158fc88071
SHA512 961094ee839fa71fef63b057a895528ddf1ce2697eca7e848c3ce18c5dd8c92ff7ef00f4e595bb3025ba66b95d4f51f95683e64f0b2675cff2396bcff1b6837e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 723e20882d0efa2de0e96e4cf0f34d39
SHA1 b1adebeb62f60b9d4503e705d41a97f4eef33c9a
SHA256 ebd83f73343f6239d7f515962cf052c9d319021811965fa1cbe4a59e9185e6a0
SHA512 beba486aa6ef3433ba798de3c7565abc51de772b8b0f1822e42798fce536fd9ce3431c2feaa98164a5f5e68c1a29d6cc63f0a05fde04e56c072c486235a268e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 cc96906133581746047a94e41becc1d0
SHA1 aa1a918c03469f5246f945d614df1bfb3e60d30c
SHA256 bb8b64874dfcd2b3de2e0ebbb34613893d32630fb1a7ea8b8563ef104a61e1b8
SHA512 cc29f682d41ee897b890eaa4da1cf194b4fb993ba17fca5f907da4b3f7e5ee2af7f94aa0c581fcc46a4e80578aba971e3fa7e568714dd2918dae2462ccf8e2f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 ba98cc4eda503ca10fd3d21cb10bf699
SHA1 3d5656765a0a776c27a4526690d0cf980698661d
SHA256 63f8ca458860ce13ed61278f43c6565164cce8ea9459f68032d26eebef5c43c8
SHA512 82df887ba201a9f925462d2c6f3a8fb3d0a14e69a0b8c720944444c8164b66e6e65b3c0f4dae8370cdb67cdcbe6ecd43d9de567b95e4ccf6cf29c33adeefb523

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 06ebacfc8f0376bb0d6217da1a036eac
SHA1 e5a371ef21b0a8da00369545a3cd89ec72bc650c
SHA256 3a3265998b100753a4a198695057d704590de4d52384b0d7a8830882ff694d68
SHA512 5d7d2657866911e3ca5f1f432f6421bee1afd9c7b9213d4cc1b6c236e664e792cd9bb218445d0f143291e6e1fbb56859dd9a513bcf1339a71e5be637dff18c23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 b4c091d543ead6f2b23547cd44fd4d06
SHA1 20446e6505aa76d765998276ae200b3248d95438
SHA256 350ad6b90db0226e9208c3b1f26315e56607c9031c133e58ae9606ca0a19d284
SHA512 c39166595bc08d287c26cedb05c3b92a721c344ec1cfedee46ade0a298c3044f1da8b4fafa23de559b62aa9daae6a05399fdee695404a55cc279c51a14d8ec1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 b2914296f9aaf21a97fdc8ff9828c556
SHA1 7ce077cbff25c3d1decaaf21cae3596826ce9021
SHA256 8f2b4cad8559c47f2328d115c3da4c909e3008ac5ffbeaa77e8f5a0634b0e312
SHA512 dfdf08c934947344fd5dd70576f2bbc4d25924793e2cee20038b43be48cd4cd2ca86aee1b39849ac88ae6cfa624885fbe5b31e83547e1dff27c8177c7b868a7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 c929ca73482b8ef7cfbc913548b3bc8f
SHA1 fe41cf4e1a1e342d6ff9519fd392d59d17ccee82
SHA256 b81987a65c47561d9a060fdfe86d6fbe8609ae9822064b1234d45bc6b6113862
SHA512 9590b166ec7b727e370efb207d0a7036a79bc2313f3681b5196415224910657c001f859ebf13c693b06492e7073b389f986dd0fa30d145b636130d86374b2052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 b3946d8d8821c749d21d13342a5b0d6f
SHA1 e8f0428d5c076264c6ef8beb73f1fd3fda36d327
SHA256 ddbf1f8079347a66efbb48af3e31a4fbf9c33a008dbca88a12a2b05b0637b35b
SHA512 812dc30ded1c9797aa97dafb4874d186563a23b081fc3700db312aa68c5fc6cead224aff943f2ce1d3125e75863af2f8376f9db56eb776c433ff0769fa98ea1e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 f33e4aa81b3d40d323d0d909f5cf9746
SHA1 42df72f02dbeee98a21788afd0fe307ba171ca50
SHA256 e6162299765679b12f9aa20438285f87fd0442c056907eccfddfed4722bae8f3
SHA512 fce005333aa3aa9201c8660f1398abc1c1f73f8ee1dd155cd6f63e9cd6df3733e4a26ebb22f449861ac9f6f0873905834f21b8cfef2d253ccf5238859f251b60

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 bcafa14ea98b0df1d4851aa278c738fd
SHA1 5e3e1fba222c311e6b5e11f0329314ea69ed560f
SHA256 66afbdb068a58ef08a5399d98766497c05c050483c910b480ed8aded340a5b16
SHA512 fc5de6ab87abc14ffb29485a3427cb47a08118a608d5cd53e29f5e712949e97a4237300999355a3639ed28b5bbae07a58bc7456f0f941b0fa5ae925dfe89e3c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 b329b472ee711f8c632c3ee92832f4be
SHA1 817b016d3e799c14b8ee658e2c57efd08fb70816
SHA256 2d55beddaedd0b9fd969859a05d2eacae172fd5eb4eb219f35196aafc0a55106
SHA512 824d2c515cd44460611113301485f96ae0aee4ab1afe18b33e0560f44ddf263fdfd61778804d3a14b7ffcd6a4e31204c86e9233c0af95b95b2b9584dd108fd80

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.EnCiPhErEd

MD5 d963edf3d35995fc086d30c732f2bc52
SHA1 63fed679de2e9657e7489851d4e06620a2d9015f
SHA256 aed3a6f67a11dc656f62892d7b00a67b41afc37b6e99f4cada56f3e876e6a5c3
SHA512 6ba5d60e609d4a96bb68db5a8056fb229e568dadffd442d941aed3db5d219d22f628dc382f8a41e56e4551159eeb17e9b2d592431c4e1d2960f93a2f1eab6f3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 4680cfca369053bcd5e67aab0d91529a
SHA1 6c1bc6ac397f68230ab0cb5b8ede8c97cbf0c630
SHA256 d20a84886320673c97a61cebb3312a66f2e058eddbe29f25218381e00d886b60
SHA512 ffa7884be5c0562f431f80663271588eaf5a34c3cd03d48c3083e68fa2b31fcf9fcd0d0339fb8cd56a06507c8163bbe68d5be31c7d13339f4b91cc3f1ba928b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 31399c1415758bf125edc17231b4b705
SHA1 3776e9e0a0d520939dad4bdc270b1985401de68c
SHA256 b0780e559625580a2b62a37e8c4c0ed3d36086a79149f7b6d84fc70a48d79d8a
SHA512 abac4697f3706c885ed21e6eec77df7babdbeef79e6975d3e08f572386e19f544cac3d632a45d62c5e2bd595720c14fa67f29f4c0fa1a05e31511de9010882fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 cbcb3def9f2840d514e8de24f8f321fa
SHA1 42436a131a1d19468739f96f99c9e23a1a81cd58
SHA256 79003002448a10750900e4ea3618eec0d823a3f356c1dbd8ffa69f79c258bbeb
SHA512 fc16c433776a09ec9db36129cc5d5e2b2b5d40b8835d47e7aa48db569e2b2db7cbf9b7e6c9fcd25aa96b4692e3e2402eb3431892f2c9c8bd5e20f9e787de3eab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 acb0d8b30c0853188601ca53fe164cf7
SHA1 d2b0a6dd3f84990a496f6e088d60fcf9b150e87f
SHA256 634dd59eb3a4501c9d45e3f85e59b5e72583369b6f6fde1cb6bf3347697ea098
SHA512 abafabe068c33ff48142a4476887a8cb6abf9a069c3c7ab0bba53e6c21c5eefd505367056b8c774b6a1a2237d93caaeb97c7f7ef9b31bba410180c6887e39421

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 e00c0bd960ec87985b05b95f2f425e1c
SHA1 3e834ef14193ee43857c3a1a22bc56f768fc3a2d
SHA256 30182d8cf93bf2d9ed41043df1d5993ba580b2387707eac2a05c6ec7e9194258
SHA512 173c5278d7072375096e166683b3fc2dc55a159ca4fa4d59fadd23bb93169b63819c0c27dcf91027c038a1dbcd6f2b70e2ee66a1899b995d78c3f9954060c028

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 8db7792f714daad6d2ae9a87fd1bee03
SHA1 528e8377daa210dc1c5c7988db0d4f923cd533d9
SHA256 32a699019427306389b99698c0b19940b25b414956a6c3adf38b5f601cb74f0e
SHA512 d5fa346d3ba7483ea2ef2e54d64a72b16132b400c0a5fc76a3ae92560191d96b0c0a6c30882457368566abee537d9746cebae4b840b6ea4298e44d2c3997d48d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 d935e640c762149f154491cd8ddfc873
SHA1 75e5e93fc1fc3fb295d9876bad43eafff8706ae1
SHA256 f5d92c328c7fb2d6266b19ba56852a99f2cdd52ecc3c5bd3e11f50c8871d27f3
SHA512 77e8ee923ef033bfbf631466190e67ee93868bbf965a4c6a733ba622dc0bd9252ea0733b156614936f13cd6f2dddd23b1bdcf4c959719c634d1c82338ef39870

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 833013cd879fd3f812606c9ede0807d8
SHA1 0b1354fe9b4b06389c10c89c0233de21b1824b14
SHA256 5c6f47b8923c64a105a58c3b647d47ceb5515e7c6e985743e564a3eca402e2fe
SHA512 b0183ee9774017f8a612bb2eca5fc715d677a8a1aca432672867747a72a5e83e78b0c6d5b060bf7761ad5e474962b5787b745c485428b09b911851aa45bdda2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 e0c46a64bb132cf04c48597aa83b5131
SHA1 6010e5e4273bb2cd774cb179c8aceb599f473be9
SHA256 a036273cc6ccfd7aec4918bad8a99b3a815f394a3d17335e8fffafe52c5bd127
SHA512 bdf1a06111a171965957c6c7151250e8e76540fd962e07bb54342fc4d95286d897339c4747fb9260a031810abe951c7cd77ab6ea9bd967bca8259a1a8f105eec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 73faf268de4d6f0c9c27d739640ce426
SHA1 26dae99afa2a46a6cfbc46808e576209d3b36bac
SHA256 c7aa295e9522ca9d13016b692e698588b0fea10040a8b6f4845a86f64ec8e736
SHA512 7b9f652743a98e73b9d13bf1a7dc9bbd0d7a0b1c205bc62e26cf55ce0f32db920bf747cddb86db3da8228368aaa88c0d3364b76b11affd3a0f20ec0604f4f73c

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 311726877edd510ba9abd72b1e663867
SHA1 7d1ac5460faec00aaccf4f21d71ed77043851010
SHA256 005ed1371a5963c80984cd7c4c75712a4c4bb108931418fe079c6b66685f4d77
SHA512 8ad9a75428abd487b44e776ac4d897b84716a3092aacb50f13e5bd3ea81138a951bc5be489116b90a45a5913e239bc204a797fd16062811f1a014007b63f6e3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 a9e26535e3a35c1cbe03db1b491e1edf
SHA1 4d59e667c1f5b81b361b87b9d61f7a1e2b30607d
SHA256 c1994de6b59c385f1561d586e00f128263b355ec1f65a0183fa701861a2555ee
SHA512 0809a74a202f73a500af8366f1db775cc197357eeb13d31ec27f8392683d6ac7d1445bbe74a61ba7fda86ad4c11f5db55d48bb55563621e2796f6d37b6350baa

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 41163073cedaacfa41db19beab779f34
SHA1 5168e067af6f661814904ca1044b95130c43b8ce
SHA256 adcc75df12bff0ba0ffdb7d554fc8f9595201089ece6615114f40243b48be12b
SHA512 6755616cb95a08ee1ab8c913fcca4684dd6e3a04e2c44d5d619161179cc3dbcb67481fc57fe6d0bebf0bb5e79cfac53ba107f4e6a44a723362aa8f6b9abd2399

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 2a69279246b5a434ee02b20b99836b8a
SHA1 55b8b6f9288c7cec23de50f91ec8e6bb97e18808
SHA256 4e5778d9036f70f543b6c70b4f223c2f834b0bc1ca6d89ef9cf9b57c0c467f26
SHA512 0b8e274737c8e7c851d904d944a18cf4a482b7c7c317d0a5a3a6f2db84c221f2a35a5ed7fb8cfb1c6da3940737ede00d60a10ce8d59d5f1a11686da178c67154

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 7eb243419336487272a9e5a04768f817
SHA1 4bd0980ad302a8883a17550ac064a04681810e73
SHA256 39e93a0e424caa8154e03fb1383c0737ddaa0354422bc52599eae23b49d56165
SHA512 f9657116fa369d96a764480c2f1330f7a1650dee164a509e7075ec378397f0fad78092935dda33868c965ac87b143b15806d3e6edb9adb725460c5e6166c8241

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ce1d1ccdf4d636ade59e29adacbc9b1e
SHA1 e8fecdcbfce0754a316d43b53744bb3c5fb3f80d
SHA256 e03008be921ab1e02c2935e4e8be0a11bc20a38f286d27902eb0fcd65ff00fda
SHA512 91564b596fd148e47bd0c794d17f829e05e0e6dd7fd540b00ae9b08875f00a8342b2f81e81904d2ed4814913b2661c5d657fb92cd8a42880cbcc3859e987bb13

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c9ad6107b6d0b968cb7683d171c0cf6c
SHA1 1fe5dc9bdfe15a609966c07e1babc2ed9528c294
SHA256 ba88c8e86f73620dd5fb524dc1c208ad6341e3d4728bc239258fe01fc29507e9
SHA512 1039f30f18bf9c8dc1d31d289b2491d1b9ebd7a03624e1a9463ccbcbfe070450213e2822491d1cfbc9baf74f2367a523980de3dcd253e2f1686ce5e56bd8b4db

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ad479954a843d1bda6af753b1aad67eb
SHA1 14f609d859a8575b545cefae10cba857809bbbeb
SHA256 49a84b15b8301c6c0b1d085f0bcc97e9910dac10cd067be08f4f261ed9f5e75b
SHA512 17266049bf165bd1a6231541584936bcbeaaf8db27337c9c18e01c9dce61a0cf105eb0eff6f9dd743f9ee7aa0bccaf2b39543aa45f97703f2402ee57d39e902c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 45679ff00745ad58afc10670af38056c
SHA1 373492d5d3d3f944a5166168f31b14c6b73331de
SHA256 3adbebd9030b7f569989667bee0f535864a166d2367e66cc5be54bbc2172ec70
SHA512 4eb0c675eb2b8b75d289e85c65cffbd40f1ee86b5347d82ac1c40e70285604e5272feb16c372b4b2683e25be44269ec9eb058a6e0fbfbd81d548ded5f2e2e0b3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8a263424dca2800839fe2c58f221fd73
SHA1 7acbb6d8369e7197842d91bbee42a0acb902700e
SHA256 1080c85816e68553d88f102f8b5ea066b2cf553dcffb26d36f9bfac5613999a1
SHA512 932a447d8322f4508e0ec62249e5056eb948202da8eaa56b1e1d728e67dd767d42b846739cebcb1d4fa55878a698c113cf648fbeef6ea3d21319a3ce576395e6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 588727f45f9add683f94b88f2c72ccad
SHA1 4e94cc8a1994d1fceaa9abcd1123c0147ea2ee55
SHA256 39f9fba3bbfa9b69dc24a6cdb75f56c1ced8e528eea4ad46463ecdda3ac5fdb0
SHA512 4c48ab695e3991af4fd9f0d29255216f92390feaa4827e6e9d3c9b44d0b438acaf40aa5a0ae30eda8c01807c5faec6f25d6d9932615fc25c8b389f44e1b7919b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 eb2a5e791a819db112ad1654c111524f
SHA1 1d5878df732686fcea7cabaac1d1d5c1719389bc
SHA256 8406ad9fe30cfaa52c9e73128cce96a92b523371f18a9d68c62dc8eb03790e00
SHA512 099194657ff48d5e7709bb830eefc196da7155dc7efc7500d62afd631f8bc816f9dcab3cc136e70ef6d784cbd5f50d13648e145ff7f4b811bd0ec10c93fa5293

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2ea82e72d3e54826be6d68a83c0d925c
SHA1 c5f6a8c895f29b9d7a0b19b83e51cea289ddbfb2
SHA256 b3a7e4ea222f7715710f524ddaaa24696bbeb46c23702eb9c6602665dfed53a1
SHA512 9a78c178bd80cf0e56602ecb0aed3bb2ed63da4e16f9ad5e0f653c76d1b96140d692547d051b6d6f964af3669f4e006ff5bb16eb96d6deea4c9322be88b2aec0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 1617d5339e8b203219783eef534cb5b8
SHA1 3ffdd34334ba6c9a7d7147ddacdf3dace23c234e
SHA256 a9c8f544caf278a04d25b3afe40e9f1d66935a8d78fa576cff992750744e3065
SHA512 624077c9b6e75e8fd330f0a68efe8539d9ee434444c5b17acfabb84386bc3eabf86d70f6daf7f36edd37ce69029a324661642a9d2a11a8c21b59889de5de55fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 81abd299f8f931f569d125d9216c635f
SHA1 e8de35ba8d1be99096e3d41d452ee2aa4d4f4fa7
SHA256 e942e9e0dbaa1c844bc57539f39db4d9db094252943f591175cad0338c994d41
SHA512 6ebceee82990bcfe4d849b5827ab9825a7ff8519aeec6fd3c51e7790720a4ab6104d9170da8f9a7f6799db6254e64a3e83a09fbf7539f6a941a42efcaa43fd2f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 66076005a1e10c284eea6ff22899b9da
SHA1 444848b795da1f6964e5931e9d598ec6592a2608
SHA256 a33de7e6cb51c01e9cf0de1d272d1017ba90a8b12e2361f57e7913416a9c868b
SHA512 086c4b554530b51dec6d7abf583e4911428869832ea1d8596eae1188b202ca44813faee21db2cad8fa04c4a56d9211108421bbdae6967d4729f67cc7923d8bc4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 cea490a8b275f022d789293f958c116b
SHA1 77400c2a93257b61c194bd33d7db919db86b52ae
SHA256 5dea768e7f81ad672d621e1b1b2cdd287bbf8258437b3c0eb60946f2dc6a3f26
SHA512 d12e0b817d143381b9431e55edf21c519a1365c0aa3441bf75c71dd4539e81877285b25099b6ba2821f7fa44ab7090bef8c9a36f446043bbd9088a09ef27a18c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8ee64a6210a297086f824d7d4791806f
SHA1 217cd640229fc23054667678bfbf1668805759f3
SHA256 1dcf604ee2ba55884e323f21d53e3a047c373379c44d42ad76b67c0fb1adcf56
SHA512 5701443b0e0265e3f3dbec4d9f2ccbe342e9daae9e93d34412a392368a5a6ecbd32cc9828e92df84c2537c49634455b9b9a5740b64a4290d812859493d02cbe4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 295ee021be75531e2d65ab253892965d
SHA1 e27e60b5a33bf74bba0fdc131b2e9cc7f52ae8c3
SHA256 0f884c805b9c1904136fee196c4d98a4b558687c7f1952953b7577ab3fc5c4f6
SHA512 27fda1ca9cf80ca9e02aaf77aa8e41244ee5bbad88b3d2daa5922edc8132dae67268db6b2afe1fadd9b3e02040614a6c9383e1faac3a0a66f79ad825a125113d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 859ac8c7ff6f0261458f1d5eda8e618c
SHA1 6c845d00ce4ed48b38e5d783a047db20aadce4d1
SHA256 3fe6bca63d9509ed5a6b78c31fd938c8a31a22753e3df976055ef99fc134c7ff
SHA512 19d2d18b8745a79c99952913c8c347e3146184209ddb15a5d3351834bb0b76d4db698e9b78873cfa0df116862fee98f50a309dbd0c8cc8867a510dc11baeb02b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 c5b92270d5b05bdbb175d368baaa0b6c
SHA1 0093965cb826a49f844479b821bdf900c46d9f1b
SHA256 dd30185e1976143270f009c8a19df58d2cdd17042536787f814a4f8003b7c08a
SHA512 eba50cf2ebd5e076d6ed495dcd8e8cdfc9b422107bca9c8008625820e49cb0b845203cadd79ed31b335e4f1b02cb93ea43369be2c33f86a67d28741439531133

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4bc65bdbae15f23607aadfa780800c9e
SHA1 5803b7d7e8e6a467d1fb76997a5d8fa1e6f9abd9
SHA256 3cea57d8f59231c43a9a7c288dbbf4cc1df0ea0e797086a339b1f5f8dd2bd83f
SHA512 5c21f36b0b3896292f69a4e722e55075d682304b66273dffaf3d20152cffb31f5e55f1dfbffee73a0383102622a38e576c2080bed4c1f289bdf87ee29423492e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 f511d16b92021be3b31f654047167b9b
SHA1 54e4a2197a2641831a2636ea6635b40fea0b49a9
SHA256 d2ecf3b4c4e486741a59f94ac32073f2f7db648621d6a1c8d1145a14f7e73895
SHA512 2539ae2ded4ac115f4392c8fe89d833e5506328541264fe06bf3b68b206b3399e9ef4b1b1f3018c16e5c89404b550f7ab315c7420fd19632edc5e1a2a308f23c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 9b4e38c4419352cf742b1e46aaac485f
SHA1 864dabc3a741798845a6847d1052021968e22f80
SHA256 367a0365c52f6f3337308d6fe5deeda01ff77adb43d9f51ce53acb4a8e6196ef
SHA512 e3072dcad1aea55cc8607c39bee1e164e9ffb3a65370c19273421cc4ec99f23f20de858ba1aa72de167e10d30866b1826cfd3dada03a6a4670922c6f16bd8f17

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 6d1505eb5a476501cae0943de2487444
SHA1 4aefdcd3257cc57d3c2fa9d35fc34f6478bb8bdf
SHA256 c93179158bd17dd935afaecf7ca90cea44c4541e5ede2160edf92d89e0a25a5f
SHA512 3a62330338ad3dfd9afa76fe15d028aa611683a2a6cec7288ef06a3611f2a1f8d853458f855f70335c563030db10c95e1d6c79b7f8b532526a5ad3d6414ba083

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 9e3f202540a1e20a0584e153ec59b313
SHA1 780e0b0f95f9c418a0a6d5dffc8661553d57a85b
SHA256 62d3505e71c59a3d5103009a969cedea8458d382c630b7c500218f88fa4015be
SHA512 9244ba898c0049ad12212b3ba6b0547bbed01f68ba6e16959db581ae00092f3605cb73c8864c125ae382710eb67967f34913c072ae9fa044d46b5a038e988b38

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 8bad20eaa33cc58d19b2dbb75b66ad6c
SHA1 badd2b9ee141324e1511677453ad26c285a6f211
SHA256 2ddb3dced88f097ac36e6a5dd3ac2a7ea8b439482ae8853481fe125b44b56453
SHA512 e180608e99efee2051fb6663db8735463a7e82a149c82387232d37218042cc3d721d6b77930bdd325be4c94b3b77b6f130e0706b0fa2a50b9b97c4e094cfe6d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 7a034eb7280e399fa045ceb8a86dfa90
SHA1 7ad46e76c5c441380865c765e1f316450f2a49a0
SHA256 bebe569587c4684d3c096f59f6388f752b4ba453950fdc70995fce35e619a042
SHA512 91c191104b8368c2ba18159827b4f37e1a3daae7805f28c66f90e969d354a2ad881bee10090eda3820431e569c61926bef36110ebfc0192309292f65d8b71e99

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 196077c472e685f088b8bfc77a6a12ad
SHA1 d97b064ef1e663d22023bf7c2a6f41d6249a103b
SHA256 ebd0e6ec1509af25afab4222bf5ff6224099d23e22bfcace1c8dfb8a73c6bd01
SHA512 dbb2fb58b1e2f2b776e09f1c0864a0e58ecda4e7a92bb84dcc0513521b9f9fdad685470c0cddfa00349db1aa4bf86339f955eee65faa8c9fea356a068fe14852

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 b9d2cf17562e8fd92258fb154bd4333d
SHA1 646c447b36e99a05ccf5fcbd1917fd756f344a87
SHA256 25183ee3c0371479097e5da2de3ed11a5b12e007617d95f2b3e63d358bf159b2
SHA512 c623c0a90cb7625f0f4a91e292f2e4f8e6aa068b3b86be09a3f9cb5804000fc5f0ed229f07ebdddaa4658574c3cc585b066cc2dff4d099d09af9bc99d23759f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 6334593ac0fb1f0614246e2aec8e7fa9
SHA1 59e4633760ff3bef8754deeb11e1387d273c8af8
SHA256 99bb22f46b75142489de5671c2f1746855ab4f7372ad7ea1e2acc2bf2603749b
SHA512 d6be0b2d3110ebe33975b0ee6238bc784b295a51f136896aa9d3aad9aebd449cfbc87721ca5f647a8833efa0d772f0e4699ca4fd231ca8a7ef16427a3fc6e6c8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 d216fc3fd0168633e0cae39624d8c5bf
SHA1 306aa977bcd4418e2433e9b7461afc8af6a3659b
SHA256 fe56f8c9fda2e1e82744380ad3c1ae7be50f00409178ba0e0a7b097bdebee346
SHA512 3334452152d03cdb90480b76d3d94f2bac6c65fef9c910f6b438f81aff7a0733c94a19e0f10e77e99ffdcdc04409887aea6c20b6491cd3180b1d269e76c1fcd5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 c920422a0430a07c8fd04830be02b900
SHA1 59416966f0b2709d259e335475f8ec8e0ceb47d9
SHA256 cdc1c0da88b207a43bf9181a70abef662efae9345f6ffa8428a875841ad47cf7
SHA512 85f4b0ae9ad658b71580bfeb8649b8ab870a09440aa3a9f8bd0cb44a9bc735a80a24da483ecaf67b08da6f204ed19497e89d433ebc6d1d2c7385fbb06d658f7f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 214cc92bb95024990f89f8324fd0af1f
SHA1 c01d1d00188c20f2637c34c06491ad92ece11da4
SHA256 276eda52e9dec0efd789282458238c492ad830355e70bf48758611f3a5fb70b2
SHA512 573a491c8ebda624e36c97512887b63e1b33aa55e060123dc907fba1c19c5e75ff59da63b5b94b19c8791d7cf3d930e2fc43bc6eb14f3471adf5e7c7da8d68e0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c3a222436c4d421d75b6de45c85ff968
SHA1 dd710cb11472e8dca57438f7e89bd0897ae1e9fc
SHA256 3408d35d0c36ceb784c61b95ca6e11d9881250b4c7874b5100f7e06f68ba2fd1
SHA512 4537cf191e8cc1db0e6d0ae334cab8eb95636f2ffe79d278dfd86246144c00bde6bc5e6751f7662fda437ac38df20fcd2a8c92dc39509b50616233b892e6664d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 4f0c12e5631ce4c51a9b8d54cea43aa7
SHA1 bcc8d876630de821d5ff36c3ab83fd709aea4879
SHA256 be6ac77950a853418c4c92d25af91820ee586b2ad458540dff0d846d37d97098
SHA512 83e1c5595f3a8055ae2e12b13c55ac3c934f96c1f5ef8cf3a25d4bdc791d09af63c6c2480c5db17701047bf77c624699c57cd626928bdfe8bef48e1d2bf2455c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 9a6fd06ecf5feaa488a204a2835e2502
SHA1 7bfe34df0c15c7c76cb14df70ebaef1ea7c61a84
SHA256 789d2057bb55316c1cc9cbe3aeffdcc45b5062984cdeef726f45aabe0661873d
SHA512 88064fb060721a4a135c87a26b05383cbd600cec4fc2c9f42228101869dcbf0f782c08eb15fd0ae21fecb047b26542a744fb16c4ecb9eb54dc43ba14118f69c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 7085afa286e7ee9cf4bf63f2771f5930
SHA1 6e53217b8cb55b2f828f0c882085e6db7cab2628
SHA256 dcacd926ff521a33bd61ce4d1041835f9ed61e98f248449c06af2ed03a6dd831
SHA512 16ff64f781e1fe387c39cdddbd22a672b961a60ef7ed9b734965e780e6fcc9c32f484ee0b0e6b22ed035c6342620b5a160e13c1af9c80bf967d9aa7cff30f4dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 5d9d5dbe8c776a4fed9a23928af273a4
SHA1 526622f3d6a471a6aa5bcb1c33d5393c7b6cfc84
SHA256 37125463bc7000d76f5be5ef2bfc4643971e0aeed64789aae6f5a74514c198f2
SHA512 d1029eaf81fc6960b1cdabca96aeb538dc654ee470a24c294f4b174c91464206554d1fb6b04c16d148e11f18bd498b941872c6883360c4defd00065ae7e85780

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e4bd063b1b99c77994d50a57f2c96d14
SHA1 98da6b3a090486250f80c1dae6915c3c686455e0
SHA256 2f1f2e7962538f9b93ebe0a37d0cf8c18a0e33dcd1ac945ae95e472c899df682
SHA512 0fad18207f4338452ef74169517b019553e7c0aaa0d25625b0038f6698686cf139378064f2979d4572906701e97b24bd1f65ce5af152469a77f27b4510339203

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk.EnCiPhErEd

MD5 acbf284dd381ebdf64a5600ff2d218d0
SHA1 18e63f76b2a4f0d21c5559a15edd5b2dad892d89
SHA256 d08f7aa24a82db418c5f81c8d0bcd87731ab27d9c2381a05c6c608fa17632e1d
SHA512 1265f180c1f0b1e30692527e352abae2e47a0133dd1961dc9d3afc898110859b4e8c1101250a244158306b7a05b13618b1130f94041eafa470b8d4ffa02f1e26

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 acea12c6aaf2a936e419dd82e22caa2b
SHA1 0228da3ecad3e47408d3eb8b2b39388b333389f1
SHA256 331500e8a55d46746bfda422824216567175aab1d2601807a787179689c9e9fa
SHA512 3602c5e50f306b242b8c8d02fe1d24737e148fd72f9c15704b364ff23f5c810c0df6a0623a302d4180ea86fd0be49b36efd986670cb6edc03f3c652ca3ba61cd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 64736d76006b025827b5b36f7d6a25ec
SHA1 35b142ec193dbbb01161f14c220f12eec6cecbd5
SHA256 b212eb869e44f82ec2e58bc355a2f51603c04d736bebb43ac12d95550e99d4e7
SHA512 aaefd675b63d06cbd993be7ab6192dd843d8cc99119d88a1ffdaec6cbc90f685d29e8faa39b47d1d10d19df81b398201e14049f00e0782482f41c93a6d7325ca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 7a2d95cdfd9c20cca24ee57995a29a2c
SHA1 7fde6c2fce8ba7cb8c93f1ff07a8891ba9709073
SHA256 f38b512b1c67900eb3c6be98564bf12a242b4d447b9c9d1150ec66c4a96c9733
SHA512 8ee28f884c5104a1c90f51f274e315107e8dcafb4b7ff98505a449468e70f3960be3522550da8bf5aa98f6c625c4f2ff946936d7ce394c3f21e2dc5ac70a9771

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 265fd963aa3c566c87f3e5a9dcf85c8c
SHA1 bab47501455ff2b55fb241ecd1de9e655b9ad03f
SHA256 af44701a04eaeca8e611666ff19890b0cd709955babca3111459fe3c26400b60
SHA512 832ad7c5ae0599e8689fe55ea5dc16f164515d6cada655e2fe2503b5c0fe6bbe9e5652d5ad6dcdd5a3a96edaaf416bf1d25bbdff82ccd17cd629a63e35b3ad95

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 ba8c6e055fd70fb46ff01807ed520541
SHA1 ede0cf9361d2550683534ee2eb26d12fae93eb71
SHA256 5f12fb631c6a72ac2d91657414ae9d4a9b6f84cb7cf747ac08993bbcb8700bcd
SHA512 04a8251137223262aa763ac2b401e7f5a009d92d3c884bc871d8905bdb9634eef164f5f0e564ef23e4243c3a8a40871ae9a90691a79a2293f57faab2516d9acd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 85521136cf9b8ac95712e98f52cb9175
SHA1 ad6eb4f9755fec9a23e2005340ca872542f77e71
SHA256 8c35c79b5c0d7a98e131a7c378ccd6db7e862fb49dd3a96f3c1c34d322d7d32e
SHA512 6a4c9c2e880259badff7def7a363d74ac7d75897d9a4e84adde53c237556b80565b06746c5450cea93e750dc24f172a57f4ba30442b54b276fa7f82f6bc158f8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 3f229362fefa79f05c517e4db3197f28
SHA1 309c20764b63ea9e0771c26e2104f077d861b5d0
SHA256 08e235d3364d5efe079dcb2f4efbbbc9b6f3493f25ae8227c17659c27b84f3b7
SHA512 0eec3e1d5fa560f644d917277ff2d10bd3339f8feb566dd7e4f189b8fb2b01491cdca67737098f6111ec851399acccb8af15c60c0d7b3c632743545d387dbdfd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 5bfe286f91c040aa911f7574184a9463
SHA1 3f5a6ee3b764e40a942c6a8b71cd98c8bc8a2735
SHA256 f8de974ade3a2be03dfc8513fe90ab9742c870bbc495f894d401dd7145d3bf86
SHA512 cd4f8c220102f24681fc3b3659b3ff2c027fed22bebe30f616c274010528f22f2523aa9af3b2d81ca6931cf89aa35a1abdd3da40afddc3f924d894671d7ea9d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 d5a28ee4b59709ece895872d432098de
SHA1 ca4533b57e1c84856d5524123ad0b6dc0bf7ede8
SHA256 0e094c1dfbcc9c78d420191d11d1368d6a4271ae6d50d80ea51d5e2ff6c72c05
SHA512 b4e230f1773e0370374d29b5b35e1b3a76fffeac15f43db6caa19f432cae98655b8a1b090c531bc71039c861613e205958539a135ef256c5f42c7398ae047cb4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 63864b31e7875435e9a0f81a392c56c7
SHA1 b10b16f76bd2a66b8b4bafd32ec96f3a877577d3
SHA256 cf623a57d334b16e1af28bef36d4be3f3d36bbde026b8390fac6d3ac67facb9f
SHA512 332fa07b328d7dc02eca783d0e2e9fe388a082a542475b2ba88d0f6e51f60e99b05b41dfc124122179a5f1762c06545378bbebe114da724f63a9590d3f1e76ec

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 6d02475b23fe417ffd24c01011a0402c
SHA1 ac480fed4b39e37a187a3be2b151d25f8b17c8d1
SHA256 3223c736c38f68ca3d92accca52daf093149d9813e8e9065278f6dae4dc41961
SHA512 148d1a0a20924838740c493248b65fe4e593db94822e866caf2ba04ef39a843b4836cd011734f9f979e0d2144c5b09c34cc80b29523c9687202c614091f97770

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 92cf7194e90c6d65fc1c23b9e4370d3c
SHA1 6a7184cd5eb98ac598adce51cc9498fc1720429c
SHA256 e0e8f607d7212d3fad62738c63f6f13420f358b66a34cc89601ba0d65bbfcba4
SHA512 4587e2993189ca6fcb9fdf3c666281b406955575b63b533f63717aa25e6659958aa879ef64e1a06df7b73088591aab81b2bbff9b0655d90b8a2e0d3acf6ae6d1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2750a616f078d0b4b432678b2989e895
SHA1 937f8026b0c7984d59a1c7b29760a2d219f274fb
SHA256 6514759cc82e692d1b7e11423630c373c8e282e75d854919010a9a12ba4b6b40
SHA512 dda99f5863bcae42a71999341b046759e495735d724f187d82dbabb49a11fccc20ec5adfd9d0776418fa7ca864e65009c5165f212aa790a6e6f9c6bff07d32e8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e9cabc516a8e5d992a8bd827f283a993
SHA1 8023ac9be8e8756c8ff284ac19dc0c4b091bfe54
SHA256 fac89dd613df3dcc3a348793478c74e08747a811ccc9081309869fd5f2c481c7
SHA512 f4f7ff247562fe54c4d1b163dff3c587ad886d666f6b8bae93d31d2bd775f9520e77433b509487f136a1145267f6901004b68621a4498880f7a2f341f8c2e062

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 186c71a5be0123fd526a9ea3d096846e
SHA1 a5e9dd012a3eba8716ba97c0c1aa675f4c5aca67
SHA256 2edffea9f7db0cb219553c7c12d210743960dc71fe25daffcde663d8874aaa45
SHA512 e09ec6fc4681c3abf54d32ca5f920dcc5e7ea3d5f86c9b87d26c30cb0b77797bbf2ed7cd716a1354d125b85cd07bc9f8f074d498034491d2e84d7c47556d6862