Malware Analysis Report

2024-10-19 10:43

Sample ID 241013-m69q8sxhkl
Target 3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118
SHA256 621fa67c7f88ab196a6410a13617d1e11a356588d0908c4ea51278342effe682
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

621fa67c7f88ab196a6410a13617d1e11a356588d0908c4ea51278342effe682

Threat Level: Known bad

The file 3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2197) files with added filename extension

Renames multiple (2162) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 11:05

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 11:05

Reported

2024-10-13 11:08

Platform

win7-20241010-en

Max time kernel

119s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe"

Signatures

Renames multiple (2162) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx005.inf_amd64_neutral_5304c93e2193f237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\REMINDER.WAV C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\78ce3fd89c50ab2d8d0ffc42ad838644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\9fab28f14be5a0da526b1ceaaa04a4c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_b000644afeb95df1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr003.inf_31bf3856ad364e35_6.1.7600.16385_none_4a524cd7dd4e8b07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_1b5e2635a93a1e16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\inf\wsearchidxpi\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Landscape\Windows Default.wav C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17514_none_35802f0f452f59bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\TravelIntroToMainMask.wmv C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpcm_31bf3856ad364e35_6.1.7600.16385_none_aee7333b9cecd8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nete1g3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d71035d5b548185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_disk.inf.resources_31bf3856ad364e35_6.1.7601.17514_de-de_bbabd2180b744176\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2dbb9dd6ea712a86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_51042fffb23762a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershell.editor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc3ca7032400ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_302e68ca7021e39c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\inf\.NET CLR Networking 4.0.0.0\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_955baf9439a9939b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..truetype-frankruehl_31bf3856ad364e35_6.1.7600.16385_none_5a232d6cfade165e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sbp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3e62f4a40c919ad1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d7c71f43e6d6e92221717345e6156044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc002.inf_31bf3856ad364e35_6.1.7600.16385_none_20d55c335c54951d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4997be9d1014e037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.devmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_994aa8abba237c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2b965a26b5b3143d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_2c400be857e72e9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_487ce2dd7a4d13f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1d01f18f5eb1bb0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bee51d48beb067e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_976457692ddec098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2fb3a1d5b4c2dd1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ff7f10aee17cc0f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b9f913dfd8acf6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0b44891b985bfda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-11.htm C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000043a_31bf3856ad364e35_6.1.7600.16385_none_62d4d48ca49aa85f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c41cc29bfc3b91f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Search\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\inf\TAPISRV\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-results.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd6813e0c62e7896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Remove.wav C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.5.7601.17514_de-de_dd0fb24899b6ac48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.1.7600.16385_none_caa61ff64e821548\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d038de09b565c2bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ement-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c8323858395e29c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7600.16385_none_0bfb8f2b539d4d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msieftp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b44a626bc200312a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5974275888d7ef47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_396ea98c09fb4037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_67f0b62b00a7235a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e79fc3f1781b151d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a84de90c942afc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbios-netapi_31bf3856ad364e35_6.1.7600.16385_none_3453fc4c6aafb4c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0421317f841addb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_1eb3558ba4abcf2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wceisvista.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef955ffef62cffe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.security...ionwizard.resources_31bf3856ad364e35_6.1.7601.17514_it-it_94c26612984fe6ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IPWVJIOIHLCVWET" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe,0" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 20128b48c80b7fb904ef375645c19ef0
SHA1 4af7ed6a6537f3cc8d8dd728e07c08b66f57b983
SHA256 c944e323c410b56b1289bb69bc5e579632dc34ec2d40f73f10cdcdb19a5fbca8
SHA512 b7cbee89b87e64fc48cb3494c42133878eeab3d3fbfb1d02004f07119b5cf2bf517a57ee2f4d0d0a547f79a3972b8401c430523801af6e8d6a78cb70c420730b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 eb9b31ae8e15c5293dae12a997cdd7f6
SHA1 2c94de4cd4e4c8761a56ca4eed004d6f822a3068
SHA256 cbba6e8f129860a52874f90c7f2f51c40596f8e364385f18f7a760ca38ab5b3a
SHA512 42deb4595c51531425d25e413c4fb027127783e88f1beb57afaa21b1521bf8495a39af733c1894993bd658884bea25607d7233a20d29fe24163164774850cc63

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ddb25fa92923b1631fed8429a1afbb85
SHA1 f63edfed9dcfd5ab15240a50c8a1b5963a571998
SHA256 1a446588f56713d5606496a3d97b57aa7afcd29cba473855217adecccff08927
SHA512 e8d7331f1af44303b7188a616c9daa5768d6c4f91ebfc57e883848a474b4f8776aa0c6b7c3c8ca360af8218edc3dd8737506cdc086d7df9db916eca477ca0eda

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 5f5a67cadd479f24b57ace711fec656b
SHA1 175147d6d4f0b0cf169c2b71328859aacdc2ac5b
SHA256 c80b0d8e57a3fd2a59eb77b87110d01672ad7e1a53509db161042bde263a9840
SHA512 08726eb79d0b1a8f44efd4ebaee3a514e88f6d30b7c08163c701b3331b4c3ff323f86a12105044b8ccacaf3249e836943f1c9662feaf7fec9f04d747f6c3816c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9e63e1f143aefbc86784ffc4089a84a3
SHA1 1221d541a195dcf2ec5bbc6d4f7d7546f040b073
SHA256 4aa2faee9b39adec68b73e9663b068b5038cde27cdd0ce653127ee7393426b72
SHA512 95428f05212cd7631d49a093f9091596fcb0ed04446933bf2b0e9218ebbe9613b4c22ee7d9bff1fd4f55ca3aad22ccd376cfd63954e0b84a196c43a2a2a19bbf

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 112a380d724ba3b9aadab18995c06edc
SHA1 7caffef04d3d2a8dd26a91562f8bf8ea20db2a7e
SHA256 e74517922a517f3de42f95cdfb83df3df8a2f547ad1a029e811adb62ce3510d5
SHA512 8c707269c4014fb71aa79e4b5eb0f4e03a99522ee5fb139c66343c9fc2588cfc72abf2ea58fb303a2bd40fe2181d35eb57bbf0ddb2297f9515d23c5b5c129a64

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 0230bb4a8cd865a47a39c8dfce7460c4
SHA1 69cd6e879224fa2764a5ba4be7751b41963aefdf
SHA256 7ce5cf23431861d4e7c92e3495523ad21e1f7e0a1a783d2832a56376a7d6e72c
SHA512 401d881bff82fb71190abf1e4025b263a8771e99fbea8fba1ecfaa5501525e9f7345170a9098647bdaa09dabf7e0de5947efcb820b429def2bf709195129d5fd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 cf51750c796b42cf35f0ca9dd01232eb
SHA1 6f63de5380d5ae4382556b46e21ceb673f4d31fb
SHA256 e6ec9eb2dc51997cabe901f61de590e2315afe4dcb318a5445a93d8c7bc46943
SHA512 4945655d67e1c9a22529515393e0872c37243851f67036e1a7cacad97a5dfd7c702eabcb453ee3153a3b292131e466a5135f8648bb806712083e13c6106597e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 f3e7804c7630e51630daffbd6e384e0d
SHA1 e71bb7329b3dd3fc439e13cec5c7fd6318620213
SHA256 586d441b6888d893c636ad86b12029ae7bbeb3994a5bf87af6dfdaabc069cfdb
SHA512 d98ba17d1ee8943357c59627c87fae071a2da7d40dafc2f4a0f74affa6f075e75af4c92e00b501d06d0c152ba3e37da4d3ea540022ff6f67adceefb9a2067d7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 55fa7bf407c1f9d489e45fe830044f90
SHA1 87526a27bbbbf9db329eee586a50a287a133e0bd
SHA256 360558538920837632c0fd44718f2b98aafa5f1ebe490b0909ac09ab7a137dda
SHA512 b2b91a8023a3d2b83d6443bd33a3034d1bb514769f04a0b2c946b819f1b24273d4ae2452e4064366b71eb5cc344218d0fd72efbc0cb55a8fc39f4e264767220a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 93e80b570a90680f7b90dc7daf02ccb4
SHA1 2b9b94047cc1f56661465156ed13c00638ee3146
SHA256 595ed2fcc844fd243ed2d965335877719d173fb99cf1cb198c91cdf2cdfec2dc
SHA512 58312516bec1796457e73f362c63468b5e1581bfe2d0f23d22b912710d3406e63cd5395f91a27bfcdf0a5a3de42d6e98432b0c02cd2ef54bfa72fc8cd56fe1e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 66b2636a546c928ab817e78d11893504
SHA1 364f50e81db4f0e4e13e999a2deee8e08c87a6f9
SHA256 84f5a923a585c190c0ba449002df06bb713a7de3eeb0d7f5dc93e69591ff066a
SHA512 8de617a16ef2e56fff9e9211fb2f048dc60f2ce6b64f9648e48ad2df281a20a071b65b08a3db8967d921a46d28e3a930309b2651770937e2b323e1a3266f3928

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 dac413b3d49336bf096b1ba51fbb9439
SHA1 303ad8a6167a27bbdc1dd53d2fd2262511e462a3
SHA256 0bf965745d8fe16b0a23d41ad24594d0fa4544594e65c7980edf97af80b1739a
SHA512 eca4e80de4efc05a596a62fe1bdbb687f1372434309496fbf7c0431e1c3affd331d20c1f468c4a8708b13adf8fd02a081b15de4cc36f104782eb62abaca472ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 291458366022411b7f21d7cb99fc3778
SHA1 74c4c6d933a4639871fba6575d13bb962ad94f60
SHA256 12b29605a3950f1fdac508b0b8b66b071b3913ce6e48f63472f1bc38cfd1b9e3
SHA512 91b081fc56379a671312d9b0294b13f727e70e52db1cc2a773329c6b2bdf4bb20410ebd4dc871052bbf79a9bfd3dd7a5e1528696f14daffd2b39686d2151a38f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 47c59c9e9a4763afa18807d118c8030b
SHA1 667af7138333cf19af1fa7c9e3a659e188c1c990
SHA256 7437feb2ae21adbf7b92a399e79c9c765aa6a10ecbae0392003e3a6507ed4077
SHA512 cf0bb4369d216e9738c9a08f030a6728fb209f5ba3fde420cfa941d712d0e195aa4836448f1114763e4d57607b1a5d16f7aaa053746944c37028513aeed909f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 4793c0c19f6647044ad8f72b97a47fd7
SHA1 7e996bd0b617cf4dea9bc747b0396eb35b4b2469
SHA256 b2eca0f19c6749180393f04734f6f43b6228c31e007f1bd1504294b8363864f2
SHA512 6e7998b78872f9cec16beaaeb76e33343775694c4c102e8ca250248c18cce9d66b3166955636c7357cf4d6991882f78b44cb760424ad1b1318e29513f7970b87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 a706135beddb03fa7f2401e2fcbd7cf3
SHA1 3e3179d88cf31ae7f9d22f0a6d5fb294affc725e
SHA256 6ee834e1d295497a45d8fb26031feb9802067d1e61d61ce80923d73805909c14
SHA512 591f91d147b7e27b0a29e9a7a8eb4a4e56b0d123b88f3375d9c645b4b67370af997248b80ca833afaf7beba4e762f71c532aea89729c8358957fbce419fe1856

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 c20cd742bdd08411c1a1cb478092157f
SHA1 e4d1b19d99c133b8370b244a137c82fa7cec9510
SHA256 91cc0e45fe83437f7cac9d2abe5dd38aafb4b201ce7f87b3f7eb75e7bb07b9ca
SHA512 00e8a0d3ec8a7f11ee874c26f3ae1e13fb54efd8a8279f1c060fc7fc0ca3ba292e736a01949499476a2ac7b931014feccd126603d74b35dc55d282148a9b1f67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d785f7afa2e3c62e1b9df6d755ea1018
SHA1 3dcb9911f48d5cee0c8618d23fcc8413ca2eda44
SHA256 f7e7d4c3a345bbeb651323b114375f6b5dad0e371ab0474231dbb70f8ed9d3c3
SHA512 f7f9ca8d8ff083d07414da7ecd24f4ef2805d57ed448355eb0e6bad426a556a7276c4b36c6433af1cb34c1f8819c25fe789ebd51c61a82707b917b0a591da0fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c9708bce252d04ab12b88b9171940c1f
SHA1 2a34d8d2d0a3a5b54557fecb3e5fea121b4363eb
SHA256 940aeca35e7e9616c527977d10717ae2e11ba1d833fef85b64846a8e76fd821c
SHA512 f3e6ff7ae03529873af739d25f45f0064c14df62fbde2a10237c4e4b4d3e82913256ee11576237cac054404a9353629d7ab3308c177bf16283075ef032ead578

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 c08f144658d2667551ca9ac1db5d9f10
SHA1 e25fc570411b0d6b40449f21816800fe74558702
SHA256 19160f4bed11d7a1c80120a4b84e59b22271be0c827a235c8f159e8034ab9344
SHA512 8a18d86934aaf680bd03dcd335e2ac9bb5a504686de7d88ec8a2f014ead3c4a7d186bc2ee4e1092da850420f912a67f87391e3febe579c9fcad6e9644cc155a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 71ab2bf4bd13f0c899350e08875befab
SHA1 09bcd0137a5bfe35781ce2c4e9963cbaefe89977
SHA256 f239faaf8a73c5c3ce0537e437f59b85b3550e34e0b9c08b3a9222bdc1c628ec
SHA512 8ccda421ef6d2f84bba36312134c47c33d566d5e652cd3137f0fbb11fe34da74feb10ca33631da172063bc95daeb8f953446385b795c954f5f30c60ab42b62b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 e57617c6fbea4e323deeb45455b68642
SHA1 f1a7d3b85d5d6bc42cf663d1760b9c0deab3b4ea
SHA256 b5ae552f3c1627a35efdcdaddb6e4290ed9c418c63709753bfc35c4e4c6407bf
SHA512 5e13f0842204751841437799ecceb419ad8322d757838ab385ef0d1505afb1b17b4d01a242b6552110ae3175849a7742c7285c0deb8f65327cc45ca9a4f11a6d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 f21470eac1ffa5f34130d5a83fae344e
SHA1 d0af9fa2901c415c3299278f714574a322136bdb
SHA256 c003c5a375f28979326e7ced9642d6abb55b8106d894b515342fd57ce96471cd
SHA512 ce04d53f4d50820b02d75339c448e8da1192e415cddc935dde3a6732d083d6d1b67c2430c85129c87b391ace7a4428f2b87b3d9547f66acbd7554207566f8b5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 d17db4602f77a919baaa52cfb56e6eec
SHA1 bdf4082937e09ddae8a9ad3242fc54f9f1f58d33
SHA256 c2ecfddcf785508d8bc8d69ca471b665c1af389e68fdbff1cd89d8acda9fcfbd
SHA512 4ef28833e7f35dbd178fc688d6913cff74ff7effc6dc5bdca34b82f11f77e9c2b685c7fd973b7fcce6a401cf660a8aea079e3e51d8313778ad7ea211d274a9cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9fc156d8102c826cdb6356c98dd40de0
SHA1 4f195e3b9fb06728a59bd3199c6056e075bc60e7
SHA256 faa2014be137cf99cc0aee256cc98ace81e74f5cdeb1ebfd8840705ae24e57be
SHA512 2abff6fef56821c58d6a6f438f92d6874383287e6837593360039149b535d82b0b90da10320acb62992ddaf017dd70946213b6fbe96007f01d1d8823e9e27561

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 05fdc2ea355da23f1711f080fcaf77db
SHA1 309fc69b56fb217249c15800da3848348147f901
SHA256 2dde5fbbdcbf094cf777573db6244449d436d063428bca5cfece0d4a3a071f32
SHA512 3c9b17ec74783b71b49e568ce6520f585edef89d698690e33ae44e927ff173df15ed7324e82ba87032b10739bce32bb567db23a010536f54d4d931bd451c89cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 80e46f73fcc93068a5d184406aa36861
SHA1 5243bcabf755fedb06e413c0a0b7c5b646bed9d9
SHA256 020f033b0231e02200c802fa188727b46532edd0f2c6205fbeadb3d1b04cee0c
SHA512 7e0bb71ec899652e2237c77bfe456780b2aaed581660e8ae9606248972aeaa42dfa99f67cb1fa26f54f4c2f4c5d9956b9ec0a9be5dfa3c2b7ade7cd617f357a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 096de6d1c841ab507811d10a89eb2ddd
SHA1 bbfe6e521cf36c5d08e2aa74df555fb618335c63
SHA256 42ae7314b04659e884f9135f768978d5bc8bbea2ec9201e8d39a8ed1da9c3626
SHA512 f039dd50a3d5f8e7142fa2c0ea14630f8c87f2577f620b02dd9cd2029f675b06b98b52372b9b215642a1c622e3437960a5f3f84cc2c73673bb42e2aaf0166806

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 85be49398f750175c430730330230703
SHA1 904c327ecf4cc139f0cfd7325af5ef8f0bc7168f
SHA256 184d1d9b2e171cd291786a15b9522e381ed08483bf3cb7aa6358e2d44e8266ea
SHA512 d72f6d44e3e9d1ca919bdbe066783cbe54905e9c53f09c6317fbb7557b6a808ede0a9a9f375c26304cff3699219402c13b9ea377e545d1405745d9328c1c1355

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 dbeb5ebdac08075d0bf14619cb7e91ea
SHA1 234c42d1321949f5ceb83e3fdd73c3aabf5407db
SHA256 0354793a8d28d12dd7489a59cfa5473f4a8139f69d0ee681b20ba9587395fd5c
SHA512 dc74f44c6cf1869c3a4e79a11c5d5b8125c0b8a96b164b1fe5eedfc510965fa70c9018148e6d0e105555f29000e1e9171e369efc0961de0d94663bfb6a50a302

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 ef389fd691f75c25407e6a2ee442e0e8
SHA1 d097c5b95c59fb7a4ec5cf8d774a87a912f8de0f
SHA256 ea969b516b6f5ff2ffb31cab73a62b4673f71b1012f6ea13bf3a795b565c4aaf
SHA512 25dedb489ffca264aae79ddec8191710d045e82dbf51d254afddffc4be9b13851daf1a6d598b847d825b8a4f17f3ae33ce28722b2383d10e9e43bdd3d83c09f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 835dbf52ef810cafe46b2eac59d606ee
SHA1 76b2a58af431c74a8a3a643765ebb95a76f3c799
SHA256 273d5b8b2e103f18405314881a6dbf74b630de876b270b568410f7efc352c859
SHA512 c2eff35a5e187aef42058a4887679d9aed59b22f347c28b4430d83e9ad8c7cd4a85b8a486f335308d0980c6e6c33fa20de5a2e1454770ccdec5c822d796207d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 f7e18ce92eb4b6645ff70cf6fec0c741
SHA1 2f920c0350a84089f3df8705b0afc39283a51fb5
SHA256 f7fd5c7f893bbaf0a484b8d4b144d749343f6afeda15c05fc0ca75afc4ccb970
SHA512 893a1eca511136996296ba08f319eb5bb25a1e54a9eb05f4b316b1feafc96cbcde6a218b274f74f2b09e279270f02cb527234930da93d7521c95beb0f733bb11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 bb868e02dd937b4afb0de735b0542598
SHA1 d6e14d3b68255715ef3150d782c428ec85e1529f
SHA256 12773812585a1fce118053d63d090f449179f7e0e3293a689841e4667e4388d4
SHA512 986daaabb8e0447feebb0133da8bed6a1e88f7e05e72ac50790ce0b91fee8756bb0f8c7aa711f92f92dc11dc462086fa539a5b7b89af4935162f2c3db43b2bc1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 7aa13a4276bac78aa28248085c41af0d
SHA1 020bad1e7415d2a8c8d9c9ce0cbd1d485bc9a9ae
SHA256 c85daf9ce21f610bc2e4844f3794c600ee0fc92951da29d436cc0b4be2f815c6
SHA512 7979485909edef4b16275bcfa6a1450a24d6e2af09a247a99207ee196ecdd7fce866beb47b12da2f612e8c1cecc54b15cc4903882720c1773503a168fbeadfcd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 dd018738badb5d4fae62549752e2829a
SHA1 7b9f4a1b7bbd607b0b882edd714fdae5a14b8e19
SHA256 5145f92bd4a7a0494c1f316e506fe9ee7b8bfad38387c7ed897e7f958c370ac3
SHA512 35c5cc020204ec283457e199417f9378dc52ecbce9779268137f54ac3cc8f0635f19ea27d0908e05fd41fbc629c4fdd6fb2c095a2be58b6133f5658ae9efa872

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9011b16686063a6a4fb629450e42d26a
SHA1 2a3701fabe98c6d1848ca65d17eec70c15d5caff
SHA256 a54fed019e9cb617b38319b005a1914e90e838018e3128c8a7fe9f8bf81762a9
SHA512 05a8f988add5e68c0eca8916d99cdb6e3a94c0f9659a0497997c81053a0188aec6453e1468752bb50d67de9345de10347ba3fd5160939a03f7785fe9e8c59c3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 c846c825508eeb9fa43d6b511f240184
SHA1 f3cb7c54dac76c5dcd9f4145c5c7c815d1d93160
SHA256 b65dc0b41f40b5fac1161dc3c35e3380640a3f4aa5f757e8e09ef28c2cd0fc23
SHA512 b54edad1534987e5160409de35b8dff22aab33dc6edbb6d2b4d47147a270a613887f75b647fb0211567ace1064fe108a92e8bda1b53630e088dda1249bdff23b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 3b40c4d06730b1559101d7d8582d2829
SHA1 d3f879af5413c239295d22565da248fc34822be0
SHA256 41d489aa15d7b5caa8bd0cf250b14e00cf4f5512fba6fbadaf717ecb6444b468
SHA512 4c3cb1e379a94fb47d0a6610b1cc51e9c1fd5b469acb85d789af0870bbb5c68807d430e992263069b9ff2ad9e2d5a6cfe421b98d4034ebadef66fb91f7d0b3c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 e5787edd5c4db3d9ee1dc8e2b1853059
SHA1 6ab80e4f841d7151ca61f42744731871aa1e9c4d
SHA256 82f128384ccd1191498378b5a037507ac532a2d50705eab70747b56dd9b1e2d2
SHA512 42f440af945ef39c49470dca786dcd37a0441aef0ef1a01c07419741dc2fba8618989dc771fea0793eb58de6ccf1a44b59856e1a8ecc25f3bd48ab09333eb697

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 65fd7ce4b06bd158d9c1ece56422e8ff
SHA1 df46e9d01fc0cf9636c2ca05dac91552b81a4e84
SHA256 d2874d7912042c57ba2fec094fb9d18fdd88ac59cdda2178e481569bd2629e43
SHA512 c8cf75209e32aacde9c7a5f36c7c5ec06c5ffeb06d23a4fd0a90c86810d99a7cdf5a94bd994a433b49769eda3d16b4a7d2662a801b4b10ff33b29267a5c4a195

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 0f4928af3cdb03d3e36714c8057b7181
SHA1 44521bf2f47666a3e35d02feae6c564352426971
SHA256 84ea9e551a1da2142bd78c384dc1b01dc21ed3c517f2b579a3755da331c66e67
SHA512 0073cc84c606fcf06ba6366e29dafce45dc072b49ca381c2d14d31d5b2ba8900ea678fb1725b9dc217f0a45191280f78bb9ff1bd025e27859eccf72b28414a11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 69b5cf2db1e58020c8c0d3a8e6283d6c
SHA1 9fe8c3e1e199d853debf667446390360b39c8b72
SHA256 6158401ed55c885fed3a8c56e41872d531ae40034288e89af056aa29f946d468
SHA512 2b2874248aafcf5055c9b58aae8588155c7f8cf3cba6da045f5ec20e0bcb05025c61ce0ed1e29dee19c538a66263dd75cfd533cfe3cfa492eb7b019bd3a5cb1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3d65f04bc3b8bb35b09baa15ceb667d5
SHA1 210f6974ec44bb34c75d37bb1eea53cb2358c771
SHA256 0d40777c591d88bdbf01a1d4456030da182b4bd2ecc9d64b656ce5539dc9f63f
SHA512 e1611b93372fe167c5223b07c09afdb406725d10cf0480c98fd6160ef194e87f35d1aa7262a8335447bf0d7fcd82102561ce3a07e2200434bd90dd1a89ae05c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 6b8843e0623551c34e9175f930400f9c
SHA1 615c180791a81b1a58761d722f780f78720c64ea
SHA256 2568d31580e183d293322114f7fab8cb581861f39a6ee445819ade5fb4d5b43e
SHA512 dcee4c910a7c8345404e221716147fcf4d373b26a324430086cf8f926193c754d2ad07a94181e03ebfb41ab316aa4e4bd1969d34fed3c225dcd8289f8a7c00a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 de243cbd697842894fb1fdbfe148efd5
SHA1 0934d452f730bbc2db005f68e8cf36f06766b6e4
SHA256 f3117bf7694a8855dd002084d73929480f39bebb06da493e34b9682551738675
SHA512 44bb0d658c862216e51d123622dbae0593c6fe416bea3f9bf75a49665c9d23438d5f0c191c25354a6c947b202521826bf0eb19a23e0071c3eb09df8ffeefbabc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 61bfaa5434e08ee4b2b8706c5ccb1f53
SHA1 bc286750dea1e0a6dc469dd9a4b4d2fb3e1f383f
SHA256 2cb5779381752eee07c8d5db438f6ee5a37c27e2d77467d4d31ca9d0f6a6c0e6
SHA512 9b857dc33e885dc31fb18df2cb33d5a90955c782c972bf4f71fca52292bdd7b735b1d8a0133566130bfa0677ca0916c38afb30022688189372508bce229ea0ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 56eaf3cfc9081410cea916e42e01993d
SHA1 b5d7c55ac8cacd42b13a6c02368dfd1f2ddc0655
SHA256 e8b044600a5c4dfb3d2ecd865c7bd70a521255c643c74472388bca795f24f37b
SHA512 82bb827f5d23fb8c9f4ab9d929e8b422f7bf2433906ce1ce891bdefc70fd538eefe98d2ee6e1a502c08f34ecee36c971c8dcbf7574c8ed7f80200d36f916a751

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 c9f4535c4415e838bf946c488b30cdc4
SHA1 3cbd385ea98d0e6b7eb081c1a08a6bc8a08c6627
SHA256 5d253461741f548734b19a68b748cfe5dd60970319a6a054247bf3f97d0e1678
SHA512 2c665bee987b03e72c9953523e8d46409afdec28a9c4fae8948bfcaec7d9107ff4675df298a4cc8a714c4c0b44f266d08f51acea6bffae07395d7be1adafe86f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e765b6464e33c524910ab1c0b4f16f3c
SHA1 b7e339914a440d973407dc307a6f11e61a651342
SHA256 18fb00f71935b303a4a8a5021db8203fd0056cc89f6ef84baae10321d6fb61ce
SHA512 4c83ca3f57920f52f8bb145c67b4ab1e2b64253f7782566a8a9094ae56c8d8fe2f8335e33cfba7310e00289d483986aae797f5568f254a15fda87dd71553d910

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e9a7204aa77ca231a53a512d9335ef61
SHA1 841430f1cdd0d59c934cffe0f51b17729c0dce4e
SHA256 93ce8c2d94828dc254dc8944dc96b876bfdff73d255e6b08e688a9a40835e222
SHA512 52248dd84647cb4e79667fbbc5c9e0157987283dddc4b79b187bea0e3ff49fcf07fde4ecb2fa79b063b629a1e068adaf200b173b188197f7da225739e18ec8bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 0f1cc6817b44a6bdb3044e53734a7067
SHA1 9e8ee2ade3134a7e02ff95bd45ef215294f00804
SHA256 338f09becef9a67dcb4e0c5268749e1598676192b9133f233b78e3e4db12d8d9
SHA512 083ccd1af0441740676d6b85ee8954e0da0f2d02b372ae875307e22810206127a7de290c452d732310781a38245e77c85d45d152d3743306876e6f0c3a523083

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 de19cff243cbf7696e24a4a5319edac0
SHA1 9ff48006ed0817541746da7fb9b192d075346ee4
SHA256 2ae440c7e15280531033308c254238bc4f1a35bc5d0911894251edf98c6f9abe
SHA512 3627d407823e018eeedc503290223df59b1fb7fa9b734e862581b9851c341359c783de88f013cfd1f74f7f00ccec0e62b8260bfa96ecf560769b1b4eb3d63485

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4fc93680fde65ab1eec39cb6bd22e85f
SHA1 8a2370595b8227af47ea4792a00b245a13c39d51
SHA256 93d8dd497d22a901f4018244b25cc07786534f2df97a43d58fddbb4e5d422f00
SHA512 5799dee6b8dbd23f154dbb5b40495b3d3a9d02fcc91ede350489244aa74d87c82860e4849a1139aff43e12c5e2c2d0cb0960fcb17fe34be419fe1f63e9ec30cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 74a175b5a8dd39345952787de58b6241
SHA1 9903a4f03d4432fe1b85bd59d91a5067dc2ec0e5
SHA256 27b2abedcd8f1485a03ddfba4fb4586a38279cb37cd3888163003e7122fec1f6
SHA512 780c699040a18f12ccb30dd3f4a80aa5901ea460f93cc8476432b091153d581cbb8b63fc453e7739ae214ab02064f94cb6c6307ba764fcf2d9277a25009ef80d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 1d3c862bc56edf4f2aa1595d78b10926
SHA1 21a18afa28a9790e7617c7c2e9e204c611e57d10
SHA256 9df9569550206bd31044556db4ecba1c5aca01f5a49d75793477acd9f0d3c375
SHA512 1d7139c8c513303950730148b68c528dfdc30c4b81384b1a99f80d76ad0c4de263b238b538048784cd2f689f2357480fa55a4245221c9bbc87f4167ead53a5ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 3098002aef1ff9971e648a523a66fa08
SHA1 21c1b973bcc8906693e87ccfb1170e9ee5794b44
SHA256 33d1adf163cc8bbd0d21f2790b030a398c5547f1cf1241c0b5d370c2b89656b8
SHA512 da8e29bd04e14b78fdba12ab4c4f749f9f767a925b2e6895ec31407c29f5ac8aa6b1030937644ec6b5b82ba5ab0de3d76d5bfa2568b4a06346cfb9bd55b8b264

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 369f41db94d9ed2c590900d46588a88a
SHA1 1897b6d899de27324870a5225e30fd6abb46c72e
SHA256 38df5e1d7b2531329cab71f0fdb25674c96974e82aa94027117effc067915f92
SHA512 cc3299ff7f5aa8ed5ff4e9fb79215368509ed311a0d69e5f83409eb1947ae6495c6089212d3f123b438722b216861c83573dfb02a8022068ff8e791a9da6a95b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 2ec4860c754dea1a421ef222d5bbdd1c
SHA1 88bbc7da5093f5d0c11e3e0a9b5785cd179e4c6d
SHA256 62a113dacf5498feed976cc8e541280e642997de8debff6ad0b022e14b290914
SHA512 1be61c4acbc8e64226c47d4e48e7f61f69013e923c3fa618801f7f0d670e446534c2a18315610ddee8007543eda440a55a282b1be3245cf61a805f7774351ef9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ec768ba250ea79521de302423e1c5c71
SHA1 7ce62008edd5ad0bb92237b6f09c788a6e8b7ec4
SHA256 4714ba416f11b559da3387eed1131d90097cbfdd9d6c830944d82b5d1e5f1276
SHA512 57a6386e4809415c1e25656252d60680dc94df5fb0e3ec98c5a6b6ca23259647071bc4931c051cc09b9538833bf2a16b3f22a1dcd199ee0a52ae97d37219d55a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 018e4ab147073d71271ea8991fcb8c08
SHA1 5c9c822964613d966c82d4fc88d3f6d14d68c467
SHA256 90d1f3071f5f219e68ac7728af54bd70206febf595b6569c0fc5cf4e47c3ab59
SHA512 30f7ef8720df6bc05c554ea323f0eef3a858774b92f870625f16e488f5507574962589b9a15e395609bd373d72862318b70e77e17b9abde68ed639d9740116dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 12fe1537c3424d59c06c33b5bbda6791
SHA1 e428ebfa78ba07f33d6a86049b6ce43fdec7c9e5
SHA256 6d0517aebafc31295c1777a3b54b96b8523c851993c01a10f965018af0bc3e07
SHA512 9c0f3ebf6cb8db0c06d935eab78f0557e457ada7ba97d8f50cbc959f703291cde851b94729a20869e281acb7dc3a9ca814a0397f939abcd8a4f85c25de20e5df

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 1f28d36e9bebc7ad49e4ecd1c2f99abe
SHA1 c80cbfddfd54eb762dcf56b97351c6debc40379a
SHA256 7875407b5204fa43bbf3cf100c64af625d417299fdd0bf4245e6262fcb754ad6
SHA512 876e4f36906f192e43cc95e967f822f9c312382d49ea7476e62c480fe5e25fa776049d7f5ffd880472380270a35b5c80ac3a730ab493de8904e908018afd3cfa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4e210e77165cff0d657d97106d39d176
SHA1 82eaa0d7bd47ebfde1e491f144f5ced3870cd807
SHA256 b411b056c3fd7681e1bf5889bb7312b50078016156caf85e61e87cdd18b63576
SHA512 c98f8ff153ce68a36cca20576375787dbc9a45fcdbf7fc89bf61ffc6a026f7286b50267db8eea9bb2e0974031fbbcb0d7e9d08e32112694d77a5b459158b5248

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e43b3bdd228fbb62003002b421273a76
SHA1 e6553c45f804714b35a0c51edecd81b33441c4e3
SHA256 500c6e62793dbb2d33fcdf2476a081b0069225b08975263bfcdb28862a8a9282
SHA512 ddb9736ae7ba2e1a8923703289f1fb69990857593b140957ec7d0d289d62dcaf4c708675e6428e4061ec1b3f18b95870d82e985ad39d3f99020b2956129072a5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 29613b0a4a221440c8d314c4bb5a3a5d
SHA1 48889f06ed6d6b9f18cdf92384a9e50b5caa6dd3
SHA256 fcaa8974ddb5ef419bd6c8dbafafde74dc9e81d79110813f9a735b8473db3350
SHA512 217430fb51f2536e432192ed28cc7772a0e7bb9ab1d8acbed59983739cf86b02e9cf9f76d5d0bccbc47ecedc812591f599df5cb09cf9881b17e6b3117b62a68c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7b81dd0ae180dab5d2b4b58cda07eb10
SHA1 9170bc75219f5b02d83fcf9975a499b4d5b46369
SHA256 9045af7f6ccadf7ec51c55cce778fe021cda8ef9212f4e4f74eb258394562721
SHA512 394bc468efef721d791a15df5c13be11c0631455865b9590ce5acac445b3bb2320d8f81050f382e2a27ac6515536edeceae6088cbf79fec9bd49875f978191f5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a310e80d3d91cc5a5f21eb385f531dc5
SHA1 8ff8d9c3ccdaf604b9917dde9ff6f774168d0c62
SHA256 0a9e0bf4f25141637215c00ca62986cda34e38c5cf234fe944c8dfe4c9b95b3d
SHA512 f5f4286ae14c911c086478b0092a63710118782d5be7c9645b2eb1ac2eac7ba41075c55b11782e3faa4daf6d1199867dbbb8b38b1272c0f1587b71e388c63a01

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ea1be1362f7dca878e1120f6e661f9fd
SHA1 7ef0567f2c96bf15ac3b8b0cab35e5baa5305a18
SHA256 17851ac7e35e204b366f987d787596c8645ed81932b33ab2221876500ceaa675
SHA512 a529f7e1c0c56a77113256c288f0b31190c90808a3baf2847340e5fd6eb0d380f9d2f8ed6e07a0d494a5e34881c46804bf7cc213f35a7dd9f6cd4024c00e4838

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 8a1839024d8d2c576c0c99ec568cb842
SHA1 4dc527740f42d64829bb96b4f91be336d578865c
SHA256 ca0559126bccf501240f2aa36944c21cf3f23820b7610e1606fead901978e32f
SHA512 a5425b8745948df9dd27c09fb66b56535e7df50ad2c4a74fa83ed089da9df09f3b4d1a9e4f89f4682b713a7d553906e0df74efa551285213ef49148482c3ab66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ba826622aab68b6885fd8d9a734069c2
SHA1 21716b5f39c35d2c5c720a278bdeca1991425ce8
SHA256 0cdf4395658c424ec20d7026c52a4e2412590b894e890d94b4a06619f77d1bc2
SHA512 8e87acb0892555796fa68b09bf6876702c777c6c55eb084af2da0ef64c2f2289467a7228300117bf9e478ff5caa78cf6ec43cbad7cc102dda4f0ee18b239dc40

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ee86ce6f5f520e6e986e2e0e705c9f8c
SHA1 4511a5d08ce55cfcca3f1255d45ac4a193900694
SHA256 9785659155358d5dccc3841835322418dfc8380a0230984f6701f92849bfa0db
SHA512 9079ab622962a145c60e33ccffd2d12a62c4d048820a9cecfb19c75f0150bd164a8b6606eb884770d80859d30da638fb2862210653b37e5ad446f052d69fe135

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8d22209fea2e1e61912bfe9a76fe299b
SHA1 1fd26ed72db8fb7ab17f4e4fe122ea5408033302
SHA256 15b360c12f48c9a9dcb81c7960d8eb13d7081c737804cb7cb50f8f6367a05f67
SHA512 82ca1474631715c40f625624addf1dad8c319532b4d9f8c79a964cf3ba89acfa42ed40996071d6dab4c4d9f0e2a8c9e57f88937ee3048662f296ccb0a42115a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f96e78ca550f3aff07b909d4191889c7
SHA1 7e526ea91d8be7829353a16eac9b895dcf8a681d
SHA256 6dc6fa3917e9f35bebbc804526f9a801f4575697f6952ccdb02d32313b46e1ee
SHA512 f6cc9cb3e5b26ab925be63b1b56f424fe133a1d05943545c8db62e5a95c4403374dfc652477c2e693cabd44b80123ba60d777f2aa26391e23a74ee84a909d9ab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 7b2bacf9e2a9cb324f60c3bb796b80ce
SHA1 011903b08060a4685370b5e8c125d456e5e5a7aa
SHA256 5b95026d577b84c32828b57bb93723edb884969740e04ee6e19984c987371a9c
SHA512 7d8b30dbbf64404f5aa960478481199211f6079bf4538d1ef3533b5befd5471061941d583631b2f5e2b62f79efd514b8a003d8640fd4965366506ab0d7c99526

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif.EnCiPhErEd

MD5 7aac66b87e52ef41c62a144a61511e6c
SHA1 ccd8055d082a636e91facd708556a41c1da4eb6a
SHA256 47a65a7a61c0895acd801ba4c1d0a74649f18d276fe363effc944c61f0d02e60
SHA512 d97e1f4fefab0211797dcfed286432f65c39c15a88bd22d810de3cd4119c35486bfcd1bad34d140609ba8c993b6b7b5881ee029419dee7e0b4469c4f158cf78e

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-13 11:05

Reported

2024-10-13 11:08

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe"

Signatures

Renames multiple (2197) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_battery.inf_amd64_5637e58e54fb24bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_399f04975a0af112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_ec8de8952888a618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_fw.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\WideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\vscroll-thumb.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-100.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_done.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NoProfilePicture.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-20.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\Sticker.mp4 C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-down.gif C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\trace.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\README.html C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\add-comment-2x.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f172b704a150188c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hnetcfgclient_31bf3856ad364e35_10.0.19041.746_none_6f54def0ad102687\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..cesetupui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c4bb1387a5c31826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_10.0.19041.117_none_946d94acb02f54de\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iadrm-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_0be8fc6c84aa26dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_52a6881a1d366196\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..r-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_7f74f7b3434bd940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\memoryAnalyzer\images\i_table_options.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_8b3c4a023507f76a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shutdownux.resources_31bf3856ad364e35_10.0.19041.1_it-it_c35594a9362a32a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_it-it_635a71dbe36ecef6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagTelemetry\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..r-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f9494ba33eb98168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_10.0.19041.1_en-us_94ed7a62721e6143\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tingshandlers-mouse_31bf3856ad364e35_10.0.19041.746_none_d430e6d1b46aecba\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.services.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6ccdaa3a0e5f734a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.build.engine.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_e1aeb388edbc2c95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rspndr.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a5ace46dbd551f79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_wsdapi_31bf3856ad364e35_10.0.19041.1_none_7ef944a92114e893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_presentationbuildtasks.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4482ba502cda4d53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e8f2b1380a171644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\wide.RestrictBackgroundData.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-1.htm C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rascmdial.resources_31bf3856ad364e35_10.0.19041.1_it-it_13b4b62a51cb67c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_10.0.19041.1_es-es_a9823ca2bdf0059f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_10.0.19041.1_en-us_261203a3ab85afec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\UIAutomationTypes.Resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\PolicyDefinitions\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a0ddd00dd69a9dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6225b0f1880678bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\AppListIcon.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..irtualbus.resources_31bf3856ad364e35_10.0.19041.1_en-us_ac0b3c7d0a7b529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_heartbeat.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_711e1f9072211be1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing3d-winrt-core_31bf3856ad364e35_10.0.19041.264_none_7e6520f6092da338\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-network-setup_31bf3856ad364e35_10.0.19041.546_none_85daa5cc47312f83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c8082d297ddb4f2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-classextension-v2_31bf3856ad364e35_10.0.19041.1_none_f3d28f7109310cd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_10.0.19041.1_es-es_3f29e041823bc081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..x-library.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7466a4da79c22475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-media-cap..adcastdvr.resources_31bf3856ad364e35_10.0.19041.1_es-es_4609db38f2f8dc4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-activesyncprovider_31bf3856ad364e35_10.0.19041.1_none_755c1ad296243d14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-setupcl-library_31bf3856ad364e35_10.0.19041.1202_none_3d14890c84f6bcec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_dd5f2e51b631fda1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_e1b52304d9810f35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.scale-80.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lxss-manager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_82792589e32bceb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ice-winrt-proxystub_31bf3856ad364e35_10.0.19041.1266_none_4fc026aeceef2734\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_f12_context_chartzoom_in_disabled.png C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_10.0.19041.388_none_a20ca0845507ca5e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_cb85a4ab7438c402\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.546_none_0da03799d18153a9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iorate.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3f771221a02f7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_10.0.19041.546_none_718b136d1774c4d9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_51695309b91402dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AddInUtil.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_es-es_69d08230123db221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.extensions.design.resources_31bf3856ad364e35_4.0.15805.0_es-es_c3551f4a5d6236c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IPWVJIOIHLCVWET" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe,0" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe" C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3f7c8d182151b687bb8ffb44c7b97bf6_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 20128b48c80b7fb904ef375645c19ef0
SHA1 4af7ed6a6537f3cc8d8dd728e07c08b66f57b983
SHA256 c944e323c410b56b1289bb69bc5e579632dc34ec2d40f73f10cdcdb19a5fbca8
SHA512 b7cbee89b87e64fc48cb3494c42133878eeab3d3fbfb1d02004f07119b5cf2bf517a57ee2f4d0d0a547f79a3972b8401c430523801af6e8d6a78cb70c420730b

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 2c17493740a1c65351b91f90098e186a
SHA1 3d07b5fe0b70d10ffc54f5cd4d08eaecf98d91ee
SHA256 6b4ca99f19f3d5089170356c2a720d546707bf64ea9355c8679d43b2a78a3c2f
SHA512 d43bc1961ec18bad33305d1e58351e80bf8203b25a38a6330849fa306cb9b973e8b278d1f7bd3d2d82752dda14466e89e2cfdabf3234b0b8a653b4a05868a809

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 22e55d3abc8163c05a270c9de5ef4920
SHA1 1e4696c4b91d07f63ce64e66132dbc0451e5827c
SHA256 0029a8fb6ad0e6466f9a73a9f8cd033908771ad78f292333b837d0018864b72d
SHA512 db2eb7035ecde071c87830d6235936bb7d88eeb9b98b3f6a8783c81332c0bfab04fc461ab9d1bb26e395efc927fad74b8351a9a95d159bcaefd6eac098359da8

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 97c8c7585462ecf8ee93d073309471e1
SHA1 f6462bfe645e9faf71ea19e8d08dd576049b45cb
SHA256 549915e603bd079cc611c5013f1fc6c7f685bd22fcced199263fe3e09e6ce507
SHA512 39172383c0ed451a3df17ccdb7433810c33c4267fca1c49cdbfdbcd366a4604a448d33824b22d38ae00485a5c70220b86afe46f2c85a8288317a9a340e7609b7

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 f29e43a8e3571fb2f176fed6f30f4764
SHA1 d45f0e7d126fcda244135fc5ee537d3ba646b550
SHA256 3b194c3d92b21b5a9853082fa8e952556571065f411b95628d9e2aa30cabe203
SHA512 225d1d230d67321186dcd6c1c5e4751aa71eac36015f975c8baabe85c3df02413a25c988c4bfc3d15308b8426318c0346e826bdfdcaf6e2b540b03635e9e0c4b

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 c4b99f740e70a5f80711dd508a5a6ed5
SHA1 ac568b86601248275d5a7b59f36830858d34e9dc
SHA256 1a9b57a392be98bfec7de79dc92f8fbdfe749bf23b4cd2aa80b214c12187a294
SHA512 d1a25455a07f815704f5ba7da9421095aa524c5ff51de3cf7bd4a877bc44ccb57b20faa73ce493e9943a28808d4e7a74056984788794943b93f302d8dc002d69

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d8cbf42a59e28dc004ff30616da0c22c
SHA1 71981bf32dce9bbdf3772a7133f76defbe2dbac7
SHA256 87cccc1145290262895f9968278f9d63002b1ae7836142b6d3e94ca62f7491b5
SHA512 247ec1d9575c0cba5fb993dc7353771802c34328b9b5b2783cfe44579f887fe548d4798ca1568275d839ed5f0c9057677fbbf90648c85cd04282bf6a39765332

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 17adf36b5fc913def9661e1711822dea
SHA1 77204832b8879ea66c27941b1ee0ccda49eb6c1e
SHA256 41c3e107af2f64ca44ce08afd9d88fa37a99abec772f6fe3f6a450ff0dc54222
SHA512 8d4df473ff6d03c17c9276d0cdfbf38fa872bde5ae7723dba8c29df4ae1c78d4327c3021e53026312d60c337c065f374408d9a23008cf4c0eddaf8fe1dc6ebde

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 22d76240d5fdd7fe92505d54ddee1058
SHA1 2071f9275a0fda64626bb48acdadc1e1efbd46d8
SHA256 17caf0f01723891b6cec1124dd70502015511f82f57d9b03ee536b7216813267
SHA512 74dfb1f30ad71052004ab470afd94c1c55d0cfee500088bb8e28bb24ccb61a1b5919a8ae864854d28cb4a8d6a8e7e6914a7e472033606cc4bea247a60b1522ea

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ff13f738d049409881501393728031da
SHA1 1661b872c5a1b4691a4ab415d2ca11088b6ece7f
SHA256 7f329bda4a3dc83c49ddc999e614992e8b5fe7f8c5da41923c833c3c0bbb93df
SHA512 7883e3759cde8bfe1b46d968c2fecce3391d6938613f01752846f8993bba9453ed54bfcdbd244ab412794ba2d3ec624a0b2b17aeb854e051925d6455db009bb3

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 deb9981264634f0c4d5974c448eea69e
SHA1 f677829a045ff03d94a4a5a7f734824de2c5b818
SHA256 84ec0ac80e1068d29e6c2094427945c10a68ba8c4666ab7f94e61888f2b9d4c3
SHA512 485ebf693bdb58b252174cecc6a77f9237d6ad07204f3a15c4e0ba3e37011b44eebff4d56711ecc04ee425bebb799cd637689dc1d7c7ee7c8d6153f1f06b47cb

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 de8899c87b3007db4bc884c7026d825f
SHA1 cb82a77635dc5a572d8dca8940a98637cd1b1323
SHA256 b7f3adf5cc0db2a42388a4c52bcd6936c72ae1abb20b20de7f0790d0dff461e6
SHA512 59c53f2fab483cd94dc01fa3657801dc5a7526f2b607e61123a0ceb8e6c45407fa79a1df1bc205a1d7ab0b1607c6616e3ad9237966d8c817296719591f8cb61c

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8643abdc357d2260e6c4dec73a7c59c3
SHA1 0ba39f36a99bcbac04563958a3cebfee71f191d1
SHA256 bb3376677664c51a693cb0935179fb60fe50ba3f358f11e0e31237cb2d6dc7c0
SHA512 2398ae42a1e7373b4d6a0bc15dd427364f309428b1b25b05edd64f5af0850883211396ff485e621807c7e8950859b3da4e28b19e94fcbb800f4d81cdfea54e58

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 f196dfd4ba9388243ed707581532894e
SHA1 8b939bfb278671dcb9268ddea4b3e0df22cd32b3
SHA256 1afdd2681a4a3b2ce9a0923162cc2655425d289026d5c48dc9b4d8f35bc67444
SHA512 06c21ab246a77348042086556058dc9b8d37af0f8370a90323d10c4354941d1c584dfbd014086e40e11889e147f7b21d90819df4a873c80073ba2b0878f10cc2

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 10d506454fa1f5be8b011bacf4624d1c
SHA1 f318b72784eb1d83b0ee611b116e86d8ed486970
SHA256 efe82589216b17f034ad574ecb79ce08e1f66fce9f8b36b789a33eed21b3e934
SHA512 eb4dd36e37b24b84657435efcf7bd9c0e920ccf181b03a2c79db39e3ef31e8a26673a724f7ce8292421c6589c9640870936851ea383daec177843c936d75fa72

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 eb4af32a0df753a945015cc9d660d551
SHA1 147322943e0a8e6ecea570f767291bc2f669aa90
SHA256 55a9287aa511733111bcf6f45e991c8980f09eb0d0137efe2861d9e0ffc3962c
SHA512 5e0611698788e95e4d2b71fea7bf68ef4e495808b543b4c25e8392985a012ad47e7fa879948af65de84897c95651f33c15c4da59ca079166aded061fbc096c90

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 da7724f28f319dcbda3d1cdf3b3a3051
SHA1 0586a9e3fce921c285f8686a936fe3cd6d1c4053
SHA256 ee4935128fe4a89305424f5a3a0717de227e7b56bdce0fe0d8f45ddd83a34108
SHA512 3e7aa0d3940f53016c859fdc627a3f4fca823967895ec72beceaf822d8bd97b91173771f824952d1c9f800d71b251bfb89a768627e62bfa6cf48990e085c0d42

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 7d46797d2aa9029b2c158198f29d104e
SHA1 aea22f45419906120bbc339586c1af10f170922e
SHA256 227f3566b3f4a1a1df3142b9dce9b927e4402b0693d3dc845398286d6baf8213
SHA512 3692cd17c3e93688ff8c1393023ba614229fab4da4cb912cde84dbf2d6bc6c6fb603c16c7c9401e403a7564ef13af84d829a4b412971062edb3d4ed5e2b827d1

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 b9de533cdbf392653ed08f93a9f522e8
SHA1 4fa97ac954a33e4ee00ac2a9ea3f9f580ee73ec4
SHA256 2180dd04ae273af2e6cf82201945bbd8dd97e38f1f3f331f7a50991ed92f0a25
SHA512 551c6077353799615b558581f4649d8b7d3481acd4ac26c43e38f018c98215d51ff1c2ae266ceec3ff594ab58d12cc95249a2763e9864e6c66f643b5dfde474d

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 2046065ba9a85af82c4ee383e4921cb0
SHA1 4261f23b13f399c251b978d84e4d294d7d04368b
SHA256 f099849e40dcba5fbf97d145769696b6908d4b2483b1113c26f310ba198082bd
SHA512 8240490783953a809e630dbbc7d7a515d5e74e2a144777a73348c894621d2caa6015be9b679e3c8dd6c0adca515a39b8aa71317145df2eb3345e54026af5e79a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 159fb825c09da28e392231cf6e5b1857
SHA1 08f0e920d8eb40271f3299440182d8813e8ef7c2
SHA256 7a164f3b675489f353e2db44e6f08e759edc2e524abfffcffa09f0d9982fef04
SHA512 bcf900293a8880781ce1912ae4f4bf978f1a35bd5b2f13834ef2bb554cd884a21565a345bd3f17e0e12949690290e56537f7020beec64a4bba016f7fc68b019a

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 57f47d4ee93f7570013d651f2304007b
SHA1 64465d1230ecd8175e77e50ed8035e71933c19c4
SHA256 3b2a4164de9aa183e31f454f4d61cef305428da584db8228ddfb8249cbdb4fa9
SHA512 52aec6e7c5462f6def35f96eb47b8f3655a9cc550a336d3a36c5710a46175d0c2695009de66cd563428c4d29acb11d2af95eca632305212788cc46cbe16cd19c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 b3b77027a5df3661c19ada6b3fd7596e
SHA1 2b0a85832d05e209f9fa3b465f57bf1c56978506
SHA256 1947fe710b773793547d90f37737bf2f73d5df377b54d9415d9e58ff517aef68
SHA512 b565803f59850c7dad634ad308c66e5a59cedbe45ad92e660fd5678f10fd9cd0aff7a726e0d7f99c6afc43033d1a6c3234bc5e53b52bb99f72a3f84731b20247

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 8bec27eacc65f4c213019618553758f5
SHA1 b67e7499b54192eb59b1db2dd93bf7d15d4c4eca
SHA256 da29a9dce25245edd9cbddf83676eaa55769c27f57f972e9bbe11bc8f8d14167
SHA512 4be3bcc57e505b36652f87fc7052b033e322c32469d20098de03ecb180529a2e818aaf1f100f992335094e88b13561f7ae641c5bd273f0d6c9842137f59a8516

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5c898cbfeaca4953a7fb89dbdb290f05
SHA1 d179c980f8e1713a6d531ecbdc88386e039ef80d
SHA256 2621421e0a9ec8d90dc3c961cd22ba89f86cfa6aee90eb727a777291ac67fd83
SHA512 12f1ef292137ea5873e5e3c709f3739afb165a777d90e06f0d69b5d7bf5474a5879b16f10724b7b98432127597897c13268974331c59f5b59aff0cc58aa4649e

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 22450c814f4b326a21eff7fb363a1d4d
SHA1 3e1af71cebb74090b32cfcbf68ea5a4b49b0f8d1
SHA256 3fcd5620b50326952691c5956320cddd2cf33cc78c8002478773644c1488759f
SHA512 e3eba881596f24be1b06199534d74bc010960a26fdad83177079079111586e543dbfef05b7af02ecc78d6410bde58d7c892ba90744a63295eb0a43b8781e1043

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 2eb59c4c8ab5998a54bfaf391b37eac3
SHA1 c4ad705ce9195b415707a6577567ba37533c2da8
SHA256 38a36e60e86f59018c9c1f28cb1d8e99a464171b15c5e6860b8d79c8d926e038
SHA512 1359717151d3f1800eda5c705fc6ab07b5607e8a7bed750510c8ce060817a76e42f47eff256671ca7c8ffc00dd9900f2b5117d4be17b6305e5a0e46002379716

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 1c0f77086dbf273e07dd4eb88309747b
SHA1 af7dd361ecbf8ea17b39ac33a248454aae8a2cce
SHA256 75ab002c7c10b8591743df97d89240117bf2313e5d69cb0adefd9524c46557a2
SHA512 798b8468e61f798a05f456423b138441f3fc885f5270c29c04015ad3f31aefce5a0aadc1de3bdde8a2cb1799fee0059678e2e736afadd1eaa9b117a4296b897f

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 f6c34142a9c9269f6a91816c91f27773
SHA1 f6669d023d998e83f51b7002d3e938789b6abdac
SHA256 6395f1b9a57565df4ae963e001ac6ec3cc6851ef02a4d9f916ed5d6affd10ea6
SHA512 b927a4d024d4f14cfcdb9898264264d8782f6eb7ee1002d73e77591de235e5d67d65ba8c56bf908161247f2e8b5c8bdce09d0192aa19d560ff17fb5a7d626238

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 efcc3958eadb7f85fe99909cd78301ec
SHA1 e3502dfe5b7b5aaa38e6011b416cfdf6178e76c2
SHA256 21a403b5e130df11c77c5b2217a06d8e5fdf1fb48e9777daa6f0bd3287107df4
SHA512 05fb1bd60eeda295bca246e84435f8bdd9c282bf061326b7c15dcb2d1796a74e552d11367423f63e224470f07935b9cfe6d17404270fd8a98a64af5c7175dc56

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 13e798cdb91b5674136cffb824ff8531
SHA1 6068d59aa597647c8a978803fd2f28802732960d
SHA256 cf4d0f98fc9e6cb020ec6adb26eb77058cb22ebac66b1cecec75f13d6bc712c6
SHA512 3bb0e14d012c4f1117f8b73aea5b93f16a9942f3c0cfe9b43bf90c328ffc23248a299cbb95e738eaf7326e4b0d6b18f3d7f4ec021665c186c72a45cb1a93559d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b97b560ac4dcc905bebd770a5ccae083
SHA1 ad5ac2957a5006c00fcf3ea8393cc59d7c237aaa
SHA256 1def625a2adcae18064b301ec2bbc8a80a6d3ce82048badfacca8acc9c106cd5
SHA512 ac03d0cfc3025409b6c1f37550d056d02d1eb1c3533c28cfe486d974b285264e2c626aaa91e72b975f5a29c877542ef352f0ad20c5b7894c6fe0542063e19cda

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 6c8f56c4b5e58afab0926e6cf49ba16e
SHA1 2c5664b7be2104616623b2e0025553d1627c1c47
SHA256 4a2a052b1d00e5a9418e624d008f2b250968808347c44fd97d27731fef219425
SHA512 7ef099c6d5d35ab1b31b6aa403331762bfdfc0e36970742509bbc5892dfa021ee3cb0d4103432ee4805e212faac60e997d2e0bdb00d2cfccde9519c148eb3dde

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 4d31370c5fb35ea536b1f2a79eabac4f
SHA1 bc9ae33ec6eba6474812c7d41d7a252c6f05a2a0
SHA256 abfd5113423d885194260d01d5c74240cedf95f8555dc7a855bfb00681a2ee91
SHA512 40305e933a956d800c8136113bba1eb6a672f0a34dbabc5df8222db577106c286fbfe707abd164987d9003ad743920db0bc9df6d5a880eca24d252c2cae01bb0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e8c06f2b313a9cd31c841c243147b67a
SHA1 aedf0159a4df8739c7b2ade6868313be2bb49e65
SHA256 69807fbb4f141927fc8f5c4fb3556413457f0934cf66b47677721d6dfc8c7fd3
SHA512 8dfa922813440e01f06a91e290a0a8d8caf19822617414b3f9eae62a6b1e0d9eaeb260faf83a35dbe6e1718b98c4b99e526eaffa65e18bf1fbd7578c7ea222e8

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 749aaeacc141aa26eab13e20f1ec856c
SHA1 38680dace771c3be1be8e76e373536678c2f1164
SHA256 5f6f1b487b5368614ac5d3285fb8a93423d0a2cc0aaa996381991248f118a5c0
SHA512 ab65712d4fcf457ba088b22ee234d4a7f77c51f43d3346193a16949fa7030440e26c79b4da00ca4f87b525bdfce2819a57bfdec9b5465363fe8427c5db15f9c8

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 16a52d99eedb4c6b4b97b6b78e3d55e4
SHA1 c1d88fa723d5798cadc57df34eed93e65e4fac86
SHA256 4d7247a853798abe227ae75fc92890427a3bb2b6fd32b651741bb71725f7a8ae
SHA512 6ccf93ce801fc2c410e89d971f8eb9304bc1a40eaded8410cddb3fc0bcd143aec823f185927cb65d1a99508d4a94aa5dbff17b924aedc9aad0252808a38aa203

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 feb56bb72b40e2a65c934f40fdac0397
SHA1 9a585f181dcfbb49360c33d6d35972a16db8790f
SHA256 4ea215c28df563d51224adc24b7fb6812e6bda71771c39db505418c2fccdeb49
SHA512 e09c2bf70953f9b0ad57330428784df6f4e5add0fe3f06832e18beb680fd1f0ec410d205dc902949fa756ca66e30f3ddf12ea2870369af1619dca45c4a7705b8

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 80bdc13ec6060719cd1294bf9d652be8
SHA1 40b1b7b4020e0aa89bcc77254355ea2a9a734220
SHA256 758eefc620bbe4c1026fe65020a3194546422efc872bc63ce28e6beedb53ce30
SHA512 fedb8dec17218a995ce310c1921721012d87a4b401ab73b8d51e004f79ff89ad66a937768c6c191c74f71314c14ffebe4e71d281cf925a2733ebaec53cee66cc

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 100e14abe7296168b5cc782e4e2bddab
SHA1 b857a9b8e7febc2629845e2ea775bd11eb5f22ff
SHA256 703c8f7683467d133ea3b3fb78909d7b285d66b8395e3016dff83c84d6aa0ba6
SHA512 8e9c76c433cb5a4678fbb2879586a91b5aeba1c5da601d124f12182f6ca74b380b69c6de07a76b3063e34d3c3049387c64ad557b1bce0dd0101dbae62aa40756

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 c81c539b74aefd8bfdcbb4583b075e30
SHA1 63373f845d1587f9e206e6b15cd500119473793f
SHA256 33e1f7cf60bc75e676ea4d8c184847566387e70c8197bf81968dff3676d7bf01
SHA512 ea2ba17ed70b863da5d9ac2d636b4012c4a6d643f46a1de4c3e70fe479c14e87b9018d7ce2b041f63fe75bb1e0fdd4c069e210ecea8a483b90f9e2790e83ecf0

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b841013f189fc65c5eb7a1d7c1a69d73
SHA1 c0310179cdf14df53d417702f212069238e90673
SHA256 07abfce72ea0a5e33870fcbdcaef987616aaa43497b3c4ee950b6e09072d1877
SHA512 36d27de665a03da4279504929a190bf74e8a0d0eb81b7b27faad650e4c4da381be6e380125a1a398171a0440b06c17db99f854a8870092980466abb889bce92b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 8ff346dc8b181dd38d7e07336d470695
SHA1 c85a4ae01763d01371bd127a3ce249707c4fb6a1
SHA256 2ea382bd5c15bd799771acaf13143ef6e5f92f76c01b8b97eab02e617b6845a3
SHA512 598139b5861016a025d89803045b0c6dc195b2374f0607bfeb50bd2b31b0fd95afd930b5e42f1e58132be75ca090849ad424b4a1c445225faff91691a71e1025

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 deb781311b3e71ba92e75ec1f36378b7
SHA1 49784a5fabb9fc1137e89bda7f66b6472064a1bd
SHA256 b377f78f1e815483ff136b157a3ac7a0b9c0ef9d7685267d81a605c60ec9e281
SHA512 ddca20f204557467be9f7ba442bc3141f6ada9d1e5dd0bf00c1028f76f30492a9ed7accd44a6c9add8e834c1e3ce4dabb8a5d41c331e54aba44d127fc1b7639d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 b8c37ae9df17b0d9eb11e8d6bcb1d14b
SHA1 28465b54df83585313bb6f6aba08d3ef5306ee08
SHA256 9626a3de89a11222836d00599767d9fe112ad57bf6734aab1d1b0788d1d37867
SHA512 6e42cdccd71c88d1920c4145f3c78025cb57cf66bb21aca22f903e06b984617b47bee68ef6c8f58e6789a3291bae20c4f19216a3f342013630be0225f20aa0e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2a342ddcbcbd04db6b0a8c5e2546f055
SHA1 db95d473645be00e45ce3e94b012a283f3ead558
SHA256 6e9e576997664b2d7a6fc06e1c4b01ad73f5eeae3c204927ef980f55f4774fb6
SHA512 e2c45e2e7acb8ac5dea985236be015cd67d6f7e6df6cfff5eac638a65e158fa5e81088d41d15bb377b6e6f8affb60213d6be09f73b8dcf66c1320d6c5c5dce7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 81a2186b6d72b335b3df57612b611b9b
SHA1 b3888451f6e98fc75067de41fbe815c4a4923e6e
SHA256 7851c773545e5b0f3113fa303e58392a4fd36406f5c6f1cae84cfdcd491e2c7a
SHA512 99549b423acc9a28782810897e91ffce3a138c17532975f75335287e210fb6623fcce0ba7dd659443875fbe7eae2daa528832b29982ea41ac3d0320a87652f0d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ea40b73502a55f01865d9bc1a00becc7
SHA1 dfaaa558400760c80fe0261c4139382e4a4df9e5
SHA256 069612f063a92a76e7bed58d81a463f18d4be3d326315cfba58c016d6fc6eec5
SHA512 07cd0cdb9e8ccddd54db06c53c7056246dd0853d55322428e5c67e875c2559133c54a89b7849b2cc87ff87c3b3b95eb1d48381255afe51ae6b4e78be3443cc94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 417dd1c4202f27491d151c9a19669f15
SHA1 44ee3642e2177cce792b1dbac3e3f42a51fb450f
SHA256 18246dfe8add218790deafeb590b7e97b2e3fa5712f878feb90b533be52e118e
SHA512 a7596674fbbb119c8c1e7de0a496efce08a0010acfb740d3af1ac262c4bf96c037dcefc8a17d57915922e8a3936076c66aaf690406ae9e1c182251bbb8ca0758

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 91b3f597d2a30b24901b1ea921f44587
SHA1 4bcfef445c74760d04e6920113cd4f945e49d17c
SHA256 43a1eaec0c5a846aabaaac73376ca503450389a040d8c298202956f2b31ec783
SHA512 6f785ffe94683b72e0d040cf3d54b5dd02bc8068d6bf470cdc4af93bc3964e06f0153f7a42bd7d7ed683e726c49cc69ed5fc30e538ea91d3f04be26c7bc07b25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 5db4fe0291701ee39a3f4d7f64d26de6
SHA1 7ff9ad50535e5171d4187cfa561a7421fe7edc5d
SHA256 8c62e0928e005fe0188511dd0ca9f4ef603ffd55b5c6735c146409d026b854a6
SHA512 ca58ba66c98ae44e104464d67f92544103e9fc1d7ae7eb3f23bead6093642b626cdad773750c0bca623b67324a819cf429786e474e021ee478e816389dfb4410

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 a93a72c4fb8fb9a43915f94e05d3ba5c
SHA1 c11a697e44f5cbc68e0970c69be67df4edf8361f
SHA256 3e63e8e90dd0ad2f6e9f1f336b7b8deaf6f8a7e56fe4a920d3d62551f9021731
SHA512 8932ed307ce26d06323268773b81fff71bb90ea5b34aec24f6ef2124ec3234ab48e2d20f60bd54c38c1eeca7944a6f7e6e68c25361e99c9b24fcaf0c429da4a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 f4602057fdf597a937eceea066e076a3
SHA1 06fc6cb99ed183b695139a334818667046d81722
SHA256 387dcd5e4d2ebabd0a7c692f13fb46f481d06d70e7e15e9ce9682696d66c0e4a
SHA512 aa0f85f3feb021a216c7554e555b7a611ba665bf1a3f9d880fb961521183c3acd6210f148823fe47f858e6fb2ea79e7502b30d06b600568920052175d8ce9d73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 65e9210f5547847513dfa7093bbee743
SHA1 387a28462fb10fae62274943f59d3c1727082571
SHA256 51d5255a46d94005104278f3240e8b9a04616865b14047b311d52e8c6c59c925
SHA512 9ca67a2a0de1345faa615c3c1752dbd125e1bd197ca0b0475a7de1874f68114c31a6c39d1821d287943e22f25fb9387efc484857e3f223aca7f2796466891b18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 447e1715fd116d0601f29f8d3cac7310
SHA1 c955171d274fd3bec14462c50903b46f2cc39f47
SHA256 8235edc20d97c957eeb2078d7b046e6f0cebd672e83a94ed27b1194ba3127ae6
SHA512 8e9fde75382ad87102a6ac47ff2efbdb295973221b4f65424f81e1fa8c1a810d3c7ee56bdf9b96253f5075d3bdecda8e711fd3eec640a740e0e3cc4db821112a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 083a2e1fac8d651745616830371c3ef2
SHA1 b3818381cd3a8c7ba1e5ad14712c1c9d931c973a
SHA256 bdd436a7ba7fd01a181d598ff1c31b56e12eaeac1936b39e43828c2dba1dfef6
SHA512 49d6cdef4a2ac7c70207c8012a99d025004cc90921126135160d9f19ebdf55a8c63a3332e12abcd27b6b18084e5344f0cd848286b7f02eca6d92334bd5898c01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 f27c370ee8b608fc851f5d83486e77c8
SHA1 02696ef592e4904f9db2d2df62b4a7adcfc739f0
SHA256 c34f6079e17e57bfcc7faa59464a70af45865a6bf0e0bb446b982051d36b5a93
SHA512 68ad11131fc9b2680556f5791fd657e7d1d91936c7dfa6ac553a0a657d338ccda8e339896ff27803eb62ea2f948e34a400b2b73254bb3e136de0c061df6297c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 e5cf3a9e3c77f49a6fbba9d3e4a87048
SHA1 fb8934586cd456d99c3155ebea3209bd5be83b5f
SHA256 aa1639965fa7c8fecfc416af94ef72e57c3c631262cd8ee2e1616a02ef2bcda4
SHA512 d2320cb61be57b329f7c2f2f479e42570e583cf790fae90a8520f2343075c5bc251cdf7be99c883446b385d0714ef0a855336df7f10b7f3f719ba4adb31919ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5bbaa8711afcffed9fa835b2d9835e70
SHA1 391a676afb97d7ec13bbd07750dcd9c79f1bb057
SHA256 74ea174fb0bd048db3b38227414f077ce9648b93b26ca92d8a1f544e141fee35
SHA512 66d5624a54484236327f13950c8203a6db2e8253cd290851258f9ca0fd1b39468a2113cb1648d895d6c19581f6d866d2825e8546a49ea996098c1e42887bb9a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3bf17f292464c97e7ac49b0f73315edb
SHA1 e68956dcd689ae3d2459ecd39ef14e5701f210e4
SHA256 b5994daccd577b6ac3eb1eba66e1e17d4c7ff571367a1b0d12fea1178e685b16
SHA512 95107f1306d6c0ab4b35eabd704112ab104a60a569c33e4dbc8710a6ffc8308ff1b9f0cdbd984f455849f2923ddcdb0328cd6fb530781af0bd92ca83234d3f98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c08707ad2eed883dc25f7a77dd62a6d0
SHA1 038564ff8dfe3a9f2258c158f9b8b219cbfdef89
SHA256 e668fe309df01716efd98e11bddf442427327b63165106f39b44e7dc72634176
SHA512 e644ccc57100f5f987e6b7b2dc3f4fbb34e4eefaf38d730d37e70f6be3661a8b17058a6fb6c8c5a6836aa73d5420fbf185ae84406929a7151c95022195505ed2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 371756ab3f3994cf8b77bb62aee85838
SHA1 bb48e2097a94d8bfbf6c111562729834773db78c
SHA256 351cd6f86e976f4b751e26c74b276211deae14e2dc0c381cc2802551087f84b1
SHA512 9cc9c74c584dfb343d1e597dc67f74961553344ad308cd218c66b28979a1a0d6874aa771a11ab1945f56a8069049215f2052b6061ea4c2a2edda0c2bf6788ce4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 8aa834a46301e48f6ce9dd2d1bfdfc17
SHA1 857536be2729db340078cec5b83658992ae4808f
SHA256 b9d22ca5aaed53bb90f650565e3cdfb2cf59d9699e667bf5303cd417e27dc389
SHA512 2258c427b8a962b9741505c3a06272864af9afe7bbe8f290d4ee88e3030ad318ed5fb94b1f2936bc8445bd184801da64cddc6c6f93dddb92d24acc089b68648f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 ff402c0e8468d73c4f4a39a659c31d8f
SHA1 c012a3059b3bb9f330b7ef3d68897868c5e1906a
SHA256 2e3e3c55b02d9d19df00a853fc7b8bf99e26c8902977c40498693543875f376b
SHA512 2aaabb87aff2bdf3477cf80d3d43633c5dec6d9b8d3000d41cef2ddf2bdbf68cb0e312aa8ad0753fd274e62aa50c32373a378b33d9725f780a980d499243b0bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e9a3e31f6362c27c7c84eece0998cace
SHA1 a42bceb21dadfe34ea6752eb2eafb34b05b9a87e
SHA256 236c54fac5a5ff8ce6a79fb1310c3e2eaab8b2fb0a11586fd95918c7949fecd3
SHA512 133a9cc3f999301323547e6ca4b29e478cfe807b389df4cd2daf87503b11955641d5153d0b789f60b49ba83e54eb92290f0599bde48ad5f6bb9f2d8b0947d9da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 49b29e7a501f96928d5659ab4438faaf
SHA1 780193feb573b19c45af4666dd59a8cf10161fa0
SHA256 1e4d2737b506f28d69935b3861ebf6f8f73c5df115f76a026feef031b1dd6345
SHA512 c517033bbdd5adec15a6764057c8bc5df4273fc9340cccf1566f5075a20cb330663cb23502f204e57ad6ef89ec5a9e7936d44b8ebe6f7289b328424f28d6c5d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 db5b15ffc47a6c093636fb25b7f98925
SHA1 adc8ad1077814df51f08f17923ad843249b51481
SHA256 fcd5f4ba3b850f8d6a5417c69b705605997151df849226d0fc06e725e5fa7b29
SHA512 6f98f3af0cebb8b2a37580b07942e70518499434cf3aa4830a6d868b21932f9038cc773724e039a4afa24e79bc2f7d9f7b998becef91d87d4d5fbc43846c7cb4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 e13190fd18ecf879436c286dcdd43374
SHA1 1b37d71388311157777a2cdd8f33762335d9848f
SHA256 238929a68af9acc529acb58e8657e96a3fd04228abe1e048591851cf7bf6f4f9
SHA512 5822826f81e30b81ab1e8183e10eb0dd3864aa2421ebbecce22c3cbc0f0455f0286f3bcc3d15555157eb51122d14bd60f76fdf5ce57124e720bdab997b0b8645

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c542083f2848fb09262d5ddf707aa5e6
SHA1 7afd832e8569d77dd45da13b59398a09172786ce
SHA256 e2d085c2c0dcd58882d6bba882abf92ac40745ba20cd53149524e4c584e2ae09
SHA512 41790f5d16b09653b1bd99c8b5bfa0fbcce16784f7d5a017d5b31e7b26fab2c77b40bb66f0635d77fe9c8059d4d23d06f14ea025781a90cdbafbf109fdd28494

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 f1f192871acb1dee9bbf76a39794db01
SHA1 16f3d1e9e2018acabd908c188c8feb91255702cd
SHA256 9bead5c56dd8ad976a6bf1acf34cf6b0e7739b1182d47c10ce30791535202f33
SHA512 76b232582c79d254be396a3938331075842b8a351b8deb9d247968bb31e40df72d9dbc3244721be3888e6d09005bc85938b846b9f3e0380f44e3d2a17e22b047

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f59a4e42c5fcb51976d9b0f2ec8de052
SHA1 a4b139a6c884afcf2f24fe15ed4b5da031ab43fb
SHA256 3c4124cb1f7916b27357482cc835375de42015917a18599976beb7281a469a78
SHA512 eaaedce309705b9d40a036e1fa7df82078ed67a1064d88b086d2cb399b4674ebfc4bc7ae6793c3ce739251228d171baca4056562116c951f429427beab548aaf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c1d1b7918da31cc8c05c708c2c1a544e
SHA1 da346de66c0c1e334b6beedc3cd33c21471dc8fb
SHA256 bfe0e5e15ff741fbdeb512920e082f4b2054d114a0baa0acafa972b70932e6e0
SHA512 a4a1d1e56d008b6f1c158a47f7ec9808380fa2178307d0689147dfd274965d9cfd20e38b8d7f76755e0f98fc8fc5e1acbbb2f0cf8af0ba53780058491584a11e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 34371d8c08a494c3a5bf3522d443a091
SHA1 c72cb4301bb614b8f995127e5b04b869e654dadb
SHA256 9dbc5eaa1fff5dc9031b67f1a61f0ad99ef8cc9a0f78e382e59cc589fa452df9
SHA512 1d29516f171b45801c9dac7339a180f6c37327cc6cfe1cbe022b0937e0f607ba84430ff17191104126639157cb9ece54f7087f21dbac7fce58c3e6acd5711dd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 7e4131064731e112e2900106223d7a8b
SHA1 086b0495ca6e5dd7c66d98c9090fd5546e0c8516
SHA256 cfd8179c26fef01a9ee868fa312f01e2965fadcd62cca3a48977ba9792f57182
SHA512 d97da32370912858ccf90ccf381c55a795ef377dbbd847ff49577b980b02c0f4de9d2c36340672fe4f82889ba3b298fafb6e49a026570c5e77b3386238660fe6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 f7ce86df94f10319d3b39d7638b4ae06
SHA1 c5d155ed29b5283bb2137573f9e3d1a5ba619e9a
SHA256 0a5d88d6c708373f4efdd332f9677abe1f2cc02bf54b81fea244578c159dccff
SHA512 47631bfe8176ccfcfd7de1d6fbb1a27b16994502890a2ec16337f88724b939fefb7ee7eff0c8b52de5c76151a92861286c6f2e027d10102d49fa2ed44bd48d0d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 50c952c0c74bc6e2dbb9b0ad0cf2fba3
SHA1 89a287f32c783d45b5fed3875f5b273a6fcf4305
SHA256 319e05ff360076d47e081c8d23df34609743abfc475432ad73d7570b3a9339b3
SHA512 d7affa75868a6b7cb89d035ad6354e0e26cea25ba01b99cc7d6a34a4ccd69fe736439846d7e6673c298027928f8860d9633913e6d57d76f4f67256db09e6ddc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 6237a0f3c90aaebb63c12b2e6f912ade
SHA1 e9b6baa68d8798625e7fb9526b6f3b727ab07c0e
SHA256 53483e0cabca73f37c4eec28f9a29b81d1a098ffabda909d078bcc9749ebdbfa
SHA512 858c60b25f9ee3ee8d57c75a5f805a1ad548820509e820fa46316bd1fa501dcba878c9761f8e17238ec8ca263d87302665d5e92b64522bcc82c0f0529f4b503d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 fe7bc433f72dccc8da2899b11ff88a91
SHA1 344cd66fed07e1e6da6b03787cbe09958d6fc657
SHA256 9067a63109664574b969a5446d7831ad78c72d605791413a5888c3ee0e6496f4
SHA512 6e6197f74b3c73be12563e98eec27017a893268d705b194aad753528d190cc160a943f79139b9083f21ea3f1181cf750ee2c4353bf632f2d1ae56e9c3f7ddff8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 5a34580ab316a63ea92587ef9bf7ab98
SHA1 6e4b3cd49c31e1893dad0e723515fc634b76eda8
SHA256 929a9ee27c3665100be6557fa6b85574477bcdef49d66ccaa6abb0f3b3f658e4
SHA512 181c7ef525aee923d1da8baafa7033a86b3f083b088e3f6e996398e6a978b38e9f38502fbab1ce6cff9006778dfad785e2d1b79b5f5e1f8d123b315305e50ab0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 76067dfa7576f75e124c52b22e7c26fa
SHA1 1ba164b21f478299bc27fdcbd2cf9267de609ab6
SHA256 ae2c664af3f0af23115b0efba1f2101660306af957456e3bd99cd20b51c15d4c
SHA512 3d00fa296a433016b62dc5bd5f6f010afe7a1847da2c9f8467211e797bab31a5c926776f3154d3daecc7f8eb50cba28c4f286e9bc632c1f9a5974e031dd294ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 f339a6e54030d966f76b0c078b003cf3
SHA1 856126839c7748a96102ad6f34c2e5befaee1d7a
SHA256 67b763e6ea3e61ed5a49d8351a5b2b54fa45729b0e527ea6293ad1ba50ee5f3f
SHA512 5cfae09af8dec0811704736a0575ca0deec4de51aa1c3e3f3a10ecf2e7495c3b63e445e3cccbe327d92319ae37ff8493e70ddf7153642f8e3fe6eee7331c1b72

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 217ad183503533f36f79759a3348da4c
SHA1 a352f4fb23915e9a926d32a9e0adcec66e2c8759
SHA256 d873afe5adbc45788a5fddd1e87d94368d9590a510af328b951ffa18bf60f943
SHA512 ae029937b5280fdbd89d1230e0ab38a591b78f104cc2333ce12d79a4835c68bb6d8e6f592d001d917d935f53cc216a47ca3e4f34761966a792ac7e92c727e7de

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 75c73076eff1247ecd93f2a2b751efb3
SHA1 76214dff3aff221e1bcf506d6e39ccad70e97cad
SHA256 d2b0aa98e6e44f913e1d257865f8821a5e4f172c38c6c9d4b19d48a02fd6bc4f
SHA512 81ef6555e7c84350d2ae3bfd3aeb2f4cc743efe4654ded0a29da714b03c4d39449014a4eacc4617a146e0ae023fad3314ab57f8937bfab3e7114116cfac504db

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 3c01d74f704b39f8adbbcdaf270fe80a
SHA1 8634acae909e935d1ba649289037e664a4903dac
SHA256 831185c02ddc696c82a7762cad99d746add5d91c25f89c74955672773ce5a72c
SHA512 dc8afb48127f90a0adaca343536dd318c4a0d60ab02af2fd9fbb52bb7ea436b1b433a6f63ec0afd62e7332f7a66c7b80e1fe8b32cbcb7ae65bf1f6787601ddec

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 bba22be23d35af87d40d9d7a9594bb26
SHA1 6829177041d05ed4aaf64f368dcd5321acf6fd14
SHA256 5608b4843e42f1f10dc8bc8243bb27243999c4507bca2be0f7e1888ab0149473
SHA512 77db1cb3d8a6cf8bcc5012e63f2b25dcc6bab916acab8fbfc6f9ddfcfda36a89e5cea52fc5869f7f4a0d6abe7ed33ffb4d86ec17a5cd2ce52755c23d2707f0a2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 ffe90f683687506770fd82369e438e6d
SHA1 4c6702bfa1b97072b4bc1b73803c0e457009ecd6
SHA256 5ffb9b09e6cfa6745ebfad54c1d022a4c3243fd996faf763a6a1085c5c154d9c
SHA512 b120e4d1b907a17c7a76464d5d01af8e530652f0e595dc891f8ebaf657cf39b271682c6d4ac2dc110ec7fb29b508a0e132422d529362526ac421ff014cfd36c9

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 298f45046e4abdc650952039ef3e35d1
SHA1 4ba0ba3708d3e8397a0dbd745e908eaa5f679b2c
SHA256 c0dc33ec01aa6eca8e72e359d85a60babd45f71376bd7dbd0ae4e412e179e599
SHA512 fc7854f5aa598a867024cad621e0d6eff39ee7d7ae82a20766e56586e45c461a4c899e8d8b7214f4b54ebaa6a2047d4e45688a48317f603e9199322a767c177b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4e210e77165cff0d657d97106d39d176
SHA1 82eaa0d7bd47ebfde1e491f144f5ced3870cd807
SHA256 b411b056c3fd7681e1bf5889bb7312b50078016156caf85e61e87cdd18b63576
SHA512 c98f8ff153ce68a36cca20576375787dbc9a45fcdbf7fc89bf61ffc6a026f7286b50267db8eea9bb2e0974031fbbcb0d7e9d08e32112694d77a5b459158b5248

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e43b3bdd228fbb62003002b421273a76
SHA1 e6553c45f804714b35a0c51edecd81b33441c4e3
SHA256 500c6e62793dbb2d33fcdf2476a081b0069225b08975263bfcdb28862a8a9282
SHA512 ddb9736ae7ba2e1a8923703289f1fb69990857593b140957ec7d0d289d62dcaf4c708675e6428e4061ec1b3f18b95870d82e985ad39d3f99020b2956129072a5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 29613b0a4a221440c8d314c4bb5a3a5d
SHA1 48889f06ed6d6b9f18cdf92384a9e50b5caa6dd3
SHA256 fcaa8974ddb5ef419bd6c8dbafafde74dc9e81d79110813f9a735b8473db3350
SHA512 217430fb51f2536e432192ed28cc7772a0e7bb9ab1d8acbed59983739cf86b02e9cf9f76d5d0bccbc47ecedc812591f599df5cb09cf9881b17e6b3117b62a68c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7b81dd0ae180dab5d2b4b58cda07eb10
SHA1 9170bc75219f5b02d83fcf9975a499b4d5b46369
SHA256 9045af7f6ccadf7ec51c55cce778fe021cda8ef9212f4e4f74eb258394562721
SHA512 394bc468efef721d791a15df5c13be11c0631455865b9590ce5acac445b3bb2320d8f81050f382e2a27ac6515536edeceae6088cbf79fec9bd49875f978191f5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a310e80d3d91cc5a5f21eb385f531dc5
SHA1 8ff8d9c3ccdaf604b9917dde9ff6f774168d0c62
SHA256 0a9e0bf4f25141637215c00ca62986cda34e38c5cf234fe944c8dfe4c9b95b3d
SHA512 f5f4286ae14c911c086478b0092a63710118782d5be7c9645b2eb1ac2eac7ba41075c55b11782e3faa4daf6d1199867dbbb8b38b1272c0f1587b71e388c63a01

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ee86ce6f5f520e6e986e2e0e705c9f8c
SHA1 4511a5d08ce55cfcca3f1255d45ac4a193900694
SHA256 9785659155358d5dccc3841835322418dfc8380a0230984f6701f92849bfa0db
SHA512 9079ab622962a145c60e33ccffd2d12a62c4d048820a9cecfb19c75f0150bd164a8b6606eb884770d80859d30da638fb2862210653b37e5ad446f052d69fe135

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8d22209fea2e1e61912bfe9a76fe299b
SHA1 1fd26ed72db8fb7ab17f4e4fe122ea5408033302
SHA256 15b360c12f48c9a9dcb81c7960d8eb13d7081c737804cb7cb50f8f6367a05f67
SHA512 82ca1474631715c40f625624addf1dad8c319532b4d9f8c79a964cf3ba89acfa42ed40996071d6dab4c4d9f0e2a8c9e57f88937ee3048662f296ccb0a42115a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f96e78ca550f3aff07b909d4191889c7
SHA1 7e526ea91d8be7829353a16eac9b895dcf8a681d
SHA256 6dc6fa3917e9f35bebbc804526f9a801f4575697f6952ccdb02d32313b46e1ee
SHA512 f6cc9cb3e5b26ab925be63b1b56f424fe133a1d05943545c8db62e5a95c4403374dfc652477c2e693cabd44b80123ba60d777f2aa26391e23a74ee84a909d9ab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ba826622aab68b6885fd8d9a734069c2
SHA1 21716b5f39c35d2c5c720a278bdeca1991425ce8
SHA256 0cdf4395658c424ec20d7026c52a4e2412590b894e890d94b4a06619f77d1bc2
SHA512 8e87acb0892555796fa68b09bf6876702c777c6c55eb084af2da0ef64c2f2289467a7228300117bf9e478ff5caa78cf6ec43cbad7cc102dda4f0ee18b239dc40

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 8a1839024d8d2c576c0c99ec568cb842
SHA1 4dc527740f42d64829bb96b4f91be336d578865c
SHA256 ca0559126bccf501240f2aa36944c21cf3f23820b7610e1606fead901978e32f
SHA512 a5425b8745948df9dd27c09fb66b56535e7df50ad2c4a74fa83ed089da9df09f3b4d1a9e4f89f4682b713a7d553906e0df74efa551285213ef49148482c3ab66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ea1be1362f7dca878e1120f6e661f9fd
SHA1 7ef0567f2c96bf15ac3b8b0cab35e5baa5305a18
SHA256 17851ac7e35e204b366f987d787596c8645ed81932b33ab2221876500ceaa675
SHA512 a529f7e1c0c56a77113256c288f0b31190c90808a3baf2847340e5fd6eb0d380f9d2f8ed6e07a0d494a5e34881c46804bf7cc213f35a7dd9f6cd4024c00e4838

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 7b2bacf9e2a9cb324f60c3bb796b80ce
SHA1 011903b08060a4685370b5e8c125d456e5e5a7aa
SHA256 5b95026d577b84c32828b57bb93723edb884969740e04ee6e19984c987371a9c
SHA512 7d8b30dbbf64404f5aa960478481199211f6079bf4538d1ef3533b5befd5471061941d583631b2f5e2b62f79efd514b8a003d8640fd4965366506ab0d7c99526

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7aac66b87e52ef41c62a144a61511e6c
SHA1 ccd8055d082a636e91facd708556a41c1da4eb6a
SHA256 47a65a7a61c0895acd801ba4c1d0a74649f18d276fe363effc944c61f0d02e60
SHA512 d97e1f4fefab0211797dcfed286432f65c39c15a88bd22d810de3cd4119c35486bfcd1bad34d140609ba8c993b6b7b5881ee029419dee7e0b4469c4f158cf78e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 7a0ea07d58a4d11cba27b81673b04bcb
SHA1 2c4802a122b03168a52e21157bc2b478accb0ede
SHA256 718d0e56470642e50a37aec8ade73dd9853dcbd9fd57617429d8f5727dd33fa0
SHA512 96a08350b1aa5ec2c0d69d06631753c4f960b7a6533560dc89e35ef4adf9b0819c52912b3007b0f10dd1040134907fc498de452b364a52c0e9d78e5540c7ee75

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 1efda10189025d19dadde5df962a7afb
SHA1 59026c5b0e4fe67afad79611b1f7a13912a8af49
SHA256 aaeb994c46166e9347703e5d5eb2ba7c491a54c4caf65acba624397ab3ba7a11
SHA512 9a666f0b1e71fbf464070732db542ec3ee136e3ab6e9b20d0abf5032d062f590ff197a22260215c94a6f6ba55f4d9b56a4ff85f90e3e33ac30c9a7dd376fb198

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 71065b3335b9ec3d973990fbe141e8c2
SHA1 8d1150c9d09c5240c253ebdcd59628c6386e3871
SHA256 64e925db2cea5a229749a0f7d3e3f0034c9d65cef0e410dff2ec2b36c60a34eb
SHA512 ad98334debf5a4f7dc0eb93ab41402f270c8eea07c246f8feb9829377e7f8d5c451a2c98ed48b0e433df8c2c934d78861d6a22ad444013dc543489e54aa3c285

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 00da69d3d1405ce7ae13ff9469e674c8
SHA1 78d84b89b749bc83640e6ee28f612af8887aa171
SHA256 577b1e02d99f6246da8a37a40d7050d3a3e1d84ffa0385e6c891dfa9ab53cd7f
SHA512 e1b16f616a689eabdf6c01c04650cc20dc1608e67b8c14be5f49565f49d51ea086398e360d845a9dcfc18e1b509b153c8302154cb42583e42065c9f636407fa2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 21ea1fb9004a8eb7932904cb5f931558
SHA1 594139ef756bb18e89ed3900fc18d80385bddec1
SHA256 1bdadde64e8684075e6c4ccb980405c9781ee75d7caa3d97e9100c09f0c1c97a
SHA512 376e11b34d0f9d568b0695e0063e3048ed11bf09a13b86f75862964efde1cd36d6f11f8efa815d1b697206d23c4aa6c7fabebf03a5c014a544da615a06a41f34

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1d1fb97a3e27c0aeb4abf807691c447f
SHA1 aa2da07184acda0e93416d27ae6dd9e665f63c34
SHA256 f78b8e7841231ef75fab47bea37929328e656e1fb0920a7feecd074e338d3a91
SHA512 1b70616378f6abc3097e79686f0096e541dac4a2b12d354ea24f6cffb5bc1fcbbe86ad7cc766b60f2ab2bf087d15d3fb5c6e340438d8c2fca3fb99868a9dd8d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 d337c6cf00e2e13c43e198a03eb61e88
SHA1 512ffd9148fa450233342e71a36722e856470f9d
SHA256 5d2cef2d918efd73c41994692f4c4a9cc1139aa57ca14b21b3ca516a57a96b97
SHA512 8c1d68bd1875b71503e2c7f59d6cd2c851769cbe70df12e8123aabe672cf594db8b6e19ffef9a01223c705af1fa718a84f7b68def8b8f12f2a7e50877be141c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 74a7901cc68e6c51d698c3f07544c26c
SHA1 322a439bbcac09275590399418e556be2c1ea4c3
SHA256 35164b3b9ddc23fbe11fed2d31d157e3033ea3a5dd43fb499203b9daced219c0
SHA512 34ed1c6556beac1ef9da4a248c3577058a406adaf79ba0429c586f942d7af3db043f958a8214b18f35950c6efdbdaa9f0295ce60d36818bdec2291dea5d3253f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 ee7dd5cf993ea28cb41c217cd0858afc
SHA1 be3565befdb2d123dfab223feaa828fac767cc3e
SHA256 3fb30581574d55914c3a5ad926755ab5005088083871ff1900b5207e39a3704f
SHA512 255de402ca5f16846062132689abccc123eb387025a9bb986cae3fb31ed97a1ba220bbda362076ed2dcbe0f637b0f3b693d4bd566fbe9dcc40b71394428dca70

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 5fdd69621eb8b286bd203117e790b707
SHA1 eae8feae5a36e9f8616ecf1c62cac95344c2eedb
SHA256 3d6b46484f5ebb9c1b5adc6ce5172f68e43067c01baa10e98a1e11a38c091109
SHA512 c0b2d583652f5a8747e07d347e0d3d690dc1ea0f89b8a59a8d21de67e1498fa91b89915cbe30286445f9e210ff5b536306bfb4d1d19f91521e645e95d9fcbf13

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 1978dcd167f2a834f6379b70c6e31bfd
SHA1 d36acbe4bbc8cff5bd55ba6486926df3594ea640
SHA256 b18c69010d8ea8b4561d548088eaae75c2bbc7213e1921f1579db3ac71dbee5c
SHA512 b0f85c5ec7680d0768890d338f6a345b06c7c7af1f4901dee9649445cfbcf24dc5dccfa24c1c94676a1d6bf58508656d256cbe316f4cd7e98c0ebfdd16cfcefa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 305b1f1ffd5a3cc84d0c49307242afa4
SHA1 4d9997c0a423fb9f059dc6f6323b8bfb12a6c3fb
SHA256 0b6d966a39a896fde2f8f2354cfd1a682fe4cb431b0905985c002987525557b7
SHA512 86e851be897085afbb114af818aeb6d42f5a82751841cf72a4627b7b7ca644879bc1c9b0ea1f476398672ff874038b3d96d62fd0a543650f39318ad323aeb7d4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 dbf83f4994c27737e316f5feaf3f0c9b
SHA1 66cbe06f3caef7b483146a1c9b7d234c08055f6b
SHA256 2c66600cdce9a2389ce65a6d4f3222d219691b77178e9f516fa256a1036f675a
SHA512 1db97a810873626a67a6b5d1d66cceca54fdc10994d48d15e01f24f05a8d1338f1fd9538631a24e02aed605378da958be86cca4c42b772e546b067287b612a6c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 ecc8ea92941aa63ec8a55113f267a990
SHA1 51787e51de2ece2df72ec5e33ffc9e49f5585a0b
SHA256 adcab5904972c442f84728478d512437a5983ddb45104972c42b8e4baa5c4ee6
SHA512 f19b541b2f3d7a12f9d850a81347ec939d880945e04e2da4687adf9cb79b81c767456f5e44712c03f1443d56abe0a179c673b5d3c9df665a099dc5e273db2e44

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 552107444a964912e71b7974b8d968c0
SHA1 42ed44f5731a00d494ede1d3b0d17144eb81421e
SHA256 6c49f2b1da32eb8e538b11fac4e641e61b657e4c0cacb6b86dece63fc5279523
SHA512 49b039f188c58c5f5646d3babd1fd81ebeb00f0ddc541ecf49663dad51e37c84d9e9a020a95b4d092966b9e1002c6501d1eb73a8e769f25da6cd3f10212eff14

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 ebb28524a129c253f7b4f36db4956121
SHA1 421ada75bc91300fb900fe6aafc3d201addc5eaf
SHA256 12bd96ddbab30e7a0ae9066069bda9a22008e2e7af3f3e4f63634dd2c0b964f1
SHA512 cb7cef449119c6ff8e4a0ee2f9f3dc234906b88ca576c9251a25ca47415f605667137e116ae92bd729e5975abcf60b598dad3ffd1795a3499733a4ea4f773e13

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 2a0098d2fcc8f52e06c865118e910344
SHA1 bc98b9a08e34820bfcd3b6ebb54cc7419c48b532
SHA256 7ebbefcaf64108614a67ac0ac8b9a0d8eb657f47fda93b48c7e919b806596133
SHA512 9ad61093c549e6b5be54292928daf4541881f402f56887ec7c07d661dc3694d851ba9d202e6627dd994f2b1a59de839cfe9ed5bd3950fb20f885acd2eb003047

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 cf652fe9c11caee09d8de740a775a781
SHA1 99d2b523d8c2f54cee23b7d2e0489291dca3019d
SHA256 87927ab6700822e6b5d6829de83f1f5b427ce4bfae50aa2d862da2bb65925d1e
SHA512 a9450d627b514ce40f890b6d0bd198a17878ec82e1f14bbedd5f5ebc92ac81caba30494d59a1f2d4dc4c65654042f6a216f282769c2bae32e0c7aecf79dc28f1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 93a7e4a509f3208a264ff674bd0e54c4
SHA1 7bb7aedf2a13e991e1af653343c1fbca1c21e672
SHA256 3e3b3fdc7694013a8f4a69d388c557ef1be3475912f337176b47e526ddb476b9
SHA512 6f85d2e54a635835dc751b4a9cd7cb10511f608128d1914ccb658e37a74c303b77aacd172c96fccdb212f23bb3142b33efd66d276f230df366a757ad7f0ec825

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 e26422ef58b40aafd9fd639957bda8a9
SHA1 e1091d0a0b39d50d925b84ccbbabe8e05eb2d540
SHA256 12514c813273724474a1f80adadeb40e09195ad31d69350975aab4ec2c872639
SHA512 4a715d76f53e423f18d96d496c12c88706cb128109c1eff5ab80bdc7a91a9a8f943cbd777de325ada5a3821ef78dc9cedc21e7e868cec0605d4769a1d5a0b8f2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 0b7208ead1591fb6ccde133b034f9c7d
SHA1 a65c248f01ceb8b8d5c1e21109e2979d401affef
SHA256 2611826edb02f17957d2b14678298dadef918f35d70d215099c7807ef06314db
SHA512 1ae9029676941891ce875b520224b10abd3b2852378220982cfdebdc7950f86cc7eff7a54329eceb04cb0a873383ca36b00a3dbef80c63b1dc16d4276b9fd93f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4d7ef2b886c96c0b34a921c24591337a
SHA1 726f8c24e13c9c0a01c4cef2e93d3fd13824fe5a
SHA256 f69616bca2821aa1bd23dc9e5d3b549fe1990215af5f6c7fa50ea69519d69f65
SHA512 e5961ca1046740c57dd64137411ec9c1a13fa0ee13525255e3c149067e0577d676797a2e89e840b82baa8896edc2ae963ca4496b6f33ddea120189f973a7d139

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b74a352b03676f5896f97b27fa96667f
SHA1 201fcc38dfe636995db73e270845732218b4fa72
SHA256 53d12ad275161a7b698ff7d57aeea5c36ce2af4c97525fa435be890cddab05ac
SHA512 b6f83899f0bb1864b1e74afc552a2301601b324ccfbe6fb690b36778d9540404aa67017aa3bc9d35b2d17416c32db392bd1ce4960acb87108193adab8abad94f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 b322793b60a81da477a3752f1eff745f
SHA1 16d25423ce3c20455cc3952719ca4175df1c5760
SHA256 cd607284addbf3a472f26938ac3272e61c9733d8f68f940a3281c52e153b748d
SHA512 d210a4fc3b3d95ff81d34daba133c39b3d0a72c06ea7319a39c272339ad768543341ff0e25b6ed823dd50be17b30d5cf77656081b46d25a44a421f3469931c2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 4485ced94602924a1b2506a11ed1884a
SHA1 7f61081f93885493e7aa91e9641b0f22cd5c9ec0
SHA256 903caafeb1aa471482e6b28545fad73a7ec33d6b1c64a7642f23f551cb6ee7f7
SHA512 77228dd3c8981ab498fbd8cb7f70a6a4e2ec4f1be193dd0aa8cd898bd9526cd0cf9cd742c9ba830265d06639534752432a606724916d10316ae2b2c905f4c650

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 bb0b1dac9776d865c5cd51753b7c1cfb
SHA1 856551284f25a5c47e21aa8e6f25bccdca4f25d4
SHA256 4a835312464688f4f765999523f395d8632cc7cd959d240e9c5862629c132b02
SHA512 be5c9b0f4cb5e1d525dd318f4ed277bce96d32f80b0cbce95911a84eebe6f39afb99b88629e5998fb034d62989d59de0c07206906de823940c666ebc1109fb99

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 ee26a386ffb7447e4de4f2ecd2d3432e
SHA1 87d94412a996526b3ecb729539c049182af9c0c7
SHA256 43acb7d09534d336713827007bde3cc19c725dfa906ee4bcef172664b13dc3b9
SHA512 6381547b7618092669f80875842142853eb4a5054f1213232c3b422b473519779d96b253fc70cfe45e48c8d01a1aae613df5d6cd4c0d62a689b9763709a9f97d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 2c62907e206664d2eaae785b8e65d417
SHA1 325fcc4c8b3cc956d410109bf5e043730feb34ef
SHA256 22aa6a48d6cde5b4f6d1bde9e3497a91038a0f267e495370557836b55d44ae02
SHA512 b6bf0dff364326841941535d9311f2bbde1761745d3900d42b4be23191ff008058218491b40a55e2c70b540e80866e8ec931ea3bda96f73b10da89484f89b344

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 e467ac0b0b4f100f57e91599206586ef
SHA1 ee9a4351eb2dc4f8f09d59ebfeec28f96350383a
SHA256 d4e0577f901788b9dc22f23d487e6c50426512d257c0ebc64fac44de103a399a
SHA512 ff5151cfaccf3c1b79cfa3d3ee3ddc3a93c176e576efba25106a4004f001b5b1d50f5211e17402fde45c8ff148d3e5315f768dce45b11f16c108d1322f879427

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 8fd820ce7e74b6b521c952eab6a4c5e3
SHA1 aed039b6b880f91f37e3b25f9e499819061711e9
SHA256 187cf18e81275e90c2f2d01834f30681e19c4da30e704e1051e66307df76f86a
SHA512 bf2961281bac635161dff8069742406283d01f005ec775b81150f7a5c1387880dffd5bbd6e2a13ebde4a365ddf104588c2e3fb486e94c20e8d643b06a0ef6b1e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 24e8451e6947b9d27e087c96f1a668c8
SHA1 3a3d96187f0f5bcd2f5ca1f1ea8eac0f3597e457
SHA256 1225df4375f2a9cd4186e7f8463f3e35c3bacb7d04d659502ec73f453322ac11
SHA512 9ff50b153fbe9f957a4adee1581c50b5aeb2560a24942e335f35cccab72b5373d8438dc14d6bf92b07b7efd96f3951db518c78017f1dd14828bf5436d90aad8c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 c0b25d9a5746290d3bd002babc05cc53
SHA1 8fed2ef2065d4759f5c0fcc9d9a38622b15ea447
SHA256 08192f89b34eaebab55f7a78a42eab3605fa4e3bbc1d63e29558ad387f476845
SHA512 b4e8cf4414ef9e1d4bf87be2cd48e27191fb5a3c02db1f77d444825a8b9448a9b202f7833802c5a327bc696031a053c9760878665a27de2297db5ff8d86ae42d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 dd7f1a3cb20d29c8ec517b0f31642d2b
SHA1 a90e93b7326b875998820a661e8fbb0cc91a9672
SHA256 9ce46ef25b1a99baf53c916db51de6d543e300878853305686f10a0f3952b963
SHA512 bf480bba21be527c8a3a89b95d2aee96d47f0af0d0ebb2987a9e57e82babc708c5863604a2bc8cd4ff24a5250df8c931a4b60e925333a686241fad45acbad936

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 b9d3a5a3328a943a62a9357c16514a7a
SHA1 ad0765967157f21b763744262473a79790a9a454
SHA256 30f6b3fe56dc7abc13618a99b691090e859523f023080b6164c392c07adf7085
SHA512 51cbb5b8bb1c1f094338c785b5802c565f5ccaf4760e8f66977eb8d2dfcd8538ded35f44d57a4a53e7203b72cef7bb731f5977c8a9c9de06f5e0380fc9b52665

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 844285cd459e57d1921b6ba690459cea
SHA1 60185f6474d2b1949d04830a66122afd8d0b884a
SHA256 afc45d325b282f3d8165e346673690491936213a8a6cc51edba7bd4ec376fade
SHA512 390e1260b3bf92e67dd3dc054cc942298483a8f2bee56cb4c7da9c565669b4c04be6bbbad52e4870dc11a24b42c597d209690f74f90c20d3f600e8775a6b64b8

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 716c29c48fba201b1b0655d478dd0d23
SHA1 75bff6ec2edbd84de1225c4fab11d18ee4566aca
SHA256 575c30d7fe0acfc8360b730ec89c6eb36b2fb2d7ea43b241577eac75d10427dc
SHA512 9858e449e1b12b225ab54728024c3530c39d46cc54031c4149d3642422adc34e07beec2677e09095760299331dc6bcad4edf08b5dab0066c6de9426a54473e4f