Malware Analysis Report

2025-01-18 20:41

Sample ID 241124-21f93avkbw
Target 97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118
SHA256 bef0e71324a5d67d2273244267041314001b8fb95ba1c8639d6a5a709e8eb080
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bef0e71324a5d67d2273244267041314001b8fb95ba1c8639d6a5a709e8eb080

Threat Level: Known bad

The file 97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2180) files with added filename extension

Renames multiple (2203) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 23:02

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 23:02

Reported

2024-11-24 23:05

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe"

Signatures

Renames multiple (2203) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR25F.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_underline.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34B.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CLICK.WAV C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0fc41cf559e856fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..gtool-app.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0566f33b9a0e2e43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6d927a40e99df675\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-blutooth.resources_31bf3856ad364e35_6.1.7600.16385_de-de_449a2f63316790fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll0816_31bf3856ad364e35_6.1.7600.16385_none_4a68944cc9c395a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..ional-codepage-1147_31bf3856ad364e35_6.1.7600.16385_none_2428df7f6a337c42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a35fe9ba1e509146\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1bbc7ecee8b28abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6da04d1433a074b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\IME\IMETC10\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_agp.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c19e001b30d1484b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..atement_r.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_57dbb3219e6eb232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_07eda8d60b85ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-xwizards_31bf3856ad364e35_6.1.7600.16385_none_77fe6053a02b5dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4b172d211a73fe53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_eaphost.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ed3475be2347f0ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dd4b199f43ba5322\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d72a84d3502b0701\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Pipes\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d338fff708cfb6b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_52b78fd63cdcb831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-usercpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dc009915874b8e09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8864ce2c1a92fc64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1dcd5ba0c8578f61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bf2b560981ea8dcc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_327cf691600cf7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84deb0912a3c12b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_63b6217afda37853\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\Aero\Shell\NormalColor\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_75b374c7d7040099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.de-de.ale_31bf3856ad364e35_6.1.7600.16385_de-de_6a9bbc2986d5f811\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_8c9313d3f0035f71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cabinet_31bf3856ad364e35_6.1.7601.17514_none_9565568bf88b3e87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.windows.presentation.resources_b77a5c561934e089_6.1.7600.16385_de-de_21a83904f5cfc3a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_it-it_78673d04435c1b7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_it-it_4b3b1f70e4041508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_30f3cc6e9c8e8510\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_6.1.7600.16385_none_edfa3292d2258f2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_081caacce2fe65aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2dbdabf3efb1e66a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_87a3257675275e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_6.1.7600.16385_none_f2700a3da3b6cb22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6ae923924eeb8568\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca7476b12667c868\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_e5fe5bc35acdc438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_0e7587ee1257118b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f6b71d0cdbdd8f45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5e1a6b84df8c850\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ionplugin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ed98e79b4df66b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..itycenter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fe72a73ade7cf590\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad0136fb153d4e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7601.17514_es-es_32b8f08dde6f3b12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msmq.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd8ce9d791941641\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-3.htm C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj\ = "TIAHKFPZBUJKCYW" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe,0" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b1835fda4764642da3b866b64b0c4901
SHA1 2204597ebc09f22ddac48e331a430424403f59e5
SHA256 0d4e1db72fb008b9390e5874f42ce8fb4686c507f8c34d1e3c95ecfaaa0a9370
SHA512 d326756a27fbdf20d4f60a8c179b20af73172dddb960c8dd359a4dccfe7da93d43c58629ecdb5dca7fff46b14bcfc4df82c90cd384bb5b2eb90bf608353fd04d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 81dddb6cfd42bf3213ff863257a75712
SHA1 65dbf2586a682ea7ccfd77ff836744d52b16992e
SHA256 ac7d4debc95147bcaa434d7e2914f5cb857090f5a012819e11d5efce5960a6e0
SHA512 2d8bb2f623c8085fb1e46c80b98b95f37a44fa07d716f716c14c81d92f223a03a6e6ba793c09249dd6b4d3e8c07e3a058f043448289882b659ceb2ea56725a9b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 2c2da7ed8a1692b3a666fc2979ad2072
SHA1 cbd39a5a766ab6e9819ba957f78a3515457c074d
SHA256 2d153c8ce4784c971a5e5505b3380cf278cf49fd6ac0d13a769704a5b0f53522
SHA512 d544e2f97938c0d1abe0f5fd022456e53a6c3f82b741ae5a7c2d4b355d023ffcd11b328697b021c452bef097966b0766cc81b0cec3cd4b48fd30bfd2864e01bf

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 33f3ceec666ac7d88966bf7b363b52c1
SHA1 41399b8591621ba528f7b7788c4cd6958ead10da
SHA256 1d088ccd97375e069b471eba5238b2d9b205cfdfabff82b3b413711707f955cc
SHA512 13ac7716a74ad684acb7476f77ba81cbe21d1ed1a54f065f6be0734a3cf944fa719cce1ac2efd35d6863516a1d270d16cf41d8ea437a33349b5e0ec7f88d29e7

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ba55037ade4299ade921d01882bff5a3
SHA1 f85a8e7e22ce83fe5442a9117e0510010d79db1d
SHA256 bd6a352ade9323caf355f915594602b54eb69f53580f5febe5898e71d91b19df
SHA512 6cf0952b3508d3fa0c1e0e033f688cde5c1ac6e268763162d279f613f03934326b56311ab5682bf9c5ecd708337e115e43445597decd2808943bd985f6584756

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 12883a6241a55cfd544792b944388f2f
SHA1 7c15abf0c0bbbafcf47ade08aa6615aabff5448e
SHA256 f016f42189c2c5c76b1a09d210f60e1e48b5541433411d4df5af500067fe056c
SHA512 3d9861b05c41cfbb5398939cfb0f38fb89bbab64bf73386fc2e2dfd7ab87123c8ef60862268f897404210a760dd0a344c9cbdeff4478ade49dbc33b178457c58

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f96450e6f5e7b06e177e56ef508e9b17
SHA1 67c438f0940f26d1940e8850209a23508050a2a2
SHA256 894b7b9a5369d8f32a75c7e643da0f7d1fd6b79f13daf74986f14aa6414f73df
SHA512 367cb5603740e38e75597196b6d05fd25325d520252c618076ce1de92e77d0854e206148e1f9dba8cf71ef74ecc05c91734946d4b9075d6e11f872f369dfdb75

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 5b5828fe8e041ba8b2365feda7f5df48
SHA1 0da4ca06ef76c250d296c4fa9ac315f96912d6bc
SHA256 2f845196c3ac28b0d0cc3adc289d25ce8000dfda27f19677863122e0332ef8e8
SHA512 084725608c77180008ed60b78fe33394fab220c8a046741f2d9880d3a35396a0980f106f3acecad03aab538e9ec8aa97f8f6bab944a82bd12a5134a2130e358a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 e9e190b4ab3a7f91aff6077f09b78f16
SHA1 8aa2e195f2ff870533da542bc07a496e72f8b644
SHA256 df7a1f70f42152a62739b298c58fffd14ef3a03e98689386a9f6c75a57c562d5
SHA512 6cce49d4794e99fd016c31dcdbca4fbd6610f9906c0874bbae8c894e917a09351d01d27c04936f9be6c1e392ebb1b7a1304ffb3c014e63ca75fa224f9c16a252

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 675bcfa6940587f5d47252dcce2c2cde
SHA1 6f6a90e7a3415c8de6e002a2bc71719190f08630
SHA256 4e55d421c9737dddee1d7b4abb2de6f7cfb6fc7b0c87abe3fefdad6f722cd60c
SHA512 37b8c6002b68b6812d77abe068aee636f48e10b668b374966475546617eb30f88e3f21ae4c9c6d7840b5588b1b8cb621afc90037cc55dfb1347fe009fcaec876

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 adcafac7fcc6efec762aa7f13f902675
SHA1 6af7f33400c0652c0330d1bbbd753573af1ceae9
SHA256 0574c648fca205303ef4218eee804dfcfc9300407b83fc3de44c04752cdfb964
SHA512 ffda6b5a01c003d29b273460f6b1b128f535b5acc12b84f426c107906735145b00b8b5b18652af2f1ae483c7cd2aacd465f1ab81730c10f2ee5afc8f6cb592a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 53eb5028799c43d2682ad630e10fba61
SHA1 f544471ec0d7942de99c5388bc29f9bee51aac67
SHA256 1b7a816d198c9f55dfe93780647f6088a6a61f6d4e2c39a89cf089aa530cc24e
SHA512 e18f2253a8ab13b5ca9c2720ce8a2d80dfc120f90f431a69bc61f8b7ff0fe4b4cd4097fed9b99136a841d353b4b8e08ebb975f0eaa9a5657c9f002863cb630cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 90f906d2ad2af59a5e2cbd23c75f1f8e
SHA1 4ac3b85e4dfda35f7b82c6176c220724c7e5f0b0
SHA256 bb3e382b8ae0b1dd31766cb544413f0c6b8c6e5ceeb59d9b342bbe96248acdce
SHA512 cf97e44922a1248e12722613725e310dd975274e15b5fd5874e6bf1f8ad9608a6308e883c32feb174eb7a7cc2f6512e2bdf820cd47be56e127a649f5bf00f0a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 76a46681f9a2bbf64e2201b4dbe4b0ba
SHA1 2d7ca59edf0eb601266bfee0f3a32e9fa14aa19b
SHA256 378d9e80f1fba840b41b9982f5acbf4264e04f9b233eda50f533136d1c6c8a0f
SHA512 6b8bc8dae26d83a860122e9ce9721a8c00ba3cc499de6df1bd171fa1fb4f2d2075f6d93cc7d42de507c6a569df97a25fc866bd0aa43218f89de54ab134ea97b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 a9b22f8c6a8593d22c94bbc0f88d4463
SHA1 5ad57eb245c40285be2996ee7e94fbee5eeecc4a
SHA256 ad72d96e6fef78c589f7d5903b717c4190278447c68c8d61f2d1dd293acb6f7b
SHA512 05f782bc81cd15aa8bfd6d300b573da17604f1e4dc1a70c5e1c1d8e2f4cff0212b4d949c3d7f0e94b5bab1114e409760eceaf6c1198543a2c545d57e76cd3458

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 4e48d3d76ce80bc53e2326b11e210621
SHA1 ab09fd83e3eef824557c82d5fc5c4f503d750021
SHA256 19445cc1a3071aa88c1f7862105631df90aedb101029d77d6ce1e540d9e40d95
SHA512 54ca60d73f2348feabd9ab8c48e9ce6c45318dfa2e5bd7a2a6b5a656ca28bad2718776883f8689e8b1514f703c2be714742eda1ea3c4edbdec5572ff1b703304

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 40a98a294eef7bf68250a87ba5bedb13
SHA1 f9fdcf65852e1f1efde3808769186cf347e67907
SHA256 c1b9e59869a1f1d8ef7fdc176ddb7d7f660a1fca540db87372fd9c45db193857
SHA512 9b1a8337053847f9eeba78cf4fe288fd91c5aeb3db3b832aa7baf933f914705c79a126b686d449aeeb0a6daebfaa84e4c15aaf5b159e9d35f61291c87660ff45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 df5d1ec23105c5c7c04d89fde4b474c4
SHA1 b1637dae7b024c02aba481ca821f518e97dfc9fa
SHA256 853f45eca5abea7917ce13b5759f7bdc4e91f59069e1ad69fb87467a88b8bb1b
SHA512 c3c8421b0e081acac952a1493dc65d68aa83c77d64bb6c849e242753babf522fdb7613397081ebfb4b9e3837321b35c115c6f70f0cce356a27f426276c82d115

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 3d51307c72f4855ba697e451c7f41579
SHA1 c713ac2dc2a94549f9519b2dde4c764d1a514f38
SHA256 3fab81647f62e077c6fd9014cc4d2418448fa0208decf431b6dd0a8c0a816f09
SHA512 3b1bbbf15dd429e2bac80bb46a1f4b37e1288f780713577768c18f8dcf79a69608e82302ee824a79dd9491c5cdf439f9d025cd6b97604dbf9a5115cdb325676f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 44509dfe5093c69a7fa707d936ee1e80
SHA1 c36a0e6e266531b569c5e35351ccbde090474fc5
SHA256 71d916994864d47ddae84305e0e8bae56d44467e72e262ee827789891e6fa14e
SHA512 581efac3d5db49234807c70bc23670d0fd7275629a36f2a7bbec375498dc63e6c492588a1e5762992889130db34c2c92c51eb575d7e2ee4eeed70dfa424abc45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 463225f38941107955dd7d72329d314c
SHA1 75216fcbe3b980cb04d61def2bb84ca04e796e78
SHA256 ee40e625547f68d4f284a6ca66b30580defdea7e12b63458f43d10faa7007108
SHA512 4ee9550379d6fd314d91d4922805205b59c4d4836d07a177eb7bd7efcab9ec2b5b0ded4ab8a7f70c047e2f5d26fc102f0a6f7cebffb4c2f0f14847c30d5cf6dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 2bad8aacfe422443215f18c8b8620b0d
SHA1 6f5d59c56a10b9d5a70687089b9808c7c1b9e2fd
SHA256 6f54c61e4cbdff999071c55e3ccd75ace08fa7190440fe7e5f77b39d49e08190
SHA512 54c009ee1f752c26e2143bfcc3499743d1f92e9a2f0d926717fa2a7d291e38b716d5641b037d72801966ab476ee05e5e2b2a127fec776bf7f771ac53f395f8cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ad8a7d2486e184e6a8a19e6161a23f82
SHA1 2ce23a10e52aa1127441d8ee294c0f60e64f38bd
SHA256 626e4ac43b06e4f7103f3455815828bc25a9731b1464869e3e6f2cb230377a05
SHA512 1a70f95230c203a271d58f7edc4c9af8f144027e181457a396f64e4522635e17b02ba704403b4797e9087d80c0431b5dfb1b71b3295d3279bc186fe76be26272

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c426531a9c2e48d9017f851a4d6ff127
SHA1 f07302dc076b0fe4b24fdd91a335e62f09111738
SHA256 4098376aae6b108c3c90d9c988ec66192fe6a558dc8cf65eac9e53758bb41c83
SHA512 6e5c16f3a41ec03890381d24906d3f013486096dd45e7a7ec129b48c0d2823658aa5534bf5e2dfc221232da77733989298381b7204087a45f764e9e64115ff14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 cb8c5cd59bd0fbb2c6ea3b46142c73b4
SHA1 922df075fa813aac5783e5778e24f60d8bbf0e11
SHA256 b8b19724c33aa4343b75fb0b77d95b7432325c1891e1a53e1738b761799eb1c5
SHA512 3737b71c11d8a8201b333db9d9b34c00c931bb7e3dc070cb20f6e4aa38b8ad66a629997bd443a3308555abe26bfbab6c35942ddd8312bd4592d19af575474c7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 53cfab82b57df69199bb5f00dc9af903
SHA1 c516704f2865a49e0aeb7eceed4f472bfaa08a0e
SHA256 51558f90984224349cce12b6e58ca5610aacf8da0c3f9a9f216acdae70d0bd48
SHA512 073c3232971409905ae8b3d1d971cfba21dfd955eb7097e843580ca5f1ac720ac05ccbf46916d4c6ed5d7ae8812725ca6e545d412bdee27ff37f5f7b3b267ab2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 09b55ea4a952d70eb44f2a9ac9e14c6e
SHA1 b24cf53a8179cf5b585b03b82d3844acb828a71b
SHA256 451da5ce7e738dae4b0f3f739cb443a03d893d466776f7c3e07e75a7039fdb91
SHA512 39633ac8e369455600657057ce104694f91bca4e2886940d21a431ab1891304d025a55dfc6a67e9f48f26f3f76a83d4370dd00bd468c7862a72050d523775d88

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 530ac4c5e0680e5562033aea3e30c090
SHA1 1751f5872a57c6c67031ed6f01d9e4aec3331dd9
SHA256 26bdce6cb23d0f679da6d00008127b40ea1ff150d849e222dd7ce6b749be2c38
SHA512 c450c3c761860eb965224e4e77c876662deaa1cb7f855a78264ef01449f54985d1ba405cff34375ec32b47040dcc8faaecc54953359fe59a6f23f46980688571

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 131f78084c827eb90e7f08ecaeaec415
SHA1 8a9175cea7fc91ddf7c26904bc8a27775b0f5790
SHA256 a17f21a607c656d64110c8a495949aac2f390aa096441ede5f8633ccddb686fe
SHA512 36ab85f96d36bc0b73533993cb3b0e4048aaaf5e17408e5eb098dc02d4589a10ae50615b035af022f1bd4aafebff10e1dd3260725104cb3819770e1095a04d13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 f16dc85cfe9d41524c1bded4664fed6d
SHA1 f2bebcdd8b6d6ef566145482ae74f0a891265d5e
SHA256 4852b6fbf79e82859a7ad055669ba462605e6f655671027b5f85d0128804398d
SHA512 e09f7406fc2265d98e85306318c9f75ccbb94595246b1fa1f68bb097fc812dfe440f223cf9ab73991b75e106e667d2424c8d3f9ee7e57aacd5bec25f308a366a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 90be47449b1c109d1c0b7ccc20ab9bff
SHA1 1a5d06f34eb184b0e4aedb6f2948a88d6662a9d0
SHA256 385a129fc843caac7223e1580e00cd5e955c30122229a31f47bfef271a2eefd6
SHA512 decff9aa0ec949e4a6722aa2c2db77f2fd6c0b333f893f68cb0eecc60f30556a36e985dd0aafad12c820a279a7b89d088a3571cd1cafc2aa45074ec055df16bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 6eb10cf45ef04e86e0e75ee8469b2a74
SHA1 8e7cef6a4832c17df130f7d0208d81f31ba65ae3
SHA256 de035caf2d246f15f085d0dc0df28e15b7ddd99174afd77e5fde65d78d368340
SHA512 fa7aa72cf35f4d0dc98108bdcae9aa02c8ecb0728170692d416c73b0f717760a116c2a572741d02e553ed07e77df63b4d8ed5a97c8721965df61a25bd92f17b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 d6d98ede3e8afdb7719ec3a754d0e663
SHA1 8fb4be7ef32518c8f0a17c310384c12aadc925d9
SHA256 34b1f8e53496850c8b2358145ed9e2d585f7e6e7fde25cdc32cde4413768d274
SHA512 9ed84312a4919433cc07df74a8b7bbc46d9e4786cb3b095f0cc3768c3a9c76ae1f340e8dcd9abdad39229e8ff292858a91d00aede13f76fd5904a76f54515ee7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 d88bf64c4df4c6cc71d001a607102bf9
SHA1 d7db6cd2d7ab3778d7f88d97e203c2be44d2e17d
SHA256 69ec18a2c0695c7e30deceae4b3a3c76d9da75c25a6e606419733c22d5246e2e
SHA512 4c7f4bb9ceefab6891a1fbf78967dcebef5b901ba9b09f2f285df6e841e003556fc94ab6a211ae467c8cbe093941638015f2c0a4d09381bd25cfb5efc755455b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 5251d086550716129da4d0880239b161
SHA1 98b37eb41a2d031a133ceaebce75072da2f11c0f
SHA256 096ccc4aac00ea77ef2786c3ec252f745f71be009ea63623ce56acaae798d8a3
SHA512 b42388432d97ab71fc56f7ea3d1f260428d4af15ce6e55f2e6ab22d36b221f57a00de82059753a87b96153a0e55853276e9b4eaaaf3333b68585eb36470fb809

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF..buyAV-bomj

MD5 cb9e3f92c23dc2781e245525c87a074d
SHA1 b221610ae1c1bb97308bcb980eb2d26eb8dd3dbf
SHA256 14430ff6b315fcbbcddcf85596c549e04d5ddcf7e1a06f034bdc74c1dd1b1cf1
SHA512 baec6a8485eed64c6f51f431b938fa2cb8af687ca336609d8b863db73ee8346ed9227117205875b2d37321f959686723163f8a7ff5a849cf2d3aeb5ac35babc4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 2dcaa0925102dad3fed3343d58e79f30
SHA1 3e6228f85c33ca57a02b7638b43e5ec2ca693943
SHA256 fbf1bb6579355d77f0886a2c36536cfee9bc889ee7a808fd1cd341df5e1a897d
SHA512 16feb0e9c9733352f8df00c24b79a448ed8808cfa3d1b747ee5495275930e0627e3daffe6679a8dc0e723d644602ab255b9f9e77bcaca333a975b9b43d57bf02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 8655d84b8a1f1a4a1efe3e8bc1b05ea9
SHA1 bfd76562bdde4bd44276033cec9dd7f1b9f4b3e0
SHA256 af162c40400c4887221ffeb7b1959cd344422ee13117df40e50e5d6d81e44e72
SHA512 d1e2e18af0aad26d3b9faed6d4039a5278990e998ea728fb3aace2f8daed4f8940c1f67aaaed19b728d91711c7e4a6891716e70ed8c74a69b626cf21daf28d48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 d5fc180f0646383caa5fb5efff40bb25
SHA1 094b281b9eb308e577f5ed391a6e6cf502afed5f
SHA256 cac529c6982a298f4f7ec69ee2075e242572e9a3a79ef9ff259c6d3195b5bf12
SHA512 9774c6efead5c7e6743af6a11787495c5db8c377408f4deaa897c938e0203a83e63d27869a485c3887b71503b15eb60da4997d43286b4219b9fcdf867602072e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ed48539cd967acf12ed8008750583dce
SHA1 ae299c721ee59c77eae087831be49286251f9075
SHA256 5d09916ae8882fe982c9e9eb2438eceeaa95597436503daa904996cfafcc4307
SHA512 ef4fdbb981769577f3de353d3ba8d09b7b474ef3de53ac7fb016b573d4641e5d47d92919f2edb3377087d8cb0b7249cecfebc9223ac59ed6824a3cbe3cbb3829

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 812bd911f055cc7fbf710192393ec7cb
SHA1 2aab7f92bc93eca6458f3b224b811b750ddb5c4f
SHA256 98363ee9e042030f77e31f17adcd371791dda534535fae57ecf0f4bd261336c3
SHA512 1bab77cfcfa36551e3bccd3887e618b48330adb54c4c1bb5c5976735f5f92b2129c2291a7195aad72e4f4f3b355aad62d8f92eeb8980ac07604c89ea059fcccc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 39c07677c5f9e06086385a6e24f46f16
SHA1 5dd3d0878d131a0b184a1ee488f8705d54d2c063
SHA256 9254226ad5bb07c1b1278989dba7a7c2322506cea07239e9249227219ce22d1a
SHA512 2723bd244607c1fbb4dc4523a79a25bf9c4f01f7eb83c71cab4d5df2e65d381783fe20e552a5493fa373c2c1edc7300f56e1e15e4060746cc3b382e580e9a9e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 dc08426d6ac483ccd6aee70a16a612ec
SHA1 16e64d0c095ee447d0a81ff908deaca83f4c6dfd
SHA256 6477c02cd34352822443ec2f41831b173cf1ba661a634d47a8141ff75c393755
SHA512 d3b735092757fe270b1a4002b79869cb0a1b7ff9001e0775f0a2e03ced901c377f72bfd67009a805c4a1904e7f6024b2ae9b67f77c9f3695bcb71e656312a1bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 eee08794bfdd3685ff7c2bd52da89e34
SHA1 3e1fceb52a66e7f22ffe98c48305ec02e664dfad
SHA256 96b912ef0dc998f1ab699e2db365c98a973f02359e2710cd7b92003a0fded455
SHA512 d55baac131e9845bae5416bd00f2a0774da6f6991aa8acc2267afd7335ea9748fceec645ce93e950b08de132008172f42b862437a0440b5f872bdf2e6e0903c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 9e5bd0efb05e5db9a7215e44cf871d7b
SHA1 04022057fabb89e7286846e0f024b92d74557d78
SHA256 77db2f17a6412342f2a34352d2cefd9267ca699057eb53bef77d15202f606398
SHA512 a610ce1b67eee39b2499ee9453d771e8350f33f0fa592f8da3e372e8fbafe912ad58f3879bfee796d63f99dcdf61778b335dd792317b388e435c47ae24e68b36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c6c630ccf51b1a19040a63a879484987
SHA1 cc2cfc30979b1abe124bc85a860df16a1dfe176a
SHA256 ca7adc6ae271c2dd9fcdd0befe10a7d28a68de9ffacd62ef9a068715909adb69
SHA512 c4dcd507b07906cff2c9c6d21f3182818a5f08e4c1c28575df5ba816089737d2941696d21d655e8a4b97061597715bdc7d0dd245ca15aa9d4171bb79b85309fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 2a719139524eca8cd4113c905583a5a8
SHA1 5bfdad087d66a179160c367f3c5c492e5e8c4e1c
SHA256 2ad4dbd86f335dc2b4622447fab923427b410142e1ae676b2e503ceebd3aa971
SHA512 79eb20b9c84a8858cc2b92f68704156a2efc3678e8da913aee630dbef6c496173abe09f95ce3368aa8bbc2507f5a7cdc987a5a6a461d7a503e5a1f71e263d672

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 0ef9403b93b846128fe36ddcb18eac83
SHA1 a699fbb1ac042465f73cea361cec7189ab26e783
SHA256 7125efc66b09ccd4672808663bd7417f56ca3aad4a2f7277e74f08df3a32a89a
SHA512 d4672cd0efa080e75e5a035f6a8954bec1d2aa4820a31a8c6c309e8982569833042be6756614cfccfa82c0325a0a93c2f436182b2ed3c69273c6e95db14ac753

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 802493187663579f7c869381e0fae78f
SHA1 a6ef393e7883cef1aa06702a67a0f03cc40f817b
SHA256 bac0eeb93203b4f6445a1b0501d4f27fd7478c5bdbca55953c3f3d323b3243ee
SHA512 103ec17dd20da171c0cb9454eb25a9cca708535279ca709ebf09e58c3d1ddde539a4c4d387347688b58f2d5340e29740ced6fed748f0bb5a32a9fbbaa9cbb6e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 137453e2bf6ee3e982cc120e7a240086
SHA1 06cbe99d87e06ac06d8e698403a4ae1cb3fe7469
SHA256 07fdbe10cc81e70baa7765cd1336eedc27f91165d3595024259ff8ccaf58b332
SHA512 7dc39ce922d1a8bf122a2b2c5d41763dbda5590acb79027d66d29fe54b718d4bf7b5f9b9990f6aad53fde5f02c8a0a630a1441604f7c5ab4623516ac3f91d1a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 14d24d4f2303300d9d700ebf2a06e7c5
SHA1 a2243f2e2b43c16821c613922b5a11eff0143a0a
SHA256 829e1ab9aad80934f7abbdfabf20d5599dd5af47556922f1795349b904077582
SHA512 c9a735cf305c54a92332d435473f00706a4e0a47e5ff6ea9555ae52a817441a4a73d86df71219cb50bcd9f2195d89ac370cbe565784cdfd6d3821e1a38470479

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 91e1cd3cf67556a431063c7dd0406839
SHA1 6bae9073750c215d365cc587a0f7218237f43658
SHA256 32c5ddc1fe694c30d46523dc188f67b7b0c41bc7600d8eaa717683a26cbb1ba1
SHA512 d21065b6e3dd0fb905c1026fd97ba6149b34ed15805f3fab78d8c0d6aedbd2c60c08a52a0866c3fa64e9a382e5392a09abf508446576c714845725f59a87ab33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 75d3da00d4abe7e5d0f8a278c16841ce
SHA1 4477d25299bf9e9608f2edb522abdb1dccaf05c1
SHA256 8362dc1bfb7ac1c89e56d635055b7f75390b5f7ca820c11d6ed07c4f7dfebb5c
SHA512 3a194734abd17f5b4ea148b544c6294bb7af70fca50982bc525fb6f5ad5f5a0c9bc19184c6f00fbc7a5cd5176bf273268e537af2ad4bcc7c05395c78bfd53d67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 8b69cdd6fa2e8613059bb07bf689a959
SHA1 51735348edd1c76fd13836553dfa1396c8b92290
SHA256 800f0fddef7a3c34c3837d5fa7ddbe7330543e8386d2dba919f81f2280f93e09
SHA512 19c7b2dc8bf08596476ef24e8815208ad38a4b754ea21d92cc42d95335dbeeade963df90f41a5aa62f976a026b0b7ee54de325a4b47a3eacd0be576a90980aee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 bea5434e331d92295120688d081a8071
SHA1 f9d7b3eb45d9a24c1b18ba70d5d6a45b419a8cf7
SHA256 2b5c2cc1cdf54a39393a20f48383e757d04945ed4b8dce60b9e0ea8afaaf45c0
SHA512 74bfccbaa490312c2721b86fd74409493ef1edf1c401c9225b9d14afdcfc1b4fe9400629c74b11eefdaa2ba5b9d125d092eca6f509449edba0e80f1f2d5f3c76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 b67245693f979b161259e0f4cf6e3c7f
SHA1 4a7f94fd2217544c5b3a44ce325c27e50ebd38f8
SHA256 dece3eddeec4883728fde04242f2af442edbca4bc8c905831070d3ac511bb46a
SHA512 285d8f185870557210922d43ff27d444e5b2169bcbf0bca679931ec907daac186382939456e133c8f5a1202d6cf20fd26c8606568e8c2f99504d99a28fc4fe42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 8d7b340236d4cac36c3a5a2df91b3a40
SHA1 b05e24e680e78151bceeccd00f8c4ce212b865b8
SHA256 5b83560e1b4c5bb6e1f6cc54ee9a0b4110813c197a2689a3a29643ea768809d4
SHA512 44480b21a5ebe16c416eb24560c9a4bc0ed5d2e4121e33673c6661a5c9d327fa30cf280141a93a42ff8f0907631a44e39c72036e2586c5a340732467816a44dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 c2c05be45c614db54b857e9d9178e2a0
SHA1 c8a2624c0c08e8435c049beb46bb1e43c885fab4
SHA256 0940c95d57d941230a4be595e60a8ec9a46f4883eba50d33fdd7d19842282712
SHA512 88a3b1cfd3e151a16b1be36c94a5edbacd2b3f3d655c7e79d362a843c94ff8671785497e6a9c51520d5aaf49c612845b8dd78723a45a57ca64ff6a352faa6bbe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 d39a502b1363ed24db8a3e1ad6d3c04d
SHA1 3b54f547046410c7957596cb25439a31368b6a21
SHA256 ae29db78adce19abba99f6ba877213c2fdd4c93ef4b6f4f7e2188b9705806659
SHA512 f7d6c704104e73004a473a785f04f06f56807505ac0283bce603b91eca826c42fb1d6b4ade0ad22f97de24970f6507a689e0b1ded81dc0062ad8b26ea72bc4c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c8f514a9eaf26478f2f107ab9fe05b49
SHA1 0f3f9b73735245d59f173a09ea969f45d001b865
SHA256 5ca92958f2e1b74651f08633eb69b61f5c7244bac21a04d237ebaef4136cd771
SHA512 ac6868002dd866f619ea12491061c4ca1f35a5dcd51de208332c088af7160ac6558d7effd6a068de2432623bc3abf045a23342d4680bcdd9d63bdc51da9273b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 55f8a477082dcfc0bfa43634e8b5f910
SHA1 e9f369f39711d65d84589ecd9925a40820c0fb31
SHA256 762b43048c7059c7f1534e0bebcf2edc524fb567c39305d1552cf574cef54538
SHA512 0423f14c711750547858db58fb15033ab9b25a74ad60d2b2120b0f85c7bbfab5bf4c1b50e28a5b125094ff18fd5cd1e2f609b99cabce820fb48bc1e933f105e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 be4f3a4f76ebe1ba31625ad6006fce18
SHA1 942f0a8e7d941ff743fd0c317fea226d1d100fd1
SHA256 bf8230a16e9f9d29469f477bbbd16c560d2c21f48a360bd613a882b12260a13a
SHA512 9afd2ebf17b9c75db354b98e44864279fc0cd57aaf5738c6dcba39cafffb34da001bc0d144329ddcda88cdd962cedc951ce05811d613748f43e25916c22816a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 b1768abf47fcf4cd9917c60d3f4898bf
SHA1 062f8053b280dc8a9410cf560eb48c62cafb148b
SHA256 e4c8623e53484245868a2dc9eb9ecaab3e1a5816917833c30949f5f581fe9955
SHA512 1e1fafe400c4ce1da11e5ef11e70c4b665a7208f3897217a466dce11bd050c2e2aaf72b0765df9072bdf9f7e8f122656e3ebf7215552caa215bd851b99a3adc7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 cbd504e5ed01dc99811bee14690aab9e
SHA1 1106e0893ca5ad6cfaa6e8096eaf46a158ac34a5
SHA256 d7507d71f513c7433042ff9416cc009cb3abed9e246945532d7b0c661b5c40a1
SHA512 d39f6e86a0d716f3d3dd13ff9b9b0bf5aef744121fb1f6bd5dd8b42faa3f174534cd66aeef755d371c447e79abb3742d857b0bb71dc62a1643ffab6065e41cc7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 305fcb633374fe18b16e649b4756a2e8
SHA1 9864fd29c025fa17848b2b8791245b2c1ae88faa
SHA256 526d614735d10841692c15c40c4eb162dc2048508a7057979957d614fde0a3fa
SHA512 828f52e4a0e844c7ea739269be120279bc8d1edda6fe860dcd9a21455c654f3bd267b5b358ade4aac8e4a1112c64ca1c08705674fa923bf63cd90e5aed533f97

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 a9f4dcd79e6ac09be82af284e56d1f51
SHA1 8de8b8fe4fb78063e3ee0f32831e023abe73be85
SHA256 515bbe794b749c67c115a97907940935a2a19614ad0457b2f1821fa836894f72
SHA512 c43089b5064d92b619a0d0cee5ca103b27d4c0a7a49898144cef8d36ff95e384c902ed16313d55104a450ede38db703b80213e393e22388260ab8cec027902bc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3a326861bdc6348a0790115abfc7c145
SHA1 97222c67e0a895a12cbe1df4188742c1f7940784
SHA256 056b178d837b44190c53366f09b22397da15abc902586c6afb528f5ea40ed71a
SHA512 6f4c7c0139cbf04df849f67e163ad0352212c438b9885a9326d506799b3d0eed7e0be28015a5e58fdee66f283f6b49273e540c543183c8585e3f8870b4629b94

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e2a203a53d7fbb31359c89ca818cf54f
SHA1 c3b7e4c0d9138709756649570f33836cde424e5c
SHA256 b61d1a90e5635eaf6bb76a1917cbd9de96947fe10c9178827d7551fdfcc41cc0
SHA512 696c4d03e4b71ef67e70389f7828ac890c2d9a64191942ce2fcdae09490733a99f7e848c82d594801df976731c193e5c7bdb7ef2c4a3c8411a9d873072da1731

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7ab26e28a90b3ef45ce1f2285000034e
SHA1 a9c96afc6d9e0e5aaf3613dbb769c865c2e422b4
SHA256 0bd902cafd24894f965f39d540dfbeb7705da3f208722035d8c55552dcba5212
SHA512 a7d831c773d1e740c47c483094ccebb54150f0b000409ea1e46c6e4ec3723945d9e14827bc73774455199f7bd3f5b7a471fa5fe306d6f798f3b14bb3aa29610c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4495721db694e9a03fa881f43f7d11da
SHA1 ebe4523325dbe977e5fe6c6893bf9319ffc4f872
SHA256 427ebd1d7bf0e6e819d4344455345bded465068a600402aa48f55fd8472f4604
SHA512 c65f968d783d50b41e5d66b1007469fe07120c35a6f3d9c85d32879f2be06aad887de05c87884b65f313fd480782d14e6664a2e024ce6640a52edc2358da3dad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4d977ecb995194297d88e9ba9a963033
SHA1 eff3a1904459edf747fb5d62ef07e0479b60d44f
SHA256 d735c5a9bea83163523960ee7f09c4a2d76c5197f657495e22ba2775ddd3069f
SHA512 0a7bbb4481c80988f7322093b504292b592e93c2047d1d3167ff202f404b9f69c9421b97cb4d2e6e19efedf8dbed367067168ac04ba8c42ec99e14f87c583d51

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bc2a3e2fa619607e885e63ad7813e08d
SHA1 a2859ae1a344c97207903e5b1269cc207337ebad
SHA256 83e5e289674ef3a166dc469a69feea0127af01655a55fa78807ee5d8f8e08d20
SHA512 7a7ba035925e2174783f2fb505fe39bca51df70bb409cad4093b9365a0afd611e8cdeae1c72b3f6b001c5bf08ac1fd7f1474f3f6a31b951c4428fd75d00be084

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 50bf655664fa7d0ca63b49197fa39d6b
SHA1 5213e4846f243e44877e6f3d1f922ff9038a65ed
SHA256 f1c28add1218e34d3d352a1831a80fcdcc7e0d0d6872d28350bb53831568ec14
SHA512 7a58e6b004b603332659092c34d94138eaeb70a1c0f4dec589e9719d9f08f4fdd38841d12095356c589eb9e4e9e50dd1289ddcce9c2c5204ec5b42d42af244fe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 f4ed5b952988ddb267f0b76042720559
SHA1 60ee3788329bd2b6ee5e4f96eeca3063f173a53e
SHA256 ef780b295a14a691023fb2314e1b8a466dbdd30952207fe55835586db6bbdd0c
SHA512 0419527675fc4d8f4e00777e3e5bc8ad9ec39d87f1e88b14007d3cadf03fc1ea0db64179aab60af38f2ea1ef0e8135a38790a6482974f3e2e1ff8ebc682b1e1c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 990278ba48f11b23dff1335f4416842b
SHA1 b4861e5cf1e3864043e57ec6b137c734a4b55c5f
SHA256 116f0cb6723c21f92bbf8331a6794f02b7e6f7ec7c05d5b6b1860401e9cdf196
SHA512 30044b9f69896cbe364b904ff85d2130aa6b0c231922767b64732af2a5819754b0289741da46102e30aa327244a513bb462acb791d2d084ec0f531b09a45a6a7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f317aafa59e480140ca2392302b53eb6
SHA1 a3413ed21f8dd4d2e128de37407b360c04d22d70
SHA256 ea113f6dbf152bf1fb5f159e2409c56770b9f9be77d633f51b473b6de1eb27ad
SHA512 8929ef2cd232cfd7c81491cba36e4b753b91cd5640cf3c912cb86698a3ff27ade27f752f44c7360c09c21ec436a3e8dad4da13e431d8e45efd6b0434a0a4b5b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ef8078f8801f99603eda915154e048a9
SHA1 cb60ee5ae8a91ad45fd31f4c00b88ee69347c9be
SHA256 ff1d2e8802be5c3fcfbd10ba52a8f5857ad992747ce1332fbdfae7e75882704a
SHA512 9fd2bb55b19b403919defbd6e5f78e30f8593d5bb4135f6963db8813c6de8d93dd8294a5f58e179c62e999f90f8ed6e814867fb5b119498c17a668fff5e372fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bea1e0d01f8e2b1ad84b2697d88adfaf
SHA1 5257a43f7f2abd1aafd13d8969cdd1ccf2e51f9d
SHA256 01b4c46bf468ebbaab379ceaad148a0344d9d1599809cdb5e2eec7736ababb5e
SHA512 acc637b75a7b0878d893470ba69b4edce5964e4fb68d6b0ab770f41f586e2207d3f6d35daa32f20fe6124606da756613987c5e35ab30c02b99ff0c75334d7500

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0521e2ca0d247d96ca1589e3dfe027c6
SHA1 ea717e5a466a9a55671dd651584760e7cded264e
SHA256 4e2d8e636341cbff010428768c088a3cd8216eb4f69616363e9216e4b29ea7c3
SHA512 a5c355944d3e6380314548a707cac4e5b5e4cf7b0603daf24c0c9efe6cc28fad2c62d831f8c623eb5acb07b56c2cba5bb8e83bfb73e7a585f77e81081d7bbd0b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f9bdc03e3e58d362e176de6c003fe3ff
SHA1 84700fc009fe36e79313c9f5e4f015931fe82b17
SHA256 2f653a5af856a1840609bd8f0e6a7ee5e467ec5a2868349be2211387988c4ce2
SHA512 38e6197a97164b2309571f14d4382ab2a6049ad9406bd3919c04042284a7fa0a46ba4b33367c31186dd4d8333901f6ebd7b17c55698c693e8dcab964aeafb106

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 1614c3728d9acda9c7fcde7018819ae0
SHA1 f9d0819648e98e660e7f5a7ec60bf02feb45d80e
SHA256 8bb0dcb4d3e8f2e78886a180fd29bdde794997b8574ccbdd7f2f8aa764180be8
SHA512 880e93c8e19948a4495bdd74aaa3d1511ba086bcf6334a50b9e62d01ce6cba37afe22bacc60dad3d7daba8fb35abcd914ce62224515dcd55fcba42d2072787a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1736a9dc2ee66ad881242af482e55877
SHA1 1fce168803c2a7a4e4f433733d2d426a82b23ab7
SHA256 cff2175f24705947aebc48462e3ef6982b4aabed32d12353349f6a58b06cb35a
SHA512 0c2f1f0c6deb2764a4dc5f1a14f70214eccd8853f78c052da369a5ed54c19b5a4c3556961e0153a3c5d0cbb63836434a5c01ec41d1265133498924c4586933b9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 695b63d070195b5495caf4e1becdc32d
SHA1 3cc216e686c50a4a442373502923b58fa93427f5
SHA256 8d1177ed83c728937ef99a965f58036385c3286e61495821921103081fe3d3b3
SHA512 c246f037b0743afd1aba11c87ffd524fc996c45d181792112c8f9f88d9eee99b7bca14f2ff2fbd38dbcbdf323271a191ac4618f37d80453e4c5b7d1c6168144a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 8e33d9bc321e4fd4aa959fb0f83b868d
SHA1 1d61c5c18a03d2ce3ae68c0dec4b2bfcfbd4760e
SHA256 789449fc6b321ac7cff5c9f10d3d9ade6effc2045d7c2ae4404fa2554885b432
SHA512 26cc211fbf7a077771c547f83167685c390252229e18b2e318e7d82e2202f6d2ba82d382e62ab85ddfe6b20b06cd951d0d2bc9824e00a96f1a2e2774b1ca8bcb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 ac240584cea18dacb9cbab8f6016d734
SHA1 22aa1ac9284fe1416a40e10b799c5e262fe425e9
SHA256 e1fccbc959d86cd6aeb555f41b538f61af8052dcb5406ac4b3c41c9f6227696e
SHA512 b66dbbde03edc6cd151840f609816503a2fb417d87e63030b73be0b8064e8902d97e08f4c5960a5df8c4e6bfba57e95147a91ed228e6878b3a710fc0c49a34b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 9190b9ae51b8baad8253bdc618774c2d
SHA1 375a347ba6820447fd118e2364f8e4dc00ab87b5
SHA256 2767852ddae419918badb06231971ddc55baea2d83f35fddd4048d51ff819511
SHA512 5ed48e4513aa20cceb91841fef8b129ca879c71deed4ba0c619d6f8c7016d2bcf5e481e4644aa1d4564de2e4c8b79b32172803f2a26ff8d9e47bb436e6257c20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0dbe9ca040ef480b61d22fd948e8432d
SHA1 1365e941d294838d2886cebd9fd043ff1684ee6b
SHA256 b4f3696a92aaba70fda17c0847aa8f145167052e2a757ce3fffd14b7bdb41b33
SHA512 3091325d895bd1b49be4e7cecc7a0d60dedcce72fd4f9eeb18b10ee3e151515b26979b90cd2bf60e36417a2c0329d426d16f6cc08fb6328d2ec12da1a44911ea

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 23:02

Reported

2024-11-24 23:05

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe"

Signatures

Renames multiple (2180) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wceusbs.inf_amd64_1ba398d9da634d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdi2c.inf_amd64_d7ae71f8eb52c084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_aa94d04ecf56de1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_9977beff54a96490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\jit_rich_capture.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Undo.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\nub.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Notification_AppLogo_PowerStatus.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\tab_mru_darktheme.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyShare.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\core_icons_retina.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateY.PNG C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-k..np-events-container_31bf3856ad364e35_10.0.19041.1_none_9bb23eb22636b86f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\INF\RemoteAccess\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\hstscerterror.htm C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_10.0.19041.1_es-es_7dd00609c19728da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-object-picker_31bf3856ad364e35_10.0.19041.1_none_c586e819abf20361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-http-api_31bf3856ad364e35_10.0.19041.1_none_b5f1f4d5710a2249\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-winproviders-assoc_31bf3856ad364e35_10.0.19041.746_none_1f7d03a3cb179e61\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-csvlk-pack-license_31bf3856ad364e35_10.0.19041.1266_none_81cbda612167f745\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsinfrastructure.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_59c13f1a509a2763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\pdferrormfnotfound.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..evice-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_a01fd2229c34f489\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_533dc8526249d995\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mf.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_19453f66145b1d82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pprov-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_386b02d498494540\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Exchange.Theme-Dark_Scale-250.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_fsundelete.inf_31bf3856ad364e35_10.0.19041.1_none_454733e4ff5425ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_0fd6736e9fd2f185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.services.resources_b77a5c561934e089_4.0.15805.0_it-it_c861a0c21cc4c56e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.746_none_2580ad1b9292254b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-profsvc_31bf3856ad364e35_10.0.19041.84_none_f35474a560ca755b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_reachframework.resources_31bf3856ad364e35_10.0.19041.1_it-it_9a8008ac95728d2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_fdwsd_31bf3856ad364e35_10.0.19041.746_none_65f678925555df55\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbrokerui_31bf3856ad364e35_10.0.19041.1266_none_5bbfc6d07a4d15e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netvwwanmp.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5b3b8ffebdd0fda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_pt-pt_446166a85fb3a223\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsmanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_defceda46b449cf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_10.0.19041.1_es-es_bc86348b3a8757e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-enterprisecsps_31bf3856ad364e35_10.0.19041.153_none_2a1e6a613d7771a3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_10.0.19041.1_en-us_ec68d8d806e26a75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rtux64w10.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_112d6bf481a45016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\Globalization\Time Zone\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_zh-tw_88c9261aa201eecd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\serviceworker.html C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ncmdtools.resources_31bf3856ad364e35_10.0.19041.1_it-it_bc652eff834e2341\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\Assets\SquareTile310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..changjieds-binaries_31bf3856ad364e35_10.0.19041.746_none_22f5e946b6a0c359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rotmgr_31bf3856ad364e35_10.0.19041.746_none_0bd845a4159c1a60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\BadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-themeui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8d0a24f7feb34eb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6f24358c867861f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square71x71Logo.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-alacdecoder_31bf3856ad364e35_10.0.19041.1_none_9dce7f621670087d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-winrt.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_316b8441cc6b7adc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_8a1797d919277db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1_none_2caae3c423e228c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-xinput1_4_31bf3856ad364e35_10.0.19041.844_none_1f31af8f5c34f470\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.789_none_93e6eb93accdac11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appwiz.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_154e0b7d6b4ae261\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo44x44.scale-400.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrasa.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6613297f161b4c2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_10.0.19041.1_en-us_42ecde1b618b32f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.264_none_39eaf2470cfe88f0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4a0b43199a2e18cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_10.0.19041.1_de-de_9a4d418744f10523\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_87ddd9649eb3d75f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsCloudIcon.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-uianimation_31bf3856ad364e35_10.0.19041.746_none_73cafec902cc14be\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\Extras.png C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-driververifier-xdv_31bf3856ad364e35_10.0.19041.1_none_0c9b9f6e3d7d334c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj\ = "TIAHKFPZBUJKCYW" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe,0" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b1835fda4764642da3b866b64b0c4901
SHA1 2204597ebc09f22ddac48e331a430424403f59e5
SHA256 0d4e1db72fb008b9390e5874f42ce8fb4686c507f8c34d1e3c95ecfaaa0a9370
SHA512 d326756a27fbdf20d4f60a8c179b20af73172dddb960c8dd359a4dccfe7da93d43c58629ecdb5dca7fff46b14bcfc4df82c90cd384bb5b2eb90bf608353fd04d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 bea989bdbeb310f2dac376a7f94273f0
SHA1 a36d1b46b2de43be1e378c2b0e873d40a0dbb99b
SHA256 8bdeb7fcf23d4b311e29233a05d6a553bb797f8e9da4bd0d886ca9bcb8cacd84
SHA512 68b6c92a39f5654cd9ecdc2ea5a2fd8796b9fa7f3fcdc0ae5c40c710ce58356a88b8981e1dfb56d6e86ad2f519745a4d46a3d6776d4b5eb2b0b423021dafe802

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 6a16d4956e68be38ff142e8c2ebb1678
SHA1 60c9bb29247c700a017597e8c7d56bc860e5e2b5
SHA256 09ac2f265738dadaf1ec9e686aa8ba5fcce3038b851496d1e1f52f853e62ccc4
SHA512 6784544aeea3479a0c77173d7142551062a27eefe3afeadd96ed6df50fb4d7bc37f065e843f75192c741dac53ebaf577c5627c813e644f012866da7f9fe5fccc

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8670c2662f8d0d7116f54c6364027f52
SHA1 c058efac238dfe3e7506f98d1beff9ac37b89d65
SHA256 3fe34eff7b7bee9f2945a888dc3adfbde0c77de1d4d84461b49a6e7e60a48867
SHA512 504b472c6bae0b866fa7103a992f5b4e4c185807c1b3d5df1e1e6d5deee6053f1cfba157ff2068e50cc57c26b12ea8a5585d7d70a1675847dde7aca1b46caa21

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 3b3f151ec7adf4d36ab120ac8d4f676e
SHA1 70fc3a170e4bba1baaa7265c10af554eff03e67a
SHA256 e26dfc2efb3b745caaf39db43f79cf781ec48df7f5df1f4a2c502d23e91806c3
SHA512 c99275102a2c5c3835bdc480aea8d5625886b3769177a1e52002c8e8024338bdb4e5bba823aece3c44e49de694a21c640c5588a6a7331c83572b08bff40854c2

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 8d469b110194e7468b63f74d8683acc2
SHA1 961aa5b2199dc2ee045da47689469f90ae14fead
SHA256 70ef746ec057371ea3945abc570e9928a10ef3d0fe554d968aea9966cb8017dd
SHA512 77219ee41befe828a95d2912f232c3f89487ef34739c2182b96989ab10e6bfca20ee4977d304665ea142b03c1b7b85c45c7e10abda9d6bb1ba3dd4dc17d029b5

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0924f25f78ed2bf60aedb0d30598e22e
SHA1 97ca513ccf8314df29955529b8d50eb9d82ab5c1
SHA256 430ffc9e2ff88b42e18c875b036de589192e255b194ed58288f81d36df0b26f7
SHA512 0fc4e0239c896122ff78047fa130cc2d76c91dd3d2a4a3453b2942d656f8f4c94479f282bb85a7a8abb7a6dacd6efb2fe33eab683da09f0d6b9a4201a2308be8

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 899914688b2631bf71e21d4b95a94514
SHA1 0540d661f3c5cce48dbc43b32eecb42c770ffc48
SHA256 72ecf2bb962916692c45562f3e9770922011b9bab4f81802596a461082c34044
SHA512 736c754a6c8efe666dac40cf9aa30f8cc6618dc29ceac78dedee10323c6605e45c55af833ff399c82a3fe639f739fc502a858197b670f9932485391ea3392d70

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 edcd3d2835380a871c15be804ee5d50f
SHA1 21a2fc82cb61d78414e9b949991e6af6db97acb6
SHA256 9d2576f00e31bcd3128e3397d327c0532086c76e6e5aa98c7e0f6f3a8b59acf3
SHA512 872640deafaa8e21bd5a2a24bbc5e39b886c023a0adbf6c93675756a2082f6678bb4292795e99dcabe92926bfdbfd29def962b46966fffb41fe3911fba873f7f

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 983a7e4cd666543fa02471a31c65590c
SHA1 8fc090466e35de1277bfc198a2cf4c1cb7483d76
SHA256 3e5c37e815e3f99752621748651a62e8688eac29cd07c1b9dc085bbc9ab148f3
SHA512 e1e333d934b76b7b9abf468e718072e15312e3c8db94fe20f38d4745bb362c3928a40f6b981bda2894960bfeed796297ab9d255a9e553743abefee1c643b727d

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b5b3291eaa49322fdc742f30e7f86add
SHA1 4a80bccfd03be0127235b4eb3bcd35aac20cadc8
SHA256 ec625423758a45019143658d6f11800c1182a11e2ee9809da3e30ef8509f7e6a
SHA512 be00268d697d3d3bc30bebb9e549e9281298c835b49b23685616f12c64a4e259b1d5f6e649a834d2e21c8c746cd4d4ab681b0ce2ba2b63baae30b45a828be6a8

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 2151c799ef5270521eae542e2cb1e8d9
SHA1 616e2f93bf6518f9f7c19b1464fe210bac03f6da
SHA256 2b46f782b45c3264e0bbd858a7eb46540f9c9e934fa6a6468df5f111eb0e6388
SHA512 1a21571d77226337e33af4ee9f9e07b80f006117026a3d37fe7f8122f394859e8cb325a483969e57517db2f016b668bccc9c9b656a8f604cecd43a74fea080fc

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 4683da2da5eadfe3b7f4654a04696162
SHA1 9fc7ee3acf2e6219b14456b2c831164b241b4f0c
SHA256 2d9b095f68faa56264df99f36976025d838ced2be77020abcddb24e8dc01531d
SHA512 eb237602311600b579b5f3c4812eecc1608fb0e0687462a01da3ea464045a021d7cb0675fbe87ea0c335e73a68427d3265ed2b82c158075c386834ef19b5a4c7

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 14693c74fefc9028753865db5141983c
SHA1 ee228189661bceca11b9a161d6db3331ca195967
SHA256 9223a7f5a5f8cd1c2a1a1d2f229900cac1f6b983a6135bfa9edd377609c018c4
SHA512 4ac1c1354d76b2ffbaea9105d1c43de47e3abe99ca7a14abdef06575bfd5a7619f3d0d8cedbfd030a0c1d52ade9f3463e3ac51e9e87480dc001d6be7fed6d64c

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 6bb373161b41b612d94f09bc2fff031f
SHA1 4c8c66e8a481e00bcfc9fd749259e36086cb8e11
SHA256 a92e5f2f64ae13efd9b2c04a8e5f76264573615f0200806c585c140f278ef5ec
SHA512 b525e22b4430053855ca1234e6067c2538e55d45cd4e656b12a866fad094c93a1569b446a477cfec7675966de5e6eccdb1e5b043a50e2c62ecfe9d5dc7477dc9

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 0a413e1b334de4b2b07a150ff32c7ec1
SHA1 b65b9947e63b7a20408386175ff0f2ac5eb5a6f1
SHA256 682e0aaf5e19fca448988a13de82e26db9e36a193193a5c149f5ef5e34fb5c25
SHA512 a4a8451577ea2d719db3228850984426e7a8d5594c0bbbe9f1943adcf4cfe2ca9c34b6b8d4f7022acb029342c225dfd3f860a85d22d929ab45c2982ed504ee53

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 3f3ddf0781e768d8392774ef7f8605e6
SHA1 0d07fd190d594c1f4a970d1908d210327b16b3c3
SHA256 8586c6f2d0953410627602b844738a5872b8c99f7fea73dc1518b672abb49e67
SHA512 70a046e65d5091a86cb587f090ab9e2b34e148e60c58e9289ec76c736421085029cc7c8b47a77975a6d92fa4dfa4a827319b182bbf929f31994fcc680bf93c53

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 08f2f3cdf8eafde6ba5361a24cb3a121
SHA1 25645863c1a7197b5d858dd6a724065b62e7a18f
SHA256 2cf941f423e8020b01c3f92f400bd9f2308297c2634322e643a3616bc1523a8f
SHA512 8d9aa87b5e9d5b3aed80410ca2c6dcc9e912722a1786b65a747b7fbf5e12b1ecf73d21adf655b7a85018d282eb15c916f4ec5efaea3bd4c2cb6851cec37aed72

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 57bd5bb565ae50c60774d7184de05321
SHA1 65760fe39c9b03f3354f133d66094a6197c8e6d3
SHA256 34c4b65ffcd44dddadcc28cff8fcaa57b73559d43fa370c505f7ad2073cb24c4
SHA512 f13dd8fe1d799d3116a0545b0e9a373520caa04af66f128bb6ada590a26bc0080669e8cce386c14d0b5e85262359a646a29517ce268300c9b9ddb1d42ccfd810

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 04af6daff1a433fa1b0cb1d6e7abdc5c
SHA1 cdcffb4940d044c9be5d33d88d228f792eab0170
SHA256 8c9722a7fbda1ce4dfc03441fa44641901b5ed84e4331e0fc27a5698d163cfe2
SHA512 7e76a5c5538955003979f90642de58354a588734c6d951545886c27349f80619016bed6db57778f72dfa8400e87c35f12a2fe19af73f4428715bb9a4329f3253

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 a432e3ac522c0bdcf4af904213b78abb
SHA1 b191c43c280d6bdf242df37caaa95316f928276f
SHA256 411bdfe8a401d7ae01591cda74562a380d27c1fe2ee4a41ed7c42f1094950e8f
SHA512 8576e640cdaaba0dce3bcf69bd1f68389baba3c9c972b95f4a4cb8be5b8196066efbb6b5550c2fa08979fa47f18c9d168424076ad0310efce6260612abc9a554

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 14278ba3f291e4e827aa9d2610a3ea79
SHA1 15c5bf4bcd7702b224ebba81e85dc5afa3a8871a
SHA256 a4a361643d157fa0deeb12249e73ab8e12ded9226b4cfc405b1b51372b88014a
SHA512 bb1df8d0dfa5090b120f60d647152fa465861bca0db7fabe0d0ad7ff91dcfe7979fadd78b0c92dcf1cbea06a3f74c13cc826541c0c573dd0591cedd65f617150

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 97f01dc8d7e9094193e999c196214fdb
SHA1 185124ca686dc0ae4b4c2c1d1449f77eff5a0260
SHA256 b0bd2615c1d34119735cdbfa70c1ba5f82b334ad86af20e846788599cdaac020
SHA512 64a00b293a7dd2c4ab51535248d62a80bf1754d65554d9c762dc575f262cb10ce47223e4e89c78b965954a3c5b44d3bc88b2ab6ed155ceed8ad73f29fbe116c2

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 a21f97f0eac28313bae80aa4ef411e1c
SHA1 d4923ef7ad76ffc7b6cd874d548df9f86dd304e0
SHA256 4115d157573636466c3e9385c251785959703673e621718a94bc62b1db25ef5c
SHA512 57dc583f7984c356c173c7556b8c58c60bda160c65b1b801efbf030f57ab5e50148b846831999de63280fe7b13071ded10c50e21900df0af55712d1da77b9c2a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f6a84c45b79012f598a992a71fcbf18b
SHA1 a3e1dde2bece81c6022dbe7228d43520840a71c5
SHA256 97a7a250e05f68983e43e0e94e694c85547d3b2123d4d396a74c184e2f05853b
SHA512 ded78610097c3556c84627ee650f3128cba6cb12f80e55ccd58aa5fc0230d1e8b8ff86c21775cc61e23230082ff02986b993a8c1514dc1cb2786d3657b178446

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 0bdccfa0ccc6e19bf97029ef5e295ecc
SHA1 f92c7a7b27f6bb09e812f05f92a76609689ae8e9
SHA256 f199b6f16cca809ed6f9de4cccbfe0355376ede604f2809e6a249d4cafd8b88b
SHA512 76f8d1193252b90d17dbbba8d5b7a859c9fb031004c176cd6b17024c6f2ba0e1d451f08a3b233277a23d7014d4701c9cc5dfb5ddc50c0b57de90c46a40a22a6b

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 779486f24200fa4c6d6fe285fdb7e49c
SHA1 517a011c137806fa7a5e7d2981b0fb1caea68ea3
SHA256 ded9e98c32fa144f9f9121d6cf6a359d442c33d7b8bdc1fa78d0c8c351323eb4
SHA512 a441a87e09cde0b98a812c97f49beed8a2bf353673c41ce763f180f0fc859ffff1830d3f607e68ba7970f03e5c9ad552b7e2de2e40824d98cbf5b58e36bf6c4f

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 88f7ea98ec2c5a896ccf29e3318ce519
SHA1 ecf5ddd61a7d67f14c85354d97dfbab1d8a55449
SHA256 d133bf1b562479f5fa57c725b58cb0f23c04258c0e4aaaace01ad025e935aa5b
SHA512 075529916ed42d2bb2b045dcaa14418e812e59c9cf730105fd6647927d9bd803a1d9a54866374263581ad5d45f7f1417aa6baf843d5adb3581e8913efefa1bf2

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2743761dd7a18f3a6b99dcf0165d9daf
SHA1 4c52e28057e2a50b7b9847618d27f209d93d1aa3
SHA256 c00ea2bcb0d37c526fb994168e996a9ecbdc3b77a3822cafc1ec8e1571bc6d53
SHA512 f00b74d5a3d7ffc6cd86b9985ec8f76073aecddff476378c2527241550e658615219e72b41742e0151f39101e8dc46b292fdfdfce00e8e342d7b4deab7248afb

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0f6d8bae12ba27cacb7c182d46f1cdd2
SHA1 595944afa93554688295f6f9e527ec6d4e9ee967
SHA256 074b938e5337c166f2e8f64753fce560c34c348ffa7bbb88b5f2b32ed6a627ad
SHA512 12c15b51fc2572d90ce9a851ae8d8c58eb927b65a4b22166a0d1e0551574fce165ee6c4fe8483089a4678a74786a602e2891a48fab37ba50ec64af1ca8150730

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 cdad0046ba3b516045dade041285a163
SHA1 b7aa5a0c57cc94057139f13aabef9d162e89e2d4
SHA256 3ac2599c31e43f326d7ce30e04a9cbcae7e6f8a8f92fc94d21b4d8c7b4d21fa3
SHA512 107d621f06e3ef220773a99349e452afb90776fe353f530ae6e535609eafdda882c26fa2d4547c8a8a506f88b95395eb33c93c32c156d895445f765e7683fc7d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 6cdb565859a3379a9bddd1dc4db76efd
SHA1 42edd581efdd5205072010952e85c4ab73aa1c82
SHA256 f5942d01396fe166a5f5ae6cd2ad1bba5e5272341084e63758a5a7741f556932
SHA512 9a05034b3ccabc434066cc9cd369e2edeb7ca4836cc95fb2b3b4174c3511f1af1e53b21482fdf15d84b93aefa00a0072a650b204fa9c86ad71b690d154c1d71d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e1d6e115ed834d690b4c431cb922ede3
SHA1 17078de5ca210b3f15524a6f650620faff69a5ec
SHA256 30fb9baccae050496cf4e7feb1c66358dba3219b444f4da06241ba63f5829dca
SHA512 cf0e2c56b335f83958a68326acb2fa266cdb12fe09dbec9858b7579b380dec686a82b83c9c2dc7d658ab27ba2dd9c886cbc79417bd07d8f1dc78dc161466e395

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1da6f043dde7717acf70f1f09373676e
SHA1 70b279f7e79bc9cbe6fbee96e5f607d768900e90
SHA256 9892060ae807be166844a2e5e3a55f146bc72cfb84eb0e997226787045e38d6d
SHA512 e3cfa27a640c8ad26e096644f097320e9e7c12c189bef98a8145126dc95f635d8fe94b793ca14b2d73c6925c6ae51a2ac3b034fda7cdac1970b38f87a702b5aa

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 d440af502cdc08fd2998fca0e33d11c6
SHA1 17dc3b75744542e74818468b01fed8165d6b8e6b
SHA256 c28f35a0730e66371d2cae6677dd37d06cc9ab8065085a5648ab173655fa83ed
SHA512 bf2442dd49edf51a77a57a8d943b1404470fdd43bd0940688c3df62ad715a25b25f0398432790f225555147347aec876d97447261a2b1fa05d29ef2b1c8f22e6

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 08ba8d9777446c47b9d9f44e4abca61c
SHA1 f69b55bd54b646b369a5772028c779cc34e55525
SHA256 0684658ecf47344bbc442fc225615f8760fd94789221cd246de64a9f630e7a08
SHA512 b7fdb6ac08e0c530f0923c84274bd4990b09c2f56fa6aa03b1e7b8d49b38d9d77f9bc82693c9a83a5f1b8067259c76f66ec75c81ce40d0fc79050974d3c15367

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 fcc4e3cb590a5e07f3ff40d3634013ef
SHA1 dadb025519413b72d542df0652eed39826347236
SHA256 79f979563eaa104798c9a0dc5e1fc0bbc1c6528a4f4f3595a53bfb7fe56c1cd5
SHA512 02789dddefba716a8187f617ed9f9ce7157e284ad9d4e78207e8f0bd8fe5ae17db1422a04d329be8515fb928bbff4cf6714f29d2104d1b3b60a0a7ce25ad51ff

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 f3ad905c59b69fc9a09de1c7884fcaf8
SHA1 9dbd7da68e11282f6974d69005cb922d5a9c7812
SHA256 129a0ba58b0dda0efe5db47010c74399e534270d1a02bfa1116c6d5203c6c611
SHA512 3081131305331fc547a95ff1d5522ea9e2604eb65733cecedb83591fed53e4a600739264930ca2fc8054b10551d6a45288ecb17bb015126f11025bd69fd3589a

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 97bc5f1358ccecfc83298cc31aa3dd40
SHA1 caac46036b514c991535803baefeab5dd2730b6e
SHA256 9ce04cb542ec9a0360891238d5a8b9aa9f4753fa4e5c3f019f9ac8a1ac672636
SHA512 828b06f718ee7c2a6f027e097e44c2460ad8390fa6e4fd9721595c6b24721a531f9d0463376eacc102a6b08ce81805a29f543f55e70ee43078f920fced9fe21a

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 4b6203c5871554efbf1a52a778f2787d
SHA1 ca81ac36454fafe0a4d12ba4a2422c35d1b9a5b0
SHA256 eedc391cda42c29ef9b38fb1c4184991c81a8a70970148f09d1a4cfd7ed35439
SHA512 becdb3ac832ef48f9a0f7bf307adb0328eda8724f7078d43018650d1daef73f5849c333e20a8799ba9f07fa2e5dbe4ff0aa210ab60e37f7681674aa1fc89798f

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 6055aae3ccbded6006be615dcd9495f0
SHA1 3b2b608dee13fe1c1c7c1a4744b2d2f2fde6e2a3
SHA256 fede8f202ed2d80e29cf0ea198f7269aa2e7607976a68160aa6ac296755203dd
SHA512 db1d6f3a7a68420c111b60a313cb892d6aefe0642c2f37d574a9017b12610c9d2c439d5c53206658ec8021b596747fa39123027c930601931130c5a6f7ba8d35

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 0e6aad8f1279492ef58b41233b9005bd
SHA1 e897dc624d72cbf8a1ab8000ee2b532ce300606c
SHA256 a1458816223af8a954f40008d5409c8a02498d5b420f39f81351a9f848839f1e
SHA512 b619e9019e0b3a7a6f456f8e23a9caf8ad4db3318f6ac3629483f7b62973aa5825a0af01fc0b3282df4fb7efdf76a189516744abb54c6c8fa6e4b76c4b7d61b1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 8b233c48182934f184279e3c23469f58
SHA1 0010de17aad9d83487312e3cefe5bb41b74c1de4
SHA256 bc573076ff545fb5b69dff94d86b4f0e22cc4e053d58a4d0980d5a5f917c6026
SHA512 526cf45b1264c43df7a1a1990a3f21b050f8bae936b35da271fd83e665b54adb878b371d525300f63ec13cbf74be91243dac2297bd16c4397c6d3c720ae02c59

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9dc3b4ce1665b7fb27c6a5b38df1e558
SHA1 e4fd07535fba4dcf0f76b206e41b585daccd2332
SHA256 ea1c4e41b846a5d747c9a3d50f44b0c46708c5208f7e93bc974a426b33f9b63b
SHA512 c2b182dd8d96c33d67f99f79084dd90e91a96bb623935b5ab5265d901acffd76bbf903653ab712ceeacc36dc64c8a048cfe68fee89d7398efabba282f147b01f

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 50f8d380541c43704ce4c228e593b760
SHA1 738e49004438f45abb86983b55ded37f5446b9e0
SHA256 81872090a58b86ddf9ce9204e27887a61499ccec8bb4e80979c8503649ea8872
SHA512 18134588a226531a067eeda894909920829a60d1cd48766107546d6572d22444e16b040a7ddee667ce6a67c38a5e93c8f274f31e0e3e8782cefa048b80396c30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 35c69605bb347c265ac3941f6ebd2d83
SHA1 973bcb658d2829ccb38ff5baaeb93fd0db7e662c
SHA256 3d26a44928cd1678d935316e346e28a82894d44bae34f08c01a69a7831ae1f53
SHA512 ae7b5f3de29e9e9e32ff42a8001e036f8db2879dfb081aae24ab9cef380a5b0c2555bd0b091be4869dd137049dd71ccaeea6288f697db6a7edf5a716f487eb9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 961896701b692fecca237587e6e1faf0
SHA1 47ae6bb89cce7e9b81b9bd2f70203c8396067e47
SHA256 a3cd727e58304c893625d1f1393587465394dea1ed1ac4c7a048b926ff4896f9
SHA512 6f6a4cb29003a3257f96ad5a9a5e4f4fbf1645b0f6e7b1dc2794b52f841038ae398b533f0f4896db7ac34774f639fbf66e39096103cb066531db640d311f7c21

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 2b061bccdb8c0ed55f1bd012aeec4dd2
SHA1 9ee59b03976734a749a930cfd76a5c086572856f
SHA256 df7363e41319976ddd258b7ffff253c0315f6e5e273e6069a4c305f38c381ce8
SHA512 6f11e2af92ee4fe6d90dfff6d6aea059d437c9c4887906fc5fdbe48ce1387a8b80fd32022d24427053dcef420671545bbbb3b94e1b82cf657abdc5faf38211c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 1382e1c9f74b163a99565e3ecc79f0e9
SHA1 7d5448859e4657c9491d80e61bdd5f330a2575f0
SHA256 223991c5626180bee34ff808f7823da67470ce6a45b2b9a6a4693b8220da5a0e
SHA512 6f6f9815186b98c9dc751c383aa30f3ae5ceac80216ec23501f7f7a7c76b889e52a4a5ea78586b9fc0734d299ee0aa95c93f125cf6a9551fb6b8a42a26b57861

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 84f81b0db8472538022bff2cd0973d31
SHA1 709f1cd9b8898c6709b0712e06f689af6b9b4559
SHA256 0d591e3d9f2bd1c6a85d0c48585bf13b984c185fbddd77c716c3a16fd878127d
SHA512 9e1587a3097dbe97d313c33a5b99c27d39d7f93b40a536afea0869ef2690c9b50625af7a982891294bac28c968c228a35e66f0a9f91a9a116a97bec5f4b7e45b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 b924472a205910c32da3966c97538bdd
SHA1 702a0e6aebf4857ba93c4144a7975ce965cb43c0
SHA256 a8406ce728b921e350ced64bc1c2f14bf4ac0443a7fb343d33aeac3c563fdccb
SHA512 f70dcbe92d71c12b8a104ac941c4c971df70235ab6d7eee2dc424b7064b116bf275921d2b8ed8a719875ffb493205ddf2c3037e440664849d909e5c196313934

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 69c8189323a8e68e638d99db90ee6e0d
SHA1 ac635d24ec5084bcc9a2959cc9c5e1c54a38db35
SHA256 da0fa154f1759382e68ac7ee2fa9cb2892f60ebd711bf982d00e45ce73b4ff0a
SHA512 1bb2d0174aef5049678935edb7bb89955a6fadd7f061872abbbeb1f4e816548e58b401f41299a7075419e15f4cc56f51454a976870e22e52b2690a0c69b13db8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 cacff46f8e45f11609a64f3c82eaf599
SHA1 2a18ad646bdbdbc2da0983cc0e6c0de135131fa4
SHA256 c8279c9e97e3bd3a1ed4f124cfb88e537285963cee11ff845128b2b7ef4ab81d
SHA512 3de34aa14974ba83dbe32c901c6c61561dcd1d0667989f3c191c0c5c074400bb37a383a421d90d4092a71a25873fbb5295634ee6a27df583fd19c89c0dadee35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 2c7c697cb4bb25daa5b4978ad9ca9b71
SHA1 22c2ad9050faf60e5f7822b84e997d71bafdb608
SHA256 fbb8f40f9a2ab8719c1e151301daaa749ba9ee398b4e0b1177647e2cb21beddf
SHA512 c4703d39999bfa57c4911d9b9b7a05b0a4e31e04cb06c797de53390003725ec6f7fc52ef8dbf434ad3af74e55d1901e3ccf674376ae9f07a2bfc091a42fab778

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 cb6e39413f72221f590691d2ef25904a
SHA1 d36ed7ce40fa84dfeab41a4900b8d7f8c6704b00
SHA256 118daced6321d659002458ccc5d8b0eed5b3d463f2de78d12d069c1615376bc8
SHA512 b813f81630a893b306ee78123110f154083db63e76465613d6d5361f0c1fcb96ef44e7f2aaab376235f28ba8c05f13e4e1a8c30c732e08b6e533b9d8ea34e175

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 939c46017d5b5a5614ac801d4f5240a5
SHA1 12ea0c537774baf43198e84da2d35df052323cf9
SHA256 9a4b1c16fc7f3ca5bc85f35691827508fb4115fe13550bd255471ad6544e82f4
SHA512 da5541050888645624543ecfb479eee4ce495139bd1e82d9b5928b79f7b974e3d4f6b90bfebbfd83038ed0913a6e1aba3be7b6ff85d6c052a63d90009c92caea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c5f81540d07cda425b068e52eea47c9b
SHA1 e31f58677bcf8b9b8c09666e5791a28776ebef7b
SHA256 45ac6da3e9ae1e0625c3e43a052fce820cab0fba941b9096afa0f8503ba55522
SHA512 52ebc9c87224370285e3824f9fd1bbcd8e74c09b49dac9b30588a607d5b07764699b5df0d204c7b82a67de021a976063b4a8ba8742271a4b387385fa7b799033

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 ee0bba1673777dbb96b0329dae5f8b79
SHA1 c7a5c3746dc03dc53735deb7eb191064f6297e3c
SHA256 f1c211dd84f44c100d1cabc24574d49437dad8daa965ea1826ff3a4d4c8d55b2
SHA512 d59143f293724e1071eb978be522ae0b80085dda7de20294a0a0f49082c6961c44f54d6c3ef439a365e26bca846f7715d965066df8ab4eef56cc8f97c4fa9423

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 8c40e81b728ede86e7bc87f0d6d10b6d
SHA1 6050fd51380eb1e249b3d8cef1fa37380815f01d
SHA256 99d6d705d3e097553332e877460d9fca8f608edaeb05cf6ab742a25da64d1ccf
SHA512 e16b4e1305e2c3aa05de9a478179ded8f09d483d8ee9147c206e262b1c7f7f1d43db46557ee9e569229fc96d02c6245d72bed1ea444805f06e2e34a69bc39213

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 498642ff28011f430b084618444f3ce8
SHA1 383d2c7d57d3dc4bdf053eb33c380b4dd29a22a0
SHA256 befeffdb6c8904c1b0866b917a1c4064347d466fed922b94441133e40ae4a0d4
SHA512 fa77997308eec5b7ac7fe93670f25fb552f30b771f50a66e1aa69f1cecfaed4b626add62cda3b2d0faf9124f646e206ca48c476f44806dedc923a8159bb30330

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d7a57c71f4c1cd8be20509cde3883b78
SHA1 7c5dbfb73af9df0d4d3a270d641f25aab4f973e3
SHA256 f9ce3e94d70974e517bcf92ba462f65daa61400766db2cd7070d9f49555f3ee5
SHA512 5cb9e9545ddb3b58d7388ec6a25726daa2cef9b5ff49e1aebe18e275be5e3fdfa91caaab58c7c8bb02159a413d6ddd6ff1a95672a5c881bf1227b9a3721155c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 58365f8374440b14609491e535d1ce8d
SHA1 20b880b80155eee1dfe59814bfc9372c857daf11
SHA256 96edf0bfb850d148a1805271cae962ea88416e37c3a57e19f06760e5643e4824
SHA512 ecef4442319d2c0a3cc7bf16d4b9913696fe373714df4ea91b0ef0685a369ae71f36e61bdd54e0a0a5936a915212ade580a5adf448ce9ea3a5d53251e520a39a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 6500702029f70ea24976b5754fde4a09
SHA1 70ef30b59880cc175d6496742406d4246a0121bf
SHA256 2cb0157d91515916a8b88bd7ba7924f434f1abd6286264600f58f4b6961f2ce9
SHA512 d3a8f617fed95be73a945dc3b1b7fe1451034ce398d6446b2d3dcaf03ab060392aedcd8a4cead493be40d81de211f60d9b34e1c04d195c79921528dd3f32924d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 44b8cb37d3bfac1098e86708912de1b9
SHA1 fe3ebb5b51f770cd20952fe4b9ea0d485fcafd26
SHA256 2fce6fd18eed4555b0aa77e7bcd17b9061b523888b03ea52688e5a57af7f0abf
SHA512 656ed61d31b1e7255d3f7a6800b4d5c498d48a862c4c664dfe25db9e3dbcc45ad757926736e1948b46d29c10e02a3d2585a966852d0bdd4c9022f5fb9d24d23b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 78108d8c9d5105f851b966488941fa44
SHA1 5379c996b9c9d8f14f9418bff16a301326c21ce7
SHA256 d8ebbb3242c3928ba7eb82194e43c3e23be1ab3bb61fd31094edb098e4f4768c
SHA512 e3ddb4448911e2233df7ce6c8bb4981338b51bca97a376b48dd245dcb99a799142b9db49c8a370f4091e07752ca1bbd1febf83cf9f451002745355c6054ac06e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 6c8bfe7d7a3f7d8b1fd4f034da05c5fd
SHA1 4e507ef5c2745ebb364f3628c9939959fe6e7429
SHA256 77dd570b4dc6eaf6c96ffcf92dce0667605df07060a431d687ff42d75d074518
SHA512 67f03ea6810402f03a85472d95d22356a5af1a1f07cd0eab84ff019a14dd2d8bda2b78fe41d5eff6e15972106b5b9e8164ff8ef66400cee127625709f9e3c4ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1b0df3dba1b164c13a0f79b21685be00
SHA1 2153c85652c6601df31cfdd7eadb9eaa03a7b44e
SHA256 a419d61cf47be6744f159c74490b6351ec5d0f3798e45a8234ad81e85006633a
SHA512 96bb849fb2b78dd7486a4e23a30eb803d0ad93a97be7d692f479a6ba1f735b4aa8b77c804923a89098fd37ed845711f8f980159496054dcf167cf3d2993f61b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a31a6d5bbc12f987d798094cab9c6854
SHA1 edd4686f74c161986e295472314ae307d59d746b
SHA256 70d6c57a03b7b82c02ac52ee80507a50797c606cb3dfbc4c4153512f4f52d94c
SHA512 a20b200691bca25bedbc918beeebcc3316e85688adf2486dee9806626c2274ae3df6b5bb317e584a8ac6e3f37c079c6782653a92c30a219d8249bd922051bd20

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 6ddd3367c8a8fa487aacdb96a7f9dad2
SHA1 0d2bd624b1972198cd0b696ee1dc45b150220092
SHA256 0cb6a684312408722cef5d8707fdac052280651c726b36795267994b07837bdf
SHA512 209784b481f9f58a1b1022472fa3d06fca340354c43e243c18c1663fd6c73898fd190546bc2e43770a4ae29dd5a47235ac8355912f6ad03a64eafdd9c61f59ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 840fa2cfd2603ed5ea8c3b125c65c023
SHA1 55f9576e8e73ee56bfbc65b8680065baf3577412
SHA256 500e1681afb38ca4424896a6a8126b3a51f536cdb84e6ab82704bf681bccb28e
SHA512 637129114798b15a735f910b00ca22b52aaf1a92cb4f8a1e1a002f24692bc6cc83f3e12ea6bee1ace78d2ed34520d036ada17e6bb8011157b14472c3c2fa4786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 c6287327d4fe3f7bbf0ce040521d4629
SHA1 c87830fdbe8470dd093fa6260bac6d91669c67fd
SHA256 d2d411f60bbb3b410a35ac6327a25254edbfa401860c903101090aa398d361b8
SHA512 8e4e6752d3a56e3c9d346836718f7db9ea12e90095417ffad3a1070fef595ffc0259923776d055323a83b621bfb201ece003aa83f54ebfb3ec840e2a8ad5bf39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 dc7540433b132eff0f2ec237ee222b3e
SHA1 62f0e546680d4f7241660be3f0c178fa828b2951
SHA256 cf3fbc90e6a381347d9b68f5aca05153dd0fbaa745a3b94d848f5c432025f3de
SHA512 71f24fbb6b76c4576b9f8220b18e238b68c75e7611c2444502f979cd0ba912018aec24137a97a0e1bbed96484313b33608f9bd9d933e2110976f5cb1b0b98bc4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 21ec5d6dba915c9db055db939cef14ce
SHA1 1651d651d124cfd38bf5a7f363bfddfb724cafd4
SHA256 e9e3c0f8ad38fba738de702a4888ddaba7794e4fbacbed4e85e9eb34c1f42478
SHA512 8513d225df020ccca3b251506ef66f9440e590eb806af78e6db1affc1152e754f7955f014c7b30f84eb7514d014a2edabb95b93d03a3c41247a705fd284ec02f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 d12c26e369cf65fe37fc552f1dc930e8
SHA1 fe0eac52d20a8bba23d03cd1f8e8867bd28d18b1
SHA256 9f37e93509f60c4fa7cd111c85799bab1d3a28fe9ce535577a2f1f89fdd2c4b8
SHA512 9155aa4f8e5fc82e2b22eb77f57a0c8855fd004a0d3ae0a6aa1dc89bb8676eaad13d90ced35a2d548bf0714d14e06c0abdce687c4d5992e5b987c427ea9720d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 4881254d9a603b71077c1c95078be001
SHA1 a63cb606a32fecc8c4a725d7e183b9364baa5eed
SHA256 47ec6eb9739486e2855d4b3d6a423d4e882c746e536c21a0ffc2e2063fe8cd73
SHA512 3a9eb689b63c590ef8641871847db7dfc61362375f1c8d67788f9c96f8bb468038381e4dbfd35630a488a3feebedb53f893bbe33be916ad068c98640fd4a0d73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 9faf65801ef2ecf91e461cefbe037dda
SHA1 c7069b00477447d8ad4e5b68550f2f6ca5145858
SHA256 6af3e1ee7d82a883a4065f4169cc3c6115e6be8c9d5a01ea8b988e24bd7f8372
SHA512 ab8d0ba7429797285eaea6f72599d9c7f2e31157b2430d18397a9e07dcc36cd26e680dd789e20f8dccc9e8ad0c407040a3d056edbd024105aaa109e4bda6ce10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 aa137c9687d7bc53a6708cdaf2ef88b3
SHA1 e51477d48f5c580aaafdcc2bbec54df6c9dc5189
SHA256 849275baf4c61ddda6a00f0545ead6109658e95f0aec2570771640aeccf889e6
SHA512 909912852d1506536977525082c7e8b02e5cc41a2f53b97c5ce40d998976074a98fe0cdbaaa3f1a6fd5e2b695a1177879e474bb2b32e3c36de1664e7621e4744

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 96c9a31e581e4693ab830f692d3ae393
SHA1 e303d305d697f11f1a522da36d5d7f20eae01f2a
SHA256 6057e343e6cb9563221bc48f4ff73b95f80772f25a32aed3472ac3fa54cec41d
SHA512 243daaf2d54a307798349fd7a156cba0fa45e0e42652914882b54c33a7c938992c305f347ccbc420068597ff75966015a17cb1494f5af628642d4ee06fd36be5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 91def0ed903e3ae589a3ee4ccba51965
SHA1 83d1040b8aaa7afcf6459598d8cff6d29bbae52d
SHA256 581e953d7674d2866d5c83d7496fbf76f195ee93c66e89a794ea91e743cf598a
SHA512 2a5acd2e1c15b610ee6a8a1418a441af68baba1b8c1cc86d675b1c9a43061b9e2f267d377a2fef0946f2854824c4025ef7fc84300f84ae7f27657168b535433a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 f72ba174f7422a5ad9ef80a618d982e4
SHA1 e61e1c1860ab64f42f1a96289aa271045bf5f0d4
SHA256 32bddcb1579904c5b7b7a522bfbf5e1a91aa45486ffd7b07c5b9153ba906f66e
SHA512 b7461a9c3911258379cdf7b95fa5a2e80f589692f79bb9cc835113c437bef271558aa382465f1091f023b1a45020148a0a4bd8b17c3d0175f4b2255e8b9bcc3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 edacfdd6a4c9daafab7787edf00b6ec3
SHA1 1f41e0c563bc98aaf065499fa1cc6a0276b3fb33
SHA256 24eaa7bb3d9ec2e0ea603ea49141282ed03ba18e852c6cd52124fc52ef4fcd6a
SHA512 e78adc86b161d79deeb46c9754917b15e3130ae2bf465a999efcec03e965b17b8e1f8c39e6f4d02bfbcc0d311d0a3ed0ad0c7a7f6b821daa5fe2b3361db5ef81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 12eb3999ded868bc0918452590f0fb40
SHA1 8a6207fc827f1ff2421fab0e647d07bf77859e4d
SHA256 110649296e8f77d489ddd91e9fe113d5cdb0a985abc851ce5ccc09bbbc752d48
SHA512 4cda3c2387e06b8af84030d3d7d7518956bba28b214273069ab2a8532aa736fc799d5e258a03dda53d2b64f63a7d3aaee3608d909da33e003c16fcee95123aa8

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 6af465e71f1cb5028bae06ad47a1d138
SHA1 2a19824efb681a1bbae6258201c03131a0735b82
SHA256 b246e0c574a4fb171edb2c17140a47493a7a540fa6868f25d732383b4030056f
SHA512 b5d8bd78fb3b7193695a69418a638859731cf0f75341f9aae2f4af5bfab0884b049a715b3f0c1d509f56531de0e3cdb945d866aaffd2b88a9381b5ba15feddcf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 e1d18c2ab8d4270a353ceb5fa34f1684
SHA1 fcb0396695494daa0963533c9f4d549e94308dec
SHA256 d1f3e852a88d0080324368e8fbb4e5fb9918784e7e5566599f933395b14d9722
SHA512 ace2c709f1137ba7bad46bf5f581cb9f217475c40726b70e765db335c72ae4df3af0c0a47dff9455654a09d1ad9a17048b9da7f6cbd2afe308d1b7d500f985ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 e4a489e32265a5cb39f2588f1c2779a7
SHA1 325dd1a80908a2610bfd36bd074b301c22b072c2
SHA256 3590c3231b98012aaf9dea900722882401e4bc3bd280bf77d09407f161b04308
SHA512 7a1e3751cc1c501e4dd91f9c39bda130ce2e176911113fe8168536e4454df227bc57baff6acefe06bef46afa67bc24e7821329a92c58b9fe0478f84c75e71188

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 df21f849904ba575b66aba0c77bd6773
SHA1 1fe6848faaba558df7e75f1bc267cd46541d5b0a
SHA256 0e8a78ad0605122e5209c81426a934d1d3a0060dd0dc5e5489e5d4196c1e1759
SHA512 e070e36a338c996a85b44ff59c437347d1a35ff0bd24b7c05873472bb3e41f6a5ec89dd99a924b0eb74e396297e461e69432602ceecb9a6cdaf2959e2d7bc52a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 3b335fcd0a33634fff76fe8230437197
SHA1 76e864367d73fe6d87acabbb05d8a3aba5708e85
SHA256 6572e9e8a8c0b10428d704d8d0ddebb18e4ed5e3c8a3d1e027572446014cb4ba
SHA512 f05b6a9f4788cb93f42f164d406e1a749e6324a21c7c925f007a00ebfed73f8854a1bc4b7e02f4213df7966a00b27a77652491e1e171b81a95b963c69d50328c

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ace79c5312f805fbb460a72d12428569
SHA1 aa49ecebb9c7640a655be1f987aea502e43e8ddb
SHA256 460853d47dc2b5190207f386d8b40afb4e01014fe84becc6ccd26b55ac430025
SHA512 c19dea62b028b39b4dfa7564331cb5b1e15d47ef3b395d238ee1c5a8b4d94cb5821d953a9f025f20c2f4704582a92956c46b0a0b18dc27915a35a5e972de6a9f

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 a9f4dcd79e6ac09be82af284e56d1f51
SHA1 8de8b8fe4fb78063e3ee0f32831e023abe73be85
SHA256 515bbe794b749c67c115a97907940935a2a19614ad0457b2f1821fa836894f72
SHA512 c43089b5064d92b619a0d0cee5ca103b27d4c0a7a49898144cef8d36ff95e384c902ed16313d55104a450ede38db703b80213e393e22388260ab8cec027902bc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3a326861bdc6348a0790115abfc7c145
SHA1 97222c67e0a895a12cbe1df4188742c1f7940784
SHA256 056b178d837b44190c53366f09b22397da15abc902586c6afb528f5ea40ed71a
SHA512 6f4c7c0139cbf04df849f67e163ad0352212c438b9885a9326d506799b3d0eed7e0be28015a5e58fdee66f283f6b49273e540c543183c8585e3f8870b4629b94

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7ab26e28a90b3ef45ce1f2285000034e
SHA1 a9c96afc6d9e0e5aaf3613dbb769c865c2e422b4
SHA256 0bd902cafd24894f965f39d540dfbeb7705da3f208722035d8c55552dcba5212
SHA512 a7d831c773d1e740c47c483094ccebb54150f0b000409ea1e46c6e4ec3723945d9e14827bc73774455199f7bd3f5b7a471fa5fe306d6f798f3b14bb3aa29610c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e2a203a53d7fbb31359c89ca818cf54f
SHA1 c3b7e4c0d9138709756649570f33836cde424e5c
SHA256 b61d1a90e5635eaf6bb76a1917cbd9de96947fe10c9178827d7551fdfcc41cc0
SHA512 696c4d03e4b71ef67e70389f7828ac890c2d9a64191942ce2fcdae09490733a99f7e848c82d594801df976731c193e5c7bdb7ef2c4a3c8411a9d873072da1731

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4495721db694e9a03fa881f43f7d11da
SHA1 ebe4523325dbe977e5fe6c6893bf9319ffc4f872
SHA256 427ebd1d7bf0e6e819d4344455345bded465068a600402aa48f55fd8472f4604
SHA512 c65f968d783d50b41e5d66b1007469fe07120c35a6f3d9c85d32879f2be06aad887de05c87884b65f313fd480782d14e6664a2e024ce6640a52edc2358da3dad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bc2a3e2fa619607e885e63ad7813e08d
SHA1 a2859ae1a344c97207903e5b1269cc207337ebad
SHA256 83e5e289674ef3a166dc469a69feea0127af01655a55fa78807ee5d8f8e08d20
SHA512 7a7ba035925e2174783f2fb505fe39bca51df70bb409cad4093b9365a0afd611e8cdeae1c72b3f6b001c5bf08ac1fd7f1474f3f6a31b951c4428fd75d00be084

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4d977ecb995194297d88e9ba9a963033
SHA1 eff3a1904459edf747fb5d62ef07e0479b60d44f
SHA256 d735c5a9bea83163523960ee7f09c4a2d76c5197f657495e22ba2775ddd3069f
SHA512 0a7bbb4481c80988f7322093b504292b592e93c2047d1d3167ff202f404b9f69c9421b97cb4d2e6e19efedf8dbed367067168ac04ba8c42ec99e14f87c583d51

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f317aafa59e480140ca2392302b53eb6
SHA1 a3413ed21f8dd4d2e128de37407b360c04d22d70
SHA256 ea113f6dbf152bf1fb5f159e2409c56770b9f9be77d633f51b473b6de1eb27ad
SHA512 8929ef2cd232cfd7c81491cba36e4b753b91cd5640cf3c912cb86698a3ff27ade27f752f44c7360c09c21ec436a3e8dad4da13e431d8e45efd6b0434a0a4b5b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 990278ba48f11b23dff1335f4416842b
SHA1 b4861e5cf1e3864043e57ec6b137c734a4b55c5f
SHA256 116f0cb6723c21f92bbf8331a6794f02b7e6f7ec7c05d5b6b1860401e9cdf196
SHA512 30044b9f69896cbe364b904ff85d2130aa6b0c231922767b64732af2a5819754b0289741da46102e30aa327244a513bb462acb791d2d084ec0f531b09a45a6a7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 f4ed5b952988ddb267f0b76042720559
SHA1 60ee3788329bd2b6ee5e4f96eeca3063f173a53e
SHA256 ef780b295a14a691023fb2314e1b8a466dbdd30952207fe55835586db6bbdd0c
SHA512 0419527675fc4d8f4e00777e3e5bc8ad9ec39d87f1e88b14007d3cadf03fc1ea0db64179aab60af38f2ea1ef0e8135a38790a6482974f3e2e1ff8ebc682b1e1c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 50bf655664fa7d0ca63b49197fa39d6b
SHA1 5213e4846f243e44877e6f3d1f922ff9038a65ed
SHA256 f1c28add1218e34d3d352a1831a80fcdcc7e0d0d6872d28350bb53831568ec14
SHA512 7a58e6b004b603332659092c34d94138eaeb70a1c0f4dec589e9719d9f08f4fdd38841d12095356c589eb9e4e9e50dd1289ddcce9c2c5204ec5b42d42af244fe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bea1e0d01f8e2b1ad84b2697d88adfaf
SHA1 5257a43f7f2abd1aafd13d8969cdd1ccf2e51f9d
SHA256 01b4c46bf468ebbaab379ceaad148a0344d9d1599809cdb5e2eec7736ababb5e
SHA512 acc637b75a7b0878d893470ba69b4edce5964e4fb68d6b0ab770f41f586e2207d3f6d35daa32f20fe6124606da756613987c5e35ab30c02b99ff0c75334d7500

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ef8078f8801f99603eda915154e048a9
SHA1 cb60ee5ae8a91ad45fd31f4c00b88ee69347c9be
SHA256 ff1d2e8802be5c3fcfbd10ba52a8f5857ad992747ce1332fbdfae7e75882704a
SHA512 9fd2bb55b19b403919defbd6e5f78e30f8593d5bb4135f6963db8813c6de8d93dd8294a5f58e179c62e999f90f8ed6e814867fb5b119498c17a668fff5e372fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0521e2ca0d247d96ca1589e3dfe027c6
SHA1 ea717e5a466a9a55671dd651584760e7cded264e
SHA256 4e2d8e636341cbff010428768c088a3cd8216eb4f69616363e9216e4b29ea7c3
SHA512 a5c355944d3e6380314548a707cac4e5b5e4cf7b0603daf24c0c9efe6cc28fad2c62d831f8c623eb5acb07b56c2cba5bb8e83bfb73e7a585f77e81081d7bbd0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 695b63d070195b5495caf4e1becdc32d
SHA1 3cc216e686c50a4a442373502923b58fa93427f5
SHA256 8d1177ed83c728937ef99a965f58036385c3286e61495821921103081fe3d3b3
SHA512 c246f037b0743afd1aba11c87ffd524fc996c45d181792112c8f9f88d9eee99b7bca14f2ff2fbd38dbcbdf323271a191ac4618f37d80453e4c5b7d1c6168144a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0dbe9ca040ef480b61d22fd948e8432d
SHA1 1365e941d294838d2886cebd9fd043ff1684ee6b
SHA256 b4f3696a92aaba70fda17c0847aa8f145167052e2a757ce3fffd14b7bdb41b33
SHA512 3091325d895bd1b49be4e7cecc7a0d60dedcce72fd4f9eeb18b10ee3e151515b26979b90cd2bf60e36417a2c0329d426d16f6cc08fb6328d2ec12da1a44911ea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 9190b9ae51b8baad8253bdc618774c2d
SHA1 375a347ba6820447fd118e2364f8e4dc00ab87b5
SHA256 2767852ddae419918badb06231971ddc55baea2d83f35fddd4048d51ff819511
SHA512 5ed48e4513aa20cceb91841fef8b129ca879c71deed4ba0c619d6f8c7016d2bcf5e481e4644aa1d4564de2e4c8b79b32172803f2a26ff8d9e47bb436e6257c20

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 8e33d9bc321e4fd4aa959fb0f83b868d
SHA1 1d61c5c18a03d2ce3ae68c0dec4b2bfcfbd4760e
SHA256 789449fc6b321ac7cff5c9f10d3d9ade6effc2045d7c2ae4404fa2554885b432
SHA512 26cc211fbf7a077771c547f83167685c390252229e18b2e318e7d82e2202f6d2ba82d382e62ab85ddfe6b20b06cd951d0d2bc9824e00a96f1a2e2774b1ca8bcb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 ac240584cea18dacb9cbab8f6016d734
SHA1 22aa1ac9284fe1416a40e10b799c5e262fe425e9
SHA256 e1fccbc959d86cd6aeb555f41b538f61af8052dcb5406ac4b3c41c9f6227696e
SHA512 b66dbbde03edc6cd151840f609816503a2fb417d87e63030b73be0b8064e8902d97e08f4c5960a5df8c4e6bfba57e95147a91ed228e6878b3a710fc0c49a34b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f9bdc03e3e58d362e176de6c003fe3ff
SHA1 84700fc009fe36e79313c9f5e4f015931fe82b17
SHA256 2f653a5af856a1840609bd8f0e6a7ee5e467ec5a2868349be2211387988c4ce2
SHA512 38e6197a97164b2309571f14d4382ab2a6049ad9406bd3919c04042284a7fa0a46ba4b33367c31186dd4d8333901f6ebd7b17c55698c693e8dcab964aeafb106

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 1614c3728d9acda9c7fcde7018819ae0
SHA1 f9d0819648e98e660e7f5a7ec60bf02feb45d80e
SHA256 8bb0dcb4d3e8f2e78886a180fd29bdde794997b8574ccbdd7f2f8aa764180be8
SHA512 880e93c8e19948a4495bdd74aaa3d1511ba086bcf6334a50b9e62d01ce6cba37afe22bacc60dad3d7daba8fb35abcd914ce62224515dcd55fcba42d2072787a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1736a9dc2ee66ad881242af482e55877
SHA1 1fce168803c2a7a4e4f433733d2d426a82b23ab7
SHA256 cff2175f24705947aebc48462e3ef6982b4aabed32d12353349f6a58b06cb35a
SHA512 0c2f1f0c6deb2764a4dc5f1a14f70214eccd8853f78c052da369a5ed54c19b5a4c3556961e0153a3c5d0cbb63836434a5c01ec41d1265133498924c4586933b9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 0899ec6510e63f04a9a925f983219364
SHA1 ca60e5c9bc4e078f3195b1733d16988f510b3c69
SHA256 3d3d621606e69cdb7040f584006483e3dea7b48084ca1dc4ee2e7b88a8caae3f
SHA512 3b5ea067432f1c185ddf69ff518e2cfb80595de57f5559d554218412c5fa6377e2ed11bb05680ebc1dad0836f65acbf2e5a1adf6270624452cff5994e35583a8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6b9a9eb9570f121529ddbced2d04ea85
SHA1 97016339f81618aca158151635d5e6e852bce0f3
SHA256 ebcdb4974ef0c3682ae1dae2fa43db19b0d0a555e997f21140a8dc2d4e0a9971
SHA512 37b2849b592ec6dc4a536cbfd88b030587ec734d8345396d414c02f996bff89c716f102a56482cab6cc6990109b9304381a3ad885d81e674a4129e1463e33056

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 fb18acc9c3d4359af9bec3e6f69128e5
SHA1 16fd21234c25554f4b383e117418853fd8965351
SHA256 8a81f1b46d50ab4e2d5c9eafa736d433a384f3cbed805445a7334f455726513a
SHA512 6361a91a37961101897840607099df2bc1cc3d3f8de28e40031f37995978a9103aa02684f940261116c44876d7bc9b80f8669ec25e2fa21e522ab09077faf5da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 bc34d454f045630f925be334c911103d
SHA1 8374f15751982db1ed6ea7e3ba12738c0a02a178
SHA256 c1af59a61e22a925401570893d1bd991bcab039f61d107c323738f64b6289768
SHA512 2168d33407d1f91842bd63057dc96bbdc3df4770fbd98c64600bef5e68b904561397ef4e68060a202a5f0584708a7aa6f29c2384ea7a3283b10f165066bf30d8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 03b5180e49f59b71d1924a4df918ec08
SHA1 9f9d5ec2016438306f2434461bddf15a71e2d519
SHA256 a1ca2455b7af475fa03781eccbfe34e667aa66103825e2e1bb246ad84e47624f
SHA512 fbaaf817214c48129416685a2696c8808f1a61bd5eacd934f664e16e09fd7801825a2f20d96e9cacb70e27525fe24dc0c48794f643b88a5bcd610f35749e8278

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a40369d551984f613175ae00bc740109
SHA1 11730b855f3d46a63bd388242bc049bad1e20047
SHA256 e6a1c5714e7871528eb93b2798e1b424a2da44bc2fe2eb01acfeb960c47cf5ed
SHA512 df30ca78700d773db26727151c2c4ea324d82fbc9818120525fd265eff9664e7fba6ea42f0509d0434b26ba5060bb7bf856051017acd74e6f28e41b754eaece6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0f8a6240cb266ad3751187cd54b27f48
SHA1 2debcc2f3d52928b066db8d9aebe50f75bfa0fa9
SHA256 17094f718785caa642f6e24e190e5dbb32536c1a11582563c9f7b246b0478526
SHA512 2be006d5f6e8d733ec0561a586435ee51d57326ca9e9f65bb16a8720c31b53de445b51a54d65c27e623b66d849aad04e9a254cdd354abae45f1042037632fbef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 796bfa20cb47b132b4ba91b04fb0b59c
SHA1 dadb598af05520335d843ef6c0aa9db54cfdd0ee
SHA256 948643e84c09e7a7f33de18a3fe40e654d2df47736bd9664ca19c30a50f6e01b
SHA512 e29a2ff79049af860ef34342050bc0aa4747f542334c74a3963421e6abbdae7db4a0bb82d2f043a445190e67efe368c9a3b24abdad84d1791cd23a17ad6780c6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 fd3514f2800e55503f0b619230fc72b2
SHA1 1a351f879b45913a37655afcc7ec230fa1114fcf
SHA256 467c306bbf0ebadbf62bbb915ae6d8d78747f3e2712f08f6eba6c43bec09ade3
SHA512 2dfe1f31b0c3dc54e9b3291abf1c6264cee224dd07b4e1d3c95b79d196656acdc8afd479cbe121d75d103da91315291868a0580b00b527b115dc57ea3e0cc37a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 5868c905460f03dfe8dd59b1affc2718
SHA1 377ca38a0e63b6c6500585fb2499a56df79398ed
SHA256 d5ad430a378f66aaa2ba5698bbfecd0b13da15eb38165db4c6ae139f4287f986
SHA512 dee79a3f049e719ea15469a21665b6892006479c181c10da3c79ce177b6bbe8155d2d063f06a5b27a2bc31f009a8111fc930d3acea2d19fddd1082a76c3ed3fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 7ce63cba7bd4c29e006fb34f1614f4f1
SHA1 e966f7e8042d1da76a97aea3c6c94bb66a2cf475
SHA256 2002f6e3e974b43c5ecf98baa85477c4f76b805084332a4d355366fe40da2d3e
SHA512 8af050db712c453d34997c1904c6b95c0e73bbd02c31dc68b041e1e4143fe539c94764673277e6aea81f9fbb9d22a23ea91361cb9f33725901759544ab23e773

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 12db0a0ac636fc36b9fd78647fc7c372
SHA1 ea849ce0cbdc8380820a83d810416f0c3b465038
SHA256 1b3b67f2d6d60a29d6b221cbd4b1423e16c8f68098a8e73f03f20c2775a53c6c
SHA512 fd50422dc3359c601f510bf5f48883380d0a4944ce668231af01b2f3804add9f3d5d530599da4da27d4168d989fa74c9b3127582a848dc30e95f1c7e0a480914

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 f28a131374620f4a1a589b7bd907fe50
SHA1 894ead8537a556f24efd6184f756a51f4c11d521
SHA256 4ed6241d67a5f825b03683f9746342f8bffd0ddb46c16c22d3ea6b36b05a5ce4
SHA512 6d3f10793051662f366c8159e7546b61eff49cc212e44666ae3e420bdc4142494ab143f27537f4e2b95ae111e0fee4b8856dea4d7a0cbc2f79ee1d5305218f68

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 b6666d57805930b14bf2ba934be40c77
SHA1 32b77e0d7f911e5eae951b159976ac5cbb89a936
SHA256 03d4e6230b6ee55c3028bf8a963e7482654695e98b4438ca926ddf9b1195ac21
SHA512 a744afa2bbba55064a076eb4c53c16fab793ae9678ae9a74ce0c45e0a4b558d42a54f1ca743126f3b5d44a5475008aa4b9b2bc422035bcf5005c6a41441127b2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 641edd7d3ac196e63087bed0d394eccb
SHA1 d4b49f63a9a2d0d1b9c6a078183dc40a8e2a02b9
SHA256 8500ae10fb24d2b83e678a7239f7eae3223275cd5b0f3549c848c8483ff10fee
SHA512 46923cf7a51701b4a695fb60784293020ee16ff4e85bcc36e13de8b84e45e502d79966360aa2faadd16750d9f5de716edef4bb34f56709a20c35c36c53673226

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e544fdb20d51f3626bb863424c3db37e
SHA1 282ba454b0c0fc278c9e3011c645b4a30559a5e6
SHA256 1259cf80bb2e7328e5eff24f1986fcc43c88b1fb785a1f4e668c17f3e3451981
SHA512 dcbb180ee476515f7e48d9c258cab8dd34a1c883f3b56e97f2202326394f2152534714e8a8f1737b8eed8a7a1b6cf0bbbc9873318d79b1df16dd2d50d518300f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 54b08110cba9017569e624db931a71cd
SHA1 b3ad43fad64a976b9292edb15ff7e78ddbbe33f5
SHA256 38402b00b36525f41fd11f739c5f6c6afd116f347fe99df4cb7e7dea762e885d
SHA512 12795c8b1399ead9a625f3e12644d615f2583219f555dc75160219ccbc0828d55a3ee766f027597a2c2dce4ce9c83b7731c3f263c8222c1b0e18b578eb168cfb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 4cfe1724c21ea3057aa81131a44acead
SHA1 1a2c183aa0ce8a0603b5e9261e99bec14d7a09e7
SHA256 897d4834a73c4552754b2f6a155a22a88a2db9c6fee5fe974170f881885d19e1
SHA512 f264295a870a235131ff72ad298c3c0d5404d8b08f01b4305f4fe44166e8ad236ed0f63dfe324dee9444edf7ce208d0ed76e94a3b30a40ab75a502f021aad8dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 6b67d72b74ad3b9eab5b1edcdb12abf3
SHA1 820aaa10900cba7a21aee79cca44464c286cd43c
SHA256 1c706ea0c35c549a0a27bcb1f7540e452c4e03408d74af7ef9aeed74ff0de4ef
SHA512 1a8625e66486262a9ebfdb5c32331c303010adca9c363d598f66f97441e43e66df74579bcec29d7b20a77d6e59bcdf4e2c6bc267ad2db08044f9ec0448035994

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 25a9ac27137d3697ee3714abb81a0ad2
SHA1 338c844eb36600d3fdf7c183ad89d2ac1aab32a7
SHA256 58f7a2fd6eefdec0191d804447d8c80ad7e33c2416e794649fdb472d4567afa9
SHA512 84b3f4b6eebf25113119596f3aa357ee0aada0feb68427f56a160e6a82cb4302356938b0c163f141cf8e70728b88b1d823551ff59ffc847267d220df5286ac96

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 73fcc09a0905925cccd42b7e075cd079
SHA1 160fbeb9b11ad77072c1a71e1b455c6646a6cedc
SHA256 f66d7e7b5dcb48a9a56e2f53ebd837045255650dbfe65da0a37949f0704169dc
SHA512 81ad8aac796228afec2859a2f1035692ec8bc7e63e0106ec0e3914c0625ca28c7b54ba32e7e3d4b3fd83a8557d9574f53713a48849254efccbf90b74238a0dc2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 fdb9095c9a7febeaac86fd3dba633858
SHA1 5253bd7d9b8bece8dea6d8741582efbf243ee998
SHA256 7fe9a1ca68f557a0728587e70e92d3a72fd8dde16cc43591fcd76f0a1e57db50
SHA512 b9da9708d2ea6ad9a17bf3cd7caf999e3c1906c34ac1430665dfe99c1064b184cb7f3c0998a06bd9796ea0375d2f1e10d623d037ad2d7349777366881599cd7e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 6fd0ba1be7cb5b11c73f9f251931b181
SHA1 71ccde431e75adfe466d519bd0a6df27836f60f3
SHA256 23add1fd94fc9fcd21f0d85f7f3c4f843a306391a430c788df935d71163bcf39
SHA512 8d2ad43a2d8bb7414db4f775c90d4458332463a24f7897199d6d3a564f59dbc49f5a17e70616c44b55b4ef92ca8601ba05ad576bbbf6bc9f7dbcfa5285b44b0b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 1a2bbc2199ee42f75d6d88b2ea8b06cf
SHA1 85c707c453420736a4f9cf86917d7bf5551380a5
SHA256 1a6c6407d9020318064aa86626bb68510da2f93c60243312d87c525ac939c2a4
SHA512 73208e6f4e3fc845894f3d8c3ad435f972fc6f1af978ff25636df689d658a5255a7daec1796bee811a7f7bc7584d097995969be180d81afd046aba42f3ca29f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 3f845e5932b7a1feb0224cc198427abc
SHA1 554c3058daaec13038209eb6f2806eb9f4a6cada
SHA256 12369a4aedba654fc14bc2db2e335a94529fe553a282545be4d6d94aad2c14f6
SHA512 e85c3daab2d07dfd19948043cffeaf2f7b2a86ab4d1c9ef2d09a8eb1145c5b3334c0193e892d1b6c419829337759fa28a7d4fbc4dffadaa79a4fcfcb95dcce78

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 f013e06aa4ee34379f95fe539c02977f
SHA1 d16ab40e3f69a96b283a28290bcc2ef31631e37c
SHA256 6ae623532470a110f9c397c331c8921bb355bdfe2e6d783ac4ea0e7b94e592ef
SHA512 a9504b52695e9851fd79cbafd4d0527429df2640037441dfff855165d18584cb07691b8e030c343ea0008e9e30547576832d350d911db50efc9f7db93e04fbcb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 774ee5a53068ccbccfe303cca1e72e98
SHA1 a52664b619f5f128596c17a864dd8b6b33703ab8
SHA256 c6ca47b86f20e48166cdb25e40e751eef9bbd34d4ede03cb339e2f338adc1fc6
SHA512 f1eb28d407df74596f3a75d10e44273ab40ac690a24a7b735b4861580b49f771d7725e69c7967eb3d34c89bdc58a130e3316e5f5b60eb9b447e2c7c3e7963134

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 6330abc63bb11a64c69da436dfb72b32
SHA1 84168b90119a4f7ba2ae2b0b2474ea7b827d3788
SHA256 46212a3903d210aefe8c86780c6337aff34db5fe75c950220b6fcb63c5099649
SHA512 825e1471048fa10cdd05bfe7d7b429066f482566c06d5c316a1a009ef25472e5e0d31305958199e84914ccd64f759eae4fb5de7e4e0c8d1bfee0ef550515b23d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 8d8df30043262acabf672a39166ec3a5
SHA1 4bbc4c46aa4d85069d8d7570798cdd93b79e9898
SHA256 42f0c342579d3b2acc674dec2a26d3700e57815f0ee50e2f261cc69d155d7417
SHA512 91fd921e7378ce54482c6371c6d92637bd07ee96fa5cdbe2c7011fb0d68d44af0242f7e6e5654061444284e54feaed7b91ee9d56559c9fda30c010a73de56b53

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 7a1cf0a90b9880ca727997c673912834
SHA1 91e7f7d4617b984e0ef99fe4cb5808b2f593b60d
SHA256 c287ea09330d539c37be8a6a3f79cea889f17367974afc6892705a3b71b173ba
SHA512 4bfc6b914db31be12d74c98f5a4dcdf92ac48bc4052a3f14895a64c8bf9e5b43141f5e316708b53f25eceeda7a8f9fd474a8153c802a0f8aee9e7ee407ffe864

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 811fbda9fda397cd1ca68fd01727c3a2
SHA1 0f6e5b55c314dd624cd7011069415ddc418876e9
SHA256 6e84b69f6081f187cfc3094cabdb1eab5b5b4da5dfbbfedaf0075fce0a53a7cb
SHA512 c0bee9dc6bab9302f30178a17fb60f4b72e784ff6428db4368ca9d7078b50c16501c400c7070a835bd04fb7e96ef9e85189a9cbde7a3ff63fe5a7d95bfc9ff10

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ad1e9ce5a922fb4232335b8449b4ecc7
SHA1 1a4a1262b0580bafd4fed433b39d1ca092909098
SHA256 3908c6852e6c0536443452d7ad54e6c00076db2fcb7aebecd1271a04a445f948
SHA512 d649a190150e04a7ad4f6bd4ad0e7b37caf0f5b5b2d4425047501af364e53a69de6efd09c89471f14ce247b10382a3590b3dcaf5d78893e3f2c5ba8eba3e0620

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 32d73fb771722ebb3813ac28e61f7b76
SHA1 1a274154c7989d997220c2aee752b53b2acb87c0
SHA256 a1cf43d6b2f2822368385e79fb4c3a05a9f60566e6e944a42e5d94cca626e5f9
SHA512 686a8e7d9221478632a5e9f8aec014af4c404f4cc23496d2864992895c0779d2e5f0cb27b690172d01eadb5e388174c78a869c4ef9fc2a120b4d161cddf02d7c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 68090e5ccaa04ec57911dac47c94daca
SHA1 2efaf5428def7e1a87a80779938847955bf3422f
SHA256 793a3b003e9605b37b31264d736e9e8026123dcade8ac7ae4435f568aaaf1b66
SHA512 1f55dacd9c5879f11bbcb654966ef133e59016aae273e998d89fbef7739493fcfae94673676d6887283a2274ca400126ffd348d284d5a5e4bd0e10f568a5d2c7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3c2814a0e337b388cafd8784e7cfd969
SHA1 29db144732a8875814dfe1bebb1bdec606b06c7e
SHA256 cbcbdf2ac871417c68ecd93758a19b9b1c17902c65633871fe27a8fc6b9e09d7
SHA512 53a00713be4e088ef0855557914a253efdc4b921706a49c99ceaf1145ae66bae9a282b83a47f5075409c0f9afffbb21cf6d04a24fd8058e2606c779046232741

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 595a77a571005fc84a641d29e0236387
SHA1 536f06b936c607af28086cdeb71043a941e0ea6e
SHA256 ba412616d982d60f3be516801b4f3f990871accda0a4a06304422e5acad9b357
SHA512 4cb08bda2872a2c44578bbdca8629a982522a0db0571edb0367bea4c8f86b5e82b4ffa2f2c12c2f9205255e706b48d6af9b16adb079b75fd50dfd5a7f556a2ec