Malware Analysis Report

2025-01-18 20:57

Sample ID 241124-q9ravayqaj
Target 951d28bfa67ae87a356041ca9a46046f_JaffaCakes118
SHA256 363475d0f90dce427656e61929a4bc6f2bfff052a003b44ecc81d2ada73c9d82
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

363475d0f90dce427656e61929a4bc6f2bfff052a003b44ecc81d2ada73c9d82

Threat Level: Known bad

The file 951d28bfa67ae87a356041ca9a46046f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2202) files with added filename extension

Renames multiple (2212) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 13:57

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 13:57

Reported

2024-11-24 14:00

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe"

Signatures

Renames multiple (2212) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_neutral_8f9a8242d3699a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sr-Latn-CS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\NOTEBOOK.JPG C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\SubmitImport.mpg C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\README.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f33a25822fcee3ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_894f17023c54260b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d342f15c05a63173\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2bf23e2dc45491b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5f32fa59c858ea64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11985fe24a3d35aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a16dd65d2bfab6a019ac8a05337a5c24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d1d4aa4a26a25d3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dbe061f478a504a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_846207f778a0759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\inf\aspnet_state\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7e7f3bd0c60c7e17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-imageres.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a93cd3a078fdd9e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.1.7600.16385_none_72238bdddb72ff19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_it-it_227e33fb04382aa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_d4a3da9f5cfc39fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_image.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_00c4b71d05225275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_6.1.7601.17514_none_0793641fcc6ca405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fcc611eff86d14dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0b3d708ea6bfcc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-logagent.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82d06319ef723452\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.23175_none_4e12eb8b85dd5f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d0184ea2c28f513\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_851f98dba34565d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_75b374c7d7040099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setupcl_31bf3856ad364e35_6.1.7601.17514_none_b6d50b4301e77815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6276425e4b0bd3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44de21d027258ae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dcd3b0c258470160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_020330d9acd0f65d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_acbab356ca75abf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mfc42x_31bf3856ad364e35_6.1.7601.17514_none_f51c382cb3d0d225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\Documents.gif C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_d027e638f114b913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a06db0f4d325aec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_cab3b172475e654c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0432f296d313ee9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-msaatext_31bf3856ad364e35_6.1.7600.16385_none_b44b4bf48b4bf73f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2ac9e265910c0883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.1.7601.17514_none_b43336e6398511dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-bits-qmgrproxy_31bf3856ad364e35_6.1.7600.16385_none_5bbe17ad51338aa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sort.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14507056e60fab76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_7e8247cd23b40e54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-kerberos-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f413f2eb69b0a66b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_de-de_55195a1084f12e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep005.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_858ecde3cc00bac3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dae5d518096dcf8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_en-us_118be04ccbb88709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..-tlntsess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_898132382e2e918f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.diskm_v.resources_31bf3856ad364e35_6.1.7600.16385_it-it_64141ece283c7311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bc02b6df0a89f79d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f674612e35113616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2642d40f9481d427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_edb816beb3580baf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fb80a335d3ed8040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsForm0b574481#\501c549eee2d5c10d2ba0f46aba60f47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..g-service-rpcclient_31bf3856ad364e35_6.1.7600.16385_none_3b937c56ff281e2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe,0" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CJOQMNSPNKPYYFS" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 45b4d228c5cac94492892fbd8809008a
SHA1 f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a
SHA256 f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef
SHA512 300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 7715a9518c91e4954a836822e5bf36a0
SHA1 4e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d
SHA256 bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9
SHA512 c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 873861b7a579fc9774117f8c3e8c8915
SHA1 144ef47b5c8159945da540445d78713a24453344
SHA256 6383c78176b35e42a7ad7a0f873ca7cf76ed856af2575028b1f2c7dd8ba3e979
SHA512 31ae945fe7a8a7ef6e4b5c3c75df98de7cf47e392c3f7c2f842e009ac31e7aac8cd3c42e558c8a375bd72e702c7463b610ca4c0478fea224f7ca8b59a5fbe451

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 f2009f74251bbee265d87e076d00f129
SHA1 d344f5a61253903835bf3189a5aeecdd068ca1a6
SHA256 8996f85ad7716410c83516294d780fe651f5b4f4072ec2a7b923d869150bf7f3
SHA512 eea11c8ee6693e5adf7d379deaed46119f03e7381095ab34ced9e0ba33f3d4413ed65bb4f29bfe2fd47a760bf1985a3a5660870d8dd8c0e20a7e2565941be8a4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 5bf4f18c4b6ebed4dc7457b70796d996
SHA1 3bd0119b74ae54335125cc52d69cd72480e693f8
SHA256 37825170c33cc777837fc0748f99e0fe6b00e5cff3bb3be5a9bc5fb2dbcaaf97
SHA512 0eabc67e759ba0058f3b66d9eaf9bcc2504a3b805b3eb9d04b468b8071a1273c7c7544b44572efd0f21afc579499f936b188731fa0766b2131f1c1bd32d0b614

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 fa6d60f121af3023b52cdcaa73d8f868
SHA1 dd674b7c805d1d8f9b3ceef1bd09bf4a26e2769b
SHA256 093ea292fd3882d6073fcebede9d9494218f7a5a7061c8b6a6a882b6967f486d
SHA512 49adc65989e368e775613972fac74584fede5ea9845bebb9ca30821d34eb8db20b0312d4a45c60d9ed3d79ebeb443cab952b8f864a06b52db84678649bd20292

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 56468fc5b5fa6fb63421f04fed526e02
SHA1 fc4bb8b783b737f5c96af16a7eceb7ab69636091
SHA256 ec786cfa1ed791e3a7b934bc4c9990485be0a288ac90bbbb4b4653fe9b41d2bf
SHA512 34009c4fccfffc0b37b3f12e46578c56c4c509dd1f22a8b7e1f964bfd3134ff0d2f20eecbb8dad56f9d5aad786720603d9940a22802a9cb128288486555e62c7

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c987c67d9f3b212d74b4a36fe69109b6
SHA1 56477c95f6c1b6b86b2531c0c5f70daaaf7aae28
SHA256 04232c6198670fc9082f9f9a628577dc60db25ea7c1501487a5edc9171db2eed
SHA512 169d2204340dbec63e3198a33a3059bead5a18d18ec709408cf0d35c238288659a1baed21fca5ccbbb3daeec1cce7c2df8ab491d8cf5b790137f3a778f104720

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 4079d751ec033c9cbd0b872ac123e778
SHA1 739c5be6e581cc91f54a1438e0e89ed976509083
SHA256 a300f981e61e66385eb31ffb6a45e970484716c330e1e57783fcbb17c0e2857e
SHA512 cb1d21e1c15867bce395b531f5ef4248697c14379ba2341f562dc46e4ce81dae5306d8f7bbfec85ef767dd43b138304b074b6cfe9a5b7338a2a19b6e9a6eac67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 121ddd78cfea7d011dc8fd17e3fb1a6a
SHA1 d6b34057182f261da71e03ae58c1ed085bcc5aa2
SHA256 e1874766dc7f8d10f9111373e44818668dc039e5247938233a1f2dcac0b89fdc
SHA512 5adaa0347c359e44f9e8e85e8d42fabe62b0e81d9abbaaf536db5c484d5edc19fbfb4ffb2c20a929d70418951216e0436fbfce90769460e03d2311ee8f81ac6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 0bffbd1b80383a195c0e256229b731d0
SHA1 28533a7d8c8043433a1753b0cce01c09c836c65e
SHA256 722448113a7b775fcfff1dd4b98dcfacd0a825a5088cfd52a7d1a1276dbb4e97
SHA512 dbed938cdd2a4532ed12c3ae0d1bbd26e0017ac7dfa50080817a12642352f133ef33d708159fbe0330ad5f7ff8bd6798398c462214d15358cd1bc6d4e2ff9ed4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 bfd49520ca68d9f2df3bd3d848a9a3df
SHA1 555147a9b94b0428f815076f91cac586a06b42eb
SHA256 56077eaae4a008cc05356add2c5322e85fcbae53e78cd1ee6280776a6a93af81
SHA512 6c4ed11a5e1563da02c3b355575d38daab06c1467b2c88b2cbf6562108568c9f50ed9aeec9f2230330e823611b51e4efd5f9b93b13cc1f3cbb38f12404241214

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8cb7a71304e650e6a8773897eb507c1f
SHA1 8dbae6ef5a478395397e17e199b5d56258c8a16d
SHA256 5db17b8621d294030ff0b958eb4ef7d9f39afea1d6d9088681578c8523b805de
SHA512 acd6f47c59fcbb057bd7291c6c22bc809dc455722a48b4064242707eb2e75e8a0d264e3d16906f50ec4e6eb5fa31fa8a499be93bc4d6f9b44b1e9b5a21f27dcb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 91653ce74650d9fb72ba8d47b184bb0c
SHA1 372c9401c5ca943e47aa12d569e59044b6b83e82
SHA256 d80dc03a46e97080ce63e0f5afe8cca5893b01590fcd760d2ede7e93348fc8b5
SHA512 948c57c3ca7ddbf0e56d5e9b28694844f8eb396e71fea0fac8e391bb5cb4d0820ce2d0031e37d7906b5141151862fb631ca99bd03fd521261dfd1d37e112318f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 5e283f6e582b6c486a40f0cedf5375ec
SHA1 d7660b54126dfeba40ef14eef96e9ebc63497f4e
SHA256 304e42c8220170a4b686de2303f8132e3086f9fc54e05071f0f7ab3c18dd1f2d
SHA512 950ead73c3e30cc117c6bc361440b1d6e18999a11386f50c6e59ef08a45a04bfd4143a2904a0185feae7973d13240dc69bf413a919dd85cf7b28795c8c9ee043

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 14a704b205c822c9ad301324501b8eae
SHA1 03f5b0723fff1241fc8a9976bab6740d8caf5648
SHA256 48ebc4bb27e573d4fef837d00616d72e1be3ecbfb33e5ec87c1202bd9e719e0e
SHA512 bc9f7171124b8aea908ae19eb11ef767ba9cb791d8235a57915437be3a69c8415f1c50824c1adc0cb78829c734c86cf64c23438371b7eabff1a1c905d0b9212b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 b7c8968cdd86767feb6658e02a4bdd69
SHA1 4c1f85d5b0ff038c7c6505c5fb165131b4d67ca8
SHA256 0cd35eea01f7d646d22a6fe72f7ff15782b5ff004d07dd6436a7f7f5b7b90488
SHA512 d6dec843b7a4d7ee581745c472852814504f5aa9a1cde1765fae70dc5b25b2bb11e6108edabcac30da26bcfe0704fdb5faf0fca30ca0aa91d88bb347b4f2988a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 49d66de2f0cd94a02314c0a556fa80b7
SHA1 d0630080585a876eb62e56ae7d531ec5290e41d9
SHA256 bc0fce79beb60ca2a9e536ebdff7a8d8cc09fd7bf07bbd432da7e226bc7ba4d6
SHA512 fc151be4828e6265afbd736c798f31fd62f41ee123a799cbfdffb69e39a90a5442354cc3dce5fd681dc1fb40a0447adf3715e05a6cf3429dc5e83185145ab253

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 e5e7a9a3a68050a21628c8a1e9e11fc3
SHA1 28f4ac8dd66681b2baba90d83d9163d4d8693a78
SHA256 a16be4d2f4584314eb1f6329a82c406c51691f9d1b2b8111336470798ee290d6
SHA512 f262877747f9c9e98ebbe2900114db802377768f37e91337d83a1b444c9edcd8cad6360a59015b1c8c151d8450613d5d17460a57b19c091bb325635cd75c292b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 36adddedd8616a5cfb08efd3f0bb8a66
SHA1 b3211f009ac86efed28fb318d889feeecea0f7c6
SHA256 b689caa2e18196b620fc414b9a02be64c7153f6a946045bc27274859d9ed9c2c
SHA512 b87c10553e195e0666a7d2bcc1285020719c3d33d73265417ed2004c7307230029eda92beba5ac0b5871bd0a920d41fb80b2d3dd655174f47de0b479565a4cb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 f660cd5730dfcaae456ccb3545d89529
SHA1 00e7159bee3304e51749b99dacdf840a64095356
SHA256 63f34989bdefaadd7ab68d0967b3bf1e444f62b0764cf6758a6ecd36da98b1f5
SHA512 8ffdd1ecaa0acde86be92b3050dd2906d017f938c3567cc74d0630b2d59e4bc7dc1af2fb309fb6538cac93eba2924055bb3d1933cb3128d5213f3504ba4112b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 5b69abd869513721ccc4aae6629a44f9
SHA1 9bf57067e407a492737794acaa19e5b4e953642f
SHA256 1f4dc48eec90599b9b39b07501d888bad7ad42da17a240d41e40182a94933e6c
SHA512 283a227850b168942cb060834b645e5de7f7588749c96f88f1f0d9dc062aac8c1bfc7fbb1367f3385696e9a80fc55d8d452385709506bce70a2dd57593f36f67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ba337af24abaaac8d09b6a94ac4a360f
SHA1 7f3f957a26fc2994c4ea8174c7ee2e1f6e3a539f
SHA256 791899978a31ab2a4f188f55f2777bbd0fd7b58fabb0dc8383f2275f2c8543e5
SHA512 61a08b10b3cdb52ed6312eee4fa1e80955f66d7fd33581e5e2683a9f17033576667371d802fdf18c6a711849e4154c7ba9cc32ff17d327a751fe13496c8b58c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 9bb8ed6ba67d04963a2d0556f655d4fb
SHA1 a8cbe155b14bb9ecc335e9ebf7d383ffe08c0cd6
SHA256 e2012e8474d4b628f97492f782bc3d5c3b71f440cfc13e097f18c9f8aa6ed15c
SHA512 91a492bf6bcae677b419167955109925a3e7fb40397050aa9303c47ff3fd4256943cdd7ff4c8ccbcaefc93e2219711afb3962815d9504dc5d97ac00717bb1da9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 273385c9bdf3a6d5fcdcd208a3b940aa
SHA1 3b85b543459ddcddb6817c6d24af06551ec43c3e
SHA256 6740db92173cf39b3d6c01f9083fa38438adcf4dcc716e87a5b201b029d2143a
SHA512 822f865a11402f9ef7596480324e09476dc70fc8708c521c112ac804ff279b44d9824b63e42e903136bd90ea9a4ca9b7e95cee794636359b1e79bf5fd2c4b30b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 51941ea13a29d4db2889d1d6a127f51f
SHA1 2b4960d8d3ce65f04ac8d882dba77ef072192a11
SHA256 12e135141760b7b74803f071b1f6695de472c38acad38956efa58d26d3bd2924
SHA512 4023fad7d26dca4f54c09d8f9d8843b740bf08af3482ef1ef9729ca1cb7730593e1afa682d04b2720225dd3926890c11cac66fb998a58f28b692a0435300bc61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 58ff2c354f4610ddff38d088df0bb9b4
SHA1 d51e283be22b15474c636194b69fda7475d52ad8
SHA256 5073d7eb92d6e751969f54b53399733523d9f65ea53113ce13e103241f983a76
SHA512 c7f2ba4b1c86892c95bb85dfceda7fa341e22060cbbe1c2ac834fb3d63204d1df200a8bc58fbc8aa8b895129ee60a897acdf62e4a899051f5b0152363f49a4c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 9872f422b0a3ffb96465b7a78f72e5cf
SHA1 b454003ebe007f96750d948bff0fe3fa4e1698b7
SHA256 fe3cb888a1ec763abba8f652a9962a7b901a662c1269709550924098074cd8f4
SHA512 3fe41cf8b1bc1db15a4e7068b55559d438f3066cce8224afa3ef589e76089a92772314294481809b5e5650e55c955129fae2c78c5c22e9d4228319814d2f1161

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 401ccfe2c4fea7d505b866cec9050a02
SHA1 bebf721aa58b75ef6496e7a0ff070329191bb99e
SHA256 90350896d5c7a107ad3ba53d5d36b445fc65f217bf70493fc8b95b6ff5ed6677
SHA512 359ce7ae84e18c02f7262fc1a890759ab0d7b44f0d7ace7547063b0d487138f8ea9a5b4f9447f1a4b2e14da3fa28c7205c3ac6feae51721244b07dcb6831cea4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 30bedfd8b7a5ceff2ec2cc5bc64ba16f
SHA1 b548d7990b8e9f35fbe78b72770d9e8bed3bb94e
SHA256 582f1d8234edc9b36000fb26b17ce6b20657bfe8c405259c833c6c608a209f1a
SHA512 fe1be5b45de359b9672aed3696c8428f6c6d3d06f880663203b7a3546962919b1e2b1dcc7f4ce277cd5b2ef599b3359f106275e32862d36e6f316cee3c34e76c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF.EnCiPhErEd

MD5 a63f101ff3d5c2b9bee8853fdda76f94
SHA1 7a7a687cc6066600d1e430e86c583471fb4a1508
SHA256 d0950b1cf26b5f02ab3d3486d094d0618416e321b6ba05d65b8914fdb372fc13
SHA512 0660bf1c9b6262e1ad3a8c4a54599c0ae44d30d692ef7fc70d9ed70c70b13f02a89138534ab0e6476f31a73bc513bca2fbc3cc3b4e20332943200fbac33f2de1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 4ef62af00283a9bd2bf253227a7d83f3
SHA1 35addacee37274b5ee53a83035363d6a29b94929
SHA256 0aa02dd490c005a97cd3eeacc0b684fb97e944344a4b85f65d29306e2b1a45b4
SHA512 d93a7171044c7ab2f7dd21cb5de6501251a8fb56a91826ce1df0136e4f0e4f0eaf0202f938ac4a48774b428bb95a8109eed60d3791eef38bb14833fd9dcba9c9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 647f4ef2c794f76addfbc0b89fafea21
SHA1 8ed747748c7ff56768b6a0034a93f4b385e297f3
SHA256 a0bd4f9ace8126e9f39fdd64212f29cb9fcb4884fb1855b2ec86fdcbca609412
SHA512 4c209a7cfc13dbfc2ee0b0fb933ca214e3a4ffe10ebfe12bb6e24280be5c6ac6e59dba784fa813109787bc83774a3d349820de89e81f7729174e893f0247081b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 d277cf21639d00d9441936c57303095e
SHA1 85172d0e6c98f36a4449db786f859353e2968054
SHA256 87adae85e302b3ad04c39b265d73b900882def1b78290ee118d6af70c362c1a7
SHA512 e24941e64453b62fe10c70abee507f6b1a00be19510ba7f3ab5b93c232757972757e89b947fbfe5e527bdd565087f0cd9810eaa561d40c8f03786a725a533f54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 da8b173b287cc22e439e1904abc6f4fe
SHA1 5491afb505ae3fa663bb3e3a9fabedf81e654b7d
SHA256 4a43bf2ca92f382fc57025010576c26aeeabd28b5fb4d0387abeafb8cd5999c9
SHA512 658724d6d0d4da407754f38713da17cf814ae84c1ddcaf86a035bdcb03cf841009ae37225262c66af7e6a3e34c7b71dcb20a276fdb4edc550994a56be1dfebc7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 9ce64e60e21b216d098ff9580e4d1912
SHA1 99b31adcb9cb8de83bd5443edc291335b3b71e5f
SHA256 bc3fcc7beba2427be3866e804dc166aad31b7c23dda1d684f2f6947d44ca1afd
SHA512 99c5211030510fa336b46218b17756de2611a0c729b4445c3ffb7e4b408efe823722ec3aeee5e31dcdc4c97d1fa61fb2e1b95ca4f7099c3a0abfa3d2b2bb01e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4ed74d9dd2097cc223b73644d6b4805d
SHA1 7c7ac6b6c29514b21037f0f3561d8b60131e3c82
SHA256 1b0e4b6144705f39da396b2df00ff06cfbe3655b1e045aee7a890d3c8aebfe25
SHA512 1c1a9029f73f1db8a64899a9f0b65c9f7fbb222958b41094c71ec22ab0df274c342c3a8e4a13b84cad3ead80d747e381435d8f582efc547f247861aa3a712bb3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 e9686762f63d2f335cf5fc3512ae93b4
SHA1 bc9afc26bafecffd553905a6577dc9a6d8c4183b
SHA256 2c5b8be7eeb4b24885f80d24bd18036ef7ee6d788c27457b605a5b95704953e2
SHA512 4cbc3e7619d2d5b71d382fe0620a5caa13465422857dd25041397b612296ce9117990d04be3bea6c3ce9b27273f897b53b7d4180d80623b0b231121a848b38c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 b3225a5ad2e6405ec215cb8752156453
SHA1 afd79d8fc78737039865f3ba7a85a7e48ffe37a6
SHA256 f42070bee0394124b266e8e2dc007d222d620aa7ea4bc54afd814adc9b78f3bd
SHA512 aefc9a463b58eedc182413366ba449ee1f285f396a51f117b7794843e9d9077e23c0cf77df495a4fb43c4ddac0ae782e35edaebceae369166249a1584fa95f6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 d1fa16b3302259351143d2a5f00d90c4
SHA1 debe3aadbd7dded3cb25a60ede7280eaa142c73d
SHA256 123fb1b5b3b055f34b30068b582b5be5a9918a07f02ecfaa744561ebdca86aa5
SHA512 d9291386210452e05f70cd769018cf1ec48ca357c5259404776304c547d192c9a243a74015f8582615b31475391d481be41d65d26de554ec030eee1097e519dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 4c04b4aff510368f44cfe64585ae1896
SHA1 11bcd6f38f3d1ea51a02283a72a6f12b73dce401
SHA256 52e0f75f8b4f67324d9ce19f4b5bbb89235d6255b329fff991eb99635b1019b2
SHA512 10829ed4a77003f88388a77a13881f5a87ebae6a8716bb58c28a792baf19901ace64b3ca87b28793b4fd2f12ebc292e9954441010cc603a09043a3dfb545c6e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 8a452eb15a66a276f305ce1dd88cfbf0
SHA1 fc4827b0a91f53ef378cc6fc4ed96edaebb02ec5
SHA256 6eed6d275c468fcd37c8277cb4018cab2a3afa5aa2331615aa9cf24d4f704b58
SHA512 3f764720c2c4302fe2791ba45ce91b4a2905c314ecd2b60f42f305e91509f1e7d2498c503350f7bae3cb40d073a7da24ab93d8c4501874442103bddd9af22fc2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 e59d2520fa26f0162070bcb2231387f4
SHA1 0dad4840ae53b51c8669c78f71ec2d36a5c3d10d
SHA256 f75aefbd7b9c9e7d18e2472179a801547879224516e238d5975931b128b83bd3
SHA512 aa30d3d1b65a5d28dcd98982c103587d749cc732b5ed11d6a447528d4520ab0f6e945f817a7004c19905d50e1a7889210fa8a7f1d3e87a40f3602e1b6e09816b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 0be024d38cbcb54127642b6d5687bcd1
SHA1 a360afb8b94ce482a94c3024e0c1f50b4059f0c6
SHA256 65c70b57fc027317b39dc7d0e422b3f5c4b35df836f2d4d37922213d5fd9814c
SHA512 c5562b9c79e8413ea70a77048a183c2a8063469627c3398f467fb641c93a22e52a17a958d70b6458341301186a0ec956f4425297032490b692f6424861b5f650

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 a56a085b3aa2bc7e46b2c028b2558ed9
SHA1 777256e3446976603b2a73b73ca4754204c1f9c1
SHA256 c1e40a86b19fb5ef58398d55ff89c4e2a34bfc2f2b35a709fb7cd71c68609ec0
SHA512 97b41cde5857d3ea1ee9ef1e9f11e9eb5b43b3a8ddd65cd61b50fc472bb90c49bbeafc273b63b0cba8c63b774b37e065a0d9e490213f25f8d9410c5ad120152d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9fa3ef1f5e37590bb25c5314ebc5a2e5
SHA1 cd423fca54f6b79db98fd86254da4a780d8ec92b
SHA256 7c30bd93e8c51204f1dcae814bc070d769432f2129ac93113a7ebb5da6cf7cff
SHA512 a7f78ff59589d49941f40d5374878b752cf80ad02ced65fb5d8410e37d03dc2d1c3b94539878b9aff60017944bed6dd630c59785174aca191988ae75e0c7f2c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 85794181b783533c3ed376934d7baef2
SHA1 4d99630666d66250f250bcaf6a355ddcd16dca4e
SHA256 9c3f44e1fe4ed66c56b6217f60efd01e3c1feff2923c34aef4aaf5eb69a36bcf
SHA512 e2a86f71f77947fcef2291b429067a017dc66549b941a7bce543a7adf864c7120347c89277d2a10b4d8603933b254736743156dbdeb1a955271c2bb809f4bb1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3017101419ed99e8280483a9e63712dc
SHA1 03be0a9f7955682deb20e29808a7014f86a89dcd
SHA256 751a8fca92ef4de096cbce4d68bc5bdae4d8f51fd2e8828a8dfb8a49ffef0933
SHA512 ba4a9c53f3ae3381a56b6c69e372c094f361441a3e382ed73ad0fbdffe78879b8c63013956d493a2f2a5f99e06041be57191ba3d9430bb3d81f18d8f40323e96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 2bb43f63c223928e9928cf716d717124
SHA1 2e628f3150f0f3a898faa580d521064d3e7db972
SHA256 c840531ea7f5d7632f49a3159a0778a0406c5fed091cf62a3f2ad4f3aa1f54b4
SHA512 a4c11109fc1ac16acecdf53f3f36c91188d56ee90f664a670ca9fe93e1ec6bb2183474103e70c94ae171c2741e337d187f67c3b9fb2ed8954e6022bbb84ecaac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 3cefbb8fc912833d4d446b16dae5eb9e
SHA1 59fe7c3536aa1e298627258d274bead499cb9724
SHA256 d9556c1ee928767eb631895a42a4983eddaa18006912d3b6bf62b702603cf3b1
SHA512 cf7dd463711bd68b6bff4bcdfa57c8d1c3a72defd9a9889b8a4765f055947f6a1581008abb565564d824dc100affb667b46235b59e7747640944cd400c4c1ccb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 a8b600df7c25402a9a7bf7332c3a7b62
SHA1 0e87ba703b05abf254df6861ba908717b8c5bd9c
SHA256 9da4ffeb97232e5076de5f6d2c5d1da6602e96b9075a962b4b1316e22b6c5fd5
SHA512 78b31c7145d32d939434a10d023bc918aed568ef70d79d8785500697be595f793b4d339cfbd25eacc31e476adc82c3f4f9451551d2c892906cdd844fff1cd8d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 dc7556a1c373e960cc9798ed21bc02bb
SHA1 b60313f5dd2288c3972350f9e0e2b982071e322d
SHA256 764728d47ecce657d2edfd87c3f3961355956f8874b73ea6394a4915690caff1
SHA512 3c1dd5af6a9a537e632d0f28a787e67eefc8bc40e300025ac8f9897a7e97ccfa7726ba199df4d3cff4a6039e1bdea1d376514af5d84ede9fc209d5642213a93c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 c8597e4dfbd1c88bdbbf20da9218625a
SHA1 78671da9abf58f499878fc5e85106e87150b6f1d
SHA256 22170680bffdebf8b931584e594763a26e961f6c0188d8154674beb66d86ab46
SHA512 3d274c9ef6afd594b14f4227222d43f938de26dc5e76e1bade08b1118d0b2dd3a7d4b9e6d380560f6f22f9ccf9df6b38c0dced4fc59bcbbd0ede84911df06e93

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 71e642d53469a83435b1b7b026b63d72
SHA1 fca4c8eab7233f5802cfb234aadc00605cc28d23
SHA256 c15b2269fac2f855e051536de7d9bdf26c7f0d0caa29c527e1655e7c5a12c61d
SHA512 54a6173051c623d44130b96d356efe33c947d739beb2f0df1be7ecd4584bf07c0422ab67cfc32e41dd67e77710aa7534fa92c77b7b1aaf4df21e5f50ddbd2a97

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 6ce1f26e99df157d0bfc54f451af8a8a
SHA1 d3c7b0cccf4279eeacbf323c50a814e701c02a5c
SHA256 af511eb5ce63e1a5d4d59cc04906cf21e5ad9a3af88d0619f6378fffb8816722
SHA512 0a5555d2e285f6fb5c45e6112d62942c7419df9ed102ec98a37d59b6267446d38730d16a2f99ac0c3e56b715b28313c55e0c68dafa1e903588f4122bb4e93a61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 241278d63629f7235103d486eabd0ef3
SHA1 a33ffe229d67340de847961271ee2fafe66741a0
SHA256 edcb62d8ab35ddd754ac76205bdc1f2cb7f2ebf7cbcf221e8bc54eaacc66c9fb
SHA512 0f6d577961c487a4319cd37ded24d1d74187339e5fc9a42329c4cfae51fa67b08ff5425a001fb8487750dffda4108cdc02752e91b89ad3fb374360e7c6a4658f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 d9255836d0bb209a2201f5ece219a777
SHA1 d9f65a44487c6cbe1e6463b4e1a43254cbbbae0b
SHA256 9eb21d9780d312559944877715c4c5b05aed41fc649a4641958de8751b095150
SHA512 d246fbf8135d5d401e49b58059c83c5743c9613a0a7f83f81a4f4e644ad24fd5595302e76831aa81a5beace87a8e22d27723e50550fd1fa304c2590088d1bd05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 7325c9b11ae8db16f56f88735f3ec4b9
SHA1 a8cce53fb22ddd84233d1889994853a6033eb229
SHA256 48cec4749980b8dc6f04ca5608d847278984b3875e6b7def118fe4307a7378d9
SHA512 988033483874b87a6db618c88fb7fc7f8349b7816a03f9d2333a6c97b4c04540b015fa9a10f0d83b1ee730770578820f1c9bfde254ef15b8b14831edacf33408

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 5df951ba695babc624a69a731f5e3bcd
SHA1 bb259b6b12b1068b29f49b3013c00b9cda649811
SHA256 8c8381c67fe200b9678bc27a37a5731716f2ecf931dc02953432bdc62afb7615
SHA512 ca2cd54521642f559d9f19458033f316792f0f3524294c05bd6e6a10363191dfd26cdd903833e09de911fe2207a8ebc289bca542c8a952bf4a315959c35dec1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 0cc354d6ce66b79f935e8c76aefddd0e
SHA1 274cc59cd517b0397739c17f44a21c5d6a48e9c7
SHA256 4c90e7a951300e5805e3b5c8648a8a899ecb1f07734080df16e865ea842ff306
SHA512 fea3778a7da39be4fd638a3425cdad37696dad3b6492cc5e4ee4dde8d4529ec21429308ec62020ecb6039401794699810dd1196576713d61f32dbc6827be2c5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 8d6720d0f5628342764c9e8e8fc0332c
SHA1 f64fc30b9a7f46a4c816bc4a6d891a570c33fff4
SHA256 9e2905ed451ceecab3350bfd9b9b1bd44eeafd0189e0cc3d1d4779e85c06fdd1
SHA512 fe4a42a9a4f5917668dea1a56f86b9683244d28abb79a680ee5d044391c42b39822145ab0de858064f5b7ba48d36eed6708816b213b344b69eaa0b34ae9e131d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 5380db9446293abb7bbbf625bd20b0ac
SHA1 1148895bf9903879c20628049b5986afbeb209aa
SHA256 068248075aab2d1b7f3e0e4947b2fce83816f167cd556694ef41b355bbe60514
SHA512 2a9691d92604282c2d5ef36cbd85d8a3b794a7e4ef23354d2f209eb9e70eb8827a528272a01a0bd6dfdfcbfad76857089af2953558551416f1516b095813e3f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 391965686440b687b5c3e770688e6990
SHA1 397fa330566dbe4030ec2382458ad63bcb2de417
SHA256 587a65dadb4ef23998bf64bcc9f62e1f2d0065aac627d44e53b31a3ff174eabe
SHA512 088622c6337b92460909dfa7cd2480edd0838aa16a70a2a12f24f21d1b0190c230fea7c0dbb7bc8ecc5b7113091ba2fa9252c08136f0a6d3e46d5b352c3559e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 bea8106f2fb7bc76b9acd6cb8b496fb6
SHA1 d7a1411486f6f3935ce3ca485828a9267753d370
SHA256 0ca246b4f8b64bef1f76eecdec95f9f0a5b8c731f77d12f69806e296cf10aaad
SHA512 e4029f095b1173616a7fe653db6f01274469cda8d19f871c092c715cf8e2a753e8aff0bd01d8a4d9b4443f4b7a2e884781cb9d449b66a5e8f3be95cf4c794bce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 c672e786aace90268aabc7c787b95f69
SHA1 1b675b4ac2a21c6d4b0b41a6bba44c70672de557
SHA256 7f115dd23835f709b1e56cba12010fda073c5d61d584d7e699fb4ea336caea20
SHA512 a5621d37004f8d843289e8973bd1c77bed24f21798417a9a096ea754c86cb282be742bbd51125653e7e950b20e7f01b54f42b0ad100eddd4b79a8658294b22a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 14594b8b7aca2278af8d550dde1b9de6
SHA1 2a27f88d5ef330936619dda4a0aa3eb9784aa61e
SHA256 7b5e9c4237987d1e08deb9608604d0c0faad800375850930c1f8c3ad28c6635d
SHA512 9a3e0a127d15d681119b96dc8c44137deb2fa8a986749133b89a265691d829a53f025f3172f487f59d5fd7026396568609b3f9d4b6f3d02d27f05254f4a014b5

C:\Users\Admin\Desktop\StepInitialize.xlsx

MD5 b5b5083f087df246dd5500910c31bc9d
SHA1 af16cb70b90f3c798f926a02c7bd32c09eb0ec9a
SHA256 7462983cdd23e86d645dbbb93330efeaff659fdff5ea33d6709734f9efd3a144
SHA512 08c7d39b2310b59cf7e3391128b3e69eab9716596c036dfc8ef43a8c923cb3872ee326c4e7e6c001390c5072657ddb383b547e960cfe41861a605b5f94597c96

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 dba3aa77ef732970345671ae8a22b2a3
SHA1 5c471697675cab8156392f3a859591574fb27228
SHA256 a78f5dc5378a0e7e015515a80b5de47d2e5d5c794950961dd89aeb404ffa5301
SHA512 957b61ea4313544a773397166c1fe8645a71c7713a42ec9af86adc13e4c4c6ffbc4d1717486601f926bd2139e633729d74e19a819757c5336f0dfdcc02ad4a2d

C:\vcredist2010_x86.log.html

MD5 ebf13b5263326f504ce390e96fff670a
SHA1 72a516970c42c759b34e843312205a698a049309
SHA256 0c0dc5842b410bb1369b038f52c9b30782bd1481c5a02e320785efa2bc560acd
SHA512 7a90ccf2b12ecb2a37c91b2b434b2e84861693550ff76668bde29800a7eabf80d05165a01317f7973a02fdf392faa19ee2734bc5ab8a5de68a48a7d6285773b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 101b4bda073431342906a584bf1a5a17
SHA1 8d867f24c8aa4a2d4226303e8b0c884cb4ed7e09
SHA256 6702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b
SHA512 86c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2deb361d7a8927e480eec78366485f1a
SHA1 df07ee615401f62c0cd72a3254a307cef100d243
SHA256 dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85
SHA512 1b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0bfd3244b94d32fe4ed4cc4a9dfdab9a
SHA1 740ac7978f4c321d575616685ef02d646e70e71e
SHA256 b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460
SHA512 6d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 d1baf938cab0a4440010238d26b882b9
SHA1 b9737fd387e922676c11e140b5f5dbccaaa84cef
SHA256 663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d
SHA512 1851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 6e8861c48e34d68953475fad559194b5
SHA1 e41a7479070e6a537dcd6dce325b91900ae9a3a8
SHA256 a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8
SHA512 c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 63f02655d4d9e26ecdb3fb9daf4e25b3
SHA1 3a80441dc499929034c1e6e86c775178c8074970
SHA256 433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50
SHA512 fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fbb2813d54c76c83b4f6603e0dacb9c6
SHA1 56b1c6f50d4db96a0fefac46624b7ba2c358e114
SHA256 2302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716
SHA512 114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7613cc1526079e7df1b0f7547a6ee343
SHA1 0ccd0bd9f5fbd2ac21e37739371268178ebefbf1
SHA256 3c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12
SHA512 a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 fe6570afd5abb034e07d78c1211b80fa
SHA1 2effd6cb805497cdf69877806cd8e0b587fd762b
SHA256 c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf
SHA512 f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e601089a6caf7f5b96a62fc4205e9dc1
SHA1 dac3c5957fc3637769230704c2cff0d4484dc8e4
SHA256 c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561
SHA512 d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 526c10fe63980101999713cffd691881
SHA1 381b8b3422ea736abd1c57f7103e9af21ffc446b
SHA256 0366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51
SHA512 16b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 a99d4a8b652adb3bfff43855cdf6426a
SHA1 48a4a2f43bad06a41c852f3bbf4dd734671bf065
SHA256 c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0
SHA512 59cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 13:57

Reported

2024-11-24 14:00

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe"

Signatures

Renames multiple (2202) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgip.inf_amd64_90ed6b3fdc759a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_contrast-black.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_ReptileEye.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_whats_new_v1.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlFrontIndicatorHover.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot_2x.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBarNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ro-RO\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileSmallSquare.scale-200.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_2c6ee2b3e5ba3635\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\network\Images\networkBadgeError.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bits-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_95745f85d9e638da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-pkeyconfig_31bf3856ad364e35_10.0.19041.1202_none_c07f390521430f25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webdavredir-helper_31bf3856ad364e35_10.0.19041.546_none_1297fa155d3ddac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.keydistributionservice.cmdlets_31bf3856ad364e35_10.0.19041.84_none_93aa212f49009573\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..aanalyzer.resources_31bf3856ad364e35_10.0.19041.1_it-it_663a7e304ddb86fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.entity.resources_b77a5c561934e089_10.0.19041.1_es-es_f8f21c25158bc3d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-dusm-api_31bf3856ad364e35_10.0.19041.546_none_dd291d346c87c616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_10.0.19041.746_none_e843ada3286b3603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..nrollment.appxsetup_31bf3856ad364e35_10.0.19041.1_none_7d08a9dfdeeefe23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_cab021f1d28aaa4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cbdedc91cbd34104\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_es-es_53a559564d099aac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1202_none_882b1b66b4e3c0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ionbroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_37ba4c5730d0988d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\SplashScreen.contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoftwindows-undockeddevkit.appxmain_31bf3856ad364e35_10.0.19041.488_none_7201e1dc944d1765\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_385e88e888406e8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\v4.0_3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ty-common.resources_31bf3856ad364e35_10.0.19041.1_de-de_14cd7d5aa1730de4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.19041.746_none_22a6ac8933ff6d5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-logon-adm_31bf3856ad364e35_10.0.19041.1_none_8b29e3f7feaadedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_10.0.19041.1288_none_37d879c73b8d1c63\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.extensions.resources_31bf3856ad364e35_10.0.19041.1_it-it_9291fab531b3fc96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_it-it_342f756995b69168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..platform-input-wisp_31bf3856ad364e35_10.0.19041.746_none_af18bdc73b9ac3ab\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netavpna.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c01c448065b183d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-wpfgfx_b03f5f7f11d50a3a_4.0.15805.0_none_35654e7a21d4486d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_5aba1063745f6e01\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_es-es_1a51cfba36b93108\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnidui-mui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_d276bea63e48d458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..predictionengine.de_31bf3856ad364e35_10.0.19041.1_none_aa8d2da36cb7eeee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_10.0.19041.1151_none_0b51cc8a5647beb7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f9a5e83#\9b714bc9d597b3de794f1cedb3fe3349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-signalmanager_31bf3856ad364e35_10.0.19041.264_none_bcf75b4aec20c233\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a334bd9c89cfeceb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cosa-desktop-client_31bf3856ad364e35_10.0.19041.1266_none_51e937c8b7fb1678\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netl260a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_91d17268f257b98e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-brokerinfrastructure_31bf3856ad364e35_10.0.19041.1266_none_d2c44506a9944821\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_10.0.19041.1_it-it_242758d61df1bea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..worker-v2.resources_31bf3856ad364e35_10.0.19041.1_de-de_95c4427147d1f882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_10.0.19200.110_none_f0699cbf283cbfd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\navcancl.htm C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_es-es_41aebd9bf3b7264d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\apppatch\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpssi_gpio.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_7685dc35e7f3167a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square310x310Logo.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.certifica..t.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_de-de_03488bb439cf594d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\SmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bthpancontexthandler_31bf3856ad364e35_10.0.19041.746_none_a94bd7a50e7a5bab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xdiagndll.resources_31bf3856ad364e35_10.0.19041.1_es-es_e2873ac37fbb3db8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xinput1_4.resources_31bf3856ad364e35_10.0.19041.1_it-it_479f915a08fb7963\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CJOQMNSPNKPYYFS" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe,0" C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 45b4d228c5cac94492892fbd8809008a
SHA1 f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a
SHA256 f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef
SHA512 300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 7715a9518c91e4954a836822e5bf36a0
SHA1 4e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d
SHA256 bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9
SHA512 c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b80cb7b06a00963b391755a1224d6a54
SHA1 0eab3cf2ea341d8a9ca921072813ca9757ca2669
SHA256 1f44e1a08d742737f273fb6e3f79dc12095e31940586129a56345ae010306978
SHA512 c58aa930b03b185374c8a3c3c58641375be020b7056e12bec8fd8110447d31d15f08fb2ae180c836d8654fecaed170e97f0985842bf49066196ca044dca78332

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9a4f85533afe2f32ed40f87455bf5d60
SHA1 65c0d891b23a7a1c15b32f17a8fcb830fb4443d0
SHA256 f413556a395f3bef24e6ae72f740bc366e3d503dc7f90dc0706fdc89b29718a7
SHA512 d02e74f5ad5d12516e406f7fbcacc17fd27dccf93683f51bec41bbe59c26e0254a3c47d53228a4904782095ce97ab7ff24a83468692e64668484f854e5fdda7f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 9d396a418eb0c843615af2fc764c03ab
SHA1 c5147ff3ae1737214dee2e1a280d1a9b19758cab
SHA256 32a284551df1321342914edd73ddac1957619655010bb3e890ef4115e01abaf1
SHA512 68e9ae3a23d25e5afd55a6b9f39c183f174f1c7335f2d94fd455171a6b25623307f9b202a671513aa0b5899c4bd829465f015207373e92f836bac4f940fea887

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 0e822c1da57b6e86120ba32ddd704cbd
SHA1 2209c3d9e245fa415af4a33913af8ddd5cd82dd5
SHA256 e5609f80c9d626f024e0b26932cb44e8185ed23c1c75be3561a640134816537e
SHA512 f7880755eb523e7fd1e4305258a71e976e6b6af7dedccb5a253dee63c90644f91379c303144a49ab46aac0fa552715b9b8ec5b67e17dc1b241cd025b785bbc39

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 63e08d36227d14fe0b13365689e3bac8
SHA1 683688a2df5c2d1bfbe634ca3539eb99e592a332
SHA256 2dc7e1a13d14f558ff6880142d0de274df9022f016c815adb9a45a549ab086b7
SHA512 58eb6658da11b319f2b4524295758e4361dd24a21844ac315b063288fe4febf33111159491e9fd9499b5da93e146a86127edb4b0388d5fe0c28f935176ca0b9c

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 91c36bff1278d876b808c95ae6bbf822
SHA1 282719a5b60c17fa351c11e876496fd3b53d3b66
SHA256 d8db0bff05b7a3101de90dd2016be3782972bc567ddd80343fe3f04472beaa9d
SHA512 6a91afa9e90d845979e95634ec387123b065008ad7afea48c1c5ca8f00fbee430ed45b1dbdd535456e5266c67684b6fbf059bb11552b0f4caad8dad221a3c650

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 2155faad7aba2a1158ae92fdb2064c19
SHA1 6cdd0cd87b06c41363d46bee255f9d936936291f
SHA256 90e274e85628eef5dd72929a1cad4c7b80a3759f171d9ba6aedb94fb86854fbb
SHA512 573eecb136d99d48c5b05d1d756c3657b410a1bd2d58bd0bda03b5eaa717c63afa94eb8777da779e1f4bc906e643dac7d3f5c05bfe4ba64f270621c30dca0923

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0d18a5a0fc24cfff212a12585637c6c1
SHA1 a14bfcc107ff6b38bfbc3769838c259af5f5505f
SHA256 2c0f394cf5752871ea6bbd99ce458bd8d6c0c4a220a33a89b7788f5aa06af996
SHA512 adba432b85567a78aa35f94c2f69ebdd7a53e0108ad91b9ace74316cbf1faf554189fff7d0ebbeffacfb4dd597fdbf1d7ce149b1939a0e44afa7ba9717e786f1

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6a6c5358b0513ae3395077ada121d543
SHA1 db45ed8c71de3a2b10a80124bcb9056a8b9806b4
SHA256 ab48c1bff335956549e4db2f1aa6b80b6c6540caf967722bf6797d1c930867e9
SHA512 4ef0998acce6ff861956e63093f4fc2e8d869a72eed7be957b586e3b512183de41ad57f6c2ac77505ae7ca5d3c70a9999b01da84386d5c7f1fcc038906e47420

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 810a1eb28b79816adcd6af4a823e549a
SHA1 4eea4aea79c9651745900fb16aef3cabf92c7abc
SHA256 da75639f8dd939f98b5b565d9b2a9ba456a01fe61650991f1afe9174c84b0b48
SHA512 b3036815d87cec963fdb54ccd5cda791ee941dd0836ceccec32cf325230b256f6f984e483c3f60cf4aeea72e1262f96f48cdd875159986cd828485fcd2d77c68

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3b2ed70f87931f8467b7ca8b0003ef8e
SHA1 1236f921b2a049c9b6b0aee37f663ad78bcde504
SHA256 9984809ae0c656f5272a3af3a9e582bf7351703a7f3644fd230faed8e5fc8796
SHA512 1282507bf098e11f76cab6617c3bbc20d76241473a78df5a85606befdf2cac58c734cc7b17c29d772a64cfe077b16689ed542469c37b5827c46ca24a78d54f02

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 f4dfef9b2f0122074e73eda2aa73bdbe
SHA1 3296dd77cc25ba16e7aa94745b74c56e5d96db45
SHA256 d493e3ac6fb44a019c29ee3b5591e252dbe410f0efd84c613edec79eafa4825d
SHA512 d97e0e8fb88bff404a8a0771d43eb80b76f161e8cf383410071dd731473be1c5c9d33241f96a77d877b53280ea884c7edc4627e4ffd65b1fbb9f97a7e49097ba

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 59fc591f2e09253a5fed3f3555006285
SHA1 180d872c5db9cfe7634b15d33aa9b89e547edf1c
SHA256 0e488b51e5d59e1559f1587b4017f32227ef6e97230c28d9a2ff961c78208a12
SHA512 634647cfb744fb6429f36d3a97d37979c6cac5a538d36361abb168e330002e4b4d9ce85fd7111c0185c0fbd4971776d5452a9fab838743dbef9b78bb1c6565d6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 a10ef632615f560228750357cab5dddb
SHA1 7d1f645488a51afe5b3d4dd19883a9e22440098f
SHA256 1a4a2320c76c19a2af02b3b20866055ed1ebf12f156925a6661b648146a5e8e2
SHA512 028459973fbfeeb6e4d789afc78bcce00768b2c540de469f042e3fb39e87fce37bf04060ed3e1e0bbd3f47c7a3f88ab1aaba47aee55f45380aaa2c101e755ea9

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 bd255399a1b39992a57f408fe5ea0d5d
SHA1 b4c1fbf3d692d9853551a4e23a9f0349bd4c6cc8
SHA256 8856f7e15a23686733702d82e7ff65b3499a86802eb5e4837afd009505f3206a
SHA512 ff5fb1e37b7f55c82c223f706537f00dd701a78e54da3f1ede75f453a731a047d9d8836acdca6a305feaccca56e946f898cd1b3749b4833ea180ca4a8ac58468

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 8c95ac120c2f1fe95f19eedc4d17c1c2
SHA1 af8fa1e9f7c157ac6c2b11fb1f36d58d0a24ce43
SHA256 6dd7ff076618384245edacc2265838bfd81ce2021e892fc29a4ed6a0f4dcdadd
SHA512 8e45e192e909e79798914f1f57df22aa51fb05d539fad13f4b18158e1cc5ad4681d8d597ddc780684c035b519a867ca1824603f785ba9b8106d1ddeae934b502

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e187644066efd374f2c0143320058bb1
SHA1 2d41b69b25f49fc0cde5b3a826b944a387b75d23
SHA256 9bde365d251e670703cef70f98d4ed7417bcfa58fc6cc780fd6b2e39a6588be4
SHA512 fb39c85575ccf896f062eb481cd43610b607c6b2a7926915b3b80b2c602c80709ecbb5ea7c4139525ef79b4e79d3bb336183f6b0d1b1b4b8c048d85cd592b8ec

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 dcedd6d37a355423ec86761a0acc306e
SHA1 91e4878741e3d2c0556ac1b3ecd5daa3566d12dd
SHA256 b49eefb8ca06863e1b7cfd63eb4ff81876aec0f3080094298e2397e0273163e1
SHA512 0e69b12ab4cd4539e01b68d0863bbad2db5399c2f92fa13091743e44e3a235f50f885fd1b4d3c2bfd53ac2db2d3684693bf88e7b6cb6a0417bdbb2b9b1f12ab9

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 b10b240e03af763d5aac720e0194a0c9
SHA1 5f0ce802212a4911b6cf887784975e6cb7a22224
SHA256 9d630e4448013338abc6bf09d47a4d1326cac586b94ad386dcad8caff4feda0d
SHA512 303ab17bb124df396ec5d10b6c06d461a94f54b7c775bd4fd0b6721c4089bc0876e97b569dc8e70c0dcce66d520a622f7c5cda62b677cb443be5e9490c61b742

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 cd98de1ac0751832d1b817fdef6eb154
SHA1 6765b5128bfc4719bdf9aacb89829c91c355a30d
SHA256 904327e453463dbc206507c2712c26f679c4ea7cc2d4dbf5df13b613110e5353
SHA512 c765a7367258ec1437c19b2ee254f366d2ded44aa704d868cf3e598b2cc03dd1a04b1b5f9969b55b43bde71d57525386bdd06089439669b4a7f101368cf34a3c

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 5005fcf118de5d4b10b2f723aea3d6c6
SHA1 3c5a34451709c56a0fc9aad625a1015dea1857d2
SHA256 6b020600d7f43e6c907f8b022faac2be32eb540561c2b01ac8acde7ddd2ce7dc
SHA512 c0a87aaec104097105f00bc1ee493edc91848b93b68c1f3f989bcff927f27e7f872ced1b9739c1cac080db2eac77cfdfd7e17967daf6c88c2c4f64c5726276e8

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2586fd6c7f7918cdc8cab0a776e13fcd
SHA1 4df4d0154935346475c067b86d54c7f76be4581a
SHA256 0562b4988f5ac6a16c9cc87f3ed153c84a102b3fa343dea97aa5064d57aa09a7
SHA512 f04283e62dc43b7f1a2ff688b1efd681d71bec09d9ae913a60fe7146dc70620224de4256ba7dc898614b8ad709a7c4898b0dabc32ed4700dd9b18ac7947c815b

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ebbfa7a2310cbced3e2aaec1364ce44a
SHA1 5205aa7ee74b5b509a5664b83ac56f970856cc6f
SHA256 ef1f3ea223e25134151f4c37525840e76e2bb1e118f2df3a3891a78783b23482
SHA512 406e90146c2d348db5c85142b65d7ee1792b100db0540ad781183a517047130a4be497639f504495619f0b901b08ecc11bb493f2bf1e1078f5c3c505ebf324c6

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 95d14e7c5154fb6b0299fd5988c22400
SHA1 4e5ffb4cfafa3dedba452af3fdf04ff1b953bfe2
SHA256 b7f1cc1ee432bbbcfdb4aa94aeb52254c45bad6c8e1564ca6425b720da71682e
SHA512 6430ed8414505a737cf8bd89235ed28e1a4a68b1c8e2f1317359b45405cbb843727c720b43fb9801ebf0602324bf4ce6132376d6cff2b974adbce3a0e964b218

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 08f89f412f13951ad1002c41b1c55b1a
SHA1 dd84151651ad99b2afe6fec4ec7a7b4f4432b505
SHA256 ce681d347604fd50a18e1a35dd9edf849fa73dc44cad441abe83ba1cba7b5c8e
SHA512 e2a552d7853d42904fb76db89859535c999c406d00224266174a8bb94a8eabcc5fe83a82757afff7d3ae3bc4b4a3395108844e420362e9372690955ca54ac988

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 03ad63669602c19b4beaa4a14577a04b
SHA1 73ea2da5be3ad7ab4f286aa2d52651ee8e212bd0
SHA256 0ded3d68290cdd7d1e0553babf1254c26008fc15c0f55b1e6a342a169822433a
SHA512 2e0800bb481da1f027193a28c33ab9bd52dddb58f1c042c9a3d82c5bd76f0d5b79d7df258a04766d7995087bac8c43440ccbb8023003d33c7307d0c81a872590

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 98221c97a00fc208e40d7ab195af7718
SHA1 2f2b45a29c7614e2c3a07fe9a670df2868e65871
SHA256 b18b0613eb03391fde2b40ed5c086406e5a04092efd3a5b4c5bd4d915c5827bd
SHA512 b8dbdda477a2f8c17446405601cad9e6a8156e7727396e72cd1a4a01a726c5ba7460caa12bdc5dffd62ef721f7cd700f9010a54df3ff9fddc724ee74d6cf190b

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2a3e644bac5d99882cbaea342410af5c
SHA1 f2048568e4c826defe584733d5a3db8c5386eafe
SHA256 53c7e88c9c43311ead0044cab6f403d71718f62757a2d6b75069230c61db0fc4
SHA512 7b6f536762741668b8ccfafb2d5ddcf20cc73347e45372c6ccb109c0e04f66803be30cd7017cc08e93b9fe47a177296dda01dea29183aaa8136cea4dfc2622bd

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 300a4fe7fdb37e785c4061d03f51bf36
SHA1 599bc89dd49cc769bb33b2b46b9d894ce43782d0
SHA256 b0463fcea76bff4bdd6a09035bcba1dbade2bb5acce7506912aba0f9d4e08a6c
SHA512 30e498a84c840bfed55055c895b92baa11e64d3b71bcb5061ab0a6b852bcca72c71756a1d9901e42ecfbb317d3246ae21f5f35f0f78077a9d63958ec5706576c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 3be69bf2fe3a57b08d408464802965f3
SHA1 bd33f7d5a394bcddf7e49298fcfbd3eee40fe900
SHA256 463bf5284cc7b7b1e62d39a0729e44b6be2138a4dabb1923f5f35b0664e55604
SHA512 f1532ae0a325a1efe22bea81d5a99e8513987681083d5f37d2160b46cbda832c34c3ba34aa5e55949cf90cdeeda4f96682fc6026e90773de38aab7dcbdeb4fe8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 87aaa7c34d93b89c7bfcf29568ed4c70
SHA1 678f86ccb5f34ff246dd54d25a154bef211e363d
SHA256 f820d7c9c53bf6b1001cca1a861ba7526f260950facdc88df4b776726fcc472c
SHA512 3eea241787b6605a66213c68f5397cadd726b4021be8b41a4517c790926c55dd26d426ec517388a8e8fbbe21cf254760e553ea13f047b6aa746cf0d53aabf87f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 8b9ccbb5687cf252a44f92e87077752b
SHA1 e0c5ca4734123b67d0ccaeff14da1f8729c8a9d0
SHA256 5e341836f508abc652f678ed1a12c252981f21a37ed10420a66cad17f1780dd1
SHA512 3458dc23271a0a3bc65b4bca2b13aa7c16112ce3293e9ca1f722a649bf0e4e817a47d87573e8225f581d91fa414300ee3e9a99e0bc954c2e6028c64b826e454c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1c2b4d690750601b5c9c5e6245de12fa
SHA1 2db9028f302db6bc1a96ae55534900470e1f2903
SHA256 55e918c62e1bbafe40efbb6888191109944ba5eec1bed1a319ec67885e80ef69
SHA512 e2703699f9dce614743dc233dc7e1a93b433709f728db3f0f82b99e2da5a6ee44dd3b73d16a719f20cf1a2a2a336695277b1da82968fa149903b190d43523a96

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 668874ac266a3293e74857c4ba0a7e73
SHA1 7f4b3c8f33064e5583f572f191512ae5bc6d998a
SHA256 15cf782acf15d03d37d3bed901e4c9519bc0f1b902072c4d336acb84083bd398
SHA512 edeb036623e4b9498bf3b0bc5e844a372cb712e03d539dd29c5c79a3cfa0a6a3bee80ae731720bc756066f233b583d20c679893f20c85f00ed0b39f1b3224db6

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 eacc79fe7a3a06aa5347f76e624216be
SHA1 ac30934812a138093ef8171560f557584b0c92d4
SHA256 9813b5bbaab619401d0438bb2e35838e4526fe5e88582c938a12c9a87cc6ca9a
SHA512 5349f8a47f202de0ebabb864085048a3ba0e0c71dcc978ea405fbb47aa869b352479fc33b782701e360371586809c15f25664a785f47066814d0067676f98e9e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 2c31d37236c0e50a3e8f5f0c76828d00
SHA1 cdd5d32917adc5503cf39dd5ea13a26824c87db5
SHA256 724b288040cd2df0f2a03f9cdee1258f3ecde42237880501d28bb0de76fb2899
SHA512 e0cf8c154906f533fd568dca3cfb279d21761a009b8f2b661a61f30852181f2d53c41e8da0a822ae7217049a340a28168bd812d3ea5dbac68e3ed4e9d1d88880

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 cdb1781be7b49057e82780ae7bf6d7a7
SHA1 f1571c0ea995fdec8a3c220b462210f1af4e3664
SHA256 3e04a1894446b63ae1289c4d08e340f40ca13c82cd46b93c1b6bdd99ea32d234
SHA512 ee9f4cf0d410b6a749cf4901679bcd330aa6e77ace1442eea98dc9a94823eaf2c2b6c9db30bb7bc9c5f78dc4636c87408508c8d09a39b04d9f5079b1c2438710

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 1131f6caa752ba6711573fcbeca5690b
SHA1 7b14308eb4b69ca05a9dd145de88342cc49c4d9c
SHA256 ec9528a1505bbbc1af91617414b05dfd10ff2a9cef736807756ecbf1eedcc45c
SHA512 d4f41d68a2f6db32464959fd5aace636468b80569d061496013b933eaad8ca45c6eb5adc4f81b783bbbe7454fe756764f021d3d9057f3010ec9c562ef0ba9741

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 2a9237b879242bc1a67d8dc8afb74115
SHA1 702cd4a3e59b234128a95b2c748b889f2de23bb5
SHA256 63c227733fd8aa70afa0e2b7aaa3c725fcd64045bd5fe4c7c3bcd46759a3bd0f
SHA512 351c1a859080b1e311bcd703744300505c25246cc68af4adcaf1de965518ee7244ce151b682fc695bebe348fc6462818934a91d18afaa96f72f45aa59bf12e04

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 4569f720638b87ecd4d3a881db045447
SHA1 e873c3a924b64929c7a83388f825195b34e2b23f
SHA256 0026b5adb2b94fd869a67b0ed6697f8da72ecd46cb29a7501975ca8f30fd245b
SHA512 3b9c81c9918dcc6b0861d341b5b5dd89a8e309b3c1feca25c30af4d26d9264472a9eb0f3a37539fefe3dd9c1ae6d68a7de7f16d7dc9f9a349328a1cb32dba933

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 483dd77c2116ac446b16a6691a44ba8f
SHA1 881495f73c51a718e7d0b7732c1183fea745a014
SHA256 ef1ddd6b39854678b10ef943a26e584b0c66e75871d7e9528ea8c07a3ab2d47f
SHA512 abe989ce3080828cb8a5f6d5ef7c19224d8eb406d73bb652d9857860923fd958814a1e3910b321c5bd6355b9a8a3c4eed917df47000d2d33e4458ba7bfa11add

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6906796fa50917cfe470847b4a0a26b6
SHA1 8fa5040a6f541d5013d3ce2ace9a764d5f472d24
SHA256 b0e5ede5bcec9d9bd9e2eb882b7bee4a0be6ee3a78736a68fde8627a2a244fd9
SHA512 f7656e1e69e455fae777fb450988fdc6696dab8a36b5d61e8e4c8125326d9d88386c9049c45ae486f2955a7cab044967dd94a077c543359a7de82fd18558497a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 d6282fb27db4ffb39badd58b91d8b0f0
SHA1 79a5afe80057b2de1764a2bda1ce11e84aaef01d
SHA256 4f209a5306327e3304d12ebe67cab1b3d3f9a85fb4bcd1008d5cdd8ddf858ad5
SHA512 30308db73b61a5b123319c01c950db0c8d1dd9bde8896f5fc6f77695c92193f10c810a76384142695ba8c65564d5778aa558ae2d25ff5e6f4aafd8c54360a35d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 b605149b549a1796f72e686436243b55
SHA1 6e04c56b2f2b9c3462720cc9bfdf17a01e2e2f7b
SHA256 ca5829208eeaaa97ad412385347a9de7d92c756487aeaa4ecfb0e549ecd25e91
SHA512 1337513f2868bfce837e078b55679ae9bfd55574532d442f2fec032c02c8547ce785f68fa07ddd715271e995752b792a0af9ba2ca9de8642894d0d965d5609c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 092a2ba0c4aed46794fbbf2314dd2dbd
SHA1 ab8188fb07e9cabed656f54bd0f3d41e3735e640
SHA256 f30e0e97873409e275b03c239ad4ae53d3911b57dbf0568ecc46e0956f8eb330
SHA512 64e3c636c5352eeef5280075c7474a77935bb5550b8ed0b4d11091d4a5d49094b67d62529586c03695deebbd3742c2276ae157fcf0e8a80d0cb9e22b113cfebd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a1869a436e7ae1b5f47c3cbee725a0cf
SHA1 9b4014a901bcf6230f09c179944a5597eecd6623
SHA256 8dfb85807b977d0f26a038860264e5466c86eb05c4570dde864e226465c6dfa9
SHA512 cf9528c75cc1531567e67c0971206cd151144c8128ccc3ef6f9821028801cf693d465efae13e2647c71f9f7c12007b6b7cf0e9d59c9cffdfe18f329e726e0ded

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 02cc2beecc3e4426618da16dc33e3719
SHA1 06e2253745805ea59df4e6caf9ae55dd0bfaa3fa
SHA256 5607c8059b9ee0531eb8e8dcfa35f074e215ad5e97c1a7c5a3ad2aef29fe1788
SHA512 604c6e94438f6ec1701936031654f738be2981ae13aa8b6b029c1a5ba0b8323b94d175c9b4bc54499d4e7ba28012eec4631fb9727b74fc5af9b78cdcb2c91928

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ad5e926a7d280e322de943aec6f08ad2
SHA1 5297579ac1218d88decf0b106cc71c8c069473c7
SHA256 af732055f33fbe68f76f2b409a8e3755a046ce70b513f2e086eaa6dbe6b219b3
SHA512 f06bcc3098cc312acf7c2820b418edc18285473b4e8c7cc33e8121ba642989f4346f7bb13a66a56ab9795042d779e45c205b3b09f105d9c2c01b908b9733cc25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 1b9484fbd6866e2ed2820489a7d45ebf
SHA1 27f1d1c459a43652dd04129e75696736ced72f2e
SHA256 b47d8c0dcca729dd6b77e68400e1a8b50da01514b80664e1b2cd05541c108088
SHA512 11c6bc685e0950e62e7015425904d1fc2e8f90dd3c71dce71aa174a58cbc25397ee67a6292beb48e60fcd8b98d79ef3efe8fea8dc608ee3e26ea8f6bb9e8f9e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 590afcf6b9abd2db5ad6cc7153487613
SHA1 9e5c4204a45e35ad5a41054225aa24d28f1ee319
SHA256 fba85adba517d7184f07c19cebaa030396e66782708b34a8e62e99f72d31e63b
SHA512 0c29bb915b0037ae2fd88be8a63d8430216df0b08557c64f63118c9c116e1bdcd21b34a8b61971efaedc4ba2e90ba9f93d39bac2325a50a9f1417e2a974dafab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 2cc68603b39364dd211672d83271943c
SHA1 d44521a5dff8d842e4262d223a7a4dc922e47f1d
SHA256 80c8c00172d0989a656baa638e30c754aea49f2f88353c8c6d79175f0267cbce
SHA512 c9a6ca8acf2a2d879beabc01be19e87f4d7461dba8be4fbdeb7999d2f99f89f16d0906396e204b35a90a3584a9c79d8faaae5d44c8062598c4e6eb3e5cb64883

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9f96a1c10a0088e2703bf4b44aeae6df
SHA1 027121d48afe3d3355031c63e7165982a7ae3c6b
SHA256 ffb1201890456a57bba5a202453dfae1379391ef1bb201c090b61df41afb2a2c
SHA512 f83872a3e71b8a96a6d88076412a3c5f87f34b3245b0a1b8222e517bb0321790b3c31b9adf38d25f52d7e5347c479392f769275bc38ff9a84b609bc594e9d993

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 44469c0710a11ff8cd1acc049e517cba
SHA1 06eca8297227b013c112e166c4011b3503f7ac1e
SHA256 9a88a2c3f88bfeb323bbef044320d646d97fd40c80fd72728cc4abca95f26580
SHA512 a26b040e2dcc931560844ac57c5c84be557e6c4d5be2472092eb314f8c9173bd9afb80ae8b81305428dad65b8e0324e5cec71ee43f63b03b9322109cf1685a33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 21e6ef282481012e93dae99a045a7b4c
SHA1 2be9c570051046dbb073975d4f6bdeadaabef34c
SHA256 473dd46cabbc34d0054b2ea1b74c7feb790ecca00ef5718f42f227ec79c111ca
SHA512 4f966ff06aa8d0ab9b37e3d5c421ecfc16080465bcb845dd0ab0fdedca800dd2eaedd4c2d19dde1c78e9b6e80a7856af84c0cf5a515a2ad35673e4768666441d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 45fce6bcae1c2bcb71844d4b8fdcc10b
SHA1 c8d23ebf582348ae57edf65f1221936b5fba6d96
SHA256 08d01d96e3789f41dfb699caa053a195b98288e824d059765b48c5f9e3620652
SHA512 491309f8b584639afb9eab1f355accfaf7757ad3e342887810f73220e4a2f6151c91408fdbca5ccd2e8ce895e016e04eabe5a893c149bb912a30b0fe5ba1f133

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 6ad8c853b1e1a643be64d38c875d9ab0
SHA1 7ee73ef1802aa199858e4920ef20650a252a6c96
SHA256 db5ffa9aa03197f9454db99bd7c675d2dd37651010bc1e9c885db220ad906c23
SHA512 44c50270fa267db053f7292d0e5e41dbb4dd49aaa94c48bfa164fefb74eacf47995776dce106839418c81b26b3af6af1a5be817ae436e7dbbc1fe36faa99f34b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 63f0c80256fa3dc2651cf5024120f90b
SHA1 90ce5415d7da0e8524542c61fdccb1ed12fbe9b9
SHA256 474ff6748f85ba751d9880b6e9c128ed5e22fe61a100c53d544c5a0927bb8281
SHA512 57afa6d2864a80ccf2cb12aeed69a7f5527a00ede034d10f5534070af08cddd5a3aecc9f06a5cebf469099a8db2e7589ff418ef71ee89ce0ccb61051881b2a02

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 e11fc38262969a226701c98fbd474c94
SHA1 c3aaceac1e2a11430f87d7b82159c2c743c636e2
SHA256 e01ddcd4fea4776d76b436cbb233827cd62d03c4a74c7989ef4f427a13fc3061
SHA512 a8da4dacd0b4071ca6b47cecd04c066ca772ba267af33b555be1f1ae32a8ed739e47651e4f5286a5f03f6b9572379e6e19c51b9350f9a111f3ddcf6d31167869

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 615369a8b743482d7b4bd4437c18451a
SHA1 7e889bdedee98d778c51628bccaa96aed9c79400
SHA256 890ea23fc144da437d19f73122990656cecc4641cab5d4c64f513a9daf817b13
SHA512 b3c6145b91e0b223f6e42f4b40563d1eb87720bea33d4614c6f367e913fe0d831e7cd9f4fc381eece486bb453468b547a9b09d5ad036d8048577311de23c7437

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 826a06223a4de862a22f3517bd79e847
SHA1 65c5636387aa144b325780b7e12a26855fb07e8a
SHA256 ffe42d9d3233f116385763a97f72cca0d965f7b0016a33a02af05ff3a1b3cf38
SHA512 5dc725b2357da419e40f8788df8c58116198899498cb40ad4293770a8a3b5242dc674c25573f22ac9258e6a6e7e227e66f1eb1d8f4b506bc9a48320c2b2063af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 b0d0a96fa7314810aa437978a14a7588
SHA1 687a2643321d2c39f39a4ca336ddcecbd6487f76
SHA256 9ec6d639a3e8e9df68c65596993173fed0c111a3d4eb26ae4b8fbd60a39cc7e3
SHA512 0f34d5da5ae70f516bf13f15c0931dcf31f0bea82452a9e663d515e308610bba88bfe79cc2aa04c9b7efe7da452e6325b7048e1408d166ae92d07f79798d49d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 2efde19f0f699e766d3e83a5bca13290
SHA1 5c58ffe2f6fb30f8fbbc8596b9fe88042fbfcbfd
SHA256 e9e4fd86085f7ce0df15e88a5cf278d194817612ad61dad98a65b95872bbe789
SHA512 a354e40d3b3df2b7ccbdcf98d98c5b8bd9e737a4cfe23d1c3e9eadbbef806fb4851531b2ed36e9f1480f6d16418abc9a647c6bd21ee67ad6ba8a1109280523d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 2477696f39c370eaeb4dcfac57dfaf05
SHA1 10a7baa4877a6a96c2ce019acf454dc6e06beb77
SHA256 3ae27cab246021031de2a32e88b03eb88008ff7303f60b63e5ded7ccd2b919b1
SHA512 25f1c361f30af7914351d99e847a1699883f0378069d772c1b14b1db821de9720b3599f16f647ca21ef59d2da6093d304e06c885a43df7c27add82dbf32863fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a6df583697e634a126c611bfa8d235db
SHA1 9eeba2f075d505446e2d9169d6cb8783112a4d32
SHA256 cb884af274814fc78212bb864704e33b4c8451c3a34aade701e5467d3b7a9f24
SHA512 449097b4e2b0ff1ab46fd37ba0a55f23d47fe49ae31f95d564f569965d833d1bb51cf150c66ab7a1a644735c13ac4cd593504e3a08505a4d32439e3997ccebc0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 bb2641e755068dc157d9fc73233b4532
SHA1 e17b044e310af8371e9f1b28f1eff07c4be4dba7
SHA256 dd8d6a78d225de1b6438cde5fccb86a5c103d323f8563bdd737758e11269bef3
SHA512 6acdcb88afdbf1d78a749c7fbe376c822f34dc380d32fd2522cdf0296cf8d6131fa33b24d75ecbbbc9d0ee1577cc69b3e9171924f9b384c6521a7b82c5c03547

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 762e2ba905d2b69140daeb26b5147203
SHA1 4b852c29f8928f35322c4c14f88a3b9153b89881
SHA256 6cf761037eb10810623cf2665cbc28bdffce2e7af5273f8bd864c7d46f203a73
SHA512 e8352c74ea9d8c8fd713212a3211664ecc1e6257f60a7ed08d5b3fd89552663e97672cd0443a5dd21a0497da42c0ae993ef1045a1eefc4f9b5de798a67c15ff0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 35a6157f8537d88030d6b5cafefcec35
SHA1 a1fc87b3c14a4c5776c75ce317fc2f4a117bfc8d
SHA256 349b41d6913278373f537933a1cbd4a78fa3ba6d2be74f839b5e5aced1fc76ae
SHA512 c9ee7769b94d8ffb58b0dd0272475e7895f201a69c216b60132db7ceeb4f502e87a8670c4d14ca1a95aa287ed4eb4071dfb6e9794bcd760be6f912e800afb087

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 957ae4177f786c649ab8ea685dec83c9
SHA1 bab156cd7b8fcf02d8d5a32d94bb3919de28f7bb
SHA256 9e87c3e023c56d0073b92affa66508f0237a0d8e60c85c834c8612f51e78218d
SHA512 e28932baf6f261af9f60fe65dcac93a1938fdb55c7e58ea7e22d523a63191e781894fe0a9dac7c1a302b54eee3f72910c362ec7b5e7fe852e431d289836b2fc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 a227bd97a6cf73759feadd6005d78c82
SHA1 ffcdc8515c050a77ad6c2036ed258fa8604236b7
SHA256 5b69134549a6e2f00604d35692817fddb04b33f5c1b9af43251982b7b0257a4b
SHA512 48307493978f880105270b69a87ecf9e0a9df68d6665793d4b76adb39c7621272723d5b5fce0de2f52e5e1092b44c923618d2abe6c405620460e268efb8f7b58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 9467196181d16aaffb381806a7d1ba5c
SHA1 6262f1cdd77e2cd93bf1eafbec628606e5c3dc94
SHA256 4c303804d62a98a6d02cd8d8aa43c65ad2077c17a08aeb3a2c3365136ce76d7b
SHA512 046d0781278ba5e43942c9097d3e8cd8503e93faa38d87a9790c2d3ade0ee31e5ba2493224bf9ecffe1706142cca6d59f15745d64e6b38d8c2044ab095796a2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f52db735a4ad1bb7f5e554426211ba02
SHA1 46704a7d7ce68a289e8ae2876a68ced90191c731
SHA256 627199d3e6040434969eaf1babf53fe303734ba33a72eb8c3e5128110e3daae2
SHA512 6d02c566fb9fce0e3cacfa8975844f4d11ad6108f450aeefd295e373c9a552d3b2f50d69cf98ee00abb1dedd9546bd949d5f68c91837adb8dc90e7aa10352c09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 0b351fc8c8626bd9cc1c3a3fb233de51
SHA1 ac921f652bf0198b6d1ae7a8df7cc3e162e53582
SHA256 a8ee7304da4684aba230d39bc915abf886f2efbd93e122f46b95a65232e97ae3
SHA512 4095f98748385107a4ab66ac272d5025cea4cfe32de529b769dc59d763dd566870ba3bb85429a837ea91e2fc17ff6e3d00302bc8e5d7a76fd455f3da34c7331a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2eb2d1bbf18e16ed592907028b4b1da9
SHA1 c48c8fb7aeaf1316b09752448bfff240bafaee56
SHA256 04cb891dc789e9e34a221f59e75c5a33a53bc59eebd621f5c7e75c1cbe8ca9f0
SHA512 fc605ac7cea40d75c3a4e6629c6f0c2867fdf5d308a507b6507fa69d016c081d6407ac3d6790e9a35818ad958926dd3f2de93bafaab992d94fdecf76835e83a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 dfbcfef2cb673bf4b222b7d0d35e2616
SHA1 dfacaf7740fad206807c08c88597991917e43f82
SHA256 6819f2ac2366d7ed5710f3bbc2a855114d3538c2bb202ea87fcccb02360e7da7
SHA512 b90fc35dac1cdc8cd04471ee31765b2f5d95ef08a0cfdfa6481acd3e1370b598b14eac8e5e64884d67fb17d09421976255de0b4def9131759e00849e2fe5867a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 283831fadcc6edc164902a64c77efdb6
SHA1 a5376ffd064c273d3e409081779c34da31e64068
SHA256 b24f21ecf12d9b57e80d4d3f52dab38f08f6030f592809bbc1c0d79a419cca2f
SHA512 c493fd19f3c15d7589197ad02376213d0404c57c1b3b474f17d794a120a0dd64cff06be2967b202539570a2a9ba80ab043e2525565acf0084751394bf463b4a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 657720c94cc6d18809cc6209b6ab897b
SHA1 7f8a043ada10ea3a20cde4223ad1bc7a12db714a
SHA256 58f9f5c8a312ac1c55b8c7a2073f2f4795007d1f1b0e657057e026547a01aeef
SHA512 dfb5a9d9ac4c6210e5cc1a8b03e0f2666cbfeb03f79cc1a02b01a1ecac3bd3470f14fdb81ff5095a4a7d3594004ffdc47d5dc59398d23c69fbe780641540d7ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f6ac5f482165f6fd6b15e64f1a14309b
SHA1 5c0a5d20a06db99cbed90e2913fad8752e6e04d1
SHA256 481e713d701a72a4657ec8f0230f892854d3f93bfd28e81a07c10a514542e268
SHA512 17c2980207ba95e2dbb86298c0a3052c06580760d09357b66bfa107910c34020b296b82a59c8ab3e94ba480e2f118bebd2035cd91448f4128b23035fa1b5b0e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 f8aa0be93a9291b6ee0d3e3270b64522
SHA1 ac3fea9093b68327e277af98219adc222254e637
SHA256 a01a76ca404bdf363047f7972525286cd7805d6981ebefbe2f6227c6abd0f322
SHA512 918d1db7ab26f29bb95ef9590044e3343d35df673c3ae885a13361930ff0baca6dfb90c4fe6df2707a7b56fdab974a8f32a2bc66ceac31d8851f2dae9e7aa7df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 0bf7d510e4d551a9b5abc58f677dd462
SHA1 534dd3245b640ecffd4848e2072295891051136f
SHA256 dedec09eadce3dde004d52512c02000292f96e51a7dd9499d67a0c68ba4e7697
SHA512 00630eb0c20a28a57c39762cd502128e6fb8f19b519e1f24916fa042b1392a807783fe08dde6d6bf2247d430b39d3623a302bd343a3275e48f29500e1d0a6303

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 0067f713d24a6ba550ab7982a7545d56
SHA1 3696b361498d072bebd120b2e4e6959ca24c3835
SHA256 7d2f6dea190a9b902f72e0d3a569571b592f02199fb14835dee3b973e06dfa95
SHA512 8323bde9e5c7662fa1b8fa58bdfc49aa852e29c1dbb5d15714ab35bd6211952267fa3854ca45146ee8f5f0fad40f68a8307f1abc3b7b7c805d4c2f3580ae0100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 ab2dcd1ba7b2411a16f341de3c6ff5c7
SHA1 47e66604b272767e638367f9f5a6e09c2d77d1f4
SHA256 85503a1c8d64583d6ab16d4fdb70dbebac4362b4fb11eee867311ba0a5e0a1c1
SHA512 b577f763c174dad160d34203a6e7260d559af26df83266c81b9cc8683880f3bcde99f4524cd4553783b2cc54d56cd2d46a2d53082b6786124c21764cd782592d

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 1e307c083ae3305bddbac61fdd8930c2
SHA1 e92d2dffd81c8b9e18c4b6b72dc849e8e5f1c53e
SHA256 7a20691371bac858e2d0f22e0ff017f9a4ec2f3ae89f36ef17d07f7fe186286b
SHA512 18a5cdd67ff5e6f9faa5a92e359a4968a300b7f6abd65cc6ae4dc99c5d9311f8f6afe0f3af5735bcaa05e5de51cd103bce72cc88b5f7c9984f682e0453d05c17

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 d6215d9bd3db407dfd0d09ce0d2a0cd3
SHA1 d5ce0b296a4a3640f0f5b4c8ed2a21d8e529a774
SHA256 09163820cc5c82da3d906bd6e154927bd21578d150140c61ca5ec5e075406d72
SHA512 f414c1db2e365186b9a1629b2c8e59d0d02e78e8c3db5be62e63c1c6dd83e8d87c52d889246eecb534ac07bbd024ef77b312d97fa771312c7f9d6efb574a592d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 46169935f753aa5287d8367748bae8e4
SHA1 8f1377f959a667ad9ad7f8bfbeb25571a9097364
SHA256 5871c2ba4f65ae953d045aef11411eb36d254961200240016b789ea580a78afc
SHA512 c2ed3b518a1940866c42ba171cf5e1d920f704e79a89e68e7e5c7f26f0f754b41d08ac1728bdff5e86dcace1fbfa0ad6cdb0c002d091295c36ca9c222330f780

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669808369062.txt.EnCiPhErEd

MD5 7c5dce670a801183247ee08c6bbb8a8d
SHA1 5c5b25764cfcfb0a96e374e27f49d3b57f480428
SHA256 e98d46f67fd4f6b56cf348644e37b80e2f582866137f543063ec6e19958ef0f0
SHA512 2a8787d96110c15f3ab51d914612b05e9aa7312360e5480a22e731a3cb4fe3dcf7bcf5053e2ea3c2ddc34a819d81070ca39abe719ce6d1430fba1167d9c65f2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 eedbd6bd85af6ff03729e05602af2a78
SHA1 2757331d65af9d7281667b8c150cce6efa770981
SHA256 2409bd061fb61265458f240e551c8f300f31ed568bd45221eadec32ca8b95a8c
SHA512 c58cf4ef3ad319a56e5f74f70165099bf2929cb8d06f4a65814b61672bd69ceb362265fb493bff9aa9d47b87d001c7dcbab4427f300076e6d73b8f0a42d2876b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 5efe32a453c44b505809f9120a2e41b4
SHA1 0107b4214f195b0e9ca87833440f203d44ded4ff
SHA256 4ff55a9059408d69086a381db9b69b0c55e9b42ccaabfcc3cad0d7f5d0573303
SHA512 2bc6c02899762b9308dfcf718442b1fca48170c36224b19f4194a88936eab534c403612983d5e5418a888491899df5177dfc5b8e4a0e19e969feb1b0a5438cd4

C:\vcredist2010_x86.log.html

MD5 dd93d756af5038f539c685e77b4ae1ca
SHA1 4e210d5cdbf0c4ef0f790ca81cfb72ffd7dea05d
SHA256 0d56f654b1d2eb8c94898dea233fd0cc70110e03c992d953dd6e5d932b4c7400
SHA512 9a6558875f76279b56ef171022154d84dfe5209249b0c83b642b6e21a47b4b8ee4f692789c40cb93d54bca58db4e7a88ce7ccdd760a897a2a99919693f6a3837

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 101b4bda073431342906a584bf1a5a17
SHA1 8d867f24c8aa4a2d4226303e8b0c884cb4ed7e09
SHA256 6702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b
SHA512 86c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2deb361d7a8927e480eec78366485f1a
SHA1 df07ee615401f62c0cd72a3254a307cef100d243
SHA256 dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85
SHA512 1b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0bfd3244b94d32fe4ed4cc4a9dfdab9a
SHA1 740ac7978f4c321d575616685ef02d646e70e71e
SHA256 b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460
SHA512 6d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 d1baf938cab0a4440010238d26b882b9
SHA1 b9737fd387e922676c11e140b5f5dbccaaa84cef
SHA256 663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d
SHA512 1851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 6e8861c48e34d68953475fad559194b5
SHA1 e41a7479070e6a537dcd6dce325b91900ae9a3a8
SHA256 a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8
SHA512 c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 63f02655d4d9e26ecdb3fb9daf4e25b3
SHA1 3a80441dc499929034c1e6e86c775178c8074970
SHA256 433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50
SHA512 fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fbb2813d54c76c83b4f6603e0dacb9c6
SHA1 56b1c6f50d4db96a0fefac46624b7ba2c358e114
SHA256 2302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716
SHA512 114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7613cc1526079e7df1b0f7547a6ee343
SHA1 0ccd0bd9f5fbd2ac21e37739371268178ebefbf1
SHA256 3c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12
SHA512 a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 fe6570afd5abb034e07d78c1211b80fa
SHA1 2effd6cb805497cdf69877806cd8e0b587fd762b
SHA256 c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf
SHA512 f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 a99d4a8b652adb3bfff43855cdf6426a
SHA1 48a4a2f43bad06a41c852f3bbf4dd734671bf065
SHA256 c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0
SHA512 59cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 526c10fe63980101999713cffd691881
SHA1 381b8b3422ea736abd1c57f7103e9af21ffc446b
SHA256 0366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51
SHA512 16b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e601089a6caf7f5b96a62fc4205e9dc1
SHA1 dac3c5957fc3637769230704c2cff0d4484dc8e4
SHA256 c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561
SHA512 d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 cf972c957684da36dd63e48ba70ea445
SHA1 a9623206b5e42e7422cd3434eb91f564b5a4ba1e
SHA256 2bdb4953251a29018a3a9e5c812e0b158c2a383191810ee58ff05cb759e0e98c
SHA512 e305f0b1acfcdac28d79b70f34b1d8299e29fb1f87a968658ada18b288cc8116790055af20e637029209675a6e381a787820dd34c9ae3f99fde373652c7f48c9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 a0006c114d11414a6246552c1df5643b
SHA1 24cf7356931ad9d991161e3ed0555d9e9e7fb78e
SHA256 25e92f930240d74b933fc8bd6412ccd37abd7f8f3cd0289b4029980b8e0b9218
SHA512 d6ccf394e449914073da69ed6d5a37b5b0bbd1f9a24ebb8f25290d904f3e31a202ea3313ce4538c44a49495f41250d6401850fd838f617e0458038d2044b27ce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 bbc50e90956cf616570a474f92450ec4
SHA1 6f9069d1db9b30fa9bcbe4b362e8c876996feabd
SHA256 619db61d8a2fd5f5761e380c72f597ab6332ce5aa4bedcca5e94d06d62047c66
SHA512 7e00cbc7ad3afa03f9d9c105847f6b8937ca553782278710221005fa07b1da32de50fbf4c10aa87f6b9bd327b0988d73ac146dd4bd1dd797cef630531e950dd4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 20803c2fb8dc060c500cb1a2c6b00d71
SHA1 403ad94fe9c4e7d5f556e04ef3e73d0c0fc7dfe8
SHA256 c8d9ed440892dda87995ffe59152e68ce66a12b1edb1d1280acc753250bb371c
SHA512 cd86ba0ba3078d4f970c9fb979a1f019a1d9cb6d293d83462649c9a70f2219964e31ef81b04594d494a342b4e6e1a503b6e7bc086705c61aead7eb4355757350

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 b235cef213dc04fd0b03c65e54930385
SHA1 fb16e76a1e7e0941a61c616bfa061781b35720c8
SHA256 89e83e6f72727783820398f5d113f0e25f540723ace01a31cb48e03fceca7352
SHA512 6ae3cedb919dec8d99590b0b09fce28e626538aadbb80b9c818cd558bbc207686e35a125fe5a16151b6b6a6a1d8e2d15a69c425b7a1dc0744cb666e217a337e0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 cec67991ebfd216bf2a169b5946d124d
SHA1 195cb0c89c7f9241e53e71b3f4f70d825f185c34
SHA256 249f2db15c75a92aad436ade0e6e1fa5636370f1e0a2d0f15155fb3defafc72d
SHA512 059f61616ecf03aee19ae0f77937ec024d8ec771bc318298f2af87e72fedbccf82edc7f553097850277f4c34579dbe6ca1b7ab24f46c9b0d57fa1a5be338012c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 48a39fed7770d52397a1cb56083b8269
SHA1 be6cada2669cd2fcabbe2eb143dc1bd88a626210
SHA256 098d32fb88a7ac80fb04611bc835689c1c00de74206eaa9faf00752d8e6e6d99
SHA512 8d6a454af57eed7a3da7f46f2d959f30a8054b2178c76136de46242741574295ef24cb07dc53aeac7fb758972ff7af68db287cf0520266f11f38bc673652660e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 242dfbfc175bbc3cc6fa203fa6507baa
SHA1 a3334d88aa96809405a24776759c1810229b8f85
SHA256 97b19b833317ea61d78c952df2a35d35cfdb9c46bd63873d6fe01c6fdc1539ae
SHA512 09a6949565ca32f470fd492c6c61959c944642b4fc132c5959595ce2bb5f8461aa44cabb9984f6f0fa343552e34c7b9053c05a13608b1c29d16b15a9603ca333

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 6a305541fe44f24c6289798bbf2d9a5d
SHA1 852052c6fde62b22e817e21ca6b1420c315f719f
SHA256 b62b953c5fef4fd95da33ed07b6f3c90f1ba7eca3b9fbf87b6349cb372037cbd
SHA512 6c581080ed08cf2afac2139c451b9fe7a028b4ecc06e90d18f0f17d4307e2d0dec7fdc8f95b7e4b28ab432db370d96142bcd0f56b25e95223052e80252d012f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 b040b5217168d50da9605abebd0e370d
SHA1 b7c0fbb022073bf3742cff994f53416f1ceee7c4
SHA256 70cb5b98b757a1c10047dd5f26c9c7eb0f2f601c083833ce6a461ab3bed357bb
SHA512 a4cc52f5d1ee5edc4a8318fa0ef5900f2497ebad0d06e57d4337d991553fd3ab8f38e3b4570eb3c29311e8893f86be681d73cf5ea467c3c6d3f96e5627b415e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 4607eba056695ab5e5812671090b4c5d
SHA1 e49c78bd1edae47a9478c8e1f6ebe8308412f313
SHA256 50db4735b6023b0f1a35ccdbbefce5b99178014bdb271ae2515bae39f066550a
SHA512 37d0d6d21bea24ac97c74b540aa4066680ab43d082b2697671bdc10b6a18dc09487cc4aab35eb470adb35d51649d500cf71937d88d615e53ca176494feb52060

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 7cdf8aa23bf3fbf367bd2a4765a46280
SHA1 adf646669553c36ef130a35b06ffb1138299a933
SHA256 212c59865097c3dba47c9ecbb24fdbe6945c7aae747926dc218f0977b22bc06e
SHA512 82a122c9fd7ba35d70e40e35e81403a8cc430a53c198cb5ecbabfe9416abe829f9e44937efe51ded23e812e430644eee23a8f53b781d8daf3bef67dcd9fea4c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 2cb3aa41939a58b311c76e6112c43ee0
SHA1 f97d42fa874ae1e16c112207400bbb695b79261e
SHA256 6cd575941f519a76a1b04a3f776cfe927b72b8815021f6531a4f1dc2577ec351
SHA512 29d840b5f8f61ededef9a25cc0efb82a9859fd1ea171df373611ec4a06f87ccc8b6dd2098f28949656c8210fe4c5c7d1a84900fecb9f73f0798372af6d8f80fb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 412fe73ba161d9c0647f9510360da990
SHA1 b705d5c802ab3eb0bcfbe96779b22fe5e9a354cb
SHA256 34c42caa85034e522a4260fe2a7cebc062902efcb2db34c88bebc3e2712e6af3
SHA512 9d469589dd31d55bc2d707eb4ce763dc2be03ef0d9ef6e2b61c7fae2e68ff094b599d62848805107db73c2f9bb4a792e937a3a120e53ced42466c29d52d7fa5d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 a19dc0cc608f029168df09b135a1b82e
SHA1 980aeed11e345aa448e9949b702dfa3c60eb9ced
SHA256 4415477e986e89a127d955c65fc62bd432bb8d0310e835c3038e733defa5bfb1
SHA512 36e758f61f50b6f61041cb2fe59998974571dbd13dd00895b949cff58e318df0c65807415ec250cc91f465181abe2e823d6209487e537cd8453808269a4c1aba

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 28bdc18a44224e094d5d207ddf92ef11
SHA1 95d8deaaba14ecf93ff2b70ffd2214ac4c28f9c6
SHA256 6c743bb8c324ff28168cc57613aa0d265476004ad7ba6eaeda1deded4f9dbd68
SHA512 6bbcb6df35f90c0935e4bff6d6ba4b94610a12367516ea6956cffb508d53cbc1213472b841dcdc3f6c255b01194263b54a71b3acdd3734344340622767637081

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 bf06426d6e7a5b2f0e63a1aee0ec6c3b
SHA1 5f3bde14ba9b83834bfb1375815f3071885ef7d4
SHA256 fb0892113a05a9b65dd440ba909ad3544400313004cc7171b104a4d2c7d6dfbd
SHA512 4225c17d3895a4b97a963332c984d7ec43d145f0f3e30e5f1ecc0d9993774e72202529fba645d3567ddffa7a49d8e9faf79555a2de025ae31eb5c937de7a19e7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 88b6e4fa792502fa68d52004cefb6aea
SHA1 b082db201182d6612abdcd2e5d86e4801d230670
SHA256 933f73cd0a9e835c080be98c6cc5eb7b17107c029cac3989e5c0646029a75edb
SHA512 f0687f0934c1449acdb92207648f990457425d557a457f628137ff7d4280b8c1542db15e7085eda9046665d2b3d320f4cec23bd596ce2dcb299020f5724b9332

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 1c01a99b3924faee497024c132dccc44
SHA1 cf25e998db632eaaa0a884a3cd5f51d53c7d4159
SHA256 2cd075bb46ea452374276ed6fe987688b2068c0914f23976a5510016a6ccc8d2
SHA512 0b5615deb1fe37648abc9ac759d6fe3f0f8b7c4b6826e6288b67fa63c67fadc3d5b4024d449408baeccca76a349ae20fbaa5fc773d7fc4fc70a669e422992e55

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 d60a2adf3a49a92a75ee8c5fd33991cd
SHA1 2d4d85d2ce941d0622d09f75571d9d30ec531746
SHA256 9058e0f714d187a43db9437e682266436f3763756ee6044b645abe3582e343c8
SHA512 dd88d2335939974c9db4ef7687fd2a3cec2b80ce94d1f8c8787ecc9549f36458dcc3e316fac6d84060fa914eea6e946f48f655187c66ecaaa3efb1a91b77f5f7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 b2338270c5e568f1e8d69b9da58ed9e9
SHA1 e5942aa39d00dc4c50e7c08299d2b7118b55b65f
SHA256 1f17350d605ff48b1bb492cdddd00f5ac59edcc2f112e783aa2fa8fdffad71fb
SHA512 0f83de1e9ed881c05ec939ba14a38956e02ea575b163370771efc29a00fb55f1d9ed417f24c4913ec5384481b16b7764040cd9749664504e098bddb7aa374f3e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 3d17b8bfea7d6026ed7fb59da3f3840b
SHA1 3258a84684cbcb8e0ab5b093591dac7b9a7366dc
SHA256 5caca55dc6b3bdee68acd007d6053cecb7344f478e729a975ed2bd5708369665
SHA512 a0bbd91c25a9f21afaf1266aca8889187dd6096f3b9a7f660a9f333cee6e4c4f738e76ee029246c4c52eca37c8b39ce89cce54e8d1116cc55e621ea1f0f779af

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 8940c8b6cbbd228092e548bbeb7d5cd2
SHA1 abeb4847c839f5bf5d0109807e5e8c2a8e9df99a
SHA256 aec15937413cc2537673b831827833dc540927478817b2982fe8bd8aefcb18c5
SHA512 85345546c7a83ab57317c8ad2a9fffcadd65ae939c92df5cfb369310298ae1f63d2e12ceec7350926bdb890b12d4680fd04d7fa824232a4b96c0eace78d52712

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 61e6cc2203c3a217d1a5483494ac3144
SHA1 bbe0855981622358eed88ed0bdcd1453d5bdec3d
SHA256 f4670df5d518c070c82d9adb181ce2117e09769505fb1bbb8b70eb974a6dfa8d
SHA512 a260f63b47fd4ca7fbcfe33592f33f6c59a6a60e50bc5c59c721d2a3b54d5210d2d1b64bc2e8d28ea93635d2a2ae98cb33c84ae7096d933b4b7e6e952d9d8817

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 7168db3f22e9f664374606b893b7887b
SHA1 b5a1d4625775184905f07af7a194e08be777c06c
SHA256 87ea5f4515f293f779775ff6f441fd88cee12b3a51c5d29f8c06675d1d562f03
SHA512 5ab9f6de4be1947c6ec369e8556aae60984eb6b651d17915464e6e0288aee7c3d5eefcb9e5c3399e1c66362ab6b96280b31922d9f806c5ca3c423df92a1c8fab

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 148f0363d93bb11689381ba6148491b4
SHA1 46fe892ba4e14b64cc1a4f15f3548987fcefa31d
SHA256 2439b5e37d1fd157c6bef4546ac3e5cebe876fa224d95c0679463edba48875b4
SHA512 6f5ea1a38f9e9c3a2b8acc4984bff794928d8fe0ad98acc4f97df9925ad96b27058fd0b0e14309e278997ff3f36ef0d257c89a8af012911213282c953d5ff440

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 01e18a2dd0d9191a9c04b6ebbb244218
SHA1 c590893cc09f318727cd62aa9c44569e830e1f4b
SHA256 6bad7a69cd9498ff4bd751cea8c63ac81ed96e4e5e95cf50625aa63964c35b3b
SHA512 e6637bb459ed483a9cd8cf29848c29479f705edc0a043e2bfc52297963ee76a92b883997e209f8bfa04779daff61695d8252daf6715116b4b61a3588572d82b3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 732f343fe85c06b72e3e4c2cff3995e4
SHA1 8d3fca5446ee9a19d2ff6466219e330d95f008db
SHA256 aed605f60c7390308eb5522d9eb512b000a4554e35859868c60501cccbc8b5c3
SHA512 500866fc1ce969ad9d31fd937de8a32536ffda32b69d21816e3e79e88e4c59361088f10c482549561ad2fda514ad29c7776c7a202c5964119b94a4bbf9a99443

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 530911c5f14ddaa0532af1babbc0dde5
SHA1 ab65bfaf2adcb44430208a20ac046e0be20ac85b
SHA256 f9a15e24aaf76b9067a154ddb54b5ee82239bf468557da56eadc04d9b3ff2cfd
SHA512 6ea00a289174b5a01712a71f6d1b17fbe4af9b0dae3a5fd2438a172a18b43b9014cb77eeb7407b017d1a09ed6db3c7f39ad12f844a52d0ff1906fdf32882861f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5370b0fde82de500edc2ae9f8511bf61
SHA1 1443b48fc98f336526c92c251169e99d720a7e33
SHA256 753cee7c1a4203027b3bf0e3df972ad2efbc92ca3734f82bdc42ff0266fe1823
SHA512 b58f7828265dc453c3005cfa4af178fccdb5bae7f6ae2ecc85d0cc55dfc366276b4b9756b8f9659017453ba7f374b1f46f24279e57a0a71d2d9466d983a77b9c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 e921d840f3299d2df43b2b7c6d9b6a96
SHA1 5b1be036f033cfe05d3b0139ac1e66aff1ede59b
SHA256 6c4f622d0c153905350f717e0e51b0f31daf74cee2603dc29d9c3edd3b1a085c
SHA512 34cb13061b82b392960a78e0c0a56a95526f3e8d64d4b1d897585db2e9bb39b5cacd5eb81748c572bff0c312977c2b9ed05ba3a74df7c02ff4b34eadd2186b46

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 327ae6403ccb3e99000e5b9d64ad944b
SHA1 019b02ec3c3f28f23a4883786f56ebf53a2ae46e
SHA256 f18262425919b9b209b51badf8f045231daace920db8138add7992537b59d017
SHA512 b0cb36d9300af673d7ed1d7e4155b90ac69a74eeac29f9033ad0261cd6486d98f92b37ed7edad9ba88957ea34f69c3144046b30a9e018a8ae4690da0b23f3e22

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 18feb9e128a31366e99361031bdbc645
SHA1 9e2aa58959fb4fae1c3b666ef6bdf4a4017c4650
SHA256 a35e9643a59b047c019293eac9def37a096d82ff12467df494394212141a7afe
SHA512 750fe00636313649c2a59d78c82fd92a11ba097d8b1fa322e0bd9ba8d0dc92651f0ba119c4dcc63d59ad772cf82a1af5bdebf943591ad08971882b6af909f44c

C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk

MD5 3f1df72e1b1ea5ad59899dee8d786ecc
SHA1 bc6475385fcbc126cdae3f57acaf4b428197887b
SHA256 65d7894802f324ec858078d0f7b23b44fb18f5b7e4f749a2bb9d8e91a585b778
SHA512 e59ef310bfd35b02cc24458dc8e2f871be2ee5df415cfd2811eb6e2771e36377a96a80adbfc601bdb37c807567f51624ed2658bf532870e68b4178f6b078f27c

C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk

MD5 666f6fdeddf918fc4e0c0b70a93b99fc
SHA1 1b9913ddc43e38e6cc0a2558d9700252c936b893
SHA256 09e77d08f4254f8bd0d39b4731a4de34c0e71d9282ad46253ce4ca9a03b6745e
SHA512 362eca3d97a8db2a34f20f8b522932671b457b718ada66fb2b5a2dbea8d4bcc5f7f7fab919db2f028300ac7cd0e5e19dc4c6571e70a8376e868ab60df330d7b5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2338ecf7cfe73a6d421ccfe6d4d020ad
SHA1 9a1e4831cafd8ad41c9412b0cef2aca8cf17c6f2
SHA256 63c2d764126cd5fbdd9b53587449ddee75576b7108718405c7939af886b56196
SHA512 a62f98a97cb7c159f7769c9cde1c71e74ebfabf79a95485ade8b2b5684c09097c8a21d20c798cb0748922c469248c129ad9a72872a537cc6c33ed778876433aa

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 991b01bbecc9e914eb1bc4a3db6ae8cb
SHA1 209f0cbbf7a9e3255085b618db7ab673c354e971
SHA256 b1e5475eedc12a0e79aeef1ba4aed0397b20e3bdaf186f23787b1c01a6ef3bf1
SHA512 f491f426ee753ab8ab1a8c34a89af11baa1825bb4dfb3d34dfcb192ef4c89e65c6eb4d612c7513d8d6322f2c3ef8b62c911ad0673c85e226bb930848806a6a69

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 f6db123ce93296f5b0db8b6f052d407f
SHA1 e17168387e2bd37d243e037236a40b83ca9222ab
SHA256 2d947242d016b0bff2b09121cfb93f0806b370ee45922143104e6e0a6b9859cc
SHA512 c4ef118d2841de053ec72d207e7d4812cf4a9facc560a2d1d22bd05eed3673909a5792a0b67c0d30780307b51f1b15f572c5d558628e0af65b6b4ec3313fdb5b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 53558486e5e6172297f1b3caa0419722
SHA1 fc47cf7aa8937c9eebe043fe407c909543deda4b
SHA256 2612b7726a3ad66663eb3075f7e419b9390c8ed5432aade97e6e94c47622db7e
SHA512 562cdb498df77b1c5df85555d4255e7b3f1d990a09de573a6705e069f9a8fadabc3959f4ba95814508d7c1730040671fc0358328c1d28b9734fbadc9a8cccdb0