Analysis Overview
SHA256
f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395
Threat Level: Known bad
The file 9690a2513021c69025be547b2ce313a6_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected Xorist Ransomware
Xorist family
Renames multiple (2353) files with added filename extension
Drops file in Drivers directory
Drops startup file
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 19:20
Signatures
Detected Xorist Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xorist family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 19:20
Reported
2024-11-24 19:23
Platform
win11-20241007-en
Max time kernel
93s
Max time network
96s
Command Line
Signatures
Renames multiple (2353) files with added filename extension
Drops file in Drivers directory
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_d99d1fb1fc589fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InputSwitchToastHandler.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_0c124c748b6ae4e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_46fb5b718b259171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_42d5be883a2b16ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_b779cb8e24d23b60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_9969a93554339919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\ca-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_c46fb1889d563881\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\setup16.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_d6815bc5111fe8fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_28d2271d20cdd8d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc_vfpp.inf_amd64_af9b7897bd3ad8b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SystemPropertiesHardware.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_377ecc296d72d917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_5c7dd71239e89167\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_2a45230b132b6dcc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_5229ee1dac1c624e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mobsync.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_1321f5d3cb2d9ef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_281df5304fe06482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_300c2fef62ff6d5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eudcedit.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wiaacmgr.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_9208fead72720c5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\DpiScaling.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_b16ba1b1167afeb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b57d3f2fc8043d70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c7be3a6df11faa80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_69e8e0efb212ba16\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_3f5e62a7baeba7dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\icacls.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wbem\WmiPrvSE.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-40_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PaintAppList.targetsize-32_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-60_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-black\PowerAutomateSquare70x70Logo.scale-180.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-100.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Tentative.scale-150_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\PREVIEW.GIF | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-36_altform-lightunplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorLargeTile.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MapsAppList.targetsize-72_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\DashboardLib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_fw.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-125.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-20_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.targetsize-20_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateSplashScreen.scale-150.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.targetsize-36_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\Images\Square310x310Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\core_icons.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-72.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\LensSDK\Assets\Icons\icon_play_nor.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\StoreLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\OrientationControlFrontIndicator.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-400.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\FeedbackHubSplashScreen.scale-125.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-80.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-96.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close2x.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_dual_netvwwanmp.inf_31bf3856ad364e35_10.0.22000.1_none_caae79f1efe8a111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-w..nkobjcore.resources_31bf3856ad364e35_10.0.22000.1_en-us_ae20c59fc52a9d6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.22000.1_es-es_594c3713476e8ef1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-execmodel-proxy_31bf3856ad364e35_10.0.22000.1_none_38e1a9ebda33d405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..forcesync.resources_31bf3856ad364e35_10.0.22000.1_es-es_d5e5f72d462e65a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_rdcameradriver.inf.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_d920dd31374e76d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_cb78e2891ca6ab3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-devices-wifi_31bf3856ad364e35_10.0.22000.37_none_d81a7f8ceb6f1f6f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\BadgeLogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.22000.1_it-it_2da021d28ab0417f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_10.0.22000.1_en-us_5e795cef9c3e663b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-msvcp120_clr_dll_31bf3856ad364e35_4.0.15806.0_none_18f03c45f590b3e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.22000.493_nb-no_4def7c6e0acdffbd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-icsigd.resources_31bf3856ad364e35_10.0.22000.1_en-us_751c01b60f2c9c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..ut-ninput.resources_31bf3856ad364e35_10.0.22000.1_en-us_80bd5c759b902969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_de-de_09db7b35a423b804\403-17.htm | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-ext_31bf3856ad364e35_10.0.22000.120_none_7f0512a4f8f54015\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_lv-lv_d2c4c85eaa0649a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_multipoint-perfcounters-files.resources_31bf3856ad364e35_10.0.22000.1_de-de_914b5e72f033528f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorAppList.targetsize-16_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_10.0.22000.1_it-it_56b017e15572547b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..resources.resources_31bf3856ad364e35_10.0.22000.1_de-de_ebcc363605bebd14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\Assets\contrast-white\GetStartedStoreLogo.scale-400_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.22000.1_none_227ea1d8c5da52fb\chkdsk.exe | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorLargeTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.22000.1_uk-ua_eada7a4c0dbfd1cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.22000.1_it-it_feca5e9f1d18f31e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_7ac99967d7ae81f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_10.0.22000.1_de-de_e5d4fd10b309bcc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.build.engine_b03f5f7f11d50a3a_4.0.15806.0_none_93a796b5f9a90826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..mpatibilitybinaries_31bf3856ad364e35_10.0.22000.1_none_5ad9cfcafd1fc6ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-store-licensemanager_31bf3856ad364e35_10.0.22000.318_none_3183279146552031\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_dual_pci.inf_31bf3856ad364e35_10.0.22000.469_none_3d9944f664bc3f96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_10.0.22000.1_none_e9d56a12bd6e8dd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.22000.1_de-de_db9eb7f804e7e3bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\msil_napinit.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_15da405103aa4ed9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.22000.1_none_c387f681de81f59d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_10.0.22000.1_uk-ua_84aad1abb351ce40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..tionuxexe.resources_31bf3856ad364e35_10.0.22000.132_zh-tw_04836ac8c172ae92\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..erprisesn.resources_31bf3856ad364e35_10.0.22000.493_nl-nl_d4727bc332260858\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-photoacquire.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_674d47adc94fe483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-http.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_0bbbc94ece07b22a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.22000.348_pl-pl_28ebd34de25dc27f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\INF\.NET Data Provider for Oracle\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..i-appcore.resources_31bf3856ad364e35_10.0.22000.184_es-mx_bfcded3a8a1f086f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.22000.120_none_eb1d68ed52d9b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_c_media.inf.resources_31bf3856ad364e35_10.0.22000.1_uk-ua_2f41895792772968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_10.0.22000.1_en-us_e86b4aa760e5750b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_10.0.22000.1_none_2b28cfd17039373e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.22000.120_none_64d060998298410d\SquareTile44x44.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..space-launcher-tool_31bf3856ad364e35_10.0.22000.1_none_0cd616cf3212fece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-w..indowsuiinputinking_31bf3856ad364e35_10.0.22000.120_none_f5286acf9cb4c595\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..inidriversmigplugin_31bf3856ad364e35_10.0.22000.1_none_a1b309a6d98510c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..em-ppipro.resources_31bf3856ad364e35_10.0.22000.493_da-dk_5f7f682b31f93193\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_6426f7e78adedba8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-b..nager-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_d5b0052b1e9250bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_10.0.22000.1_none_4a64bdcdcc037491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.22000.469_none_0b75abb46f3eeede\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.22000.1_ru-ru_ffaf804617be181b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe,0" | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec\ = "MCZJGRNOTVEWUIU" | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\ = "CRYPTED!" | C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt
| MD5 | 2e07d07f927a600d6f86d0f2c149828b |
| SHA1 | 2cbfab45834837739f49bafaf63f1dec1cb96acd |
| SHA256 | 7e56f0e84c96de7dc45391cb351be97fe564a8275bca88e647f03694572a6926 |
| SHA512 | f9f6c33a685f0b324db426f1027fe61b2f81ba3842231c76ce7394912ba9ac6cc285bbdf26d247df03bc45fa74450d1d4a1c89eead09e41d6496646737148e7b |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
| MD5 | a0f37f3b5889c51f327baa9125d2eb47 |
| SHA1 | ddb1b332b8ac74a10c6351cfc81464c4c5b48ef0 |
| SHA256 | af5525e659bf85c0a7118216b68f7f6cac015cf520652f0699c1de1655b22716 |
| SHA512 | 7523f38e3fd5d221e98486d4587c7b16a856510ec20ccd117616f6cc75c8237416bbb4994798dbabe7f847202a035b18411c2c609b728336f07f3c38e79469df |
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
| MD5 | 39df7c518595f3f5240ab4c1a2b4a60f |
| SHA1 | 2848778f5107cc5318a4e71ecb6c3e45159ae622 |
| SHA256 | 80f086bb75abb873775ae6a11ade58de8ab3091e3f338107f9cf0aa9d0f18bb7 |
| SHA512 | 246c9b32e4061e1fd98212c3a9652e6f6aeed1101b822d7f045160155a1f2f6a53d41b69f226e55950c85cfcd81457849ab63e9042e5a8de9d8a41884be10009 |
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
| MD5 | d9847285752a9a825ca41380c19f4e80 |
| SHA1 | 891cb978792249bcc0f6ff6f41f7952cb678b3d4 |
| SHA256 | beb3e8a5a1fde77e70f62a8423089d9f86ebd4a5aa7f25f3ccf3818db59e56ad |
| SHA512 | 17e1017fc131451274d57af347e29581ef4806fbff01beb853833934ffa8ed5c9f2f1e66767c6490d749287b01fba51c567d80abc8f95498962f7f01a999a5b8 |
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
| MD5 | 0a27db412e060435794b2508ef45ce6e |
| SHA1 | 4d7d8d692b5355e97d702200a760a416b3595f6e |
| SHA256 | bf97f03a22867aa37f2f701cdac340f9138c9c207db41c75d8f69c3fcc3806c2 |
| SHA512 | 2029a8176aa7b57df8ee8f6b8b4d2bffb72e95d81a87d967a54c834abd89af363b726547f41e24f523c5399133fb3cc512893fc5dd75dcdd5f8a1746ae261899 |
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md
| MD5 | 290804897c1bf5d3569aba7c237a0b1f |
| SHA1 | d6997bab44fa317e677741cc6e79991dfb0c92de |
| SHA256 | a16d44eec86e01db24a4d25047f1495aa786eb2d06449ec553c8b3e36404f5eb |
| SHA512 | a79dd3b9059d13af78812b5746d35d4ede98096f86825937789fc888538949c71243f5ebcd8838ac45c4f0d85797c38f28ce88523ae96402cd27f308c577ad55 |
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
| MD5 | 566338a186ccf0be42e79ecc8ddbfd4a |
| SHA1 | 664afd0cfd126afee319f3f9f790cb6c463a08c6 |
| SHA256 | abb30bd032bf6728f3ceedbb62439ce61241a6e3eb799a8aa082cc40095368ee |
| SHA512 | 0ccc277a3e150b2c28e1656a67db40b50d816f3cc655aec3e8b0220dc74577ecc8663e0d333f28f3d93ca92313d4e1d575f22e81d49a9ba73dca860f69113241 |
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md
| MD5 | 2dacd65f7ef75e32d7628026c05e3ce4 |
| SHA1 | 16bf22e1eed661a1d71c6f729c5dc95a0b5acd2a |
| SHA256 | 51342075978f27cdea1e6131682424ee567d7455f07ad07806e689e000d0641c |
| SHA512 | b7e4314dc87dd867a82233987a5084b0b68c328432b6d97cb1ec7cb81ddf4177dc458e2a1cf3d5b943bd0ab34dfc6aaa4f47b02843212330aa2110c360f57547 |
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
| MD5 | c067048597c862a01aabb1d8191ee864 |
| SHA1 | f6e862725760275be6927d2aa844dd82ac8af1a1 |
| SHA256 | fdf04b4969ab5d6bb37b2555b82ffefcd962ccbb26a4023f801f38bbd0838053 |
| SHA512 | 1f6d7fed2beb57b3b92372e37584844e94cbafaa71f25086f4971a7ec35ff61e13dbc321c5f234c05451ca0b59fd6e846dfb62d85d93499cfb849e4393116dd5 |
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
| MD5 | 8921a65395842b1be500eaec9a22e0ec |
| SHA1 | 2acb1756dc2820aa7b01c62d028f641b18b77b6f |
| SHA256 | a15e20d0ade75f32111b55a3783675e87567ff579bbca68ead6b2db6e2b48a75 |
| SHA512 | c7e52a162dccd99053528457b9c53dd9504c5f7b7485154b081f468844905dad590e4893d62eaf4a84a76bfa37de476567921978be572729399384d29b8dc051 |
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
| MD5 | 221914f20994eb19ef0b7e481432188d |
| SHA1 | 111dcdb217a28a2d5498a3d6157d6f6108fbd0e1 |
| SHA256 | 5c2136e7ebe285d0d0c4d5c0ba64fbc6dde81a490d5bc587cfaf9a1a5582fc41 |
| SHA512 | d4751b0caca2b32be7e87196451cd54323923dc2c7c54ce8800a9855e9c45aa0bc897662bcf64eba7e0618970cbfcdbf5f8a17e5171fd9659a7c04e9dcec4a95 |
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md
| MD5 | 4e3f45b5b51504f37c98eef69b66af93 |
| SHA1 | 7b689747a340bcecc6742965b2e0e60847c135d5 |
| SHA256 | 05930bbd7ad701ead1d655f4ff6afa16c832fc7365b46f98eb9c65dacd381c85 |
| SHA512 | eb23c3c234c20d7a43b04ecd1e683a1c3b5578678b99355d8e38f1c00b5cb71f2323364fcb24463ffb98f4c60ead7c49a9298ae33d112f30b4dd0ed9617a489c |
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
| MD5 | c89a8dc0f219604df340d1870805e315 |
| SHA1 | 7a669ef9ba19de8861cdbec894fa068a3fe957f3 |
| SHA256 | e05c074e4f3ac4abac7820d32a08c9930cbd2f714016c28fc9e6de3c93776710 |
| SHA512 | 7738c4f3f47a9108e9b37ea645c0abbf8c7bd3ffa54da900dfaf227ada5959b1cb14b17004820fbdfb5ad747221fa9a4ccfff0748dea212bddbfcbb9596a984e |
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
| MD5 | a3724b4424d4fd28e2971e43bd97b299 |
| SHA1 | 25975e6616aa5035277e7560cebf04659ec759ac |
| SHA256 | 6bf8b43c9083adfd35911ad904df2a183d84d3101d57fb76b15c6afecf55acc5 |
| SHA512 | e64b62f63432712102d6bea98237d9a4a736975bcec921082710a736c30a6198033f7cf81e882d5a033ecbd3c6b18884946143f4062e63cb876b880d8c29b91d |
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
| MD5 | 4708b52ce806a0d5ab100e64a1bd3a37 |
| SHA1 | 189a1339e2ff5417618f39336f9a86b31b5f2671 |
| SHA256 | 7c5e034d5a01bd05ea4145c98e9c5e9fac028d6db409816a5e8f1eb05b13285a |
| SHA512 | 62fbe7431e0033d020f487830ab5d71ab1b66b9db4564d2f5eb7b23e1f318a78f4fd47deda85c1aefd0b15f7588acac6d27a1823ba3a117ff40480e6a4a3ac1b |
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
| MD5 | 14ad3259301a0be120af30e1aa7335e3 |
| SHA1 | 5419888636ae5aa78569c6a33470e64cbeab155a |
| SHA256 | c90b87b80fbd1c12c42ef09fc0ccd2be4fe18425cb22fd009d7d64d04df33200 |
| SHA512 | 4812a7a0cbbf60f499e6432dae860b4d2a9af4e40999a6d5f130b9bad8f7bcf04c1a551c73c3447e761cd3a2b7a7aee4f23db800d532ee56cc9ca6466fe8cfbf |
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
| MD5 | 9907bff3d816a808beafbcc0e922e796 |
| SHA1 | 32a82cce325e76ab3db5a9538c058431458c24d9 |
| SHA256 | 86df4e651ad9f1bc467db2c3b61eb8beaf50e426973260cd1c4ca1136c81d004 |
| SHA512 | 8e334deb7ed96d1036bb199b81a18a3c6baf7a2cc8c62a0f2f8a34580c92b467013179c86a8ef020427252581c45a91be9a98adcd5e493017b8d4cd4d801baeb |
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md
| MD5 | 7d0eeb4a812ec34cf2a356a728f15310 |
| SHA1 | 910fbbc88d52d1c8a409ff632ceaa3e0736164d7 |
| SHA256 | 41d11e3d066b49b123c851e0b641fcec2e7731bddcfae162a2766091d9b0ebab |
| SHA512 | 0ec33b72f13a3f320c654eac7767ed1e4eb28b8e767438866249363b9d671967ba90abf9eedc774d1233a0c800e3266f87e9834d902631c9e88d243828e97644 |
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
| MD5 | 59b9ff5b808ca379c03c5cc7de05e815 |
| SHA1 | c9fa705c271358ab4ef60fe5861a765623bd72d1 |
| SHA256 | fd8dfd5a55c635c3baba6db748fc5d342528c1146c7e80249e22630689b936c2 |
| SHA512 | 9d943182bf8453699eee9dd3a71ba11e7f75dbf1edcfcc536a97c8f60f42db2d743ed4d70785a51d94cbb19d553adbcd23f0ab7e21d6a6541b04644c02aa28f5 |
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
| MD5 | f2813dcc68bf3515a61e3971456644bd |
| SHA1 | 75f2bffe6d91fbf214b867032df8d3b4cdbfc5b0 |
| SHA256 | 0d751ef6e193e8ea06332fd3d95589ac455b0fc4f84c2ef840cc48b76b6572ad |
| SHA512 | e5b26bdef5167cabeb3d637204717cfb6020479a7807c1c34c3ae5340a50181e7bc4cd825853df300c15e857cd3ce3547368b7877fd6bde20f0bd5c0ce25211a |
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
| MD5 | f128c222dc59a55d44ea142a891cd244 |
| SHA1 | b3ae432b9dec073ed4ad6b44fa53b907fd96a4eb |
| SHA256 | 00f4533600dc74f78e37918f59f5c22d1a44b0e5d680332111af396b61a319c3 |
| SHA512 | 0d462c7da005517a5316f0c82be4b163374d06399a2e350726115e53632062991117e6b9d7ca5e34b386e9734aad12ea2e2475f9cdf4065cd9d95a7675b0e313 |
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
| MD5 | 21220a0dd2995c21944384085e5ef176 |
| SHA1 | 52b84d67560cbe5a5b1346c7136018436986b133 |
| SHA256 | 9396b87052b0e3a4e568b010027a9adb764aab31082579c474ef7aef483847dd |
| SHA512 | 2cbc107fba3156f48bdecdee78011e352fa4b9f9d22bae0bee2dfdb0a4201ff7611b3654d9383fcdb8fdd43f2f68b7d63796a7aeef17e8d90b74bdd67f503b17 |
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
| MD5 | 81697c6e533c0288487b9ce47af30e38 |
| SHA1 | 95f13cd400fbac07f0838616e9195b966c7ca47c |
| SHA256 | cd09dc3ffec19776c42fc653eda4ce04912660a79a26c40978078744848a3d82 |
| SHA512 | 27277f7023654e3602465d80428a83d79ec638cf52dd09598d5aebd478a0668eaee39736713c206145ebd210ae31643a2b46ec7f2882500051cfaf042f6e4253 |
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
| MD5 | 4a830efcf6867824f5c753f594df5645 |
| SHA1 | 4812e9dd367c1f71586787b383264f8c74e111ca |
| SHA256 | be545edfbd5880167a1b95e2958b550d47756c01748292f4cad88f6e09e72376 |
| SHA512 | 51d072bccd0b5e33b225ba51129179ca6c402efc0eafb9ed801c5a1d8b2a1628e5624047e87249a6717022d7ce5405efa5dfc08e75abc0617b4b15afb5f680ee |
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
| MD5 | 339d6ab839fcaa8e891b50b1ada5018e |
| SHA1 | 19b1cd672e0604f241e53b11ce8905d762b3d58f |
| SHA256 | 19b57f2f305abe35f2af5dfe82d5c1bda2ae154405b96e8f6daa2f6cf43d8fef |
| SHA512 | 2c6a68a217af95d8500b3dd2557b41a534322bff03a44c27ba2681adfdd5918d758485682b63e5e14f40f10809824b749a6879f9bee7c3bfb53c16823d63905e |
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
| MD5 | 39c3438cfaf86176a72ec35897ff0824 |
| SHA1 | f12afddb11a75faedfd0fff8acb6f447fdbce646 |
| SHA256 | 623f1930d4d155b3753d3e55a067a9e63b12ce7620ca470d9328ce1f0063cb6a |
| SHA512 | ae7acfa25186ba6ef73c4ce913931b07dda862141143a13c3ce6b9a1fa791a47250e7c45cd7ee79267b88b83144819284ee6d23c39d35f15eb2a74da80818a91 |
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
| MD5 | d6acb60165ace5029a201c7649fae506 |
| SHA1 | 8e12e77f356dc60bdcd22bc2f2273730df1c536a |
| SHA256 | eb689ddb71642107e24456221684bd7ed2e35534852c9cc8c5b69afd33623dca |
| SHA512 | a698a5902daaf1bac42fd1a1b6532198cbe7cdd3b07a047681b3e6329993d7f11d39db459849758cd9762de043b622671f562ad5769729208fb773705676c89b |
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
| MD5 | 35b5f99c921c69183e21bbbca058338b |
| SHA1 | f59332407501295419e377757bed8762ec3d7f2e |
| SHA256 | f48fcb309d6fdec19a0b2dc8903146b236c0bee0d1d44cfae8cfa382e2f18c7a |
| SHA512 | b59a2e7602ad35ba941b221d557926fa887f796ef82e8d41b5c47d9beb606adcdcb9d3e2025c4031035b865a7197ebb96d1213d4d7aadd4b6d9faad141507c02 |
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md
| MD5 | a671fe49128cdd13f50979d74285cf52 |
| SHA1 | abd4def68183db357247d98424531179f7d47477 |
| SHA256 | e1ae738451a0ab4eacc76bedefe04bbcdabce071fd5196846e2470c3c41e84c3 |
| SHA512 | e9801eaed57b026e3026ea6b9895390598d42333b18bd38c30e37349d3a85495160e4200110925f5ec359569248616d6753ea538c678dd8be538404899aba21c |
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md
| MD5 | 9a823026b8f16d72f6bc6abf1bae725d |
| SHA1 | d000fd8e500a16e57242eeb726825d899e15c7e2 |
| SHA256 | dd7e0f8b8f885df94a4fdbf8ecb481f95ac91c555211faafc84c33e495a42181 |
| SHA512 | fd2e9aa7a3733f6653617b1c647e1d61303e1e53649475672c520ab3a13e0e859e9788c2afa7ce07a3a4a0a14cc5404d3da558fb5f5d4e6d634233ce1b86ccfd |
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
| MD5 | e64951cbdb969197fe72f3581ac1bad0 |
| SHA1 | dc21f02db126a3994bc2d050d9eeb940488fd2e1 |
| SHA256 | 27718612bdce03abf39d748c6703abc0619e15b3f1d238d9c1bc83a1272571da |
| SHA512 | deb9905e9eb9217ac3cbcd1d4dd32feec2ba4e86be40694c7a37b80e026c4cad4a35f45fda142021689cb6b81f4719a5b5357a63b19e88d07849dce9ff906b69 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md
| MD5 | 3757a65f1b043ad5f2e4d7f1131ec8d8 |
| SHA1 | b0fcae40d74d9901e32027ab22dea2c201a5e501 |
| SHA256 | fe5fdaa28be2f2b67f87f863160adbed16b91b294505b8a43ac88b37e9ae592f |
| SHA512 | 0a91fbe77d8adafe8a3f48027121cfb6e9e45d3b9adc3e90f5397ecb7a3c33f0bb3b7878dfa4fb5bd6eda388513dfec4fa795f826783bcf1e5d26ca63eb665ae |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
| MD5 | c375e83267379a6ffe9dfbb5c83fc6dd |
| SHA1 | cd4e9759a173bb3ef39bd5a3b9d582641277cbcf |
| SHA256 | cf81eb18f73ba30ce7f222e4d50da38a92866a04839a6c3bc1912e73d7387655 |
| SHA512 | ef5c568a34d2d0493a846cd11afdac688cfb4e4c4b96b08241dc32adf3448f09418c7f495506520776dd527cdc43491277d215507e11361f74e4b095efc32306 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md
| MD5 | 18b931fb55d1c2b087faa80882f32ea4 |
| SHA1 | b84b9449776c28f03b7d94d87c280878ebb65867 |
| SHA256 | 66bed9b7bea65fcc7cac98baf2aeacaeac9e33dfcf463f0f5ed24d548f746042 |
| SHA512 | ef977a911bb1966c8df1261361195c2b8a023854e3ff24c9d08a9b830c7f0e9e7dfa0cde37955c3edfd7ae5a1129112fb52c89455d01b42026d71c7d7099fa25 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
| MD5 | e483f162befcedde198e443ae45b9e42 |
| SHA1 | c1ea1e482eb9f593b6baaeaea95aba7d50b90892 |
| SHA256 | c729bc1d1f0a4e8dc967925fac131ece56ef072bd4e983384fbe2d87c54213c6 |
| SHA512 | 29d49a2cc199ff9d00f3f78fc276e4ae16944183b8fa8c5f5cb0084cf11361b03629140475f7900ca3659b1e94bf6edf408ac07899274709981104ac2da6498d |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.pizdec
| MD5 | ee78173686721e32c49cd005eabc884d |
| SHA1 | 754f3c336854aef54ba867dcdb8a406271e4be02 |
| SHA256 | 1c259d79759e289974e0fe9b65cecb37006e7d56c5e73ea4a90f1fa21ea1fd99 |
| SHA512 | 6aebd3979a72cc4f844b86124646c69dba741e3e4d8a65b928209f7d28443b4845c5eeabe2a2877153129ec28e0e48763461b2e357eac2f2a7328a20664728fb |
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md
| MD5 | fd998ab9a19cede72ca8b33ac0fbb17a |
| SHA1 | bf12d2cc7135db632dc490d374aa8f708bc7c960 |
| SHA256 | 6e046ddd38c821864e9d4f4b4b1c30ccf37e7ba846b42f019cf938cb1541f927 |
| SHA512 | bd907186b0ef1b4c12b7fdc1833481b215fc9f0b6ab5f72ac70697cbf9d522ccdfa11df8eb47f03b4c43dee839c4156e3a08dfd9ab2e7bdf9dda2ac5a1e9794c |
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
| MD5 | 4ad79d8046e0893ea9156b1494d6639f |
| SHA1 | 567433e6eefd3b7e79eb6b7d8e0cf53eb6234715 |
| SHA256 | ff80f64e6048cdff7c15a23db7afca35bd3ff8cc83f5be333a737ed9e2008312 |
| SHA512 | 2cf2be533ac834f99ece0005858a8802db84981ddc499084ce18c36dd792965ad9ff9b326086f6331cb8a300bb9c6722cd042152b5c6705eb32d0b58d0bb36c3 |
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md
| MD5 | 27da8c9408dc44eef203759685cb84a1 |
| SHA1 | e7efe87bd0cad31c46fa50b3d09585d3b8a7f2e1 |
| SHA256 | f3c14c5772ff5ba39ac34847db8e8059baffe82742a2200f1bd8388c1eded2e7 |
| SHA512 | 57cdb23d30ec881af21b7acb628a389ffe50715d460fe12a6c8ac7d83a778c7b48f74bec2ae6a2f9cf34c0f5bf28e64b4ab9bd5dc96f4ac7652e84e332faac9e |
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md
| MD5 | 2970049cca604e96b88541911d9e1b73 |
| SHA1 | b6420322cc3437b1de4c65ab9214125d78c4cd28 |
| SHA256 | 0a3258a128d8ec6cffd48085eb9bcdeb618bbf57059b651c2983dc6c906f9294 |
| SHA512 | 6289a6b4b01833d75e76f291cc581b2a8cf5da6b22c41f58c846a937e0a687250bc72590e5f92b3a3026e7bbb82197629953219cc11f77dc964bcbca280925cc |
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
| MD5 | 81eb024eef46b1dbaa3351a7da89d1f6 |
| SHA1 | e638ef27518ad13aa86f1b817d08f4d0205c461e |
| SHA256 | f0f839db2d45cfe2c35dfd55ecb03327b9a397782af87bc004eab0e956d5a175 |
| SHA512 | 7d1c3074752108a71c9dd5d7ed3d1e0b6663e17067723485eafe2b43c7e12246242b249c13d4593fc256ea83c4c4676a9d1508de02e3a9b5fb324a6c45259636 |
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
| MD5 | daa9385b5d3268c67dc99c2c841f4205 |
| SHA1 | d3c5b2c57ed943b3533f266080d3e5389bc5f17b |
| SHA256 | d3efc3e1d785c11efb5c85b8932795a6cceb13f7b872f53b82403f9b74f7b811 |
| SHA512 | b0e256cd3df4d890b2e26c66888826fd8e2bd3f965d1c688644c3eb3345a867ceeb048fe896f94cdf816d45110736a0d96b9db5fea3271c91a47570f9ae6219d |
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.pizdec
| MD5 | 32d594154b014bbb8d15975d81633cd6 |
| SHA1 | 62aa114361e99049a4190c4d9fac841449e490f5 |
| SHA256 | 048eca526e1b9d40b76420dca9dbd5d7c470d9f8a50970967209ffb5f6872219 |
| SHA512 | 2ff822b59df2efbc258ff6cbae367b68fae1d325fb4850f6d550dad2c7effc76032f76137e5f4c2127527fcf99fa62ad53e6c9b23a36225771bae10030965449 |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt
| MD5 | 3bb6d39b24b73a247f5efd3aefac7138 |
| SHA1 | 267813164d7b2dcb2c854375f162b6c4832ae295 |
| SHA256 | 86f3d828f9057e49d2dfc9120d4d4a97f95988a9e4b193ac0fdf2fecacc94b20 |
| SHA512 | 75013cc31859c98324e121f4ea6b9ab4ecc3d7341ae4884d414e3c3af169dad533ddd322260e5d2adf9f792a9a35c8eee2a2f144153e6936714142075871e04c |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | fb44dc54c39eeabc8180f961acf9afc6 |
| SHA1 | a98fd91411dacf14d6bdc99cf1b41b31f4597b2a |
| SHA256 | 0a98cbbd396e6a0bc8e799bd8cb4a3af0139511ac108d7b959dd0e9ef00d8f5c |
| SHA512 | 50d7b83cb54a968f44b2e477b5f58c7fc74e7fcf8afbc25239a2cd1b7e589defea78ed5d5d13bc69450bbc2077b4abfb130ec9ffdf2d522f1b0386d1eecf4397 |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe
| MD5 | ec2dbf06f71aaec68d3bb87b701358f4 |
| SHA1 | 87836f2e36e152cceb22e025d877d1c44caef6ed |
| SHA256 | 9c605dae47dcc7637bd73c5391d9ba6d05dc0f70e2b4d57e7eb3e277f697826b |
| SHA512 | 2cad5e7a60a5b512f982c2c9029ee4caedbc6fbdf77c0f06ab99590d54b6080e8e855fb803b908c5b56d28e75ab39f3d60c862a284a84993c162aee9a9a90e25 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
| MD5 | fd6c45ec28315daae6270f1535ba21eb |
| SHA1 | 1c4578c84a823835de8fa362a15b3cd13f8b9ee6 |
| SHA256 | 746cf5aa5b434650ef2473911e8b0d6050848aa438ac5c40e22de783b550440d |
| SHA512 | 0be8188d95d20b4149e57e0509fc72c5c5765549f6b5fc50ec280768267a4a88906e3825f74647f102f81ef372d2e6465a779d877bb9f4a22845fac7df063455 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
| MD5 | 5dd916996a2d8895243c77be8522b45d |
| SHA1 | c359e163ae8eae5143a124ee18b731397bb803f0 |
| SHA256 | 842584aa4f214cb890d0a3a5523f53a27cc65550b66d1920cfccf121954ecf4e |
| SHA512 | b163dabdaffa6164f72a309db5d573d3a83560e160a46137f68911d0b33e26034e3f9096412119dec35e7acf42da7bc79b9721041c3a795e177629ad694ae8ff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
| MD5 | 1a03eefcc40c7f0f8d6e68fc791059da |
| SHA1 | f335c0e4a50d95392194431c8b9e58bb737af66f |
| SHA256 | 2ec7f1a539c113ba641fecb42b80db62712672197c5ba5c9cca7ffda3ade3e6a |
| SHA512 | 52ce39bc8cc922a49223d3726c09412ff3898cf348744ec6b71117329358c3ea4de51873501d94a56bda4ebf170d64673917c159bfb806fa8e2df48f38e049fd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | c6422ce191b2af2f1a6b66f5f8870756 |
| SHA1 | d4473138274c2ba91e4d44d0b668f149934cf9ed |
| SHA256 | ce21ecefddcfdd7c41dce379c4770a7016ae99e36b4794d37112d799f0ff3463 |
| SHA512 | 088bc22cfff8ee70b9ab378b604023680e830db95ab5451e765160e97658b2d2d7e4bf2528a468f0abc01e858a9f22e663eb41bff4ed2a3b15956d6df0f3ef51 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
| MD5 | d17ac25109e5f77ff170688bc9f697b6 |
| SHA1 | ac3c4675484ff74ca75e77c8c2925e51a04c5a53 |
| SHA256 | 18f0b516c59aa6cee0cf9ebc38583ab148a3366ad5db45189dc220f23a6f3902 |
| SHA512 | 1d3f129fde3dbf86c385b3cd0086e0dfe4809fec3c043561875c71241326529c6f4990b4d2ad47425f464e7ada55b728e33143123c9e315ff208bda6b595cf6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
| MD5 | d662a3043114683aa682908226954527 |
| SHA1 | 315f184a1b866202246bf78cd33c3176936a66a6 |
| SHA256 | 9f7ff6ede6ff57cdc37bd21eceb9743087e2a6d52bc1b05dc9e81f6d6a27447a |
| SHA512 | 37660e26bf4c2d2faf7f5dbc92d7cdaaa0b260b9b0c4e41a3c1a4914483b492002577dd94181fb4069df367c5ca4e1ff545addecda65c240036d16e7356c0134 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | 0a425f9227baa15af6a962b5201a90f1 |
| SHA1 | 0a0cd6c3081930c2c671a9b5184a14ff326f4983 |
| SHA256 | 336974ec00726bc78d08ca79c85b1c5b8c25edc9381cd3867f0d7c88e19f8b22 |
| SHA512 | b7b7082b46a253af62e4813101079e4f3ef89c681396fad1bd515c01c71268e3578e17c55f24f9c8e3747f724c5f72988e721a2654ae6a5b7d6a11229c259eb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
| MD5 | 8f3805888a773f127f4a0e219b2a39b7 |
| SHA1 | 0c233e60aa960815a6572da61e60d293b5d44fe2 |
| SHA256 | 4bb7a49a43a292ee8d9f6adc10de88a71ff9f0416682814ab9cc0c639e1c50c8 |
| SHA512 | 69d6fd144877c983de570ed03f812662bcf1f8258586a9801d44cf6575eba079103bdcfefc5b5f2617461c74d28c382539fcea609e7ae4733f1426d3527caa00 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
| MD5 | 4377e7f23d98caf5c41b00206b3cb8cf |
| SHA1 | 7401a5eb2300b45e179e6b856f0aa71a65a26c39 |
| SHA256 | 09dc577a11a1713a9fe0c0d4dda44ae9f5c7629213097ca0b851904615d038bb |
| SHA512 | 06ebadc479906484e5c5210c8f24885c3e2371bbf3d7254452ef32b5d5bf0b9aecb1a1372e406e9565e5519c9a35f479686061703933afc7d67fc7be14f9be9c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
| MD5 | 356101ca175fe55ef55ea6d23ce14a0a |
| SHA1 | 873f557d6dc3bc350652a7613702c1ced8c1ad9b |
| SHA256 | 6397506db5ee0ae95166185b984a4b3f58064fd2713530f4072ed6c2f4df7fd1 |
| SHA512 | 5d595801af9f73a97e08e9c56ca8b1b03bdd567b597cb9abb95bb868ceb08d85cbe24c72dd5a3a014e8e5bf93e59c0db65705e986d569f9a573b0da6afb8e102 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | d8aca58695e407435a8f8819ac56ba14 |
| SHA1 | 3a018f3f6a530f9adae8959277a0d146d8e8ee96 |
| SHA256 | 9ab6309854e712b6a72b72d9ab4ad11c649dbe3bf635870cde405899084d0512 |
| SHA512 | eb76d876ed8c51170a79677e7ea359efe08331322e905af114804c86790396eecefcab9252308bd3e71937cdc519f6e0045e95cff3838e3a6993067f8d57d4af |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
| MD5 | 0a23738d4520b1c4f73d20e3702f07fa |
| SHA1 | 5f5b3c4cd0b4877e2827316743fdc1cbd4d1e4e4 |
| SHA256 | 75073357239eb002d16266912ac5d1be3c834bc7707f01a885684c74942943b9 |
| SHA512 | 653b9faaf22b4e2eda2b2786ec2f82842d3c4f37af1ed486c395194db0f7a8ea563d391d043fea7eeffa54ef9d5e509826f5287783b9d17fe682ad04317beea9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
| MD5 | a2480457be115fee3eefed33fa2f4438 |
| SHA1 | 1dd3b5d61d5ff06a32a1d25d90421532d145289d |
| SHA256 | 24a97a5efd88021d34df0e83125405b5b6aa588773c2d463f8e6434e4d8877d6 |
| SHA512 | 4f17465cb3e40109911d0c26cda5382c8947088f642947ec52f87c1946de10443068b32e7da6c68aa3023f9058df6cc0cfc2c2e402743dcc7b41510244559ef2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
| MD5 | ec4a879a5cf6a9e63c6a96ae7b7dd9b7 |
| SHA1 | babe967bba5055a1d3a34589d87d4aa5c776ade8 |
| SHA256 | 19c0347c415d20fb615b289584849c8e45de90e09490785c43124de9df89fe4a |
| SHA512 | df865152a2e21a54eb417920d45e7f30373e6130df8daab6fb810dcce9ebf8b31a0038c483ea377021558093a48a30d7bf6cda1470811b03222e14ee0c487e37 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
| MD5 | 443148e2f57afbb0e871ca77bba76ac8 |
| SHA1 | f686235c114a9a17bf7719b536380fa8c601272a |
| SHA256 | 7d901f0d2769418b068fa9e988fcbdda67eff0eb997942c95a35a8a604fdbc3f |
| SHA512 | 8b729a53badbd2689925edbeab89db863b08eeda6924235f7c68b1c8974178add15229d0f57a30969abe0cfbbbe569ef6f0b227086e90432f78c525a714bfe50 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
| MD5 | 76bc1759b8863d1d45d3481a3776eebb |
| SHA1 | b937107e8e0a8e1460e74c0ad9d820a3ba952e78 |
| SHA256 | aa4fa11e013cf24c8fc39ad13bb4a6da6ff3e7a84477446f16dcf5fc4eb55ca3 |
| SHA512 | 034288c1d4d6022d91a935e3f3ba2b73c914bec71446131949bbbe3ef567cc8764250fab8531231e2e89ebc496b2d7889b032841c45785f0bbd2f431c61e8414 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
| MD5 | 9998dd8a4c4ed1ff5e64881c8066e422 |
| SHA1 | 0f2439df072df4cbdf566db687acedb87e769929 |
| SHA256 | 1c432cb917465613434fbd9aea1ce658bd5d60e6a4b490805d0752a8412fecbd |
| SHA512 | fb53595d7cc6fd22b43de5e6fa23bdcd698cb91f451829eb18b927f6de63fd3e98da33e9a42e1d15d34a943e024c5f595b4bf3cda935ee7738940148f60f7f09 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
| MD5 | 0b8f5831b19c2fd4983486ef6a2ded3a |
| SHA1 | b89f9cc2e510a95996a7e7a005827c5294352183 |
| SHA256 | 9d03ae3bfce9062ed8e3fb7b244c8e4a8e6b462f42967f464520be36897d1e96 |
| SHA512 | ff662dd58d393d692b9df3a8f8cfaf94827022d1e63c1d8a17eb35a10526b6aa0ca7b530b5e3a780155970f847d5ef69e050c7bb621d4f495201502b7596b459 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
| MD5 | ea4af56405e6459b4b718d6ca6a5b53d |
| SHA1 | 54f8ee8bd70c8a03b9d9d75204faae97c5133d86 |
| SHA256 | 9474b92f647af85e923553476ad890baf557c83a2d9985e5ecb809745bd9f41a |
| SHA512 | e029600e84b3ae16d65256ff74b9c9da96aee2cf2f2432f9154b5ebbd0ec928460ceda8ff82c336e975676a673629e194f9513d8483cb0dd43517e36509273b5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
| MD5 | 4998429f3b68f4ac389f3eadc5534f27 |
| SHA1 | 8e152ff9fcd7991b068546259f98e218f0cf2eb0 |
| SHA256 | b764005f0428a8a51f31b9a23b7239adc205b0df45b42c29c06a35cb2d4927b9 |
| SHA512 | fc5c13c755e718536bbbabcc9f441306b631b34f503f67c7846e91330fecdec52c6fcfa6f7cc23b1a44bda995b3adbfbe808eeafa0872a4c2f2667d9fb748e8a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
| MD5 | 2fa20017a198582d8562a0f28cd2416c |
| SHA1 | 15a1ea6ac6925bbd39298acdbb687c866098d583 |
| SHA256 | a9ea5be882784eca22a4dcc239004430c2fc5ce07d34dcc0edadbdc8d03a7586 |
| SHA512 | 5bd2e43fd88136f3d79cbf05197df210cc66a3ead0779c88683932aaf9f100681e377236b1b8809bbfa4460d9345291ca165d5b3d9726d5db416561c8a2e45ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
| MD5 | d543e75a191e078af1ff8fa8baa93e84 |
| SHA1 | f6e1673465e353a9baa3b24a5494eba29682a091 |
| SHA256 | 9a0796eb504ae2844f5203053eb498a25401ab566e9461f09ec2ead07672d184 |
| SHA512 | db416dea473fecbb0e3d29f67a5dea0cb5652f6fbcac77820643a8be040e2650c92000683bbb6aaa1e91f422eef865fe5f8a9ba02928217a410b648f42d199d2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
| MD5 | cf2d5296bec8f29ee49c0a440e768b14 |
| SHA1 | f0ad309da3c3d81b14a802e6e3ee554a60dabe30 |
| SHA256 | 9aac55f4509a2872dc7c57dc63f3417d038d5acb829394ea8245e3a9329a1f6e |
| SHA512 | 7f4359b996f60eed35e760cb4e8195a96eb79d12c94b92307bc7870ca138b4564c5f2b2e292d2c7c90c2bd90f1fb141f584506cdc25d71dbabcbd5f8b0512fbf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
| MD5 | 75471d98eb771b39f74d4964373b147c |
| SHA1 | c5e333b5d6f21d0da507565d7253831f68dec4f9 |
| SHA256 | f58ac30b6795345acd7b1f78d00d82401583958c4ff27294d1d600c69cd99153 |
| SHA512 | 3d55d90ca7ca41109c434b46a37a9482aa42750da5e926a194a07b0d9655113a96e6ae893b52e1ed671180d950cde29ead195bcc4c7baa2cd81ccc9c5db4430b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
| MD5 | c4bcb1974aa289e82974463e513adece |
| SHA1 | 726d3982ec44a2cd56cfe099740ed364443ca16c |
| SHA256 | 144b623d0b2b70d0c89f54bdb1edee0b08ac49925ae0ee7259e714345eb9f50a |
| SHA512 | 58582934d4fb10b6238fdf714c20cb22304a5fc1d7b24395dccba096db387d5fff4ec99dde7795d1b482e017b819cb5e43c5bef535738215b9ae6d7bebf43a6e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
| MD5 | d0c5a7b9e818e05e5beabc8b37a85b4f |
| SHA1 | 38b61851923bc08c3d5b4ebef6210db4298ebcc2 |
| SHA256 | 4f279224e585bcab6371bbf73cc81864376dfaa2986c98016d9f6bd7e9e710e2 |
| SHA512 | d25cfb2da1d0176cbbd33d3ed20eaf2780665878bc2ec8d09ce184fa3b2a6849c7c1f421ab535efdaaa5f273615bc25136d5a7434f453b464240adb9a982142d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
| MD5 | 06ddf197a304cbeef278e810da2417b3 |
| SHA1 | 1eb66077c44505b2fb5ee9cdd369cfbbe96f22f5 |
| SHA256 | 984e4d1b9901045a9761e6f17c4aa53087ed04a6a73e2e1b03a27d47cf95a587 |
| SHA512 | e73ebbf815bccb07009d3bd148ef2e77f2b5f2f63d66283312f67807fde1655269dfa19e69c698b04e32b247a1d0183af452d7faa704e851930bd20ca99c0d8f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
| MD5 | 264fc0116c8995dee9f7941b9dcc0de0 |
| SHA1 | 191484f63967fda3d16fb8195a5f277c81291ef5 |
| SHA256 | 688d5b5fcae362cf2c84f3c89c6defc935699f38469129b8bd0c13aeef11cdfe |
| SHA512 | 687c5d007dd344b3e98b7315adc6f43b2fa3aec2fea577412655b8a6e1b3f20ccd79e46f0ebb803982955c31e5a65da960cca06790db4f5e452058e4259c7107 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
| MD5 | 35c773857738c8cc308589098f9b61b3 |
| SHA1 | e708e718761677d308c2cd933de56a242f91b864 |
| SHA256 | d8866d88f0489deac881cd2aa093b34d383d4dac277693f32c922d8dc10ab5f5 |
| SHA512 | c1db37d881a07b68e1c389b29e9303e636ecb229384d273f71c56ac39021f5b7f7e964873faacfdec5386302bbba6f6ea1c56c4bb5e77c4badfe3982eb5f095b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
| MD5 | 0d256d178c2e070204215db1f85e13c0 |
| SHA1 | a04724a49fd92511ea95d337148c7824e4b1203f |
| SHA256 | 97b15d21644cecc6141734f6493dcf6fb43c1e936972d992d29a142923771d7c |
| SHA512 | 3f48a2928c5bb2832ef3c05fca4e851873fa18657baecf0f439334bf72f92f47219300658635b58588ad18a623bbbf213ca3e793a42ad58906121a43bfcd2bc1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | ae424a68fb2af73611dbab761a2437a8 |
| SHA1 | a7a5ba16b4cb2b03bb042b70c2ba08509b041d7d |
| SHA256 | 73cc2ef2cb4e75d36f5c940497a6e97cdedb89073dc0de72534e076d6c6e25ad |
| SHA512 | 3affe16b24cd5dad9caa1f5f8858d9573096d021b3d4b6000eb96551770a950463150154242ea9af50cb5832d3e5af310d9d67278bd9bb97e264260e49bfa1f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
| MD5 | 03026f32c5f8845d855714128e21d631 |
| SHA1 | 3e851573b7061715d0e8f47ab4ab84da32d19728 |
| SHA256 | 49e9b77119737e9d89c40a3ba470833da789e20c0cd536d5d23e36dd64dafc69 |
| SHA512 | 6fa695089bf2b0f287104e4109844f99362aeddccbd05c9be43c50f2966ade3e2962cde173fd2ae4bfaed23ea5cf9c536922626813f9bfbe62cd059deaf2ca90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
| MD5 | 32654166306da48858ba12367e714586 |
| SHA1 | 49b9f5c73d085b607f37901a3e9c250e05e0362b |
| SHA256 | 5359814b3a3c6d82b80e5fc5d7c5d1424dced13262c0487403e55940129d99cf |
| SHA512 | 5e2c781778f0eca1a9d37cbeac3ff4a08738dfe03bc4a310e0f3573787ed7fddbc73b63861136a0aaa66b4ca286c0a0f3f9ef4615f5d9f760403ca12d70e1382 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
| MD5 | 40434b304e50852238b195415af5187b |
| SHA1 | 9c90db3359cba8a8f47ace7d3165d5bd01a48b2a |
| SHA256 | df0e07147dee82150184c7e52881014313a37a17f0d9871486fde77955128a33 |
| SHA512 | cd8220198d731525575120d925365f1eb4df46bfeac4a69e7be76d67633d234686c0e5476623f8ce952b664f4a1865eecebb23076d1d529dceddee66e6a95790 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
| MD5 | 3509f8ef0a99bafa2f2c3ae38fe11e2a |
| SHA1 | 19a2e759ea9d74b22480fd0e44d6153c231f625a |
| SHA256 | bb84197616dc8e8858f4884028bf79b164e1c7d56d515a1459009cac64b3a140 |
| SHA512 | f180d9c7d9d2cfa9d24b85a8f23753fb3272d46ef2196cfc78c2458a80da6b09b7c1d3b3fbecd53b4f94297edd9804721f150ba68c3f0b34733b652bacc27f4f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
| MD5 | 9b1ffee2ffd295578a531131a8410401 |
| SHA1 | aaab1a1a0d2b41eeaf8569df4f4f253a7c1d386c |
| SHA256 | b5108f808d8c2de3c0b418f4383ae296a9301d29e41e37ae882ccc8a1c9adfa9 |
| SHA512 | fca7277b9dd598e39780879b8a20b05faa0920459b2cc1623999ca5b99921eb954e6df92d504c2e029b9a10e4de656d84f725d70b509f53ff0531c3c3f13e6b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
| MD5 | 0dbd1e5a657a0e660387eec2687cc325 |
| SHA1 | f6306411a95d45115b2e7844644ddc4320230a83 |
| SHA256 | 65775cdf8de4144612127ee1a9be4cccbad950ba61c1ed207d26f5a315d1db4a |
| SHA512 | 3829746fa3febe30d069e69e03045b0025376c164c745cb4faa4c177e7d54250691a4cdb57c9736b1ecc92b6d324d5b9db5771f9e25a97e6bde7062544869b1c |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | cb06c40fb12130483e9dab0ec894d0df |
| SHA1 | 66654520b8decd935b767e5188de10de5caf25b6 |
| SHA256 | d4dfd18b80a3fb82f810cc6dc136b0eba625cd6b729e3a576874544ac755b39a |
| SHA512 | 37fe2fb323a92619e0afb6d9b3c9a39b7c2a536398e45782eafe820bfaea816e0dae61e81521ae82247b3f0ea1b203299d24c3fa8d7175c93cbf2232dceb8c97 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
| MD5 | 4a3a75f232e1fdbe35ec1fb94bf1a748 |
| SHA1 | a2bc851e81687310406ac1c2116708d0d909214f |
| SHA256 | 64c8191fac0b1bcb35f65e2d6ded46c383ca98817b52a99395fbd3f8caf5be74 |
| SHA512 | 2ad255f784686bb61137e514354448b9ad22e30aaa995247cac0ffc49eca001d54418c3773e667481902426b491f469083c0944b52338b617c8da547988a4603 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg
| MD5 | e9980532d30168a8fe89846250472071 |
| SHA1 | c31b8066d1e597cab2b7ce67b83a5ba8dd588db4 |
| SHA256 | 9ff84f55559d59b75da28e10e1ffa7248b6f5715f0e4a126e3185f8798b72e43 |
| SHA512 | 8e14f4110a40232ba7360cc317891cc5ff4124a5e08ab851f761a74b8df8d8f545d0bf8d0a0856ae250fbef6dcb6585b0bd34d8861b5094593766232017b6ae4 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
| MD5 | 7aa0b818a4113175516894b33e99f895 |
| SHA1 | c331834e02f0a03baaf4dd40ef5e2a3adb41e6f3 |
| SHA256 | 0b5a17b8cd706c741501b1d30dc2550dd1c562dc7fddba023057b48ebb9d7666 |
| SHA512 | c8eb1331e5c695a2ddb81f13669b831d1e31528130f814eb62e16f4094c65dc1cfe1b7fbc7b3b419579936e000c0210a48fb298893207684d13cb0c1cfd46ff2 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif
| MD5 | 34b8d6bd229d9302d81139fe7dc09552 |
| SHA1 | e9d79f7dd51e614d71d61a8e196c95ca822a06fa |
| SHA256 | 0e4d7bff5391fa9bbb930922f62dd35f786c970a63a14fb80a482d835eb71f31 |
| SHA512 | 3691907f66d78cf2c8f778904678f2821ab1555010a5277201bf13ad00921255461c30c30f82f537bf5b5c9b3f5c90fee0bdf776b63a7b67457a5c150f1313fb |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
| MD5 | 1d1836b02dcf448cbf897265189f97d0 |
| SHA1 | 2514f529e1795c6e2f6f92065d194c9ba31a4b07 |
| SHA256 | 7179a94fcde23259219aff694ba90ad13c9c4cbaa3a73d9f5ce67addfeed7608 |
| SHA512 | bb74c57c38f20b809ff61f55b79543de3167fe6e0949d4fd78dd2ab9c156e9d68f4b46e247f99eb094bea0ee8b6e912999f3014109c349af673691ba7dabbb15 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif
| MD5 | 0ce7f593a5212cedb1e6c9847c510850 |
| SHA1 | 9b2599a91a9141e4632483e36eb45c149adb44a9 |
| SHA256 | 2699f0f85a3a6fd6ba7b223eb1a45437a89f186bcb312b42786dfd8ceee50b53 |
| SHA512 | 2c5ff148cafe1c28384c1e02c78791d225ed7ef7039fe79ea08a2f4329bff51b9e07fc6ac89cead8d7cb8960a4e5df449d410560f866d174b68d926eeab08413 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif
| MD5 | 28ab2a193772b3d47cdfb7ac311c2004 |
| SHA1 | 71782f5639da464f39c262f4b45a9c5927b40274 |
| SHA256 | 259075ef3b6609155d17a6c1e73d272f4c41fe46d5d024d88b88305535965581 |
| SHA512 | d25b0c003df4bcc8225ae25457143eefbed1e231b71571694ca25335a5f81b9d44c7ca026482fc8b2b21a02f8bda6823429766fe6033f522ec3fbcbe7ce9862a |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
| MD5 | 8287ea96cb08582fca386b37bc474fec |
| SHA1 | 166d18e2cf8b200dd7c9b9cb9192f8d3e3f520e9 |
| SHA256 | 9fe45e6d150b703a4974ce9e956b265db742cfb9a66fdd112823be3b5256b013 |
| SHA512 | 93824fea1ae8a188bb88070f3867d6452094669ec86c7ce042dd476b8e79b57bee47d030bf1167c7ecfccfa8ef4dc3a00cdcf72c326c0701e677759a0416cafb |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
| MD5 | 5ceddcb22b10b4b11dcd0688038ff539 |
| SHA1 | 00c17e6ebe477f9cd1e4aa163002e33274ee33a0 |
| SHA256 | 92366fcf63bb17fdd37338417857541d96ede2281d3517a1407cfa684009d36d |
| SHA512 | 529f2223b2a86065a12fd79b4ff992c1bb72b8286adaf43062e72a7ea29f70f88c32005cf93759c4022011d669b5eb2499123866917c0c56058f5a5004bd6e3f |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
| MD5 | 357fbf42ef0508bc44b271f28fb6420a |
| SHA1 | b9343cd2d5bed9a98150519871a9a58ce80cfec2 |
| SHA256 | 6241b37e7a4ba7856571f24066d05170a01127fc6b50760765524a312f54f976 |
| SHA512 | d87c12ba767ecfa063e0dcb0438179f6560ff6197a6140609c8ee8f18bf8b2e81dcda0d2ea16d77971fa14cbf59b4e913ad45fa71c03d8ac7d98a1975d9a2061 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif
| MD5 | 5d8fcc29e88ffc29db1fe1825405ef74 |
| SHA1 | a0c963addbd06fcbe36cc64fa3fec7f3ae20e59b |
| SHA256 | bbe0ed4cb25f74c39f6cdffb6e63ec13e6f3b41298df5f8a3526005d1b0988bc |
| SHA512 | 52bcb14399b41fc46a17f05061e5f1753dc1ac4bb413914fb6230a1587e19f05917b1a7b3d71a00c2262bb5d2199504627ecfc3c28b2b1f399db332bfd720259 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif
| MD5 | b4098e9d79282245b59849f54f889703 |
| SHA1 | e736d78a7f38408b6efae59ba30d38c1ab43d0e3 |
| SHA256 | 3c1d92680cf5b0434235800d1ae866d9e3183969ae0275ac38fed1b38b183030 |
| SHA512 | cb3114c731f9592b0eb5a7dac0d7cf4014fd1ebc16a25d250be4ae66a6a6dac591f7e3bcd4f8314a47d0f2f9cea669a080032f3bb351604036bbb68a45e5303a |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif
| MD5 | fee35a49a8dde45f6e0701ab5aa27a9b |
| SHA1 | 528eb637978350ed17c9b2022fe972cecfb9b27f |
| SHA256 | 445776130c7cb28390cd0e92a9c72f6e58c6e76c9c4a0c85507ecfa6f1d90119 |
| SHA512 | 696b1ea1172b9e391848b95262cb4fcf596956f5c6f0798db799fe57c4699f1e1394380be46adcd3e731f6804f43c37e2230f2a65089441bf52bb2df68ac84bb |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
| MD5 | b93afae955631b4ee22fcb8260cf111e |
| SHA1 | ffe19972f652a2c6b84d5a5ce2a774debf6fd849 |
| SHA256 | 362f60cc08ce5f66edc74d0659a07d61cb3a6921bf751dd27f67b0a130193cc2 |
| SHA512 | e9b165c241c75b841787f3a1e203ae50427512f5ca3f5cf3cc77540e1469994253fc3bba2230c27d9b0c51877881a36ae19e901929b2a3f6be4caa291f7a5c82 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
| MD5 | 1a4aff43c9d4e13543abd603566b10a2 |
| SHA1 | 08d5637a26fe7c21309223d8b75d789a2081402d |
| SHA256 | 69583f6ee7e97e7af96a05d01681507a51a9619a3f315afa9bb252783c204dc0 |
| SHA512 | 536d3f4bee52c563c76fd368b2f53390c61dda51ed3ac1019facfc7a3a86385f422a1e8a91eb50c248363bf208c132763c3570808654439fffbb60482a760786 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
| MD5 | aa3bb6b3dcdc22b85c043efe5d06fa1d |
| SHA1 | 2a17ecb1ade5fbc863af9da1b158e51a9948a324 |
| SHA256 | 394c043357e59c63808282e8e10344dd88ce0dc4821ba3a5077ba2ff3708a5ca |
| SHA512 | 5a09ff78a0aada43608d5f08a8e08b7a967392c9e58286c6b835f0268395de55c0908161509e38b9fff1399be5cb31245be9e9f4c80f1159f9175ca0a482661b |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk
| MD5 | 6be85b705678ec1dbf8c5b4d3cf76125 |
| SHA1 | f25e9d1254ba62657a545f632ea9d9095ddabe1e |
| SHA256 | 3157d93e18337789a7fa554614e22d9bd4ee0191d20c1395b0306865144af9f9 |
| SHA512 | eb2bdbc18d9a3e96d57e3aae4694ee2b96dd9232894b2f900b14f2545f510ddf8d06f1313f0bcb181e15c5389c9977427d855cce5a142d9fdde5ba9e753a51fc |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk
| MD5 | d003417199281fa17db888766eb06784 |
| SHA1 | 15a1a90cc83a7ecd16acee2b674b9d4d704bd2af |
| SHA256 | 2b5062e5e9343610b78e6a787e8abb45b1bf8c89d294fc890c33f7a07bc3dad3 |
| SHA512 | f2236889221e60683daa62e77ae32aa1987ddbdd78851f4891f5e9a6eec2146810bb04a78297aba395b3f8678625332113355c3b70da37e734498839cd4531d5 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
| MD5 | 367074b893edfc7549b1b59d23cdff78 |
| SHA1 | cdee7b9fc20d23253ccf63264cf3ff17bb300d38 |
| SHA256 | 2dec6b110c87101595bf4abee4e89d2982aa2ff427db6dd48dc61369281c017c |
| SHA512 | 33c961190c7c1b3dbc85e3b7bf77342b5ffe71973c4dbc9aa69188a08af8066e469ff0178445bedff44eecd18ed65e21407b8e0e23603447898e2b1a64385547 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
| MD5 | 4f5cf5bf7c83346152e238e2d044811e |
| SHA1 | 78971337cbf80e35d35d1bec9c20c7bc53af16ec |
| SHA256 | 28080934c4d3be4e8620dcb8adca5882a0f6171d3546cd2a8646cb3dbc7ce48b |
| SHA512 | 7298adc1af3995f33a1843f537e905f8a2c97d05d1e6b2ea56a836ba3aed7581d1283ccff615b83fcdf4ab9734e146972209d7b564afce5196d9823467d7c74e |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
| MD5 | 15c587a469f8c6fbe88b7970aefee2e9 |
| SHA1 | 73077c72ad5fed8f74352941b4d3a1c4925ea271 |
| SHA256 | 45e3b5e4f77fbad3e61ab7bded28f09f6282b073e31d00c8982a2fb5ad8c3916 |
| SHA512 | 86e3d44388ffbe257eda0659fd5c34e0e22ce8cb46bb26e66c6f3a6ec325e1d242874febc0f6d4b30c635b5b28352b0dff8a2f286fbb6a3362bca521b2928514 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Windows Terminal.lnk
| MD5 | cc2b098b3d3f7d91de24ef8410ad5459 |
| SHA1 | f2cd07828228e948b3152485c2c28d9d4b00638f |
| SHA256 | 6dc89140a2e835dd96b30c14480c1922c66b72b26314da5f068af01c8845413f |
| SHA512 | b7a52ef82140dd222a0a0210d87fb5a667e6680883565322165aeab6ac535e51f1adc4836e82709eb64b44bd8784b94787b158f4b690b93292967e9974dbb3ee |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Windows Terminal.lnk
| MD5 | 5d4ac576738c8653bdec88449f1ed49d |
| SHA1 | b4e9d0e665c6e926db83941becef60bc94ba41a7 |
| SHA256 | f10ac73b749f051461ab90865ce2d13fe9fbaebfded7d28ebdf108edd774a1dc |
| SHA512 | 58859b0dea528d5b017df3ad2ac1bc6e12fee5105e0a455a082c78887ff0b1bf89a5af7be18073b6d5381034804990a42fef04b39cf6c05ee83a5bd40fd319f2 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
| MD5 | 70edaef6d8cd0346e6319e2a5f70ad6b |
| SHA1 | 65d36b5f642557d079c24f18c9d7e70331dcfcfc |
| SHA256 | c425a5c0c445e670a85e0a0bffdb8257d6ea498f6e83c89f9f45c3ec4ef8426c |
| SHA512 | 830e9f7af83e6408bc566fdd1ff1328e306b243c94a0edaa869686388e106a5190c0a4f30c62d850ddb7f599e39a387fcb36ef20f0bae96c34741dfd4ab37844 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
| MD5 | d1075b94703bcab2091b91c42779a923 |
| SHA1 | fa394ca0748ca2405037568b6c837f7a1cc9161a |
| SHA256 | 0bf41083a96b28e1dff336547aee45bac19179a1b21c48917164bbe7bcbf8c9b |
| SHA512 | d32527f264d305c986ccbd7984e8e0fb5aab960f00efaa85abc25841d6338bd688235e27a0667560255a7a12fb6429b278b9df0724c9432fbe0da50cfd0ea31b |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
| MD5 | aac1505d6ba272f15bb23d8e31c14597 |
| SHA1 | 063317bf2879b0789eba278fb7556d458540a87b |
| SHA256 | 73f627e3c22ecbf056fdaa13274fbdaa8ede2a10feee2464ce253b6543575d64 |
| SHA512 | 0d39d0a357ed0777fcc8adbb9fba508d94f16151e4eff8cc17172130a9424583a9d13495074069b99822feead16b164ee6cdd2b826913692d08ea89c60245a60 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
| MD5 | baa943a9bf5fe8ceafc412b14531c032 |
| SHA1 | 06128103c233da2147da3b7c52457503ca86a55b |
| SHA256 | 4d8d8f18f3a3f6806b00885350c96470dd134c244a095026af43ee3f05e44414 |
| SHA512 | 3f933e0be2f5e5f82a7c90d799faf7c41f4d5100114551f3bdd1b7c0fe3ff85b4850d03846d839890a960f4a713c7768b6c6539736ca92385e83fa9bb63f6249 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
| MD5 | 483faa817235c535bf8d73bfcf6d9c94 |
| SHA1 | 8b136c8497e58e78dd93e539d22a161bb4fc7520 |
| SHA256 | 91392bce02dbf197d27a9603881cb329d5dca609316734c360c4c3c8feeca1f5 |
| SHA512 | d7f379f0bcd039a3f88571de81a249832300cb8aafa3da2c740a424729dcce270dd8178206748a02919b1c04a24048651dcefda78172b8ce890bda268f752df9 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
| MD5 | 211483a2158b516ff8b27981c4afcfbc |
| SHA1 | 434311a2aadecdcd60488b6c337e04cfac626de3 |
| SHA256 | 6553c66398b3920250b005b31de79dd67bbf6c48eb66846e965fa1d5007f4acc |
| SHA512 | fcdf4a67d22d353e812cc731803ff89a8516b95b7ffe5d0b1fc675dc4ce897578501e55025ee0b251cf3e39e6f25f98872136c4aa3f1354f2bdb31aa8c53215a |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
| MD5 | 54cdd2245ecec5e9785ee49ca24d5588 |
| SHA1 | 011e4c62c05e6570b167741c16ceeb28e34c192d |
| SHA256 | a4409e6da870db1c9ef10416e710c6fcb38d57987f5db99964b157adcb9fc7ca |
| SHA512 | 4ff2c71119854aefad48ff84cb92705e517e47d3c406db3c6da8c509ff5a8e52cbe6bc53a92c4dd698518018c50fcfa2fc073afe925310d07c0731aa0d004f43 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
| MD5 | 39d044434b7a042a1898999b429a5f80 |
| SHA1 | 628e76eac8ee410c02973f8fcaa6ef04b455e0dc |
| SHA256 | a322c2067eaa2ae697dd422a944995dc4cfc6de79fc8f668f15df743b79ce0f6 |
| SHA512 | 7f826938484189f5a5ea0b4a272ecde9f306c4953ba282f5365b053bb8ab6d8a0ddb0bc72c59c59bed633deeffcfd82ec9fd93f7762c83d307c9709b1834db81 |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
| MD5 | 66b3f58dbcadb250f8cfa800ebb7f516 |
| SHA1 | 69fc753c656cccd10f8a12471bea255d63f79562 |
| SHA256 | 67872e6dbeb6a4752f5b4b1aa23047913c59963365f60f9ba4a79aac36404f27 |
| SHA512 | f6d22809e2419f0b08377be10697145f71c301a59ca79f42b34a1aac3d21025392ad8a1ded8162c6852b82ee7f1adb1794b2dbd04883a5197a22facf9c129599 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
| MD5 | 6a3bcf16fd6d89fb5029dcf774d51842 |
| SHA1 | 89821e41c97c6f0568559b05274179c85db727c9 |
| SHA256 | 96a788d678c5599c36b33e122701823c9ec7f8b01a09b95d9227850a6a9d5230 |
| SHA512 | 38bfce96a6107619e2152cc29a62f919674bc71018ace0573950ae5f44a4584353569cd5a60c6072a13267962316861c265244d4b40bbcb7a31b37076cc33171 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
| MD5 | 955355b2a4844a936524c359ca9f4f4d |
| SHA1 | 127f9b9d4766ee23cc556d34ba80476aa8932814 |
| SHA256 | 0afdeb209189f982f405729512ea90e00ac73347ea17771830bb442a1350c5ce |
| SHA512 | d65148aeb017ea9ecb54635507fa0c9e567c816a76651a01846681af37428c4d85eed1fb93fa52914cfe0872e41b8fb2407baea022a761f6a211043503d07759 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
| MD5 | 0fd051c53c2a8fc6f24164c37cb7dee5 |
| SHA1 | 022cec90d72d8edd22cf1c6be7095ec3e39cb820 |
| SHA256 | 5ebbeea80c75e9965eb6964dba73aa99ec5352126855f80ca0f97fec8fb1048f |
| SHA512 | ac88a0f047390238828686f043928b49ca93381a7db326a17a57201eb541b9e83ac89dfd251c8ce078ce7b28d6178d802feca6c6590d0420e8d9215a53758551 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
| MD5 | c8d0fdbd9a21dc4471adb5017b96933c |
| SHA1 | a06f68426a8f1a717082dd47ba239cbfc4789cae |
| SHA256 | 758bb29afe42b06b8188413de911b94ca599ad676db966ddaba6b44775ef8208 |
| SHA512 | 319765605e84b1529400bdd323cc7fff6f016a77f74d5d1d52a5d0d1df768bf57013dd6e6bb39dbb440ea0b6fddebb009223aabbd2685b2e2d60da5a5df1f040 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
| MD5 | cac2e208180c4425df30e86e94e06b6f |
| SHA1 | 9eea2a2deef253dcc15c16c72562a29c45deb0a2 |
| SHA256 | 40fcf8960bcae5a90e39bea017af98c2672c016d068a3de588e1cdec39f73798 |
| SHA512 | 1583fbf39407fa540497aa5d0dd6312c5cc31d1057e50129d00cde140696697c2eb7d0541b00eed90d107cfc84c740e0358408c13b18cc3ed7dbf6749bcecb81 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
| MD5 | 013b13e30b5265fcdc390a0e8a142b08 |
| SHA1 | 7dd5cafab90dc4685d1c04af0ac8b131f5b447c3 |
| SHA256 | 10ab57a79714105327f30eacf1fe8131acf33e99605a57298e1a7ba3eca1faca |
| SHA512 | 258d957ea81b3455e38b6c7efd18fb6e4cebf78fc0cfb71651e8a03c6945f0e791de2223624e1d00b846cce4f5d45ace59967fee3137be856fe56e82dec1d5b5 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
| MD5 | 4ff44f0bb6c1b17361a56ad26cae637c |
| SHA1 | d0dd94d4fa3c046e0b79732af4e033b0b2cfb224 |
| SHA256 | d03286e31c660cc7ed2583e8ed706979ddacfbb036c6e152779e14c3ec96304f |
| SHA512 | 681244ebd55e0c93f03a782412aa7ff503e6c9a415f8337388cdf8d0eb699c133d30a42a1643cbb0bfa4216025eee0636fcbcb75d346df6e022cac2451872c6b |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
| MD5 | 3f9d1b0cdd7da75bb7cd70e0bbafb6d7 |
| SHA1 | ea64ce5f3b708c5019e895a31eced2603b024d96 |
| SHA256 | 02d8b25d1815534e776390ec31f17341b1213defc4e3fc9c0c7c24844e9dfbb7 |
| SHA512 | 2fd6fc87ddc2af4b54ebdbd03858b5b9b8b6743ae487bfe4489097b28f47a3158c728bfd41919fd84a40526c59a55197e4045632bc244496c966fc3524a57158 |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
| MD5 | 2e8e024cb7d908ad3d7956caeebbf2b2 |
| SHA1 | 2d6dc06237a5702894066a6464a175f6ea250afc |
| SHA256 | 093828689685616b76a66950b5d15d7d516edcc6ec9bd0988f142643dfb1d3b7 |
| SHA512 | f4770be7b00481b1b0fae66887b2178a34dd96b9830a652bd32eb4e6714a9b737a2db6174a0183d40d2a86082c2885e99431a015fca0508325c7e1a9987018fe |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
| MD5 | e6b4aa01470b2765a170bea9dda2bbb7 |
| SHA1 | ac341ecf8f3faf2eedad97373b04348d7a4c84ec |
| SHA256 | ba36da709007c0cc0f3b3ec8bac9eebba4e86e70590371798d3e0fe2738a2f0d |
| SHA512 | e30aad70c1feb6ae12fd96138ecf5ae6ec4df59c3771454d146cb0b40464add12cf58662efa2c85b0aa164ef6c0e77982242e35cf1f17c6efeaac3d1ed0b163c |
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
| MD5 | 3375e0355cabe82f489b368048fa1abc |
| SHA1 | abd17a2a3a4edaeaed48fe5ecab0a1a4046fc17d |
| SHA256 | 64e83fe66075c5bd8a75e4ee4f605a926273319c2d86b0e59564de63aa37c932 |
| SHA512 | 8fc0060223fa763cef4e7df4035ae283ee138d8c13df41c3d299c796aaea62a349c396c17726175054a14a58000c6f1893774255a269c8b9349db7875d719ec3 |