Malware Analysis Report

2025-01-18 20:57

Sample ID 241124-xxxenavkdt
Target 9690a2513021c69025be547b2ce313a6_JaffaCakes118
SHA256 f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395

Threat Level: Known bad

The file 9690a2513021c69025be547b2ce313a6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2355) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 19:14

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 19:14

Reported

2024-11-24 19:17

Platform

win11-20241007-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe"

Signatures

Renames multiple (2355) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\F12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_4efa1b843efa7081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_c46beb959d0a84d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\where.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_c8fa9d09dfae827e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_dbd9e98589d41a84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\makecab.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_6b231d72554c7580\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_35c52a008b0fba12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\schtasks.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_4456a4584af0a603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_645174b93fccc225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\icsunattend.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lxss\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\choice.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\credwiz.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\runonce.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scsiadapter.inf_amd64_9a76d5e774d7d362\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_f58b8f0b8ba78d73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_59f44e80eef3e979\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_ffca298fa8c88825\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\shutdown.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_ff98be8fc57412d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_f67fbcc0a7a69ec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Taskmgr.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\WinMgmt.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WinRTNetMUAHostServer.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\printui.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Register-CimProvider.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\cmdl32.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_0d7df59d2945d7ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_c5faa879d518215d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\setup16.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb4hostrouter.inf_amd64_acb1b78bb0ae3528\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_62309e307087c8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\attrib.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\cliconfg.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_6d6f452fa800ed6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_28d2271d20cdd8d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\hh.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-black\CameraAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\contrast-white\FeedbackHubAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSplashScreen.scale-200_altform-colorful_theme-dark.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\CameraLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_x64__8wekyb3d8bbwe\Assets\Xbox_LargeTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h2x.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateSquare70x70Logo.scale-140.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\1113_20x20x32.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-lightunplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\CameraAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\GetHelpAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\OrientationControlMiddleCircleHover.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\FeedbackHubSplashScreen.scale-200_altform-colorful.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\PowerAutomateSquare310x310Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-200.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-140.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-system-remote_31bf3856ad364e35_10.0.22000.1_none_a24e7f6ae1e37f38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-drivers-backup_31bf3856ad364e35_10.0.22000.1_none_846e937243d6fc53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\InstallUtil.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-search-adm.resources_31bf3856ad364e35_7.0.22000.120_hu-hu_e3f1c0956dbbe4f3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..-oem-core.resources_31bf3856ad364e35_10.0.22000.493_zh-tw_f8be6dae16ae68ff\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.22000.282_none_508eb47719bd4e14\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\Assets\GetStartedAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-van.resources_31bf3856ad364e35_10.0.22000.1_de-de_28629fcf3746b792\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..nt-extupdatesupport_31bf3856ad364e35_10.0.22000.194_none_2900f65c78344942\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..omponents.resources_31bf3856ad364e35_10.0.22000.132_eu-es_94ccd14ba3ed3741\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.22000.348_none_67702744b34d2d9d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..loudid-wxhextension_31bf3856ad364e35_10.0.22000.282_none_5e5c62376a01230e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidi2c.inf.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_874042d7c1f2eaa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ck-mof-onecoreadmin_31bf3856ad364e35_10.0.22000.1_none_7005870033dee5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msports_31bf3856ad364e35_10.0.22000.1_none_edb56271286e8f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bthleenum.inf.resources_31bf3856ad364e35_10.0.22000.1_en-us_d28ce041e31ba5d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.dynamic.resources_b03f5f7f11d50a3a_4.0.15806.0_es-es_0ff49fbd21e4262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..onment-core-tcbboot_31bf3856ad364e35_10.0.22000.493_none_fb990c63ce4d223c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_3ware.inf.resources_31bf3856ad364e35_10.0.22000.1_en-us_9bc6529cefa01c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..us-runtime-stclient_31bf3856ad364e35_10.0.22000.1_none_ffd1e48769d7122b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.22000.1_ko-kr_ebe0f0ca22136345\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-queuemanager-core_31bf3856ad364e35_10.0.22000.1_none_d5fb814a6462b89b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.22000.1_de-de_7a5c6bcffeab1831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.22000.469_none_5669b3acf1ecab58\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_10.0.22000.1_it-it_0be70be135554273\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\INF\Windows Workflow Foundation 4.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..tionstask.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_2064a1a2cadd19a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.22000.1_none_7e68120c07e187ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22000.469_none_160103e31c4d8d88\wide.AppsRtl.png C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_6651333fea26662a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.virtualiz..ent.rdpclientaxhost_31bf3856ad364e35_10.0.22000.318_none_a2b8c3cbfab6fdb4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.22000.1_es-es_5b34e1d83c1007b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..oem-coren.resources_31bf3856ad364e35_10.0.22000.493_fi-fi_c8aaa82e6d0088ba\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_10.0.22000.1_it-it_30a1e879a237712a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_10.0.22000.1_uk-ua_02ad8fd5e9aaa2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\serviceworker.html C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsquotamgmt.inf.resources_31bf3856ad364e35_10.0.22000.1_it-it_49cf9f473b56569e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-textinput-helpers.resources_31bf3856ad364e35_10.0.22000.1_es-es_cae8fec3d93edf41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_10.0.22000.258_none_86eaa659f684219c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-cpfilters_31bf3856ad364e35_10.0.22000.168_none_d68e4983ab179898\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-wmstoastapi_31bf3856ad364e35_10.0.22000.1_none_57d6fdb38343655b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_10.0.22000.1_none_5f47ad6ea15d43d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_servicemodelreg.resources_b03f5f7f11d50a3a_10.0.22000.1_de-de_88bca9a7dead052b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_10.0.22000.1_it-it_53270c50f5d97800\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.22000.41_none_d953965842a74af3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.22000.65_none_9f7612893c144c09\f\smartscreen.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_10.0.22000.469_none_5068c33738f76e91\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlanu.inf.resources_31bf3856ad364e35_10.0.22000.1_de-de_13bf990020db7d76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_10.0.22000.282_zh-tw_800adcbd5c7d85b4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_10.0.22000.1_de-de_8e61b485e903ab83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\serviceworker\serviceworker.html C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_10.0.22000.1_none_9f2fce759e7ce308\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..sframework-mscandui_31bf3856ad364e35_10.0.22000.120_none_905a565698e9d2f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..xtensions.resources_31bf3856ad364e35_10.0.22000.1_de-de_6a8c495aade14997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.22000.1_ja-jp_806c4ae4995eb8c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec\ = "MCZJGRNOTVEWUIU" C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe,0" C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9690a2513021c69025be547b2ce313a6_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2e07d07f927a600d6f86d0f2c149828b
SHA1 2cbfab45834837739f49bafaf63f1dec1cb96acd
SHA256 7e56f0e84c96de7dc45391cb351be97fe564a8275bca88e647f03694572a6926
SHA512 f9f6c33a685f0b324db426f1027fe61b2f81ba3842231c76ce7394912ba9ac6cc285bbdf26d247df03bc45fa74450d1d4a1c89eead09e41d6496646737148e7b

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.pizdec

MD5 a0f37f3b5889c51f327baa9125d2eb47
SHA1 ddb1b332b8ac74a10c6351cfc81464c4c5b48ef0
SHA256 af5525e659bf85c0a7118216b68f7f6cac015cf520652f0699c1de1655b22716
SHA512 7523f38e3fd5d221e98486d4587c7b16a856510ec20ccd117616f6cc75c8237416bbb4994798dbabe7f847202a035b18411c2c609b728336f07f3c38e79469df

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 d9847285752a9a825ca41380c19f4e80
SHA1 891cb978792249bcc0f6ff6f41f7952cb678b3d4
SHA256 beb3e8a5a1fde77e70f62a8423089d9f86ebd4a5aa7f25f3ccf3818db59e56ad
SHA512 17e1017fc131451274d57af347e29581ef4806fbff01beb853833934ffa8ed5c9f2f1e66767c6490d749287b01fba51c567d80abc8f95498962f7f01a999a5b8

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0a27db412e060435794b2508ef45ce6e
SHA1 4d7d8d692b5355e97d702200a760a416b3595f6e
SHA256 bf97f03a22867aa37f2f701cdac340f9138c9c207db41c75d8f69c3fcc3806c2
SHA512 2029a8176aa7b57df8ee8f6b8b4d2bffb72e95d81a87d967a54c834abd89af363b726547f41e24f523c5399133fb3cc512893fc5dd75dcdd5f8a1746ae261899

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 39df7c518595f3f5240ab4c1a2b4a60f
SHA1 2848778f5107cc5318a4e71ecb6c3e45159ae622
SHA256 80f086bb75abb873775ae6a11ade58de8ab3091e3f338107f9cf0aa9d0f18bb7
SHA512 246c9b32e4061e1fd98212c3a9652e6f6aeed1101b822d7f045160155a1f2f6a53d41b69f226e55950c85cfcd81457849ab63e9042e5a8de9d8a41884be10009

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 290804897c1bf5d3569aba7c237a0b1f
SHA1 d6997bab44fa317e677741cc6e79991dfb0c92de
SHA256 a16d44eec86e01db24a4d25047f1495aa786eb2d06449ec553c8b3e36404f5eb
SHA512 a79dd3b9059d13af78812b5746d35d4ede98096f86825937789fc888538949c71243f5ebcd8838ac45c4f0d85797c38f28ce88523ae96402cd27f308c577ad55

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 35b5f99c921c69183e21bbbca058338b
SHA1 f59332407501295419e377757bed8762ec3d7f2e
SHA256 f48fcb309d6fdec19a0b2dc8903146b236c0bee0d1d44cfae8cfa382e2f18c7a
SHA512 b59a2e7602ad35ba941b221d557926fa887f796ef82e8d41b5c47d9beb606adcdcb9d3e2025c4031035b865a7197ebb96d1213d4d7aadd4b6d9faad141507c02

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 d6acb60165ace5029a201c7649fae506
SHA1 8e12e77f356dc60bdcd22bc2f2273730df1c536a
SHA256 eb689ddb71642107e24456221684bd7ed2e35534852c9cc8c5b69afd33623dca
SHA512 a698a5902daaf1bac42fd1a1b6532198cbe7cdd3b07a047681b3e6329993d7f11d39db459849758cd9762de043b622671f562ad5769729208fb773705676c89b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a3724b4424d4fd28e2971e43bd97b299
SHA1 25975e6616aa5035277e7560cebf04659ec759ac
SHA256 6bf8b43c9083adfd35911ad904df2a183d84d3101d57fb76b15c6afecf55acc5
SHA512 e64b62f63432712102d6bea98237d9a4a736975bcec921082710a736c30a6198033f7cf81e882d5a033ecbd3c6b18884946143f4062e63cb876b880d8c29b91d

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 4e3f45b5b51504f37c98eef69b66af93
SHA1 7b689747a340bcecc6742965b2e0e60847c135d5
SHA256 05930bbd7ad701ead1d655f4ff6afa16c832fc7365b46f98eb9c65dacd381c85
SHA512 eb23c3c234c20d7a43b04ecd1e683a1c3b5578678b99355d8e38f1c00b5cb71f2323364fcb24463ffb98f4c60ead7c49a9298ae33d112f30b4dd0ed9617a489c

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 f128c222dc59a55d44ea142a891cd244
SHA1 b3ae432b9dec073ed4ad6b44fa53b907fd96a4eb
SHA256 00f4533600dc74f78e37918f59f5c22d1a44b0e5d680332111af396b61a319c3
SHA512 0d462c7da005517a5316f0c82be4b163374d06399a2e350726115e53632062991117e6b9d7ca5e34b386e9734aad12ea2e2475f9cdf4065cd9d95a7675b0e313

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9907bff3d816a808beafbcc0e922e796
SHA1 32a82cce325e76ab3db5a9538c058431458c24d9
SHA256 86df4e651ad9f1bc467db2c3b61eb8beaf50e426973260cd1c4ca1136c81d004
SHA512 8e334deb7ed96d1036bb199b81a18a3c6baf7a2cc8c62a0f2f8a34580c92b467013179c86a8ef020427252581c45a91be9a98adcd5e493017b8d4cd4d801baeb

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e483f162befcedde198e443ae45b9e42
SHA1 c1ea1e482eb9f593b6baaeaea95aba7d50b90892
SHA256 c729bc1d1f0a4e8dc967925fac131ece56ef072bd4e983384fbe2d87c54213c6
SHA512 29d49a2cc199ff9d00f3f78fc276e4ae16944183b8fa8c5f5cb0084cf11361b03629140475f7900ca3659b1e94bf6edf408ac07899274709981104ac2da6498d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 81eb024eef46b1dbaa3351a7da89d1f6
SHA1 e638ef27518ad13aa86f1b817d08f4d0205c461e
SHA256 f0f839db2d45cfe2c35dfd55ecb03327b9a397782af87bc004eab0e956d5a175
SHA512 7d1c3074752108a71c9dd5d7ed3d1e0b6663e17067723485eafe2b43c7e12246242b249c13d4593fc256ea83c4c4676a9d1508de02e3a9b5fb324a6c45259636

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 fd998ab9a19cede72ca8b33ac0fbb17a
SHA1 bf12d2cc7135db632dc490d374aa8f708bc7c960
SHA256 6e046ddd38c821864e9d4f4b4b1c30ccf37e7ba846b42f019cf938cb1541f927
SHA512 bd907186b0ef1b4c12b7fdc1833481b215fc9f0b6ab5f72ac70697cbf9d522ccdfa11df8eb47f03b4c43dee839c4156e3a08dfd9ab2e7bdf9dda2ac5a1e9794c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 2970049cca604e96b88541911d9e1b73
SHA1 b6420322cc3437b1de4c65ab9214125d78c4cd28
SHA256 0a3258a128d8ec6cffd48085eb9bcdeb618bbf57059b651c2983dc6c906f9294
SHA512 6289a6b4b01833d75e76f291cc581b2a8cf5da6b22c41f58c846a937e0a687250bc72590e5f92b3a3026e7bbb82197629953219cc11f77dc964bcbca280925cc

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 4ad79d8046e0893ea9156b1494d6639f
SHA1 567433e6eefd3b7e79eb6b7d8e0cf53eb6234715
SHA256 ff80f64e6048cdff7c15a23db7afca35bd3ff8cc83f5be333a737ed9e2008312
SHA512 2cf2be533ac834f99ece0005858a8802db84981ddc499084ce18c36dd792965ad9ff9b326086f6331cb8a300bb9c6722cd042152b5c6705eb32d0b58d0bb36c3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 ee78173686721e32c49cd005eabc884d
SHA1 754f3c336854aef54ba867dcdb8a406271e4be02
SHA256 1c259d79759e289974e0fe9b65cecb37006e7d56c5e73ea4a90f1fa21ea1fd99
SHA512 6aebd3979a72cc4f844b86124646c69dba741e3e4d8a65b928209f7d28443b4845c5eeabe2a2877153129ec28e0e48763461b2e357eac2f2a7328a20664728fb

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3757a65f1b043ad5f2e4d7f1131ec8d8
SHA1 b0fcae40d74d9901e32027ab22dea2c201a5e501
SHA256 fe5fdaa28be2f2b67f87f863160adbed16b91b294505b8a43ac88b37e9ae592f
SHA512 0a91fbe77d8adafe8a3f48027121cfb6e9e45d3b9adc3e90f5397ecb7a3c33f0bb3b7878dfa4fb5bd6eda388513dfec4fa795f826783bcf1e5d26ca63eb665ae

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c375e83267379a6ffe9dfbb5c83fc6dd
SHA1 cd4e9759a173bb3ef39bd5a3b9d582641277cbcf
SHA256 cf81eb18f73ba30ce7f222e4d50da38a92866a04839a6c3bc1912e73d7387655
SHA512 ef5c568a34d2d0493a846cd11afdac688cfb4e4c4b96b08241dc32adf3448f09418c7f495506520776dd527cdc43491277d215507e11361f74e4b095efc32306

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 18b931fb55d1c2b087faa80882f32ea4
SHA1 b84b9449776c28f03b7d94d87c280878ebb65867
SHA256 66bed9b7bea65fcc7cac98baf2aeacaeac9e33dfcf463f0f5ed24d548f746042
SHA512 ef977a911bb1966c8df1261361195c2b8a023854e3ff24c9d08a9b830c7f0e9e7dfa0cde37955c3edfd7ae5a1129112fb52c89455d01b42026d71c7d7099fa25

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 e64951cbdb969197fe72f3581ac1bad0
SHA1 dc21f02db126a3994bc2d050d9eeb940488fd2e1
SHA256 27718612bdce03abf39d748c6703abc0619e15b3f1d238d9c1bc83a1272571da
SHA512 deb9905e9eb9217ac3cbcd1d4dd32feec2ba4e86be40694c7a37b80e026c4cad4a35f45fda142021689cb6b81f4719a5b5357a63b19e88d07849dce9ff906b69

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 9a823026b8f16d72f6bc6abf1bae725d
SHA1 d000fd8e500a16e57242eeb726825d899e15c7e2
SHA256 dd7e0f8b8f885df94a4fdbf8ecb481f95ac91c555211faafc84c33e495a42181
SHA512 fd2e9aa7a3733f6653617b1c647e1d61303e1e53649475672c520ab3a13e0e859e9788c2afa7ce07a3a4a0a14cc5404d3da558fb5f5d4e6d634233ce1b86ccfd

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a671fe49128cdd13f50979d74285cf52
SHA1 abd4def68183db357247d98424531179f7d47477
SHA256 e1ae738451a0ab4eacc76bedefe04bbcdabce071fd5196846e2470c3c41e84c3
SHA512 e9801eaed57b026e3026ea6b9895390598d42333b18bd38c30e37349d3a85495160e4200110925f5ec359569248616d6753ea538c678dd8be538404899aba21c

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 21220a0dd2995c21944384085e5ef176
SHA1 52b84d67560cbe5a5b1346c7136018436986b133
SHA256 9396b87052b0e3a4e568b010027a9adb764aab31082579c474ef7aef483847dd
SHA512 2cbc107fba3156f48bdecdee78011e352fa4b9f9d22bae0bee2dfdb0a4201ff7611b3654d9383fcdb8fdd43f2f68b7d63796a7aeef17e8d90b74bdd67f503b17

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 339d6ab839fcaa8e891b50b1ada5018e
SHA1 19b1cd672e0604f241e53b11ce8905d762b3d58f
SHA256 19b57f2f305abe35f2af5dfe82d5c1bda2ae154405b96e8f6daa2f6cf43d8fef
SHA512 2c6a68a217af95d8500b3dd2557b41a534322bff03a44c27ba2681adfdd5918d758485682b63e5e14f40f10809824b749a6879f9bee7c3bfb53c16823d63905e

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 59b9ff5b808ca379c03c5cc7de05e815
SHA1 c9fa705c271358ab4ef60fe5861a765623bd72d1
SHA256 fd8dfd5a55c635c3baba6db748fc5d342528c1146c7e80249e22630689b936c2
SHA512 9d943182bf8453699eee9dd3a71ba11e7f75dbf1edcfcc536a97c8f60f42db2d743ed4d70785a51d94cbb19d553adbcd23f0ab7e21d6a6541b04644c02aa28f5

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 f2813dcc68bf3515a61e3971456644bd
SHA1 75f2bffe6d91fbf214b867032df8d3b4cdbfc5b0
SHA256 0d751ef6e193e8ea06332fd3d95589ac455b0fc4f84c2ef840cc48b76b6572ad
SHA512 e5b26bdef5167cabeb3d637204717cfb6020479a7807c1c34c3ae5340a50181e7bc4cd825853df300c15e857cd3ce3547368b7877fd6bde20f0bd5c0ce25211a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 14ad3259301a0be120af30e1aa7335e3
SHA1 5419888636ae5aa78569c6a33470e64cbeab155a
SHA256 c90b87b80fbd1c12c42ef09fc0ccd2be4fe18425cb22fd009d7d64d04df33200
SHA512 4812a7a0cbbf60f499e6432dae860b4d2a9af4e40999a6d5f130b9bad8f7bcf04c1a551c73c3447e761cd3a2b7a7aee4f23db800d532ee56cc9ca6466fe8cfbf

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 7d0eeb4a812ec34cf2a356a728f15310
SHA1 910fbbc88d52d1c8a409ff632ceaa3e0736164d7
SHA256 41d11e3d066b49b123c851e0b641fcec2e7731bddcfae162a2766091d9b0ebab
SHA512 0ec33b72f13a3f320c654eac7767ed1e4eb28b8e767438866249363b9d671967ba90abf9eedc774d1233a0c800e3266f87e9834d902631c9e88d243828e97644

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 81697c6e533c0288487b9ce47af30e38
SHA1 95f13cd400fbac07f0838616e9195b966c7ca47c
SHA256 cd09dc3ffec19776c42fc653eda4ce04912660a79a26c40978078744848a3d82
SHA512 27277f7023654e3602465d80428a83d79ec638cf52dd09598d5aebd478a0668eaee39736713c206145ebd210ae31643a2b46ec7f2882500051cfaf042f6e4253

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4a830efcf6867824f5c753f594df5645
SHA1 4812e9dd367c1f71586787b383264f8c74e111ca
SHA256 be545edfbd5880167a1b95e2958b550d47756c01748292f4cad88f6e09e72376
SHA512 51d072bccd0b5e33b225ba51129179ca6c402efc0eafb9ed801c5a1d8b2a1628e5624047e87249a6717022d7ce5405efa5dfc08e75abc0617b4b15afb5f680ee

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4708b52ce806a0d5ab100e64a1bd3a37
SHA1 189a1339e2ff5417618f39336f9a86b31b5f2671
SHA256 7c5e034d5a01bd05ea4145c98e9c5e9fac028d6db409816a5e8f1eb05b13285a
SHA512 62fbe7431e0033d020f487830ab5d71ab1b66b9db4564d2f5eb7b23e1f318a78f4fd47deda85c1aefd0b15f7588acac6d27a1823ba3a117ff40480e6a4a3ac1b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 39c3438cfaf86176a72ec35897ff0824
SHA1 f12afddb11a75faedfd0fff8acb6f447fdbce646
SHA256 623f1930d4d155b3753d3e55a067a9e63b12ce7620ca470d9328ce1f0063cb6a
SHA512 ae7acfa25186ba6ef73c4ce913931b07dda862141143a13c3ce6b9a1fa791a47250e7c45cd7ee79267b88b83144819284ee6d23c39d35f15eb2a74da80818a91

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 c89a8dc0f219604df340d1870805e315
SHA1 7a669ef9ba19de8861cdbec894fa068a3fe957f3
SHA256 e05c074e4f3ac4abac7820d32a08c9930cbd2f714016c28fc9e6de3c93776710
SHA512 7738c4f3f47a9108e9b37ea645c0abbf8c7bd3ffa54da900dfaf227ada5959b1cb14b17004820fbdfb5ad747221fa9a4ccfff0748dea212bddbfcbb9596a984e

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 221914f20994eb19ef0b7e481432188d
SHA1 111dcdb217a28a2d5498a3d6157d6f6108fbd0e1
SHA256 5c2136e7ebe285d0d0c4d5c0ba64fbc6dde81a490d5bc587cfaf9a1a5582fc41
SHA512 d4751b0caca2b32be7e87196451cd54323923dc2c7c54ce8800a9855e9c45aa0bc897662bcf64eba7e0618970cbfcdbf5f8a17e5171fd9659a7c04e9dcec4a95

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 566338a186ccf0be42e79ecc8ddbfd4a
SHA1 664afd0cfd126afee319f3f9f790cb6c463a08c6
SHA256 abb30bd032bf6728f3ceedbb62439ce61241a6e3eb799a8aa082cc40095368ee
SHA512 0ccc277a3e150b2c28e1656a67db40b50d816f3cc655aec3e8b0220dc74577ecc8663e0d333f28f3d93ca92313d4e1d575f22e81d49a9ba73dca860f69113241

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 8921a65395842b1be500eaec9a22e0ec
SHA1 2acb1756dc2820aa7b01c62d028f641b18b77b6f
SHA256 a15e20d0ade75f32111b55a3783675e87567ff579bbca68ead6b2db6e2b48a75
SHA512 c7e52a162dccd99053528457b9c53dd9504c5f7b7485154b081f468844905dad590e4893d62eaf4a84a76bfa37de476567921978be572729399384d29b8dc051

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c067048597c862a01aabb1d8191ee864
SHA1 f6e862725760275be6927d2aa844dd82ac8af1a1
SHA256 fdf04b4969ab5d6bb37b2555b82ffefcd962ccbb26a4023f801f38bbd0838053
SHA512 1f6d7fed2beb57b3b92372e37584844e94cbafaa71f25086f4971a7ec35ff61e13dbc321c5f234c05451ca0b59fd6e846dfb62d85d93499cfb849e4393116dd5

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.pizdec

MD5 2dacd65f7ef75e32d7628026c05e3ce4
SHA1 16bf22e1eed661a1d71c6f729c5dc95a0b5acd2a
SHA256 51342075978f27cdea1e6131682424ee567d7455f07ad07806e689e000d0641c
SHA512 b7e4314dc87dd867a82233987a5084b0b68c328432b6d97cb1ec7cb81ddf4177dc458e2a1cf3d5b943bd0ab34dfc6aaa4f47b02843212330aa2110c360f57547

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 32d594154b014bbb8d15975d81633cd6
SHA1 62aa114361e99049a4190c4d9fac841449e490f5
SHA256 048eca526e1b9d40b76420dca9dbd5d7c470d9f8a50970967209ffb5f6872219
SHA512 2ff822b59df2efbc258ff6cbae367b68fae1d325fb4850f6d550dad2c7effc76032f76137e5f4c2127527fcf99fa62ad53e6c9b23a36225771bae10030965449

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 daa9385b5d3268c67dc99c2c841f4205
SHA1 d3c5b2c57ed943b3533f266080d3e5389bc5f17b
SHA256 d3efc3e1d785c11efb5c85b8932795a6cceb13f7b872f53b82403f9b74f7b811
SHA512 b0e256cd3df4d890b2e26c66888826fd8e2bd3f965d1c688644c3eb3345a867ceeb048fe896f94cdf816d45110736a0d96b9db5fea3271c91a47570f9ae6219d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 27da8c9408dc44eef203759685cb84a1
SHA1 e7efe87bd0cad31c46fa50b3d09585d3b8a7f2e1
SHA256 f3c14c5772ff5ba39ac34847db8e8059baffe82742a2200f1bd8388c1eded2e7
SHA512 57cdb23d30ec881af21b7acb628a389ffe50715d460fe12a6c8ac7d83a778c7b48f74bec2ae6a2f9cf34c0f5bf28e64b4ab9bd5dc96f4ac7652e84e332faac9e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 fb44dc54c39eeabc8180f961acf9afc6
SHA1 a98fd91411dacf14d6bdc99cf1b41b31f4597b2a
SHA256 0a98cbbd396e6a0bc8e799bd8cb4a3af0139511ac108d7b959dd0e9ef00d8f5c
SHA512 50d7b83cb54a968f44b2e477b5f58c7fc74e7fcf8afbc25239a2cd1b7e589defea78ed5d5d13bc69450bbc2077b4abfb130ec9ffdf2d522f1b0386d1eecf4397

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 3bb6d39b24b73a247f5efd3aefac7138
SHA1 267813164d7b2dcb2c854375f162b6c4832ae295
SHA256 86f3d828f9057e49d2dfc9120d4d4a97f95988a9e4b193ac0fdf2fecacc94b20
SHA512 75013cc31859c98324e121f4ea6b9ab4ecc3d7341ae4884d414e3c3af169dad533ddd322260e5d2adf9f792a9a35c8eee2a2f144153e6936714142075871e04c

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 ec2dbf06f71aaec68d3bb87b701358f4
SHA1 87836f2e36e152cceb22e025d877d1c44caef6ed
SHA256 9c605dae47dcc7637bd73c5391d9ba6d05dc0f70e2b4d57e7eb3e277f697826b
SHA512 2cad5e7a60a5b512f982c2c9029ee4caedbc6fbdf77c0f06ab99590d54b6080e8e855fb803b908c5b56d28e75ab39f3d60c862a284a84993c162aee9a9a90e25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png.pizdec

MD5 fd6c45ec28315daae6270f1535ba21eb
SHA1 1c4578c84a823835de8fa362a15b3cd13f8b9ee6
SHA256 746cf5aa5b434650ef2473911e8b0d6050848aa438ac5c40e22de783b550440d
SHA512 0be8188d95d20b4149e57e0509fc72c5c5765549f6b5fc50ec280768267a4a88906e3825f74647f102f81ef372d2e6465a779d877bb9f4a22845fac7df063455

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 5dd916996a2d8895243c77be8522b45d
SHA1 c359e163ae8eae5143a124ee18b731397bb803f0
SHA256 842584aa4f214cb890d0a3a5523f53a27cc65550b66d1920cfccf121954ecf4e
SHA512 b163dabdaffa6164f72a309db5d573d3a83560e160a46137f68911d0b33e26034e3f9096412119dec35e7acf42da7bc79b9721041c3a795e177629ad694ae8ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 1a03eefcc40c7f0f8d6e68fc791059da
SHA1 f335c0e4a50d95392194431c8b9e58bb737af66f
SHA256 2ec7f1a539c113ba641fecb42b80db62712672197c5ba5c9cca7ffda3ade3e6a
SHA512 52ce39bc8cc922a49223d3726c09412ff3898cf348744ec6b71117329358c3ea4de51873501d94a56bda4ebf170d64673917c159bfb806fa8e2df48f38e049fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 c6422ce191b2af2f1a6b66f5f8870756
SHA1 d4473138274c2ba91e4d44d0b668f149934cf9ed
SHA256 ce21ecefddcfdd7c41dce379c4770a7016ae99e36b4794d37112d799f0ff3463
SHA512 088bc22cfff8ee70b9ab378b604023680e830db95ab5451e765160e97658b2d2d7e4bf2528a468f0abc01e858a9f22e663eb41bff4ed2a3b15956d6df0f3ef51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d662a3043114683aa682908226954527
SHA1 315f184a1b866202246bf78cd33c3176936a66a6
SHA256 9f7ff6ede6ff57cdc37bd21eceb9743087e2a6d52bc1b05dc9e81f6d6a27447a
SHA512 37660e26bf4c2d2faf7f5dbc92d7cdaaa0b260b9b0c4e41a3c1a4914483b492002577dd94181fb4069df367c5ca4e1ff545addecda65c240036d16e7356c0134

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 4377e7f23d98caf5c41b00206b3cb8cf
SHA1 7401a5eb2300b45e179e6b856f0aa71a65a26c39
SHA256 09dc577a11a1713a9fe0c0d4dda44ae9f5c7629213097ca0b851904615d038bb
SHA512 06ebadc479906484e5c5210c8f24885c3e2371bbf3d7254452ef32b5d5bf0b9aecb1a1372e406e9565e5519c9a35f479686061703933afc7d67fc7be14f9be9c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 0a23738d4520b1c4f73d20e3702f07fa
SHA1 5f5b3c4cd0b4877e2827316743fdc1cbd4d1e4e4
SHA256 75073357239eb002d16266912ac5d1be3c834bc7707f01a885684c74942943b9
SHA512 653b9faaf22b4e2eda2b2786ec2f82842d3c4f37af1ed486c395194db0f7a8ea563d391d043fea7eeffa54ef9d5e509826f5287783b9d17fe682ad04317beea9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d8aca58695e407435a8f8819ac56ba14
SHA1 3a018f3f6a530f9adae8959277a0d146d8e8ee96
SHA256 9ab6309854e712b6a72b72d9ab4ad11c649dbe3bf635870cde405899084d0512
SHA512 eb76d876ed8c51170a79677e7ea359efe08331322e905af114804c86790396eecefcab9252308bd3e71937cdc519f6e0045e95cff3838e3a6993067f8d57d4af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 a2480457be115fee3eefed33fa2f4438
SHA1 1dd3b5d61d5ff06a32a1d25d90421532d145289d
SHA256 24a97a5efd88021d34df0e83125405b5b6aa588773c2d463f8e6434e4d8877d6
SHA512 4f17465cb3e40109911d0c26cda5382c8947088f642947ec52f87c1946de10443068b32e7da6c68aa3023f9058df6cc0cfc2c2e402743dcc7b41510244559ef2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 356101ca175fe55ef55ea6d23ce14a0a
SHA1 873f557d6dc3bc350652a7613702c1ced8c1ad9b
SHA256 6397506db5ee0ae95166185b984a4b3f58064fd2713530f4072ed6c2f4df7fd1
SHA512 5d595801af9f73a97e08e9c56ca8b1b03bdd567b597cb9abb95bb868ceb08d85cbe24c72dd5a3a014e8e5bf93e59c0db65705e986d569f9a573b0da6afb8e102

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 8f3805888a773f127f4a0e219b2a39b7
SHA1 0c233e60aa960815a6572da61e60d293b5d44fe2
SHA256 4bb7a49a43a292ee8d9f6adc10de88a71ff9f0416682814ab9cc0c639e1c50c8
SHA512 69d6fd144877c983de570ed03f812662bcf1f8258586a9801d44cf6575eba079103bdcfefc5b5f2617461c74d28c382539fcea609e7ae4733f1426d3527caa00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 0a425f9227baa15af6a962b5201a90f1
SHA1 0a0cd6c3081930c2c671a9b5184a14ff326f4983
SHA256 336974ec00726bc78d08ca79c85b1c5b8c25edc9381cd3867f0d7c88e19f8b22
SHA512 b7b7082b46a253af62e4813101079e4f3ef89c681396fad1bd515c01c71268e3578e17c55f24f9c8e3747f724c5f72988e721a2654ae6a5b7d6a11229c259eb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 d17ac25109e5f77ff170688bc9f697b6
SHA1 ac3c4675484ff74ca75e77c8c2925e51a04c5a53
SHA256 18f0b516c59aa6cee0cf9ebc38583ab148a3366ad5db45189dc220f23a6f3902
SHA512 1d3f129fde3dbf86c385b3cd0086e0dfe4809fec3c043561875c71241326529c6f4990b4d2ad47425f464e7ada55b728e33143123c9e315ff208bda6b595cf6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 443148e2f57afbb0e871ca77bba76ac8
SHA1 f686235c114a9a17bf7719b536380fa8c601272a
SHA256 7d901f0d2769418b068fa9e988fcbdda67eff0eb997942c95a35a8a604fdbc3f
SHA512 8b729a53badbd2689925edbeab89db863b08eeda6924235f7c68b1c8974178add15229d0f57a30969abe0cfbbbe569ef6f0b227086e90432f78c525a714bfe50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ec4a879a5cf6a9e63c6a96ae7b7dd9b7
SHA1 babe967bba5055a1d3a34589d87d4aa5c776ade8
SHA256 19c0347c415d20fb615b289584849c8e45de90e09490785c43124de9df89fe4a
SHA512 df865152a2e21a54eb417920d45e7f30373e6130df8daab6fb810dcce9ebf8b31a0038c483ea377021558093a48a30d7bf6cda1470811b03222e14ee0c487e37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 76bc1759b8863d1d45d3481a3776eebb
SHA1 b937107e8e0a8e1460e74c0ad9d820a3ba952e78
SHA256 aa4fa11e013cf24c8fc39ad13bb4a6da6ff3e7a84477446f16dcf5fc4eb55ca3
SHA512 034288c1d4d6022d91a935e3f3ba2b73c914bec71446131949bbbe3ef567cc8764250fab8531231e2e89ebc496b2d7889b032841c45785f0bbd2f431c61e8414

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 9998dd8a4c4ed1ff5e64881c8066e422
SHA1 0f2439df072df4cbdf566db687acedb87e769929
SHA256 1c432cb917465613434fbd9aea1ce658bd5d60e6a4b490805d0752a8412fecbd
SHA512 fb53595d7cc6fd22b43de5e6fa23bdcd698cb91f451829eb18b927f6de63fd3e98da33e9a42e1d15d34a943e024c5f595b4bf3cda935ee7738940148f60f7f09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0b8f5831b19c2fd4983486ef6a2ded3a
SHA1 b89f9cc2e510a95996a7e7a005827c5294352183
SHA256 9d03ae3bfce9062ed8e3fb7b244c8e4a8e6b462f42967f464520be36897d1e96
SHA512 ff662dd58d393d692b9df3a8f8cfaf94827022d1e63c1d8a17eb35a10526b6aa0ca7b530b5e3a780155970f847d5ef69e050c7bb621d4f495201502b7596b459

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 ea4af56405e6459b4b718d6ca6a5b53d
SHA1 54f8ee8bd70c8a03b9d9d75204faae97c5133d86
SHA256 9474b92f647af85e923553476ad890baf557c83a2d9985e5ecb809745bd9f41a
SHA512 e029600e84b3ae16d65256ff74b9c9da96aee2cf2f2432f9154b5ebbd0ec928460ceda8ff82c336e975676a673629e194f9513d8483cb0dd43517e36509273b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4998429f3b68f4ac389f3eadc5534f27
SHA1 8e152ff9fcd7991b068546259f98e218f0cf2eb0
SHA256 b764005f0428a8a51f31b9a23b7239adc205b0df45b42c29c06a35cb2d4927b9
SHA512 fc5c13c755e718536bbbabcc9f441306b631b34f503f67c7846e91330fecdec52c6fcfa6f7cc23b1a44bda995b3adbfbe808eeafa0872a4c2f2667d9fb748e8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 d543e75a191e078af1ff8fa8baa93e84
SHA1 f6e1673465e353a9baa3b24a5494eba29682a091
SHA256 9a0796eb504ae2844f5203053eb498a25401ab566e9461f09ec2ead07672d184
SHA512 db416dea473fecbb0e3d29f67a5dea0cb5652f6fbcac77820643a8be040e2650c92000683bbb6aaa1e91f422eef865fe5f8a9ba02928217a410b648f42d199d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 2fa20017a198582d8562a0f28cd2416c
SHA1 15a1ea6ac6925bbd39298acdbb687c866098d583
SHA256 a9ea5be882784eca22a4dcc239004430c2fc5ce07d34dcc0edadbdc8d03a7586
SHA512 5bd2e43fd88136f3d79cbf05197df210cc66a3ead0779c88683932aaf9f100681e377236b1b8809bbfa4460d9345291ca165d5b3d9726d5db416561c8a2e45ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 cf2d5296bec8f29ee49c0a440e768b14
SHA1 f0ad309da3c3d81b14a802e6e3ee554a60dabe30
SHA256 9aac55f4509a2872dc7c57dc63f3417d038d5acb829394ea8245e3a9329a1f6e
SHA512 7f4359b996f60eed35e760cb4e8195a96eb79d12c94b92307bc7870ca138b4564c5f2b2e292d2c7c90c2bd90f1fb141f584506cdc25d71dbabcbd5f8b0512fbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 264fc0116c8995dee9f7941b9dcc0de0
SHA1 191484f63967fda3d16fb8195a5f277c81291ef5
SHA256 688d5b5fcae362cf2c84f3c89c6defc935699f38469129b8bd0c13aeef11cdfe
SHA512 687c5d007dd344b3e98b7315adc6f43b2fa3aec2fea577412655b8a6e1b3f20ccd79e46f0ebb803982955c31e5a65da960cca06790db4f5e452058e4259c7107

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 75471d98eb771b39f74d4964373b147c
SHA1 c5e333b5d6f21d0da507565d7253831f68dec4f9
SHA256 f58ac30b6795345acd7b1f78d00d82401583958c4ff27294d1d600c69cd99153
SHA512 3d55d90ca7ca41109c434b46a37a9482aa42750da5e926a194a07b0d9655113a96e6ae893b52e1ed671180d950cde29ead195bcc4c7baa2cd81ccc9c5db4430b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0d256d178c2e070204215db1f85e13c0
SHA1 a04724a49fd92511ea95d337148c7824e4b1203f
SHA256 97b15d21644cecc6141734f6493dcf6fb43c1e936972d992d29a142923771d7c
SHA512 3f48a2928c5bb2832ef3c05fca4e851873fa18657baecf0f439334bf72f92f47219300658635b58588ad18a623bbbf213ca3e793a42ad58906121a43bfcd2bc1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 35c773857738c8cc308589098f9b61b3
SHA1 e708e718761677d308c2cd933de56a242f91b864
SHA256 d8866d88f0489deac881cd2aa093b34d383d4dac277693f32c922d8dc10ab5f5
SHA512 c1db37d881a07b68e1c389b29e9303e636ecb229384d273f71c56ac39021f5b7f7e964873faacfdec5386302bbba6f6ea1c56c4bb5e77c4badfe3982eb5f095b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 06ddf197a304cbeef278e810da2417b3
SHA1 1eb66077c44505b2fb5ee9cdd369cfbbe96f22f5
SHA256 984e4d1b9901045a9761e6f17c4aa53087ed04a6a73e2e1b03a27d47cf95a587
SHA512 e73ebbf815bccb07009d3bd148ef2e77f2b5f2f63d66283312f67807fde1655269dfa19e69c698b04e32b247a1d0183af452d7faa704e851930bd20ca99c0d8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d0c5a7b9e818e05e5beabc8b37a85b4f
SHA1 38b61851923bc08c3d5b4ebef6210db4298ebcc2
SHA256 4f279224e585bcab6371bbf73cc81864376dfaa2986c98016d9f6bd7e9e710e2
SHA512 d25cfb2da1d0176cbbd33d3ed20eaf2780665878bc2ec8d09ce184fa3b2a6849c7c1f421ab535efdaaa5f273615bc25136d5a7434f453b464240adb9a982142d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c4bcb1974aa289e82974463e513adece
SHA1 726d3982ec44a2cd56cfe099740ed364443ca16c
SHA256 144b623d0b2b70d0c89f54bdb1edee0b08ac49925ae0ee7259e714345eb9f50a
SHA512 58582934d4fb10b6238fdf714c20cb22304a5fc1d7b24395dccba096db387d5fff4ec99dde7795d1b482e017b819cb5e43c5bef535738215b9ae6d7bebf43a6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 03026f32c5f8845d855714128e21d631
SHA1 3e851573b7061715d0e8f47ab4ab84da32d19728
SHA256 49e9b77119737e9d89c40a3ba470833da789e20c0cd536d5d23e36dd64dafc69
SHA512 6fa695089bf2b0f287104e4109844f99362aeddccbd05c9be43c50f2966ade3e2962cde173fd2ae4bfaed23ea5cf9c536922626813f9bfbe62cd059deaf2ca90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png.pizdec

MD5 ae424a68fb2af73611dbab761a2437a8
SHA1 a7a5ba16b4cb2b03bb042b70c2ba08509b041d7d
SHA256 73cc2ef2cb4e75d36f5c940497a6e97cdedb89073dc0de72534e076d6c6e25ad
SHA512 3affe16b24cd5dad9caa1f5f8858d9573096d021b3d4b6000eb96551770a950463150154242ea9af50cb5832d3e5af310d9d67278bd9bb97e264260e49bfa1f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 40434b304e50852238b195415af5187b
SHA1 9c90db3359cba8a8f47ace7d3165d5bd01a48b2a
SHA256 df0e07147dee82150184c7e52881014313a37a17f0d9871486fde77955128a33
SHA512 cd8220198d731525575120d925365f1eb4df46bfeac4a69e7be76d67633d234686c0e5476623f8ce952b664f4a1865eecebb23076d1d529dceddee66e6a95790

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 32654166306da48858ba12367e714586
SHA1 49b9f5c73d085b607f37901a3e9c250e05e0362b
SHA256 5359814b3a3c6d82b80e5fc5d7c5d1424dced13262c0487403e55940129d99cf
SHA512 5e2c781778f0eca1a9d37cbeac3ff4a08738dfe03bc4a310e0f3573787ed7fddbc73b63861136a0aaa66b4ca286c0a0f3f9ef4615f5d9f760403ca12d70e1382

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 3509f8ef0a99bafa2f2c3ae38fe11e2a
SHA1 19a2e759ea9d74b22480fd0e44d6153c231f625a
SHA256 bb84197616dc8e8858f4884028bf79b164e1c7d56d515a1459009cac64b3a140
SHA512 f180d9c7d9d2cfa9d24b85a8f23753fb3272d46ef2196cfc78c2458a80da6b09b7c1d3b3fbecd53b4f94297edd9804721f150ba68c3f0b34733b652bacc27f4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0dbd1e5a657a0e660387eec2687cc325
SHA1 f6306411a95d45115b2e7844644ddc4320230a83
SHA256 65775cdf8de4144612127ee1a9be4cccbad950ba61c1ed207d26f5a315d1db4a
SHA512 3829746fa3febe30d069e69e03045b0025376c164c745cb4faa4c177e7d54250691a4cdb57c9736b1ecc92b6d324d5b9db5771f9e25a97e6bde7062544869b1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9b1ffee2ffd295578a531131a8410401
SHA1 aaab1a1a0d2b41eeaf8569df4f4f253a7c1d386c
SHA256 b5108f808d8c2de3c0b418f4383ae296a9301d29e41e37ae882ccc8a1c9adfa9
SHA512 fca7277b9dd598e39780879b8a20b05faa0920459b2cc1623999ca5b99921eb954e6df92d504c2e029b9a10e4de656d84f725d70b509f53ff0531c3c3f13e6b2

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 cb06c40fb12130483e9dab0ec894d0df
SHA1 66654520b8decd935b767e5188de10de5caf25b6
SHA256 d4dfd18b80a3fb82f810cc6dc136b0eba625cd6b729e3a576874544ac755b39a
SHA512 37fe2fb323a92619e0afb6d9b3c9a39b7c2a536398e45782eafe820bfaea816e0dae61e81521ae82247b3f0ea1b203299d24c3fa8d7175c93cbf2232dceb8c97

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

MD5 4a3a75f232e1fdbe35ec1fb94bf1a748
SHA1 a2bc851e81687310406ac1c2116708d0d909214f
SHA256 64c8191fac0b1bcb35f65e2d6ded46c383ca98817b52a99395fbd3f8caf5be74
SHA512 2ad255f784686bb61137e514354448b9ad22e30aaa995247cac0ffc49eca001d54418c3773e667481902426b491f469083c0944b52338b617c8da547988a4603

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5ceddcb22b10b4b11dcd0688038ff539
SHA1 00c17e6ebe477f9cd1e4aa163002e33274ee33a0
SHA256 92366fcf63bb17fdd37338417857541d96ede2281d3517a1407cfa684009d36d
SHA512 529f2223b2a86065a12fd79b4ff992c1bb72b8286adaf43062e72a7ea29f70f88c32005cf93759c4022011d669b5eb2499123866917c0c56058f5a5004bd6e3f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 8287ea96cb08582fca386b37bc474fec
SHA1 166d18e2cf8b200dd7c9b9cb9192f8d3e3f520e9
SHA256 9fe45e6d150b703a4974ce9e956b265db742cfb9a66fdd112823be3b5256b013
SHA512 93824fea1ae8a188bb88070f3867d6452094669ec86c7ce042dd476b8e79b57bee47d030bf1167c7ecfccfa8ef4dc3a00cdcf72c326c0701e677759a0416cafb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 28ab2a193772b3d47cdfb7ac311c2004
SHA1 71782f5639da464f39c262f4b45a9c5927b40274
SHA256 259075ef3b6609155d17a6c1e73d272f4c41fe46d5d024d88b88305535965581
SHA512 d25b0c003df4bcc8225ae25457143eefbed1e231b71571694ca25335a5f81b9d44c7ca026482fc8b2b21a02f8bda6823429766fe6033f522ec3fbcbe7ce9862a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0ce7f593a5212cedb1e6c9847c510850
SHA1 9b2599a91a9141e4632483e36eb45c149adb44a9
SHA256 2699f0f85a3a6fd6ba7b223eb1a45437a89f186bcb312b42786dfd8ceee50b53
SHA512 2c5ff148cafe1c28384c1e02c78791d225ed7ef7039fe79ea08a2f4329bff51b9e07fc6ac89cead8d7cb8960a4e5df449d410560f866d174b68d926eeab08413

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 1d1836b02dcf448cbf897265189f97d0
SHA1 2514f529e1795c6e2f6f92065d194c9ba31a4b07
SHA256 7179a94fcde23259219aff694ba90ad13c9c4cbaa3a73d9f5ce67addfeed7608
SHA512 bb74c57c38f20b809ff61f55b79543de3167fe6e0949d4fd78dd2ab9c156e9d68f4b46e247f99eb094bea0ee8b6e912999f3014109c349af673691ba7dabbb15

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 34b8d6bd229d9302d81139fe7dc09552
SHA1 e9d79f7dd51e614d71d61a8e196c95ca822a06fa
SHA256 0e4d7bff5391fa9bbb930922f62dd35f786c970a63a14fb80a482d835eb71f31
SHA512 3691907f66d78cf2c8f778904678f2821ab1555010a5277201bf13ad00921255461c30c30f82f537bf5b5c9b3f5c90fee0bdf776b63a7b67457a5c150f1313fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7aa0b818a4113175516894b33e99f895
SHA1 c331834e02f0a03baaf4dd40ef5e2a3adb41e6f3
SHA256 0b5a17b8cd706c741501b1d30dc2550dd1c562dc7fddba023057b48ebb9d7666
SHA512 c8eb1331e5c695a2ddb81f13669b831d1e31528130f814eb62e16f4094c65dc1cfe1b7fbc7b3b419579936e000c0210a48fb298893207684d13cb0c1cfd46ff2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 e9980532d30168a8fe89846250472071
SHA1 c31b8066d1e597cab2b7ce67b83a5ba8dd588db4
SHA256 9ff84f55559d59b75da28e10e1ffa7248b6f5715f0e4a126e3185f8798b72e43
SHA512 8e14f4110a40232ba7360cc317891cc5ff4124a5e08ab851f761a74b8df8d8f545d0bf8d0a0856ae250fbef6dcb6585b0bd34d8861b5094593766232017b6ae4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 357fbf42ef0508bc44b271f28fb6420a
SHA1 b9343cd2d5bed9a98150519871a9a58ce80cfec2
SHA256 6241b37e7a4ba7856571f24066d05170a01127fc6b50760765524a312f54f976
SHA512 d87c12ba767ecfa063e0dcb0438179f6560ff6197a6140609c8ee8f18bf8b2e81dcda0d2ea16d77971fa14cbf59b4e913ad45fa71c03d8ac7d98a1975d9a2061

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5d8fcc29e88ffc29db1fe1825405ef74
SHA1 a0c963addbd06fcbe36cc64fa3fec7f3ae20e59b
SHA256 bbe0ed4cb25f74c39f6cdffb6e63ec13e6f3b41298df5f8a3526005d1b0988bc
SHA512 52bcb14399b41fc46a17f05061e5f1753dc1ac4bb413914fb6230a1587e19f05917b1a7b3d71a00c2262bb5d2199504627ecfc3c28b2b1f399db332bfd720259

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 b4098e9d79282245b59849f54f889703
SHA1 e736d78a7f38408b6efae59ba30d38c1ab43d0e3
SHA256 3c1d92680cf5b0434235800d1ae866d9e3183969ae0275ac38fed1b38b183030
SHA512 cb3114c731f9592b0eb5a7dac0d7cf4014fd1ebc16a25d250be4ae66a6a6dac591f7e3bcd4f8314a47d0f2f9cea669a080032f3bb351604036bbb68a45e5303a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b93afae955631b4ee22fcb8260cf111e
SHA1 ffe19972f652a2c6b84d5a5ce2a774debf6fd849
SHA256 362f60cc08ce5f66edc74d0659a07d61cb3a6921bf751dd27f67b0a130193cc2
SHA512 e9b165c241c75b841787f3a1e203ae50427512f5ca3f5cf3cc77540e1469994253fc3bba2230c27d9b0c51877881a36ae19e901929b2a3f6be4caa291f7a5c82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1a4aff43c9d4e13543abd603566b10a2
SHA1 08d5637a26fe7c21309223d8b75d789a2081402d
SHA256 69583f6ee7e97e7af96a05d01681507a51a9619a3f315afa9bb252783c204dc0
SHA512 536d3f4bee52c563c76fd368b2f53390c61dda51ed3ac1019facfc7a3a86385f422a1e8a91eb50c248363bf208c132763c3570808654439fffbb60482a760786

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 fee35a49a8dde45f6e0701ab5aa27a9b
SHA1 528eb637978350ed17c9b2022fe972cecfb9b27f
SHA256 445776130c7cb28390cd0e92a9c72f6e58c6e76c9c4a0c85507ecfa6f1d90119
SHA512 696b1ea1172b9e391848b95262cb4fcf596956f5c6f0798db799fe57c4699f1e1394380be46adcd3e731f6804f43c37e2230f2a65089441bf52bb2df68ac84bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 aa3bb6b3dcdc22b85c043efe5d06fa1d
SHA1 2a17ecb1ade5fbc863af9da1b158e51a9948a324
SHA256 394c043357e59c63808282e8e10344dd88ce0dc4821ba3a5077ba2ff3708a5ca
SHA512 5a09ff78a0aada43608d5f08a8e08b7a967392c9e58286c6b835f0268395de55c0908161509e38b9fff1399be5cb31245be9e9f4c80f1159f9175ca0a482661b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6be85b705678ec1dbf8c5b4d3cf76125
SHA1 f25e9d1254ba62657a545f632ea9d9095ddabe1e
SHA256 3157d93e18337789a7fa554614e22d9bd4ee0191d20c1395b0306865144af9f9
SHA512 eb2bdbc18d9a3e96d57e3aae4694ee2b96dd9232894b2f900b14f2545f510ddf8d06f1313f0bcb181e15c5389c9977427d855cce5a142d9fdde5ba9e753a51fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 d003417199281fa17db888766eb06784
SHA1 15a1a90cc83a7ecd16acee2b674b9d4d704bd2af
SHA256 2b5062e5e9343610b78e6a787e8abb45b1bf8c89d294fc890c33f7a07bc3dad3
SHA512 f2236889221e60683daa62e77ae32aa1987ddbdd78851f4891f5e9a6eec2146810bb04a78297aba395b3f8678625332113355c3b70da37e734498839cd4531d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 15c587a469f8c6fbe88b7970aefee2e9
SHA1 73077c72ad5fed8f74352941b4d3a1c4925ea271
SHA256 45e3b5e4f77fbad3e61ab7bded28f09f6282b073e31d00c8982a2fb5ad8c3916
SHA512 86e3d44388ffbe257eda0659fd5c34e0e22ce8cb46bb26e66c6f3a6ec325e1d242874febc0f6d4b30c635b5b28352b0dff8a2f286fbb6a3362bca521b2928514

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 367074b893edfc7549b1b59d23cdff78
SHA1 cdee7b9fc20d23253ccf63264cf3ff17bb300d38
SHA256 2dec6b110c87101595bf4abee4e89d2982aa2ff427db6dd48dc61369281c017c
SHA512 33c961190c7c1b3dbc85e3b7bf77342b5ffe71973c4dbc9aa69188a08af8066e469ff0178445bedff44eecd18ed65e21407b8e0e23603447898e2b1a64385547

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 66b3f58dbcadb250f8cfa800ebb7f516
SHA1 69fc753c656cccd10f8a12471bea255d63f79562
SHA256 67872e6dbeb6a4752f5b4b1aa23047913c59963365f60f9ba4a79aac36404f27
SHA512 f6d22809e2419f0b08377be10697145f71c301a59ca79f42b34a1aac3d21025392ad8a1ded8162c6852b82ee7f1adb1794b2dbd04883a5197a22facf9c129599

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 955355b2a4844a936524c359ca9f4f4d
SHA1 127f9b9d4766ee23cc556d34ba80476aa8932814
SHA256 0afdeb209189f982f405729512ea90e00ac73347ea17771830bb442a1350c5ce
SHA512 d65148aeb017ea9ecb54635507fa0c9e567c816a76651a01846681af37428c4d85eed1fb93fa52914cfe0872e41b8fb2407baea022a761f6a211043503d07759

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 e6b4aa01470b2765a170bea9dda2bbb7
SHA1 ac341ecf8f3faf2eedad97373b04348d7a4c84ec
SHA256 ba36da709007c0cc0f3b3ec8bac9eebba4e86e70590371798d3e0fe2738a2f0d
SHA512 e30aad70c1feb6ae12fd96138ecf5ae6ec4df59c3771454d146cb0b40464add12cf58662efa2c85b0aa164ef6c0e77982242e35cf1f17c6efeaac3d1ed0b163c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 2e8e024cb7d908ad3d7956caeebbf2b2
SHA1 2d6dc06237a5702894066a6464a175f6ea250afc
SHA256 093828689685616b76a66950b5d15d7d516edcc6ec9bd0988f142643dfb1d3b7
SHA512 f4770be7b00481b1b0fae66887b2178a34dd96b9830a652bd32eb4e6714a9b737a2db6174a0183d40d2a86082c2885e99431a015fca0508325c7e1a9987018fe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 3375e0355cabe82f489b368048fa1abc
SHA1 abd17a2a3a4edaeaed48fe5ecab0a1a4046fc17d
SHA256 64e83fe66075c5bd8a75e4ee4f605a926273319c2d86b0e59564de63aa37c932
SHA512 8fc0060223fa763cef4e7df4035ae283ee138d8c13df41c3d299c796aaea62a349c396c17726175054a14a58000c6f1893774255a269c8b9349db7875d719ec3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 3f9d1b0cdd7da75bb7cd70e0bbafb6d7
SHA1 ea64ce5f3b708c5019e895a31eced2603b024d96
SHA256 02d8b25d1815534e776390ec31f17341b1213defc4e3fc9c0c7c24844e9dfbb7
SHA512 2fd6fc87ddc2af4b54ebdbd03858b5b9b8b6743ae487bfe4489097b28f47a3158c728bfd41919fd84a40526c59a55197e4045632bc244496c966fc3524a57158

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 4ff44f0bb6c1b17361a56ad26cae637c
SHA1 d0dd94d4fa3c046e0b79732af4e033b0b2cfb224
SHA256 d03286e31c660cc7ed2583e8ed706979ddacfbb036c6e152779e14c3ec96304f
SHA512 681244ebd55e0c93f03a782412aa7ff503e6c9a415f8337388cdf8d0eb699c133d30a42a1643cbb0bfa4216025eee0636fcbcb75d346df6e022cac2451872c6b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

MD5 013b13e30b5265fcdc390a0e8a142b08
SHA1 7dd5cafab90dc4685d1c04af0ac8b131f5b447c3
SHA256 10ab57a79714105327f30eacf1fe8131acf33e99605a57298e1a7ba3eca1faca
SHA512 258d957ea81b3455e38b6c7efd18fb6e4cebf78fc0cfb71651e8a03c6945f0e791de2223624e1d00b846cce4f5d45ace59967fee3137be856fe56e82dec1d5b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 cac2e208180c4425df30e86e94e06b6f
SHA1 9eea2a2deef253dcc15c16c72562a29c45deb0a2
SHA256 40fcf8960bcae5a90e39bea017af98c2672c016d068a3de588e1cdec39f73798
SHA512 1583fbf39407fa540497aa5d0dd6312c5cc31d1057e50129d00cde140696697c2eb7d0541b00eed90d107cfc84c740e0358408c13b18cc3ed7dbf6749bcecb81

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 0fd051c53c2a8fc6f24164c37cb7dee5
SHA1 022cec90d72d8edd22cf1c6be7095ec3e39cb820
SHA256 5ebbeea80c75e9965eb6964dba73aa99ec5352126855f80ca0f97fec8fb1048f
SHA512 ac88a0f047390238828686f043928b49ca93381a7db326a17a57201eb541b9e83ac89dfd251c8ce078ce7b28d6178d802feca6c6590d0420e8d9215a53758551

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 6a3bcf16fd6d89fb5029dcf774d51842
SHA1 89821e41c97c6f0568559b05274179c85db727c9
SHA256 96a788d678c5599c36b33e122701823c9ec7f8b01a09b95d9227850a6a9d5230
SHA512 38bfce96a6107619e2152cc29a62f919674bc71018ace0573950ae5f44a4584353569cd5a60c6072a13267962316861c265244d4b40bbcb7a31b37076cc33171

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 baa943a9bf5fe8ceafc412b14531c032
SHA1 06128103c233da2147da3b7c52457503ca86a55b
SHA256 4d8d8f18f3a3f6806b00885350c96470dd134c244a095026af43ee3f05e44414
SHA512 3f933e0be2f5e5f82a7c90d799faf7c41f4d5100114551f3bdd1b7c0fe3ff85b4850d03846d839890a960f4a713c7768b6c6539736ca92385e83fa9bb63f6249

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 aac1505d6ba272f15bb23d8e31c14597
SHA1 063317bf2879b0789eba278fb7556d458540a87b
SHA256 73f627e3c22ecbf056fdaa13274fbdaa8ede2a10feee2464ce253b6543575d64
SHA512 0d39d0a357ed0777fcc8adbb9fba508d94f16151e4eff8cc17172130a9424583a9d13495074069b99822feead16b164ee6cdd2b826913692d08ea89c60245a60

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 c8d0fdbd9a21dc4471adb5017b96933c
SHA1 a06f68426a8f1a717082dd47ba239cbfc4789cae
SHA256 758bb29afe42b06b8188413de911b94ca599ad676db966ddaba6b44775ef8208
SHA512 319765605e84b1529400bdd323cc7fff6f016a77f74d5d1d52a5d0d1df768bf57013dd6e6bb39dbb440ea0b6fddebb009223aabbd2685b2e2d60da5a5df1f040

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d1075b94703bcab2091b91c42779a923
SHA1 fa394ca0748ca2405037568b6c837f7a1cc9161a
SHA256 0bf41083a96b28e1dff336547aee45bac19179a1b21c48917164bbe7bcbf8c9b
SHA512 d32527f264d305c986ccbd7984e8e0fb5aab960f00efaa85abc25841d6338bd688235e27a0667560255a7a12fb6429b278b9df0724c9432fbe0da50cfd0ea31b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Windows Terminal.lnk

MD5 cc2b098b3d3f7d91de24ef8410ad5459
SHA1 f2cd07828228e948b3152485c2c28d9d4b00638f
SHA256 6dc89140a2e835dd96b30c14480c1922c66b72b26314da5f068af01c8845413f
SHA512 b7a52ef82140dd222a0a0210d87fb5a667e6680883565322165aeab6ac535e51f1adc4836e82709eb64b44bd8784b94787b158f4b690b93292967e9974dbb3ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 39d044434b7a042a1898999b429a5f80
SHA1 628e76eac8ee410c02973f8fcaa6ef04b455e0dc
SHA256 a322c2067eaa2ae697dd422a944995dc4cfc6de79fc8f668f15df743b79ce0f6
SHA512 7f826938484189f5a5ea0b4a272ecde9f306c4953ba282f5365b053bb8ab6d8a0ddb0bc72c59c59bed633deeffcfd82ec9fd93f7762c83d307c9709b1834db81

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 54cdd2245ecec5e9785ee49ca24d5588
SHA1 011e4c62c05e6570b167741c16ceeb28e34c192d
SHA256 a4409e6da870db1c9ef10416e710c6fcb38d57987f5db99964b157adcb9fc7ca
SHA512 4ff2c71119854aefad48ff84cb92705e517e47d3c406db3c6da8c509ff5a8e52cbe6bc53a92c4dd698518018c50fcfa2fc073afe925310d07c0731aa0d004f43

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 211483a2158b516ff8b27981c4afcfbc
SHA1 434311a2aadecdcd60488b6c337e04cfac626de3
SHA256 6553c66398b3920250b005b31de79dd67bbf6c48eb66846e965fa1d5007f4acc
SHA512 fcdf4a67d22d353e812cc731803ff89a8516b95b7ffe5d0b1fc675dc4ce897578501e55025ee0b251cf3e39e6f25f98872136c4aa3f1354f2bdb31aa8c53215a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 483faa817235c535bf8d73bfcf6d9c94
SHA1 8b136c8497e58e78dd93e539d22a161bb4fc7520
SHA256 91392bce02dbf197d27a9603881cb329d5dca609316734c360c4c3c8feeca1f5
SHA512 d7f379f0bcd039a3f88571de81a249832300cb8aafa3da2c740a424729dcce270dd8178206748a02919b1c04a24048651dcefda78172b8ce890bda268f752df9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4f5cf5bf7c83346152e238e2d044811e
SHA1 78971337cbf80e35d35d1bec9c20c7bc53af16ec
SHA256 28080934c4d3be4e8620dcb8adca5882a0f6171d3546cd2a8646cb3dbc7ce48b
SHA512 7298adc1af3995f33a1843f537e905f8a2c97d05d1e6b2ea56a836ba3aed7581d1283ccff615b83fcdf4ab9734e146972209d7b564afce5196d9823467d7c74e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 70edaef6d8cd0346e6319e2a5f70ad6b
SHA1 65d36b5f642557d079c24f18c9d7e70331dcfcfc
SHA256 c425a5c0c445e670a85e0a0bffdb8257d6ea498f6e83c89f9f45c3ec4ef8426c
SHA512 830e9f7af83e6408bc566fdd1ff1328e306b243c94a0edaa869686388e106a5190c0a4f30c62d850ddb7f599e39a387fcb36ef20f0bae96c34741dfd4ab37844

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Windows Terminal.lnk

MD5 5d4ac576738c8653bdec88449f1ed49d
SHA1 b4e9d0e665c6e926db83941becef60bc94ba41a7
SHA256 f10ac73b749f051461ab90865ce2d13fe9fbaebfded7d28ebdf108edd774a1dc
SHA512 58859b0dea528d5b017df3ad2ac1bc6e12fee5105e0a455a082c78887ff0b1bf89a5af7be18073b6d5381034804990a42fef04b39cf6c05ee83a5bd40fd319f2