Malware Analysis Report

2025-01-18 20:38

Sample ID 241127-eafjhsskcr
Target a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118
SHA256 9ab037a91607b907890c8086e7bb5812532ec8a6d334e802ffb6f8623927a1f8
Tags
xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9ab037a91607b907890c8086e7bb5812532ec8a6d334e802ffb6f8623927a1f8

Threat Level: Known bad

The file a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2164) files with added filename extension

Renames multiple (2175) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-27 03:43

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-27 03:43

Reported

2024-11-27 03:46

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"

Signatures

Renames multiple (2164) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d280e72d7e9fd67f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0bb03f3262e40b14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8b45e7997a2fa998\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Delta\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_32d51faedaeb6f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_839e734a1796c923\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ab4242d3f20541f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a84c61c05e35b4e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aab7313725be420e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c28b4ff415b2e3fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ed9b0b44700e5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ba63e4d83a96381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_35176304f9e3604c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e18194bccf50b93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_de-de_ff3bcf7886e3cae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6b89a583a8dfa466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb79fc36549cf4cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_695e87bc431d5e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_280f2e52f93915e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.1.7600.16385_none_36604ea896f9a97d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..duler-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6904b36cd8dc2d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef5531d70aa62d5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-hhomeue.resources_31bf3856ad364e35_6.1.7600.16385_it-it_880bf2c313e542bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_54597187aba44419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad4e3f3c28dd0830\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.serviceprocess.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_ef8a984ccd16191c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e86c80b89a3f77b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\fr-FR\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c330c5e7c54c9331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_en-us_af5e48e79454c16d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404.htm C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5084e06426f4dcfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_91f48c032f4d488b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_es-es_201a8dacec4acece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_a60989855737fdee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_88d73275f8f7eebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-devtools.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_00ffd9eff7f46f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..readwrite.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b1de16c094db0cd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e1cfbfbf4861a979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f765cfc93427a13f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6ddfa16ff354bb02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_196bac53955bfaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmsii64.inf_31bf3856ad364e35_6.1.7600.16385_none_24ad52dcc88bcf35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..mhardware.resources_31bf3856ad364e35_6.1.7600.16385_de-de_41a13b1c6857ca5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_de-de_e566a189254450cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.1.7600.16385_none_e20dd69e928c491a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e3f8a8de58a08d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netvwifi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_abaad57b441e39a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msmq-triggers-runtime_31bf3856ad364e35_6.1.7600.16385_none_58fbaab9a69d9f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_10e36d4668d202ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..trics-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3f4517a97badafa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.123 C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe,0" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.123\ = "KHHZTHIQEAGIUWJ" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2bbef98ad89d5860409a24d460f9db87
SHA1 3f77719b39dbf5b91ab339955c502567593a71ea
SHA256 2a6d4a398a57020f924e7f5b269dffb5d57cc6512441544f409c710794ee68ea
SHA512 936749ab42dc445618341e9d7fc1a1e02efed0b11dffd5e6a0a22d2f081a322d835688c6880830dbb583ad63fa5c91ee5f93f120b642c351e03ba08ce482e8bc

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b6e59df8c3f454151ff904c534079a36
SHA1 50eb21758252f9b213764900d28ce2d24202b761
SHA256 4677c8243878405c0581f1134781e06b1eb1cc7f59e341d4e73b35375e8101df
SHA512 205502941bf70a083fc0592db912729457478afb62bdae74620f3003c2dc5aa5f9c836881f5290ab7c8a36fc25a37b2245bfe85839e90e5ff69ef0df910cbb4c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 1f6fbe30059baee054493f8a4af83add
SHA1 2904fa26bd910773bd2ebf55ca87a4cf9b86b4e5
SHA256 eb247466b0193976ebf8d2ca42a67a88caa48f096c40c76282191a282ce44e89
SHA512 844a60090f0b7c839c7301b4b261ad6a7999c7167d4e3e2a468bb3bad7a007799055c8c45154798c3470f00ef07e66e820e887d6cc60c0a04790edc916f325de

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 57468a465b26bcfcd50569990bcb8ded
SHA1 ba7fade1c85ee66ed8c127fdf56eeb176705b08e
SHA256 0f7b97fe2a56313a3c664ce2d6b2363be38e3f72396b3dee288e77aea840eb2e
SHA512 557eb6f4b357177ff524eef2b9cf65822a2f62d03b940c5e22dae08e6015cf9088dddc360e7362c71b7550317f8263deb88af592569368b9f765cd440207f008

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5961d55f427a13ba42981fadf6480257
SHA1 ed2db1e5092316845f6faba68aaa238129bd0e2a
SHA256 ad8ded9877eb41d4c7411d34d117f6e6bcddb887ebbb671ce214207591830176
SHA512 1faaed15389582b16a82c00516813c4bdad14745c3e834c21f04054f1222ccaa05e10879315953774ed771f5b4b1bacfa00aa3cd9412c720eddbd1dba5423a0b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a1c52260a809238f89ce5472c542f937
SHA1 a4e26039f151767d0ca1de105ecd0ed6c6f78fff
SHA256 9a4e609109025b001472bdc5be7a8af9e3c49d8c4082d1438764cb1f13630cc2
SHA512 a1e34dc4c5ddb0b9dd0bb94fecfd9ef4da00c48e72f11f6f4fb047c6b216a549514bd1f4f81aa9b7cfa6ba76c723c339818ba23eb5554e320e6db55729e31f94

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 7384fee7a61c90c761a8fdd6b590ea92
SHA1 18679083553f7cbb78777cc69cbac7fef13a7b7d
SHA256 ecf77e0851b9334a7a52e3f575729b09b646576c6614f5ee3ac07bc99535a6ce
SHA512 c37b411b95c8399e3c11a7d0befff40adb19df30d8f935cf8fee4970d2838e071f7c28fd93ecc7939ecfef992f6a69e9829f5519f9ec801214dbbef506aba727

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 48c576d0c422db4704238f4c22a2ecc7
SHA1 13c7c1567be42dcdac32443ddc7a5d903654c183
SHA256 fae3bb60036473c3fe24bd9c032fd2302790833356367129e87d30e6a11c60b4
SHA512 4a0c300511200d34fd669ccf440fcd31717bcd7d04b08c04ebb188ba5dab1aea59dfef673721ae25531afc3cdffcd32868d24ab3d4c751517a9a36874ea89fb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 d6bd92ceb3b7804e884ab289fdc4d38f
SHA1 87ca088481f89fe8e658ba0b0c0c1d1420a29687
SHA256 84523d08f8e5ab978ff619fb5c5043231ef851a72f5e7fdcc30a976a03a0a5e3
SHA512 647e2a20c68bffe0635ab8edff8cccb0dc6e4b10e8fbd426a4674261bc7f4d5476ea5db4c290537a06eec2d1d7fa570337e1fcea133178ac6221bf41b5fdc197

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 2a10857278cf13b8e834467bccbadb61
SHA1 b2177273c9402b0878b7c402192f058b3ec7d0fb
SHA256 816906d939281e56b133ec58f736f9a8e8cd627581762df5e8f0420f769feab5
SHA512 542230d8d2b6e910782b6eb832f50948fdea088cd5a2b89a08d7b54269c0f120838dce78f63489c55aa3cbaac59cac62fce078e76a641dd2cd4428d5aa75c74b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 7e2e3432bfbd4bf839159e74297e8e19
SHA1 c7109ffd6713836d853726f6e75054580724f6df
SHA256 1c5f4dbec58c6eca34899d9d280f09ed04cdcb515dfa1f94f2d1a2adda5b711f
SHA512 5f3bacbefa62c6926f8038b40309b5d6b4e21a9da8ed00eee0882e973033f9b5fd19561c10af981a57ecba737141e5a1b66d86f32c9494af502aee6750df7a15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 dd3360b8f227de24b6645c5fd0b19359
SHA1 75a3b4b9e86ad728c1227a9dd186f03a8c120ed9
SHA256 a4289fd7912a6676894e07bd40b6658357809a9d9f6efdafd9e152638ab7deca
SHA512 f037813ff9395e84cd32886b37b2d3a322ca72c94b406f475c23a5fc8a38d9dbfa750fa30021b3d50ccd1639fb475520e2c5e11da9bcc8e7656214cfb67d76d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 44a18d6920d8fb7a0dc4303b7e9f4e1c
SHA1 d5e4349b7f10add64c4032897dcf915a7c94cefb
SHA256 af455ed31702885b609602f4f9848ba7a0962a4f5cd36853c315f1f573e774f6
SHA512 765aa7fdc873515c936da3d292e54ed310917eb43f1846d329acec37dbb7ce4aa0e5e9785b3a6b3653e543ce9feaf9656e73249b2b650193e433bcf1a17894f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 eb2c279975791469fa4d28218ba81cb6
SHA1 c3bdd5871e741ad4640f4289a45066eb6c218dcd
SHA256 7a2546ff94773087be4b25d4b0f4da45afdfff7c55c4f0fa48e47db072b9bdc1
SHA512 2f385453dfa2091066016e792b12c15990c7496fe325f71efc28ba1c8dcbd260bbf06061ae176b003a59c44ce429d2a7677ccda88597b10c06684441dcfd3270

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 a51265a39bc9f91b103a09786a82753f
SHA1 b14971e5e38f712c947b1f40db662c69ec528cca
SHA256 99daa8423df4d829df53b693419e565145aff3fcb0f008acdbd8e7db75cbcd51
SHA512 c17a69c063cd20c88a45105982fc4028113c4e0fba8c1a5d23c39067dc99bb33ff1466b403f3f1441aa3a6d70b65c4ee52f9537ddd01e010c03a5f93b5e7f84e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 29925c064943baffa0bf88732503ab0f
SHA1 7185b1e537c7c7e45f9fe36aa2fcdf10dde79d3c
SHA256 0e091502212488473ff65de9bbad439f47f9baa7cb5dfc8253c83f1c55210075
SHA512 0d3eec6f8f18432989ea1718bd747ca12e3876152a31207df7eec1846fe6b9afe6d236aa03dcaf3dbf6374818a724fa91c64c2e102889266a464d794119bfb3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 0caae463d81d922f355636c628f6ed81
SHA1 af14b19889bc654070012f8a67f07ebe2b90352f
SHA256 63b163171ee7c257b157820f13b444f82858064b483d55dcc809dcaee4a559d2
SHA512 650727918898d927d9ab19d15e98393b2ecbdab97b44d42d898dda58874abe57d59638d7197b7b8937c3e8e7f86d80b8b729220b7abab6651ea34583b8c4cf25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5ca45c84de99feb12e53fd1bb5e1272b
SHA1 9628c2969cd6358e869c9f2b755c7fe4237ed3b0
SHA256 9ba793111bb04181a8ab36707146510c1404dd82984b52ff8f8cec4b8c245d70
SHA512 d74f042c5ce3eec2a2b4c27f3bf6a543b8ffee7958f20fecdfa73283aa819ddf61ca3fd2ea82cb4fa985a8152cf0b831d1813f12d6655dafa653110f1a8c5389

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 8b665b37774aeb048d2e251c966b2374
SHA1 5a4ef12be638b07b42aba309a244905cd14dd614
SHA256 ed2e40e44c4f7aab95df7b944dfecb535488f10ad91953fc0ec014b4aab4fd65
SHA512 7bbb8db4e02a853be641017dcee78a71c011edb0cbe388fa5de7244c57f3db58a20e873a6d899b3e92c9af9722e65edfbaa725caf48dfcc9d72dfed16a8e6330

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 34ba4e29b2771a3bd85b0158fce9a016
SHA1 b25fbe3ee23a50dfa462c8d687c7558112c52b8f
SHA256 5ec1bbc202eb0dd2c04714db044bf7424e3b255809fbff12be9d2a506c30ca35
SHA512 80f97a06f9cba2123e46ba45368ce5348c195a86ce45b2a48fd8f7255acab7dbc78881424fe6f14e10c0ad5d9336bd2e462967892aa838da413c3f7d67057eb8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 11783e79415fa7bf8740546a9246d1c9
SHA1 1150be5680f0cf38d3a56b9d0d444d43e3a44e30
SHA256 2766baa7884978bd806aef31b655b97ee27d893fe5f49d64abf870472f197b21
SHA512 e125be9c2700881ff1fb85f2d858b6e611661b573a4519e6fefa7c63b75037869785acb1127ae94eb321b3f660f9575240400325d549144b1a754d845bdb22aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ca8e465aec6de218b00ce2c1dc74e0aa
SHA1 5dbd08c79fc617e2668b29abc8a7729618f4402b
SHA256 31a330f0da03b502ed59252355060f1ed76d1c90fd78205d7c4bc539baa71af6
SHA512 7087453d92de0e5c33e859ffaf7f0d575c75c5a3d0b4dd726d84ac2ee0be17ac994b6a2510406f2a298c33834458326c117bc67ca461539d7d65c4f7efd78f38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 0b4af83479de4a6e20df2343f1ade568
SHA1 ecabdde59419d5eeb5df0ce567f36dcfc0c3131c
SHA256 7d59d87d7ad561470ddcd0c8a0b050deadb2634cccf24ad8bdb5f1fa1940a7fd
SHA512 25183417dcecc1e441ddb6e9ae4925c03bee3716c3ef0470ec6331de31b728731c747798510feec71dbdabdea380b13ebd9da0e7c56f8cd88bae380b958fb8b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 51240117771b6d74cb643ec589fe480e
SHA1 1155c480f67c5395f088fc7853e66e34957fe84c
SHA256 27edba5f36cc5664dafa36bee6300016f4e663f4e4d32a412b0f6b289a44955c
SHA512 6aac52566fc3d99c1cd3a0f78d40fc2f11ec70993aadd355041c0be528d93ac993b2e43308b46cf91be0e62c2281c4494cb6875799819698ac4301c2787c1e56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 c73f65fa2a4dc9ae94280cddaab06709
SHA1 812e5d5093892fcd16a86b6c64f28f55f7bac01c
SHA256 087da84d8cb53ca6a151071dd7c8625fe6c28f8af64327f25343a0d2cc2d78fd
SHA512 43a75364a905250ff4d123fff02d5bfdc5bfaef2ba7e1bdf79b2bf18a625bf565dfd931c03437fe4084e634ab66f172196a3817f10120467292bdda36199f5d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 5abb198da099eb9cf1cd80f876f18dde
SHA1 1896a2ce18766d3b175b410bc1547152faf6dca6
SHA256 2df5aa0ba15802037ae89332c3fa9a4faa3fc6e0c310d02f252ea99400844d06
SHA512 52a0123145172ca518a68bf31cc890a9069afc75c8baf7dde2011c4ea2e9803d2b936717c2698b3547a46316a7a795f0d1f5928f9565fb34cf1dec1ec1770f0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 3328dfe242794279137b6c4c43143d18
SHA1 d2bcf822a2532b175377a16fe53414acb1381de2
SHA256 da367185e2f6d3141dc963f651415707343748212aeae3761c52e2b534426cf5
SHA512 ef8ac48d0fdcb4f5eb095ececba695cf30a56e0e4b425af5cac04e96219b65cadfbf95d761097667613ce6656a388c18a87d56d2dc3f933bfb7f463b5a7aec6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 a5269f29d3122538ee10d32c66727e36
SHA1 ad4d2986619f2e0e8139775e2d510bf9284ae0a3
SHA256 cdd6334bcd2d41d1c9640256dcd88eef619d5f5d4fe7d30a7ab748aa162bf068
SHA512 9fdc837d559afad37820bf2aedba311f52c5fed3da8b9c26b0784deba0e2d09425c2367ee7eb858d2be294f4ac5cc49e1982c7f647a40e505eab5fb202cc1c5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 c54fa9a689ac62b1f6d22c1f88466ad4
SHA1 8590a645618db3fc87ade0e903cba575a666ea6a
SHA256 3d26183f58319993a3cd62fb04969040d6e19247409eefbc7c039f5edd398eed
SHA512 75e87abccc03edf5a44fd1d6a621ee1786204ea150ff70d0db3158a6041b0282c3721859f4558e97d2f04ff498f84d47e49e4a839be3254869a900ae29c24a65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 93d701e9551310160f6c3fcfd8ad45b4
SHA1 41f390f1c147c3515e6800ff9fa691cf6b558ec0
SHA256 bb82273d2cd9cf11296fd80b999cdb00fba180a1f91db4e12b38f5687ca8949b
SHA512 71911656874086918f4b4ec85917f36a04cf28ed288bce4832d49c1f9121a239b64e6adc04930cf419da6f15dbc9ae67c8a8c9893ba964488d8a73073590656d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 fbfc2f2c6ca91adc91d72305200fe916
SHA1 4e225cd94037f38433b760a34020363936c9891c
SHA256 9c0accd651399c404cbb0755dad7d1c334ef460438976af429ae3357f236f462
SHA512 03b290f03a2b0c1c98045138ef6ccb1a9da870a805fdc4d7da1e7c4e3a456dcccdd6bff6bb95dc82295e4f94c7c7632327a7ead8c777376d86ce753f6a98eb6c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 d6456ccdf702a3989782904c33680eb4
SHA1 190d0b4aa52646617b39ad0d94f0e987115a865d
SHA256 a4f05955d1c1d5cbf2c2fd573ec075450846a1c4cfa2302549beca7329bb6fe2
SHA512 73b81e3dd32079dacbfdcd96f76f384542f4da29696950a7da090be649a9785db3084a992f794151e9fbfb1007a0552c38af21074c547f970f774fc304044f15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 2f831d469fb8ac05eb2ef5ed3e85b34d
SHA1 aab471d6e3434cdf9acb5bd30e5738cab455293f
SHA256 99a217791aa359c8780730072611a7cfd007f53eba9a53ef19272ac84545a6e6
SHA512 b939bddebd96c0bfd9f68bbbb24d0bc85706ac5442292206299a90360183ed6b09858102804b109610ba6b0ab0924e6c1c8cb94730b0db7c08693f588f0fd20b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 75f6a4d9a54b629d77cf73d3b7f46085
SHA1 4e1050c2bfca9e44c92a8302a65574f3acbd6511
SHA256 5ec1663497f2ce76a5190ef54b074339cefc9cc6256ccd42a920d61a923ed2d4
SHA512 1e465bfff9d63c71817d3b57f5eb2d0eabefbd7040de1fa496de84887b9c327d3e70b23748be17ecf50c5b3b1620810fa21589316c5a661fcc1c277b222fc8fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 3d332652140856405fa5d8edc1f6ffa7
SHA1 5a11dd225ed34f5e2ff43b0221a95bd50f6f2940
SHA256 3892fd892ef5a85abe811bb87957b140103cf2774e72c8a76e878fd45cce5bef
SHA512 4dda4bf1d9165abecf6adb86cae5afdf6ae6bc877c0f1ad114caf8840118a93e413d26a37b972a2b924b274b3df2fa86196dc82abe33a6d8d03fac6b3bda8730

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 61c8bfa73c7580f78b6b05b89ab0ba41
SHA1 8526a4555cb57fcb7e452369533e3ef3285ce739
SHA256 a47a0b8da52ff091d09e7e0eb720681068ce66d7e85625e5b703e4f13b077276
SHA512 64eb12fa8adc415858d227682a372f04cd88e19e1f185af4046d21a102a7135ed65ea5726cd367b4a7c18641b427dfad8b87d1c5b9e069c9cfaae0bd22af1e72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 d63c21f3fd2e652667248bd162082a42
SHA1 5c0c2c557251368c09883528767fd17167f01c36
SHA256 f41c95161f75d38f1aea174f6f7ce53b7bdceb5f63ff9ba92336b83073819cc0
SHA512 c21874dacfe42faa3e1792526ed6f28025acc805ac377f6068a1bb372e0402bea50d3c4af0fb1a512b552af9745e91c949df559dc338df4bc938da173d8d49bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 d6bab7bd129dafe67bb1c01741a7cfc2
SHA1 90fba8e7c795f66bd0048a49d8bfe78cb95120a3
SHA256 a6390d52acc28058fd223f26b5a452749ba4246af402c46130c0f1b484fcf16a
SHA512 e2c618a4d90e518f8b90a8491ab64cea397d09660804eff4c9940ff96a87a8283b301cdf1dfa69a90c21cc16627c676dc0cd11722f66a2acf7db7b969d71ac47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 f7b8306e480bf44f68eb1eb5414bd435
SHA1 68647ab7cf9938a2c3cfb33b38dc7f51da0ba10a
SHA256 9e226dc217f8959d6029e37227022669017c6013758d9ffadb6e4b99242e54de
SHA512 8a6f80df7e31aa686ece7cb0d38b1d74bfea7740689d57fea4efb593a092ece330d3dfb9e0d7364476c945ca5084652a1bb0bf153b729141e475562af4104c0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 7ec1188f055bad25494c334c94dae172
SHA1 5d993888774dcf0a545424a49ff45487a1bdc028
SHA256 387b63322508792cafe439af9146288660a826969842baf1d7e3f92b544efe54
SHA512 63244c4d86208892831fa98d052e5588a1ccf9e3a42560e99e1fa6babccf0e666bbdb577dc9e0a5e01cdb5385a4918ad2db602f7c856264f0fb653a8a62208d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 553d416e2a73cb24e9c09f90b6df4029
SHA1 a228d52ff97d82b241b416c0cbc414e921792404
SHA256 5430fa738df978de7ae526fa358e3866fc227a62c0888940f5d106d0d1bee019
SHA512 3dc4ae9e6b0b99a9757b14e4fd8deac2a0996f198941503f41951787426e6f6dd8fa8c0184a2892df613d806792326dcce98c5347c84021ea00d2ea5c019d040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f6e817ad343cd85afd5a9bc94f7a819b
SHA1 7740feea9e708a4e478237905e7fef0b0de2a1c0
SHA256 ac59f75c909f2edf4a62d0ed835f4bbc63f299daac5e109a8223e459f0dedccc
SHA512 c0e113f7b6c80ee707d1d31bd1abf6db25a70ad5eec4ab8f2898064af69b5e4543b803b9c813c31bae4bdeb5bd9477923d6c64f58379c39c98cb25fbda2a6e8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 24e2c71b4c39b12cbb75e47506b2449b
SHA1 bcd53c1570e4dfefeb90a9ffb6130ccc1b9e557d
SHA256 c76dc50d11a1e0fbef202b3904e3d5c71b559bb0a88fdc4583d1d6c9b16ff5ff
SHA512 a60b9c41c349be0ffb655f061877eb37a5a36be36eb4e0e57b4bcab20bc1fb5ad7d510e024f8b5306f991840fcdf8b04162502b4b33f190595314c898dc85c64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 83bf96afb1cf62b5e570bb54dff2e63d
SHA1 30affc610b220d7a606662625607ce2511e19a8e
SHA256 be879c0fb368fedeffe35d03adb9951a7d0cf88c2b39181a19425a8671395c84
SHA512 beec06bc7053bc674a18ba566c878404255032b751c85eb3d1a1613c035be7206af7c61a5ee70c661e142eae5035ac9c77df99ddccfd7497d965381c7c7993c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3daee2a81398d2949987214551eab0e6
SHA1 b4df81a8e2a04fa6c256c7118a99af16580e140a
SHA256 d239613c39094b54be93cbe80c5cebb06fbe1f9796744f86e45045283414b930
SHA512 15a58b56520c4a80f45587a90379c0f4f1d557ad872ff3385339be6afad3c0206f68c3b8df5f66779fa652c18784cbd22f2fc88235e33a65ebdd22590a64c8a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5dbb6f208ae80156642657e7c67f6005
SHA1 c902631ec73231524c8b69c79449e1e001dc586f
SHA256 b2ba6e4e535fe6c28d0d0e2913c4f9633ea37c493291913146577f9299db3d67
SHA512 27b96b4ec5e0c2a74e3fc8191c97479c9564a5ac5db4d4c7537f46ebb24499e183d621acd5a8d34345ee590aa0f6fff9c9a75de82333487a450a9d626a083630

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 73f84ab20e0ad325c8fdc577a5c3e423
SHA1 50740538fc24900fce300be72bcdf29bd3380594
SHA256 861c910fc022bd981afd499cab331722f808eb9df75fcef03e9eecc28fda95f2
SHA512 4c672c71388e2fb7459005f5a26083bf42f0b12898f7c62de30a7ff53efea28dcaa3c67db32a429868e2fd7e3c9f9d4b36170920b1eb679634a1879ea34e98cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b10a763615162848ebbd6ff8b87498af
SHA1 8b66bf62db3c3367d4bd094594b0dc1dced76acb
SHA256 ef2baa7186e9ba08c37786a42e00cb6ea7638b0ac967d582503d0f7943cb74c8
SHA512 448ea3484f59eb0204d470540d2e03488a8eec6e6fdc55882558e519d905c6586abaacaacdbc7eb8723bd673e2c8bf250b99930521fe442a78e26259f2beedc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 d26f9120e869e68fdf554bdb31fc94d4
SHA1 3ae4cf9934a06909d1cdc2f325303c3f9d0d4e97
SHA256 a04971b244ed8141bfa1420db478c6f632ea34409dd46d5bed7127a73f969934
SHA512 5e8bd94530e99d6e7c3c819df553e54ba6c3d209747a93b40e3418b7e3ab2fcd056aded4ceb010ed62a1345af1868d648fe7933e73bfabcbd023b11dde297254

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 b34e4be6a6c796594d00d7852da85ea9
SHA1 7184aa5228fd6618e41440c0e597f26e7b9d294e
SHA256 92c094a6aca72d074c3aa880d1f6ae67f7e2c49ec83f1b8b74fbdcdf3fb3e753
SHA512 3f4edc92e2aa800791641e2a760e5bffb615b8320b673c5e4ab146821013b218b18b103f2fd33215b5017fecb7cd8a5259f87f06963c7c31d124c493144a2936

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 41f1f4641dee60d15a3cbc0fb64e38bb
SHA1 57588ff2b5be1744a17c739d93b07b01b6fb447d
SHA256 8b50924e5e2afe6fbf5aa68b3fbd6673efad049f972541ea075ae8b64e366502
SHA512 161438da477bc5e32aa689c3a7f96fc4b611efc68a9262539cb92a0175de2f1cd58a922e6c578d921934dd222515d505f4e3845fe1acfa6eb35ce64858e9a199

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 9b2d1104fb4e1c26744f98b1877f0f81
SHA1 08dc9ba247a0650e89a5b57a7bbb40fa2613d170
SHA256 0fa499ca03dc99233589518b4776423c55a70fff4c3756c35e417fdff8d43415
SHA512 fa91f1f2dec98142733801e3ddc3ade6ee64f7b5f6dd4c80457fc9c144dafd256f475382e10b29e3b08a96be6d7358626d289e9eba77760f1962e3b1f6f379b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 d948b428f1625c49014b686bafdc5e4a
SHA1 60d95d597b0d32aa5fcae4d59c6db48213d22961
SHA256 d8da575625d5b2ca4810293434541e764829296f97049a7ef769658d246ac9c4
SHA512 80f2e99e85621d76de1409c64ebdaaad62455547c3b3e39912601b3c5b5aac8e576dcbd38776528804808becfcb5a0fec07deca423b123c3a9f66b1d29d86da7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ddfb516d648ea9b4f3a84750de5ac7d6
SHA1 d6e14b4890d8f47706b2bd62f11559eccb4e7e74
SHA256 4b242f2ef5c2492354aa86ba4ec8ab46b0d1577a071d70214cb7171b91b97ccb
SHA512 f195198f8f2b4282d6f9e10905f12842f278497ba86b4cdae76e71c4657779f2caa97e852fbd05bc3f85a08364786f862ef9f6cf9242943ac878ba140e3bd752

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 143e09f11ddb88b1ad7c8f3dfca1350f
SHA1 41251e289b9f41295e19c6e049ad6b6a3d31f5fd
SHA256 6997fced3e6d3841104c40cd11e64bb9eee0e1791582a9b504fc0be931e34e6f
SHA512 73df5f29530b7626f391a2c9385b50022bac30ceacc6ce179a5c06c98c3a0498de414698fbecaecaf3b146db8e5ba4fcb2bafb5d07e553c159063cab25ee2b78

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 8b92854c4e3f3b504adbdebbfe3799e9
SHA1 baa6b86aa9c0665105c4fbea3f0a0f181035d019
SHA256 a469bfc1f623f31760f479dc468532a8d24814945ab6454844af19fee987c995
SHA512 4abc8b937882652ed3357943ad059b7e8ec31f30be065b98eaaa79692314e6e06652c1ebaa1ff36d206f82b80c10be536f6faa1f683cfe0b917cea1f970f12fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3e594400a50e8ed3960559c031d32214
SHA1 4cabc9dee61f769659284ee32edad431ae45a96c
SHA256 e0efcc4a7a992138a61300ca2140b45ba689ae10d6f76ed6b369c9a57bd02500
SHA512 1d799c44c071eeaf95d082c404bceb513c3b37078db7478dec4ac46a4f76db6b634a3558302b392cd40858a793b793d9dd4320c50e5199ed3c7e7fc7e24d3d8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 419ab50acc05ff18dc10b2ebc738e314
SHA1 0588cbf8d2d2d619911d9604dd8f7ed674af49bd
SHA256 6944b9343abe6204925593a87a9768e043a820bf0e70a14c566f0ed0404d8137
SHA512 1a6c637ccf099b11a684961c9e8b474a684026dd903938222c53a9833c8a7edc93e370444b9400c891114312c3c28765e335d6b5d96036a917e7a0e26d2fd075

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c2bdf8fbcc4d209b9f11036415515714
SHA1 78985aedca1a6c847c55b450b96e25050380924d
SHA256 b55cba9c5ecb9f94c81aa0f81ec68b35fc1ec7be40ead933a62e6be45eafecd8
SHA512 945a86f991198379d8a0003379789df6d271577b0abb81d62791531ce3cae8c9588e33beac7f94d9ab09aed836a2ebab3810431fb91c5fe0c8762724952f8609

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 614fe3fa325082bd80648c933c8d4f85
SHA1 9a78dc9d2c73c1c69e8dcc01124152d8fdab8367
SHA256 60f6ad29674e5a1d2c3b8b5cc5e91e67c77dca61d6f61d52da7d79611e81ac42
SHA512 dfda48bc4aa9d0e7ccaf1ec2759a88bf8049acc1086428f454f0ab868c04549ef4ffe01544b4bbc2e2b14195978daeadff807fa260a7a4bba89bcbf3697735e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 b0d0175aa3b5624d921ea1a8ccca4df0
SHA1 1939be30989935e34101002445e0b17db7c7cdeb
SHA256 235d38f9b62ed0468f1a02fefb33a4406e82fa8fdd0087b3d290dd11db04f22f
SHA512 92a2a4a1bcd4092c1a56ef668041e592df3ee0901f49e136bf50c5e805ffd56b11489c4a9a8c63931623f161ebeedc99f3de0a2adca98233f886d3b6c40fa37e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 1afad1e734979fb8a8fb5a2f821789fc
SHA1 2f0dd46d2f84d978fe7b91422a57fd06aeafb67e
SHA256 123366d1426c6a70a89ba2bfdad4b95dad9b5511077683a0143f853e743ea14f
SHA512 ff4b6a84ffde239d4b955d569956427b75680b30491582f11363a6df3573d5d4a1025db7f6eddc3552cc8b64a3440221f42f00fdf97fa43251b2b84b87007511

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 17e4a29ed8cf2ad341f33738c472030a
SHA1 c6e1e4dac678411244c085083be40c96d4c82b4b
SHA256 d50c41917a4eb4966f9f9071247e86b5d7124f819813cf951705094fb90c347a
SHA512 e22217b60fbd6f5c49729fbfa12fd7ecabb2245bfd7c7a044c9b7b83b995cb79b0b3171d93dc902e0b1570db8dcbb3bea3ec11f252ea6ba3f3950405c914ff4c

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4ac27bbf5e491471a227f7cdf615ef25
SHA1 89f659ea44ebcf0b167ca7cf14b2dd4875de8e6d
SHA256 bde843edf55917280286b7449f6cbe11f433a85c2113a023b1320daaa23e1769
SHA512 6ed0d7d042ba2733f708ae8e492c7947a4cdbf7784513dfcbf0019961572a5e38aab98b2f7525968bb56d4570c1d436c1fe2b3457c22a77124536f9b3f55b831

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c88fea2da8b926923c7bf2437ba90445
SHA1 b2ba67f325eb40acc48e0972b641b005d8d9657a
SHA256 6d1bd75fcebedcac314c72aa628429ced554b7b15674a709e4c5ad7ddbca023e
SHA512 3cb432c99639458955d33e4dca7191d98ef990b492ed3fa3d1ec3f7a128bc5db2f9835d7fb4328471ceb7287b25b00959f2f0d78bf91cf49f161f0a69c2163f2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 479e268e856d49608cd64b96b1d75083
SHA1 17e1dc2811a60b27da139cc95fe37b3aae5e571e
SHA256 24cd62ed09519ebb2fc7b98024c75759a8fca10957823ff24fe7dee1dbd44afd
SHA512 3f7f757b9fc1d305705a56e41dc8f2b278cbff2a00b85d83846f101ef56e82095418acf897c72548de8784ad6cfd5c201e929e8b2ff7d866a4c656506f9e1e15

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b52226c6552de65b4c796df5b4ac4217
SHA1 c539d1eabd814b2299e65c65882cc496431597bf
SHA256 8228afb4409854f2c25df3df610da7d5f1c4dc66b01ef9d62110d8ddc11033eb
SHA512 6681a4fd3308713b788bf9329ef0b60a01fa1eb888c4b46bb1e789fa7f1b25ce1221802c724f836652ab9910ae71a36e63bb5e3c0b4c2e2effe9b70ef6b1b1ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 88fbc082b9384f748a6024576d4c0370
SHA1 99251778a98ba67e099372810bad7d0c184e9558
SHA256 4272cef6b75a0879558fb93873df8a2d3d5aa7beb9f254f3d62bff2bc3f2ee6b
SHA512 a6f96b9b4ec3ed00deb79b5009804fa6e474699b7ef949e0f065c214916d0a71849337d49733f88dfdeef76ad98e8cd065020174245bcd277b691299ca439462

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 51c3261c8c8e4b7efe5f208795f1c746
SHA1 db94157f501a72a37ff7fc111437ddb5521aef38
SHA256 4f73d683a8f4f9eaa39b1c686a8a7944812534ed3b25244ce685060e408b8887
SHA512 582bd1d395422ad6a0392584aa24f5600d42d08764e6b8af1ffdbe7344a279bcae33ffc1e724dee5b49c96bdc10fe49fe5201698519ee25286906c211f1a9da8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b2177fea092e56d6033a4201994f508f
SHA1 f50ef476cefba307ffc55b88c2fac4aa47f836c5
SHA256 0c354388ae80b010772e708ab612517dca2bd6d03d073cf36499397a9643af92
SHA512 fc743341b5b4125d97841000763ef755344ee26e1c7071cc24d05dd700763dc540cc52b609102761c0dd7edc3ca2360ff70b769a5b79785bf1c1b26cd3b461e0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 79a63b611afe4d9f70d305e530585421
SHA1 379c1604973be50884ee040749df87c3978c47f7
SHA256 610f5e7a59d3a3044a06f20049d499790c3b1bd2d358abac5542002884c188fd
SHA512 6b4e94c1eaeb0f510e9c0bd2dbca993e4658097b7c0684a63ac791d49e32c7bb18dbcf62ee311e9e3ea85bb403621df2a99a1ecffeb33eb00a6a5a58e51fa1d3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a8e9f3f24de59f96db21b07b72a2590b
SHA1 89084a9997ffd06dcc2a3527ced2730e528d3f1b
SHA256 81e91f4373c634cccb5ab993ecb660c8bb228fbf315f427fba86aa0ca9317960
SHA512 cb447c4c26de25188ce1062e74dc28ee030e55ca978ed21b3dde8da572a4076608153ee5664bd087758c8cbf49fc649f3f0796c377460062266053a80ddad73c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 52bbe62ea7e2c3d412ef98bd844d4c4d
SHA1 9264595f15db7d73e6669c4b380dab2caf975278
SHA256 a5d806a1d318d15f137d8ffbbb19a108eaaacf7b274d5f473052fafb981073e2
SHA512 715d651f71e817d0c3bd0228708f824bac3f1af8cfc1ff8ee2bb1aa83f8cd17a44bf279be7a08dd6b71c0ce0b9894c157220f2473e88abf2ffb0085eeccba30a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 51c96f5acf81d3c5b336e08d1f713cb1
SHA1 5d8a482ae9c8fb13536085d62138ee1428fe0696
SHA256 aa6bc8fe8ea6a6df3ee879059bfb8787cc96cd8a2ca32de0a7e60043c5f98848
SHA512 2ed890e8fac67acf4fbebc61736eda6fbc2a82c85e7025cb8689de9863bf1b6d72b2a9880d1cbbae96ea73356025afead0085f8497a17a3695b94ed04dd3a5b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 bf2786131cb3f3cd4cf1c68ff912b0c3
SHA1 0096656a94c6eb20f4a9123c6f4b4060719f7056
SHA256 bdd074a88d9966926e52a8904dc22a33e876640caee193202a1c80b611537548
SHA512 09947ce7f2d7d198de965d44e5022d6d608622c775acd84edc5a6cc4ba011b24260a33ffbe7b061aeef5f3c340cff9ade8e1d90c758e7dfe768a01e60966dd7a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 02fbb0eedb9cbf2306b3c479956d9207
SHA1 a86c25a3e2b7b6743c9fadfb5a9c64d7dbbdc127
SHA256 231b6a7a15c1162e252dddaa04d673fb6ba7e9647bdba01d0399ed3673da1e88
SHA512 2cfd25bb78cd18d3a9fb29e9bdd2f62f775eae676f1d278964084e37c8a75a617deeae98feea824def9cde40147b8d9aaceb007cf0c282535d9ae59b9969719f

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-27 03:43

Reported

2024-11-27 03:46

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"

Signatures

Renames multiple (2175) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_c20a3bb7ac1cd207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\AddressBook.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\Settings-Black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr-2x.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\198.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextLight.scale-125.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\scanAppLogo.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-deliveryoptimization_31bf3856ad364e35_10.0.19041.207_none_a87fa27025b2eaac\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_it-it_6cbc77cd8a0a11c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile44x44.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.173_none_44d0e01d8cc1c546\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..uphandler.resources_31bf3856ad364e35_10.0.19041.1_it-it_11a41a2671a76b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.746_none_c1aa0ecc53e6327f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-assemblylist_core_xml_b03f5f7f11d50a3a_4.0.15805.0_none_3d6b4979572959fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f31575e03ef5eaeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.264_none_f328f75868736919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ehome-tvratings_31bf3856ad364e35_10.0.19041.746_none_0be082c46d337f79\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_18b834522b9eb97e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.powershel..anagement.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dfddba180f9f107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_10.0.19041.1_en-us_71289accf8f37961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_15bb9e8aaf5fa977\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_54359cc7afbe5257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_10.0.19041.153_none_564f8e2b127775c8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..vercommon.resources_31bf3856ad364e35_10.0.19041.1_en-us_891a6b5b9386f477\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ortedlanguage_de-de_31bf3856ad364e35_10.0.19041.1_none_e898078c7deb91c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sensors-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_86b74d31ed20a7e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrndis.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_31d0c3ee83af45ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-globalization_31bf3856ad364e35_10.0.19041.264_none_fb49f5d77233931e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ettingshandlers-usb_31bf3856ad364e35_10.0.19041.746_none_b08c8d207b538b01\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..shtoinstall-service_31bf3856ad364e35_10.0.19041.746_none_562fac1e246928eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..mprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_ec72124fb3fc804f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1d438b1df9c23af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-culture_dll_b03f5f7f11d50a3a_10.0.19041.1_none_53e93a44ccc07d22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ff5f1d54e8346ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-naturallanguage6_b03f5f7f11d50a3a_4.0.15805.0_none_0a44a45be4686cc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..laboration-rdpencom_31bf3856ad364e35_10.0.19041.746_none_77acd6a1ec780629\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.appv.appvclientcomconsumer_31bf3856ad364e35_10.0.19041.1052_none_eb63f18552255d1a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_10.0.19041.1_none_3d7310dad3707b2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cdosys_31bf3856ad364e35_10.0.19041.746_none_0693f53eb8946421\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Wide310x150Logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_usbser.inf_31bf3856ad364e35_10.0.19041.1202_none_11c19bf5388cd12f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-pcshell.resources_31bf3856ad364e35_10.0.19041.1_de-de_63edfe56e3f3b603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-assignedaccess-csp_31bf3856ad364e35_10.0.19041.153_none_2f9be98cc4191f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsCloudIcon.scale-150.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..cs-client-extension_31bf3856ad364e35_10.0.19041.1_none_45a8f75685e72d38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba1d3ceba8f01e49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-vbc7ui_dll_b03f5f7f11d50a3a_4.0.15805.0_none_c05cee4e743b7fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_10.0.19041.1_en-us_5603efdd911955ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eapttlsext_31bf3856ad364e35_10.0.19041.746_none_864699d659a20b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networkprovisioning_31bf3856ad364e35_10.0.19041.746_none_ab4b4bf819106234\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..npeplugin.resources_31bf3856ad364e35_10.0.19041.1_en-us_fba6acc62f22d2b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_e6d2a56efd4b2f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d6ccfcf76305835c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\BreadcrumbScrollLeftHover.png C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.19041.1_none_8525a0b08bf57bbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\5 - Task Manager.lnk C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpdcomp.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_135035ac94d46e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-charcodedictionary_31bf3856ad364e35_10.0.19041.1_none_e9a686b7cc731d0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netwlv64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6f60dc4b77460aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tshellext.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_afdb3ca91eaa1c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..revention.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_37df98e18956ffd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\speech\080a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\431.htm C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-microso..uild.utilities.v3.5_31bf3856ad364e35_10.0.19041.1_none_35561a2fd2b0fd06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1220_none_02b28c2f7a0070a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_76e6fb38a70dbd6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe,0" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.123 C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.123\ = "KHHZTHIQEAGIUWJ" C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2bbef98ad89d5860409a24d460f9db87
SHA1 3f77719b39dbf5b91ab339955c502567593a71ea
SHA256 2a6d4a398a57020f924e7f5b269dffb5d57cc6512441544f409c710794ee68ea
SHA512 936749ab42dc445618341e9d7fc1a1e02efed0b11dffd5e6a0a22d2f081a322d835688c6880830dbb583ad63fa5c91ee5f93f120b642c351e03ba08ce482e8bc

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 bf2dd743c616584cdedbc7034a277a89
SHA1 1c8737c569c763a8d4d0b6d0f32c3782713742fa
SHA256 809f33df26059e62cb3391a7e00efecf0a5b93fbec999fc5fedc6a50c50a96f8
SHA512 cef27089f3fd6ec666e1bfaf927a92d50a127dd0fb58e7203ae1eb089a26b81deee09e4ca9188338355b1a9c8dc3373cd64ac5c688639af773880edabfd9efda

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 bec5e4a6e792f3fdb809d26b0e9cba88
SHA1 0a571862475cc6dd6b35b7adbf7fa946dec2a7ad
SHA256 7368d998a6bd19da241e4ecbbd51c619ae35d19b1b86fa0af0659d42f97a4dbd
SHA512 33a06788d75c4ab864fba121b81a6b1864ba8251db80e5cf70f305725762859bf475c570efd5a6c17c93eac281a4889fb767711fb429a04090bd6a8edbffb9c2

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6dff740fd49fac6e34cf2367554a8cb4
SHA1 b6cc4ed9cc5a4496e90906dbfd6f3c2e589f47f2
SHA256 54165f82a0448fc08a6f5283fc772059bc87ae6e1ad96f4b6a375620c982f2fc
SHA512 01aa6747a605844559bd74daa58b0540ad0755368e8c019376848d7eb5e42237080e3fac867ef7c23defec219cb14228e964b9d979b7f786a3aa79b256fb427b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 a43eaaae18ec67c326e70df96dd9bf83
SHA1 38a2d33591351aeb7c2e351137d8631007a5915e
SHA256 6ba51a9253645de8f9b0f8c2e8523be7da832d5b36981d0601cf2a2c376237c0
SHA512 c5c5a66b49bfa5d8cc4fa2fcad278a0fa2aef8c917c0aff983c41c9f47cb89baa3f42b90b0161f6ddd116d608c6bfca9f152bdf2ce5c46c24f61aadca1e5ed63

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 9385412947bc8309516012afd9c2d2dc
SHA1 18daca3c50b5a956e344cdeccdaab9a6254fb0b5
SHA256 927941ceb7629173d6fac147ce154562d8c9ac94f19c4a99901a3ab8a952d422
SHA512 dcfb5d2e25db6f8804c71cf59f30e8f2536e5d1caa1999ff3ce1851cebc97a9378063069ec67f86669afc45473f96fe38f4e65389cf24403299d919c3420f73a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c1d65924f106b2e88fb865f164bc3925
SHA1 5e0698955c5c13a1af2fca1aa6102c9954c4abb8
SHA256 5186308af6ab272cf7f8e576e3a19f7be8fcbe453477fb0b1a1be14bc703070e
SHA512 467a90842bd279f285d7279529592114811a732938b69a986c4170965abfb9d42d88b5d8c2e5eda2102e36ba73d57c1b8cc086832cc94fe5ef835a5aabdc7073

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 ab2bc40d09ff7aa81391ad40008ec3cb
SHA1 1fbedc749f02cb591a90fa87af89d889859d8398
SHA256 e10786e1d79af1e35aeb43617cdf635e54aaaa90f5902f958bd28e6c6baecb3b
SHA512 ae92f092f7b0b228bd25b9a16f620f5556793565c19d59ff201c47644dfc4de94ffd45aba79d2caff5ac213b1cf8b983a68f8b8ab84f537b4812fbcff031e3b9

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 4d7193549ee54658ad6e75c7f431b2f2
SHA1 8394e8d855f135684b18796b99a78bec110f4451
SHA256 a98adabb22f3aa33563ef4766402e4c427bdcc9be2b1dc06b44f038b2b7bc045
SHA512 b42de79364e6d10bb416a3962637768617f5df892c795feffbd63b79c7f1a5fd46c4eb98acdae8716193de1f890bfd13d937bc86e24b7641675156f81c1b60ca

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 736ee735a462efd8c2b5b42fd9db2681
SHA1 3304aca5c8996e2d7974bde0bee3d3ec564faac9
SHA256 d4cfa1cbb1f924c9829f586441011d7c5b3eb457f65c45fc7c6b20f0aedfdd5b
SHA512 014b53a82a0b36e013a56b3f58538eb6edb7f3a25c37bdb484207ee4f337ab2dd42f63ada6f8015116a3fa54679e97bbb2b4dfd5b28c11e8c95c5fbe1ba133b5

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9a4c85e40565c5567d44171abfcf8e02
SHA1 a49ca60864647a6bec8a8cdc967049e47b21bb3f
SHA256 49dd23b643a893d53bd504ccef86e247457f6a01a582480d7ab92278ab9a82cb
SHA512 bb2e961838252d7c95a3f5f8b46b5d2a8f26a86bc128b1e0aa9cfea78a8f8c291b6e43cf1f93cbbfdbd5fd08845d55a9908c0389746129583477c85b3d3e41c9

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 8b7f5a06dbfb11a4a20756be822e9f73
SHA1 d643987c22f4148bf113212326d491bbf910c051
SHA256 1b404911a4ae418b422b10bfa60e0481fd033aed4419fffc599968d93d7e187b
SHA512 4432fa2c621bf31cf7172c47783a0be56cf6d4aee94ae426b46616bae60a9e9dd3920d935d42b80388e5fee5ddc05c053c65efc1e719c39b022f939f653885d1

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 2424b56276972cb11ece8417f1b5b0df
SHA1 ba4403a7837b04c79f013b72c80987a85a434056
SHA256 1075c196ea92d2a2d0f5459321d9114742899cb86c346873e68b7fb166952d18
SHA512 fc49c855d2db1ef944cb5882799cdd0095a44127de8e67636d342510966fc79778f2101961a94e911a7570ef95ccafcc721973bc02949aa5c95a40680e3a0c8c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 fb2b520969fef618b0489373230624af
SHA1 258d78ea6ccedd13e7d9a98c4c907f455225c70b
SHA256 6dcb60afe096c39a356f42274c566969a8d52ca83cfde63d9a1007c638971b02
SHA512 5835fd23013cf59c5f97d38211e249aedc02dbf07d13a2d26c097fcb851f9dddc3a89f574c97ec86fc3f8d6c41e6b31516a719ff3207c47809c44a1f2d01579b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 6845554b847bf5f137ef5b669fe03839
SHA1 7a3e7728ee1f3c4008e559f9670b3d04a7d9cfc4
SHA256 d7e09f64d593abb177a37fe6ea13cbed6c7c3c0983da204d3fe3df8ec16d854b
SHA512 4915615a95664752c035bb1d7123533ed9345aea8dc069ba829e29afd190fc418ba0b69fdb1dbe045267609d5c0e04686e9af87e07cc8916f4ca78fe19994243

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 3840ba61ca80ed85d8550a7796d35e74
SHA1 be54f60d6d14c9af42c3dee074876e60160b9898
SHA256 279ea6f0dca7cbfa2f5bf82cdf43ac04a463c96a8d4f47543383b79f08975f9c
SHA512 00c72a9400f82fc16fc2db12802a9725ecbe9deda81933df7274d9d1ac9cbd3eb02083eded44927d6817879dbc9b9e55546a38bc7a23dd84be7150b446ae2064

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 ce69e78159ffa118940b3a858b62c5fc
SHA1 5c2ffc1055ae5b864d0c37740c700a5b17937f08
SHA256 600c538b1530b1b28367eb3790b603ee4cef5df67c3d138958cfbe097325b502
SHA512 5ee9f456ef835ac7cafe68ab23eaf76c96d99ec7ed2561bf386d9de2b4dffa3e0959696c382f031adca36fb7fe6cb93001ded8ee7ccb5f5e65793903f0ee222b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e323330a82cb5bf75ddb490780db5dc9
SHA1 8ff461105e235eb7feb4a5768f8790a2419e1fac
SHA256 5aed81a08ae227d0ef4982c0c691e52e503ee242ff8e2cb638770917680ba792
SHA512 3bdd6602444324464d0020b126aabfb65071d593effcd9f5ffef14739d02e65c54d6b0072c0bfc0be9e71d3f72c8b5703b8959890187cb55b2a68acfb2d5dc6e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 1cb9d5b71f5c9c31ee53f0bb455a3b48
SHA1 601848222fb08252c5afedaa35098baa101b0e39
SHA256 5ad90b68b7fa410476702a3bc43985fc836e829ad5314eec125fd97898acc428
SHA512 ebadc7c59e17dcbd0e9950e0d76a3b28523c09b7a661509d7eaf0d9a99c0b1490100e0cd21c663195d6e0048cd4a79df8722652b9bb41247554b10cd87c94784

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 47720dff46bd163b98ba6796ca06a4f0
SHA1 428aff467f7d1816552a6877694d789c1ef9aaa7
SHA256 d4e9cdaf7540e2322618e5e8023e98d11839ec8be552962658e3ec88cb724125
SHA512 d3997986be5b30fbeef0b68cc734170c9a6e80bb6aed63eef7fa26a432b7704fd4971731580eb156f9af7dbf979cbf7636b9c8fbf569d174e2deadfc95c636d4

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 6bfda944aec23fc74d76880549abb50b
SHA1 42f88e3291b8fa82d21e0961d1135ddaf58fafcf
SHA256 93e0b50e86157b730f64f32602a05fb6795b9a05d5428fb29f5baac0424689c1
SHA512 0a7dfb16e9fdc9dad52ba755d3b78a775b55cc9fe911d48a47971bd175ed7c1b403cbaf0255977951ee802e36b1f118a6e34152f2a924a4ac791b8b1495b76bc

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 d7ba9d6f4f59d5d61ef49dc7297d7313
SHA1 560c03d254286920eea57cd5b0fc347453bc8952
SHA256 2b7dc07ea627a609970bc33c7780805281f4af29378c10a9ed923ee6b525441a
SHA512 3a720a41c247f5182805af344530ff34237b8b6778ab6871d147ebaaa9613b6a46d435de8346786029eaa11dd5760869025397f427d253da5e26f99cdb793366

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 ca396439a64aeacba5cac8d77163e124
SHA1 447851cdfb34a26ff6f4cbf0afffa2a759f228f3
SHA256 993217063c7707aac01495a406955738ba00958ba0a294f2e96fdc9634d8cb83
SHA512 aa03b9fe56ecc907eb0cd513b0d8abed76a6f9fb3a68691f7f8bdd2159dc936dd27e21ec5da96305dc2749d724c21dfbd74008328f7152ef08dc4a9670110637

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 c27393c9820274491a7180f12e550bee
SHA1 cb9689fecb8f7d4a0873b1100ca6761873dbba26
SHA256 4310b94f1888c08f95163109109aa69171cf6061643f8e086917df7563404096
SHA512 d6f0acb74d06fb5208d0b68972990078d3f2e2fa58b6ee9cd7a72bb8bc3f175ac239c23fa26ef14dc981f7a025f5eadf943a04c303070f3d45f949e348b1b4e3

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5a88f961c42fdbf48cee2e08be09269f
SHA1 24bf97db091ed983361d688cf0f60b8fd507440b
SHA256 4c93cde93712984ed9484164a38a9a67dfa723039a001bde68ea3eb762f3e4aa
SHA512 1ed891db9254510bf31a254c9e51534fdf3e653fb8898517695cce095f04df5a659a9935fceb23bade4f685b21204d87d85bb4a1b4b1ee89e36265984cf800fc

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e478b36723ce820afbb7f6fe98481a22
SHA1 a1e3fc3c8e5e9c59ee2da6531cefea95c605a553
SHA256 dfeb3a11919ab5b222ca0b4f11c7cb3a8c6085438b1fc3a1e4509601caa4521c
SHA512 dd4c72ee506d34e273b765cb2c5e150e511c15436d1a10b8c05b4bd97a7f47806fe9e84d950b0989a3303ff9875758e6a2119648aedfd5b2edc5c3aad9ac74bc

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 d526dae332b52b911492b3c75224a2b9
SHA1 b1732699cb7392cb8663d85d7011c14cccba4879
SHA256 ccf665fd512f782d0770bd62d108581a1c5ab3f45ba54c062a08dca8645d3efc
SHA512 bf98f261c7e96fbb8b470442b1167beb0976ace8bef2e80b08042ccafed1405215ff815378da587129c52e10b5ef6e2c3a82c87626f16117b9b769fe0a0713f0

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 b33f82c3d737147bf8cc4513e8890197
SHA1 d4dfff7714894355b862c656917557ab01e21372
SHA256 8ffe07134092e8d1edf90781c3775102cd644bc060a92ecda7eaf5694b72511e
SHA512 835f6cc4506d0c315bbca57c9db4a6d4ce21e94409c0bdea14b62404671af220be67c2033e9d5a418dc3e9e32e3b426134ab7dc40d048cec28d6ee3c7ac561e1

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 8db781a6de01c26c1fa05ddb0b55bc23
SHA1 429f95c8325461fe286664cf722bb1491a92514d
SHA256 71ee96b3623a8951d7cc2c8168ecd0820fbecfe24894192326619c70036941d3
SHA512 2c345fa8ce418cdfdd17d76e3885c62693ea51c0116d7c48183743a5974676d1339e186c03ef204f48a17bbc4c313d8d6fb5c34be84c13dcb7af6d5b6b47f5ad

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 425ca1517d66d8c3fe70cc8092b3a95e
SHA1 1d4d9e93ec86a35caf55376a8c2a9118583ac6df
SHA256 8927d8acef7310c024dbe119508ab7c070d2546e37997afe28b4ea3d019831d6
SHA512 ab29be7e700e7d8ca4e1b634eb216244a2d9120fd3072bdb15bd2261e66cbac4556637b59b5f95acfa68fbb1c2a037e0308da18db44d1e47eabcd51fa12c24cc

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 bbe81e06c69c365721f987686d875729
SHA1 e250d3080f136010d527785086a1075d6a38f99b
SHA256 650ca55bbf7cf4cc59aa3ac89b64e17d763e251af404b0f65c936603f6271184
SHA512 e730006e76bed1b077054ed4403bd51c93cb6ce4d88ebfa571815b467ec832cec638e70821593eeaed890feff10e35f3c1bdd60411119ad6d7bc253394c2f802

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 93bf62f5eeb98e3687b4e1329617b038
SHA1 9686e7909ac64ca0c64ee36f584f9873d4a20df6
SHA256 085cdd114c187390c3e5cbc0d165341e9ae4f98d8f7f4bd1fcdf2a0fdc84d71f
SHA512 18fbccf328cae197dd322125113357c8b870b15f6f5d2c8d85fdfc8536cc5ed21611a98b97d9d50064298afab405743b366c460b357e98f45656b291d64a7408

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 d158c16b5d7215710571b46793f1184d
SHA1 f7f449024ff6ecab77fce4adc73310019dc7ae7a
SHA256 19d97cda8befbef84f7e55910aa8c2c3800286430ddd0e356b60e19133b494aa
SHA512 9da848f4b121a81ed0101f83e92bc8c30997614df122dbc78d8f76424b2d71686dd10fa7bdaa3afab24c6d194ace717f41ce312f5bcff6211daddb2d7442c752

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 55d98fc00edeef58bece2292730fe044
SHA1 0dc4a322d194cd3b222f56efef2e96567d64f88b
SHA256 efcd4d6cd5ec28f9c209f3c0eb5fe4860b916c2f150d5a0d8735dae6bacea6a5
SHA512 ee433979502d8be4408b53ebb643f29c23a50ef4fa866fa6fc75835db16d263c35731571c02ca3297154494beb96119b5b3b066181d44504a6ece75f7c346325

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 557a8f29ce551b0ed8adfc76310dae02
SHA1 3b012fceea7d20a228ccd7662359eedfa581c543
SHA256 056accadb018c95056ef21ca9302c15d1750ff063bc16a5eea3acf39d75a9974
SHA512 92c0e34be7e92bd5fa2244600e655e228286f21168c899da73637454b9981bc234b8351bdbda077a9514b8432deb1cfb81e460195cf29b5184e039e865cd36f3

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a63543c85a60c838f5d3a49868b5cbab
SHA1 870852a1bdcfa34449e9552e640eb4320f6ed1fe
SHA256 3d145892688f1f80515a9de24b875d6b5ff3838ac7c19bd6188a111029849cf5
SHA512 24e6ad3b1c2726cc08dc765ed2fc84c734fbf1868ad622147dbaf166c53985f209a69c35b05ff47fe86377dafe2ecfb599de9fdbdc5c2623c9bce3568fecd196

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 8ac919b3f5d6dbb797d201cd6de91435
SHA1 4739e738b222a51fc846e73076fe37d4631fa6bd
SHA256 c668f4f7194a007f1aafcce0fb03392df777a32aeb8e310429c33dbae133cb7d
SHA512 e031aa9b56626215ef08d98844f5f05eb57f0b4bd48b46468bd85017a5db994fa36f3f235bbaf57536db246df7afb64f86021d05ccc6f59cf80c17af7611d4f8

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b849474461566c9e33699df9e8ba80c8
SHA1 fcf7f40382e36aa75ab925cbb153ce602c41e455
SHA256 cf1af7f4a6c2c7a338da7f1542aaa7d365d226ad5e426353e43bd3275256a48d
SHA512 bd47cb4e5d63c43b80be7bc4322ca8dcacbd44e3bca9aa8f96ae0ddec4b0cf0fdcb84f1eedeac575af7a62dad2ca2fa75f09484e7eddd878b57e93b7829fd100

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 2ab10ff7bb86f2333453e27b2e6b2823
SHA1 c6a6d99f2865240b2d532e0d17ecaf4c1722390a
SHA256 bacff583abe1477eea96264dd5b2d4621865c189872b2c0f7b049f7fa6386de3
SHA512 5c1e1aad2b15b624fa454fa0e2b1a60b5448ff80cded1dab2d1a5906d16680101f49704983ec9b061c8ac47560aee934bc20210a5e2f7df9a3e4797d85854fe6

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 62c5f60543f6cdb3e43d5303d7cb512f
SHA1 2710fc272b7c9884fdf4f15c5c063897bc00145c
SHA256 8d0a9cdc384642d5dd8054b6704734f59fca4ce02116539b73eda1457369ba7f
SHA512 9062e44095054a1f46a75f18017bfa7811d993acdec1a3b39db7b098dcafade9577d5f7c147d5eb20c6add4c57ab0308a53ebc5a9d0db45dbd90ce438147215d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 dedcc0eb012dd7e5881f048c251b8edd
SHA1 ec5b4d88cfeaa5e1bf62c8207f018f5a9610601f
SHA256 adf8f23e3953990492f21b43224af8f34bfc757a9df27c587a4e82c16a332746
SHA512 ffeded62c3f4477ea78ad8e1f03b88025945583ffd4669041f554f55db7c00cc9e1b594ed1e428ed54dcd6b7d59c045d5d93c63108638076cf80c298c8cc2653

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 171fc23c550b3db4848eaba62c58b835
SHA1 d50b9ca673187a0bdc8104e5b7b3fb74cf4dc4af
SHA256 4bbabf7ee880f87d1a107529daf05dbb949b3c0612c957173a1371ef7ca903f5
SHA512 0e85c4d066af9a9807c249c7ba7cb3b9f3794d89236a0b9552a7ca906daf84004c361314a69f82683e2770edc7c403026e5e2deeb9e8863d65b8455930c15e5b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a9ab9499caa5485b66f1de11b9692409
SHA1 7fd1b9b1c2a97fa15f6244c1c654bf50f78584f1
SHA256 b02ed3e166be90f1a2d1a1edac63a77ffe05b0021b13c99980d7309f1378811a
SHA512 9b9a70a3e6e253e0b67c17b981a70e805d7cdc8fb1ab85b087cf113a3effff228a4f15aab9fbe1d5318dae13cb7f4f19a5728867bcc7adccf96e6c7e0b553474

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 1b499ced2c5ec15d623d197e47ff3fac
SHA1 844bdbedd5e64d11e81ca4bb8dcf505cd19f4efb
SHA256 68c62d0c90a5b73fb4bedce4c0c6a0e150b60b5794cf2756e4105077ca4529c9
SHA512 2b555ceb1ee3cc3e73cafa8b3e7de2dddb93a40370d635aef4cd3069503ce11f045e5bd00b644b0f21fa04b8aa07922485246d708457d3c07dbafc0379e8a356

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 2487ec4f8b5c56d23ae5f39635eba9ed
SHA1 a4d772a1cda15edb73cebcbaddb98945e350791a
SHA256 ee764691c09436f1da7cbb88cbee99178e363606ace4e445665b95d0d990f284
SHA512 c14420b6648a0461f8ac0e9d44d34b1fec2ab0318e340d5ee731233430846c912469c3ce7d7d12b09c870afc7569dd25499d4ecbfc68b67ab553daa181b2af82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 0a378c39fbcc44fd3d8ad2ef714619dd
SHA1 d121f05d5b0bc36b9eb590eef060778c21db325a
SHA256 e0964042049aa761590f376912acca792b0cbffaf834638061b465a336713f93
SHA512 c02cc4b50b9756e0ad6f4bbf637a62883183de71cb546885ebd554ae0b8dcc23b432a4091c638675d2a371a5bd65deee16a60d12356505e21bb362d2e77cb62b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 fd8ea63caa042b7ec779ca40e9d634ea
SHA1 5c146b921eb8412f150e41795e81bbfec380cf96
SHA256 261faaeeb8d81fdb108e87a94a594f40bd4f3d61f9b444a3f6d81e1962c6c93c
SHA512 eede28b8c925242f22138af915e6214599e17255bb0600305c299f64ed0691099b11ba7ae28375876a7f5200a3a57e1f086c93f20b59a9007a4d8c416b51a164

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 efa6cbb50a318e4a0e6a6aff0a965cfb
SHA1 3079790296a3ccba6269194592b8df9eba47a60e
SHA256 08ee35f94c5d32636c266794c371499df96cb3adaaa0efd5fa9cc47b37ebe388
SHA512 07887ebb9830659f914aedffc7cd27959bc0b4683eb4882a73b9996b24bdfac4fe44ceb8cc6f8250fddb20a1b42463bbc99f4918f43c48ae5ca8bd0f3d408c86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 6e4e15d43df2219317b3a37db53cf853
SHA1 43a04f08c03a3b8a30eaa1d970a8b9ad35823d22
SHA256 9d5059fb0a4102088ab083ad9f3295a07925b751b22ceef381cda34c41877864
SHA512 6c111f88dc17c9311448c2c839a88d00372d36442e5d1ec7ff951697896a5204a2393add3218d47aa20994b7806a1a0df65d950b89ef705b7e7bb1826d33f4d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 e67d05a6961ac56aa14ddbae7c9f89da
SHA1 2297022b27e7bcb0b96c8d38fc3394ed369ff35d
SHA256 21dfb914c878c2c833f517a19c343795679e6e91eb7d28a30b3ebfdbc6079b95
SHA512 cb2836bf1c6e7c4ad71a1a9e525ddcfd4d54a872f5bf748375b6bb929f86b626cf6d37ad23bff998fdbb3212b16092d8d42d4445e901fe3ed2251d345da574d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 ab3066d6d63b5d48d17363480e8bfd4e
SHA1 0bc762b83fe7d9a528b9fb05c40bb723b6c0616b
SHA256 bc31a8a54090b7a7d831909466cf63bc8f3b5d87803bb4303146edb072078875
SHA512 8a6bfbfde4cc7b9a78d022051b1dc68f2d80b6422781585321f0ef4924d1eabdc9e063aedb866775355396183a0e8cd7ccd0b547525d24cb63027e352744db79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1b9731eb8efbda26b3a54352f0053aa7
SHA1 4b3908bfa0daa3b6d1633593399e1bbf8a3a3ee3
SHA256 44b76ebfe70ff0ae13f2cb4c63333a1bd1875cc995f8d7936cb2d026272b5782
SHA512 29d9729a9f294e60f253ded6fb32e10810ca06753880c6ac09cd4e51435489eb06ddd0daedc6471d38cebe2a6297115fa71fde067dc2e4f3060a2b43f9eaadda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 bed951e89eb8d5e64c46a6287f55b20a
SHA1 b824799300a99af1feaf45f757bd8685c86bb7c1
SHA256 deaf81012b0ec46e70eac8b8df796fdbd8adc5bb56348263fbc1a9b069ab7db0
SHA512 164bd0602c6707ac12f52b01a3ea1393abf57b1cb4e54a3718e9a2549959be9b6d649979fbf9ce5bda1fd58365ebe916b4344528e89fdf6809c9340aebf17b65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 49f1b8dd98ca1946d15f41362392d233
SHA1 79a3a43e0d25d39b11c7899e23d72d50fd88b9db
SHA256 be812aa8c0b44f8064e2272a79499e68c1d6e128bda25da65b32429e166075ce
SHA512 0a71323e27f68c538351809f86204e971fc8a39776add59c6202cd87a89959e96cfdc2a9cbf27dfcc7b9d4f0547c8058e5560005deef9219de6a4df6966554b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 6a08a66f11d43beb561a731f0e9b0746
SHA1 0023ac8702751ac7e6e1a6b353fd563ea6fc8d74
SHA256 a0d08ebd24bea4139ab08999e49d5f115f35fb419054af174d7a5bac5d761967
SHA512 89a8339359f44e0b0069ca7ad890ae6a5fd7b93721217fd14f1ad360c2dba9574f97e2289314c953009f3f5605db1c08ec368f14558961b4d743cb927d20a110

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 b94f8d74933e126ba60885cc3189511a
SHA1 bf82612976ea409c8defe98e415637693761040c
SHA256 a639c0bfa2d77b1bc0af5330eb7cd8829f8ab6b43c3135d826e9dac7fd888a87
SHA512 b6a3882ad59b23f2e7f9814f9ed12ec009b5454b15fac0a9692e0cea34ac5cecc3a4d3c459dd3ddc83cab3da28a06915d410cff1b032b69c15347550aa57999c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 5b304e3bacf97395f1a9da05b8371ba5
SHA1 fb57fb335a19de86df07cada0551c5c53862f517
SHA256 0fff64fd80d07e8e1f44ac57fb8d31c5e7577bdf5f9f9e113ed6f387dfaaae2c
SHA512 15c6f688e19ed79dba1e210d13786a6b707b9de3ea494980645660ee4fed08395a7594f51b4e365c7a08a1416bea02d4a3a1feb1d50522cdd07aee7576550cbe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 bea66aa41e2b80a6ef4a4fe3b33fb1cd
SHA1 e2bee90628beb131b3fe25db0e9b894e608d347b
SHA256 1fc0c394f24c5855f7a6135288ef0d6cd2b4cdcf772583d2eee1238bc3e03010
SHA512 2ab9b1be9209c35953e9f5b5435baa9a45020ce36fc68dcfabe6fa1e279afa4d50a4130b477751f83ed6ad5ca5805660a2fc340ba39d55a9e9631fd082d02251

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 4811bcaa969029ae65237b42fbaaed49
SHA1 91c59188e54adc70a09cb65a190cc3374a85b558
SHA256 7113b65a9140ac1399d927df3e5d950ba89b5ad67764f5a2344ae07c789bdc2c
SHA512 58a68821102ae12e55983eb4087a01f101b750c633051b26ca6a41d25262ccc1ccdcc97844778973a106edf450617bf737d6379640dbde7fc38e5f112024af54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 5b2b683901d68687f098d62e18948e41
SHA1 5a14c765389a2e121a7a31326dca52c374af484c
SHA256 bee393ddfd2d6c3ec8e3048a646c2e722e5116411e4c961d6ab57feaa4685f56
SHA512 914066085dc1451614daffad28f2a1c58ab77d5ddb9049a885e9ef4f7a3d754be856664e08452bebb45c49a0280bf9f9297f6cb568cd122b7a01e6f96d4c4c60

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 334828e6b3e0b490fb2b5d4888165f4d
SHA1 5022322ba677412455f7ebf4369649754b14cfb5
SHA256 82410a57645e91948c8bdc044d7cb9d81d77b4185a5c301fcf0989fdf94e55bc
SHA512 b00e9352674d126636f5c61e6b0c76a3eebafa3c88dbba62af4ae088fb85cab83fe546a3a22ad1a1b76e465e1cf857a9d6e1a4ef2c726661b30bc9ed00f0538b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 530a1199d342d29225c93b9ed3540fb6
SHA1 260238a83ffdf41ed7d2608ae808ddfe765d5485
SHA256 1e7412b3c561fbf7878834168209f82caf31c84a5f4ea8ee79050ca225ee3a90
SHA512 12c165e58189e04471022fc5aec140e21154d28d0787aa8ee2c2d7525e21e499db20cd31d24a28a61e0b2d8f723f22a62445ac4da518cf5d090465751a39e338

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 36d2648a39c88c792920064673843330
SHA1 f16b67c02bcb786bbacc08c95790f64119fab730
SHA256 089c1bc0ea178717cb529a0c7260cb634ee1ce1b244d2c340c0c7d7dd6c99191
SHA512 8afe2c4d14e338b1219c7e8178125d0ddb5a38165cef97538cfea4a37335806928eb0943c5211b3c673b7e371a3175b4e5c05dcdf9bd7d186c3ef2251a5cfba6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 830a4a8bb44dc7e6fe486d276b15461f
SHA1 a4356d551384123745c5e99f40cb4ba39ee7acc9
SHA256 0058076a2621452db85879a2a8c66351c8191bc098222675e8bc1e04b31007eb
SHA512 d9bfc601579d04d99f4602d92c64a8e023634d9ea7fd6b787a25edf51a673054a998ac239073659eded3fac6485812c8903c220660835ba7bfa6be243c8182e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f00aace58de43a9b48f30aeef3917967
SHA1 f527d339446fab10f708922e50bc19fccc03037b
SHA256 634d4c764725cf74a8a38c00a88457ca1484784f9f75b7ffd44d3d18f16de42c
SHA512 110e92282ae89862011b4518e09848102b9298c6bbb05af3b21727c17f52c5fae64c96721bca9f9ca63ddf2066e62078bf995f8aa69db843016a8b61c332fd7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 5f4748cd6297caf83024af3318a39b30
SHA1 32ec4f4a4e9f7dc906896ec045a7589b15f06906
SHA256 b0c347b6afe6fd48939c8a478c7c6931fdfd1b70b7eedd5c43e3d91d3984cdfe
SHA512 3588c6d78ca1107264f1dc58ffc681b3528f168a427de1db5b13f1d0c41f5d925b90c1c07a2316aa5146a0e9d1eee8e5a6f11155e19cf40176e51ccc6016aa42

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 dde92a50f2ac587146de9dbf8215e165
SHA1 84e2c46f77be0e47bc241d6df1fe376510202c4f
SHA256 483954a2fd308b7ee7c317c526b76f57c42f2efbc5960bf144481eaf4700d3c0
SHA512 04bf0b4ecc3ce5e7464500df09fadb560c47628433705be0bbf5ac109918026b472df8dd6beee32cc72fc86ca23959b85aa4468caf7b6de4786c096e7730e93e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 31865ae68897e2b4b1648b165941f1b1
SHA1 fffaf92d6288b2126d581fcbd2e4ac1559a7883a
SHA256 0d6cbd8918a8d10d5638e9caaf8d4511b25aadb0b69cb2fdf1fc87b0cad70ddc
SHA512 b01ce58d4794963ddd0116532156f6c1c6945bf39cbb312589ba10d90a347efa186e1cebe7fc0931043fbb2f3479de26ee87bf9a1a490db64c2625d047e86497

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 2b40f55a0a822cbad9c5e7cbaa551f6a
SHA1 9baf28add94b6aae19a9535362b9c15d751e521a
SHA256 a0443c4823a25d395230adb19416ba94edde633f7a5481c6947ee542167a44e9
SHA512 c470bff6e041933ab1727ed7eb11a2c297419ce90db1894cad77201aff7829c99fa386b611cc1528795fce1081300c02a7d5263fe9cc18f5f40af668a32200fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 4681f5675e4e651be52012c35603b2b4
SHA1 cb5749f90d529a7e012c7c8c404528e22ad24b30
SHA256 db03b88da054182193b8931259d760d2b64f8ccc75c35ef2e2950fac37b96641
SHA512 76768a111b5cb959013ae7d307b0c8cf3b3482f9937b93e4aa285c2139418770ba30100af782b282d055fd4145de3191ba0e85fc1e002d7c7fd3cf40d4b6d095

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 322bb311da084016bc65f4286e3cef11
SHA1 7518e1892a69c2e5d6421f3b586d8fb9aca8c6a2
SHA256 d54e0d4ef2c796e4d3eee733e970d33d40af306015223f1d0f215bf3511ea11c
SHA512 1cbeb4840eed998a5abc24e6127f5af86df892e65f7721343ef5009922f35c3a23411fad976a83b29dabc1f3e737c454427474a58acdf0a3c206d9d9942d3d85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 35448f658709051505ef4fe58fdeab10
SHA1 96b4b07aa592110406a4a2938a9a46a820a948f4
SHA256 a2fa521190c3f46085670467ac4bd663ca541585e7192de463a59a16cc5cfabf
SHA512 741a24940515ba8da6e2cd843701c50bf58f21885df1abfd1010df78accf89e9109e25aa04c5d2c8cd6e045f59be6e0bbb1e2aa5a294d9d0eb04ce6709e9fb79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 c8f9997559263d624911f131b3a9af5f
SHA1 4460c8605ca7ee58f88c9f3e67ee43c32d672819
SHA256 881f7ee2505d1e5be16b8313cfadb2f926b06dfc5d2beeaca81835ac907066c2
SHA512 fc02b956652c53e386e5da397291878fdc6429972d631149d5c8f749d517cdf76de7668011f53c65446aca3f5e740e6d9e6221485c437bfd29331a60b63b842f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 b5c03800e3aafc5321697215293f5a84
SHA1 692d220ecbbfccee45687e8202dd8fef9b3e6f3a
SHA256 3b877699d64116105c6924ce9c3a74acfef1715b60a24a1c98a217b0db55877d
SHA512 6e7409ad2ddf54b823d52c3b561b9f9156dfc3a59b4e5eeb4453f4f7c30e92e715e55e79cc4ef830002c77bed1e0d2b3061ab268e7fc577e1fc10101e115b20d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c7ea2e920633ac0f2c133e0097d2711f
SHA1 d1282b13d3692aa1c97df786a84f054833b692d3
SHA256 7777fa16e0b6403110b5af69f99efa18f527356e89059dc674be1fd85de6729d
SHA512 ac1609fcefc990efa8fa39ec768f67b174090c60e78b92f088b15e93d3820e97ac8b6f1047f40d0e510a00524e0167882d6fb7cf49788abcacbbbe2fba0ac2b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 4b877b960f0a5e549e9daf8c2e1e5b49
SHA1 9098b8f4fcd1cd2b2d3a43198ab0afb39fd9bdb3
SHA256 da220b544f39b14a459a6368f930170513a4abab460e3b1255f98d3d7c43f660
SHA512 369c2d71b2cb048a025810f632d0d5f39e7ba4668ead0ac5c9b7e6275b3bb40aba68fc9b93dd4b97aa103f973effc4e4f70e6d350c489b281f99381414ce39ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f43c240d46ab2ef97e19cc297a66b1df
SHA1 de9ff8b4ea70ed7182cdbd6f05f6ad2c0fad1470
SHA256 1635dd134c9dfafdc6b224c131234fbb4c87eed6fce5a7b49824b62116da1bd2
SHA512 988e0ce3c030137a670ed5c695ebba200140fef9258d3aa7ccbd6726b7e8873483f5403a7df89dec2756b8fa2eabc0fe77392484ff6cc657e52f78751400f49a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 09c2fb5820cd90698835dfd3e7f6c918
SHA1 fb9f4261c13f0910a2c10dc2d02453362b80b87c
SHA256 abca9a589e5f96eccd2f0a9cd25c68b14191b2d397f48c2c66ad252d9c0f0f63
SHA512 7defea51e87c27cae8d378555a832b09b257efe38b1fe04e62085fe7a943f43763e98d816f7e7c89e56ab0765afa5c25fd2a62354bacf74667b57c630e58d902

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 39c91a70193d12367923a208b43b7679
SHA1 85c8b0972664d4ddb92faa2ada4642bb9153b9cc
SHA256 7562354384bc4e57a154769668ec0ee84b5f293ec0757cc3481ea363e31f7d36
SHA512 1a6baa91f0aa192e2ba3341865fc4acbb11ff9d0c7014655ddc66a775d4ad61f95dc2d674e14b779cfb7e25dedd47a3bad191469763a4a84e165ec49bfe8421b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 7095e918d413c3db3d238035ad7dd9c2
SHA1 2bc507649efa4c96d41f2a2acec2e2e41bb31498
SHA256 c037061777f7522804ff6e5883f4d570107d6eebc182888636ae591c1b1095d5
SHA512 e8ddefa27e591deaa988d32c499a63884543085eb75c1f5d83ea397d33685d25a24da2c959d808be759b8bc6a8cd3a528ee1af319cbf8db5c6f3e9e104f51c41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a155b14e52017ead41d2ff1dea88f98b
SHA1 3b7711d9ea8e3a72440bc6266bed590174d7cc91
SHA256 01dd55abdedf64f1757994e0bd723371a4fedb398e9ce25ac6c6b8924b26e0c5
SHA512 1ae561184b04aac5b677e55b3733823c777473a15c8ffc09954563f015a2b9cf3da4589e2a721c34ac3f4e1d1feada29ba9a406f4a3120216089a2a866a155b5

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 5e740122fd183e49c73d784f19a572b2
SHA1 b18d7323ec5c4572c214d06e795dc5ab923f431e
SHA256 4e0ea672e625df218ba41b9c998b68721412ef8e79d608280f460776e0cb4391
SHA512 d0fd32023a8ad5a254f302bea4aceb4cee76a5137d0b7b13ff7b714ae210b67eea9980049263a1e47558208c208f5d81afaec501eb4063ba19e10e698da21b0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 e8f68a977c8089135a636aad2a75d0fc
SHA1 83e5cd0e3f0cfae888f5a1e6e07844b3d6f2c351
SHA256 d88ad65a40d2a246dbc2ce8729aad3dc113def2fd623525fb8f64f5d5a5b2590
SHA512 b9f722c54f39974be77eb6744b497655d2ba618bb715ebde8496b0cd44c7af7731b3447c4695b8c62913b06115d560e5a81e7adc6b145fa4bff1423504bb6196

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 7048b09668c785b6f9031ddbfc82860f
SHA1 bff1823d2ba2ee254bfbe43832971bf32ed9f8b7
SHA256 1d30a6e64c6490fa262f40c64661f34893531d161f1201b828da93eb8e1ba515
SHA512 a605ea9367ae0f60fd5ba29bbea9956d0fd49c6e56edaebf4bf6b5b7e4be49999be6a2a240f699a69d03a4c88ade482b58ab85ec4d0dfcf0bf3ccac62e8846bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 1cf019e815c8b1bd991a0135dfc46123
SHA1 b4bd2e383b8dd29f071195b9b379cfbdc739ede8
SHA256 904df9387129bf063c234b1dea6b1d543c536c3b4523bd9a8f8c31a0e86a3812
SHA512 e5f6b7aa04e73faaeb2b63e494054c66e495499127667be3b497b3f32b0f7612d1a012b8631f2a183e5b86d6b1bd14563eb3cd86d7389c90491e329a9c77e85a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 8bb0063de080a18c3e98824797322c2d
SHA1 664ccbab0495d49e9addaba3749284dd76c74a22
SHA256 70553d3547e3c9856ee64a5c2fb90cb58e11189013fb05824c2d902a56b21b6a
SHA512 2c1281404e40abd0b2d34d98f62f066a8c4ca363e4388e9d0ad42585f3e43b601da6f756d2124952cae5bfaa3685420cace7487143a0e194cc54a8cdce51085a

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 f319b41f448f4c6c540fee30d7b3958f
SHA1 44b20e14474c956b6a12771d11ecda7f45ef73e2
SHA256 5bbae7b1e34cb79080f834b3d16ac964a727c4791c8fa6382329276de6c1b433
SHA512 8a0c16eac2791fbcca2e7be02e94a29701108b76fe0678332e8644886f5e596fd5dcd3f917b4a740e12d2185409cc6f29e7e741e483f1faa2bf2a213cd90adda

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c88fea2da8b926923c7bf2437ba90445
SHA1 b2ba67f325eb40acc48e0972b641b005d8d9657a
SHA256 6d1bd75fcebedcac314c72aa628429ced554b7b15674a709e4c5ad7ddbca023e
SHA512 3cb432c99639458955d33e4dca7191d98ef990b492ed3fa3d1ec3f7a128bc5db2f9835d7fb4328471ceb7287b25b00959f2f0d78bf91cf49f161f0a69c2163f2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 479e268e856d49608cd64b96b1d75083
SHA1 17e1dc2811a60b27da139cc95fe37b3aae5e571e
SHA256 24cd62ed09519ebb2fc7b98024c75759a8fca10957823ff24fe7dee1dbd44afd
SHA512 3f7f757b9fc1d305705a56e41dc8f2b278cbff2a00b85d83846f101ef56e82095418acf897c72548de8784ad6cfd5c201e929e8b2ff7d866a4c656506f9e1e15

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b52226c6552de65b4c796df5b4ac4217
SHA1 c539d1eabd814b2299e65c65882cc496431597bf
SHA256 8228afb4409854f2c25df3df610da7d5f1c4dc66b01ef9d62110d8ddc11033eb
SHA512 6681a4fd3308713b788bf9329ef0b60a01fa1eb888c4b46bb1e789fa7f1b25ce1221802c724f836652ab9910ae71a36e63bb5e3c0b4c2e2effe9b70ef6b1b1ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 88fbc082b9384f748a6024576d4c0370
SHA1 99251778a98ba67e099372810bad7d0c184e9558
SHA256 4272cef6b75a0879558fb93873df8a2d3d5aa7beb9f254f3d62bff2bc3f2ee6b
SHA512 a6f96b9b4ec3ed00deb79b5009804fa6e474699b7ef949e0f065c214916d0a71849337d49733f88dfdeef76ad98e8cd065020174245bcd277b691299ca439462

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 51c3261c8c8e4b7efe5f208795f1c746
SHA1 db94157f501a72a37ff7fc111437ddb5521aef38
SHA256 4f73d683a8f4f9eaa39b1c686a8a7944812534ed3b25244ce685060e408b8887
SHA512 582bd1d395422ad6a0392584aa24f5600d42d08764e6b8af1ffdbe7344a279bcae33ffc1e724dee5b49c96bdc10fe49fe5201698519ee25286906c211f1a9da8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b2177fea092e56d6033a4201994f508f
SHA1 f50ef476cefba307ffc55b88c2fac4aa47f836c5
SHA256 0c354388ae80b010772e708ab612517dca2bd6d03d073cf36499397a9643af92
SHA512 fc743341b5b4125d97841000763ef755344ee26e1c7071cc24d05dd700763dc540cc52b609102761c0dd7edc3ca2360ff70b769a5b79785bf1c1b26cd3b461e0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 79a63b611afe4d9f70d305e530585421
SHA1 379c1604973be50884ee040749df87c3978c47f7
SHA256 610f5e7a59d3a3044a06f20049d499790c3b1bd2d358abac5542002884c188fd
SHA512 6b4e94c1eaeb0f510e9c0bd2dbca993e4658097b7c0684a63ac791d49e32c7bb18dbcf62ee311e9e3ea85bb403621df2a99a1ecffeb33eb00a6a5a58e51fa1d3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a8e9f3f24de59f96db21b07b72a2590b
SHA1 89084a9997ffd06dcc2a3527ced2730e528d3f1b
SHA256 81e91f4373c634cccb5ab993ecb660c8bb228fbf315f427fba86aa0ca9317960
SHA512 cb447c4c26de25188ce1062e74dc28ee030e55ca978ed21b3dde8da572a4076608153ee5664bd087758c8cbf49fc649f3f0796c377460062266053a80ddad73c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 52bbe62ea7e2c3d412ef98bd844d4c4d
SHA1 9264595f15db7d73e6669c4b380dab2caf975278
SHA256 a5d806a1d318d15f137d8ffbbb19a108eaaacf7b274d5f473052fafb981073e2
SHA512 715d651f71e817d0c3bd0228708f824bac3f1af8cfc1ff8ee2bb1aa83f8cd17a44bf279be7a08dd6b71c0ce0b9894c157220f2473e88abf2ffb0085eeccba30a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 51c96f5acf81d3c5b336e08d1f713cb1
SHA1 5d8a482ae9c8fb13536085d62138ee1428fe0696
SHA256 aa6bc8fe8ea6a6df3ee879059bfb8787cc96cd8a2ca32de0a7e60043c5f98848
SHA512 2ed890e8fac67acf4fbebc61736eda6fbc2a82c85e7025cb8689de9863bf1b6d72b2a9880d1cbbae96ea73356025afead0085f8497a17a3695b94ed04dd3a5b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 bf2786131cb3f3cd4cf1c68ff912b0c3
SHA1 0096656a94c6eb20f4a9123c6f4b4060719f7056
SHA256 bdd074a88d9966926e52a8904dc22a33e876640caee193202a1c80b611537548
SHA512 09947ce7f2d7d198de965d44e5022d6d608622c775acd84edc5a6cc4ba011b24260a33ffbe7b061aeef5f3c340cff9ade8e1d90c758e7dfe768a01e60966dd7a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 02fbb0eedb9cbf2306b3c479956d9207
SHA1 a86c25a3e2b7b6743c9fadfb5a9c64d7dbbdc127
SHA256 231b6a7a15c1162e252dddaa04d673fb6ba7e9647bdba01d0399ed3673da1e88
SHA512 2cfd25bb78cd18d3a9fb29e9bdd2f62f775eae676f1d278964084e37c8a75a617deeae98feea824def9cde40147b8d9aaceb007cf0c282535d9ae59b9969719f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 39c374927a04a3cffee2e354b51badcb
SHA1 dc6812e54b8ab3fda44cfc0d33cab97e5a8778df
SHA256 267ae10899905c28cf6ac33bf6d268449c735c08e87e21d827c2049aded310e6
SHA512 91aff1ea7863c0e65c2d62bd62387e0d38e670d465300e24648cefe9e06cd175bf927671d8c7c104d34e84f501ea4a15fb477139779454b7c2e9458a1d03dbd1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 0d005deeb4240400939519e15a8dbdf1
SHA1 e777b1b395dfdc76ac4e947f174685692bc8c168
SHA256 47aab3d86f9f8081caf9244700d0315c36345cf8ca0a890eee10839b4a632260
SHA512 4323307488866de232c0b984d4b35ce26a145baa1aba5913d3f2413494497cf6f4b1521cf90b6654a7ed5fe16d18224983fd7cef4973325d2458efd7271a1196

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 ba9eaee1c250f00b032c057ef77cb272
SHA1 9d52711d41737d568434abda255c4f5197f38357
SHA256 d415978dee871ae9362a4471c58cff6765d77c3d369cc7a6d48b2fdfb1162415
SHA512 fa636b77d972c7df11e0b2ae33bba92219dd5455f36ef652f1a876b19306a288a5bbe9362b1ab07506a3f90e503856f008057406a5b23bc6a0780fe7ad3be465

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 42337547da1a972e4b4646e0314958cc
SHA1 7303753f43662525ac65c0817b9078b4693489af
SHA256 33202364c2f3074be7800aee715070a7f9a26e4358b45166ff1a8b178ba70077
SHA512 bd44575b33c132932ab6a822c1b66ec253b4908a348c0496c5bd433ca64f14e02b3acc927a360279e71eeaff8303ec235196c7b7a266a31d6d913d8946ec6570

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 edcb904cde172784f2be9716fdd53f4a
SHA1 9e6a3e228be36e873f844dbe4d1777fa6c8e0640
SHA256 fc9d9df68c50759122c4c12e2a8427b640cbecdfd4f41e2e22a356c5ed71b749
SHA512 abdaef7339e24df7b201d1fde79d28e629130143fb2367c9474b2549555be910ccfcfdce4737ff30899528076568ba3d7c928838a39799316bf731d2262f9280

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 6762f9739df8343f9f90e58551ecb651
SHA1 ff51119e36770a8e14a31325a6eae7ea8809c8db
SHA256 bb8d2c31f7aaeb6512edd641c4d8c5cf14f3a2ffc16922a7a3aaedd1564ca0a7
SHA512 34f202db78f19a012b0fb52abd54732ae752d4a618ae02e9d4355fbbbdadcb8e07c121ee7fc2f323b1c1e05ddd3ff7b5df41c4c43ac61b76ed8946587c06fae5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ac21f9f317659c368cf63a39c67ce0aa
SHA1 089372f78867831a35f4a5c9e473873a73ebaca5
SHA256 b97de1a0636f1b727f1fa3952e9da564e2710ab3abac0657b673a97e7a3a2052
SHA512 925c16a5f84a09623fe25ba8376d827a74dda0c73fcd4fda6035e48e37e31135f2e05e9fa524470bea9c59b375448dbd426c55716b1e0cb0a6aaf324131d8737

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 4db1c9e2f4956dc9255da0a11b2eb491
SHA1 342be2ad6538a8aeffdb5ce91633d2ddb9f13bba
SHA256 134556a48897054989dd60bd505c32f4a261dad5df532846a6287bf7401534e4
SHA512 a4ab55862a7b7530cf0ce52a22b6068cc5f53697a6e5eb3522cc3113a5e74428967d4624601678513b49f31e40587e408dc3f599a89a57861ccd8afc47a97fe2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 ca40cc97093b903e8aa4c1abdd9cafc9
SHA1 f08b07828f30128af2eaf31fd282d1653bebd1c2
SHA256 c441438ba6c766083048200d34498171d27c0a1acbf0f55ed94eabb836274f98
SHA512 751ba21332b013de9e34db6087cc84e3f3ff5edd495b87721522673143cbf9ad39ab29bd2126593bf07c75a3ca75f74ba65a8b30d6fd99ea7b6858f9c4c8cf23

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 57712b5b5eeaba2c14ee4ea5a45fc6c2
SHA1 226329249108bb81860d29effb8444215fde26d6
SHA256 6cb1033a4956803bf365dd2921c7594896d4a5705d55b77be81abae95cfd8c58
SHA512 fe4373287e7b73ac25a31929ca10a0a8a68ea31a1a15feb6def95efe8c5b3843eb054f217392fc7ca78c3b470d048a830aad55f7643657bc480c76848b0be6cd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 d6459ed1c23c78abe6844a17a3e58c8c
SHA1 7a0c5c37cd531d103c1100183b40c79332ed53a1
SHA256 d9717b06d2915ff4d5eeacb25e4174f201122a95dc9ef357dc9e6f70c54f6727
SHA512 3ec6677ba8ba06e7b068fbfd5e99c916438e98871e5c5a600d1d4dd936cf6e66245ef4b5ff8cba12af5f2033405a7dde6d836fa396b9e05c2152a8d0e5277ffa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 1ffb550271cd1c8f27855a143a00e47c
SHA1 5af0d9bfdc35107741495478c13c747563d15461
SHA256 a768b753dcda70e8a2631aba2b86f4ddd2b7a88ddc150075704bbc58197ad5d4
SHA512 dfbdbc0e7f9e7202902f6eadbcc5c14fd915d5b387dc19d66416f6228f2c3aae5d8866ef3158ca0a090ba94fcd82f7e1c542c8c06b29635f305160c0c2ea18a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 555775983a7aa5bd49eca2d2b22df0b3
SHA1 610f9e30ec5c0e292b4471b03f35b1b83f7ddf31
SHA256 707ade724cb58808033bf9cd1b77ca8f88fe6b5f09efc8621f818900c9a20a0f
SHA512 cc6baff3288c4a1d603dd69325a42583cafff5d70e88d64b304ce584bdb398bd762f459a292c0122410c6cf8ab5ce5ba4df43f917340e8aba5a134b051337978

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 e3415899ebb84e30a0a64ff964edb6a2
SHA1 f0616e3c5551301b78835c269edfe9fc86c68930
SHA256 f2c71226fe66d2e508ae297f64366df725df32d8fdce8ee4f7582cb0c9e70c57
SHA512 a86338900c84c39074b35ec2e19061940acd418fc6af6b0091d50576be64df7745f57bfff40776dc6397e0d23542a400242a2bc3a7963c53c2d85b315122fc78

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 0126e1e239f121fc751775cc522e7f85
SHA1 2f66ca3e510b68bbee6823e1dcd4fbd61210fed1
SHA256 70e21b808860487766726bd74f369f8165efe7723c51e6d1190d09ab8e99ab1f
SHA512 ef9e1b962883f50c3d666d9944ad5ef54e5925ac55ca825583b4eb26f74debee166c3df8b1e0ff084046be478fdc0afbff66474e4d4d397addf914e0c49b1677

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 ce4b1aef594078128b73f89c1750a3eb
SHA1 a94578b56c0969ce805668beefb05c3fd41016bc
SHA256 e617601baff5be0cca04f24a29284a7378688bf99d6ca7230a75f58ce9aa0d71
SHA512 3be4cbdc32198b963c9ed0c0a831fe5f9fb441ba8d2bfbd022bcb0954a3bff56beea313d259376c811eca0f080e8936cbf8ba2ab067e76b03316602133c59684

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 11f210f8b0becb3cfaa6be388d706bda
SHA1 4eed731abf28f0b5c0a855b16e8c4e59cec5da6a
SHA256 97bddcc01454cec517b2a5c74a81c1ed514656f54a55709bc05d615e7ccc431c
SHA512 b8cfd1fb1491f1db258cf62f42a168ba04ee89db987a73423f03e480cb6a91b604488cec778ef403f0d64a45e25bbbbfa09839273416a6a5bf21b0cd0cfbe2d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 50c4ce422a70489d9ed4d2bf0aa3f494
SHA1 c5662832291475759a4273f5c23bf35fd14d1735
SHA256 e711af35866d812e72685131e4d947186d90bcbc5887b9f2c84cd4431b8d8813
SHA512 79dc71b566c3c5a241993c7893f2fcd11b02d01c04542ebbaa36817ffe6d9283277432dbeffc595ed7976de83b37070808d6bdab499e03629bb83cfa937d9ca0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 19641179526c5d468b15744c34efb662
SHA1 90a3bf98ff3e060e52ee545088dd0604f2373b00
SHA256 12e629d75646a2edc6e9f480c20d8147437f586e73e4486874db1b2ccfca08d9
SHA512 7f85e256541aec6e631c81b07cfbe64c57dad32b3414c7f6517c1bb4b3d8f81f009b17ec1c95564ca6d36dd118c49a508ba8975019621701de036f7396b9dfd9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 4d1906cefeac20f2e6ec8a234eac663c
SHA1 feb90d2a6878282ee1680eb483dddcb82b49945b
SHA256 232bfeea3b1e0241f204d081ebf63dd4180802e13ef1c70316c2e23913c3e4cb
SHA512 c5d1f1ad9c3f746ac2b11078d5a16142b734b2f7f3ceddf09c21ebdf2a33e5a66ecb38704f5643466c68809ffa503c94b45b13909fe21d63424324fed0dffa19

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 4b5c638cf2ad44a9e472a0c812d77774
SHA1 9a86fb572d4670e75bb0c3b8677d08e13b64aea3
SHA256 70b8c569aff1ad3ac5de5b7bb0142e45e15dca1c2f30fbba5e0ed0ce14368c84
SHA512 71839417a454330adc851ebf3f6f8a0bb400deb73ba94a960de9b9a1ebba676ca2f3dadc6ff35226b81707f84e0357aa2a759ee26a7964adc1ea1ab5e6794ad0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 828d8934b8065092c96693fc0e02e5b3
SHA1 10b7b2139602c84df70f77e021ae791feed929fe
SHA256 ec4a1429309b6e1e1196d171b1b4f625934d6f48179691c9a4b61be1f80f46a3
SHA512 cd54cfe356c7e6d6cc265d01630e4f892dc74f48ec57fc8b31dbefae4f001935d6bae98b821029aa954b4a033aa679b076f945c3239d32303266053cd26af3ab

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b12567ae7d04b465c2f79394467f6f95
SHA1 0eeadaeccf66110885af8fbf8641b7ea3ad27456
SHA256 55c5e993c46ed17ec60b7bd2e487db2ff1b8c7d75606891ec066ae98502d88b5
SHA512 16e3d2335003ca67312531799e147cbdaf692ee28bb8c45dadb457d0bcf67159d5f3375c57b17a88703293d9031653c998e647dd0d0f4ce613b1431c29c69121

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 508bdaa105ca6250e5e347f178cdaa6b
SHA1 bdbcca589a8ab6bb41316008149addc47adc7899
SHA256 286558234b42c322356097a5a364c4af254f2b87bc53ac703a0c361ed677715c
SHA512 8e6da03f8f06c6e673e8298a6179df8e15cb8d0225dc245410f50d32518055a6113f6a56f2abf3a04e9b7de31877f1b85617fccea9eeb523a8da7ef89d257fad

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 227be72f055b1beb29383856eaefe5a3
SHA1 8212ae9b7e725a7f434ea70817759a1d8d313ec4
SHA256 1926106496618e8b3513ac1a58d75e9db03c7d4f3ee32ac19c651e0fcc1634d9
SHA512 5ac05e7ca97b69dc032a17e0fec4e3a61cfa30ce566aa8aa6682ce0a707f2d92d610bdff10941e95b142e73e1218242d4b001c610b17f910b0af39fb50383248

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 e70e4e772830e3aa78f96c87be7d7f4f
SHA1 cd91c6739352eeddbd2ef2918a647f7e1445b22b
SHA256 2400bcd068e141c36030190d56e64e84d2aa7b923bb9f8c83acb783f5840f060
SHA512 d1bb2b338a0d6e9ab66cfd856abac076030bb22d25d20237615371070b87ddf7d5cd84ee383b07b672a4130f6b0e821c00bd0e81e4f4a014eeaad291bbeedce0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 8085f65821dc152e052a02ef45dbaf9f
SHA1 9981245f41abd181b8ecd1d56e3baec5b7d811ff
SHA256 8114541883dceb20c640ede3c3f39d1c6a06637709dcbb5cc374eb4db21136a8
SHA512 02f25707049928572d5b826889d8bf4649bd2ed93a59d4f957c547db249bd7c38782937ffde0494eb4e251ba1c510a58ce8049e3fcd03682db28a80ca357c2b7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 461f149e645944affec72b8dad6e3693
SHA1 b2b5c93bd3fcb1ca4ba711c9f8bc5dec2c5a2535
SHA256 0d88362c5665a5499b44ef21441bded270169375bbc8480c7bcc8bc1e547b3c0
SHA512 8c755c2a936851cda1047443b53f9c937db62fb5c7023d3fac9d79ea6a35734e106e6c2ac5f7673ab4b7c4d492735ee58fbf10cc80e6b42bf8238b3fd98250ec

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 5918f19680b402f7ad4b02d7d64dcd06
SHA1 7977076ff2423d303b7bcb4bc17e4e681a5d1efc
SHA256 b79bc7ec778133c0700f64dd7904c8fa3af058fc5d6e4e310c9eae5aea7a0944
SHA512 6a49fa69c0b66e5c72c5f2cd52062f34e776bd4d077eaeef7918e4a500989641cc9b5bb65130be095061e5a432b538ed4871bbc27d1b48afc964515940b3fb26

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 bfc7483b758c8f42b352affa5a58fea6
SHA1 e7f140e28e8da216fdea8289348626e8111e4e8a
SHA256 dc79354c6f54aed36cdccc121df15cbf544f3e2d85e8deb1cccae1baac95e90e
SHA512 eb062e5198f619cff996775b9c79089b241b59e6b2b0dbc54d64121c3118046ef1ee8bc8edee3de744953203718acf9f29b1d131e7981bb2aced395beb2993a9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 ba13e0ed2491e6917f4b12833a69c4e8
SHA1 938512c2cb3d4dca6e7c998e8ccd257a678c227f
SHA256 6eaca5850a65381f9fc77bcd4c6415fdf8e67a5edbec4a0900e5ca72db4048a3
SHA512 70dfbcbc7ae94f35d64ee2d1c08ad6c02ba0d197cfba772c9f7202f2de3f13f2390be4ce9be2984291935dda33d07f3171f1aeb4a8c8eadfbf5902ce692104b6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 81609f9d84e6cbe9431ff3f92b5116fb
SHA1 475272f44c4e78305267fbde2dfd721315b8f1e0
SHA256 461a85309997a6514afd9ce44e68579c38b85dab2daf8179a9e0746ddc39a77c
SHA512 a11ddf85029ea194ae437a2bc5a92e499f442f7505341b45e0157e1df25129865bc2516bb41ec97dafa104bba9349181c4b33dd69fb4efd9e3353d4e1f4f454a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6821d58fbae3933c4bb0a7502e30baf6
SHA1 12cebda288e2cd38a2a557f7b9aff932377a9bcd
SHA256 0f65d4ded4b6fd9fc26edb8f85f2c175fac7d9ecc836559e588107d6a3606d69
SHA512 1b8e19904f70f9ff1eb9821b423620518661e5ebe459d054fc660380f76a0d47eb2982d277282293d5572f025387c170a0fb62c3a34239f8be3df364c1929dbc

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 36a4182fca677581eb50b27dd0f7b163
SHA1 b0309d9f89b8a7d4343f5f43e9c8066a7b52e11d
SHA256 44364769b96567a5819cd74d31a04dbcd83323f5cb18f6cf7c1c97d087c2ca67
SHA512 254850bfb591aab8ce288155af88d2a44aca13f31ac09d3f67f1718962893608edafa99960cc260ca4b8ea49ffb50cdd492965bdaa17cbda861e7412874ba1bf

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 3793c9ffd5a81852786a03bbb8fc56e8
SHA1 fe5551e28345be48a21d6c026776ec7f219d2905
SHA256 5bad8a9d30acfb232dcf633d4d8a12dc73e1cfb15ab3a055b6de03b1900990b9
SHA512 1375ed545cfb573812e4b4221b2f838590d58542001d25ae6c41f6d7827d94f8de06bab2ede3a74d8d8eec7eac81239b7c9f213a03540a816c6744c4d245e61c

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 740b573012aa2592a6b570cfc45a1111
SHA1 ef672bace3161895be2e1e798fbc3b42e08d3e5a
SHA256 a53d23bcec8331e48de46291db7f7b4c9545fdee74c2052b844ede3f2e5f66ca
SHA512 82075599d0a48537f0df5121b28f454aaa704afa0e7da5556e4356c5c983c9df319464451d72648705689f198643a3da197cc17186f30b0737452f6d130628f7