Malware Analysis Report

2025-01-18 20:36

Sample ID 241127-hfcatsyner
Target a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118
SHA256 fa515d064b0ffbea92bfb205f08d942b634146051d58403ef67911ede3192f36
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa515d064b0ffbea92bfb205f08d942b634146051d58403ef67911ede3192f36

Threat Level: Known bad

The file a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2182) files with added filename extension

Renames multiple (2161) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-27 06:40

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-27 06:40

Reported

2024-11-27 06:42

Platform

win7-20240708-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"

Signatures

Renames multiple (2161) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_neutral_4506dea11740c089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_neutral_d218c42ac8635704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR19F.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_646ed7a9f28f1f8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9c867a3a571c6936\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..tools-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3a6a90e273d7c75e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0184e3b8b1d379f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e7fce109a52b1c6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_c1fead4e4bf85947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mousedown.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_a958e61749c0d36e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0301cbcb983c9a65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_6.1.7601.17514_en-us_eb21d606d8cd36b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7600.16385_none_df43486076782d83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\row_over.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.16428_none_a0d7be346e5a380e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0aae56edb37bcfd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c7aa47ded79f2d68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8c7a6d53e29d5de1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0f732d54e2bcfd1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_428520bbe4515f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hdaudio.inf_31bf3856ad364e35_6.1.7601.17514_none_73863b3e7e0f937c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_msbuild.resources_b03f5f7f11d50a3a_3.5.7601.17514_it-it_b87b6f93c6e6c058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96cee39171a8e795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_40a91f862f646cf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_40d36bfc1ef9d3c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tcpip-pro.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1254aa008171f7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\default.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb90b56bfe68b3a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\inf\TAPISRV\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-sync.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b1a1605efb96353c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.authm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_846f04e072966f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b3af76a53e79592a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e1af702fea4fbaef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\Help\Help\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..layer-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cb5a83a40124a6ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-aharonibold_31bf3856ad364e35_6.1.7600.16385_none_df8bf8e079b63081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.scanmanagement.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ea7984279f42f697\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1256_31bf3856ad364e35_6.1.7600.16385_none_7fd6dd5722d91be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmilib_31bf3856ad364e35_6.1.7600.16385_none_b549ebfe1dddb7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1aa69d3508a7d1eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_30d3c1be51f47fb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9750551119babb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c3e893c26ce74b10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f3df4dca246f6746\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_d3664f410831b76f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_890e4971f10372e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehchsime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a8b99aa3ef341fae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_6.1.7600.16385_none_63bbfad8a404fd28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-journal.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f1074a3a8da1c5b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-k..-plug-ins.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_48d77787a16fe240\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_31a075c6a5802364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Stars.htm C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.NonGeneric\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PEAQJXWDQGDNISU" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe,0" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2c8b6a90f1754cc90d8aebe64d702ab8
SHA1 1f6fbf21ac777614a0d94cf08046f412e24b65b4
SHA256 da83c9f23168330f1818abf1f4c4142aa193a4294392bef3b5cc0c8086804f72
SHA512 04d01969fdb7a2cedd92c4bb727c565053d440ed34b2b175f6d8fed5d444bac210f319508b54e47a3b92fa4b9585822b8af58000369bb0c1daf0e539f1fa5fa4

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 46db4b6d8cd499d54ae597547b1dba9c
SHA1 01a61ca8f8a6f1ff65c9013f7738332b3b772d02
SHA256 821f6f72e6ff8d8288b7d4cebf6d02ed7a7c5a18114d3e8e809e7c46e18292a8
SHA512 3196d16118b2c2894bb8467b2a7b237076d31943b1c5a6b659347a1b4d9d6163221fa4ff7fbcef56e2e5c0ca478b5665d94b542d72fa841bc5f7241483baba50

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b7b19b4d532f89eea639fb8d97793c08
SHA1 f143664dfe20c69156ef4e6cda396f69a63a2192
SHA256 4677ba6dc7b8e8d71c6a683ac92b81187ed7ddd395cbdb2eff4562b1bc79779c
SHA512 b33811af5265c8d75885af9dd2ba6523dc5cbe85ac9227c6919e8b7baf07e36f75c2c388850b15e292568bef88cccab4e0b117193f6ea8f089bffae7d2e2ccf8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 719bfaa736c141f647900f2741ac3385
SHA1 005d0572d18a3479b7e1e1ba72f04ec8e2985fd4
SHA256 ce27df36def3a350e2f0f09f2e91fcf9dc4e89f789f7c590233e8321218f8a0a
SHA512 5c1c5c97412b2599ee31ad87a35bca91a0280447d78ff2de636d028f35769594a7f9064d7a38ec30a0429aee584255eb76c56c09c1152246037c47ee550c03aa

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 51eed9f6a9eaf7865d4a55d58d8fe04b
SHA1 6a7cd8d2e2b601693e4d3349f312340615e860df
SHA256 93d1abbd6818941bb2abe119b8cc6b207600b7b5ed5b4015ca6e5caaede8a437
SHA512 0211a896f7842ab5b60af02df5cea9e10331e9ee6f64b3e57f9c8625d4e6097d2d1ff1351fd1da544c476894f2eb8003078abab71f0539f130836ec83a6aee42

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9a63b790fd2924e904cbd4c9db616d48
SHA1 07dec666bafcdf4ec5b6070583578a5aebf33fb6
SHA256 9b1942d68fd6ee9d2cd0b4e18e9140ef2d58c8cba39f1984b8dcd4725a74ac83
SHA512 cde8437d1783d9e1bd6d07f22e63a29a5c0cbcd4ffa35fd647de4ea84115dc2de33dddee6cfe99e4348407c4416261173364f5ca7f8da336179072dc7bfcd2b0

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a3e8973961446f148cefc26c27018637
SHA1 7f05812f1e2d405905c2d7b8f0d039a3d30ebb40
SHA256 a820b3bfd0f600520420e3e050c8119bb1b6ce34e6bccaa3621ae68386230851
SHA512 59843e7225b0eb57319e40de94bacd89da923ec463996fca308981e67f62078420304a004b54bd052f3dc904c6a47daf3aa4ba7ec75e84a874bba3f199f54587

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 be4017047a25fd81f2195b11776a33b1
SHA1 5d74a8628706635df4bd464a5c8b97ce7884cb69
SHA256 a4dc3ea9342b3bd349bec925b2e0ee9d98a7f049b6db53529eaff7db0a8ba6c3
SHA512 f21ee6329112fa99be57b87760fafcdc9c019a8b99f63df6b248db569491c254817ec6aad64b771fad56111482f306437eaaf4e180b755bc9a036882957b589d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 b7f0478ac0f5a98bf6f6d78454bf33a0
SHA1 335b438b80bf69e27c26c5cf686cc29b796c1160
SHA256 aa76c7a689fdab6d896276888e009d954af995c6276ed9e907fba2300714c4ca
SHA512 3e3a7d48699d9150845cd7d97a6b551367b2e83f4be247abb6015f9c356f9d995dad1099b2de013480e1716fc37f24ffe50f7a28f85e0a4cd1453182d90c6e99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 8fb41dcef08568399210c466c2afeced
SHA1 5de553957387267fd5aba5ce87b247fbee6f0c4a
SHA256 73e2a435434a044100a18a0256f8f6ae83742de88f86cbcce378d226a57195a4
SHA512 ea6791de84475f809c7974f116c433240b130e36ce00324356358d2f57d87a0bb4732fcfe619595d4c6e4d03ec3757ff6356a69b88a023f54a2b73405da1a1e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 e19421fc1f033423291f35668dfd574e
SHA1 d1e81245ef7bf0a1e4b505c2dd37dfb0ddb96544
SHA256 eac4081d2cfbe5cd0f1cb1cb6ea00b83855279d2f12aae0ae11a9aefc461e952
SHA512 5100c64b7442c81eeae5a665d40fa26b3783c83f5ed4566fdcfde111f2bc8bdf5c06d62afb2c62fe56850a9ad0b9e75712ac01e0c8e4ebc960b9f0c2f03c4263

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 42f6194ee9ffc5a3824b01177f07e381
SHA1 5ba7d2d8c3cefb8f1fe8f739c59a9a6ede775eb5
SHA256 e2b3d7107de8a13f79beb37691aa79592fa0cc81491e93de8bd81d161789e3f1
SHA512 ad618dc36d47f4adcf8a6dc24be48a80d8e4dcc6e85335f12844f85bcbca86a3ee7b66fb5f57e415f6bd556009df5cc9ac2f4a7eca156c0342830bdfa968efec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 1e8a1587c4e93a1b3ec714f3fb5e75d9
SHA1 0ad10e039b9feb44a4eba31d88e7590fe601eddb
SHA256 969268b587cf0228872d379fe0fe0dc69e3261fdb4e4093bfb4c0960deea8059
SHA512 d483f9eeacbbcf6511aaaed9f25ddd10b6e60c998452664ea14db6cfbb17b2920ebff95b6cdebf9df168477dafd60379983570b5f0ebce0b7aedd58d4b395a00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 ecbe00efcd44498b87bd49d1e0b5218a
SHA1 e2ed26233930f5034d22f3ecb019688b977f1666
SHA256 a30b427eb752e72d7213e16e641658d4036662b588e45368bf8f87ab17ea9960
SHA512 be06c307dcb697fc5ac0032d479882442b9799293bbd703615825432429b4dcd636568f3a917c1d2b85a30d65cf7674686be5403d646711aa22147b21dba5837

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 001973a2f848b2012585c37e57adb22c
SHA1 cf9ab08e80ebf52b0f69b22dc3a8bda9db77f737
SHA256 4a413034d32e5798202bb52566fcdf53cf6678dd0646068cba678d1ab05997e8
SHA512 89bc188a857e914e2d8a58a34b66898c4a78e4c48918f8bdc552030a7af608a4b8c0d032e39adce25d96da3e30757abf890ea7fd043ddf69157b9b388f206123

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 ce943fcc53915bcd2c7c6cb370a951b3
SHA1 d88109313221d9f2b9ed9c3a628f78e691f3b167
SHA256 2e821a60797f7822afe619e21e38f799da28718c79b960a706abc028152004af
SHA512 3e2158114b915bb805c6ce168d768681ddb0ab8cd9516b31b6e619f97cc3ad5c7a99836348d8bf29f93483ef77d7554b4ff733d5a131e4a13ede2ece8a59bf46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 1ef5feef2c09d76566f078975718235e
SHA1 b3199eafc48c7e8c5c9dde5d64596bcf35e02ef7
SHA256 cbe0d6cab2c5bbccd62af69b06eb2336355e459cb3f7ead55c0c0c6b85f11c66
SHA512 0673ef37c72556b7aaec6a3ff54dd0710c54de3f3ab38b74d2f8c093d6b61d377e1c1e2498612bb9420f8a386547b3067973ba0c39e5b49c095598de16bbe564

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 de2d63ea173c5c26faac928ea0b9222b
SHA1 69b978f3a2306861a761568456b71becfe8d7d8a
SHA256 bb4251ee6ecab2f685218fc38decd5eba77dbea336f6783f6297f039ed0a5f02
SHA512 f427618d4465205897dd29dd12b1ee2eb4d3c7f8f731a00f678e560bfa52a0216c6db43b432e3dc2e1801a5eae79a0195b170821fe5d13af110c4cd4104c324c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 e3774626f17a805d5c2849a59e9e0775
SHA1 2e2b32aa54a7bc52bf53b4fd4776d6117468dfc7
SHA256 e75dd99996cdf1d84abfc306efac12db943ea5819580aa0a00b52b1bf67d1fe2
SHA512 143dbbc1c3b37f99fdb342737a1bde1df77606f1004fb41f6b42ff7e5ee951e199fab1f4677b0953c054a3a2c2131b3f36b3c0f2b96123a7a7c5d09974fde705

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 1cafe41ed28f59ff00795af60984ba21
SHA1 c0e3f0a74c2af1fba45ccdefa846cc6d9a09dce3
SHA256 8763dc02dc84e77423bbf14c5dba78d66574ece78448b0f413c69d66e8e1f0f0
SHA512 6faaadf18f19882aede75729614936ae22442903a398743aa43a0f851576d4b549425ffc9fc2981d58b4aa4c783309f2b72d63a5b31021846a4c4a25568228b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5f678b29a002fe852ca6461b0987fcb8
SHA1 b40ab93c0b99eeec7d9635d4b9fd3aadbc9957cc
SHA256 7db504e02521c34d19d033e7c07066f481c9b005982febf0f04e2616a23f1be2
SHA512 98dc0d9172638b98fe0522780f78cc6ceeca7dceb9012e20a5b4871f6382f1d7ad2a4e69c559f60fd3c9f1f0e48b3daf5ce654c83e2f26e01a4e0750391a68a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 2f3842a912460c5bdb90218b12a1a6e2
SHA1 c4df1908b18d32e2f33782c7cbb935c887e497c1
SHA256 47ee0e9a3f15fca3af412bcf49b98c70e3b20b66e6b8eec5678795f79293dec0
SHA512 c8ffd8981558d6cb5dfe9d3a392c772551eafaf7c052537537a07d917739bd39ad0455738a19c8379296d98a021fa7a746616e3ef9944cd03585cf18e473db39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 7fda01f418afe62148cbc95ebbd1a416
SHA1 9cc1cf6931c481cef23eeb0f68a4b55c202aaa99
SHA256 a939ef070753b01240265e727df07647960196c3cc27ca96442feede6aac2e8b
SHA512 1f48c3f0afde7d0462510238bdc6549288d96678c4e7f5b7909fcf3ea099db32e4c5865c823256ea9067948f55123a768da9f56356c2805ad3496d2e9066a5e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a02b4daee60e92644829fe5e307b4874
SHA1 9898e6b7b60538978dae43266593fe20b9cf723c
SHA256 c9452d39dc1405d5f9a0197bec58b83b6e7cefa27a50cdd50bd3eb1f6db69fb3
SHA512 2f9ebd7a4ad4df27f892c61b34a454030ca3213669d44057c6046f2b5a40eefe8b06e9307982d811f5c96bfb10c08580ef936c23c4f0433b845c690b7af56a57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 61f3916432e3ec852757819a6f55d4c0
SHA1 c754199a9bedcb9ce55fc8c477a16e1f046a68d7
SHA256 0ef56c643fdb6d7b0176115a37c10f493531c1ddc26df495383453dfa248767c
SHA512 cbf4fb5b5057445cb5d4ef58153d8b1fbd4b5d6277aaeda51969e84ea0a419a1144ad06ca94ee08fe1c275742d2b70fbb97afcbdae3afe11882ad2d1cb63ee94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 ca6de090664e23cb686fd188ba95cf10
SHA1 ed0d5760bde401261a4022ceaaabb6a8f81ec10b
SHA256 8565aad78884d8c3c0c33de317d617ee926dd6b0baadc8dc9e5df3476229866a
SHA512 6c306ad49e30b779bb613b90c02a405a53dcee5dbf38fa77ad07a95f6b2efd93ab1732a9e400774f13f89bb2a45a6a767220f226a5643248f16107a2951433bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 49dde932b7998a93e6b06bf29df5da39
SHA1 fc8d152988b52804f1e619138dbc9dcfb51aa745
SHA256 bb676583069e03f8ccf494fd8cd3c339e549f65ebb9052b7d2b9d6b2fd1b9ba5
SHA512 6461d64a269e3b07cbaa2acd8ef7d39afce939ebb1a8a2cbfe13f4b7d5ff11395d248fb0e200d424b74cab8210700b8dd5dd6b094dd55b6097d33d3772292256

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 8fe104610d2648c21b61568320d79a05
SHA1 03c0f428cb445c186cac3f644c5e4e51d52cf3e6
SHA256 8ed3b842619605fd94b8c19e2f7dec835075000c9abaa3ba946d671836b193ba
SHA512 0710b2a4c68d1ea963a32680fea394140d12e72a0c1e658cc45884a87293d1dd9426b336a1aa4243bf5fd9c3b6a330910d9c5ca2ad265bf1ca6b611ca9140196

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 a0ab2475f156bf121a0afce46d700619
SHA1 dd011cc03e2562212213ab7460d69cedf9c45a78
SHA256 0ba4dcb8303812f5e6f5927a1b1b1ccde15b08ff32f8a3d6b37cedf98cb37b69
SHA512 d362de6532edb6f9c8ffb21a9a1ad5b3471170255e3040b9f2987529bb115ca13570b868acb10c79f519dd251cc1eacd2046d91b51b94ef761babf7e19950763

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 79414761c2327b5267414cda0832b89d
SHA1 1f73dbd8d553431bbb3007ebe7a1cc0b5023ebda
SHA256 df6e3878cc4f31e5dcf3d2174d8324a76f6ff2dbff460ba5a61c8b09cd000140
SHA512 401bc14260cf9a46a7f746510668b48dbe999ef52889f8fb1f7a088de73ab72062c3071d411671878f2d63fb3407c2725f1a47df37f777796346ac42ca9a198d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 0ff2491f37dd32d0b1b8976cf72ca285
SHA1 dcb3107f2ed31737e5c0eac2f2981728d2daea32
SHA256 f57e5fe9cdf93508e02e52bd16f6b9800597f991182f26e7b29efb943e4ce283
SHA512 bc62078a21855bdefa96e98540b0a0fb4c8cd60a605323e8352b54ab24ec46c545991de9429f08f22f5a738483ee701ad74876a0917bc5c9e371ef61b4c6f7c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 a1b251d37f510651eb46e4161ba13042
SHA1 791f76e5ddac37d6e94285d9b3baf882ba99d836
SHA256 a92be1ce1eed65a9fffd3f4f67829bf92d4f3ca801f71877601689376fd015f9
SHA512 43f0615864af6e891211a29bd906b4899c662b56d75b52f02a3b67503de975698fb93a8acaa1d214dbba3068c8525ea0e57c9a7ec3bd0ee3ebe8750b3c3d9677

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 16254ba432edb48367eba2927eee0b43
SHA1 1b31d7b7237b356fdf2aa94e04a0c9e1a04d1052
SHA256 1e014bd6812e023a9df9c801fe2ad3150440c975582fd7961230169477a66981
SHA512 a3beb39b58235f5ff533f3bafab80f56ec87ba3c5848a3d56adec24de63ab38738a86fc97a908877fca27b1439fc8bc0b5ce3bd228238fe8aabe1589b1be4054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 52932a584acecb1c36f2f20af6f65054
SHA1 35ba43b63a26dba31429ea379bf43765d742858a
SHA256 0723a0d600b1d8a3bd48096897e7548974367966b2c68c870dabe1830a5e0a4c
SHA512 736a46e4b3a40351effc9105e88a6b22045fe901b2952471745a996262cce7bbbeb3c0571ea6cb7f0cdfb0a0b23ebfdfb6b5e9f660facd94712814ea4189a9be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 931f94d29161aad951b27fbce999963b
SHA1 03cafa44751462d37432853a13e671764861580b
SHA256 fdf34a1c57f98f28f151f88212384211827acc5ed0848ef8858415484b2d9a83
SHA512 da989b96a639a566612dfb1082762ef4acc8abfb9d36540734b476ddb194df04a420d26d5dd23e740d5a3639e6bad0392542ae78e66bb0e99cc6cb3457598a13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 cb60968387b70af6784df49868bc7ba5
SHA1 edc2d8c349fec3f5d7c0f32f8e3824df01ac3b2e
SHA256 9a1d3d1f1e1464a67fbe09746b0b34dccfeeecdaed02aa0d3efdc6dd4327ed69
SHA512 d40408deb5e79b5e0184d955a7a745146077d175b421c4dc926f0b318c55641ba42ecb2ed4b71fcd3f0c872b0e23722b22b3949a2405a3e323b7fec424555d9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 22861e2a37f21795f4db795a595135ab
SHA1 a2ceab2dd120f1b39ac4cf9592d8adf2e823c789
SHA256 411a363b3cdd7b4c31125f28d9f07a9d3403c326d38533d30e6f448d371d8e8f
SHA512 9e2e3d08b206b2e1d0179f45b70b9321ba707ab4ebc26df89f518f5c5ac48f2ab1608d34e65e820cc4d462ae804ac229a5451326ca27166d03e7322ada0b7f16

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 a887ab091fef71cd1ba82745063c71d3
SHA1 5dde49dfeae963ab3f6f39397f5c33a7d74f5095
SHA256 7b8c2a735ad6799f87327390e103392294fffecb8e18bf42d36168eb82c80688
SHA512 449d5c1e312beac5a70e3d8e5d7c228206715d019551ce18d1276715f3f04624d80272f6b7a59eaf0c577ff735cb860f240151c33afc031ed32200bf5f9b2ca6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 85dba95f53da0e20d1f51ed045bdb1a6
SHA1 aa3f93442e726621635a5c9e5e20c60e87bbba7b
SHA256 741ef8c8b5afdb36298dca7217c64b98cb15e3516c083d66ad7321827122bbdb
SHA512 734626aa4342407b564322617f336074aa020dddf757e57f7d1c9d97e438333db2aa4e244fa6895412439a105d4b3f200373271e3f8bf34ebbe0fb8b9d3a66ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 70573f266d525718332165f8caa13108
SHA1 808fb5db0830775ebc40e89ab97347e9774bffe5
SHA256 044a151c158c8ab2dfde3d02ee8bebaaa81728afc6bb8bd076f94fab9c458238
SHA512 47180b436746fb98b97f18b4310c30b2e0ff2ed5f5473f3d640e67aace3f904b39a6517ea9ef07b417984f50eca6ad6102991d3d9a7778eef4215d6af9d80589

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 b096dd5351be0ef7878b428de93a05e4
SHA1 408e9ea5d3fa597864108f27b1bb08e89a37a3d3
SHA256 e3607639f476330ae9c8ca691efd08a966e1317cc627e904f57f49ccbe45f2af
SHA512 6a1e9a4f7b21375d7ef2b5eb21bfcdf7f7f744eef38dd21223af8790aa8bdef2f55c77afb255e5222da875203fab11d6217723b112bc3dfc1e9982aaffd53a84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d12300c381984c25d7d59be7339f0120
SHA1 7c8731cb69b76e30e5b65087fa1c1d1cc7549fe9
SHA256 fd9b96a201b565744156db66515dbb1df36e48a8b3e5da0ea3cdfd9ede4d4b68
SHA512 4aa823ba2b0e71b1878d72f19431e69e1f1d524cbeafdda90d8800561110e77ad41aa9d1cf2546490d1deaeb472d2b7839bb27ec6a50b99dae853a232d8bfa6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f3c8183e3a338e274aa41d9aebaaadd3
SHA1 c02e3af72662a9d071301916bec98addf116bb6d
SHA256 0fa68b60f76867b669f7287dddbca15ee6d1e5f0148467634fa622013b8c9ca6
SHA512 e46772f52585e84236232cd9b4774cd070c84c683a8d6c8434c6e29201742b1d49cc69f5f50145c50546f12677469697efe764dae7e2717a07a78980b3aa35ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 7af79df42f132b01aead6ca59dd5438b
SHA1 d6ac7f4f3dbaa8e3c39ed3b11b385af2479f5fd3
SHA256 066acd4308f7f935f9751217eadca884dca1d9a63de4acd16bd9bc8dd1e04af9
SHA512 4cbfde3a89d331c51a3a5c5c53aff60670d3d8708f201bfc2b5c765914d76422740fc20c3a128e1fbab54d06aae49d9668a9e72074dbbf832054928939ab1526

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a7d3479fe86bfd28e5eb53f8af9658ee
SHA1 832450921fa566abf2c3c465f99ab94f3b05e88a
SHA256 500c49fd4e65e4960d4fc8e4f9fc372b645f1ac6608879b24a56262cd9f539df
SHA512 49a8f3616300ed298934ca2e16da43fed08d0f6a452cd3be619f4f0ea2211fd19cbbaef108f1666f7d47339111572e9791f64595bab42c0d5e38d24df08fb04b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ad2ea8401ecc9423548ed142a2bf6f98
SHA1 802a2f5030884212d9b12a71ba0a55a03359d29a
SHA256 1bbb19ab01a32fada8d72ae4c019f3eb977e74cfce8aab0eccd68c0ddc1943b5
SHA512 2fa5cb80df5ea571a49233a9e3a03fe9c4672598d7587e9fc55ea2c9ea52c42ee5277dd33f674b3b145304491bca2049ab789b853450fe0600f4657b0354297a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 a476a2450502fbd2081e40df0eafdab0
SHA1 3b71052abf110d13d0871fe415ee2696ad961868
SHA256 fb2e8d34b6fd4023d838895a995d7543771ae05eb5e86611dff8929107a1664a
SHA512 c196b634b62666e5d5ddb3e6553ad850428107d0fe504cdb22f435c206de11b8a180f8755f838f8f3536d458e33606922e6e84606327697414dea91b2aadb7e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 fa5a0779ff3cca48a4b2206a216cc5c6
SHA1 0a1ab0c4f2dbd74a406cc090581a24f2c330a592
SHA256 304c90ca78d04da8c39e44b4fb11d6de0d7185e9421aec4f97956db6b2f55c4c
SHA512 a6f15a8135cf045c133bf05166a24b099a581dfe8ecdd38c8e5f81a7e9f92f4c07519769f9cd9f19c2201c5331eefabff596a47aed3fee2d3c499e00c063c94c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 1930c9b6943ca423e33e09302b91e30b
SHA1 4963107098a2298d0b4612654f67ff7b2bad0259
SHA256 af4991da135e6899804d705327ac8e46f3f2acd99f85e245c26e1bbf15294b78
SHA512 833f36e7777739284bcf0a0d588c9af60d191a9069dfa9a6438cfacd0a5fa890cf593e37b47dba17046b19c74328bfe62993743da53e5563e73882e7e095ad5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 d8f8c03f2675d41f176bacc4000bc42f
SHA1 264079f137553306214edd047dee76cfd1c83957
SHA256 7b8636379392cad6d8f1637496910079ba753368feec6990bccfb908408733fc
SHA512 231e0dac7288acb403607c900d5a398840f4ac222943cef5594ce4e1fdc1102a407389944c5a6929ab6f627357534c2ce40acff0b2c1dfc6ad34398b72aea685

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 aefd1d8d157b8d9b5e5378a13639b804
SHA1 afebf9716441e3380c004fed7075d076f6155313
SHA256 e6035175129518b40da5e979fd852e13fb08833afd401da13a7ed4c1737e6d14
SHA512 2448ee706c1a4c3b116a0c9c8d13ec3acade1675424419075b1a0aa1a17d4089b32c5806b80a530c7ba6bebe0b3b76632a329fc75fff5f3c7380da5717ee9ef3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 675493cf9b4c708ec7ae52b233badec4
SHA1 3f2c69bc08e6abaf70f6098c27eac7695f701233
SHA256 c20f458625abffd34ec259989dc56f9a08bf81314b233f30ce207d14995ad024
SHA512 150ccbefadb61861443260f8412f075aff26276308c783532f2266a7606d9e59a8e811a322f63f115c1e42510e18e501461ae2debac1504bd033945e412138cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 223f772b11b2a26fe7b700f12a2bf943
SHA1 6b7d8df3f79cb678df747e6c56a7eee2b3b3c5fb
SHA256 94852db5e46018738ae6efcad366d395cdceed67983a4ad60d1de2a37f6fd266
SHA512 cf62e26486d76dec42fc272680eb4ecdbc86c0c70770cd943a80510d2acd83880df507ab817cf558b2bc6d641e192e9c39c58fb1394ca6812e7587d5f9c214e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 570496a07b5daa4c3337c68c555b1c43
SHA1 56cff0a11415f3408acbe02ed15c137fd6918ead
SHA256 71348f74b92283d3667eafb9903b0b34fd25bba7270086ed0800800bc6705eba
SHA512 0ef8f1b60ae0cb12213cd96c220011cc14887b0a012dc38b9754aa7ae1ed6f8b0bc5f5730dc87ab12be5d945817f5b56ea96d1a5898796c2c73fee6952d41d0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 aff444da8b0315e6abb595b69bc90022
SHA1 346c237e184dd061e09895fe54d37215cb37eb85
SHA256 273441c026b2f30375be8bd9f5d6a2c8fe88216709f38ae5e8b609362466268f
SHA512 d1807efb0367faf92e234356eab700f43fb486486d2fe5734067a7980bcb9d6a528ab7644956d97919f8a7266b0a9d983c1a9a0f00d71b1c28973273922487da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 784c34cf40460325d4d4655ce724183f
SHA1 532cd626e7e510d296edb6fff1c0671900349617
SHA256 ceca6eea61637aa417d8e4bc52447a8475467f996e31e485b64683fe050751dd
SHA512 52f8153a705d6ced1c88f62c04073e25344e452a29fd12558304dbe882615f7d879702c59cfa2018d7248e491b9a5da75526b5aec1c12d91fa2036f65c3335f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 72ca4c0e98207c3d0f1fb538a38257a5
SHA1 4bced283507f966295b8391608b7b5fd02cee3a6
SHA256 6505db5db15d82b67d536e8866a98d81992438ad0a68594c38c97cd9983c1da9
SHA512 80ddc1e4df389b27afbbf44de1c5290e6e47e29ffd45f27b6abb808d5097f4d59bb6de7f431ce49a27784709e3b4537c170eb7ef32b4ef1693374d4d1e9e7485

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3421e344eaa613067773cf000dc16f46
SHA1 da87702c7093027e57a48b0d3b953a7e7f3d37ce
SHA256 b3c2e9de2d1300cead63023e1d2cd6326ba6af1647537bbd0f3ef9b4661b6a1e
SHA512 ead972fc891ec7493ee1a0e8e1abf7a73f3b3f3d127ffb4ccc6127ab1a3927039732331914d380b22a70aa9d13fa59e75c562ba2af6b7f59dc7ff75eb248bffa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 1069f98d4f1910abb015eddf801e0941
SHA1 bd04d1bf6436b90503da3173328bae13185dbcab
SHA256 ce711b16a2b2a12703dfa365d32953ab4ad66207be7f5d464b1a970dbe9e3a06
SHA512 813fb818506ca2c8189301dd276ff5d476c771c2cf10cefc921d51bdf01c13756a91e48cfdb255b829f04c614711b774e28843c074a0f6d26c83d9254bfa64b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 201519bcef45dbf88875a1c9419cf74f
SHA1 5ad36c8ad34a013b5029a576dbc3b5828260a889
SHA256 e9415d103cbe59ee99d2a34dd91936492cb2ffed1a957db7dacd75477ae71078
SHA512 3a3558350e29bf36959228c90f6c6a96da756eb355deda9f6e80d8223a7cfb5998004e660d8e087b433ca60e3251763ad089ba375bad4cfe768246a4993ecbe8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 c24f3145ebe8c411b62737a52af66178
SHA1 7b147f9ec22c03da8d4cfbd3b641a32606402cbe
SHA256 b58e4f7d1e50bb76a3cb1f06d740dbb6f7d90d2b1c794a8453ea63ee847bd6e8
SHA512 1feb4d5bcdba97719e36eea767e027723a008b9fc185ec6b449fb92303d9a6f638fc455c60f6f94af48d83b96a293a86bcc4895b68c4f813e3908220e023063b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6d38ba2e6d61f2fe69da2eb12beed83a
SHA1 bbae9f243757bbfd8626379158aa7395f51d488d
SHA256 af90da03480533bfa87e41e24fea6f16a1502381b4af079f700752a319fc7449
SHA512 b78ea71d85bcb0d45caedc5ffc3d6d66defb3818d38653cd8401e33083fdb77803f625f9b51a1cc7b45b61dc80cf17b3ef900a375922474abd5a20433907b6ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 341b6edcb24ad4ef06762b3d64a121fd
SHA1 8f9310dcaca58c95330edee9aaa4e9dc82e4585d
SHA256 4e4ca3c944a0584eb15b717f19e71c95b82fd9324bd0040f317cbcc440440ea0
SHA512 84dffab3e27742ec511928931d6c5d2e618b81a73cdd011bd73c4837e2463bf6a7840b45a91299db084ab5330c501ca3256f1bf906a63c0aa5e827af6283d86b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 c2b12904cea4dae0f03b6a05dbec71cf
SHA1 93e877edb9f382bef25584f6b3e35d8ab65ac74c
SHA256 393f0c0bc2d743cb82105889619452157708c9c31484eca14c2b5be07e320bb5
SHA512 1e24561cc6e9659ab4e2842ce2e9450698e2ac858d9d8bb1ccfd347ec2f97b422163535404c02a17f1e08f96238881c646d518a4c741bf2709d5303dd8f1624a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 215f9ccbca8a4a209443b4c8f67b72de
SHA1 85e347863ba65d011dd19f5d65504f519457932a
SHA256 68b0ddfe376de52c59277a5ece1ba9c0ba4d911c48fd3ba437e3a21e1f0b7356
SHA512 1cbda8e98c4ac4003d6edcaa2c03a9ee61bbc82fb02ad13bf81a34463f5dc000232d8b68bed64f7e4862da28262010714e9ce17bf55a022af73bb95417fe9633

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4e0679cd2f8286c0211f058d8621ea47
SHA1 36fa0acb7fb8ede50f733d0182e9b2405697191e
SHA256 40a800e95ee792c9ed8a3693a4f9aa2cceccafa5d2cec5dd72b42d3795b506d2
SHA512 82a972b992760939e0c7ed4b6e780cbe92bcfda3e11b5106dd6becea61a6491a4d2b0c8e6427cfffb6a3142238f14771f43e834c6fe3ff476b5dc6f069394f3a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 3334c887eec453788a70d1526b0320c4
SHA1 15bbfde6b99df5f6727ccd3d3199b74e4a8f062f
SHA256 104e5f135819326b4221fe2661b4d0bd8cf90c919c890e8502174cbb173c6f79
SHA512 2148f5bd1cbcd500bc66ccfd3578eddb6c2fa4295bb68459d6f9b4699fc7cb18e9dc98d585f8dabdd607570ccd1973af7e52b1348ee479689e87c43a2c0a6721

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 661865435afa86f74dc99f2573de63b9
SHA1 b418b0af37f0b6a8a1b5d6d81a1979964dc8584c
SHA256 19da828d9e32d5cafd1091cdff45f1af5f9738dee75b0dc968b81bd07725a3de
SHA512 d45deb5af59aea1ec0e4d2dbc55aefbefcd35c746b6190039e61432b2e661e7e650d9c6e99f73cb195fe618d90dd141a86a2e6bfad809e5cce6b7b6ee67fb1b1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e4b8fca78ea7dfacc755c4449647393f
SHA1 6d4feac6a3d15b59f88f94f7e7382500dfca430c
SHA256 9fb474c02d895474db86cf07810f2b4a87c701728206260b1beb26cdd96bd813
SHA512 e6091a68fef4a57212598b0ab306bce7584fa309e918e5f53b1ef52e9cc4b4be84875d2647d627c2bf0d0495a8f503eff043bddaea498262fc51b580794ccaa4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 108af5c4b139d6914c0687becdeeae82
SHA1 8f2e15166b641e48fb0aaa5cecbe8c8d82619852
SHA256 9082901e28533219c57a1021ab85aa504bc20dfb001609ae27bebd434b5039f0
SHA512 a477709c7d87a533d12ee0743f255088ec102d3c56e0328631ce98fbd40e52da5d909491d0e85318bf89b633f6981dea81041584b903fe2562735d0a83c14e0d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 c98e3fe32468327627f3ebd32b4cfca6
SHA1 1e96b371fdf6085b97dcfe8360749476d7e4b3c9
SHA256 ca4400499a6324ce4575145a482054f14e4a3e339f51579ba2981a9bed81dcf6
SHA512 817f3b916b7c01c2aa06c5a139c18a749661863522cd1fb3c26725cdda7e7fae722fb97e10c5af852215283194f187647a08265420853fbbc6c7d450671570da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9c9ef2280a7ff850be6798358762ff31
SHA1 cdd78ad9ee9bd33f923dae73decfb137ee06c434
SHA256 d77a8b3888a3402a7de17e4daf07c6b515c7dfc0e8eec8842cf665e6044e5d4f
SHA512 02fb6732b14e4f06261b806ff8ae9732a301008c2d1e9541fc5a337ddc022d563af1bda10b3c5f4f1b499d17c277c75962a8d5d7037ecd43b623768cc2a17aeb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 49d99b0acecc371144b8fe0825ba3856
SHA1 fb8f2f000ae686f9d72dabbaa485990695180113
SHA256 2edbb6a6bb9bb513177be89a9e70e24110cee4fda1c2dfdb5f868c9512bc5051
SHA512 ff434a62f7b704ea2ae8ad5799354d5f1f19360d33a4ea0aab61cb853d9ee3391259ef5749b2d34ea41fa7384281bbb8347c1f92c1b0504bd2d1463ea245e87d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 30667dac8165cdc85b894bbcc6f1dfdb
SHA1 33e360510c07a7fe84e6a331176de9534a1c20ad
SHA256 7eab3697eba70fd8d8af7e715e3302ac0561f908a90ecdb1cbb62948cd96fed4
SHA512 30ec21064907a79eb722908f105d8ad4e1ff3a8503b421b29fd6fbdf7e63c03cdee1a58009690d6dbd646cdaf449071bd28505ff9dfe17e024e7f2cdb7343257

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9ba71d555651026d387e450458ae5e70
SHA1 81b3825a151bcd988394ecfde6f37ffc6a8a947a
SHA256 c62caa74b661573abde5ad026d9829d354863b302642714a86cd329419e12daa
SHA512 9d4ddab3d56b20e3278179f435d47e7c710c1f2c1313c2f2502d012c9d2a0285b6fc030fda7d57ed8c355437b32e195b6d0e8c2ecb9b8ac9fba67debb2e56a3d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b78b049f9cafd995f84ed27f5017c416
SHA1 d4df735257686520c3b93889996f4366e38128d0
SHA256 85c5bfa90e480a5dced0f44d1477ec1a324131dd40d2b7cda67d9ac4a92e9bac
SHA512 153cd0ff62c6c72234d6183311a3cb4edac251b5e9bee201c5eb9403375d43c80ccdce76772ed5708f486220a0867803b0b7d483a224cac838a7b728ce995ef3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d85be10b59158d76247b171115f50a77
SHA1 ef42d2cb6ed7254d9aee66e638c71cf5feec8922
SHA256 f21563ee15251bb56c536def8e0eace027d4bf13d49286dd29000a8397137823
SHA512 9e418b8e2383156399fb2ee329b6873293e5f8fe48482a889a1be57e8e3e90076fa1e3b70f233d4ebd4c52967ecc1b10d533145dab072d8bed690a2ec44f1d72

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 06003cf3be421fd9c68bb61265a6cefb
SHA1 b28c9394a4c15fcebaf3691e9478ce7e2a8ce5eb
SHA256 8ef94cd9d9ca63bb4fbe97dd716d5680905c9a5d79b1f2bf094257b6cfd57800
SHA512 6a1b4acec6fd604db56d6fa421685c8cc8f013ba80f9c4e394eafe57be63f973a8e1d52cfca19f0f99a1c34615a8f92e9321ff929189df98bfcfe789c04aeb98

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 44062d3b54ef112d32075b499748d764
SHA1 86e889cbe8c9e0cd0def2c6cfa381ed1f33905bc
SHA256 021076e492b282ea78d9a1224eaba079b6ff83426de2b49498f38592758dbbed
SHA512 fbdb2a07587a180c21cf0957aa1d59dfedfc09314e0613907b380522d84e4c77350dfb42762142647a24f5520a53f8f2c94d121441223027c84ff953ccd83847

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 28535f883ef82e1a86906ecd2345b5d4
SHA1 4f12dd40f622d12dc53ae378ee4c1d6ebcd1f403
SHA256 c830cf76c5ea05b04e8e5b213fc237cbd2b4ec0f4de2b65024af7bf71ed30288
SHA512 2f8fc7042a5b79871d4b3e4c394da9a3b7efb165d8ffe65c06b49da56970956cab958f6c455dee91313c66f1c74b217f7321172201048e8d11863e65c02655fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 ff1d8dd2649695a04ec74ef65ed16dbb
SHA1 46f3913c15ccc096735cc63d73262d67fde98676
SHA256 6259944ddd6ba298f7a2b82bbdfab79a91cdcafda0507b7a3ad91afc160d8641
SHA512 d304573300cfd4ebc353336c5f7a6e9de9e853f3ef3be0b110eb7663db0b04620958793e03e1d93299d7787589c1468007e0e32b41058489a8ad1d8d9813a542

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 9b36ad691644cf7165a1563d8a98579a
SHA1 e2827d5f29aa3968e86013146d37f878b8275dca
SHA256 a069f5935f36d6097a0190416364becfa6b12afabe016d9f5a8f924c83340173
SHA512 7af5ce4be1072dc722ee760e1a5f02e67ad651b7e84ca100820a97f79636f068f568cec0b8a09b7c850d7b972055b4e0eba8cf28de8825317768d82e433895d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 2123c01bf4458de0b092f705324b20fd
SHA1 8c2dff16495ac0ddd43ee6eaa53079eb78ad3123
SHA256 c01f6fb674ea2f43d83ea6f98baaa7502a25082cc93025fad4ad0fd9ae22cc02
SHA512 5ec8725a7929be8c7131d93a9f784c7bdcd26f29d1c87c6603603d6d34fe6276068d97517aac71fd1e9cb0279d99d1b14a03e4b61095befc6f86cb04a2f2b60a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 dee4babd2cd35bfa4f07fae529b88930
SHA1 c0bd0e4ab190b7584f37626bc30323a830bfbcd9
SHA256 ddb5945a7665d7c307ce84b66fd0bee8ebe7588c441ccdcc7fdcd9c733934850
SHA512 048214b53bb8ef6376323c7e9a899220cf7df12c61886ab29a803a6dde0bb3ad342bd56078a39171d993843cfbc41782c64b13bcb14f0211e5d5a97c48f3b159

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 d9f5d498d9be91074e2f0c8b48c25a11
SHA1 13f4160ab0673285580f2c81bbcea7030c03d6b4
SHA256 6d59d0cc4a7e445f500e7339a1d9b3645e8b408ef1416fcc26e567a00394a5ea
SHA512 9c8c8c07f468907ed817a342f0b30d12e5ad8f8a544f0164fbc7d820f443ffd50feebcdf949fd10cb5dfafd915de775f6604ae5a43851faf34da5756aa93941d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 ca48099904cdfd6307015bcfe779745a
SHA1 5e0bfb10068a06e023291cc76d8b8efba6bb6b91
SHA256 3f9767bb6401cdc3fde0207ef97b8a283e599172f94289bf4fa848b666ff6dfb
SHA512 6567ac6bce8f7a0e6a650357182c3bbe067c47ec1696454477d66ce75aa1459d595d0c2610ad54d04ec3ce15ef1991b3f15088edca7819cc6915378105b2a400

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 df62bf62d33e33eb31ed797b4d0b53a3
SHA1 1a0e5667cb167bf36e395ada1fc924f23c82c1fe
SHA256 de708f370ed352cf02ae311412d51c4c8ce34f76db02d6fc8533d05fdf17edea
SHA512 22287c5b2b19244bad835c246e01c97c8ea22049bf5699c1f6ff1061c16088a777a8e773200d9a5434fc16889ba7a3cfa3e229f97a5c0ce9339883511c1820e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ac4315e05aaa8da695f76cd9ca59b36b
SHA1 092d92aed9518d4b4108fd598d274454ca952eb3
SHA256 3447a839f0aafd23e3cbdb8157ef3de06aaada330c87f91b0f205e11a1eb5e85
SHA512 596f282ea247be40b49b9fcb7e95c1f9cf30bb1400968d53ffb4f1a0ead24714d8329f782d7dc3441d6ac6f9ff0360fc91c23a8377fd995137ebc434cf79cdf0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-27 06:40

Reported

2024-11-27 06:42

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"

Signatures

Renames multiple (2182) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_2115846fffc22bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_b98e2b928f71a2b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ISE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_74bb5e3e01cfd526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_416a5877e9180787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ar-SA\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\iadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\Crashpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-250.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\Welcome.html C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_04.jpg C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\credit-illustration.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_10.0.19041.1_es-es_fab2a1c142ac9d6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ppolicies.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b84a84fb5c30ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.546_none_6d8a080bdbe94d8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_hidcfu.inf_31bf3856ad364e35_10.0.19041.1_none_86291ded21642752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..oothdesktophandlers_31bf3856ad364e35_10.0.19041.1_none_3e629b45e7b5bd96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.19041.84_none_027c502c6e331223\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.1_none_d29e3857b870499d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_10.0.19041.746_none_f71218d1476fc977\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..es-smartcards-winrt_31bf3856ad364e35_10.0.19041.264_none_1dbdf14fd553aaff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\3 - Windows Explorer.lnk C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..clientext.resources_31bf3856ad364e35_10.0.19041.1_it-it_a8df0c6f57657db2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mstape.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_1622ce0aa60b8441\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\1902349548\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Control\GameProgress\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040e_31bf3856ad364e35_10.0.19041.1_none_b442a726f4c22b71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_uiautomationprovider_31bf3856ad364e35_4.0.15805.0_none_712f2b2fd3d29ef9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-vb_compiler_ui_b03f5f7f11d50a3a_10.0.19041.1_none_5c292e6d3b866834\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-winhvplatform_31bf3856ad364e35_10.0.19041.264_none_42b1e86da4cf4e99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-audio-rdscrossvmaudio_31bf3856ad364e35_10.0.19041.1_none_0aa496fea8423e56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nt-server.resources_31bf3856ad364e35_10.0.19041.1_it-it_c40bd78d34c19cdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2d41726910b21d9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmspdmoe_31bf3856ad364e35_10.0.19041.508_none_d84b86e6ce925ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square44x44logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netwew01.inf_31bf3856ad364e35_10.0.19041.1_none_c644870df2460710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_46ac155f24e7d8a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_b0599494405a08f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..input-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_22f6a0fb9084d911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.workflow.activities.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9e2a2039cbb2193b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..cher-tool.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e725eaf034df533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.264_none_b5da2694160ff24d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_ar-sa_ad43bd382e8daac8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-shel..-gamingui-component_31bf3856ad364e35_10.0.19041.264_none_d3f00414d092bcb3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..eiver-api.resources_31bf3856ad364e35_10.0.19041.1_de-de_39f4320f0b5e22fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_sensorsalsdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d89ffa571c87e3fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnidui_31bf3856ad364e35_10.0.19041.1023_none_b401799922d9c905\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_en-us_648c89538ca0acc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-expand.resources_31bf3856ad364e35_10.0.19041.1_en-us_40dea5a39ca5c65a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041f_31bf3856ad364e35_10.0.19041.1_none_b4b4178cf4794999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.1266_none_41ea436edfbc2e32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbdirect.resources_31bf3856ad364e35_10.0.19041.1_it-it_0889d1c824b1484e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_10.0.19041.329_none_9e75b8da3562504b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-autoplay_31bf3856ad364e35_10.0.19041.423_none_84ae5fc84c7ea184\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.264_none_b07f10045e5067ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-edgecontent_31bf3856ad364e35_10.0.19041.264_none_1e104b5734e6411c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_es-es_55ea7b0cc2489ece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing-xpsprint_31bf3856ad364e35_10.0.19041.1202_none_2ab7fa65fae268e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nframeworkmigration_31bf3856ad364e35_10.0.19041.746_none_29c729f4d7c7e51e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square150x150Logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tetheringmgr.resources_31bf3856ad364e35_10.0.19041.1_en-us_f05b5ccf92e5e8ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_10.0.19041.1151_none_43c494653a7536d0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1202_none_dcf28cc44d2dc274\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systemcpl_31bf3856ad364e35_10.0.19041.423_none_c93602eaf1314ea8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Video\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\AntiTheft\views\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.546_none_d10e1541b45e0391\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.19041.1023_none_9583d52fd3076014\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PEAQJXWDQGDNISU" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe,0" C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2c8b6a90f1754cc90d8aebe64d702ab8
SHA1 1f6fbf21ac777614a0d94cf08046f412e24b65b4
SHA256 da83c9f23168330f1818abf1f4c4142aa193a4294392bef3b5cc0c8086804f72
SHA512 04d01969fdb7a2cedd92c4bb727c565053d440ed34b2b175f6d8fed5d444bac210f319508b54e47a3b92fa4b9585822b8af58000369bb0c1daf0e539f1fa5fa4

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 46db4b6d8cd499d54ae597547b1dba9c
SHA1 01a61ca8f8a6f1ff65c9013f7738332b3b772d02
SHA256 821f6f72e6ff8d8288b7d4cebf6d02ed7a7c5a18114d3e8e809e7c46e18292a8
SHA512 3196d16118b2c2894bb8467b2a7b237076d31943b1c5a6b659347a1b4d9d6163221fa4ff7fbcef56e2e5c0ca478b5665d94b542d72fa841bc5f7241483baba50

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 3581266aa2b9e1c46394ba9268f77cd7
SHA1 11a505df1e481c21e7b0fb7552296ff8cd447a68
SHA256 bc54f3b4b466f3f86b6a8e9754ce7e403bf2ffc633493249df55aecf0c790113
SHA512 7be92432d6ca4d97c18c2306a155d1aeb36dcc08f2e98157bd6d75b7e0b8c90e33f89d960215ec118e2fbfa45344b006f3bf3f14bc41b3391ced98380ce84141

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 3844e7413972f5f6116cdfbd3362bcaf
SHA1 311d0179b85ee098c402207111867b99bee48276
SHA256 2997f3caeec914c76008e370742f8aa18975c1528e61099e5599ad29778147c6
SHA512 9fb9aad636decc88cc35ffd41ab29cfbae15fb8950b60d8f011ee16b8f6391e216f4007c59f8467704741183ee5b3124fc1cdba4ad62ae237c0d58d274172e61

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 f9e2199580b5f0b3aefb9c92143a7a99
SHA1 1cc5a903b9a81a6b88304c1b5e85bff8af003feb
SHA256 f4066f253046f3c12c2b8520a314b2536778e059d3983aedafc2f27ab8aa32e0
SHA512 a1d4fc910f7d1e7e548b836150b746e93da55341fde1c85b5313b903d27e58fcd3020d5e701a0d98dacefa0b2db9aa65ad7dace1f209322863e1f616e04d4310

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 ce5a74e22a10fe4963574851439ad605
SHA1 30f279158ff16da6d0b73577a060f1eea877b779
SHA256 355cbd3ae4f14c74dfbf4bb30dcf71af7bd12969c001416bf0eca93ec584fa0d
SHA512 2eb9c488d38408781a5f93c6014642929bba72bbab09cf53682cda66f2fed953abb28b0811fc9a258eb3e96868c7854428f32eaef22e5f876680bbd80756dffb

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 c509cc04fb5b4f5d51a056b20b68c73c
SHA1 c63c70ab25e0b0511af35eabd8ddf02a754b9f0a
SHA256 378b8662f146543c01da0d155793ed443e109171c6a3cc153fe6610949717d92
SHA512 33663a8bf1adbbc0c9c62fdffc6123b1071de575c717e8e461e81f38a2ed62061ca6fafcfba308737c3c61f8173fc2edd4fcbd918432fdbb8d181c31dc4afc7b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 a232a42201395463d1d3eb0fe4e8f7e2
SHA1 2673aae592cafad4a1b6d03fc37e59139e3a2609
SHA256 2c51fa998fed4cfb526d49f69c459450c74d5509b47749005ab4f9e9388bfd37
SHA512 f55db51df4d377ef43a8e8664befb89e90363ceb16d14a0376a13b8c82708abfa7ee86da0689cf32d1ac856d7e3eadcbe6f29feee09607976a55d8e4578ce5a7

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 6c09b3ac469711bfe7b0bd6623fb8692
SHA1 a4b65c3e757af3f042e5a0239afd8ef7080b5c9f
SHA256 1dc09b4295e8281d0a0dcd5b6c54e86a872a0850d94fb9bde7982d7911ac5fd2
SHA512 1c8477429827c1b54df39f2ad034790da6bfcb41d2c7eef65013d850c0a0fd1f0b1d288076a6a71ef63a486c91f1fb2a00c9e939bd224d6b368414c6e5f0d229

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 62671d0594f768c0a4dc622283338020
SHA1 4780c56a6e0c9b16354d2b6b043727adf2048ef8
SHA256 59df3ee13f705809611a9e1153eafbeec2ef2cd488e471dea4546fdb91b7cfad
SHA512 1828bdf357a1f75b57070b4c9546788e9ae6952f5474083ffb2e36b73807ac664c7fb510413f9a6d8c511f98f05a47847205ad0b578afc924cc934049b3079c9

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2735cb5584a85fe77be1217b65b3e571
SHA1 02b651511d0ee63d51e6a1f8829a93371fd6d936
SHA256 9b160bcf84a3e52384bdfc0c251a74072e3a524d80fa1a89196b806e380b1299
SHA512 e1ce04c3b65409a0e1e8264ecebb787ab3e051bfe5edbdd6126fc472666619f5175c69229f93d5f4168cf2e1915cb33be3f1694892dbcaabaf79c20b812645b8

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a16102fb27e73857887953f54fbe5f69
SHA1 f35d6c302bc75817c5db9ac7779285d2d4f08897
SHA256 6079606c98f98e9a305b548d644997c2b842c9594f3cee15a8c79942b6885163
SHA512 1830355eef9ad27fe05aa210f9a17104ef09505f8e901a0477d57476f102805dc532a56553bf82f4e0af41d5eee249ad018f2a5a4c53dfdafda86f5b749d5274

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 ae91a51e451bb5868b665ddce39140cd
SHA1 0c77a95be2604c0bfec245edb895302275c88bf1
SHA256 b107d398d4fe338b569a219fe989679874cbf1e88d2f8250ba36d7c69b045f5e
SHA512 c0f4ab5cc758b375cab45ef61a158af0c02eb343384db1031b6eef526e86b16203a2035d8db79f90e76f6d8f423a775fbf9afac4ef2184ca0041712faafa630c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 82674ef797105e44cc224105fdc4278b
SHA1 c5434b762e3f2cbbbb0af88163141a8faadab461
SHA256 245ae721dde12bdd1fce4863213a2dd79606de42f6a0a780aee35923105a3373
SHA512 8a95dc6ca763468521c897c495b425e6324e8b2953bc53a941cca9c18fc6388ae6d9dfb377be9f64187c47fd21fafe7233af88b56a05eb552246edc8fca1005b

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 e01a9da57884c217a1f7d5a70432c264
SHA1 90a94e974dad2f1d6623a0fb66fd86cfec6215ee
SHA256 e7662a2c25a7a8a22df9eb963b028eba53a41f406055822516f6cb7e40bf1f1d
SHA512 a400b08e15235a1b3647c3d6c788e447d27573da483c9345df0a6526c88b91c41be36d70952a2fa1e0672bb1cded1d8df4aa6147d4e44c1137b8bf78f0acedc7

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 846906df8055fbc10de016958cc35ded
SHA1 f445e20fd6b0ab512f040a5afaacd7f248becaa6
SHA256 d58a9e3d6816471d7c99acfc769423fb07abae955956b0143cb9034e96799a36
SHA512 8706930b1aaf379f47f4a72ad4808575cee16f54bf987e0654950984cbc1c669ff6cc3f4dc1b9600e4c97d47a721c9d370497e3d82d375188cd8a315ee1f38d0

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 b3f2de9167952549ea0b67e7ea610017
SHA1 804f8b132bd96a711cf37566e5f2a8dc12a096e6
SHA256 8bd0b5a7a875cf741068d4028108e0af11d304cc889cae8a7d4f2c87e7dc09b6
SHA512 4069eaf11411c7045c71ad1b60122525d8c9ee25cb5e09643a412f8ba7b43b0ff33c2c60eb638667e0b14b0bfe688a38c04d67b247d58d2a4325e1c9c2ee3912

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 739d78de004ceca488b16df5992b6257
SHA1 cbefcf9fcfa9a927632ef5560d5f53539d29d6e2
SHA256 c32a5a3002c640a3ad44497cc6e9f51350bd792ac9c2fd4fd92ee220d7c1a823
SHA512 8ab75a0bc983c22e23c2b4dc56e5cfbd624b18c0aa6ee963e90bce786b7f4d0d122c268ab1f0b84c456d2cc025169e035c47ead9561883a18a1f66612d39b96b

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 650f561e8bfd92f6bae2d028afc91c25
SHA1 516ef8f980e8e8c0a677afd2728223ddeb052c69
SHA256 f2a1662af53e4672ba60276ce53a47762e306230f4fc32df00887b05b73a27b8
SHA512 2c6f5e9e2074f2d98f71cd73700cb8caacb8bb9630522d30420bbfaa523eaacc8b3208e7a4412f4fc3548844e7baa0f20639814d1208b6b99cccb02ad1fb0215

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 dfa1848486828d740288a9823382016b
SHA1 d41524c480bdd15c844f47c29ea38cc89a897b4a
SHA256 e2de319623b85a1f80d9b30acc6baf788e4e9e43c803d9b95f5feb9c5ca94a7b
SHA512 b60b27e61cd3afb4fa827cc21198cb2ad66d5cab705241c5d996b259903c9d18074f309f7d8d33a60bcd5b2b299645a6b2d8a7cfc5398ef04f7187ba035f12b2

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 92c2b27341b7a3b1f6d4d2c8f37f20e4
SHA1 6030f6e2a2a799ca2d339ae8e1ead2480cf39ed1
SHA256 00d2458c1b8dfb99173bb3f165e4e667b6965adf1413a49329c3085643e7466b
SHA512 4e9c13400bcb6380d823bf158bd07c970b8be8ae71d7ef7e7c3bd14c5c892416e4301a44a948c883510a564c86a29afe681dd8175e015c67c3064ed4cea9b9cc

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 6a8160ee8c75f59e70a227c180949b8b
SHA1 4b49fbaa899321a7b34c0707e1ef20789deed422
SHA256 e97897762ec26c6ea7e608c6a13fbf622c254baacc7e9376f6ccdaa6d1432f3c
SHA512 59990e1b0b35db66658bc7d570830b51e6baa8869c43f5dfed0d364860c8d97ef42ed8f09a378a5d11fea55c0205079ed32b528d55accf10e88a87d4c09c2433

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 91f04d741c426b5bba762559c8734db8
SHA1 1a345850ec8310119a9a57a9eec1785b5aae0b0d
SHA256 1ca01ac94e25c95630bbbddc1aa208d954340e61b0f617c893bd29be2dd5cb6a
SHA512 de2ad0abbdbea515964cfd4c80836bdd7a2383d6c374cdb5f0c20671680d53bbaef2336f6704b926c0ff2a637f90dcfa530877e7c5919fcc20d053e50760b39b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 af54b57e176ad886dde60cdb093d051c
SHA1 1ec26be923ac14faa2596236221b2998e18c8bfc
SHA256 e4279866610ce08bd3ec4758b3fe6bf29542af5cfdd1b2a9c1620519aa4afdf9
SHA512 2a2e93c1db377323aff8be68a1ecb84c712b5574e92f550a6d3c9417a48b97f92d4b6afaaf84cfa8c713cbc5e4451866fccb1b271cb7344666427e4536c51bc5

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 94635f38fd9189223933d23449f0b682
SHA1 f4d371db1252dc0088a4137bf416c364438ade16
SHA256 b36082f4cf2e3ac5193d15b55e35285ea2643a5a66237b18554da469da9417ab
SHA512 3d05e9c514631d8f6b375907390e915cd1d39c8a4ad61609c2ba42ca5a424df8a4f6b4bc4c5c94b4e282a913ed9a3e616a889e1b88ed31ad87211863746fb0fb

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 4b419b0249943cceb1ef002666db67ae
SHA1 369843e1ff22962ed8631272466d8fa90773fad3
SHA256 2234484ba1f88cb3f4be306e496c7c56a1a5e699191e30fb46bd3426ac832204
SHA512 8565e906f9e66dc9068743ea1a6bfaae0a0c923d87745bb3163f790f88297b77795265a7fd25b8045783460c4aee53c8b15bc420940699706987186eb0863d1c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 3a691ccb9899aa90e66eb10110067bdf
SHA1 66b0af4865bd400cbeaccf3adddeb158a6882349
SHA256 67f5ad41d64bcd1a3d5496a3af93f1178b3b04e61812ce0d0467b818c3082e99
SHA512 712ff6085596ac08e1dfa1a7753152a23a659ed2ebfd0b339588bbe60efd33b74fd72b7b76d7ec658f5e92bd014f6d4d6976667f922c916d8fa2bc1ec31a17ed

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 d9983a44965c20649313d8b6a750951d
SHA1 a848c7810ac6c339dc62a58c47a774e8186d6025
SHA256 65818b0d7f9ef0b03c28a9b6dc769a7b230382515c8f3d8de5ead008243c8199
SHA512 251eeb66dc1cf0dec971b4e3e0ddd4e3af1cf02f557f81ee70a552d5280d02d5aa817acf5b5499213b58487fe5af425202d3e359979664880936b15c7028fca9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b2bccca3e1fd9b17c16eb6eaa096b542
SHA1 ed88ed503633bdced5ba41fbbb457b50467b6dad
SHA256 ce2e9e596285cbd064da09db2b488ddfcab496d8ee0a71858bd2de75afe1ae29
SHA512 71e7359e003fdfe83c14b110ffc1411fa60bd9f69fb099d05362623cf46c6eae6124167cf95d8dcd8321838bb457ea078af033aeaddc3139b9f2faebbdd5bd85

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 3d03072604cfa329ae3598e1aff40927
SHA1 3e833e84d53bb3a4b4aed26414a23b42759bb415
SHA256 b8697fe53430dcffd1741537ae764c0fd57c501f0b0b44702212cd492d8254c4
SHA512 841e27ae81886d29ce4d4675acccc6792d9bab699b5500e573a09cfae32e0e864594d9c80333141e4c27aa75eab37bc85895b5419ae075cf8c3519f4d66a98aa

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 4f62487d00b3ac16aa4019fbd238f40c
SHA1 06a6c8c12bfce18bfc767679d4c34aeb4b466c15
SHA256 35d30e72908cc564171a4b7349997a08a004f7c4c2d0bfbe8e68886014f7a7a5
SHA512 d8d5b5c3075b9abcf46d47ab5cbb5a5266456b300cc286bb8ec05d331ad64ad1254c9f66dd0fa18eaaa3333715dc90f977a8b84f2c619b6b0164b621b85e09e1

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 0a2071f479b0f48607b48d5a8944429c
SHA1 979b5e57a159bc2ffaeadd3e2dc10ecd7de0ba49
SHA256 767734842328d4f6cd86dc0e685246faf344481f3c67cd891feb3e22e6456e82
SHA512 a73e64171bdea066161cef13334187c7e9850ee664f8ea75146dcaf47d4e80ea62d1934e0fe811bbb386fcc2e5400f28176a5ab1d0c8eb726dccb282547520ab

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ef8f0affd022d5ab810798edf7291f53
SHA1 6fb47376d2e40560a68373af9f0a3d0978a10c12
SHA256 2ca29228a8225aa8ab6d82c424dcf125c0650167894d00b5311a4d0ad54998cb
SHA512 ce4e5a2c7219c8f8a6f4b5735a7800c6b8a922c2ee0aa9e24951c76334dae187f9c4ad8b03111db6fbf0012b990a2ca43ea81dbbda59a0d06187df42e6336349

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 d39448592d74ab584340bab5089443ab
SHA1 26dd723986301417d3fc763ab6895175e3d78b63
SHA256 14228bada9bdc80e6b14e8f650eabb48de97696eda0cd4226d09ec625b333187
SHA512 2d12aaaaecf13e7b1ee6591753d3bbf0f7f60223aee9bc16e80d78e961364a24747a7e63e81fb0b06c8b825194dd96d19c73fa63120647dfaf9152c60c12d645

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 751d5ca93c0ee1187dd58a82160bb2eb
SHA1 2bec99316199ad4a0047e89d65b1453a2924110d
SHA256 a4a157b7a91f639d5a95611c471cd0cc7cd32ff7b046a6059fe17a43b34ea904
SHA512 9e1d0eb5626d8e0dbdfdf1ddd93f251a4ce34bed8f29f2acc1063155f2e93f865ebee346064aa4d1f7a09354eab7ce9c571fa66f1ca7315de867b6e1f870c208

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 0e9ae035cadab72ed61c8c28163d3642
SHA1 2dafc2c3ce37c09da1236ed32d89765aba33135d
SHA256 5ceeecd0c0c673d960028145645bca0bc0920d289d2e55a86146ce40b2acd5ca
SHA512 ecf0ae13694a2e9ba060aaa2c519fb4310ed193ecc45cf5b6039a7d7d08af33175befb63f00ec65c209fafeadcfbf8da42b3e9bc8fe0e9a993f81f3ac746d2fc

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 50aa9094de89ac9116d143e924865c86
SHA1 23a765520e239a1550870b9a71cf4f5e861e21a2
SHA256 3ac6b7b4a75f46cac8d6a2100d3ae26a2fe54231b456b14f59d3f5e6be0adb7c
SHA512 497318f0660fe7763c23a05a6fb09128b1ab97e7f91d78147fe1a04e418c31ce36f726cd8490ec45e4573c6ad4d20547cabac112dae7348cb593bf43f6d6d1b0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 531aa95de7360a03cc8b9c2fcbe2ee67
SHA1 62262120f0ed3a0e0811d195a7aa44a904f46cd6
SHA256 c0a5549aafff471362a04ac6f82a0dac05b7121841c09502c9fd2ffcd64d04c5
SHA512 943eec4dce34c36159fcc249e783df241bb454d01b85475cbc4b2613d09d18c19f0be4a82d1fb56654d24dfb0e3808e8fc2ea6521e17c9791bed145c4e911c67

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 3c92ffa5c3a8a39369d66da9954b99ef
SHA1 c37f7308103ca08572dad1016a4a64bfdd98d7c1
SHA256 8113003dd2554af4a6d7f485921d9b5a066195e61005091f537a418d9da147e6
SHA512 4d3829d9f5bbe0f4711eefed1a3e1a398b96c00da875e0b83e8a783f4b8d08059169f2512f9d44095bc91cff08f97a747373dde7be75acebeff6ecab8251effc

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 d1ef0ca24279b03ca760f7bd431d0a35
SHA1 4d8514e68e07477a6aff6576f489581da41d7da8
SHA256 813eb1a6afbd38453721698a1556ebf36fd3a9d0fb49fa093722ca44d9a5700a
SHA512 4d453936f2b0018ac4b28d77f37f6f7ce84d79632abcff1394228b0316a20901037d2e71244de277aa027009c5f7eb20d8a1233a6748bbec186b3ff8fb41c9ac

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 de6a811aaa105f786a05873cff4db536
SHA1 619dd9913475e0fd51c723d7cb003e364e16d82b
SHA256 7120b6a7baa3ee93cfd5d08c9d644a15392f545cf316129aa6c8992d068ff123
SHA512 ee77e90f5d81fe46cbd03462352969483722fea3f1b6644ad5644ee3aafd6f169a1a768b2a5d488bb5844dffaf298f4a7ee5b385c43bd8eccf3e198b61907076

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 af6a88abb87ffc16e62b7d9bd9cbd7ad
SHA1 8bceca263d73de332f409345d26aece88462bfe5
SHA256 c3cbea619d8fdc2c4aa8e2e05b63e846996fb61140a4ae83b625442290a201eb
SHA512 db050391c6720f89ae0cbd66bebab2b203d78f103554d76544e349f64f54eed91e8f2a353977df3a8dbbd20bfc3eb8ac4fac314606b4c41ecc51eac02993c6d7

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 f7e6f6b4cebbff70ec5904c0f6c1a1e5
SHA1 ced819914321141dd01658d902be776a3bd8f687
SHA256 0f2617c51c1143486b2c7082807029503847f2e5d616f283790df140b02b352b
SHA512 992e342347ffa058af4b96ac02b66e084e365a7045b094bfdefed20a1e8cf65aec36fce95d926c369ced15b020374ec853a632b310a9302c6ae033dbfd1d19b2

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 505d6c86c9fda8c8fab73608214e20a5
SHA1 dab126d894b635f29e409a1c7c643cca9d065ad8
SHA256 79def6b2a95cb5752a84b7d5726e28b63b58ff3676c586e711b1fa4fb6ed3862
SHA512 8b0a11582a45d278baff08f0f1c176eb2247d8473217150132314f64f0246ff86ab13e68e0f6b1a95591be5f972f2b4819466930eeab36fee7df8fc3f2bbbde6

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 761c7c97ecc738d53b846a1a31745d55
SHA1 25e679b559f450c6a8be5aed4fe8923cb34a9cdf
SHA256 c3e83fb98da8ae17b3fe1ac01de2a80cc63bdd44ff9becca7de5f6371f4f0165
SHA512 f6f97975b0324b50e8bc3b8b622a9057847aa2477048eba9b0dd6cc2a51b4dd978173b520e8d247813f3cfa8d0bc94e283e6707cd405ca7769fcab0b4dfa9589

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 b8afe149b957ae9344b8bd7d6eb1aec2
SHA1 6861b8cead8509744647215233d9421183088c8e
SHA256 d200a08b4a4bac86e800e8a7db62be26d6f096e216fe4c01a5e26a588d6276bb
SHA512 8d289eb93947a7f869628aaf0636e54c13c52e7d1e552f57d8f13e4d7f16748fb427297b158faf16775a41426dfbb511021895a2e8d63bce0f8775fbea0cfdaf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 67dbaf4efcc7650ea246653b21ce17af
SHA1 7706d1c71de5ae114114ece600d19d0023b91b0a
SHA256 c22d65e64c220b1e4d4ea41fb0d0b7ad6a3211c5a637c2458c7401f35357b072
SHA512 f2744a04ce167ed22389a8d0d687b455aacef87edcccce4df5369867397070a766026614de36eb2183c8aafeb9ac8d5fcab35f8955789e067faa0548531d30fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 41f2520a73954ba6427d518009caec69
SHA1 55e8a085596afe32104ddf647d94d3d7227cbb59
SHA256 8fb373fc18ee18ef1eb37f4e5789969802a9d384194c32ced0c40a5b6ecf76db
SHA512 31e8c29544e7df101dc06d83dcaef7c6ca5ee631383745b37d98e0469a0a5aef83eadbbf37d247d0d3d19046ec2b4ebdd01527bccabca7dde2f6897c508c5ae5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 66cb5801a3299d2162994c7a9ac7a7a3
SHA1 a68335236e0f56ca8963d546e57b656573c98342
SHA256 d4caebe2c1a14682f85b5b0619da5981f8e9a206c83335d79f98c27d6f37f56c
SHA512 180bc2fb357e9c713f6f6651c76f86e8b3b9f94d3ee9bd1ce1abcf39e60eb1e0c5ea74b31fedaa6eacd5954d4fc547cb4278e8a888663b1459e4af514c39afad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 fc38ada53e74d80efd7c7dcc6794a66b
SHA1 9a48d44ae381c459335e1ba35fb0baf852aec13b
SHA256 5ea2984eae80f813befa258cf0609f0c9ca0597d1a4cf80906ab8f132b0661c0
SHA512 2e4bcd1f92e755636a88f820d9e5a49ef51688235b651dfd21be6a0ac0cd3f0cc81ec36a484c5f0d67706917604eef76f6f9957b5944faddfbe4eec51be8247c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 b92f183b25b5dbe63e5c0bb29c82ba5e
SHA1 8c9f2f36a754983b67dc47a0289f027b1dd27a34
SHA256 a888137eae7147ecc94570b3f18c8ab8e514585a4a317034c6594f52fb443afe
SHA512 f98114043f14f97c8ef54d4227a5d63e21f89c71d85689f4da56a0303b852f05092c4f79b2e4e0656737af107ad40b64b1fb9893a996f7e0b372883c0da20747

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 115cab52f9a3c5d15e988eb32b70dcef
SHA1 81f2e2a4dd096b8b693a5c220e59fba4d46b31b2
SHA256 619d89cda670b75585876b58c6ceb39afa3b3c1d519c2a570a4966e4c2ed0ea2
SHA512 f3f2be0c574666660f908f7ee33e27eb2049babfa273589a0f95db1cbd0bd802970cea43f441aef8608739a8faee7b9b6f1dc233711d74d641b59777c754be41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 3caf92913cc013b1a8de9438dfa7e285
SHA1 239ae5f16f6f0115064faf69d2a5e5be3c33c06c
SHA256 04a6813e79378604f4a9758ae98b93a02b159229ddf0a05b05a63806116a6fe4
SHA512 ef1e808763576d5f635cfbb9de236a44dffc3c79a74420f9d00c055e7efe3e5275e3a02991aca9ce3de2e05612db581381177eb431988a888eeb268a78409d46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 3eaa54f7219860bd3fe49897e41f78a8
SHA1 1172185eb9901e2faedd38c2ac9cc9d49212b3f8
SHA256 e7a250180c86d6d442d81e0417bb6dad108ce7d03222a2cac12ed4817df02dd9
SHA512 dce1cdff732796abdd8b8dfc7c47443b7e9b76d30605befe2f4bfe899c11575b50a5c06a58db5356bb99fbba9ce722a7124dd15d972bbdd88d5fef5aea1d145b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 fd5cfaecad5baa2561d2cc30e6e16295
SHA1 219f86ee647f3ff3d17819dca12d8822dbe5a0e4
SHA256 f66735f85222ad4488f09752dd0941e1433b1401943a59cefed1fc9d816c0614
SHA512 0dbc33ffad82131e189ef22e50ab3613312e2b94ba2051dcd5f64f528e061784d35e1f62030d59816574fa9bbd2f9dc88018c367ddd5248dc583d6b3fc2ab47c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 ca45e011d24802dd2c17957416de064a
SHA1 0348a590f40c42840bdbf61360896172921bf0cf
SHA256 7421ba7a14b65c10428dc413b94a1d17903781feced5319a207c62e388ab392e
SHA512 5a02e8b7bf8f20fe3f9f4021a42a9976b21df68a9ae7b7ce0664379f1007157c6e79a28d4b6330123a2b35dc9d0c430bcc49237be175010e052bf5f76c4039fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 2fd27c78e372670a0bbb707788b661bc
SHA1 c3649cbecb2934b578b6377174396ee5066933ee
SHA256 6ba15b92094adf936bbb732e0c0b9cdafd6138e9d463973629b07e5a1077761a
SHA512 48b46266310c4fc112169c3eebd191cb14d13a9161e25b5345590ad4c0b0c8321a84b4e96ec822c9f0de7becb15b9ef33e2259fd937a06cf80eb12676a5bcd52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 090a41715b49b67a297b593f7089e88a
SHA1 aae53586e77afbdadd179664ebb3653b808761df
SHA256 34eb664036170815b31488d4153a78c4a41c9b99ab5733f791c60afc90db6333
SHA512 5b14ecb934d04d43d2d87144dec567654b387e77bebebd7a9377f2e200018ce2a5a3eb6511ab85651bd55afb219dd28b8c053f18dfd60e7f02e56b5380d46ff5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 773b48ddb4afd08737f69531d48b1059
SHA1 1fcb19abab76d9ad20c4f59db4a5a0dd92285070
SHA256 36da07890bb01ae60b134b67b223a550a4be581192d66631252dc595ff43af62
SHA512 d1f9ed12b3986bdfa96b71af27b2ccc856c65989ae986f4f1dd3735dcca54e57e9bb4b8702a638b2cc8571fc09efd0e10aef6cb53b66f65f720ea78fc00fa824

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 cdb2f0b88d8d33f33e88397743a16659
SHA1 51a69c27936a40eb4242a15b249f4cfb5254ef83
SHA256 6b2edff8447a2d487a254903a83137cceb3e673b607616b4dd5e3c308063246b
SHA512 956cbfbc5fe164ef977ae0b00a340ab0dea6e2726dad96b39be2501d15191ff12e61a259c487f192216ec35eb1842da95a8a61a27ade67dde7c53677197a1a57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 833630444e15fff8aeb5c059947de3f6
SHA1 a7ba88f76c29d303ac95fdbe40e1f5c6f3fb08d6
SHA256 ce4d04b35198effdd0b2fbb7277d70f272609390b03a576019c8dd1b074eca40
SHA512 5384f8e7c6395770955aafa16ce253db1940ef29be2d0c15fe5428cb0c43f5b1c631a9e422bdad9ceb4c25266703294d030d6c5dfa6ddf4042aa11860e3ccb0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 4c6187577cda37cb1e0e9b02a4bb4a3d
SHA1 213185e8b41aab40b2c8fc62136de71270fec45d
SHA256 c6a140d88cb979a7418345591e3e78bff7e75cc8e6cee6df5fe085131e208551
SHA512 f25904c08452ae3537f2d188d4454111354c5ecf0d9a006cedc99f44ae8530763212fbe007f92effe2044a14b942dc2253d24e452c08a047bb5caea2c3a3d6b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 5433498553d961749ea31afa95642cee
SHA1 cb6e01b638165bfcf40d383d9edc1d4ed101b25b
SHA256 3b0a59fec9470de923d4a8b1d7159f19968f1d61148d5ac5808301a77b96754f
SHA512 5e95709bad6443e80f103b3a4c66b1abdf6cceb474f16564d49a15a9cefa6182e2b92ad8bd2f26951e2b7f966de3c64ea5ed9391c5a10d4aa50c1cd4490b7e10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a9a94ebcfeb99a9707b0aff70b73d17e
SHA1 f2df49795f502ae4cba365d5e6e34e3f2f0a69d7
SHA256 48bef6c22b81a89898ae16237c512c48fb77830a4f19e54cdde65b07084834d0
SHA512 b924d1563252fae28494b7e66b2c58701be83b1a00f110b05b07a289b58e72c352616cd236aba428fb02ed08b54dcb9989680888b16e4d31e9248e7f01e3155c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 55c36e39e76ae90f72071ac312e9c3e0
SHA1 91a183dc648357d430b974725e704e866f7f66cf
SHA256 01323ffcbfbf5a707e2ff41626b5e204a5ccfc349fcb82c01ab32daf62357780
SHA512 2648d8d0f6f3e4c9a497ec6d00c53eed22c332b49638ba8c1d3e0df86a1e3665337358b6441edc46bdd4158b377422e63582375f6395910a51b84c5f16135989

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 72205b6b59a01d46b015997bd95a8fde
SHA1 e1747334be752cc132acda601e2999e40206f446
SHA256 65f36f60eb084d9e48ff86c19d70072a2f7a42fd7236e1f48618d9da6233535f
SHA512 0b9b46b731c5f39aa89d5f383f36e8f547d2f22512e9a83f593b122afc39742b5e4b8492eebfe0ceab5b5aeb8ed04b4f79c253f8c817461a150e22a39787f27b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 6a86eb8e669900087fe12bddd7f180f0
SHA1 70780d730fb125731ce81a32bc2f26aaaacd1773
SHA256 637594d86ba8932f36c398ec5961edf6ddb05bebf31dc3c779c792a21d2b6b79
SHA512 0a5848d0bd7e4f39f753df7dcb36491eb6f4ae083cce916724b799c10815f366b845fe33b5b9e40f42b2b7ba23c097eb0dc411c286cab2ad2402482633113974

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 8caed08d01df4da439502e1c7b4d2063
SHA1 7e3349fca88010d28cbf97e7bc211c0424125f11
SHA256 d44e8004172be167d991a8e87c2d0e4b3c7cd27d18b3890aedf92282b8ebaec9
SHA512 80c65f26c91ea83a33cf472769c677af76adf28dc8298125d37f61595c69f9e70098131a7ed3991879f5238c7baa6d2d0ee3b07670782d6c0663d6148eb6b5ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3927c7ee398425302c1390ecc6630e9a
SHA1 d6414cd810f7b11c3d17c9ad2c8cf715b529c454
SHA256 4e82c8566c2b923ad297c96b589c867cc1b10348306372a8b52d8d605e762274
SHA512 3ecebba5f0ef45cbdb3773dcc9d5e5552fd65fba7b3774510264795e465249bed062f18a2f84e5eb1acd639d7a8dea8673734c8fef2e6d84823ea57291d0afc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 432567f9685007a97361a1dbab9ec3e7
SHA1 48970ca6b3b44dfdf4b365de80dd5040e0e4c13f
SHA256 c1ec0abbe587eaecbb47b02fd91ffb6ca6a439afe6e7e33f438c9fd0041d49b2
SHA512 91561df374d495bfbedf91029d6d158510de19c7ee0a7a81b3cbfe1cf143cb9a52d32a2b5608c0a272e015af30994010309b0800cc768e3d6bd4a9a5c6a57081

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 685ebaad42af8104f37d42ccd9ee13d1
SHA1 c20d06639887af086fd38ea27f2dbdab26ce4f5e
SHA256 b3b6bb2fc8d398bd8737239e3e4b0fccb0d85bdf5b89cf2fa27b4eb40c083c19
SHA512 dbae07387f102da0dcfadbcdf64d0bf19987776a02e5362783750533b70a82268bb002e06e1c7f4bce759eef7a809c58c01882d34ffbc233c57b8d83800860eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 08f27da2d57324a30c36ad93a16dc31c
SHA1 1b5215b4e3e0ec24e08847543c949ab97523095b
SHA256 e67bdf38734b99ed5efe3fdfe5e5e2e15e1c925363f8be6b326cb6ac8d6c897c
SHA512 f1c723c9aa88335e9768d0bece207257061bfcd7b2607998942d7f82c81e0020ad14d31c43561961b5d20f32c8d7099f5a19d79615f1fb1d9e57c40e9d990fd6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 9168e5415ec731c416db96cd47f77dab
SHA1 294dbc527f6792dc8e0ae35b1670191c623bf901
SHA256 43171472fd86a23acddbc4e32b0bf5ef7e3033ace7bc850c4a36bd4403e6ba99
SHA512 e15d5ead1a8190974a35983719e3ca65fe1ebda640344c151fa907c194ba1ae9ec2b63993241c09049cecbf2e601a5087c5fdb5022ff5b0f8d9c27e8354cc33f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 ad54b31ea4927df0bf637c17fa233101
SHA1 1ff1ac76a40ad0884779f2b057bd71e249e805f3
SHA256 d6641f8e0eb0503a7f0b35b80bed41fc4dc9acd2e062f0d3b9605c00b2fa2ca3
SHA512 04a2eeedafe23af4fd4065d3f3818c59af7378995ac38e7a6fff1eb0f257788d9370d108bd4dea580655516660782a452e78de9406bcb9d4f6e6565f522c8cdb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 1f57aee3ae6b7c0184bb3cf69a436aa3
SHA1 b114eb1ef389aef9582ccf17114b5c03bbd65bf5
SHA256 bc0b232692887b73c028e78dd68c5bd1720cdd332a565d3b222f6da1e9992ec1
SHA512 3b99ef71a593ad2203c23738ee17bbee59368e2221827b9b0ea43265df2c3f66ad351c9152b79af9a22cc3625a36460489ee89c670c4c85692f29bed80ddee54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d622398318e26af9db6a269b6e889360
SHA1 c250c73305b6138cee50b5c83f671940fc66c931
SHA256 3cb07497127110138b2aba081b1124f2ada0bfb71f99b0fdb72bd07dae4a347a
SHA512 2e40e4625e004a831e953aa5291838156397ebb129d1fa0959f2ee83e67f41e2b46b4f6f764a9fd3dfb3c3ed2f3cdfeb71cc9c2b76a813fc0214c251e0caa312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 22bca8218364d72e9418021e197775e5
SHA1 bee5669c232de35e4c4ef474c06678bc38993b7e
SHA256 e4f8b8616dc6aac513b2a86a2248af8e4f3240a8adb3bf129967f68dbf233036
SHA512 3fd69045f68fda6498ff7a259a97459b7c3296cf214077f6364c247f581423d2ec08c8b43ef63e464efa0d045a7dfc7ab976e2e28934442eedb4153473193293

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 377765af49ceef0140604c4f8688291b
SHA1 c6fbe50d44a3412577de601ffe56f02f42c9e31e
SHA256 01db3fcff1f1bd4e5b64d4da3f187e515f48296fbf155d5f0e3da171ceed2d14
SHA512 fbe862abb0bdcef8b7c761729aa1b3070430c4854d6e19665b9f60a587ee765d3e84b04c12621d2acfe2906a4866411d9136c2f46aa6bd5e172fe291f1a38200

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 6c1a76e2ebd3d3bc847b2fa86a510cd5
SHA1 61d9b44520a079d9f331171927896482c768ca97
SHA256 02ed7b3e343174d1f0b449dca9a56adcc472824e164bdd2a65cc62f3de97a69e
SHA512 b99c334189aea5913f592647174f0e2d4fc3e5a0e9850bffc4f004b32555aebd6f005dd24efc482811083babce79967ae83e6e58d8b249e9e5dc0a9f2f183f6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 59101e15d9bae97a6816a444465fe13c
SHA1 76079b934d6e6b1d8613455ee899028dd24ea171
SHA256 6982af8b0f3c32a1f9b2d7b65d569dcf4b76b8a3d361b405e47142c134d06e82
SHA512 64ad3b78ffeea94754428bbf0031cd2b32758d1683e91770f1579b9f44b7d47e746c200aa62a495f6246e8bfb620be92c572528875c9b25c36404eb3a9931b5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7838019c0e7e9537e69f47563ca7572b
SHA1 89b51da3dab1680c7b049327d029cad175cd678a
SHA256 81d84cbed3e80ddf044f14fe29d2bae0eb5b7b4d68fc60f12ae47f8d88f3feff
SHA512 06ff83592231098fd9991424a9f4c0ac115ddc897f3d07844b1399bf171c0eb8f41b01de2946f1bc32817d09e0af1e91bb8a8bc5868117aa741dc791a4fee06a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 1fc8bc5bc74a4c01ff45979d1e22ae75
SHA1 466141c9666ab87dd9fd64b325c102de395699d9
SHA256 c8da348d101ee57dc01a95198a543b8539ad920295bbae23ad6500718bb030c0
SHA512 154dc4ed6734b479b2299e13f0c3340f0aca04335572550583c74e63030b88b62cf0798f789756fdbb1619ac9f21d475bf106bf84f84f147cf7374e096ff0f05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 a1b817368f7d9cac1baca67a0bf4ea5b
SHA1 c332a8d6e9da0d7e64e56ad1e6d9e7d569d5dafc
SHA256 6b073051d26aec2ab1cd4621a03d80a9067df9d32a83e05418dbea98bc4bbf16
SHA512 a324389cd3245773593ee9f24f69741787b527638111851e66d4154b557d4f429e1e49b40a4461752fb54f9131fb44809b32814ed99adb838294a0058b77bcb9

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 0a3b1a1f61ded8573082b9a9ba1b859b
SHA1 a3d984ed16830c8c2c30792a80cceb928c3f2522
SHA256 7b662d5e0aac590f9621ae3318abac9b40a8013c6f0c4c1a728cd74e894290b4
SHA512 25502c0afdf0933e74ade172564c3886962d0edc75f7e669cfe871d078fcd70b498687adb7a471305ad33df621b98a87e04eff09d5a1614f1f764009df9b2cd4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662104806002.txt

MD5 9852e0202daf8a799660892c00e56521
SHA1 20859c8853e29c7b1cdbe208cc4ddb81b0ab4f4a
SHA256 b323deb28dbea268bcdd8228b605ec0d32c9d8f991c2deb48b899f404948ffa3
SHA512 382ef2c5567392c64cfe1f3690fd82a11479796ed21dd3059ffc91c33140c421b874052e6e6580c26dd7bf2220b252630d15eb569810aa35bc6cb1414cc8435a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

MD5 ba7de93f60c36490f6f9eb3b7854ebb5
SHA1 c956796064ef5bf7c50de2d1d0ee90461fdf3087
SHA256 eacbb58d223d9c5ba1635afd15ae064dba42305795c48180068b60996c3c5f4b
SHA512 d3f25e054af941eb1fd27e15e70434d6d96c45e910e1b73d736f600daba705eab5abcce0d1273d9e0cedc35fda6d642f874e8d7cd5a6c8bcd2197b6b999f795c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 8cd725a47339a406c0004f59dd99496a
SHA1 d850bab48370474cda1c224a45e9dcecc8615b4a
SHA256 f845d2709286ee6441b25d9b948e6140ba0c54af7ef5647bd8a688cdbb623bd8
SHA512 51ed007f232251b055c16cf032b2cfc2efa4c286abf5dd5d206cc4b7bed4bad730475c4c74d0cc2eb921c64bbaa5936007b149473319199dd5289fbbfeb726f1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

MD5 df6225f9cb541476ef4abdcc12044d51
SHA1 86f225ee7af30993ab141e2297b303c5341ba900
SHA256 a2943b2ffbf49b83973c0ef13cc0830bd22537f6d14445bb6ea85bcf342289e8
SHA512 5f3958bdf8ee93ac8a94173f4d8380c6003442c73c06746efd21e78f6c915d01ba19b31c74036013135388a6a0c738a6efade591e18e78cb46b8455228085eca

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 9c37459e6a72e5ca2e548ba58ee0b37d
SHA1 7002ad1f92d856a5a5b71968aabd8f3091dd317e
SHA256 a62255b6bc68e45ed30ca1b9f47c5bba0e201b1eed91f8c50c103a8467284f24
SHA512 fce9b97bb04517408960755eb652cda53878c67b6fa5e1b60ccbf7de00ae044a102e2efa0752d92227f3b4fb661794761b8a27e0580c65d3d2a8b96a4e1d9183

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 3334c887eec453788a70d1526b0320c4
SHA1 15bbfde6b99df5f6727ccd3d3199b74e4a8f062f
SHA256 104e5f135819326b4221fe2661b4d0bd8cf90c919c890e8502174cbb173c6f79
SHA512 2148f5bd1cbcd500bc66ccfd3578eddb6c2fa4295bb68459d6f9b4699fc7cb18e9dc98d585f8dabdd607570ccd1973af7e52b1348ee479689e87c43a2c0a6721

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 661865435afa86f74dc99f2573de63b9
SHA1 b418b0af37f0b6a8a1b5d6d81a1979964dc8584c
SHA256 19da828d9e32d5cafd1091cdff45f1af5f9738dee75b0dc968b81bd07725a3de
SHA512 d45deb5af59aea1ec0e4d2dbc55aefbefcd35c746b6190039e61432b2e661e7e650d9c6e99f73cb195fe618d90dd141a86a2e6bfad809e5cce6b7b6ee67fb1b1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 108af5c4b139d6914c0687becdeeae82
SHA1 8f2e15166b641e48fb0aaa5cecbe8c8d82619852
SHA256 9082901e28533219c57a1021ab85aa504bc20dfb001609ae27bebd434b5039f0
SHA512 a477709c7d87a533d12ee0743f255088ec102d3c56e0328631ce98fbd40e52da5d909491d0e85318bf89b633f6981dea81041584b903fe2562735d0a83c14e0d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 c98e3fe32468327627f3ebd32b4cfca6
SHA1 1e96b371fdf6085b97dcfe8360749476d7e4b3c9
SHA256 ca4400499a6324ce4575145a482054f14e4a3e339f51579ba2981a9bed81dcf6
SHA512 817f3b916b7c01c2aa06c5a139c18a749661863522cd1fb3c26725cdda7e7fae722fb97e10c5af852215283194f187647a08265420853fbbc6c7d450671570da

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 06003cf3be421fd9c68bb61265a6cefb
SHA1 b28c9394a4c15fcebaf3691e9478ce7e2a8ce5eb
SHA256 8ef94cd9d9ca63bb4fbe97dd716d5680905c9a5d79b1f2bf094257b6cfd57800
SHA512 6a1b4acec6fd604db56d6fa421685c8cc8f013ba80f9c4e394eafe57be63f973a8e1d52cfca19f0f99a1c34615a8f92e9321ff929189df98bfcfe789c04aeb98

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9ba71d555651026d387e450458ae5e70
SHA1 81b3825a151bcd988394ecfde6f37ffc6a8a947a
SHA256 c62caa74b661573abde5ad026d9829d354863b302642714a86cd329419e12daa
SHA512 9d4ddab3d56b20e3278179f435d47e7c710c1f2c1313c2f2502d012c9d2a0285b6fc030fda7d57ed8c355437b32e195b6d0e8c2ecb9b8ac9fba67debb2e56a3d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d85be10b59158d76247b171115f50a77
SHA1 ef42d2cb6ed7254d9aee66e638c71cf5feec8922
SHA256 f21563ee15251bb56c536def8e0eace027d4bf13d49286dd29000a8397137823
SHA512 9e418b8e2383156399fb2ee329b6873293e5f8fe48482a889a1be57e8e3e90076fa1e3b70f233d4ebd4c52967ecc1b10d533145dab072d8bed690a2ec44f1d72

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9c9ef2280a7ff850be6798358762ff31
SHA1 cdd78ad9ee9bd33f923dae73decfb137ee06c434
SHA256 d77a8b3888a3402a7de17e4daf07c6b515c7dfc0e8eec8842cf665e6044e5d4f
SHA512 02fb6732b14e4f06261b806ff8ae9732a301008c2d1e9541fc5a337ddc022d563af1bda10b3c5f4f1b499d17c277c75962a8d5d7037ecd43b623768cc2a17aeb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 28535f883ef82e1a86906ecd2345b5d4
SHA1 4f12dd40f622d12dc53ae378ee4c1d6ebcd1f403
SHA256 c830cf76c5ea05b04e8e5b213fc237cbd2b4ec0f4de2b65024af7bf71ed30288
SHA512 2f8fc7042a5b79871d4b3e4c394da9a3b7efb165d8ffe65c06b49da56970956cab958f6c455dee91313c66f1c74b217f7321172201048e8d11863e65c02655fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b78b049f9cafd995f84ed27f5017c416
SHA1 d4df735257686520c3b93889996f4366e38128d0
SHA256 85c5bfa90e480a5dced0f44d1477ec1a324131dd40d2b7cda67d9ac4a92e9bac
SHA512 153cd0ff62c6c72234d6183311a3cb4edac251b5e9bee201c5eb9403375d43c80ccdce76772ed5708f486220a0867803b0b7d483a224cac838a7b728ce995ef3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 49d99b0acecc371144b8fe0825ba3856
SHA1 fb8f2f000ae686f9d72dabbaa485990695180113
SHA256 2edbb6a6bb9bb513177be89a9e70e24110cee4fda1c2dfdb5f868c9512bc5051
SHA512 ff434a62f7b704ea2ae8ad5799354d5f1f19360d33a4ea0aab61cb853d9ee3391259ef5749b2d34ea41fa7384281bbb8347c1f92c1b0504bd2d1463ea245e87d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 dee4babd2cd35bfa4f07fae529b88930
SHA1 c0bd0e4ab190b7584f37626bc30323a830bfbcd9
SHA256 ddb5945a7665d7c307ce84b66fd0bee8ebe7588c441ccdcc7fdcd9c733934850
SHA512 048214b53bb8ef6376323c7e9a899220cf7df12c61886ab29a803a6dde0bb3ad342bd56078a39171d993843cfbc41782c64b13bcb14f0211e5d5a97c48f3b159

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 2123c01bf4458de0b092f705324b20fd
SHA1 8c2dff16495ac0ddd43ee6eaa53079eb78ad3123
SHA256 c01f6fb674ea2f43d83ea6f98baaa7502a25082cc93025fad4ad0fd9ae22cc02
SHA512 5ec8725a7929be8c7131d93a9f784c7bdcd26f29d1c87c6603603d6d34fe6276068d97517aac71fd1e9cb0279d99d1b14a03e4b61095befc6f86cb04a2f2b60a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 ff1d8dd2649695a04ec74ef65ed16dbb
SHA1 46f3913c15ccc096735cc63d73262d67fde98676
SHA256 6259944ddd6ba298f7a2b82bbdfab79a91cdcafda0507b7a3ad91afc160d8641
SHA512 d304573300cfd4ebc353336c5f7a6e9de9e853f3ef3be0b110eb7663db0b04620958793e03e1d93299d7787589c1468007e0e32b41058489a8ad1d8d9813a542

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 df62bf62d33e33eb31ed797b4d0b53a3
SHA1 1a0e5667cb167bf36e395ada1fc924f23c82c1fe
SHA256 de708f370ed352cf02ae311412d51c4c8ce34f76db02d6fc8533d05fdf17edea
SHA512 22287c5b2b19244bad835c246e01c97c8ea22049bf5699c1f6ff1061c16088a777a8e773200d9a5434fc16889ba7a3cfa3e229f97a5c0ce9339883511c1820e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 ca48099904cdfd6307015bcfe779745a
SHA1 5e0bfb10068a06e023291cc76d8b8efba6bb6b91
SHA256 3f9767bb6401cdc3fde0207ef97b8a283e599172f94289bf4fa848b666ff6dfb
SHA512 6567ac6bce8f7a0e6a650357182c3bbe067c47ec1696454477d66ce75aa1459d595d0c2610ad54d04ec3ce15ef1991b3f15088edca7819cc6915378105b2a400

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 9b36ad691644cf7165a1563d8a98579a
SHA1 e2827d5f29aa3968e86013146d37f878b8275dca
SHA256 a069f5935f36d6097a0190416364becfa6b12afabe016d9f5a8f924c83340173
SHA512 7af5ce4be1072dc722ee760e1a5f02e67ad651b7e84ca100820a97f79636f068f568cec0b8a09b7c850d7b972055b4e0eba8cf28de8825317768d82e433895d6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 d9f5d498d9be91074e2f0c8b48c25a11
SHA1 13f4160ab0673285580f2c81bbcea7030c03d6b4
SHA256 6d59d0cc4a7e445f500e7339a1d9b3645e8b408ef1416fcc26e567a00394a5ea
SHA512 9c8c8c07f468907ed817a342f0b30d12e5ad8f8a544f0164fbc7d820f443ffd50feebcdf949fd10cb5dfafd915de775f6604ae5a43851faf34da5756aa93941d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ac4315e05aaa8da695f76cd9ca59b36b
SHA1 092d92aed9518d4b4108fd598d274454ca952eb3
SHA256 3447a839f0aafd23e3cbdb8157ef3de06aaada330c87f91b0f205e11a1eb5e85
SHA512 596f282ea247be40b49b9fcb7e95c1f9cf30bb1400968d53ffb4f1a0ead24714d8329f782d7dc3441d6ac6f9ff0360fc91c23a8377fd995137ebc434cf79cdf0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 44062d3b54ef112d32075b499748d764
SHA1 86e889cbe8c9e0cd0def2c6cfa381ed1f33905bc
SHA256 021076e492b282ea78d9a1224eaba079b6ff83426de2b49498f38592758dbbed
SHA512 fbdb2a07587a180c21cf0957aa1d59dfedfc09314e0613907b380522d84e4c77350dfb42762142647a24f5520a53f8f2c94d121441223027c84ff953ccd83847

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 30667dac8165cdc85b894bbcc6f1dfdb
SHA1 33e360510c07a7fe84e6a331176de9534a1c20ad
SHA256 7eab3697eba70fd8d8af7e715e3302ac0561f908a90ecdb1cbb62948cd96fed4
SHA512 30ec21064907a79eb722908f105d8ad4e1ff3a8503b421b29fd6fbdf7e63c03cdee1a58009690d6dbd646cdaf449071bd28505ff9dfe17e024e7f2cdb7343257

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e4b8fca78ea7dfacc755c4449647393f
SHA1 6d4feac6a3d15b59f88f94f7e7382500dfca430c
SHA256 9fb474c02d895474db86cf07810f2b4a87c701728206260b1beb26cdd96bd813
SHA512 e6091a68fef4a57212598b0ab306bce7584fa309e918e5f53b1ef52e9cc4b4be84875d2647d627c2bf0d0495a8f503eff043bddaea498262fc51b580794ccaa4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 dadddc1dafdc56b5efd505438050c909
SHA1 6fd3cdd0a8555e69d3f8e8a3a0edd702e9f1382b
SHA256 ceecc8ea2fcbdf957b64b2e891b2945346b3b1e6cfad2ed2c4dc13e97e27bfff
SHA512 9c8d7a1fe371f86bfa558186b3824d713b33a6ef389d877d54cd4607d8f856020114f57b994759d3906566ee202a8edacbafcac0539d4e04fb2dc5fa4548cf02

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ea25e0166a31c353d4e97938cb96da1c
SHA1 33d272eb82fe4d4d8aaa073df175a5a3f61fd78c
SHA256 3e72f3b2e4fad9a0b6ee487eebe4adc39c4b11c0a33a5a53f85cc4f4011d1e17
SHA512 860b6a8faf45008caac59b02c37f6b9b9128136ba34a4d31091a1c4cf4f4e60edd2221193133de702b755335eedb1c91fda783f2ec1fb228bb806c232523a8d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 09e6d0d3b42ca98326538e089293eb4f
SHA1 3a19f3ad3b3750ab95bfecef477e4cf3307ef39c
SHA256 25d2e007ac079e12ba0f39fa73837994df026ae60b8e9a2ada9ed50153ee4457
SHA512 d5cf2b07cf33c29645736749805ce7a985c2b51d34925687c3ee36568f58d07f6ee28793f75836960f1e17cb2260a9c1e880aef424d8b54137f4bf811b916d89

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 41125226139c3a14c1a9ef92bb7e57c5
SHA1 32c10505c9f50d79cdacc6df0c27db885f656f89
SHA256 938b5aa3a319f769cd833d76d6b749445b441bc0eb4b645dc15f375f5f820a19
SHA512 ad08b4face2184265a0695c890c7df811e9831cd6d4ab778f8261fe5c72df6be982f849c4bc2e57a2d2f7536dee473e149d6a704c2e5b8ccb838cfc1d54f7f46

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 0683c93f8ff4dde536343c6d47a66a16
SHA1 caad6e1ea1e9336f275618517ab4786ef9eec54f
SHA256 51bb1cda3e82d993f98592c40a3f551daa5a0d1905219d48a64bdbba6d684521
SHA512 144dae7ab8645f8ba9cbe43de03adba6ca6683572a90243c1e3f0765d20a87648f85faab9c403b5ec51c6554f4a13d33e1fde4e0b8fc4edb86e996dd06568870

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 de4dcfcf068415384fb09d7aa1958d81
SHA1 33ff228a7091da7f65aae45c1c1a3464117c2210
SHA256 4ae809efb0150de6f6fe57c12787f657ab6b9873f7a632f4b20b7e7e67adbaa5
SHA512 744f30c15124f26995fd0456757ce61d12c037b67b7691ddc8915e7f8c3d93cd363f42d73700210f720e60968a8206eb33c93065509f13d51a32e099571dd785

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 efe7955bbaa505a401b69e92a4edd175
SHA1 9bcf6589159441a6bacf1769e6ef977f15080d7e
SHA256 54bb430b5ff98812b3e97a43077c2883aca8d93b4fc5277f37dd91dd89234c0d
SHA512 d9b227c0da790950e30e8284f22c1cb7d8ff00f7e84629da2762d8687feea1c31486baca43e729162e69cb840527cce5b1e34f76e644b6aa0016b608f706dbc0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 97b4ce0fcea2082eff05e1e764947a90
SHA1 7f9c359766ca7625b2d25133899f1795d8be60ac
SHA256 547874c717770aa21ba030b7bf3b3a1a0263dbaf2324cc18325dac78b03e45e7
SHA512 56a5b092a90d2d702b30a6c3ca35c843f08cccbaada9e2afd32fba4526e14b2414661303b3cd3b92714cebf4203a1529da2f4152956f00e5ecdcbb575d0f5c43

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 7ff47615d05f70177038c029dd545a0d
SHA1 158f5f949cdf2854b64105ef96c6c39682209325
SHA256 235b6fac0d47ec5b6d806eb674da573582f6a1e5261ebe66027879ac602a6327
SHA512 498d698fa87f63b1f642f6d65edf0f5db3e82c2d7b8dd2f4bc1f0a1bcb6d038349f772d31ba4b01f411c42a08234a2a8bc3f42a8ec7cb722588c7f77bdb9b000

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 e3c0d65b0b541aafe7e35ed17e0a4179
SHA1 91665485b18d7d804e2bda1eee72c88f6a852df7
SHA256 5277083fc293183591f06eff5e56df68d72a05a75e476f0925c3327ca3c94755
SHA512 9776d9e66e10f6c986d57d1a53315a4eaab30213383590ee7889b94246c37cea18223d58ec592db91a6802c60c6b6a271b5cb186a2939ac2de49176615fbf50f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 5a68d84f0c6bcfa6d96d2bb2f2edf097
SHA1 c6c1e23ff9d056c084d864c264cd87a2388cb26f
SHA256 1040f53aee5c033c054411e41c4bbbedc329e261fcd9045275f916ab65acce8f
SHA512 9de1de91b3898e7c81bd0d815b15703c30382c2c223bf1c8c2aa8baf08ab0a14db9e90146bd7042de2871abce0d4934fd7f237c9a386a5fbf078918f0eddb9c9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 9c63605cd35b9768b5f3feeaf038e887
SHA1 330eadf8dc3ab482f2f191881c1470b7f4651b54
SHA256 67bd1e6169235d8b80630a47ab65e399227bd69b801d4d418bb785899de73931
SHA512 fe8f073d96ee9a1d7ec5e233730bf921177c1e8a2da528a9d9b315d4e1b9258f4411022bfebcb1392b2dec829a07431eb5d07b730161b75a5f30ea80010def39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 114def6017747a91cb3df31d91d752cd
SHA1 b1c28753967632dfef8527c9eb8e130da5d85fe1
SHA256 43a2ee059ecdb3b84749baf69a3bb4868367e291376b82be57c26a618fe381b8
SHA512 2b68136f4b20e18b15d01afcdb06d779ec07e32d87a0a8ca79b7e44abe08b189f2eb8af9a74d538a1222c734c0a49a931305c8319a774311b83eda50e0ba529e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 8200dfcac6b9872d7900b29c4f2e9455
SHA1 e5c159ec064603f7a1753f3a2eb78ede19a9c7aa
SHA256 9ed9c7c86726a4344a85525ceedacc751abb9e21982d098300c8691d4076c1bd
SHA512 cefab776706b4005e265d765c4cc528d06fce33387322bb306be9b399e82f1e29b1a5416182b79be06b1508c593f1da5fedcf3bbe76e793bd765f41eb7f48a80

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 3f4753a510f96b391ef5a3ff9e886343
SHA1 794b2d5d99bbf41dbfd7ee2f8225e3d94f019074
SHA256 a713a85dfcf5d190ef7b6f6feb3aaf1e4ea4ef21bbbf6fc6a2a56fddc4a99d75
SHA512 c25738c9f17f8578a8c6bf97f208ddc8a128be61a623aa3497d70268eaa786eeffc1c5534eca3b41db2d31629aff731be18e0d83f441d663e897a7cd3318149a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 a5200635f3b2c611f510bd153d5627e6
SHA1 409892a9175a8b915d859f1676640d6b258785c4
SHA256 7de553d88d69b7e5557931032f268837b0030a80edddea2e1af57ac3139e13b6
SHA512 eae06bd38dacadfaef5d78fd1bd67ff7412b8e442c98c649db6fcd410f09a5385d0b0f67b9d912bc31b70901443f4fbb0d56dc13d3d7131eb4e3f9e588461fe0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 c64bb5b62f8791646189671a56d75c92
SHA1 93182387560ee2ac3ccc9dafb35c8339277a1b90
SHA256 a1f6c6e66bcc8f75043fe84d1ac2ca7b1994341270b250ba0ee6077e2dcffb9d
SHA512 4995a404c276bc7b247895a17143e752aec627a988ba71fe33e8f3a1cda366c93838fa6bd4c2a877016e1d79304fb6162232beff8ef2f2ec034a29691f94c9cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 e1986552b66c834a42f5a52856945f26
SHA1 9aed1d479e5b8d7f48ed7b4e34db0c6c727ccfde
SHA256 341f362a1f5db0db882bdbf253266b6be341a62ce6a999899d696ef5a6c981bf
SHA512 235e61752b0e1cf6ec59854a57f407848b0c2d636b9c864e2fade13747436c855984b31895f2365bcdf9d74c0b5cff91eb5eb21e1b7d68978ac9fb24ee2791fd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 e169922fce9678ce24829137d2b16182
SHA1 d3bf11422502f971f84fe2f7b49302c6b593eb4b
SHA256 6ee77d83433b23b7d6b422829573187ef54f4f57d136f5c8c818a995e4257efa
SHA512 fa3276d94865699e7b82c33667da61510dd2d99199c33e95d6331b130b91e050073beb42881b194eb517d95186925d2eb772056f8c23dfb6cffad98ab8d6064b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 71e18479b0e5094affa6e1b67fafddc3
SHA1 f58f8561c991f7b37534bd06e75817a5ea7a9f63
SHA256 8f2cf3cf662d656638bd86e9559d01451613dab4f5e53164b224d0a41efe4058
SHA512 6b1d10f25529799716c3ce01ab037fed418cf73f48f98c8aa4bf4c7028a8c530b7e17e146afd0a5f98c13e61c17ff3a4988c3d76f0027ed6dc494ad0fda18a97

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 6189f8fec91bcb5786c01bba3300baef
SHA1 ce543eb8c57901741ef6336565e7409562dad850
SHA256 547064b207251d242b370a458ecbfcf3759c1c9f6a8d61adfa549c4ecc25dddf
SHA512 abaf81e5642f80fe3c52def839d5c60015cb0945aedfb7ed31e2a151e3d12090b0b73492e52e5c903010da6fb89ce88e1208a36e82a511b50a62cf06df34b1ee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 67315f5bf2e95ab1741e000f7250875c
SHA1 089ee04331765f570622853d80509eaf8dd7e496
SHA256 359663062c9e8c1d7ee914ad3c358ce573ddd1fa73083067663813ab5d579976
SHA512 286156cd6ea6f54a2202707d8763dd04d6b146212c52399902b03ff44789d237b90caa89e0ff783ebf1c946f5bbbb572bfc49d8f63e2afe1b56fd56ebcf0af32

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 c947eca6818a30e33b9d555deeebce25
SHA1 f1b088d3f823c4db662e8082eb0d680c1e9d1274
SHA256 f8d8bc65b668fe1ed37d238bfefced0e6b4f1c081d6263f317e86c655310aa12
SHA512 5c25bcb5edf7f8a75c8fe054f44ec0d1b5f7adb01bcff41ab681e30764b8915d478c2e857eb2b98cc41e21c4303abe024c7ec1f0e92e22b3b7d50439f3e985d7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 000c68ce00823e57e98f8578ad2e22e7
SHA1 2029594ca14ddbff89dcfea3fcf58f51cda0142e
SHA256 80edbc4d55b20712d9254d240059ef1241581ba44054cef6fc10e5a9cec35f9d
SHA512 5430c7d3f9cba1498f8adb132e9b38c83b18123a055544e15cb24b418d1a9f386e2523170c443784a0bc4b7253dfd90cc2310b8937a501a28018c70450c774e3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 a4b39320bf1050573ff13c4505214df1
SHA1 ebd5a976833a604a673445bf6a7b6b59139019c2
SHA256 217e24646de3cf2daaa338b6da517c4293adee7d899dac1211f78dfdc129e942
SHA512 4d73425ad1b3b9311a013e88ea8ec54e0af6fd579208fba3760236d615c1583f8de5b064cc383c74dd1e9cd433443c2f4b7a3f1b0105a5cec51a28e01afef3d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 4b876232f6e204cba9578c37836f91d9
SHA1 c08ca8782d9aa520c926f66fa1214d93d9fbe775
SHA256 c61e0eb2d7c8e752651691c0ff98d1d960932efc953d3d693067e022de0a4ec2
SHA512 d8327943b8dbfba6a6bb48d7620b8cd0112d18a83b8922c5cac68110754e98e3d53f7a7254b8612c61ad1a440f90714993620a605d87895b3ef20825de7a1c82

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 ef7aef64ff1579b13946a412fede40d3
SHA1 294d5ec5355b5919b207509e99b191f9d048e340
SHA256 c4dd69b6c240120267539eda269ba133df18e96d42c1144d2aebfe91c9ed1822
SHA512 217c97b348e916778c4824b8db2a2ae3978eee6196232f96052d4bbab00cd78a181f4b7d029187a3e9927bead6a3ee0563931019927a054adb6f5877286f2ed5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b6df36561dd030ef3ccfe571fc9c5b6f
SHA1 de747bb9bb0bbad83e32e3a49d813384bcce1f00
SHA256 f65f2d619c011da2b22940082ca7a37dfa11832fea9d3f9945d2b19769af94a3
SHA512 e843a4e41573fef91aeb18b671b200a89f53ea58272572cea5fe31a551700d0ef011c21fb75a40d5af2344cc21ae85ac87385da249cf06c284e922aef65804c6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 a69c6403e398be805628e21866d2bb56
SHA1 f3d7684d6d1c835c2adaa67ce337d276786643ac
SHA256 33d76d82c179a8f848f698a4219bc5e43250ed9339fc7e69c610b75c58134164
SHA512 b60c8f7a1f7d3d1f0643432e835767f92d1ebc9410be4241eead1912ecd40826947501b50e20c3a3d17a8f4501605f3a8be9b8b5366cbaf9088438f0c75b3745

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 3ba4511793b8bd4d0b6035154f7d33a1
SHA1 1b82fb3f65a61bdb84178334936f301ee4264013
SHA256 3a38eb6bf0b0ac52d5e30a4be87b244f5e3d6cc3325a6991b627ce0fb8db77d4
SHA512 d6703309c595a6cc0928df201e624077e29c2924fc8188e2cb15fd828c72332c9d6d1879a84553033f1b64b5d9f94493e1f5b160f02e5fb42ba2aa8c353151dd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 035a50ca710adb32f24d20ff39f3ea6e
SHA1 b19b9b7ee81b7f654a5ab5bd8536e7f88e514dbb
SHA256 b93522da3b5a9b095241f60cc0d19cd56d5d0252cc90f7ee07b9e5bcf371536e
SHA512 2e1dba62debcb8787c93b9663d800752df434610994546719979e8129abe6d4d0e0368a8542558f2d2f00802cd1b6e66812b92e37a2037aa79f8c067f7bf7537

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 65d33394ca4ac294b0aa428cd450c763
SHA1 3c4a3b6190fad1ddc5546cdd043ab72257edcec5
SHA256 0d01573b6944cd71d4e70f58783870204e3f1d64199a512c22a56ead66784d9a
SHA512 0a86973796d4524e4add59cd662720b0c4029bde09f2af0ba810bfdc5c16c8d6c29b992303843579cfff2cee6445566626e76cca7175d568272cf3105b2eda94

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e8e710cb62ad1e6b2aea655368ae31d2
SHA1 c4cf9558aec80279126687bf2f6e89d5c5c970d7
SHA256 7b32fd2525a2f6a5bcffe9e968b4bd7e1f29d69e371673a567c43e4b94b21118
SHA512 8c1fbfee665f78d2eaec6ad7b6b188fdc3a1208aea6e0890cb74c4421585a9940296b80c24449f303a8213bce90e59462df6b069249a39c693fd8ecd6e9ca5cb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 985cd88318c5d7fd8d2b82d988aff41e
SHA1 1dd6c2c00eeb0ee6b49b1635b5610f184c49630d
SHA256 19e12eb4eb883c68ab458a9d5bdae53b94f7b7ddc2829fc9cf9f428c48303cf7
SHA512 544df6cfd18915fb4f5776e710b0e1510387357c8cfac29f9b399cbbf233ab302a3636e996ce14684d27c4078d565f8d18dc38207f2dd8460920fbb0c1655c86

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c71bc2178ff0ef18e549e841f7c654af
SHA1 ec2a882bd818d311dcddf06a5e8e43471f212da0
SHA256 c1a11a688ef7ffa9673cd34d3fce79bb22321ed084e198478cb472d895825bb8
SHA512 b896c8c7914c0a22a563de908bab2579792a8d8819173be4957eb66e7628d43e7b4348ad396b28ae28b53fbce3961d7618c87278c7723fb129e51a5c3ac140db

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 21fe65bcfd05fbf4382be0e4a97f836a
SHA1 5694093b53c3110982a52dfc8080d5da9ac6a03f
SHA256 a1ef2782ea896296893ca8d5d37a26596508f44fcb10b39d44d056bdc8e5d3ea
SHA512 cc173443421d8b72965c4d717e83bb70d581dc764acb6bbf1c7a2f1e9336d363c50ea4c747a277b050e989561059a4ee5b18205559778a44243e7d2636246f12