Malware Analysis Report

2025-01-18 20:38

Sample ID 241129-qv9hwaxrgz
Target b192f0ac4484693585a0c94b24bb029a_JaffaCakes118
SHA256 73760d7b0359bdd510fdb927a6647f7420aba3cf1971dedefc8733ad0887b0f1
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

73760d7b0359bdd510fdb927a6647f7420aba3cf1971dedefc8733ad0887b0f1

Threat Level: Known bad

The file b192f0ac4484693585a0c94b24bb029a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2188) files with added filename extension

Renames multiple (2201) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 13:36

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 13:36

Reported

2024-11-29 13:38

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"

Signatures

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_neutral_0b11366838152a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.jpg C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6bb35d9d79285b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ehome-tvratings_31bf3856ad364e35_6.1.7600.16385_none_89dc299f2815415b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1fbdde5288a38c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d82b2b365a0ff826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-oledb-stub-rb_31bf3856ad364e35_6.1.7600.16385_none_f1293e82d1d4041c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sechost_31bf3856ad364e35_6.1.7600.16385_none_879933012e49cc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34ef8fde742ef2a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_30c90d194f949041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_356479dbe31ccf23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setup-events_31bf3856ad364e35_6.1.7600.16385_none_ad5ba99331846e7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-view-provider_31bf3856ad364e35_6.1.7601.17514_none_b4748e117cad32ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_483083fb94bfc714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_00cd30feee4af5e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbf8f40c40bd6f57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_bb256c6a76019ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-snmp-mgmt-api_31bf3856ad364e35_6.1.7600.16385_none_51d5fb6b0198fa85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_it-it_b5d55461741a2911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_fdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_698e5b1ed44452e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_it-it_58b76ec26a6abd86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b414fb9014de0a2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d34b7c772c3fe85c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0e340fffbb256f19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_459a170e84540228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03bba2d449d639e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17514_none_78befff0523ed483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\settings.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-getuname.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec6f8c0df80bc28f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d6a0d554b1ff067f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img4.jpg C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iadrm-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2542176634d2b983\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_it-it_77e724931dfeb870\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Delta\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam.resources_31bf3856ad364e35_6.1.7600.16385_en-us_159bdb5559707a80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_19c02f902f46df9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f828566d189f067e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7601.17514_it-it_a7377e3b74bc957b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ac18c667d7c3743b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prngt003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f76d2e58e59d36fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_52aec008c7bda950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7601.17514_it-it_6bea2b15c90be7d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tingtools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_beb7a2a8ffedb99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msclmd.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6f2b379dc13dd175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.linq.resources_b77a5c561934e089_6.1.7600.16385_de-de_4b5d7fbf7a2edfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000451_31bf3856ad364e35_6.1.7600.16385_none_4336a40a7de94056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_241e16390a5bc616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8b788bdfdc00b9d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_28f060a37f09ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4ac16a21a5d19878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-msscript.resources_31bf3856ad364e35_6.1.7600.16385_de-de_25b9e97c2ba93664\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_a1802b822e2a878c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_es-es_70cce53eb52f2542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbcir.inf_31bf3856ad364e35_6.1.7601.17514_none_fc6d9caf132197da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c84fe059848f0a3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_6.1.7600.16385_none_42c4d8847e3288b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netathrx.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_776fdbd5fb947471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CMWFZFFXUTMEQIC" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe,0" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a96b439629d12b58386b44d0429c5080
SHA1 3d075fdb21374a0590b81bfae9ea2b4a0ec5babf
SHA256 9ddf8e826cbe0c09bb28b7ac78f434148025efea993e2e755fb26170684644e2
SHA512 5b02e8661a73a18e5f385a47c31f892aa3c986165dab82f443852c2fe036b4e8f90762728b722d8fdaa61d3564c39c4576c9d01ebdda1fff423df6864b7dbc78

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 a9382c62386e98de2244fdc80eb7a849
SHA1 6ca8fa8850f9866cb17a6e17756d699841b2264f
SHA256 bfa60f3fafd814730584d59fd143a5314d9185b8c3ef8c0659fc472c4fa74a9b
SHA512 f3cf841e2ff518790872b8b2baa046375fde90d12eb3d1b5802bf3c4539d83e72e3b401588e26c1a264b2b4918d80196a3e47585912be1957e04d25028c8c398

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ec3e4f50f13c9ea74224738de68a65b5
SHA1 4155c916749912ab7a5ec9f48a1a31bca36c3bc9
SHA256 5983c5e1d0ea6dc77a9dcf1b4f635105638be92faeae47daad20ec16f273e772
SHA512 a57bd531f5eeb19156d135c0dba04538f9a310ff828c3d4a2beafa86d7127f66fd5507b34cebc45d7788a6424a4fe3eacf38837219c03caf84e12f73f7b2e015

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 82294d1696aa09da1cd72fef2192dc5b
SHA1 b44e8a13691a0df5087831ab22e28b12e7d75c24
SHA256 9431979b4da02f7892008e650b24decc1cad42e936e0cf9169d1d7a9720a0b1b
SHA512 8ab927d06e435f0ebf7cd7576ab68a270d27aeeaa9af4534c5e1f431d74f522e40100d1a93040fa8bea2eb77bf472dd225ececedfbe469b16eb283672c3a30d6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 ab1a77e1466ef5272949fdbd1668ca81
SHA1 0b5af018f56a232d04c34f7950be2e92e7a4b344
SHA256 b6338cc720e10837ef1acbf11f549a374f2306ae94c2025b0e324c6a3ed17daa
SHA512 2e835d0db9c416d2a19c9cb76c1525688d528cfb6ae6facaafd1f3c2dee29e623ec19ab77f5b1b485bcbffaccd0f3294c2eadcea8d6d30fe71033e7f39045f54

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 89d33e2aa7cb208f19280b550d463ffd
SHA1 62a7af115d466d3312a0c859bffa1e5268a7db0c
SHA256 5f0be6d9b51ac6d488eeec1e47dafb781f8c0e0da490d9207294010c1b07fb07
SHA512 7f0a1741b2e4b43dc8def1e33f23cfb51042d2286928fc01d3317f9a0a2c25fa31c007021729d6501b649de7dd31b172df12a9946b59759628130a19e7f5a153

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ec6c411a2b59e2dabd12c74f7384f234
SHA1 d709dd139676e064316a945388f6642f74424c96
SHA256 0d4c96a30f322a49d663c1ee90476ef8a2ea215112653c470b791652cf5ff2c7
SHA512 d815371afce51f100d331032ed0ce86ca7b47f77623bd8db3fad3cf118a6a3509ae0e325f55440f31d57197bd995e782d80fdd7e894e57bfa47039a9742a3924

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 2201731666581842044b3a19d17869ef
SHA1 5d62d85324694d6f02db856314ac26af83cccf2c
SHA256 275fe1e2aeb201c96d2343123badb7f95e1d506d540f787310aeb373ea6f17fe
SHA512 652a5135ea343f0db1d8d0545608d4705ff71f8129eab4ca28e98d99e5ec6192abd1befad26afd5e31cef0483f877d31fedaff99b010bd077e58faa21f44c2da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 b16c0f672f493d8f9eb185d90851b390
SHA1 e1bc0c8d5f89389d296a5fe18e9f5c8109951931
SHA256 ba35ee2fbef9849251b290a51eff03cc40b1a3b336f8dd6749d53cb62d435bcd
SHA512 948746de83ef009074561a97988b01e5cbafa6fda9a88d9c1f7039285c187a4c455dc0bf74bc753f62f81cdb22ff0c767232358a97d7e4ec84a6b8677b78972b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 74f3fe8e4afa1687c414031a5a28320d
SHA1 cc4a6cdd064d17b5acc02ebd639bc2726855e8be
SHA256 6039aaba53719613c3b856c2f20c64594af180e580d8394a732ef0c03820043f
SHA512 91dd21ddb05a878816282c129513612e836453b248b58e37646c3a7e245b3009a55a1c7e4c1bc4ffcf943ed61948ff52c40c99e249ca7c723680c9969baf7abf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 62be6978a34bcbee2592b3150fb83026
SHA1 06960d069d44c8d311b059d4022cefa3d239d883
SHA256 ddad43c7ea5211bb2faf9c3dac02d59ab07dec52f915b5dae136f6b8f59163a5
SHA512 513ba08edf8747781dd2c5a8be1245ea8a8c68c7da40b1da0028c9694d90f2175b3409bfc8990816df59fa68e5380fe6074779f5e0771c2e95b12793c2f52917

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 c1976d12070fa82b639e21dac1b9dd63
SHA1 873348a4004befa211b07281488e8458e7eb2242
SHA256 085f704619978552415160c51ecd6c2ca5879cd2a8525e58fbdbb6d0f7612960
SHA512 e7b9bbae41d6c72ca07e9285cbc5d35c24195ceb55479315bf9f2f37fd087c382793b5919c9e7a1f3a922059fb6f8b6a5b36a9a8129ec6d145689b5682a30b73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 6a1a0aee6082a83c45f5282848d80c55
SHA1 7e14655ff7c5e380da9fa1fca2f9347c93f48ca6
SHA256 458570cc8c50c149742288753c65483766ba236c1934ee3a95b76920cfee56c3
SHA512 8cc31851e5ee8227905c432e2e04e33e52d9e8dc8046ac590d5e2877940d4b702909d034563df79f810d02931247cca2f04d1037638f0785ea41baa5c3a6d870

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 e2da73fa59c25b3bae9bf8af2594ed92
SHA1 3204d44790d687f161e6f66688c237032639a7c4
SHA256 e4c0047cd098f0d636078c5fb9e96b659447d3bd8ef549e046c2f69abb7107b2
SHA512 72417a9661f33b7a41c17b3c3328c528debb9424edde0527a548b130c0a157763de865de819a57d67fe3fed43c698237f04d6bbb308e4072fb49337ca9e0fa8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 c1a389f1908e8b3a50f0e9a7acfc17f7
SHA1 6bad3dee348588085135cc643bb862cbc6f6f327
SHA256 11a0cd1079cb0cc8788bdf49362878f9c2c3923e51c7059549f42fd9065dd23d
SHA512 bd4216302398e9e757218f5089c1f252b716e708656085a59b546f384129004dec271ea7a0a712dc8d85f5b979e8be6b8f88c10cda00f782302d0ff80ce0b5d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 09832ab9ed148045707841cd0de1b9bd
SHA1 ad2da0e45de2f6ba7c9961f76472e3515f51498c
SHA256 3f19dd9d5fef92e93398196630eee75f6915ef5efe521762a4563b351dbef484
SHA512 565f77a848f6744f70658877406667a9808d421d4df11970d4cedc5a253f82b3b2299d4d5e1e2fdeb428504880a4bdbcd0f52cbd17fb7ea33020c95579b084d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 4fe87e7c1a2afccaf939e6518f6905bd
SHA1 b7a541e50534552015a498d549a8b36ac3a22d06
SHA256 dfd3808aa71e4b326a215ade4c316c4267e71ff0a939c993c8f5c105e3b20592
SHA512 dc1545fa2c5926186a6ee8cdd9b879d54cad445ebae9c270b5d374a23eeaea54e68f48d7426c3ff89a76ff15c9dc86d52a1e9ce9970852ac1ff9cc5cd1fafe95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 be68eaf39e212a16523bd097f989d67a
SHA1 a42ed5c8e10df8e9c7e7f39e79c0e1b04fe5ac6f
SHA256 78d273b68746c4e88b5f391300703b0396e8e80e2e0ab3d13fc5ca96dcce2715
SHA512 2ae1201f1d441c0a28530b5c09de77a3acc4ac8cf56698e45c02d2d5a2ba24991739371ee5c9e20fef86fdfcd2551b152cf4e044989518514af7970e5c02c17d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 e272c976257ac23d21903ab689884ee6
SHA1 306f70c717667df01ba2265eafe8fe3fc198af24
SHA256 b9168eac3eceecedf885e159b7306360e4a6a076b8dd7147ac4f031aefa573e3
SHA512 6d93380a237e6a596add86db65853f637055320e044470b946f17bc19708ab57f082d69fe44520752576bb365b34cc99d8faba211a2c42bc9fa45ddea00af36d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 ed0e651de396f9f12b7f506874215cc0
SHA1 ebac3bc1cbf51aeb205f1e894241260a6312b04d
SHA256 3509a44f6824ec917997c98886e3b35d60d61aae20e10dc5436c375e3034ba1f
SHA512 21ef30f4fc3ce0ea6a0796a4d048f073c138cb948b3a0f852245148d753ce58e1023e88d13059eb30395feb49be996054e0bcd1791f7ccc2e266e49acedf11e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c7e9113157bed6cd3e6fe9307fb5f8ad
SHA1 cb2fffde9a139236eba5f45174819e216a315f54
SHA256 f23942c2c27c4205114cca9efa4700600ebde028a4573467a447a8143920e45e
SHA512 c879f6eb74c33f302a83c26a62eafa04ce55f7f30ba6488a2032c3c91b32887799a1308bd9d827a7ed9bce9c1cb0f75820b0ef433372c71375fe2036777abaed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 ba1c28bc19e576ff0290b77b4f6908f0
SHA1 294549b6b8f037b751b0571bfc0b9b9c0917807f
SHA256 0da3cef01851acf0f9c86cd600f933e1df048de5f2153534751deb8574e9bd5b
SHA512 8b14899b6118fc1637f2577890930db7438c364d64c01dbe81779bd072d6f5bd3cc22bb3d91d7a4fc8a359a0035c886a7deaa6ebc0bb2530569e88c4370dbf31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 7587980d8962dea2aa8d9ebb57dda10f
SHA1 c179d5bcf699c0a7664f6516375a2dc9619fca33
SHA256 e701842e7c9beff4b29d5387fafe559f1404818bb4e4860b6a89a04312d910aa
SHA512 462ca481641c5a19cc5f63a77fb8a4438f55d162b44584e17c3726171eefb3f86fc5378a0123b9053d75b3c994b419e818f430b235c2831a9f2868a68f2f51c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 1302e1cde02f99e577f73439089be93d
SHA1 9d261a521b67413d950187a96c6fc66a12a29f32
SHA256 d6932edce00eb75bc5798f68fe2ec9b0cd7113356e69dd8b4f9380c87e7fd6d5
SHA512 f4b35c20d08c133a835d0d87e25ebf6605a18da7233dafcff0811dc9f953ffba378dee9d27fbf1b2ef5c513d3c7e4c93f4cd5fb86799a152a0f7f2e6149b1dab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 76a98de2d13bc1724a03c8d8c8ab32b2
SHA1 a2c0554d81c685df2a2c9800d92140f44e9bbe62
SHA256 79afe928356c56019574abc41059ae9e23840a785f40c3ea4b63d499a5c9f525
SHA512 791815a2a8c278622bcaa2620aad6025e7014ca5c57f89f708a25f4c264ba757fa1563aaffb5c8f0579428ec13c244236694f789848cc27daee90b030f1f082c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 e9db6da53f5dffd556f364f5766118da
SHA1 24dce29943dffd3ed320f780c8bde25551297e97
SHA256 87a2aff134af8e335a8ccb835c87f99ed0ca80ad6bf4388af4916a6df9946c25
SHA512 8497c7631f9b1f3857b01e1101e57240b0f93737f42603211d1a886d2162e6ebb90f9b2d38297bc3721c2cac3a683fe3e25f540fb3b7395b62126a3147b3c27c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 170269469421a0893554553bb7f0dc9f
SHA1 e3843fe5ae3b78736b97f4ea248fa2b571fd2fc3
SHA256 bf31e3fbc44a559b07039ab21e642f7ce2bf8f01fcedda23e78a3c2039b002fd
SHA512 4b5d15fd1247e04d40d22717c0c47697f62088d2f1397eb905b7c13ab5d808e5eb51db90e698ad95a0536d36f50944ecd8ba493fd3d3fd610375a4660bb97a77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 b638f82641473b3d685ab60c4e607270
SHA1 fd0b6a04388ff97fd2d76b1b373b951757780382
SHA256 41be1072883dd8714cad71107482ad656dfb22897681c85875690e9c17362317
SHA512 75265c93c9cc3be0ef88da54c30d5c1a1930f8b24d5cfcc639a4205c5ff7d36bb8563ae4d3d7e3a579933f0dc62958f451c53aa558f1e0ff771e6852d82430cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 bb7bd12f2b5114191bf92fbc7a44acc6
SHA1 24b0a0858324bd7601faa7146051481220708b6c
SHA256 30c7b407884dd906d30bc9d025024c536fdc70d8469b172bff38b8985089e492
SHA512 d26bd748cc7d6024dee399a2bd1d176e1198b8ae018dc677fbc99a363bcccc93bdd59b82c1d6284f2d97d1734dba6076669cda3c66974667b1a9482c4bd4a0a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 b078ceea32bfc88b674efa8ff010254b
SHA1 ac4a6d638c7005d0554628f1412a57c6b8212f41
SHA256 1bd400c72d93f1c114ffd3195495d0e8701d3d6102876fec4b5efac58d38e0b9
SHA512 eef6a97048ef22ef7cd6a9f7681cf3f036dad034ee18407a28bf80ea887fb71a45a6f9a85cc722136ea24af4fc9c58d280d5ddaf7fa65971900ff2bac98370e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 6116aa8bf6b1cccaaa9355ea62a71cda
SHA1 58be7e6c1e3401897e1e4f83dc803fd9b683b80f
SHA256 edab4a544c965a76637199dd3c2d353acbf34c618dadd12acc246dfa6a9c282a
SHA512 80c9ed990d0a0b509b37bccc9612eee2c562590f8377e199e70716c2064eb1c61f72f6ff89c65936b70a33e4fb863c6df316066bd74093658cd11e129d95a137

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5ee999038dfc7cbf2efdcc560c819ff3
SHA1 c9fef753b323b913ce41903c6c245ce248432f59
SHA256 b9f8d1683d91c3efaac15c35b6402548a01dd052a21cf929985eca546b256e44
SHA512 f1185f1ae69214d7509e2bba623c1e9faf8cddec0e31a04dd825eab1b785a1d42b39da18dccd84bbdca8115493f2ea1ea4f1f0b1297e40a20644b54393e1498b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 29a2a76284e8a7a6995af9f8211973ef
SHA1 f73761462a0ef8a6cf125dfaa6bde53cba37f5e0
SHA256 0af37a4eee5aa359f98a0d4084eaf39068890ea289c802d4373ec54a141fb6d6
SHA512 71106ab823e1a323687948e03925e24c19130e56c2ac4fc83280128d72547935e05840e50626d038a68c01fe0fffa077656333b3a15b21b92950e005ede9afa6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 081feafb8a1823a8ff3cae31f87daf87
SHA1 95e7c836a71b7ae90e38a2fc7f12e8873fec7ea2
SHA256 e819c1ecd078ff37203fe870247cc849a8d3d5bfb97d1b3712256fa2c4c5382e
SHA512 01a22e938eeb485ee092c974299a97f8e888915a6533b04449975136ea15dc75160ed4264cb52bd60a32c6fd30318cd5b370aa72c538c6bddbf18e526188155b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 2293cf7fc66e129ec5984bc09dc09a89
SHA1 ac76f04444aad41181fcc693068974e5e97c7448
SHA256 a33a19ce98db669199396b87a2479b15ec4aa34a082613d20990450e99d3505e
SHA512 cb926f2e902a496a790ed820fbf47be7286327b4d346837172e3b9505300adfabc06831e5d27a2fd2667f148a313009a8e78966460cf7951898a7397499b47a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 7a4a40400c7f398af5b568046c84e0e8
SHA1 9b95600d3828eceb8bdd36a0c72b35e9135d29ff
SHA256 e0f9992f2f5f947e057104d1bbe76516f1c04111b364f111441f0a5c99483bda
SHA512 81c717cf04acfc875abb09f5bd0a0f717393aeb743a16acfe471d3ab781d63707db9eb47f74a792bd4d5f6ad827435ad93a7918c0e1a874f6da8952ed3b5d9b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 b2ffdbf111e04d53e04a4262664b38bf
SHA1 ea905b1a0a747fde2e5b6ee8452d3eeeceb2f182
SHA256 2fb5944dc5c89dd3ac4ca32f50eabaf7164f5a49347a1ddc640849a42b97f181
SHA512 08ba136dbbba57feefae8b0ca5f773d6327b78cec3d8534205947de516a3c5262c6978b5f4e1ff44fb3959f31479236e71d76ff6c2a0309a221eb87428e5a1d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 cb7f71364d28a1c8778cb69360efa254
SHA1 dcee8f0f5c375a6c48f7108513fa9e6d219a4e33
SHA256 8193812ae9c97b3b128c3079cfa8a425f43f86d4aa1828eb42b6ba24752cfa06
SHA512 b8a03a4e5b739d5a2536ad4b000bfeef1cda3b81309c0d7e42e14ecb6096f54191a331379cb6cef064e9ee8fb2da43a1b410722bf404329ed95420714d365579

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 248e6a7ee1c2ddd0a3eb5ee714d931f6
SHA1 37cbe79d0367147fcc6a7d43b3f94aed1dfad6f8
SHA256 be6bfbde341bd668e87ffed2ced70fc5f65165126f8fa487a5b72f52e79d2dd6
SHA512 493b5f38474286c4a241f9f421699231235807353b42a7c5902cb76ec6ff040c68fce9bee284aed0f155881e9beffe9ac7f23cb4382ed86e9af3675760c5d5ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 d710cea38ac556702bbb3de53a8b6f25
SHA1 8562424e835ad544b9771cd81213a6b9da800045
SHA256 ed3923d54c8cfc20617b45e2f0f175b0358fcdd4935e24976f0742b3ed079b5c
SHA512 fcb54b29fc1c16c5a535189a46707de49f21e41ba2f8bd566d55855d5b040c91da5e95773705433d3c752c53529cf8bc8df81576f024574f4d3e1897d01289d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 41ac75503b16f1ac47adfe87fe953f15
SHA1 3fcdbab5d737a716fc2595eb6133a6b93d971b76
SHA256 bc5cea6fcf8f98c3fb8c8369f1a42d1f82feb645932cc34f87f23d521ee60149
SHA512 0a31adaf76337947f5c191c04570c9a8dcbe7a8708ad4895c8a0157171e4afaffd4345e64af294ca8d4ffc83d075cf3b5f5d75ac467459430e8a2411dca6e1e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 3491e595296c4f2569a2157e401d6dcb
SHA1 83206d69e6c56ef7f4c264366751a17c2392437a
SHA256 26934aff4044635393b9bcbcfb68bf166e1395e0279a88e8384142dbf0691ea9
SHA512 c397d6a595b7283854cc3778628b58601b0ee73514d6ade65e0da510784ee913d4e488f6a799e8e36e8c90eb93fb84ba5c21cdffb28494f99524349330923c83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 e0471557520b54139c9dfefbe9f20149
SHA1 f90b6dab0b5e6e8c01eb8975d454db87a86680cc
SHA256 cce89d083f21e02a87b5c7ad5c7ccf24366faa238ee316967ae53d990d8f40a6
SHA512 4909042147556fc460b11aadfd8f05420c5b8c70630f1a4b86303ce0a97227f01c3c08ef942a087c5ebe454bc4e4f71b14fc0aca4e4581904d00872964c898e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 ea9e49956e2c1f1b5b5559ad2b0508a0
SHA1 db434fdf90f1a3c58c0bf171d9791a5d5e8dd1b1
SHA256 fcef092532d811e8ed0da1dfcded99e5524728db08759ae36f832ffdc105420f
SHA512 d793f23fda1eadebc9f82199b22851524c38394d7b9e8f825f8aed4f77235ae43ee06b1840ea5d81fee086f4d319b29dcd51f0674e20cc7f0bae1a98210bb7d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 a4a2cf23072188b61948566073c07dbb
SHA1 f7e6fc8439b2714423529bbf16a6595d968f4340
SHA256 2b6a111311c8fb8396bfce9cb7d95a9a3881893bc076abeba3e9b4acfe7cc57b
SHA512 64ddb8a12bb1aaf3ad8bc10febd4a760a5bc77600ef332ed0eb8840b13a2d8d410e0bd945edce7a5992228493831b61ec31f5d01b5868f3f6fe47ca3a06e298c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 0cf8d0a79d504575a699ad6e08056f7e
SHA1 34a2b2fc705d314dd19a6531d9ef2fea4a5494ed
SHA256 0ae0833fef750345911cd341e084db43b46a674aab7b154dd0716e0337fac23d
SHA512 2a8dc14dd8e93412985d08f205ce0f67e6e8584326bb12ab94a11e8e33d3c598415495bdd6c3798d1d3b19d5ddf5ee87c92433d6319a547454aec1379a67ca86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 ee4697961a0faca5db1a1d469d621941
SHA1 4415e4a997f26302c3d6967df06130ba5bc8eb59
SHA256 31854eb46ecce8cb376df203b4edd418ce395aaf9d4c56fa3b6c26837a92eacc
SHA512 eb44a71057adc854c37bae4a8e0d2bf27dc08d78c1e0a498de62081e00d91dcbc56bdeb81c4c1a3615141529ea5fec038e8b6f4f575836b2e10b3e09c3b280e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 831c5ff37fdc12fe3cb8c31472d46d50
SHA1 b145836d8a92c4b4735a3f0b1571c819efcddbf7
SHA256 ee08a4a30a1282b0e420d7796179afeb87ab25583c7dd5d2f3fe46345949e46c
SHA512 97cb23629988293439fedf8e0de454bf0f1141507d60d0d105257ba47dbc193870f49bb09fede69580205e41076af5b4a2d15804a96c8c085dc37bf13f99c6a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 a737ad74b5e58049bc53a7460b633bfc
SHA1 95490e967f7c097dfb96eed926394e55744ef4f1
SHA256 3dc382bd0fb6991f42ac20191f8ec24d15d450a3d58796a8850cf8aee05a34d3
SHA512 816634ca71288f925c6f0e32bc6a7fe215aa80ff57c7620990a117de048e9252725c75f026994c1f64bba7b621fa961c5ad27bad252b10693d693e8d548c1cc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 3fa07fd6a07f2bcaadc63720701e4496
SHA1 25bcfe979c5cde930b1ee32bb93653c52fbad986
SHA256 523a5d33f206f002e59158f0b854b8770f4957bd36cbef1a950ab04522fe6ebf
SHA512 d904b4b153b905b444ace7749ce078323e92ef53dcaa4367bfe8968afaf8165c08ad6a6778cc69406aa4382a57cfbbc3a098c4beebe73504b12a1b17e6047448

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 3e536f18ace07f32052332b458949b04
SHA1 9c678059452a87e8ffbeb6c29059194997591a66
SHA256 8220903eff2f79a12eb973537e0e78b7373f1e8ff931c4ee3a42bfc2d2381698
SHA512 84bc23176e8b2c28052c7d3e153938a172a3ceb36e26ecce614d133689ee00751a3062ddd339ca4a01a9f887f343ffdb4e29f4fe8da83bef6e9b7e31b973423e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 0f36cb5582e8423226dd3b4e89e0c952
SHA1 11347201b442612df64f15ad42cb6ac2ae43d47c
SHA256 92a39a4c6800fa5c1f7f7d119ab7d2dcbd0608f9603d5b93bd0c9bbd57db6d59
SHA512 01373a20aa67221567a3919ff5fde5dc34e68978f6130b3f26f77a71d2dddbb4745be630c718b8efc2e75d17a343d1c7778f1d9ca74b29413d560c16900ad6f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 9a98be22540efef0d57aa41497288ed6
SHA1 07b6c6b15a6be9150b49331c8269f5b065ddf10c
SHA256 725d675f7576fbe5dbf4c9a84d0076264ea413b69e62e683692769264ed77683
SHA512 889cb9621006b63d1c9e74360aeada71a3fef91e5775e45b029569ca21e244c371b183eac598ca76d6fd41c573201eef58c9eaa7abdfe7f5235330f8e029b687

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 f6abff059e1ec8d875cb5dcd26924121
SHA1 2c0414d43358c52ec884a30d2143e30a82b1ed1d
SHA256 54cf4eac7fcd8a2b52edf80979e6a2fdd66bb2e3f079f108825e0949f4158ae1
SHA512 365ddc8ce247f51342483caefd89c48d19ecf73db2dc33bb0bdbe8313b6b066b10930b46f86f62ee8957e896d6b1b132bf9b1c488bab2dcfb48a65ea776f7511

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 1ecf422def774f9f89e4d2beca791edd
SHA1 3e939e661c447d8c7a2533080bbbd70339e83edc
SHA256 0a291287c3f5eb25e1f95a1498125dc4b31a5ec5bd96a6a0c08fa6b973971159
SHA512 9c9e3f99e1a3f06bdc5d070514989d929feea2bb8911a2c4f8886968d77c1c514028209f14218924e469651abf31a75273052fe5f886cd06f04c3f84f9e1336a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a0f5ee467d96b2cd6749e5ca48514528
SHA1 f45c3ca420449d7b3f8dad3cd2a9bb5e8fd9c262
SHA256 9c5a1bc29417fbfa4b6d3427b30105d848ba6b9984a36a532d2d590360b00389
SHA512 d2b5fcb6fef8226e33308d565b23893d682f51dc4cd03a61d8c55d157299519bda4538b262af33e9ddedfab0bf665da49748d505a3a5b6d97a19a93ae5c09ba4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 20504ca3345f230a8552886cc84ee1de
SHA1 a9c146f5f9c03254d2ce1c0590297d774f7b2c2e
SHA256 41a2c3c1b9fab2e5892b3e43c59fb25bab36905b6a7aab1ad097bf13a8d9d159
SHA512 993986ed1301a26bed7b445f76d22fe75156656c7776d3dd5b8f54041a5355a873cd93246919bafd6863093204278e4314ac03de7836dbb4ad3b80791718af57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 e2afd806bf982b78c3dc09948012b758
SHA1 0068b83fc2b42d9627ca8864dac5df2ed932ea47
SHA256 ee5a7a1a53a7616a3bdffd5a8928aeda7b824615f94815d3e691c5da17d5b579
SHA512 b76c777cabfe5d6c7539fb9826102ed62773c18ac77f2490e90c54c8e2eccc43250ecab2f101d276896f1b2da189b5f4e4f08de0c7193b94e02f43115f012019

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 b70807ef5bf23b02766912a08b1f4202
SHA1 8392a857b5a54b27bbb84cfc300db9251e370e90
SHA256 b5eb4523511f8fc715f3acf73cd47cfc557ab81e28fb29f1da5135e257e36e0a
SHA512 3d8b188b5975a42dcae2757e155d9ed17b9a8000582b31c888b3b8dd1192ead014d1f50cb6d262785dbc377d6ea653f84cdb6fb71867834fbb65da9e5e073831

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 bcb785f4f9338242a9303ddf485f2275
SHA1 b8ce17d46cf314cbe519c70f19ea058748dfa6b3
SHA256 433ea8d9dfa4acf78603f6342d56e087a0bf59d47f5e73911e1028cdb6510881
SHA512 27a3bad9bc92e6c8c296d2d870468cb5e9d948945186bb23658ad25b2730fb19407815def17f12d833f3b98b555e75040717681b03c74b2bb78ff8d7d086ae84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 77c0af58e30a1730c5422a1b6e364253
SHA1 9be10ee6cd21241a9dd08c207ee92732e7ceae49
SHA256 2141f22d09ea2f8c24a697ca26dd3b48781793bb51b05e282765527e54f70662
SHA512 6e9633d5433d4c0d4e4f4705d15d6a4597bab50631be3a0d82e107240de19f089e9951a0b0a3704483db208b27b386935fa826f1ce3fa6be7beeef590b3caffd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 0cf4a42f085b5dea3d6b28cb89661a5d
SHA1 f9a8e5a873fbd665e7f1ca4b0d5812c1291a60a0
SHA256 894a73abf0fe8f9ab46f6f338a9413e67bb080917672c52609ca189112ea6aaf
SHA512 0a15e208a15d9dce0afff2483c0b285d849f952137dacc945d6696cd4cd3b78f32341e165328b5b3e27f27f197bb16ffa252f328b93d2eed3df962d0b66a3fba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 fb377556c1c931ff09d7c70af1c77908
SHA1 195184c3977171223ccbfe9a6dab65445252b786
SHA256 9da34d8269882971ab457adc68554052f2fbef11c1c8bc99f5cf9b933705406d
SHA512 22af8a2e838f992afd1e3d52091af0d183de0ccb3dfb3b52637244f944b9b0d489148b6b5fa30acb48514755206f51b8eb50b9c41bc59e01b632667803dc7397

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 e8317fa07c64bef5cac891a3dc6a9d59
SHA1 1fd5c57d3723b8f74dc135bdab0cc82cc871b4eb
SHA256 60c2d8b0345f9a5b891a76a68ace7ea167370a46f7cf388e94ba642575e6e10b
SHA512 a9fa8edba5bc2a0f2085c83ee9316edb70ed52d149a6b990ba0c57514a0188e45721e0e6493405848d375a42fe52d9316b6af1b1d270a087f6ff82ad2c9dfb60

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 3ad418d3ea5bbecceaa50dd5b139216f
SHA1 7c57dfb117773c9dd49ed2f92e58bba1074e0fb9
SHA256 1cadc99f3b0da8a669734aa12e1ff1c46971797d30aae98c5ea45cd09abf5246
SHA512 7242d34055d391b2972905069806ebb2e9477b18c3f40a386c9599b677445097596da85346db009b50756f8f61cde609ac708a6d23f41ad600e0368fbfc57f0f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 e8f06119ab4fd3e5b7f7f4ae7b4d79f6
SHA1 61be9e0d0ab3d44245db6fa66485f25ea8dec486
SHA256 80219482aa6c313de95bf50d281f753dcaa06ca982fb549b54d54daf163f3bc7
SHA512 8dc9f1332f3dafe901999a5d6477faf06e5c05c635d30fea3f118b00d3a240712abec994daed8cd43bfb2ea966440d30582c00251c29e251c2e974c7f60c1d06

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 101a982a66bc64e22c58e38e02362823
SHA1 241650320f3294e4237378dc8578dac7583459ff
SHA256 c73e6ad6e3b1c149dc544c5aa3dc9f24ea89f7b9f420ba25967b78339ec599d8
SHA512 3393ea1dbcc92f11ae5c94a44c243acbfac57ffe31ea7cacd6f28838c6746051d5d0418b0f7b68212056d1cd957e76d5b8e2f0684d4a871712ed7a369dc5b4eb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1ac42b78c191e1fb9fd05cc1774e0e78
SHA1 92d1dd4294078df956bedf3a9f57515059b0ea7e
SHA256 2c1a7ea570bdcd1cd2f47a0f1855e5c789c146ded0005823936172bccb902c81
SHA512 6fe87c3765e6a08b62e2a1c0a3f353c00bf9edbf2ff4fcd4e86888f4b72f286a92e52c8819cfc56431a68176fc0d47335dbe68796d91767c4536b98de544ed55

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 fe21277ff226eaceaa7dfbb51bb43d3b
SHA1 af5aa14d88001bd33ac068881cda879d873e5446
SHA256 0daaf3fed089a91701a94e49a0b3db8576eb98e871b93511709ed3a70c7c5058
SHA512 05aef4a575fb80d84347a5f92ab24eaa708e3a3c050a4407c59c9ee75fc8c57da6517c13ec58c6810405f81c73215b7cad679e2760c2a3da36680e53e1804a88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 02ffc7f525645748fa3f2351dba05eac
SHA1 e7b73deff8f710645d0520cd97aa51647fa8b758
SHA256 c087420effe25fcd741be70505cfdf4fa444d89a9660a204b3a117a294f139b2
SHA512 9e7b8c2aeb451f0ffd405f41738cedc89bd1aa25a5b43b3ff25b91f130366e4657abeb9de9bf3de5e6768f5f0603e6746da7c4c0b2a67f64e680ba023ee30563

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 84bcaddec122eb11b9deb168c6deff82
SHA1 a123ead13e279ddc0502ddf26284567422dc6745
SHA256 ea76ac8875000821d32f8f54d79d2c62150f6c12fcd7c427f43d89cec9a3f9cb
SHA512 aea91481ee2b41afea98bf59b040a2391daae690ad2a949eb883f7c09db92eb1a3e2baadc3cbde13517e791c3f888295c23f280cf7111d08398db860abce0e3e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 428c2d5f1ecb7b111044993ff878009f
SHA1 c70ff483b3bdc8dc6e30bfd21dfbec7d201302f1
SHA256 9fb17461ab77a35cff47aa2318c3ad99935ce1a2ce168f9c86c12cd14952fcce
SHA512 b138cf44d9b1bd6bcd98fb532009092e8543f102c70de4059034836ae19e88488d5525e2cd3c5b370f516e356bec8c3700ed2902c2972d61df3495f80512e416

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 cdfef1edf31d1bab1af2518e3b98f8c9
SHA1 567876cf67258140096096b72287efb865a546af
SHA256 69891714a41e6f0df29188f1ce8bd80dce8983becd43b3583636ff754c15bf69
SHA512 9ae36a8bfd9743536c0652abfa058c74213ffed64cc84b08452173fa105afda2bacd15d6becacf141b20ce862a9725b1cd152d6b8a6bd0a1add4686f5a6465d7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 050fe4e44489d03b3a36f3994c00c8c1
SHA1 053e35852fef4e63973785c84038c2d4f0a508f3
SHA256 01c2afae264c7e89f7b8da007f1482621b1c67fd84eac9a1c278ed75d060794c
SHA512 771efe9b800711de33f47d8fe82651692555268b78d0a8295a4ff2d2f857947c18dad303139a7f6515b54d18a17a1af97ac4286f2210236dff22ef956990448b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a498fd610309efb783d03a6e23d74e81
SHA1 c7e373bde40ad36aa3d711361c4555f1fef6162a
SHA256 5a7b108c1bbbbc02a12a4a00277fbd1423cab809fe6aa4b7824eae50b7739cef
SHA512 8638ca7e30d44dd441d5b53909672a8a5c657961dcf32377f0bb9f7a8be35d3f5ea80477d0783459ecdafe619c9b7aa0d38bc598e0a3ce158e6b78ebf743d66c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 119e63cf53bac796db4e26f5a0bac395
SHA1 1353f75e948db9348ba6a63a132509e900ed5a00
SHA256 fc08b263507b368ca9990351028dfab2ac7b282a6ae8b65944e10bf44c1600c8
SHA512 4a8e3ae25997c600b6afe327afa03e0a8794ae78f9c29961a1eb0e9c47694a7143e602a7b071bd61a86f77263cf2536031fb656fff8848c7723877b4174322ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 30c1a10c91f365c5f1bae601008ac134
SHA1 7f52cd534d0307727193a291b2d6f622258ad02e
SHA256 3684415cc8dc15cc5f218d0416111f8961eb0ed5ba1ac27d0a2e6a046f74001c
SHA512 cd6334bd12029a4062bee0dc6dc25e8ce6c427bbdd01b61a9df8c4dec6aaf51400c7228798e584171e6d982d8c826f246d68a5bf4a3bf760e8670fc657325762

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 64950ea1a2cb81637ee1cb5ce39ef63a
SHA1 9d27458a4b07e20767c0e652b68f8e87c41a2598
SHA256 4ab193451cca62a08f419c30f115136b014225564a44cd72173db4fde1438a91
SHA512 80c6ff6a45890f660b33a044a52d21d0ee6768757191ce48e5672a5d4c37dccd134cb6c59d9c6cf043ddaf4b201c0784a6b07e47096f397bfc04324633258125

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4920cd233a882074a9187a89e2ba0aab
SHA1 af4291d161d33d7a0921f7542feeb73af9461ad1
SHA256 a8131f403b26e47c730c21bc1d5524c99936f9dc8bdbcb69a3c233019c1b962a
SHA512 cdab2d066cc834a476d0158dcce15bc19071759a12e87622e4c52acb75d6b14dfbb3403b42b008b11c7d604a3a27ad244ae72e1f54d82389e19d0a7725f3ce88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 686385a8280630edb4241ef667fb26a7
SHA1 d75b5a50b8a1377af27d6270e673d5383b8c5017
SHA256 332ce32a37ea9ff1ea604fcbfd13da81c1b3e3c304f90f0ceb89a627da443590
SHA512 95202616de0ae5b646c4a29dd0bc44bb3b1fabd7f755925984315b7d8393024cbe04ffa245abe53b32d618610995bfca1225202d3de10d6ab30ec53d0d70a7a5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 905185602fc85696291f7a4c2c08dc77
SHA1 5ae3f0cba65b21f25c9bc932c863e21b2aaa7547
SHA256 e77d23610d7205bc448c3fe82315641ab00f08e5384d04e2758e98ee29290341
SHA512 bcfa6db4c17296bb26e508e2d16a0b4335add9ea0a94c4c0833ce7bb5260e79b0e66c6dfe005563a1a92eaa6b4231daec1ec33d46453fedc8d6157d6815d0827

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 13:36

Reported

2024-11-29 13:38

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"

Signatures

Renames multiple (2201) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MusicStoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations_retina.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ended_review_or_form.gif C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8041_32x32x32.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent_Light.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.964_none_153b220df68af98e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_10.0.19041.906_none_f53dcf625a848893\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_aba59d3cb815d0a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4ac1ff374138d7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30a183fa06c34f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\SQL\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7f414da1a9c0b2dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmmc288.inf_31bf3856ad364e35_10.0.19041.1_none_39e14cb6d993d0b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ipnat_31bf3856ad364e35_10.0.19041.1_none_1109251c1ab962a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netsstpa.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_0818ccc7e8d23c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Jscript.resources\v4.0_10.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.1_none_b719750f25d4cc37\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_afe3fd220fb2d85c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_428f153d374a9fce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..el-client.resources_31bf3856ad364e35_10.0.19041.1_it-it_3dc64f4ca503b717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_00ce168c9524b853\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..-dsdbutil.resources_31bf3856ad364e35_10.0.19041.1_de-de_f0e57539fcdb8ee1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..windowmanager-scene_31bf3856ad364e35_10.0.19041.746_none_f74b402cdc82de61\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f1948dc40d3bfa73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-api_31bf3856ad364e35_10.0.19041.1266_none_2b4b7ff44edc4a8b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_10.0.19041.746_none_b97c85cac92fbe13\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-driververifier-tools_31bf3856ad364e35_10.0.19041.1_none_76edadec5ba257b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-shell_31bf3856ad364e35_10.0.19041.264_none_ffe9a2827f7e0375\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\pdferrorneedcontentlocally.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_10.0.19041.1_es-es_6450553abca8424b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ntmanifests-enduser_31bf3856ad364e35_10.0.19041.1_none_796160a1c88a3b73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Badge.contrast-black.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..s-datausagehandlers_31bf3856ad364e35_10.0.19041.153_none_dbdeec75cdd2a4d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_10.0.19041.1_de-de_742ace83732b102a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-system-diagnostics_31bf3856ad364e35_10.0.19041.746_none_fc260ec864e401d2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\AppListIcon.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-usbperf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_322e74f6b3012f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_tsprint.inf_31bf3856ad364e35_10.0.19041.153_none_356ebfa943b1edf9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c8b347db1e265fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cc4df80d31a32917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_b304b89859f48ecf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_23fe0333a870fa39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\INF\UGTHRSVC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multimedia-mferror.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_602d9f8e48d267a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ers-assoc.resources_31bf3856ad364e35_10.0.19041.1_en-us_e114cb51819b449a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.3.0.Microsoft.BackgroundIntelligentTransfer.Management\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onecore-bluetooth-hfp_31bf3856ad364e35_10.0.19041.264_none_df2cf124910a07d9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ty-common.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f6e345dc81f7db04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\surfaceHubAccount.html C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wpcip.inf_31bf3856ad364e35_10.0.19041.1_none_740c42e75aaa9b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\Wide310x150Logo.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2a5b31882fc3ba33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-applicationmodel-core-winrt_31bf3856ad364e35_10.0.19041.746_none_93dc68edc428ac32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userinitext.resources_31bf3856ad364e35_10.0.19041.1_en-us_94f4ba71a45d6fd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.1266_none_df611733f1f65c19\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d351bd38e7c3685\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.789_none_9beee4eb02a5f8c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1_none_3e8771b704a96791\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Advanced.Theme-Light_Scale-150.png C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_mmcfxcommon.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4f6a9a6c44f4cea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_44540ce17b209b23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-brokerbase_31bf3856ad364e35_10.0.19041.1151_none_f848b9fd20d14a96\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_70a156949cc5903e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..xperience.resources_31bf3856ad364e35_10.0.19041.1_es-es_66ff3e189d63dd4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.transactions.bridge.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_736b714dc648492d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_10.0.19041.1_none_a7163e2b383f171a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe,0" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CMWFZFFXUTMEQIC" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a96b439629d12b58386b44d0429c5080
SHA1 3d075fdb21374a0590b81bfae9ea2b4a0ec5babf
SHA256 9ddf8e826cbe0c09bb28b7ac78f434148025efea993e2e755fb26170684644e2
SHA512 5b02e8661a73a18e5f385a47c31f892aa3c986165dab82f443852c2fe036b4e8f90762728b722d8fdaa61d3564c39c4576c9d01ebdda1fff423df6864b7dbc78

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 97559b2c0438be8bf50ce50173f6ebfc
SHA1 64d1f8a95adfb60c39e1b91007510b508c0d8f8d
SHA256 28e35b9e1f43ad1d77bff4c2e334f8d54da7a65a22f761a6164563b85fce2364
SHA512 97ae2bff644fb74bf665c7418204f892d15fa42885051324d23d57cefef604aca65c7339249f15a8b7e8112f2575a58615a8f5f3773f87f08429e55c62c926b1

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 7bd9aa360f59c1ef87ec146387f10a73
SHA1 ff912349d75811ec59b1ab22a31c5d6fd07ebbbc
SHA256 4df501b7c1437149fc018b325c9ac3d1db5e82d0915835badef8102922119402
SHA512 d52cbf9758889bbfb4991309c9f8087681b1c482f83db390d0e313b9524042d4612662657b595c46edd7777d9345bcfe0653054744d4fa8d817a364f3ceac4a6

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 91dca6e66f51e787e693e290effc83d7
SHA1 b43b88965dc8d0edfe1466c51221fef7ccb05cec
SHA256 08ae54ae53fa7b17b8b85c32c2f771aca705c788e1b44183e9805664245ce603
SHA512 aaf8ac273072885b31736a9e427930439de13aef97e9dec1c6a87c89fa4e5b6af5f1227314a823aaca53d03a2da456a85f69a75b3cebca8ec4eef78f05859511

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 3dd5c9a4f46d072d3db2b78b4904e4e6
SHA1 821923d711ddc1324bead2e16b076f031044bb63
SHA256 573907310915e6a67a060b358970e1f0d9ea42c12c37c657238822ce60fe45d2
SHA512 67c3de00380e563666fab8240afafe0788287664c08b0e659093b6b6b07d96b373efd3129c139b066c446c294a7b61d8fc6e53823df7150dafaec370073fc6bc

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 4b867c4f507a85c51fbdd11afb301105
SHA1 7dd34f3206d4433858d85e8054bf266982540190
SHA256 e60880d1656e872a8e202d5fa344b92f5b87d3487dee62db65e85c94067df577
SHA512 c42c75d776ea7011db9c9722afe1c07314c5b8155dc80143094f9a97eb6e7e5205e1200f4fe303f69e9317932bf403ffb43dcde959c67aa33a51363fc09ea0b6

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 eae03d0bc77c045497f32bc7fa45a086
SHA1 cd85d7ec24e26981c60facf6f92165592c7b3b4e
SHA256 eee72638ac15f83dffcc2c7f4b4960d6c22b45d5c7e4c8c03bd2ba0fea05cced
SHA512 f620751996000e55bd319fe65842c6d182aee9681c216c5e0f7c21bf1d9b646db99e7c5276a6b5e0582fe711c9fce318c2cea0b2ea4068798907d941acc59d24

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 b4313afe4dae1f81eecc3f944b15ca2e
SHA1 41c06c95efd5a595d2524d79f771faf9642cf246
SHA256 18dc1c242bd5effe905214e1ede288d88ceff9e122e5b1b0cc4d704e76aa02f9
SHA512 ce9dbe56213d51dde6fbd57ce25129eacb00d80449531cc2a43c112331cbbf6dcacebb3c68d6d736a8c83de3ff331ab9b09fe62a194103a9f918d921cbc00f79

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 3b1e51b771ae86d80f2ad7b20f170f6b
SHA1 1f71a29eab249d8a7ba11a5b2a9d37e35a62f841
SHA256 0dcc0376f1161183ddf67b5143f60a4c9857e06f6e6c73979864628095f6ef98
SHA512 cccd4b79570c963dc9a2f32714c5cbd62903010411ad6fff2997f375f17e22df781ad1b46728a58047cc632638236deaa11c7d2b112e44d0fac69c98ae611858

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 4814cd52cadae103ceaf5f7ce825dafb
SHA1 f4552a112ac30d3d88cc39e21d343fd7a65674b1
SHA256 99f1f402b026feb4d2a877682c12f050c70f3c23e59d973011d4f314068e5d57
SHA512 0f2ef6ad07c1bbccc8cf063c32bb06a02ddbdf68596dcebfe55b07756ba6eeffd62d50d191e3be7d9a67478f5d24f269a13a756a7ff000a664aa0b2ea43bb4f7

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 dfad184ad16aa291d1ef980297f721f1
SHA1 58ba1941348f87d3fef0b477ba6a7211b113eb26
SHA256 da12a946396eb897f92a80160a56482aa9731ee0ddea15d687e94ce06dcf8d5e
SHA512 9cd4d3b246cb6f1e7ac4138ef3fe4c5bcd1c6e2ee44bd89154779fc19ff98942eea0b45d0378a38418617327691f2c75dbe643b2e3d4217bcb9c5171b0e83a96

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 88125196e8885cfdd874320702a7f61c
SHA1 080bfb8e497cc7f6fca51b719463b4664097f110
SHA256 73eb70757cdd533920a915a20519ad08a047f05f78553acd055ed9eb6ddcc6ee
SHA512 37153ed8ffaae9b3c5e7191c76a9bd186b152a35f99bfe7dae68de4a537b9db4ec8ba0c138863b2cf2760d2e110935ed595208ede78ae8876da689416aa70c1e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 890656e9f359b477513bd5ba555e5e49
SHA1 e7ad61154c47934ce06d00771c4f185d25ea85c7
SHA256 842df68961ee4cad6a6671d3fb404024f1f687e3ad14242f3b9ee8a702d3ed46
SHA512 fcaf19732e6da3204d23ba70fe9a7baca2c207a0f276082858a73b7fedd1163d4a3ba85bf5419a67baba84b0c394ff4b0e0c90ec067649ff07eab22d212fc787

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9c8e9985799f7cb525da3bfb3f66190a
SHA1 420a13e689c86e9d000c2cb8ebfdbda37facbb6d
SHA256 7ad009ff34057d5a36a2316c0f91c6e91e85521b4419cec87f8e67b7edd83214
SHA512 1106e1975b3e06d19467fe56f2c2650a5f76af33e6ebc569d71e91fcfdb54aef52b81905239d23b9250b79334e4f3169244f8a3e3cd00075c209b2e922cb2757

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 c5e8c3cc7de400501a2cdb89b2a2cb54
SHA1 9b6a567043776e5a57a18c070fb8bb0a623471a3
SHA256 d70f2ec2873361204fb5c1b0a9559f64b4af5adbba9796a840632c0e04d5c5bb
SHA512 bbb3aff5e203105ad8284a06a1544ef86a8e135c82315e0bc246043047858527a07c158a1fb4254d9737eb726e4345932e4d9140ab567b9753d99b3a1baeb82b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 94c3a6308f7ea350e605b14f1916e3e6
SHA1 70267a409640ab61192c761fd4bcbd77d693e865
SHA256 df2037a16f9fb10c5094691a389177c31b29efc0be9993783eaaad4df7bebde3
SHA512 a0805b70a2deb7c0b896b0fd8823f45ea64a218d817094dc77b2bc31b054071aa9ba9ff03cab65053c2f04fbea1c059a1c57698920b3af6240144692e4c1b742

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 8b71423504f8fedd979142caaba7662d
SHA1 94232c1ac32c5c47bff1f7ad93999001b3d0cade
SHA256 614da0e5d3aa40f1c04d5bd2c53d8489c472e69022fdddd5ed5a0485187600ef
SHA512 eaa1ce536e1aab0a63cd3481261a5ff837be3ffab652179d1d077686f56e71e6a3985558f92c77582ea532f713475a8c78115bdce73af6f4c147e63d6a831813

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 711674523376b42a1d6b2de73e02487c
SHA1 c84f5a675d8be87e097465a9c262ed7d09a65fce
SHA256 b561169f1cd0497d3a391dae7e84cb1bd9e21938596d1f0f7c109400f3813d81
SHA512 9d90b32ed04701dbfa8e81e8050bf1b55d295a96951d70cdc9e5f66aa54e9c747cac5595d27bf1a4d851b0367f3865373285ddeb4e3e08373498aa45c5a1c392

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 e822ca0182116b0bec3c34aed5c57f16
SHA1 f31f1306fbba324632f383e7e9c610b118642889
SHA256 92a8e2eea1e5a4faf91111010bb73fcb6b40f8d0522a3cf38e105001a0d3e856
SHA512 f9532b0b5fb4e94cd9003b62cb3693c82f72a6e2d48efa34f033e3f548fc6e3af1ba76f76f230191be1804ff8b79094be733e052d04804c074d15730b668642f

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 1127dfe82701e7482d1f5a8f06ce8eaa
SHA1 8424d890b7092eb946d01db621de7c8f3a721313
SHA256 6130cda8241c39415ac3786bfa29ff54e009b3c024300f0a47576813ec8f702b
SHA512 709a76888183589c9ce8d0dc3fb8352e5a85e17710bce2d0901abc5008cffb15707aa5c360974db6a1f5f1e80b6af9d131802df4e24a7eeb9aee447d2baa3898

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c33c8c0b7c5d422b5b5ba22434e7cacf
SHA1 8045a90dce64deda6e2862cc12d90954dc6d9634
SHA256 dd490237c1adabb1673a189ee13e209977259bb4d29e828b84028e47029f72e8
SHA512 4dd8fffb2779dcd53710bdd54404319218023771b895c66234a159a94d3f5cab497f0cbc55386ad81c9dfe3417422f1d0b101e708fb59330f616cb650b19aed7

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 9b5f9f3c2678a754f8762f3d0b6bfce6
SHA1 3c3fe6150829d59ec4d7f75e23ea018b02d0fceb
SHA256 a8e646febcf12c24708468d4be583a82318227917f72ddcd167eb2c7d006b303
SHA512 405afccbcf6f1e53b79f66a56233039300fbc33cfc30ac417f5200fb5b0bb339de98200498751167e15a35c165714421724beea52e78a4e8fe4e3d2d89b0d7e1

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 fa0681737bb268313ac91f7d73239f96
SHA1 64d1402fd5db3ab90578e912838b5bbce73cb2c2
SHA256 579f2659ab7bd9b2d89a275e2fb5ff5b497a6f8b9c44ac796abe6124e469959b
SHA512 a384efeb7ccc91ae51184540c6a8141fe2ae8ab080f9db3a5f08da86f63f433b92c51ef19b2e0c0b32a41bcbb9c1c6af52320c6abac4cf80d9080525783a6376

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d8caa17667bc52a4d4a4bb2c9a1add81
SHA1 08683ee07f54f47315980114e7abc380e26cb0f8
SHA256 e663198dce21e939153522eb191e903a2c16bdb6739c8c73d33f7f114bf334bd
SHA512 ddf97c3279e541e0abcf5a19acd65c52cc5eb84fa4bf88691a17f16f40b4080882bcc02b410ec417ba3f6b008b487a3d0e4dd9b9f032a0063552d6530a26e774

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 36c992ff8a7fa5873109a8b71df0f330
SHA1 3d08d3e86f4eccfbaa216c5ddf4e70b271dc3e64
SHA256 44a21bc8f3d452829f7823b3671ee1c6597b903a314fac7c5907e70b64482aa0
SHA512 e75d8465257ebb07fa215d0d43a32c50cef4d363fd08524b29efcb0c0eaf54aabfc0ed43d31bbebfbf2bf71af0a052ba7265a4c2609bf5a72395c9bd2dfe17f6

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 c818995886be9b2977f82f075ed5e85b
SHA1 0adda288eeb2d2cdf47e0380ddc67ae3595fb84e
SHA256 cf460ee65de8c5aa1f9fcad943f450f38c51b1a000036ccc9908d9ef23dc5b1c
SHA512 cb6dd7a427c3ed5906f7e514b35748c26433efa462ee9eb5996fc7d5279e5579dbaacb879b16905785c988e6003b10423c40c7a81fcb8840396d1c6b7f3a8173

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 865d051af82c562d45d83c135a315d14
SHA1 35cb8bf24e771b852d3003a986d74c03264de19e
SHA256 4311f4d52c4fcf2bab04bacf1002757c37c3dd7c8433724a1ac117531d35486b
SHA512 2af08ea95c06d3fb5b97dec77ce7ea0604ce816a55b2636b461d036bed5120e4d31ae42e754502112e12b82e9d82512910231966fec55137354607c177ce72fa

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a9890e75bd2e264a549bc663b00cdc57
SHA1 6ac63953a570d58f6ce7563ec63b641ed8064514
SHA256 aa658253cf6a1792de0a00f34bba59b4b86dd98a70c86ff47977b1ccf1ddacf3
SHA512 d8c52858c6ecf5b4e563ba011ea23491e7b6a48cb6b5c5e02651e6d39de716719e84b4b089f61da785e478476cb06c58448ab49dee01ba22a753226e5272b053

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 cc113fbb6f47cc3a657d4fec4c048d15
SHA1 b2ba8d2422723ffca54403fc27bc9b334a926889
SHA256 a20e4637f85d29c0b10cb248441fa77ab7518846de20c56a03c97dc75be70f1b
SHA512 0c9dac8ebcd7d09222afaee85ad9b4f2db8ab350db0d9a47788f6fd02ee906cb9a4f4e576a5d9b432c778b500db5083fcf92000d8145a7e7ab36c9b178b9299b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0b0d7b9a1f93a21fcc545488c6c6ed1b
SHA1 f26655500e0bd3917d2d1abc6dd27843518d1404
SHA256 46376c266befd4e82978a9c1875db29df2475c8d4b6de8826b28b87a191337b4
SHA512 1f5a9307bd1dc198b787080d1976395acd4ea9bf4b0db039de85a7b728edf2136356f1a870a86b869a8db31a966990b46168a8fd66f81fb5729349d45097ac2d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 1682cb32dc27d160fb755550182ac26e
SHA1 0cb3f47ce91c91c7eccba75ae211d8f47b60df86
SHA256 a3f4b8ed19d78d4a40875671dc530195b46f518de8e232ed80501d9c8868e4c9
SHA512 f6aa05ad9f71ae3681168c1a69edd51a62bc2f875dc9bf7c6ff535ffe24b66eecf4045386bf34aecd70087941cf6afc5b2e26dd52e51d79d5794e5372921bf73

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 caa39280597e303de2ea0b6351197c77
SHA1 bca08e4673cd72d14aa13b389794e7b9b6832831
SHA256 7a605974e2cc8fc8f27d6d8e8390c933418e5f2285c55052d03635a8b196b405
SHA512 2021831add8e7b445949a8f6d028b716018ddafc47bfe1406fd58722d7d977b5e7f3bb2322540593a7a2f3b055848b564dac6a043c22c3491c70a46e31acfc86

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 936f70543e77df68ccab9099184d9c0e
SHA1 8fb0a71e7696d09bcb116a63cc08d20f670d1090
SHA256 c2fa9bff054e42cfd8ae43191ff84145d8789829e89cf8533d6b6a94c33d91b6
SHA512 abc9ee24b3824e3afdf947876b8c02795574d176be24112fa8ec5403f9eb8da89c086091730e599b5714017073c464be700a076f76cbae1d0f7f034c903b2744

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 ae8dd23117c6975c96b361a189d7de45
SHA1 59271e5374207497f67bd6bbc2dc31e89d9bec2f
SHA256 444ff2d5136de2e75e7ecc09bca97ada435e6480180bfe9a028a2385133cc654
SHA512 ead57a2f04f3ad146ab15e8014406c7b929e982081a152749965a878bd0a851428b5df4e9eb5e32c18b85fe6e87c6ca9c36b9f7e5c375e683f0028ff617f6e9e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 11639cb44d37a791b985a390761a43bc
SHA1 18d6c0cb23ac5a2560ca7d7ded7bd4a996fdef5c
SHA256 045d7eb61fcd86d8dc1b82a396404ca48fd87f3311e400b5c554e2dd8e8d9ca9
SHA512 bddf04ed8175c4e17cf6e53afe6e2742013e688a6b83df11305c4f2903cef1ba08a413645671f9a06b3f1726f3718c2be13dc02a8af9ad3d03b3f9971ca05bc7

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 7976ef4b6867a5014e424731aca5db8e
SHA1 7d1d90f6b0e3c60b22f0662b841384a7bc813f68
SHA256 2e6b608ed863e02dc1794a1b61139b8f8d7770337ff10488eed63498bcb0ddbb
SHA512 0c7acf92a2ceac53c76e74d51a44c0f9c1db372e00ce1ac4e1ca16172f0924e9857f88c39b9e02fbc3ef5e56823a8a0a600866ef0db0d303ba67c476ae35654e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 904e60e6712cf70258611b65a4ac82fc
SHA1 a56538a7a1e4e5356ca16bdd86906ea25ee29bb2
SHA256 96fef2947ded6b1f61421cc5de8815a93be76fdfccd2176764aac890da85f4ec
SHA512 3eda4e8ea0d9c13ac9f97a1d728696a749d8ffed1aea166eeef0e8d5d31492e75663cda55e30e921cd34ef3062fc744e4ffd7d8881115b9cf9dbeb618b8f410c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.EnCiPhErEd

MD5 2889130c58423c49d240bb09cbbfa647
SHA1 e1711a395151493449e2e3b8a2be275b784df23a
SHA256 cab15ba6f6987b3fc2a5978870af7890e7f3cd65985cb145086f09d3d0c2ac8b
SHA512 039d9441532b0ebe32668d890d95b03ced00b6fbc09a630ce419851a94beb4dfe8efdb51f4fc2d00779b4ac44d01cbdb67d34026f018a82e79bfbae9cde875b5

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 16416df3c163c9f9c18c8bdc2a0d3ea0
SHA1 c50d9bee357d0f20bfda54f7f2e6ffd18b4c6863
SHA256 563fcb14123364238a3526c6b72d43e36b8c5883ed1ff0643cbfa2ae8f359a58
SHA512 5053e3249ccb71b2597185f3d22e7dbbedc25bf407a3181edc4e772fe90efdf84a26a426226c54f024894a6427912ba72bf0b05e00a04b7f5e3ab05c735301f3

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 45628e761cdc05fc9eb8cd724190ac12
SHA1 c55bfc48cabb0b4a4a04a50dff4e7885173e6c48
SHA256 61047a71bceecb901e98815e65fa38b12054dad2733171a2afa91e4e6685a345
SHA512 e3641a4b7d9e6b46a60bec8baf15f37f951cf193a9d7660dbc3ff55243ee2ff1a8f3525cb07f007bbac4778024536c9d3865659fe7f59c3a89680d2e68748bda

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 bb313f486dd79b9a019343f336c78b5e
SHA1 a62d01003c66eb34676fb1ceb46fdaa4d026f0e2
SHA256 56b6b4e8d3f68cb3a11f54f59ee634e92ba06b7dd03d2925ee81ff9f755a2865
SHA512 76828891326b6c563d2fe84617bd4a1eff6e05d0abbb4b8b26ff3cec8c4dabd8f3abf317517d12de20b149b8bc30993c409d78ffcef434c0dfa116340dc76283

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 65d43938225245fea7454193852e7ea6
SHA1 7938db60b21eebd6056681a7c9fb416a20da4309
SHA256 380b0e70e106053cacb91eafa3fab2ac3d0df29a7da7f26d7c76078914a5cc6f
SHA512 2633b5aa2cf4c3e03e3409ad20738ea7c50bc01c9099b389d6aa43a6ff1cbc4102d3de97ac792b15872ed679805ef881362ae4b2430ffb0a4af682d6c4c5548b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 80c9c9642362703f475fefeddaee9bb4
SHA1 e2f631dfd4f26a4082b68e7f09e99cf033b63503
SHA256 7e170d221ef8e812d5e2f83998b6d59fdc484b0d7749c11854c0772734d302c6
SHA512 366bcf7aecee4e27c0c9b084b324c30bd9bcdf3e011772c6c975a66d185117281118b05f27b285819a3a24c22032fa721aff63e9c0d029c6fe1cc93fcc829e3e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 b5213f59589bcf94174c7a927b5d4ab6
SHA1 cd073561994ca1d1a9690c0d174772840ca91fab
SHA256 3ab600409cb82c9407cb6ae6272aa96ac8614072f48e8dac4f7b1de5e4eb4ab3
SHA512 4c2eee9ff608a31243b50aad8fe449ada0072912737d8c150f4b12d738b709b2c5d18a462fcce23ef961f418d556cbbbb0daf4dceea5ab4e6065107df314309f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d6d7b8b20b04b8d4a1c6b72c05101bd1
SHA1 eaf06a2f318dac9fdd04c4e63472b680b4c4c656
SHA256 bd44320daa30534e95d6fc25f542b7f4529a162bbc9d9ac54b1135a710545df6
SHA512 848b2044831b3b917fb892804f3c4157275a4ab6446c33266be82ce5ee7d0023dc601ec6772c8f8c79f0a90de7a66d2dbf46f4a6ae6387c84631547947d4c5c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 84a349e44d1306e78a9c438a2a963947
SHA1 07acb4cc81286c9acd3ada43fbdaefb4bd0fc2bb
SHA256 4ce6eb94b4fe0796364e4aa39a7f9d2c165cbb4dca8e93053e511a46b67c0e4c
SHA512 48fcc808d2d32850cd300683c59e614cc7a2bdfc9cdf1669d733828c3b00d090221bb17413b3abedcfc8ace863e80dccc07640edb90c822c00bc415c73716372

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 977c1201066528838d27b3b208f9e0f0
SHA1 86b8b467ea0019bd62fc7ecbc8d485559c1815d5
SHA256 6ad7753f8752ff1463ae91c4d9f929727f1ccc2fb0ee7736317a9eb15a95e247
SHA512 f93aa9edd8db976b117db5376f16b54b58fccc4f8940e8a5ad8579004b466d1a9646cb981ab36393242a0b9bbc82ffc5dbdc3ee1e529a64313b621bd99c0126c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 841067ea59b05dbedae88e2fe3c38f26
SHA1 5b46ffcb8569ae8f4c0d6b472b8b1f73bee300c7
SHA256 dfbeac3de881aac2b0ac4deb8aa9b1d5a0007c400cb50aa073ea338903726608
SHA512 b5b7fc2eaaa61aec0260142d86ae9b512e930fbbb07dd23501f43c0997f3d7a12a6fef0080289aa409af6e581daa44729c47337a20b779c40995bbb31df2ba4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 6b80e43f628d6a4ed37f664595f248bb
SHA1 fa6d4df83e2f149421c5bb6736f6e3f2a5741597
SHA256 ed1671530c70b928d19b8966b990f1625f63000338de4d8c41f246a1a42352c6
SHA512 4a7b2f51baa2ab45ebf22ed7f67cd73db6afff626adfa5dc3e310cba0c4c9ce8244172aa2519aab653c2599fb972c97e327216ef3e2173e3fa7ab5219e3fd70c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 0259ba464a15114539f8aa1b6f1844a4
SHA1 fb24cb58d67de2eb05372c33471c4a9edbc5a4f3
SHA256 d50d13ea4039f5528a940f8b5a50f92e652e852f55f2fe2071a37c5c4553e262
SHA512 50ac7bd2bd5025d772b428d4213b0f0bd63ee5c86aafb764fbf405d1cf8f306f70ea434c596f8f0049308c93aca62273504f7d494c3b599fdcbd986f89a92f84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 ff7352403f595498d3610591ddd19d3b
SHA1 ed47a29f5f50f9ad65e783cdc67150054b31b844
SHA256 4e134860e6e6ffa12f8e110732388e7ef4334659e9fa4285858309091b8a6420
SHA512 f87b6a6a356e991921cba93f9a749fe93214f1a66c8728a6c371ac9b2c87289d497486028355a512e7dd11d3bd04bdf0cdb567e1ef5756a2dfea6b4aedcde172

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 05bd9a5ad4222148937ada8dc9917b76
SHA1 9f27906bee0fa89f24a0a01af4764c6a69cd2e04
SHA256 c9070b5c312c1dc38d82c5205b10fe4ac57d9d5c7a50d4cb0a36921011d27616
SHA512 27aff1913868b4a1f5346d1c52572515f8d61549271853b6a87edd5738fd8bb62a04ede2a23432a3c81942584a7b7479adc39bdbb74996eddb4f79763247e477

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 8a3739dad2da87805335b2b3c7ae97c5
SHA1 dc66a47ff3cb4eb162a0f8290c7a90bc5fbfe8e7
SHA256 a619bffc6bbd331979a3c3dcf835808f1d8f43bc9df4dccbb49ee35fdb784233
SHA512 9404145487958810a500d8f8e4107ed6b540472ddc5846027c4339ebcddca8a090495bc09a58f2033e448a923b5b07e4a10ec764a504a784eeb738b803ab136e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 8493808f122ed4fc23bc248a772cf041
SHA1 095fd681e958bf03d37280a83ca65e3da0928f80
SHA256 b9952b1e00961172f76db334ecd95ec3707caadee22719ed6bd7a526935abb6f
SHA512 265b71ef3957c85b4fc98657186d8d30a44fadd4f9f595ef938e042c4f0cf37eb3c67fe45f424610aad2145ec2c1a74c7d7967167fea7ec156ca327ded6bf6d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 7522692a85ae9ee80c8fcb85b315a2c5
SHA1 a4a0a71b4b2e9bcc63bc154e85c99f867205a1e5
SHA256 82772477b16010b695f2d33c10bea13741cc5e800eb1b31b4454fa4c81b0d34c
SHA512 064b6d4c398604e9c04b8283294cedc5406e2e8731bddc96b7f335223fdd63e41a072a8a9faf308a1fc24d2e1fb57e360ac78c41dec3728b327718852fab0fe4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 f147b8762bd5848ee114a74435c14978
SHA1 443ab55a300056d4138ffcd6d1bdab253d26a067
SHA256 d4875ca58f166eeb3fdc218f49f71235b693685185688a362e1021fb7dfdeb92
SHA512 31ad09f9a3caf1062d824e34961a7d8e39ac91284c8c01a7219972b4c3fcaca8ef01bf00fb6e505cddb20a2a58c79fc2f6f9e0549c699ef46461129cd753a0e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 9c2cc8e5d6c21f27acfe0c05b8a30634
SHA1 d033e3e7c24d67bccc9aa8d7c61c4e0a438f0356
SHA256 88d0584b732e941aee1f7db43ad24aedab06deb79532d5a6d6d442d22d50b5f4
SHA512 7d04a8b5d4da53f40d76369ee43c3a4112c37927cda502e3dde4a332a5f914a477b2124d4d9201e21926cddda0c364b981880af3102981ef37ab04f4da2e7049

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 946880b56a1671c1b9b10f33589b0758
SHA1 c551062ded675e4557cfd8b634206b525cc9bdc4
SHA256 6ba132fbeeeb2df418156b0842f4446c6cc07be52293839f5da37fe394659bbf
SHA512 4fd17653c2c35c8897db3df797ae2048c73942608d1a319e69fc549957ac54243d04e579d84ef9b4c744172c867318344a6de537440b74025a853156f07ef070

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 cae900be536370fdff31d100c7dff1a8
SHA1 e88b3ce53a350f9a7224155e6ad3d2c231bb0d8a
SHA256 bc980514221de50f43e1582f6d7f4599a8a26d699a4eb84c3bc2389ce88efd7d
SHA512 473e592c9176b42fb185c1a31805c5a525efa961752a5f3b237f2a68386a288d4a68e5b993547a7fe7efa4337158b7bfd760058867dba98c85e0897917a9c231

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 bd641e149baf6671182d1ccad6cf8ba1
SHA1 587495f16fe239fb0e1fa5839b682c8c399e5745
SHA256 b2bb04645b50b04f56646bf175a1a2bffcb1f23335cf9468efdee1957501b5bd
SHA512 62fd9566a57efb2e3b72dac87a9debe201b4523fb7ee083731b17f39f031f7a4aa4ba86a280bc0998a380e229bebd3c2ce40e875df5a5c6a61199cad791fa06d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 4e9c7ed260b2f73cbc2a9d17533a85e9
SHA1 c4821074e64b0794b648af156e13b4afc81499ab
SHA256 dc3020b4337c753ab9836c85fb84547ee64d0bc7b53e6765fe59530a316909a4
SHA512 a641079343f0987bed723224cea3d456b498c4946c9cf46c70647be8f348ebb0de478bfef1da657cf663dd78baf81ce9949361215fa53f9f18e165d1445518b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 d78959982b17d9b8eb283970a6a0cfc3
SHA1 222f78d84d1f47afe03edddd623b33ccc310f836
SHA256 dd91010aebbbdaae21c9aec711c2fdb5aa06828d3ae3e985a8903e556409776c
SHA512 dfbd484d9de8af1fc75f1a1f8009a9651e691e1050a6c07ea97ffb9f2c1be442b236acccd0056ca877bb13ab9e07579a211c75cde9cb052cd67711bd008adee0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 79f225e2ece1484979dadb480ed5f0c4
SHA1 127cb209130b9409eb44f34cd0cb9d2979a440af
SHA256 1549b508765da5faa075a9fc4efae4b3a665645fc25f3e733f0a53b300d02d31
SHA512 27576351d2cdf317aa6b205308bf1b9c9a12b10425277f72a3fd096d2e969007eb945dd5f9a1743390642e80b0111beaf10a2e90115f7a9789a9cfb61ae831ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 8fff5d420e6a9fb56ca2955400a38ac6
SHA1 2d4fdde181f8dbc4074a0ece0031ea7ed08e9e17
SHA256 0fa932a98907d3c51831be551605e0da778a3095cfb7d6e8cf4e2b4eaab55f40
SHA512 764075bc7d6535b343716e2bb27198128d7f355ce1add8f895fe2cd626a01a26b51ec71f42dfa95ed1f2e025907a58644cdd50d905e36f0d9b61ed0103745b1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 8b416e694b7d7772d57c1b94af66f0f5
SHA1 0de96b363c6962c05f525e1a59d5ecf51e45e4f1
SHA256 e7ec780d8a9cfe552ccd1df1135cf3522f6e13812e6a49d8e5f9f004cf39e050
SHA512 dcf1c5efac1d8bf6757ba63f36e2ad5cb24c39cab9db733fa54ac6d0460880bad9c51afc013351d31ee5a4e9a4961f861c42f34d7935429bcd9af89308e1352d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 3bc31b5d4e4921409b4b2435261c790a
SHA1 30c6e269314e5456477c3d967d0a208a24a93fe1
SHA256 6bce148cecb46e3e77d59264bb9d171ea40e2cbb36239df21920b5c239a22e63
SHA512 cee6882063233462e0120e0bbec700fac78742a0f493808cbbc70567993cbb73460ea052c9affa853d084126a56de18256192095df037d5c974384eb867b8b36

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 1c9a9cb7aba4ffa80692c022eae486f5
SHA1 174ca80879e49393eda17dd6493bbb5213857434
SHA256 a3ede04002e5d79bf7ce42fa13bedd3c5e845dab372c57e2942c01d9b33bc9c2
SHA512 fd890fc5bec09a78a4cf815f3be4b70aea7f82699185fa0778cfe4e0c7215ae3cfb8c082a0a526f211a8e9120e352ee23814d949899322335f577cbe0c4bc054

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 fd8bc714c996e8754bd2936b32817be9
SHA1 d62434b829c0ff77def48d864cec59395fc327ee
SHA256 b517b0b6754239ad4b0c14703d533973e64e960cbbcfe96993eefe031f30a98e
SHA512 fc66d17866737e3ef68fffa9a9fd9c51177150dcd520d51f42a3b5724fe86652f13a3e08e4869bbc2ed1a735047b474048e7f29880973784a6e55343c6ce1674

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 f345b04c70aa7cd1991beaa8cffd24a4
SHA1 fe6569c92d0409b8e29f81843f254bd6961666f7
SHA256 bb4783fdd806896ca38ad0cadb9f939a7318c8c469a08ccfdd77e391e02dd07a
SHA512 4b6d1a0a9fa4bb53becdff28d997a16b37f309e07cd8322860bf46dba9dc2b7061fc3216033ec179c8a8ed86e0e31753d4232671ed06b0e0e4338b24c3e80c5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 81f5eefa156d48a50418fb1a0014e5a2
SHA1 5b31184783e2167fe9a8bbb5e01c2f470a861c03
SHA256 511a9de9e153044af23b443b3b87b2913c012b5523b4936d57806d2e9e638053
SHA512 08135b9b04cc4ea62320ee0820488c8f11e451b3e52d0aa8069ac356db2070bfdd75702a7ae2538c8bfd0b041fd14aa9701c2b96ba260eb4ecf3ef2c5a42a54c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 267a0a184978e700c5272662606a1916
SHA1 8743e4192c29440fb5db0b131b48dd347e44f43a
SHA256 30b8cc2a6726293de309d1cdb26254c4dbd80af7e61d0bba8443c2a93f2cba54
SHA512 5c17bac74e33232b5ef2707c873487d6fb4a75646d3eee265e613ca7be9f47925b48ae7ad6bdaf699d793c1af65cbc1555b57b9df1079a9178eb85dd53ea9035

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 5de7101d0661667bc5b667c1858bc006
SHA1 15e5cdbf678e8a099db811f94e1e3b4c139adffc
SHA256 a507a8e1d0f9b88cebb0b503ee8d7c1e5056b009174b01b8ee08fce6f4beb16d
SHA512 4832888c9b85eef8abca71322b8d732f4262ef54580d29e4b9816d8c34813f5ab09d6290ee2bf0f9ed11b58218f0155f760c4e7e04bb60971891a37a24866971

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 3f8aab3944ee10da51de7e47cd5ddbd1
SHA1 dc77a49f99284f6fd1d9787f12422b29532ba650
SHA256 e71cd380774a11dfd30e66a777aebb6657f520e57945d7c95af7b61fa2b0b13a
SHA512 98e0ee8f8033b25fd4c769f616f300bd0daed728605eddd4c2b7307e4a881a6333b626d4604c4f19b8f678d105d723f1e2efb182b3acf0529b3e30af70c07664

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 65e730d775589fd16762e6baadd14fea
SHA1 dab9084b1c7d9b7ab5deae2aafb47e641b71dbe4
SHA256 1894bd78e0e4c96fb413bab08d82157d4785952d50173ba013465381f84e9a39
SHA512 f8e9160e0cc9826b0b91057e422ed122ec4377dd87cd6a1f8f3ab006ba95bf8603afb1669b783f305b90bf72ce09ee8fb5bbd7af8362c9145d9f675ebc71b690

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 781c83c41e36a0a51db3bfa7e247ba39
SHA1 f82bbc4fb13de27e29c0284b4d3ad8889ecc31af
SHA256 06bee501c007e28ec7ff08fa029bdc4b9d8e0a0b9cd6f9d6fed3d0fb25c17496
SHA512 28ff3459bde096df84f1de3c4018167f9907b47b4354a1362deb0be24d8c1efba6af3547ec0f2cbe12e2feff89052057da796afb1b27cf5c8efa0236640a174f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 39ee5183fcc6a80f0e5573f33c391bf8
SHA1 02b978e3a555cfde0e964aa20865107a49bea339
SHA256 926dd28c4c0c1602832b500ba4510d959b3a466297c8bce12f4b808d577657ba
SHA512 bc5364334fc074f7394363f87e77eb4b06584b6366b662dd74b4dcd70579631b621fe52f53a5798f62a8b0da2926d2cc8816bc0fac4e30607ec6a59e5c4e8b27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 fad78313eece116b691fc81a636cbe9e
SHA1 88a24bec31ffb9386cd28df95d57526071be7145
SHA256 61fb15d9b1a167e609e684cdb8403489b8d3ae36b71d959c89dc116a69a7d226
SHA512 99170f3a893f6f98202ffb636e8b99eae66dac1c148e7a4a6a1f3babf8787914b12cc903d72ad594448b53ec3de367def0698fa15376a3b22d8198230ffff805

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 90fd8d9e7ae4314261f7b943d6c136dd
SHA1 1fe4f3a4f42544e8da006bdbec5268b5503be08f
SHA256 104ee4e507593fdd806df196da47f5b2a537e0c5d63b8351179934a1d7802e27
SHA512 5e13ac65bace8ff4b463f650d5ecc73c3a73e6249f0d84e0f8a2871e57ec4404051639f6358355dc80caf33412ce625d703400cac360ad8e24af4be2be5e0318

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 cefe46a946c27fd7fce11c9a6f30f40a
SHA1 806fa71632d998553a6b5e11c1a0183efef3f466
SHA256 060e88b927ef885ba58cc17bad502d5c8d31a800281e66f9d5d5c766b708fa37
SHA512 2268359c6f65439c0f56f7a6b0ce0d65baf0385e4a61a7793a16f7690f4501e11258232a123d6e3756839ed59c16ce876637d0d2a5b16a586f94cdd7bc7e133d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 f86cf52508ad59243b525033b153289d
SHA1 0029787eafbe05466f2a747f0e74a3fce7cc27e9
SHA256 7cad16aa84c5ecc609989654db0059a799bd4e9ef3cda095462f20d34b03d476
SHA512 ba72a031c4cbd48055db13818221f1662c54d4ded2cb85c269aae78c643810214fbbd1e279f306cb2d90d3bc89c0f454f0d7f2c86d8e102298996cb60deabd0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7a3674fd97ad1589b3eb87473ee14f3d
SHA1 e0018557c4c9cd091957c49a60fd5e6309084dc9
SHA256 9b552dd6d57237accea24788945350d08108d61d8ce328184b67d7e239a67d17
SHA512 56b498ad21c14cfccc16d317220a28931b7c9bde4dda005ec244c8969b2ea6a2285e08c875212cff0a8541f5027b1b6e30a5b5720a91389dd4221b71e75fd4ec

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 9a01ad6f2506acdbc08f26536c37b7b9
SHA1 ee9e851f48065f81bbc39692c381a158f3611a30
SHA256 4605c39e1b1391e1d622d7282ac705d7ba6af14b819d19be3473157e867751f7
SHA512 bf7a7935847a75614fd14f8e64ed6b88ece4e1fb64fa10ed3a5223d658d1243ca89de574961ff996f6af7b3abb5d8475cb3e6de1b386b78639694d144de383bb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 836359563890603a37c265a4690cf9e2
SHA1 e1e73997808527e0a4bd42834ab5a6dd95e673df
SHA256 294ace95662ca5d8e36cdb70ef5eb18c1fc7c3f6aff17c29ddca9357a0f95675
SHA512 2e8b891a5847e135a4905b0450c8227d0604da3c2023800a9062fc3266efcc872e6dc8978a795682c65af158cba7b253c5add6b69f20b2d341bec78c85057c18

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 608755dfc421f1e26609cba8851a0c89
SHA1 e876f2c9f0d9459db331d26dae10652c35ef71c3
SHA256 b3f19991df8578a45b9cee5539d8414122a475480ca66d6173c731fa8f08c58f
SHA512 830be230b4cb07adff69600754c59390b55887c11c0a52a291c1cca92eb3b434909162b717ee7d967a5ccc6a66523dcff2367c11ffcd449a0548d4f8acb28ee5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 05503337ac6b08568ac68e774d1cde93
SHA1 a5a6fb7d105757b039cf6d3f52bc12eb21e1f4f0
SHA256 71d8450ee7999b912c259aae728afcf13a9b2c87e4acb41915ee72482fd8b6cf
SHA512 29385bf485ad7c33d13780eca4fc8c48aa8bdaa44df5fabfa8486d9e1aa57f7d75add1a46b8dfb339c1c777262fdbeffb9b38b9e33756f0b8db0f8a3038f054d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 cc9b0cd273741714ca9ad89dd0b4fe63
SHA1 b2b1faf3ab823bec7688b77cf0dc381fb8dbd956
SHA256 ffaba29b7abfe43753ce4acd9728ed15b245a59cd1897f9f3176e21d7a014a50
SHA512 b24338bf706bc7f0520424f423828d053d5209e6ccc2e06cf5dccf02d57a11fcadb7194abb9af8ae485c670673cb43bfbc36f71431f7034b575e626d933aaa02

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 baa2d3cae5a1b78abe744efec2a36709
SHA1 fba9bf061cc9672bed0e67f7137687e67de577ce
SHA256 0b4e670fc488bbe3dbc7ee223a5290326748d34f9327357465b46cb0029be79f
SHA512 a9b0e6c7cb1c0bd3e5237fed566a93239640a9112d5bae49f174eb70b47dc34195d253da1782b4747ec42d0d09a28b2f3c741e86bcc628ee891a5b568f3f9ae0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 e8f06119ab4fd3e5b7f7f4ae7b4d79f6
SHA1 61be9e0d0ab3d44245db6fa66485f25ea8dec486
SHA256 80219482aa6c313de95bf50d281f753dcaa06ca982fb549b54d54daf163f3bc7
SHA512 8dc9f1332f3dafe901999a5d6477faf06e5c05c635d30fea3f118b00d3a240712abec994daed8cd43bfb2ea966440d30582c00251c29e251c2e974c7f60c1d06

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 101a982a66bc64e22c58e38e02362823
SHA1 241650320f3294e4237378dc8578dac7583459ff
SHA256 c73e6ad6e3b1c149dc544c5aa3dc9f24ea89f7b9f420ba25967b78339ec599d8
SHA512 3393ea1dbcc92f11ae5c94a44c243acbfac57ffe31ea7cacd6f28838c6746051d5d0418b0f7b68212056d1cd957e76d5b8e2f0684d4a871712ed7a369dc5b4eb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 fe21277ff226eaceaa7dfbb51bb43d3b
SHA1 af5aa14d88001bd33ac068881cda879d873e5446
SHA256 0daaf3fed089a91701a94e49a0b3db8576eb98e871b93511709ed3a70c7c5058
SHA512 05aef4a575fb80d84347a5f92ab24eaa708e3a3c050a4407c59c9ee75fc8c57da6517c13ec58c6810405f81c73215b7cad679e2760c2a3da36680e53e1804a88

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 02ffc7f525645748fa3f2351dba05eac
SHA1 e7b73deff8f710645d0520cd97aa51647fa8b758
SHA256 c087420effe25fcd741be70505cfdf4fa444d89a9660a204b3a117a294f139b2
SHA512 9e7b8c2aeb451f0ffd405f41738cedc89bd1aa25a5b43b3ff25b91f130366e4657abeb9de9bf3de5e6768f5f0603e6746da7c4c0b2a67f64e680ba023ee30563

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1ac42b78c191e1fb9fd05cc1774e0e78
SHA1 92d1dd4294078df956bedf3a9f57515059b0ea7e
SHA256 2c1a7ea570bdcd1cd2f47a0f1855e5c789c146ded0005823936172bccb902c81
SHA512 6fe87c3765e6a08b62e2a1c0a3f353c00bf9edbf2ff4fcd4e86888f4b72f286a92e52c8819cfc56431a68176fc0d47335dbe68796d91767c4536b98de544ed55

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 84bcaddec122eb11b9deb168c6deff82
SHA1 a123ead13e279ddc0502ddf26284567422dc6745
SHA256 ea76ac8875000821d32f8f54d79d2c62150f6c12fcd7c427f43d89cec9a3f9cb
SHA512 aea91481ee2b41afea98bf59b040a2391daae690ad2a949eb883f7c09db92eb1a3e2baadc3cbde13517e791c3f888295c23f280cf7111d08398db860abce0e3e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 428c2d5f1ecb7b111044993ff878009f
SHA1 c70ff483b3bdc8dc6e30bfd21dfbec7d201302f1
SHA256 9fb17461ab77a35cff47aa2318c3ad99935ce1a2ce168f9c86c12cd14952fcce
SHA512 b138cf44d9b1bd6bcd98fb532009092e8543f102c70de4059034836ae19e88488d5525e2cd3c5b370f516e356bec8c3700ed2902c2972d61df3495f80512e416

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 cdfef1edf31d1bab1af2518e3b98f8c9
SHA1 567876cf67258140096096b72287efb865a546af
SHA256 69891714a41e6f0df29188f1ce8bd80dce8983becd43b3583636ff754c15bf69
SHA512 9ae36a8bfd9743536c0652abfa058c74213ffed64cc84b08452173fa105afda2bacd15d6becacf141b20ce862a9725b1cd152d6b8a6bd0a1add4686f5a6465d7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 050fe4e44489d03b3a36f3994c00c8c1
SHA1 053e35852fef4e63973785c84038c2d4f0a508f3
SHA256 01c2afae264c7e89f7b8da007f1482621b1c67fd84eac9a1c278ed75d060794c
SHA512 771efe9b800711de33f47d8fe82651692555268b78d0a8295a4ff2d2f857947c18dad303139a7f6515b54d18a17a1af97ac4286f2210236dff22ef956990448b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a498fd610309efb783d03a6e23d74e81
SHA1 c7e373bde40ad36aa3d711361c4555f1fef6162a
SHA256 5a7b108c1bbbbc02a12a4a00277fbd1423cab809fe6aa4b7824eae50b7739cef
SHA512 8638ca7e30d44dd441d5b53909672a8a5c657961dcf32377f0bb9f7a8be35d3f5ea80477d0783459ecdafe619c9b7aa0d38bc598e0a3ce158e6b78ebf743d66c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 119e63cf53bac796db4e26f5a0bac395
SHA1 1353f75e948db9348ba6a63a132509e900ed5a00
SHA256 fc08b263507b368ca9990351028dfab2ac7b282a6ae8b65944e10bf44c1600c8
SHA512 4a8e3ae25997c600b6afe327afa03e0a8794ae78f9c29961a1eb0e9c47694a7143e602a7b071bd61a86f77263cf2536031fb656fff8848c7723877b4174322ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 30c1a10c91f365c5f1bae601008ac134
SHA1 7f52cd534d0307727193a291b2d6f622258ad02e
SHA256 3684415cc8dc15cc5f218d0416111f8961eb0ed5ba1ac27d0a2e6a046f74001c
SHA512 cd6334bd12029a4062bee0dc6dc25e8ce6c427bbdd01b61a9df8c4dec6aaf51400c7228798e584171e6d982d8c826f246d68a5bf4a3bf760e8670fc657325762

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 64950ea1a2cb81637ee1cb5ce39ef63a
SHA1 9d27458a4b07e20767c0e652b68f8e87c41a2598
SHA256 4ab193451cca62a08f419c30f115136b014225564a44cd72173db4fde1438a91
SHA512 80c6ff6a45890f660b33a044a52d21d0ee6768757191ce48e5672a5d4c37dccd134cb6c59d9c6cf043ddaf4b201c0784a6b07e47096f397bfc04324633258125

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4920cd233a882074a9187a89e2ba0aab
SHA1 af4291d161d33d7a0921f7542feeb73af9461ad1
SHA256 a8131f403b26e47c730c21bc1d5524c99936f9dc8bdbcb69a3c233019c1b962a
SHA512 cdab2d066cc834a476d0158dcce15bc19071759a12e87622e4c52acb75d6b14dfbb3403b42b008b11c7d604a3a27ad244ae72e1f54d82389e19d0a7725f3ce88

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 686385a8280630edb4241ef667fb26a7
SHA1 d75b5a50b8a1377af27d6270e673d5383b8c5017
SHA256 332ce32a37ea9ff1ea604fcbfd13da81c1b3e3c304f90f0ceb89a627da443590
SHA512 95202616de0ae5b646c4a29dd0bc44bb3b1fabd7f755925984315b7d8393024cbe04ffa245abe53b32d618610995bfca1225202d3de10d6ab30ec53d0d70a7a5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 905185602fc85696291f7a4c2c08dc77
SHA1 5ae3f0cba65b21f25c9bc932c863e21b2aaa7547
SHA256 e77d23610d7205bc448c3fe82315641ab00f08e5384d04e2758e98ee29290341
SHA512 bcfa6db4c17296bb26e508e2d16a0b4335add9ea0a94c4c0833ce7bb5260e79b0e66c6dfe005563a1a92eaa6b4231daec1ec33d46453fedc8d6157d6815d0827

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ef3dfeaad07c54bc1686922b7a590e9c
SHA1 ef8595865535d933d87cb5e7b00589bed9f882ea
SHA256 884a2932fb6a3146f8ce4b4b9abf538389fc29cb19f02d7fd449ba5d69dcc253
SHA512 0196338266e134490b122712e9163aaf9c03d0fbc4c3c4af1f201ad39a6dd14c269efe1aa500d5ba241b77816f40c53211301a9302c6b16e608250c747227fe4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 89b741b7a5316f8c53f2283fbc515b3f
SHA1 3234a60f9e09143faaf60352eefe7b839087c090
SHA256 7dda87eae7f67343c2f1639d329ef065c5bdd714e2098f8a975b8bb0012eae6f
SHA512 537fa895f3894817374026425b9d0fa80a6b9be32e3d78b6bb6141cddd8554f42cc0466619d09aa0ab97dd3f265bd37231d9d0ac774da057bb10521f8fd455ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 75db8523178e1bebb74d07c87eb6d8e6
SHA1 f49249724cfa1a23cddee3a4495b5f74f603219c
SHA256 e41c65c045812ce96263995ae61a0f9423f8193199b04cc7c14451785f01fbbb
SHA512 c36e7d9e0b349fd220d06a8619f0257f53114cc69f15067579edb1927e275e26ed54aee9f02224e6d946b2bc1ace6105ad54f1fcb8e4c832529de3d8cddb2446

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 7be560e638081779d2f2e400dddcd940
SHA1 fb4d77b5523e1263f07941a87627932a59e549d6
SHA256 8552169ffb3708ca354d2e7cbea7568885a7f99e8063087ab260fca5ba5cf0cb
SHA512 31a2dd7cf57cf3ba5f882839464f62e8e4ef0f36210cfddd458caa67de46ad917989ae01034442339f5701c242edc25e1d4cbc29db255117904302254857d31d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 b1d477aff36036341bddd5be0f185cb0
SHA1 3b083ab31812e5145de482a2ac35d95049e7b887
SHA256 c6069d49c8db1ef6b2c2f4ebc7cd56a829a6b7bc7156e5177cdc21cf6f94f70e
SHA512 6fdfdb55e40bd0740e2a8fba63a2a667c34dfeb2898accb7050d0b6f0ffcbdb95a8b87aac8612c3a24279e0de915b95e5e3a53a1e8508b1670765b80ac3fa013

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 f0135afe7f68b98f52871adf34e3bc10
SHA1 fa3f0fe1647ae621e9dd4a73b4732be1096a2b33
SHA256 c4312179b621bf924f7b71a4649455f76bf6be1e1d713764e5979a0392bf2ff2
SHA512 18e33f02f8a30c8acae3adb6e8ab0d9f15230b879acc8f3b0e0b9d692a3694b1ec1d1a397b763d9c245c7bcb8fb8130e6cb1039338eab95a1ecc159bb9c18e3d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 9064e1fcbced3775d2e09e65bb63e6cd
SHA1 8135ed5637cde8db3beaa10c2b7d7e8e8d9d8588
SHA256 c95c70a781fe3074160761a7322903677ab6aa490d0a12d83089fe2b439d6353
SHA512 482068b21568a4c7a7ac8bf051ab8af263a72061a1f030adfad567dad8e5401dba94d92526d161ff9147785c1b3d719f375c790ddf993228d372206a9d0a62a0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 cc459a8b1d42ff50ef032472bac78e66
SHA1 760b00f30dcb9b412eae36a1eafe2915254be130
SHA256 a8bceec95529b2760abc37e20e5d23a03102b09a5403a60000c3fa9f00c4c709
SHA512 341f6c9d02fbf10f512fec0352cc32595b55f5f1b4b08af9bedc5f92d9c1e67e7d265b59ba5d1145b9ce8815f295411717de3bc1b63692cca3aba2d8f87391bc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 9457ce87f7ea9574b1e57171096f06c2
SHA1 667ca21c27c2223a370cd88246e360ca6b38b4d7
SHA256 5b4cc591a63b403bce72301a3a7dc86e0f74aefda45bc22fa92b293bb7610c3c
SHA512 2cb39144a4c5b8a20aff9d15c49b2637e781bf3af3459c4f532715d70efaa7dfc133ad418af78793ee7aec11ad7cbe753fe506525907a968bed91152a1191481

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 3c2fdd1dc68660131cae9d294e212d8e
SHA1 9252dcfa3d81f3a211834a8eebfd5afe22244d43
SHA256 f770ec03b18ee3bbd65524706aed700263fba9245ce6aac750407e3e21f17933
SHA512 d92e1b98c0c2991b5cf52a25d3b3be02a743a2531bbb28b396aed619221b8369d7a333464cd1d488a2c91b338a259577887ea03ed4cb71141703edf83fee2676

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 d836c0ad454ab4cd1e5b559ae59ed61d
SHA1 11b5b995de3c45f95f1ddd286e37bcc043da56a0
SHA256 17959479b0c818b1bc9b09376e4c1fcd7818ec7e9675a5c208340bcccebae5b5
SHA512 4a75e62c5bce12cd706381248e69f69bb3747630cc1889b386cbb171b2a2bd9600fe524d1facc80f4fb6cd2a96843482ac8f21684053bf4aa79ff18c6043176c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 89a4fdaca9480af5636a66b3bc1f6ead
SHA1 cd96788b20914d5b844b365ce88255e28894d395
SHA256 9bb18e2f1a8097b980ac56d4455470bede2a098e28abdc7182207cc2b27c7936
SHA512 1fb9603f5a2667af4a984c8b17c129c6c657c1acc9f1a11e854ad8c8ce24738ca48c7cb4e673557fac029b1f6b97e05ea4347eefd4fbfcdf074f01bb2feb9c36

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5520596619a5be64e831240aaa2768eb
SHA1 f1ad99390df1a761491389d1151b5c3bdd62190f
SHA256 69a131d74a04690aacda8b41ffeda582e7856d7aa948523ad987cea197194b89
SHA512 37d469bac99048ca7d74e53ba25edb11115685fdc5af8ee2dc5f1d87762f4f8cb8f1bc116f9e550b6eadc5054268314ae5b19ab697cbaaf4a0f55efd14014af7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 374600d30ec10cc0cf5277b0f5f180ce
SHA1 7edf9efad63c8d8e889f7d644375ce5725650d05
SHA256 83fcc9e675d8b942675b235ff1ced7a7c4f32228d7a69ad986bc42e941a2582b
SHA512 c0ff4ace9494f3ca5931aeec3263c342e6385fbbedd0178b4cc1170d4211b8c0c8b0e0aaac8d2ceee959c712428b0724b050a1111d4a5455fb430b3ae918d463

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 6bb9d521c8b6f7cdc2959aa7611f7606
SHA1 30d6555db8e3decea6c5eedcfa13a7477a7b8562
SHA256 36099519448331c0ccad28bac4f05030f527eee1503571d440530f6baa09164a
SHA512 487e28d4c051a10bd9bcfcb26639baa5bd0c24bd8e0196b9d7f09072acb15e7bf69aaa9ec29e55bf9a92c184f269c7a793b6911bd34ed8779a340a0410754734

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 40f131be7b4769935800006a2fe1ec97
SHA1 4a43f38457a748b918e502f55324f828bcb6d57a
SHA256 58f93eb9eec8a0ed34d73e6c5f4a3514994eaa529d7f06bb9092b5af37a28059
SHA512 677f55baac95b1915fb9af7c34a18aa632cf4df45aee5e01499b994afd8e676ea9ba5f5bf08ef335cb2563b97f6db6f6c4d5e594b053c125379bece9377ab9bd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 67e590e6715f7e0ed29976a808562a80
SHA1 b2d416872bd49b4fcc6e42439d6929470b6305c7
SHA256 d5de2b9fadc744bc7b18c836de60b416d3363e941f07c0224f900e52ad2ec26a
SHA512 4ac4af793604e5df795beb194bd65d4482d522b06b9c7d23d5e3002b7f71db23f4648fa08dacdc3e295235979423c014439f1c92643aaa74eed801a8b59d8f22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 adcd86a6e989821a5661cdb94e84e06f
SHA1 c5e769c4b9ca238d1f1e9a5e5c186b54f9613974
SHA256 5622f1882a39b4ce4dce270dd589f2d72ee252bd5475ec27c2e2760bbf9d63b6
SHA512 eec13c8be8e4d7b28c98044dbd541216106ed03523705647393f63a45d7605cda444825845c0b0b839ea6dd8cd4660d34efdc9aa39fa2358bde6184021008307

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 823d39acf1869acf14152438cd5935f9
SHA1 7149bb609b14feead35a8a6655d67ab5a025cd0a
SHA256 182770f7a02fe9768cbf2374e69f306a91e7e8fe3b1704af2781d5a3b4173005
SHA512 0e474faa6500c31c315eaf9256e70fc920c60039486eb55db61e55cda7e21a521319787556a428e23bc1b587a2e1537b68f31c3049763378843a3d3f0ab0e926

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 4feb9452c98149086d198b88c5a89d63
SHA1 a40139862ad31982d088f649258a1fe90835b8f6
SHA256 46f755f6294c29658f7a2a5087b4aa0aed00b023d6f3f3405fc7f2196b6e6acc
SHA512 7a7016541be66786d88d6c10ff2068f9e4513b445aa55d9a4233fc73082cf5dcb2dafe8997d224fe82bd36da34a3f8d470b85321375a2928fcdb32561e91c2e8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 170f013c72f8af1530cfd5eb9ed4275f
SHA1 13fc4bb9707fa6bcdb001e33d1bb6f4c6ea64ba4
SHA256 9276c221a89f0da6bfb5c473356dd52acd9383b3e84a0aa80e0085cf7eb7c922
SHA512 8eb9f6db337fea47617c9715e1aafdc5c5cd2e95e614bbf21a65c7c9f32c19a72330cf78b1e82e08af6f82ca434b6e1c7bc2b643b7b3221e554073c077010912

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 6b99f6934f55eb93802b137826e3e89f
SHA1 84ec1a4f8e44764298397804af5a32d336d2a106
SHA256 e9fdd73652dd3e5a07432e5a7e3f7f440a7280937635cc3b25af0f36c0de3c05
SHA512 f788513d4bef92d6c804187249acb860a395729477b4b371b6a8d7795dddbf7bae40d344e4ae60884b901797fa07181b26e345ec41c22900c14bfd095e18a44b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.EnCiPhErEd

MD5 d5569243cdb8bc2c8bc457d9a1d35d1f
SHA1 f511546fb52f8ca08ee9b30d10b4c1ba122d17f0
SHA256 5c28d8968d9dba04b482a09ef2e63af0bcbcfe7ae4e909ddcbee6a837756e182
SHA512 98b5cb56c5934dfda8b41dd9bd81a90725bb7184966e1603677303bd2c22d32154508dc098b0a0a070c4ec0d6db0b387e850baeea2c2e249ab3c0f96e3a744e1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 d137bdb3e0958d08c662c0dffbf64e08
SHA1 7aa51e9bcd0014f91168ce2a13d959b08324ce76
SHA256 3cf221b4ddc61ce1a8c482e7d0554e54d4c24db0de601503a6fca7f8b95da647
SHA512 4902cad76d53c0b80dca340071211ca0a32ed54fd86f1a5abe61e22699d7f619e6671e5ffd658ad14b964531111fd68aaadc40eda1ae4e4428fc3ccf1d282683

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 5326d58b9ecaa13bfd48fb40d947a6af
SHA1 024223544be8848bb65c62fa3b9acbf4e05bfb38
SHA256 c79b9cec9a376a170752ed0a3e12c2dfc2394f64323bf8c3ada2289ac786bd73
SHA512 e7ebbdd5966d4fc43ec1c1962f7e648d28053615787dda0de51a6094a5a23c8102cc207559325dc6c26b3ff930580f4138c1690a5998196bf91596afaee2ba98

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 19dd741c7ae48482eba87f83258283b0
SHA1 b993360c8ffd52910a12e82fe5dcd5209e70657a
SHA256 10809d3bd749bc9134608c83a9b50218b37ce5b81d49c78dbba4dfc1cc18261f
SHA512 34a999ec793de9baad628388f03bc3308af6d4e650c6dd814ffbab76febff3f88696f4b24a885cae2538cdeb364e9defbedb2ac4d1734be05effa24ab28eef2f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 44c780e806d19cc370561936885b7589
SHA1 9b563b75defc59b8edec7ca8d68ca6d7e6e1f655
SHA256 ce6e71ed6022e9675b55235e4746e0544665d72fd31d7aa0bd3316e6bec43d72
SHA512 30303f5763a8c9d3b47a29e2bb774dfa7258364a5315c5b54dddbf4b4b995cb0722410359107d5193d2f407a0dfdeb0b7ee95cef152a2cdf6b3a0000405c1c46

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 d8343945f7591f3caea044887434f4a9
SHA1 deebeebb725a726833b8bc1de193cf68084d1b69
SHA256 edd8fb8ed4ff3b4c5004ebe19548414b6b0aaec72fcb218c00de8890ae6963ed
SHA512 97995c0243f166016be28fc98311358f44c44ba6a6f62c737fe0e0f0db610d2374d93999b3dad3a404cec3d490da2bbf330e75e9d02dad1c651ed9fe9f6f6007

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 f7bac1703bd5b202d3d718b3c4d45c36
SHA1 979fd3ee110c2db3d58536d52a290095e2650370
SHA256 89877bc370b2d143184f387f148f8e5104f3dfaea07cfc6bc6f1efb861a8efd1
SHA512 005e6efaf8b9562586ddec00b9cbc641b171e8631dcdba44f2f99b7a5b71b5adc3c0c4bf7f0d7342aea7abfa762812a2398f53adcd1c9362d1de976708689203

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 d586625bb5e1f58b2ba3ea2ca12fe005
SHA1 b08f63b4dc819ac23e11de86e804321030f778e7
SHA256 4b3fdf458bac120878c5150c0a14b0897f2816a717d7b1d23407b863a2a9e17e
SHA512 cb1b2be5b21ee440ad66ae187891b486430f5a9b4d012d7ed55dcbec2c296711f81e4fb0d867396a0c305513299a5557c0c191e81c0b7ca979a7a474421f0357

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 557e10801dbbcb380326ac697e86a0fb
SHA1 4956854d40805e00dcfc14a041ef402fba0533f3
SHA256 74576fe7f8e237ebfe0aef521c1f03a8f712e015259c84c2b1d38525b5cac847
SHA512 eb1ca56dabc3ba1e469d504b0ac6b5de78de7ac5306e57cf1139aef062ce205112c884627caa0660408e7a360bda9fb75e2fa30150a5abaa22603bcc10b78ad7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 4d4ba5571abf3e08bc867781e2dc4ee0
SHA1 4525fa79d0f5b7ae25bc96ac7ba4cc2376f4f41f
SHA256 b432010505f4096a7d35350c8217c123ed14b84c32c72f445c216ea295009167
SHA512 3ec60e9e5a3173c6179c7feb81f8fafd2b2808914dd3e0f9a620be1db67c88f0501c2cb0634865ed838d6b97f77a18ed77ced686588425e07da290112aa0863b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 1503e1978474eed14f0f519ee65356c3
SHA1 4fad35eeccf5974a8c6f83b6540a27cfd0ebffc8
SHA256 0d65e31002bcc0a4def25b2418e12ccb92370704e71e63d0a18852110ca981be
SHA512 20ebeba1585b8824b70b1b7ada98f70372e35bc40bd04bc5dfc0c716762846539cf3f9c584d40db5296db1f5ed2ff8f22c5390466be0988bc8cebccc5bcc4abc

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 ddabe21e80fbfbd814d68a1ff649c964
SHA1 d39b60d4fdc60e9f7ab17842fef508c50187b474
SHA256 c481a7fd31e94a8bb229dce7ccbfcccdcb40829ac3ddc873ee572f88f86a7247
SHA512 e980102300c3793eb1cbcc999b93a01896b65b59a6e42efb9b7dc7bbd2a916ff85d88f8ebe94bf144801e0022ca8c168b2424cdf34c68374059a81b71f149cd7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 8a3b9510daf212f911bf465539558e54
SHA1 be02368a5c551343286e955140dd913d1d3a997c
SHA256 ca26ce7184948a1bbbe5c654a5599dea5a5d98ddf2e5751560eed988aa792d4f
SHA512 773080b9f89103a21f909381f1b00c3eb496e9a2e0624ddded1c419bbdd478f6cc1240d770426c0f5231e7777dfd605eebbe386caeaaa55670c020f497822175

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 a18c75942a0d2c0ee94e2469625039e1
SHA1 8a1d38d36fac2c49ddb51c72bfcb37eb41c24e0e
SHA256 5f66734926e61507c66f1ebb410bfae9053a238e5a4e0bf2e136a786b1e38132
SHA512 21d2f8d149e73800aaadffbd23b45c16b08b259f5a054a4277cc7e7288ef78a6c7b23457936f070afc6ad4964008b889b176359a8bda3455466cda2d6f65b1ec