Malware Analysis Report

2025-01-18 20:38

Sample ID 241203-lrc82szlgz
Target bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118
SHA256 9b2f35d6d410e85bdb216d401be95fdf1b1e949120858921e8b4a4f06603a25f
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b2f35d6d410e85bdb216d401be95fdf1b1e949120858921e8b4a4f06603a25f

Threat Level: Known bad

The file bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2197) files with added filename extension

Renames multiple (2219) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 09:45

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 09:45

Reported

2024-12-03 09:48

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"

Signatures

Renames multiple (2219) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28B.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea00975d53d7502c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d0d92124ed9213d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-trkwks.resources_31bf3856ad364e35_6.1.7600.16385_en-us_41942cf49c3060e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_6.1.7600.16385_de-de_17979c52942a9094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_6.1.7601.17514_none_d370f9aac313993d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Scenes\img26.jpg C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_de-de_834abd744e95dd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7d56d2d00c3f7e96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5a529eebe274363c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_6.1.7600.16385_none_14416949695504c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multimon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_845000fd0a08b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_847b31e13926c41b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_sysglobl.resources_b03f5f7f11d50a3a_6.1.7601.17514_de-de_0b0b62211ca2f6f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d214d43964ec3fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf58a6bff93197e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_6.1.7600.16385_none_1a0b146e42cd86a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c66b3d818988d0f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_de-de_30cb1fb758eb2270\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_52db6a1d49fd646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.nap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b7b934071b8ce21b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06daed9332b65307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnhp003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5961d25fece1b48c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_6.1.7601.17514_none_502e001aaeef70d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-capisp-dll_31bf3856ad364e35_6.1.7600.16385_none_d1de960a9e99a4f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bba5b68b615e448a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.manag..davclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbbea82761cb5289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\fr-FR\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1b2289506fb42dd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b40eb32fbeb18f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83e158203bcda198\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_6.1.7600.16385_none_b2cc41b2eda92244\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_d2fff1dae966863c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-dgloss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_46a839074281b21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_63c02bc724d1a0c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3a9f1bfa3579532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_85f4a683e5bbc7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b60ca1af7c58aa75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_net1qx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_683cd0fa683ff904\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_22c85ad69032d3f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff337c5c22a2bdaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea5d52f2f6e355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wwansvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_829b3b2377ce705b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_27284493e4df7d0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_it-it_772736a4dca871e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_6.1.7600.16385_none_db04d3f548508fd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_down.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_eventviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c9ce1478174b4dd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f19bc8fa019ae1ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06d231950a14f88c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02b53e1d98470ee8\erofflps.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_946f709feeaef639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe,0" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237 C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237\ = "FCABMLGRUFNROPY" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 131bdd9bf2adb03023bd15badd3a6d60
SHA1 a6836578ada43633ab42012b0591c35bafbf3b1a
SHA256 976b2f53a7111775e6a78f0e29e2fa9eba7c1bb1397088f25fd007ad4611dae8
SHA512 b85460620a61753f8d8a9a94e4ab29a1e6ba88a12cfe9d965a707e7604802ebd5819790b48c2ee0c42d98fb49e3c74cbbce1a6a800214487ac7572ccc16e8fee

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c0672786ee200ea0dec5a3e4d0abcc2c
SHA1 79f21c480a9abe51f1d3a487d149d058935e628f
SHA256 f17b31d54ae42fbcb2f0b62f59e1b9c6a3d0f2b211ac860f9a1dae643642f04c
SHA512 1746463c4869191ad16b97d1f88ebb3c27b71ceaa945e8f14e08e7e1eb288796545afa15c4bf9cf0ea4debd7614f73251de1df1153fe59c9364f5b8b142a79d6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b8f27504b94a0d5543081f84a3db14de
SHA1 c669771a68f490d09ab6cdeaf69a9fbd441c1201
SHA256 27f715a9b05d1107c2dd34b0035724fb4014e8fad78f08169b4406efdaed1053
SHA512 b314e663305c8a67af47b8d6d0c99b8cb6647ee82cf7ff9ec95b6f43160128d09e02a673c252683fe6de5faa44ada1b963ff46c8cd9451cfe68237082de71798

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 1e38fbf43c8cb806213599c7a5b4b878
SHA1 7e1148f4ad19da73356145f1b97904d3f08db286
SHA256 74f8edce2b7c73f463b2d5236d8e1f642afa785d77e6787608a08dd5dc69ba35
SHA512 4a2856a7de72be94c753810edea404d002f22327c92c18d7eebf75e55e75fbefaba0f57c3dd90bdb9f3768c800e0ea734a88f438aa0891e2d9a3bb027e2e6485

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 dea1565d4f7b6cc0422770eabfa1ca9c
SHA1 ef1221f5707305f4ee978f8645c72678c810a93c
SHA256 97e5853672be4a0f3c551e6b80333742b6f2ecb76da4b9c099819ab36323c592
SHA512 6ea2830a45a1320d79bd1407e45f4137bf39a7b5b2519d5e4543b9f38d7b7b25f120c133323b3bc7946b31d1bd89803442c890a5ed28d68836af7115712bd743

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6cf9b2951a2f20bd2d8a531a44179aa3
SHA1 d348b37f64a2c65b21f4a89a5bddefbe823beb66
SHA256 7e5b7e93a59d8ba1f684c3616c6f49ce3a1a44afe1534b376c1b4a0da49e1e4a
SHA512 3bca57cd4d5b67b6e563f9cbe7b12a4ac0b6882a9eb51fc01f872a45b48ef8bb0ded0791c0bbf9efeb3cf5dcdb2c6bc9ae9ede62d19f2d7f8a7298fe9505c37d

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 4f7ba073120bda942d97a01b492ee7b8
SHA1 783b37a116660df76b3c238aa8cc5a997c7fad61
SHA256 2277e66dd77b840041a053ecb4b46010aa9d3cfbe93883368457a2feb20a88c7
SHA512 334acf82ca7aa9e1d8531cbfe4f4cf51aae479f9eca0b05f49f14969be8550e4c402a637bd88e6cb61b6dc7ee6062dfbda696eee149330e0bdcacaf8461edca8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 573d31af707dc2d2ec1c9e0d3b73aa8b
SHA1 d09c8eb6cf9c392d3f3e97484923fc1a8ce51880
SHA256 8b2376869b91357d500f544387d803e67e4f86830a58effc82e0166f50453bb1
SHA512 268c9a5d76a61fd2761f9226211195a6b446175bda04563d204efbc564f4539fd815ba0866766b6c629d7fc8df13c34d441d15f5f86a909df5c95393d5ea1bd0

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 a5451432717f72dc4f2c49ee4c5489a2
SHA1 45553857d98bc2c7f1ee9a26a7e524cbf1c52282
SHA256 71b04e5ab531eb587ed4586d1b8f6c878784bfe8eb5a1385007c0c3f461c4db8
SHA512 d94fee0d5e8cb5713cd2a0753488147a6e85f47e396d22d4d5001e4853e64879f04d72fe054fb026fe6ee927f844aeae98979079f66a52c4b12b931a90efdfab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 0208a18fb28e65286452aca669e6e1f1
SHA1 77838a4ac22624eb2d171f9f95581968a364ce87
SHA256 9f101914967f188c92eb32631d49a0389d24e42dd7fd6d85d2dd57fea922d0db
SHA512 a8268e66a7558c7f6d309288409105976505f0bdf944af8f4b206bde0b634486bf211fef0e03acd8275fcc1a76c23795b5de14167c73bfca160222058c8cd299

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 af331843bbb1076bfab1048d250be6b3
SHA1 5b326570277b87eade9dce21b4cc1b76dcb40339
SHA256 87952178ce8e903a3337f1f4f77365c843eedcc30cbe501751cff720993ef354
SHA512 1755fe998dfbaa8497ead1ccfcd288ba9cf8d8f18415915ecf7529e1466218b8141daaeb102a8696cae78a6ec97b77140f184b4c4fd34b5b86773e6395fb2bd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0674ba8b3f4e7352f8f09ad746981060
SHA1 2752eb37c2e60fdfa21f3afabd3115ed6c47ce34
SHA256 37529fd5a04d97a49dec76cbd1156d77aef707a323d36208fedd9d53da1f8476
SHA512 39f6414a702993d891624e79f079fa657f161be47aa59ab7b06d5102f8ef98e3639847b05ebd9c6e1bc79eaa25c18b27db8ab6b42983f7d905077c9d8602cdf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 f02b4482d130f27d79061e3b59a5f8af
SHA1 5017c3416f7d2acda0c7470d511a55d4de366cb5
SHA256 e2c1692aa408e0f8bc2d594404deb3a796d4dc31ab45af2d245750068cb7deea
SHA512 f3140bac0b0913e232bff2cf97832130a1d8fab74e2ff123f1f4309cf47164b4457990ef9411ccf530533e717ae995e8627072bba3c6248c29c0006561cfe8c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 209af850e6dc9a366d6d8f0b5be6616b
SHA1 5f921e396b427ca3cc3137363a592a18c657917a
SHA256 7ccb08ebbb28640d356df4c1b4564dc038b79210668d9c850d16e4f1957b76bb
SHA512 82290e296317c1c5ca771feecd29281b693cadbc6c32c53445c460e65c1acad4c496d942ea3373da99611211d64c962a689c594dead648bf629f2a10f2fe0e64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 4d2a5a846ff3787d9b0a44d40e16bbbf
SHA1 57d52ab5118c65eff3671a02df91583a2e2501a9
SHA256 b912f81e2b272604ae7cac9c37429e6e5617b120704f0bd7f21a3251c49ae1aa
SHA512 e73510aed936f24d18afec05dcf41216141f5455df078c6cb4bfd3e330b9f6e2cccd4b7906bacc0fa10cbd42c8a55e4cb62fa83e8a691af551fbcf99358e1135

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 1e89185a23e53c2e3f56e8c3c2b985c6
SHA1 cdd9b05a3028877556ac75c2f46fecfefc95b723
SHA256 1ffd69277e54e6a4f78a217c8afe89f36cd29bcf9c0f010c7afb3e532d856196
SHA512 4e76a9e9881066f43c8cf9a7478bdd7db382a3efffa78746cfde7ccac822eefa2d76d5f505be916c0a219627bddcda12bfcde21a68b87098fcc90cc1e76bb195

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7bfdf2c8c46af19d855a1cabf413fb2b
SHA1 880dc74d3b9b76302782a1596f7c0f5c39077f58
SHA256 11de3421fb6d8fe25bd12e0458fdc2dedc0e71d3312dc3152167afd65dca0e2f
SHA512 2efa35a2b2d4a3b154e18e95623c0d1a3f1656de44f80f69129a2a3e0506234475a71691ebad18359303c7772df0f1d7949756085a1a7b7dd99457af8f9bda03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 77c53bee9f89411c8f102649abf6fff5
SHA1 accf9ac0d5c20b0524fc9a167e2155ec2139c769
SHA256 8b2e5aa8b971dbc127d1db21b951ceff8db702a15fce0853885629448d0e94c4
SHA512 c4d19aeb470059d19cae29d9ce55c4bc6161a0253e12ad89fb2972f196ce3a6256accad073daf4b015c324f78e5c5e8273ce62906744f0d3103aa5231e9348dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 e7cd78e4bd2d75f18a5bc05460483fd5
SHA1 484d4c047eb4b918dc8046e2173c58955b60e37a
SHA256 8b4bb3e906a8567bb0ca668fe38da6bd708548eff810b2e87a982ce6d0154c6c
SHA512 c2d760f3c44ebe3e0a96802e68ccb8dd412fc8633c6819ed82246412e661ef261ae8e90e30783e9438c96f192388f50e9750d94153d5dbacf2e0b1c603f53c76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5f9180eed1a0c7376d5b952dab45c615
SHA1 a0929230dad3406e0aa2de7dc26fefe735c25c67
SHA256 b4bcd946d5c5e6641e43eab52c78d6d9611709cf73a672059a52f3aaed9b3f6e
SHA512 849f68f7a6fd66dc685c9485899b2aa018c5bef637275358752eb7435c68a353030442b3c01129e2fa9fe23781d4aa293722b59784455b4dfaecae22964248a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d279156e8adc35277461f281625dcb61
SHA1 661ba07d1355c0bb32fc958ddb149761f7089d94
SHA256 efd23f069d71d331c06b93d43360347d42c0f9d589a34972878c46e6623e44fe
SHA512 39d648af5011d762c12afa0d828dc07ebdb01fae5410991c394288cec79ce635298d6118293154799be9c2c9c280c61aa30e05711a87009991d582863806883a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 1e611a7c8168f1b0c1727d5cf41439b9
SHA1 975c74cbb2bb6e22aa5036a384d4f90ea7f057f8
SHA256 199943f19c551810c4f5b4f1cde2908b88ec6e21b531e491209628caca99d1d5
SHA512 072e696f8cd1ec672319ac79331b0ae705e891458b348e33ecc78b1ce392ad6eab79b0f1792f22fb754d66c8ff4ac5b101a7719dcab2cdf7aabf6e1f3bd44f65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 0478648ec9f4ea5bf2449eb3ac670637
SHA1 4b6955e73ba1d13c53a9cee753bff20e5f3f46ee
SHA256 321c0c107709d62b76be82316939999ab169c9868a4bc88c52b6b3a8d4988e43
SHA512 aa0cf769d81d47c411f419a59b75fac0cae8ee70c4a57bb70f30ff4432302da182df7f59edd26bbccfc5d8ee25a5ca813e51e9cdbedebc0f150aab73f8050d3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 7cceefff2b3c16aaae9b304fdb76971b
SHA1 9e49a63f5188efee7f8105db72e85ad329451ad6
SHA256 1a1ad96a082191543dbc9916d51fee63ca0bdd52595964ca2559df02149a3c11
SHA512 e96c6c5d1b7c62dee7be384a07b2a8de0d2d16a680cbbd727f4092d3b9b4e162e866481614fd11a5a0d7386950c02771b601b223d881a4d97decbfcd7f0469e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 0aa764c70e68c36cde91a310156cc15d
SHA1 b81f99331290895ca6da06166d18f4fb7703326c
SHA256 9cc50cd3efe45265032c23f8504ca1ab4933d23c74a75a428370b7842f16e488
SHA512 cc6f2ed767129465122d2e74b684f4773a3844a4a42db25553c60e91a5c445cfa51b76b70e975f1e120ca5d06d12f6909f8a7864cba388e8ed74fb5cfc50eafb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 1733c8e0fb1e5f2ecfac3bdbf33f9763
SHA1 d720100e926f5f48f7cdc0c4fc994009f22ae72f
SHA256 7800d1b174cd31bc69c63ac58cf9fe3e5f58762c440aca40b6a449712e1e6a50
SHA512 fc764163480de72dc8caf7e192187e911d341a76c46598a980486e87af1800497dbb9382a621cf0b6ca356a76903cbcc20aa2e2d2f562223a02cbac26069f928

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4a6c673a796dbeed46e56a7c530d8b89
SHA1 e710c8a54e68fd0eff60be2ccdac98dc04f7bf97
SHA256 10f32d43fde06cb10d90d638cd7523d836ace5fe15726e3338d7c207c96d4be0
SHA512 3160e5f474a092f526bcf9a3e5ea593a9ea54aa468da0eca1e3a636640ce80b16c2bfea11fdf05ceab6c9aeb9cb7350cc8c23670cef46ae0fc4e488c1d37993d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 442b5e3d2293a54e7a09730cbcc42a8f
SHA1 5e78aaed2f70bd66286f2900de4eebc4745c05e6
SHA256 7f56718f5fbf9c7b7c6683cf0e82560d655eaf4946dfcc6822b1138018d0064d
SHA512 71a8c30883b15bd11429acc76508b50a6a950f64d5d06cd76ebc2885a519fa913500601428d9a14702951a163d5b4ab5eaffd848f7062a3eb6cd9ee67071b41c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 6049b8d104f8ee0e2a9d09a66b926eec
SHA1 82b3d8a02c6e52c3339bbad663821164dd3b46ee
SHA256 cfe3dd238dda26ec819f51ca476638f0b1860e6d5251b12284fea57ad7a6caa9
SHA512 4094d584ad8008c5fd8af2c1438d213fe03e5e19d796c40609f1917a7f2d7ebc9e4c079f1e7dbe0afef7b76fc6571d227a12fed8546b4d2f6331888e7731040c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b1bd2d3df2c5506f431240f1580cc9e9
SHA1 84fe73e232e5ee30049316b73d8b10fdc09969de
SHA256 8ca307887465fcbcdc3d34de4f226c0bac7818102a1ee617e919474bec6abb5b
SHA512 1e1fef571d8c96de68fd7edf27a40fd8a8e4fb7deaa2314eb836bbd4a97da4d6eb9a39316666571a43c9ab64ab7cd493715f8be0c353f2637d501f96b26889b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 a771de222bf270190d4ab12e62fc3330
SHA1 eac376b1f1952c1fbf8c9bd29b21c07de01511b3
SHA256 a9c02a2a60d91fc6a087d0f8b2fab4762a37b5342ad01dbaf3d0929099209d8a
SHA512 5941c87d0f0901c671d22a4397b0d625b5dd995ee69c3d2912e4ce8097327b1aed6144bb354e33cd3fecaa6f60dd5a88ba71de56718b708a4cb703607f68bb36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f879580ceaf08dc2b4fc2fee636a3df3
SHA1 f9bb576ca98973e616e66bce59b4201d89c6959c
SHA256 b506be09f50d4df484357c6649e482e5da4e4bc731a17f7f31d7295266a2657a
SHA512 8daa4136d24e7706f9cca1a65a5188fb120ca3628ba9253ef18736a234730435fa6b36df7f0729321e214194ac225d66b8f901c1a21e831260d7b136268a6f41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 11249e460550660b1be70d62eaa55455
SHA1 7894c222ae9779d31697e45b08af2e8a20f2b421
SHA256 85555d397872eb6f2d36d057792219ae71a15c805c3f30679d5bcd0cfe642abc
SHA512 7d434b36a5b978244ea717b218910fbb5e18d4bd7f35ada51d01e57f19cf19e273a97898199fb0aa94f5bcd5a35c0e0f27d9bbe8718a80c1dc85b53c71824ae3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 af089db26d403105f53bdd8a20baa3c4
SHA1 5fcbc2d7b20e6c4d1ac3e4247e65473b3b96905a
SHA256 ca3c3f2e945c60edb599d685798de3badcc279ab0421461f252d81ff19d72471
SHA512 3908900b3118344f4443981d6c5b62f841639bd4638d36103cd7c6ae9ff8d07ef349c8ae0ea12d6695a6893dc292c38ff7fa5305525a12b11577ba725e51fa8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 14d503a23ccdb32cdad03e52cc33e36e
SHA1 3407f9bf13d3e7ee5bcdc28aca4d18e300ca5bee
SHA256 74d0aba432bb970036851b54313c5f63375b2d3590c5e680f7083530029cfdd6
SHA512 3cc2588b5f6fff6cf39b73c5a332075ace8e5e02fa626469986d9fbb0853794d351511614ecb63219a81fb3b28e89d35a048fb192493c0b8a1de968d29499971

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 4a3d3fec2dfc67085c03dcf15b42e2f8
SHA1 bf879089df8f0c83b3b3a9205f88d28b319d10dd
SHA256 4ce4c0b4a9aec6b7997e60a33e5a540ba3d77d17d053bf827e690709a886c867
SHA512 9a7b80b1a30320ac809eee48ebaa104deb8b07093de5aadae7e166846b4a311c235f80d66b71b8d0b56ca2c7a8e33a0faef483e0a710bbc98302f043b593e4f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 e8c4facd394e69fe248919d6d9501793
SHA1 5ea513cf2bd1feff5eadb1486abdce740d56a28b
SHA256 a63890675d975e9e55f1f85aeabf7ea7572251f912cc2beb79eb6aa04bc97a5d
SHA512 f7680f889defe043b4d1f49987461ea8fd38d9799eefac7f5643cd8196d563b3abd23fc8afa1d83d7e7a64aca832674dda0c269b2c3743801e4a1db0453bdb56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 acb83bf2c7f37a85c97cf3d4b9ec116c
SHA1 a112398983cf1d4826c5f9726441b2f2edd39575
SHA256 aa51e87d18ad78098e75b3d0a4854f43d65be539512e1ca53d54d7af0ea2aeea
SHA512 6c9738e57e25b90befcdec7da92951facff3842031175267ec0050f9775710100453c70a4ab26c2b138be62ab16625cc75f79dadb87d96c36c5269b4c15a6971

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 1cfa166d79ade4d30001196645fe6c3c
SHA1 86612820b932f763b3ec7c8bbb668d8794275c9b
SHA256 a2981bf4f7dcd8543ee31b03c01dd9b40d28ab9ea100969abaa550bf420b380c
SHA512 0242e1f14152c164af113ff64222af360911ee44f4febc51e47bc7a3b8642a5c2f9ea1144510aedd77ed5d35d0b1dcb718f376dd75a3552982d2ab5b2098656a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 3c783d5aa35d2914bdc52f8b22abf21d
SHA1 5648896d0b843c4211053e67c50cb252d6a7a47d
SHA256 5e7acb903ac3047a18c5fc1413164fb74d49eadedf007c8f347c40b184b4e1ea
SHA512 4693aeabc684a9e58682385c089f3fa6d216e7e1ab636e6152c74c684239b74e8bb1b77d9f41e310e1a66be3a1d833e3db79ee4fee6aa7abe62def201ec203f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 0930578c556428fd59596d7bedc84626
SHA1 b22044ef38d5d527c785737af8c5fdb8ce0b63ea
SHA256 f64625e9a574185fc9816b4113ad6ecf5234f4c767e20573dee7d074a3e3e28e
SHA512 baaa7150cf4793e299ef42fa43b87c0a42220346637e3c05ad965882ec5bfe1dd143466215d26b4876eacfc3272572136abd9c208aaa135e52aa27822ceffa0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 55004f7e16ebbd1c95f2a3ced312282f
SHA1 10dadfe9590be0775518c0599d5ae5dfab23d6eb
SHA256 f9b0c55a9163be879a2a027ad0b9ec996295246fca67d66d2bef1b9329a88ae0
SHA512 6a485ee90030473490913dda5a09601dff5f8b7cdceefe5175e67097c4cf00b3a7b567cb7327af77d346d1220c77c083fcc3c540f0c01ab6e81031e6d3388ef7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 363619b042c809c00fb12ad0f953d177
SHA1 1145eafef7ca11ac12cd222fd6c48bf0f1f14ca9
SHA256 313389b3d9ac52a7ef054dbb4e39318b88d9e551164b63140c773079a508e4ba
SHA512 6b9603f1c6878305b65f761779fc431877e39307a513c7993931f57e213fe0efac008ca6aa478017e9ab5cc75f38e85f51cd81bafbaa7744ff1223f1d2cef770

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 026e0bd5c5385462d0c64bb71252b8db
SHA1 502705d4d52c7384932e76618b18e097aa7b7bd6
SHA256 2cd8a01056289c47afc23bc044353845e375e6b68a1fff525f911ec0bdb96093
SHA512 21226258b67067925b5348592fa54a166e408e3cc56c89dcb89a730214824d1bfbcb175df35a8bd21e56c007d2f16b8a0226faf17925f65c870e23188927f901

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 73e03e5aeb7216a0a65ce962bf684880
SHA1 cb8817968c5284ff91b306f911f32bf0fa9aec6e
SHA256 88800137051b15b0508ce551501c9b7a8632ebe0b020ea36e859cde80e9985cf
SHA512 cf838f214debdf4c3e5e3720b202dad8e96d4233b15a256e90f62ba1ec6ba1481e1e84ae3a09e44e9b09c2c58b24d9b1ecb5b47b372dab76bf6da70dce4147be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e5c133562d9bb26017210ea7548c2e90
SHA1 0a8cdfd6457b47ad7a50ec78fa614feef5b7a62c
SHA256 e578f3be8dd5ecd620c1143b6add379ea9d2c27f403feaeb834c5676dd8dc160
SHA512 9ec3e3a13f0ac5d58fd18d355ecc953eb5e32a3bf5667ca6eced3239aeeca0bf11e232f0683bfba854ad4e3713a1ab0062157c5952e93b299754036030de2afd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3db45212cf55a3a236edd5f09764211e
SHA1 8090f79dac271bbe45953468fcc0f48518167638
SHA256 d9f975f08b4817f0c64e95347f5c10a14da2d9715a7138746db7cf2a5011b2d6
SHA512 3a0d83f658fda8512c6411be805127745f9fab64b3ea5be0dced725819b38f1cceb5cef48a6aa42f8a1c0db2afaf5c8c64464bfe6b6fee3e5273e1f05e9c47f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 9b33cbfa0d2c8cf5ad0e8711ff2613fb
SHA1 04b5b50557d252b4a158adf2c9eef08ab2a9ddea
SHA256 86282dbc21dc75cb8920f51a98b38a87bc18eb5fbcb05a5405d5dde10f9ad3c1
SHA512 48e2177085561db829658e15784ebf3674ababe895799a75ec12039d488919be075358b7c35cb0e861c0c299cba13ee4c11d82d7214afd3ea952b7189c5c1f6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 8b7ae166a5ef8abb0df2ef39a801e26a
SHA1 e0e840c893683a2dd2aec7f90292f3194cd4eefd
SHA256 630a0ebe51b6e3424414a01cbe48c754247a90a417b202103e419c51a31def5e
SHA512 6faaa8d41d7e778d8c78e9b1f973198a226b2b1fef84b7a391743aa9a3d8dbc84de3d4c9836f082e561c0c3fb3a7dca6b9cf2f39ec8b5122e072fe73ac160667

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 25a366cc1eca05a4c0f134e61d165ac4
SHA1 00ee287adb494c9c5ebcccc86be5c225cc88bb0a
SHA256 0e663ef405ddee39ce7810288ff5cb37a42b1121bf7f81867dc7c12cefda02fa
SHA512 2486254095e7f4768b44ccc8a26bc4ed7941b38b3141bcd08f1ff50cff13ecb8c96a2ae86c4b0b97b8e587ced0535c82ae9a58768d6a49d187614fa46ae4ffe9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 d691651bca8fb32acfc917b161df51b6
SHA1 2a90710933778b3e0a4539b801a94e32c1321686
SHA256 6c9f48a2ca1a298a20001dcd0ff8a6ba2179a9781a59bf9519c5dadc50124ce5
SHA512 63cee837bc8b8408bc9bcb0147b171b45b2cabc32f5a97837ee1d1a28d0ed9f08417e9defa992e71387818fe77592ff34fb2458f44a4e3d346bf9bf7023d7ae6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 658aaeb46d5a423590e4c93756dfe9e3
SHA1 e2cfc38b9af987551bc4037b2b379d5f03c41781
SHA256 f0532bb2f655e206c52b256d17ab04115a7a1aacf27b09edb562bc51b012d634
SHA512 9da42af28015cdc33f51b68759c9a40015b3485da42c1328aded3d2f446f1e04851a515b04b75525e8d920090ecd3692cbb780cb6fd8cc322f8ccef4d3c33706

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 821f4b9010252516529cd73d77ac77a8
SHA1 17961fe3efba9d16fb640d9297d1431c44cb5c4e
SHA256 a6364c139b9e1fac69412cea924bb59e6a0c993551fcd88946ff3df06351e18f
SHA512 a891040ca670e08c30340b798d5440ed14177cc9936d6c188a85aabd6cab988fb98038f148445625645b59bb473b799f32f8ad1d7ed207a6e2e247ff7d6f3cd1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 25c914a3e281c84c5ec1ff37819c69d1
SHA1 2faf0e476c7d1873024d5e1d49dfd4502618134d
SHA256 dee91820012ec7794faf98890f61baac8dbcdb7735a7cd0cf7413f65dbc28835
SHA512 61a4fdc923be2ca0cf6ce4e0507f876ea4916a1686a4602aef656c90007b62ffa3cf891438f46f4324e5fdbf7e5a1c7cde84a67270221bcf7bcb567432ffee18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 e01d6a1e1f54502f2a10a4df60b0c264
SHA1 a1f7994906cdc2ee7d1cb9a0c7e74773bd465a05
SHA256 22159b35a814f67f80a5a099aa40c315a970c3aa403265a36c2fc08d5772b25e
SHA512 bfe4dbfa83cfbc572a6c80abd1c12ee8f398544715b5c360784e0ac1473a1d9be4ee9e5186960241b2820d18c7682f2f00dd7a5c14c2512dfa3572ab87012d4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 48dc42ed05eeb660310eb3c53d66986c
SHA1 3051c16c259e9a20f2a118efc2f08d37380589bb
SHA256 6575623dbdf7204ad66afae5c0ca3f6daf652ac1ea24bb6cdf249659be991d16
SHA512 b6c0dd6a3c8a2e3641efcf34a1441b831afe643d315d7ae4ba750f5bc7c9260b0312c9f286cddb179d86d95b159745e4b7f532991751013caace45e564c42db5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 2d692a1b963a20119628e6114cd90ace
SHA1 1549b2ca64c9e5f7e49b4c5ae27a6e02786699eb
SHA256 d5a7784d78f3b0d69402d7ba9a3c76ac029609ca173cf9d0d389ec1ce4261024
SHA512 7120497864998f592ae11307dd7b104028ef99f871ec94a4bba01c6ca3f46edb3c3a17b6a8f09a1f80fa51c430c239ab42afe2ca46953d32447fbe82c64c3353

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4d59e8e7982b8bdcb457f05b1e0a1a3b
SHA1 39ef85064c00254f3dbd2a0caacea422b60e1c9e
SHA256 37a39e89ae7ca92a46310b70a0b8790804588331724a16844975875bf19e356a
SHA512 7751940ba67b4f58dfe78f38e2ab5eb95c348b89602c9463cfd5b64ce741662693d93d6d54a6348ecf09ea0e7d17876136c27eead5911575a5a24db237b1e2b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 247815c1fd7c47edee58224991426111
SHA1 70d3e590fdb3f06bc1462ae8e553323da869b600
SHA256 49a7e25accbc953dac9947c2d0a212bff24c9ed1a51d3d17663095c179cabed1
SHA512 7445808f63bcbed8ca42e4a392960873b686beeed569724f45343b65b9b2f3a4f4bae05b5df0a8a36c84aa6f466440cd814c960b1d9b715cb0eb56c4ff831b5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 8395ab659a053f4c0d03559178f7c29e
SHA1 26db3622b12e8ce4f2598d01ee9fe82863e0660a
SHA256 58eb995f0d513e8ac75eef756db57b10671e3a7edd79970778752c8783eb64d5
SHA512 446f7508aa7633b1172c85e24192fc7b425d9d48ab8f80154624ae4515f5c99acd5dcb4e8df43e971bd664ecf212790c6a3c28c0cf3bc45a9a930df3de14f57d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 2be1d0d0151b784c29c050af559c02cd
SHA1 9469b326aff7457e9888e6cb28e7ca308e407d4e
SHA256 c2e94d4feb687c4e359f6476d1ccde8ade0645bca335c4cb9f2449d143b7459b
SHA512 d5d092740b8e030bfed9f6fabd2138d94ffc80db6e6916bb5ab591cfac5a58b0c802f1f3c9177564e2c89e67fb53eb07a34444eb455088cafc52bf7a21896c20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 fdd9ef348e966d86139b47911b145575
SHA1 1e3d35f6a8a0925184603a97ba9b6d898e476b6f
SHA256 aed7f9a4c0df9678c2fe1076c5cd596f3e0a2028dee7903970069386f399fdcf
SHA512 5bc4c56565234c631a57c8848f9febdc67ebdfbb7895b2b68fcaffc4bb4f86752dd7e070b7c1325b00a222df66484918b7df524e34dac91c3600fa2f58e6a677

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 b0c4bdd5d31cd5744157f3606dd7be93
SHA1 e547b79e1dbcf12abcf044cff41a408629c1924e
SHA256 a9a26792afb99376f1b1292ddcd6c5aeb2edb98e2ff7d94ee37d083bb648e1b3
SHA512 91cb0b4796bfac04dda939e912f72b0a3e629b797594d502d330ef57d815d96eae590c157c7c91caee4c2446107969cae8e4bdae36d2e77ac7bb709894b1f9a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 b86730a60d5b4de44d3bbc895c3c7e0e
SHA1 bbe8671cb66e06f4fc2af6f2c0ba383b17a95439
SHA256 3bbd074a44cc0c4b028c24fef24e720c3b1e5b9f45bcc257b62fd1f6ddc04451
SHA512 53c5759b408af57b09ee4785bef760639c2821b8f465887193155f63f999f87b4e74a4194505fbb6cc9bd39b800083b6e2f0676ca36bdf51c8b452c65df76e35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 28954f7a1e9e92c324955f9535eb32d7
SHA1 9ec420d3abedfeacdbc13caa55d6f0229153b2c5
SHA256 6f2094ffbb718c7c19a2c62e70b1e535bd1d7be9502c1b84f25cb9fd141c6af4
SHA512 b6c2227200ddfcc0d2b914d4fa3db6b0acd805b76f79d69c10731f2281b8e59c3d60a89f377350bf0753e47d5c9c61108d171d4635b0e04c52043e0fb8d86e67

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 d37cf4cc8eaad660ea1dbf4e2cf9ff7a
SHA1 3c5eabfaf918bd9e4fce484fab2441ed1a23e7d1
SHA256 58fad501d029330fdec561d8218565068f69ac32da41b15b1b52f906dc0aec66
SHA512 6cf421997bbefdd0a6fe90c216f95147f3f998f3a3e6ae3797bd78d4c1a230ec1fe366145977436c091378971d40989025b7774da68feb0f1d432de6664492fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2c7dc85e37d73979e29ae27234e0de9d
SHA1 b392b8bd03b130055492247148e561bcae9ff044
SHA256 34c975e64b69a0472304a6fa8c77e57ece76e7fdff4c7cf6327e8698c4bbefe4
SHA512 98489b68fbfd5413d84eb08657ef0441c0af827d649ba59560e0da47abc145934b35a3a012ffae8741490706f4992287445dba1d7485fc2e6c6fbed47d5d671c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 ec635dbb0fd8d3d6ade95065d834d130
SHA1 05ac5323c07c9e0bb5fb2b06de6c83f86452d8fc
SHA256 3ba18f053d9853585ce742a0d70a8c32a08f650b76065da0ddee1e76c09256cc
SHA512 79d244145d8ffaff8950b761d747ef64742740cf8af07755bc0b327eaaad61fb7e0433cff178be50d93a998e7b156e652a69f3bdc9b498682e941ea3ccac01cb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 5f01260b280ba7659523cdcc12ec9aff
SHA1 192a1fa005e9ed2ecb666936ab38e9b44dc45ef3
SHA256 9e91074220b348877e62fba91ebb161df90306dcd56a497d93603ce20a8fbf20
SHA512 d35fce8d3492ffacc64bc7655bf5f6496056b31da799919b222fc3f1496173a0c40189899770ed39b33c4b78b282e254b9785a66fe722152d8503e4a73cdc250

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d9ec43fe20279aebebfc21c9d5621ec2
SHA1 2112f36e184d87451543b911fdb7123a7c009ec2
SHA256 a0933c7342029ccf4e6ea9a43541e9b5a8e58b4749d5bec2885d64fa6f98fd4a
SHA512 f36e5ae07ab7eab105f116269a1053259344c0c7c6444f90e5c2080c674a09b192d4498a8e88cd94cd94b8d6b3da066f7833203bbf5170584294545a10e1c674

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 520f2d2d926ec74d331ff4c7f011a94c
SHA1 c807cba9006b8d1a88ff61c5026c7f31f8e239d3
SHA256 f09497d18011b06d43475f2801afe44079e148cb74a4e01049be2544d93888dd
SHA512 a4ac09f1339847d6b5b693cedbc601555448162c867b17bcbb369c879f4e5f3b64bcda75cb21f58426fd2d5d77473e6b051f1692448a94e01bf38ab6e83227d0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4a8d89053dcd507eb56c9a041d66e09b
SHA1 238d0e8722fcaf2d512d2ddca3ffbe393a146ec2
SHA256 62b632d8781f069c51dae1c69b54f45353285b6107819a2f2978ccc366d8b37b
SHA512 8f7dfcbf57729ea876e6442aed467e34d04b48cd3ee5d8f9de7a69b899bf5673c36059872e116156c3dd5751724330b47dadbf9ffa24712d15cdf03ebf4b1505

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 872a604748510631b042c35894895695
SHA1 22c5f6af1446866b1aef21184aa72ff7a9df283d
SHA256 3c7826a367e8903b72e7540376c02579217373e04140177acd398ebd3f781b7f
SHA512 992bc112c5dc3b31253849e6de468e8c0b26a5f984d0c5be6976cce33220ce3f32fbd9142b733f31791f0c76c09a089c01930231d62de6a2b857ea2e36458ef1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b75be34f04154dab6ccd7600fd908aa2
SHA1 46a9d664798ff821d7afcb1fc47e69bab5b68885
SHA256 fcafe6e15dd60695acb60a4fe51cd59e5073c017b9b6de506b080957554d809c
SHA512 c71a49878e31bada355c412da1c9091f0484f5f771ecf17f6486f64b07aac47e5d64593baa79511a9506bc64adeb77501d45166d9241550cdebacdedaa6804fd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 adf2418009770dc423fed51075543f13
SHA1 4ca42add33bab1170c03898a269cb5db1f44ddc8
SHA256 078734d08c627e6b1b889a821e0d1ac2bd0b4c361f4a4dcc50ccfeccc9054909
SHA512 8f6ff182ac62a655206a479e0c23f4046adafb1d8662abf393249773f440526978660012d20099bdd2c145f323c292eaa56ff033e0cca1975ea510897136858e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 afb9fe47a181dc91f0c25b6fb63e90bd
SHA1 972ca99e6fd2b384018f9ec8f7d834da737248e3
SHA256 3e59c4d6cff7103df74c13659483098495bb12f75ae2fa1eb0505dd1cb48c97b
SHA512 31e9497dfca67bf7c2efaa02d1e76d0b24bc14da89ed82036e461edb2c7a0e04077a30acd8e2c9b1fbd51358e1d7d2c8bd7caf29a2a4df791999b4d1862cae36

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bbc9ac2550e2318d36cb6a2b1441c59e
SHA1 a143f91cc06692d03135117eb21c4348ce120270
SHA256 3d232ce7169053964c2837a6684b1d167197084c97d10f404175361a7c6cca93
SHA512 3a93cb43f95c403b8767b784ae1f57f1409a6577e29cc79ac5af2635b3c4f416be5c9bac5c2d7ea27e2d33ff1ab77de46a25f89806ff1800305e169a6a513593

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 83f6f37e6b02de5fb09bcf90998da41a
SHA1 ac56341bc955e1c98df5ee1069010fa0831b6e4a
SHA256 966090e1975c2b0c330f19f2adf82f8e1f53b2f5d1f0f1d741af458aabf3b9ed
SHA512 b31caff03a2083dbdbb9b8367d8edb0dc585f6d6440b5a3719eb83741ccadbe1da3d76ea2b657a0c651c7dd21a109252c774ebbe466f291d693bc34ff8cd530a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f1153ae91d6665c9e79f4fec698947f0
SHA1 ec541c74b3673b46809bab88a834c429c23abe7a
SHA256 d45403d053019fb3c931a8711cf3af6dd2a8fa76c0ef9f9b95f8a22bba9778b0
SHA512 c7157725f06d8e824d1cc2da4a9e73b46fc4c351c2e4a7affdda521bcaef0eca50d348428888dbff595830b46783fa77e037e3fcd72ae7afbeb0953205ed062c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 73d75f7cefdc50581433de59ab6f47a8
SHA1 b1c28ce6ad1ed11c08c190fc7dff4f6c9c9eaaa0
SHA256 b3500b69298cff885a0ffbb34f3e7bfbf7b68126f3a6c36a9a884fdc96f449d9
SHA512 5dfd1e16ea621634eaa765a03e519cc09a6305f65af186ae9fa6b7f15e3af784c4966b8773972bf1d2f24bd42fa801962e7a9792d8f19fa8b14990ac06c62d62

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 063a736fe9cdd915193f56431afe379b
SHA1 f271680627aec9460fe21687225386da35873ad9
SHA256 0b90ae10f5f9738d088d20be24bcfce9095fe9a036fe0e1cf807e4a1c31570a5
SHA512 64b942a27bfd1d7ad971cc796b8339b63a1f480fd1a1bc58d85aa124b510003611efae92f4284d6af951536f92a7184af7ed5b09be64e7232bd8904a2b487a50

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 15c112735f4e7bab22fdc215155891de
SHA1 313f15245dc70afee3d3d332079c969810e9ee27
SHA256 b5ae520da48e7e3459cd27cd2002fe5f9ae3a8a83c301932e2f0d0877bca8b1f
SHA512 52661ce689af03a272f63256d42f4bb5ff5fc568d933b85333141e7c0237d69535776b66ca55ed6b51de9ea22300e6a87a2d57406348fce3c21a553e18dc3301

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 3e14d5721b51bdf0f8f2e23c655d30b6
SHA1 78ed06332f8ad7e4ae5fc0552ef1f1140feb65d6
SHA256 3d0809b5733a06d1840f4e68b6f861b217da70e3196d95701a4da38ce7a47b9b
SHA512 2d5bbd788c4b08965b796c0de42e042479ece34a3f062b4cfd3480acac3c197ae3975d1144dc548fcce74fa881e81cee2c13087ca9876f6d7992309ef5e5cb7f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 6eb80eb1e4b9679855d5347d8651abd7
SHA1 7b8a2a6bc3385ba31776921abce00352020a4443
SHA256 7cf2de988d1fa5b3f0cff103b1ef7e538fd6814aee477073e7542b8580b57ef3
SHA512 24f75cf9a5991ace5c4c039af9a97b69a2528d1a589d7724cc4b7de09a3f5f5150e1f3712f607874c14fac890b4e76fbc02e5836513b25396e2bd8edbbf872bb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2e9c2f254c652887d2ad1508d7c13c4a
SHA1 8bf61da75f1ef9dab9613554d40943b4d50b074d
SHA256 77dfc48d3a3635a273f8ef6b30e5b6b58106fdcee10f33f6443341e559b02da8
SHA512 96287c6e8c8604e461cce25caf37e74cf144cf82901858b26f3590c0f62aba186c2ad58debed2069852983afeceb1efbc7e3b823a1c080d9eb8905114b5e1c38

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 7377dcdfc494ebd786a1ed924088d744
SHA1 735952baf671fd68ff5e281a2543550a2456c860
SHA256 eca55d6afd19ae9d79b70f867e919a08e94c47838ace4155c5b4ba5ff8bc2eaf
SHA512 43b25a57557e847921017703128e2696fc1dd7022fc004fd74aee2780360e3084719d8318f95c55c46b5468843825a1f149f1c002d1722a3782411ee7ea3a262

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4ecd94794b45f853e23b983e656ea1c8
SHA1 270ac0623007403d2b4cbd59207546a8762660bc
SHA256 cea08e837102ad0ae13df2b47c2b42f5525effad0b72cf33a8cb2fa03bed0a5f
SHA512 02eb2a6f040a1b1010dd2971c30bda09398225717d4bab57fa40f9c5cedcbc65fbb9a8b862217dfb207ef45defb716f60af7be4842e4f57d80c61e936e628eb7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 890bf8b1f32dbaf27f65bb4c38b1d560
SHA1 0ab42fc2d922a11d897ecc8b91f7cb5ce5993ffe
SHA256 21b9c5a073c88fb548fae19a459cf45e1d9fb70a0c4643916f8655ea0918be4d
SHA512 4ed3a6b9453609363fb2b752d87ae2714e39018f74a7daef89c9008c3437fe5c42adc63ed1b816a3c0fc53783f51233d1bd901e2d66ce4f6c5ca161901996fff

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 09:45

Reported

2024-12-03 09:48

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"

Signatures

Renames multiple (2197) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_9658f2eb83f061c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fdc.inf_amd64_fe3599e7eac09e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\back-icon.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-96_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Resource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\6.jpg C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\fb_blank_profile_portrait.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-300.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Paint3D.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCache.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xea22.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PayLockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCacheMini.scale-125.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-36_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Dismiss.scale-64.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_wsdapi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_73ada114f7c112d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-userdataaccess-cemapi_31bf3856ad364e35_10.0.19041.1_none_4310791f70d2716b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorrepurchasecontent.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.19041.1_it-it_ae7564a8deb46674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_face19af95adfcf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rtvdevx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_10b069603e6fdc2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_ar-sa_4301d6d98604e74e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsinfrastructure.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1050c3d619529f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\defaultbrowser.htm C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\startfresh.html C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-npiv.resources_31bf3856ad364e35_10.0.19041.1_es-es_92bcf21af17abfe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_scmvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_711722a7eb22b92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b1452e547626c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_10.0.19041.1_it-it_e2aeb9075b444372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wordbreaker7-mswb7_31bf3856ad364e35_10.0.19041.1_none_8fe770561443d04d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-system.identitymodel_b03f5f7f11d50a3a_10.0.19041.1_none_9ee3c6f0bd02166a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.746_none_0516ef53f4f8527d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_259b3c19caea89a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_10.0.19041.1_none_2d6e24727e9eaaa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\BadgeLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..omponents.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b2794c6512d4a725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_10.0.19041.1_es-es_f9dce2515bf76973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ut-ninput.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06acc5336249c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\ImmersiveControlPanel\Settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_amdgpio2.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_5e26512b8e6d8fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\IME\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.746_none_4a7d63472b217a24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-flacencoder_31bf3856ad364e35_10.0.19041.746_none_fcdcc022ec231bfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_10.0.19041.1_none_9561617494f4801d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\BITS\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_b57nd60a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_73104e6df57778dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-vac-service_31bf3856ad364e35_10.0.19041.789_none_030f570ce4b038c3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..epassword.resources_31bf3856ad364e35_10.0.19041.1_it-it_43be9756e457ca4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.546_none_6441d3d76cf5046e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_fe88d1fb25f1af00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.19041.1_none_159203c1973658cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\Images\emulationCombo.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_035eb85fc97bcd41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\http_501.htm C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..x-musupdatehandlers_31bf3856ad364e35_10.0.19041.153_none_c5deab4679e41c36\ActiveHours.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecoreua..tringfeedbackengine_31bf3856ad364e35_10.0.19041.746_none_3f1729c1dafe3907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ldap-client_31bf3856ad364e35_10.0.19041.1_none_a92d551af5c93a56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msxml30.resources_31bf3856ad364e35_10.0.19041.1_en-us_efafef48e62ac770\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3e59030fe19db2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvid.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_67ace97956d658b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mcrecvsrc_31bf3856ad364e35_10.0.19041.153_none_409e23d5517b7e92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..nprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_10bc954b884abc1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_sv-se_5e703de5551f15dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.19041.1_es-es_c0a322f274192ef2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hlink_31bf3856ad364e35_10.0.19041.1237_none_cc84e6e7194fcd8b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\AnswerWithVideo.scale-400.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.19041.1_none_27f931c12b4de7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_31037b9821269607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_243282bb8b9d0cae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.entity.design.resources_b77a5c561934e089_10.0.19041.1_ja-jp_f546fcebb919c1c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.746_none_5e2908237fd796e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cabinet_31bf3856ad364e35_10.0.19041.1_none_f78508f2b5a9fcbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-ieadvpack.resources_31bf3856ad364e35_11.0.19041.1_es-es_6b317ff568fa46bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-t..cognition.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_668183daca7f0f3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.unmanagedmemorystream_b03f5f7f11d50a3a_4.0.15805.0_none_05965ee3be38c119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237 C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237\ = "FCABMLGRUFNROPY" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe,0" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 135.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 131bdd9bf2adb03023bd15badd3a6d60
SHA1 a6836578ada43633ab42012b0591c35bafbf3b1a
SHA256 976b2f53a7111775e6a78f0e29e2fa9eba7c1bb1397088f25fd007ad4611dae8
SHA512 b85460620a61753f8d8a9a94e4ab29a1e6ba88a12cfe9d965a707e7604802ebd5819790b48c2ee0c42d98fb49e3c74cbbce1a6a800214487ac7572ccc16e8fee

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c0672786ee200ea0dec5a3e4d0abcc2c
SHA1 79f21c480a9abe51f1d3a487d149d058935e628f
SHA256 f17b31d54ae42fbcb2f0b62f59e1b9c6a3d0f2b211ac860f9a1dae643642f04c
SHA512 1746463c4869191ad16b97d1f88ebb3c27b71ceaa945e8f14e08e7e1eb288796545afa15c4bf9cf0ea4debd7614f73251de1df1153fe59c9364f5b8b142a79d6

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ee6238fac378790930c1a7131de8b1f1
SHA1 a6f2f6175c12228230d4af0720e1e698af26944a
SHA256 a33dc61913879a0d6c1e5523a13b03ed21ebec4cd9d3d90bbf724902e45df25c
SHA512 eec857612152d5ed80cf665fa117a79bbbdc27ee61312e819922ed35b53829e3376e04cd0d83b0dfaf092256f2b43670b577724f9fe4ee16b95254e39a89d298

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 b0ad0535c8d18d844a0bfaf48829d10b
SHA1 2c1206a8a9d6846f1e7b19b78a823a400fe6a5f0
SHA256 4a8d3a7736e11ebf98baf14108c0dd81f688bd0c7e8314018b4ae289c1fea835
SHA512 a30f111df75de178f9de0a75b65052b735a8da029a2e5ac04ffeb885dcb4f2f2dc69ad9bd39d18bc7b4fe8475dbeacc34c1a8025cad2670e351547c1ed104f09

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 4aa5adad468db420a5c5b29c933fe891
SHA1 9c557fc2328769e1f10502bf72fa59001a7b618d
SHA256 8ac1f491c68d3fe8a9f26b251fa36d372d5874a14f849b6c8debde472f3ac4d8
SHA512 2e63d2b8d1e042227f3b17c0842f6a3362764416a4ede9d70b7db4651aa9a83fd48420ee22ee16ca26cf1746f2a9a82a95665a86e1c977305267d5c3eaf529f8

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 fdf8e1b5e6bc45828f9798e9ba528940
SHA1 632f299eba20950edc15429317686c63acc331b3
SHA256 7e9e8e5bf4c96e39c12a1be665794f468b22d350b9e297c93df90e991bcb04ff
SHA512 6ab33a30a986e2b2f19527ef851db40841bd2e7ef9c0bb685d7d48921fa2e6df97253581ae1aaff71012062f237fd3e9da7312cdf9634b22d6dc6361b60d9bd3

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 9bd2784a1f4289fc80d9892e40823179
SHA1 99e2d4447032c00db368da6c455c4acaf7cf055e
SHA256 fb160992d1c5fd6372c961ea24d27f5050ba7bc7830aa48efe005349956e0d1b
SHA512 d312f691982cbe06b716c6f57a0eb94f4449bf948cd307a03ee12015250ce671286d886ca8c7e0671a420363cb688328408fff62570a7e3140773fd55125ed7f

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2243de515fd48fbe92635562df98c94b
SHA1 88934da8aff036376613ca0231c985a9bce216e0
SHA256 c942f759307fc27950db8f9686006d1976cd76a50f76bfec3bb6bfda2fe0da79
SHA512 18cf8b7b59d1a928d17962bf87ca3b215873cfb442ab3dac59e9177870b6711b8cbc289af6821f7001a9e575aa7376b3a1874aae7db30da1a15aaec2ea25a296

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 8d17bbc3096eb4d3c60958b153e8ede4
SHA1 a1640785877a85c287c332349bc5a277a1129c14
SHA256 85ac841822813157b33c1d9b8c794be995c17ec399eb4e210a1aee0bc4a195de
SHA512 b2f130d0a6a47270d8d20f88f34e897f4d425a0eb13ec84703cb95fc0692cff392060aada1610f25e23e9921afd55df8acf3fc972a6a1e187842094ee5b0daba

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 49d92b8c74dffbdb60a751b850846e25
SHA1 dbad75188ab78dd69352636c973e8a41b8b5e00e
SHA256 3b427e984436d0ac1e27449f049fe5110fbe8a29a48992c21ec9729bc14d3051
SHA512 d57de145127ea4de85bcb145c74d40c07db41e1bfe2183d08a3c9baa015e9c7282dfe1e70cff54554cb1cda2c65e03a3d0a269a1dde097383b87e258e621560c

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6fb73b589ac38fd525818cdeb6de94ae
SHA1 2b6bc75866810c4f6998632b4b18954ccbce83a5
SHA256 8aaa6cbf6106dc7fde544e750edcc49cc8b617949e8a23fa5fb8aa4ba1ce0ad9
SHA512 d2d46c282ffaaf7766e7b0b30ee2f3c214d71a79dc1f4b5d1f81fdf55a6c4ac9130165e69d18e197b1f4f4ff2e8ad5f26380daeb9ffc2d875b0394caabf6984d

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 83485256d9f0d349ecc523e69721fcf2
SHA1 a77b854cff778638592182ef9acb489f5805b014
SHA256 5fefd39ff7b0e553f4cd03829dca955b336dae5d9fbce58feccdcc77ab5bafb1
SHA512 0bd4be002d34bb2202e087a8fbcdd87ad7951d9702301c094a1d1a651d76e88acd7bfcf627df2ae13a4cc2f4d002fb8f91a7c2e2a9732d43d8d1198acc1b16db

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 776f91c2cd08d788f0dc36208ea18347
SHA1 aa9467a4daac6c757fd8ca9e095b775c8b520736
SHA256 db27f6581cb1d2a962fc056f91ceb2fbe7f9233230c1bccf2f4a14e791ff1990
SHA512 8f97fe715980d38f9080df609d69862c7d494b6fd7b6bf72d1a6b0c5407cdccdcea5f61c496ac60ca1240c48c3e7dd5737c6a72fc973285a6c5057919d98a4fe

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 b5e40d76ee43864a1ebb7ba94e4e113d
SHA1 0be7af048659f1c00b88b561a72d631c4df26020
SHA256 3d1a1a3f108fd23296342ac845a5960816a1fc4297233b86f038556edae51c2a
SHA512 a70bcf23650424f7a28d2e091921ab85166926638435c719e839d3a3afedb82f7fa5cd468387449544da09535aa47e9b50cee24c0206e7f2d6621112d55e1a56

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9b3ed4ecf125b3380225261dae4cd343
SHA1 62147f717607dfe60e041b9d08dec840a3233cd5
SHA256 a568ec7b00ef50f9b5fa6bc9261f0654e344007bc29a8b3954df1809647fee70
SHA512 e0441440f808577758f473fea43cff5f8a00f79db054c978f0766ba10475097c65c9d117a098858d35b529fdc8339ced3ca57c9afd922546cc9921b63b3b7ba8

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 6665b1e6d89b9bfbb4e260630f4f8986
SHA1 ec5a46a7ec01212962cdadc9e3bdc4f77fb78a8d
SHA256 0b438b301dfc0febda7bc89d5a49e792273f015c1f281d259859b30957c5f94c
SHA512 421270c5aae387f1781a92a06b387f63a1bc5681eb0c6f4ef332abe61722ee00fa81c122e808ca8ac1107ecf5efa7a838ed99cdbbe29b9612fcb126c2739e0c9

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 fe387742d537af0100e52fc23b2d2ff4
SHA1 f55f2bfd44358b2d8cbe83b9bb86ba1f8484ae08
SHA256 a057348f563e253d9a74f6bbb2ba22f623843adf45a61044fb04ac0e63e7e69e
SHA512 07f761fb81a5f003e479fd1cfb51e3a5a46f0c2de165ed7b022871fc52b662b4ce9740bb3fa93a35c3541eb2049cd26d88853ecfc9349adf1b379805792835e0

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 88264303e658a10c63b7536ceb7465d4
SHA1 a3cfd1d7c2c2907c7bb08cb71cbd5af53deae691
SHA256 c99c37531a4b5459bb382a3b0a32553b81272d7876c4983844b2d1bb0b15e7e6
SHA512 3c27e769cf0f0f487f873fefd3e19402cac2bb781b29ed879ed5d235fdc14949de0287b94a15a2aecb058d7c419c478caa00cca122b99e926b4571ff841838da

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 649e2c1f5b8c8569186f9aad3b4b5e5f
SHA1 dd0ec122b227c8debcb4f2d78bf0e67ad21eceaf
SHA256 bf870d8dacca04ef3e62fd3f3180018f2f132a73447689ea2fba72a06399dc67
SHA512 24760ac08ae66e0b31e5264b4e172197bba4a76cbaa05401eb6fa0eb0283a483cb02f74e7034d07660d078a787aa7fb89121b471b64e711df7264580b47fb21f

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 e3c8e9e40d489d83ee304d773eedb57f
SHA1 eb283a311af319f912ea7930f520593d60439867
SHA256 2e1ed9c72db520d7887bc2eaaed6fdd636197ce6ad046a8255b803410e8b50c2
SHA512 6aaa3a957fa0e13501625c4d4bb602e4074b09053dc63274cdb7495f747b767535aa3c6143dd0916f5a13767671427db3bc69d474a042c4b53e1af1b7d91b025

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 5a9a23788746fe99143a8a53ab589bce
SHA1 3387b2f24a4a526400e9ea9c725505cf5176a767
SHA256 5792dd6bd44bbd8b5230a4f0f460a8c71dc215c27b307d5994323f3840f0b445
SHA512 08dc96863e3e6a7a918e58a3b2fe0cf26ce3aa906da5aab709de56719ee31c732b9c827e60b25dac77f07b8fbe0eebbba2230bec17c1c1dac57d9f332cb43c29

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 95dcb8ac5401dafaea20349e54beaa5f
SHA1 ec536f1d096c6095b31b6241b985a15fd24bc7cd
SHA256 fa647e1630961550f76233b8aa135cbe111db84163fc00633fd7e114493c2cf5
SHA512 d50ee7730abcc586cd2875b76ae1d621f0fc87a9eadce4531ca979e478446368359cd4b5bb1218da168fdbb3f2c56b3d940372c9491b36603d989b201f9608dd

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 6a6e523b1d00e243c841544e33d29e39
SHA1 ab1c009c9cec346ef0045c4e49cf1aadc0f6762a
SHA256 d798ed8144530b956df39ae74d7cfaf3fda2fafd9e69b064d59b9f7f657937db
SHA512 90fcf5179859e01d52680000008101fe95c4cf7d1054b1f4edea8d5c5f56daf149293548eef1ea124f1ea95a980af817c8376f16442ccbf8e9efb1aa25d4917f

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 134f687b82dac03aaebc0e36b5911f1a
SHA1 6dfdecc8a822333cc54ce2032ce9ec0dc0acdb4a
SHA256 775d7cd6788bee73e9c6c7bfe884da323acf324c1e250be8da4de8c61d2cfdf1
SHA512 a4d655646d43259da84aaed16f4aa9ac87169214e6d40f9545a85335b6803a8a93739a94b61b53c91cd20aeeb878538ec520d24d03ddb7616eeeb2516ced1843

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 42c9bf2ef74d3d5475a7ad1026d5bef6
SHA1 c4e9ca2751b0f5b92ec98f656a2d89e3af11fcca
SHA256 cdc9611dd937f44c05ae220d3a5fca314d1e2bfc9d1abfb19d646d047d1763be
SHA512 453a7f1cdc5ccc7c057df76e6536977dea23f7b3ced128152ae91ddab117087132fd5ed4eef76c614cc6f2679cf7297e26d1f6d4884b2d93c6029e5594c367c2

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 5fd85243ce62b8ee8f4f022dfa42c266
SHA1 fb0670d457262f47ae843c4c74e873f0069ff926
SHA256 836b76e92a39ed5c68d4f731a14ccdcabb73f035734e0a5a32ff8f4e633a08eb
SHA512 143e1f3be47e745c2ce612dc3dc70ca880c433bc50e8eaa8e626c26e84fd9d0483a093f37f166d0eef5fcadcc865cbc35213c212cfb6ada283c58af17a445195

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9cf38f371dd22bc85b3b4d3d978aba9a
SHA1 67fbb7a0a378a441c92af8e79a443b6a0f12dc7a
SHA256 a8a1dbd86cf191abd8ec940386e2a8042cd998a9885cc955595faeede9bf3886
SHA512 9bde18e1cc1f55cdf92304de207d3d2c5bcab804b256cbbfcb2d7dc3e419383e6b6efd9694c178f938a5dd0cf9ae71a46b711a30ebe8ed4dc71d92a1674989c0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 ca4afe38f61ddd009283d1f59bd3a8dd
SHA1 6954cb271401067999742198fc8a9fe3fc2c91a0
SHA256 fb998d21bc467f6892e9b0117baf53f61f32e1b25af3801d53c118b4f1a3d568
SHA512 36db0d8962c7a481d61c952f9b921577186e0900db0aede284e35f11f84e4a774bc176e90e2aeeb0fc379ea4b77291dc11090ce4bec0b65680b19d6c18fd3e33

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 566d5f34628accdc2840622de41c6cd5
SHA1 f2b1fd3d4a97553a38a87a219c952a1b5a16c9b1
SHA256 3988b029c25de4d64a2ba76855810b62307b604a5acf5c308922d74c94b55fd6
SHA512 1b18b1f3e685de128cc69f0f665442ef16dfb99ba43c5fcdd9d22c7832ba5ae8bb5f366feaf54f779cb536e4171460c2480fcdc865d4300943f5b297acc27a4d

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 fad6b5302cb29851380b1cc8b8a09dae
SHA1 75614f47053cab896197960fe5d3e1c59fb8fe28
SHA256 a8ff17ff4b9e95750fe6171fac1fc5f1e4bcee18f05a765c8618c636277956a6
SHA512 cba89cbb6b93c631ece2f3bf8519f51d04880db9b66acb722f12ae28c46c812d1a0807b0c6ced65a017e9ae669f9f5cf264d01a0768db9ab48b833ef15ed27be

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 ccf969568a169e3e237c1a5043b90ce3
SHA1 efd42e2963167b797ccd2b438c2f42d6aed93e6a
SHA256 b271506591b0ad03d53332e3e96663cd0f8c76bb47955d88dd176edb3077b7e4
SHA512 22b0d89c6d8cc88b9e1e2449b280f6c91ab2f18ce863174bd9a928e00c656ddeaa8bd630b8759bcadbfbe48825b5d1d71be079c78172e0f3c22bc4d1e6454e59

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f3496fdf9c162756bd56f0925cc6aba1
SHA1 3ee7879d735bb6d647567956fea6881ac817d438
SHA256 bbabd56c627b0e183df9df161938c216fee27230c0da867c2d09fb452582d2db
SHA512 f83327a0e7f2446106d0128fb2ab51ddbd3c69d6764d2e075e6de71a54d7964240a445bf661384338c38b91907185f92310feb4d47002734fdd875ef2985e07e

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b9b832cecff1fef2ff75631a4dfa9bfe
SHA1 960b69b8de44fbd3cd09ba389de599009be7036e
SHA256 2b52b622ac15d64e82c63e7c2fa4f4be4d19e33265249bad42f323ac44af5fcf
SHA512 fd697ee4fe08b5372e6775f841220042659a7fe1e04ad3e59e5d0f5aa5a7eaeab69357b9c97ef76270603334013ef837262e130cfc6b6a66d2d1b30e475f1077

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 4a8195bbdc982e67f6032a50db162adf
SHA1 879b9f4b4a4d2e482f62f6afdabc49e949d0d32d
SHA256 4cb1208dc63c9688d4622a99deccf399b95ec2b24f925bab82b59668fdf03967
SHA512 ce74ffed6708e98b8a5029eff72584064264444455eb62c47c17ee103cd826c22c726f78041ce12223dd86f67e93c279492ffaa1ce46f8ba94a0568c2febf3d7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 b10c9da0774ea3a69bd4c95625924a2f
SHA1 0486ce6d5838c77613359af5f98439b47c8d4e65
SHA256 a4ff6b0352e50b093c236570ad2da23f350169f68fc2b66e44d5c5f4c12b0711
SHA512 b08564651826e9a61c5fb8d9bd33745f6aa7d0feaa59a02942a8d4416a1836837fadc0fca4330af7e753fca34abded518354af53f0ec8edf14553908a4911414

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 89436d514142269d38a7069de440f6f9
SHA1 59dc8a620110e9353eded011fa138f2817ddd7a1
SHA256 61064d033a14392e63426fbf95c906f3536da58a49b0c72c3643898061ce61dd
SHA512 41399579595af6d7a6574a2930ac053ba0cf5b74b28138861633f9650590394d269e7dfd4d821ac9ab7c72f55323e0d3180b4f8e526758687ecab384e118cef2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a7725ee335a86a51731cc54ddd2f2749
SHA1 bdffd5360d3fd4a65dca0af1e49332fe11804d72
SHA256 9f9994741a479dc2b9a994d9296a36f1666ff9f7576c04a2a2b49604c64c8e97
SHA512 ec72d0f01c064bba5443aa92c7ae7e677cd7ac8c3bdf4fb67011039795a15c42d75f5782321ec9ffd87dc2a8a6390863da1f2a0c3712e7bc76636ced49e6edcc

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 83389159db74f44f00e600a591da4794
SHA1 94c59cb4f99ea4c220b43f546201a4af60225f3b
SHA256 7dce43f9d888011809247cfad2d902d16482b83d85ac3697c42ad22a8f3e789c
SHA512 37b6bd4fe0a6b3c7c74f844c9fba90a2ceec251d6372b8a3796e384e93e41c1e7551846ac41f2a18be6038659e31c980612d966bc20cefa6d43fbbba6d5131b9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 3358bfd8f9af1babc9f81ce06a1340c8
SHA1 3d87e4b726d29151423bfa4f54db9a361df1c9b7
SHA256 52c07c549b41fbf8a7a1702bcb8f791346d46f5700877e56f47d5d89cdaabac4
SHA512 ee816489cce77f56bec8d6e1bcff70b8c17d0e705ad147eca1a8c689ac02210aae94d6603aca726d91e00bddfe379fc3c854b5d4aafa0dbfcd92c3a8bb553c6e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 3605e4fc112b0dfb27c38ba380ade545
SHA1 0466b6f0a2d5c454df27aa8283ac7c4c72fb3bfd
SHA256 023ea3f8ee9a03062ca528d999e063a48a275b0fb2671395e3e190a404274f74
SHA512 2466d59b61898d08d4390ef8f4ad4ab329c887b759d4c242ffd5c657cc26c88322a1b35ddd887c3ba46aa676db7dce7b4d1e34a61a137c7f5751bc254388c379

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 3997d88d54814fa56b4897ddf2e87e19
SHA1 b5f4d7e290ecb72fb3c80bc3b67fd326871b606c
SHA256 73ba72923e91abfbeaf53d0b718f41c9ed7709f08e0b643249706a8ece59bc07
SHA512 edafa226e1f4ec209e640178a2bff2eb05e8114fa7c8f711f9de3fdd1ec87ee3448516a7efb5840599880e53762cdef0ffd8128636bda0782612735d3163c63f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 7821a5b98b6f7c89d9ffd15de05f1205
SHA1 8163fc9678316ce8cadb5c3d8035ebb738edad96
SHA256 618db2bd146ed96923577dfb3103aa0b08076f90fa471df90ba7941d6123141b
SHA512 610dc5f527b2f6a9aa4868ad9e57bb9540f031ece1f8912cdb4c65af104a12c1e54b6bac6efd064ee2d90b01d382e134dc9b6e84052b121b0907085fb9aae7d5

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 945e12f2efd85795ff0c848275fe8844
SHA1 022206f4c5e5749885f357ba002b5230f0b02317
SHA256 41eb54aa6153a0dcde286352cba18f1ea67f36f921fcdccaa361c7394574fda6
SHA512 b1b5cd6e16db78f1fdfb9f26630ac7890892a412721283c4e50b75d320ed77f985a905cc7b0f6b5a34f06fdcb7ccf0020a1620f9ac238028f0ee2723aed886c1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e34b13ea569244c23702563cc77f8b80
SHA1 ecaac88d3ffdc79977a7fd765e3b9d4f3fa95a53
SHA256 2ad9d362c281bffd62ddec056a075b5151ac2e60cc01f0f739782ae93a2b0600
SHA512 d27c57ceeeab8d8cf556eaa6670490f5518745de99be42dd5abd5c5eb1b033e76d34848b22728f653a795f645f8713d3efc2e8aa9c43699062e4b7c2e7f3b036

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 69ac748b93ccb389a41bce7179b4cfbf
SHA1 3db1a93bab13a4d66e2d1a4539d896dfc83e4bf3
SHA256 881705630cd565167a725162c325ec57cc7490be12389d916291bd04fb07f1e9
SHA512 5742f226d027d95fd9513261a1b89fd8987313ad6d176d140690191f14af7e8fe3475b113a7400fa6cadf36ff282395a418f0b1743029c7d2ce64b6a0c1079cf

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 3fb17689d5e6df500ae350b537503918
SHA1 b56386bb0045cb6e754b5f2db2c96a89f407d5bc
SHA256 27e2b954ac9f11a44e805f280b7cb0d23760df91fbfef2f442948e24fbcd2222
SHA512 b186f292dd81ff9c75d54adacaddbb49102bb1e63c4a67f68aecc483f3d06db20be894a11e9f18ca50e13408c05adf5b6d6ac063f17ef826d671364bac3efd73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 98c7310ab412e45157ced64b9e869003
SHA1 b998c8e661b47024954cafae58d56934b7735fc9
SHA256 a5dedef6ae613cac1f28a6e35a12c2c38cc74275545ed17646ffe26bbfa7ef01
SHA512 bb235850741eead5b8f441fc7691e2873d31a434f02d89c7b2b685172ef381e9a2f831f98cf1c602787415707b6ee21cc705e52f415b571f9b565d22151af436

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 c0d21b3062ae1c9a4e1ae027da866593
SHA1 6841d4a99a8e72f374115fee0adf49baa69e744b
SHA256 0932a1bf2c7059ddbb8e4f65b927f433f474d4a89518d065b725d081ab071bee
SHA512 1e7e2c02c1f3e766abcd472a6929206528dd10da90e40848a3c5ebe8ef8694e43dc2733ec2705d41d51b9b769563223119b695c3db3da54103c62e2afed3ad8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 51e240034d5be9bb7fc33499615e441d
SHA1 1999e1a56ab005e1ac52dcc7bb44ddf8b72f0d60
SHA256 45b596a34bf4076daa46b2f5315b7d8149f099188fa813a48e04322265ae8093
SHA512 b86434ebc32218e0e17d8a3d1349e7ffab32b965e1724fc20f457bd856fc1198efb0c88b1a7af4e9ab0b0d5580bf90f3424cef038e11fe70ff8049d07524ba69

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 47a2eb4b239d831748f6594d48754016
SHA1 2dd1defef338397760a613f87d6d119d9781d018
SHA256 633a2817b9771304a389c654d41f1f32a19dc467aa12647fbf0f6b57e2482aa7
SHA512 a2756c95c0d5e020084c84ddbfc2157a6ed847b1056bbe4c0e67d334db328a6a61b02679cb9a9e068739d4b5cd5cc4fd90dfb8543c25a25d74f7e6e64f7a0927

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 adcb4a9ce4241948fadd42c90f678b9d
SHA1 1a9bf40f9fd7f0d0fd18c4606bc021782a85f2d9
SHA256 963f99597968f7e904c320bcab3f7b0aeab3983775adfc07ded30c7294f0fa60
SHA512 aee6ebc154d0267a2bbf49b799980c41ed992e9d8ebd7a976b4ee87ddd415eafade99a9c2e79ef0e2101077bb2a95909fd29c93d5389f57c22e32acc7271250b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 50a4dd4f4eb6f04b06982d68ee65ea69
SHA1 f7e6b69153c013062ec3a6a3b31a55587784323c
SHA256 ddd1317d2869665a959411e49622fef99ceae7ead125e3b3a7cb536fa3607b01
SHA512 a6a3337319ea58fc653878f2bfaec75cf6414f151209853e6a08225ef90da7816869902b241ba22088a21a92e43c76a8b8f2f60902e3aa02cebf65f8686b6214

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 20e1c87733b7893bc1bff30a17d8502b
SHA1 c9c665548dffe131eb6b49749f376fdffe090c0c
SHA256 7fb92542ba7c86e4aeb81d6bd0ca435ca3012f95f63cb25e685eec3e2b6bf27a
SHA512 abeab469233bb3f4eacf7c680bae9a3c4b0c928830a3341c839f8457c89c1858b8849e8fb70a40738f8ee16067a4bcd4db7efe0682d72a8bacc45a37fb27539f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 5ee04b5119417eb5ddb169275a37a2f0
SHA1 1824acaaaf8f41bbe9da0441a0d08af3eac26aed
SHA256 1844d1c2669300cb19044940988b250195476cc933839de802aa7eec7a93d3f5
SHA512 c3b33fc2dbc738e22af1ea43d4e101ccbfcf6dbe8bd7221270ac4f732daa4f2c94a6faccbb3e4b3e5d3b7f807fb0402939eeafe5d1d616238d3610daa54b7943

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 010ab1926a20fd7b06af0f3df353c53d
SHA1 f66e48e35219319a85fc3f2f48d85ac3e129889a
SHA256 05f277e2438bd47a0a6ba235cf376b014e6e53c72e4dd0f9224d9b40874527e2
SHA512 21c60c773deb4f7dd12f844a345b787dc02d5fa564d4c43b225b89430d2436aab481ef03b35b0e18379052e098852fb66683fd148cd26651d8c1a39ece4c8ce5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 c51e569404442a0c692102ba01f0ea2c
SHA1 28b6024a440a7257b98783959cdc51793661a3dd
SHA256 699f5a0de2b5c2f204829873ff078d71ac8ef9586a6fcfced31da67a159394f1
SHA512 0fee5c2c41754ba95bdf87daaeb7090f7bd10d0da6f7802411be2b2f64ac3f12d8bf54cef60d6f07c0c4ef0fc68cafa8bf485b2cebe8905b01728d218243e254

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 4b2143ff9ca34e904318bf0eebd4d531
SHA1 cf4529d280e7851c95062a3791a2d49a57c3e30a
SHA256 ad05a25ad54cc4d3984cd6b99250636b4f64c982e46c332e3d6dbb655aec4f24
SHA512 a400ad04aab47d6e7f6285ea67234eb5d921aea3922beca3e1288a8f6a61ea3175b94ffc8c5d5ffce0df5f11fb783b37287a6bb36a5a577e8af53a5bbbaf608e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 c70f8b0d0d972dad6bef99e3dc0bdfa6
SHA1 f5353e60bf06370dc965d20f1cd7468ac4b7ae97
SHA256 9d66e6820491042f61ec6d66af365b28575621f981ffbe2aacf4f4a8d46d87c1
SHA512 a96d8d435290dfe82b9d6d827c08d4dddcc29084192e3a5753f5b8f736565c4a4e027c85453cc7a911019d6c0ae819c7483343f91cac0434df1250541ad4e17f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 4d1e55fbfd1283a0a42f194ed020da1c
SHA1 b02cf3d32ba1bf8e347fe318de111169b6297a2f
SHA256 ab223708116dc6f9093ca5cecfd7c42652fa2d8e0fbb80e0d7ed93a0e45f418c
SHA512 9829e6d48a18455d5d1b6f4f7d9b245b172186b8ed3e9e8c0335f48ebf2fb98c5df49056eafb52f2b42d6f53a4f39c3c13ecebe267f039efad23b83f5842c822

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 93c73e40a272b660dd274a27793b6336
SHA1 4fd7a49787486a0c141de56d55df6ec00a286033
SHA256 d1d166d835e6ad4ca97b3da85867ee3839567641cc3cbf2e2b629e8c77a2a0c0
SHA512 d161fc7694b6943dd9c5a28f92f5b5533a5bddb6098bdc33893ba4dd849bda47b9b61a98c0d1d07bc8393569741c65a7eb8c5162feed0b34de5dd74d31e8c784

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 0736acb44068949721853add4283b7c8
SHA1 bc3dda5c49f07d494b92b8e62ad99edbdc0d12dc
SHA256 70a7dadbd3140e78626063e5748c5d35c916be70a5d24342de3cf63c54729fcc
SHA512 2cb2cb40cbd0e226dac8ff17d00c4b24e5a4476cc71f01fc1b11ef7e5d7c4bd0387899b8362f8900b3644e74f3813989f51be064f55aadcd3f3f9cd4433fc9bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 f7e4b9204ad8d2a24a08d530c36a7dd9
SHA1 bba0848291e65d7308301519bd9e0532f4b9556c
SHA256 8d0fb4dd8e0a14ce64edbf3e31aad749b2d087333c0f589af73a2ac8d0080797
SHA512 11f16ae32fe9c848e7b551c199f629e815951d1928d96d825cd32458e5e50aff7c3168da5a98d13b11513e3fccd25fc450fdae3ef2fd3333b31ca794e87a9de7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 10fac49264d9847f17901eb2516b5adc
SHA1 d8cd7d6061222120d4eafbf1fbd506256e67b65e
SHA256 52b37a695b7a060d1ea570c6fac9f2d0a17bcdcfa50f12c33de6941530d1ed47
SHA512 35a5989699d8b382fab3bfb9138d5a661a7fb0a1528e9a4526a73a933092c822dc0dd3aaec3bf871f5debac13c5198e43bb9a8fe2acb0b053c4b53b1533780a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a87a906b96092d2d592c9e163b59e132
SHA1 24a7c53561c2ee885ef39cc4328d8ab29ed0d0c9
SHA256 13709356af924ea453dc4a6da6b3bb65e2549e16ccaad23396b79ecec38820cc
SHA512 fa5450d35dc45464afde0b8bc9c9d2272e9404802a200575da61262cea7913510365dc0dc037f24827af3e7de9e37ffb2b110119605c511367049189f6f253c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 baa0419c452b2861c6fb6b67c930f506
SHA1 af159ea6f6480b9b2804de0351a1ee4e5e7ab1ef
SHA256 530a69d4cf3665650a1e88a5d29363ec66539a4c4e11d3e0a046087e583e345e
SHA512 f5a97e9248bb0c139743fa4a59339f65b63f3f23ef2d809e05ce02cbf7694b4c6c2bb729c90a34e39f30d747b133f5f044a4dda51a231fa588422c8210de56a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 5bbcb62ee62d77ccc71920c0d56e5e5c
SHA1 6e14c3f0eeb06e26203aabe3803d13898c50e374
SHA256 fe553834a5ad54db08e66e96a563b2cb98de29a4117778f49384aee979c4d7a0
SHA512 6d823cbab98ed1f4368ed0996832c55bd110411b3730ab4464c264a9d56c5a76054ef8518be58ce10b44d02f07e7e924834fd723d15676fa1aca6da180de729f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f007acf80a0b51a966ffbc30b5a68259
SHA1 01223785063fe8cbd57bb7fab746d38d7a35d293
SHA256 eb5a689de8ee1e47bb65430c392b32f97ffcb48df419d8392ea2755fe0fccb08
SHA512 12529e1b36b102498b8eacc410a82a55b9df63d8fd27870eff1a5e4e218b16813f5907b963545bd286facc680e52d958e9dbd2c36fb770d2bc9dd42e966a6562

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 cabde7a73eb8cc3f204158d7c4c00a85
SHA1 d982c7bfd563e040cc24b95e072383ba2ca88bf9
SHA256 834fe43ddbf07403fa462c1cf938cbff165521495289ff5a1c6d0158620c11c3
SHA512 706c6eede7e88b178e01887bbadd82b64a02e8ab5eedbe00e75c03961e7e97999651b8b8763e13ee738316bb59949b44bf337296ebc594031bdc3043d6335b89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 ef86eac474403fde45bbdf4a047eff2d
SHA1 b59f8753cc2794953522bf68da0f04a296f8e1aa
SHA256 c223fe457d93adb0c9ddf28ac2db947f2cf48d9f3853bbb0df21350ef68d29b0
SHA512 3dac8e6cff3e8ea3db7eb5701f9c236c5b5a422ae28d1f417d3c3334275e3636b4ba6a82db7cd616c776c4b11809ac1d7e7556646e3a95e692cad33d2177a049

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 1c3c89ead1d807c87ca48925824ae035
SHA1 0522c4725b980def3c2c77c37280f382098b18e0
SHA256 3f5c5678c3a5f08a9b8b97c940372cb69fbfd9e74a356be91b555e3fe9fbbfc3
SHA512 6ce1f23485cbcf9986e51ee464edbec9f361d6360c994201d239640900a24c202021ad095b1c0ad94c3e66fea6a4b4625e0febe6804028262d5a03c9c6f7b317

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 78fa7e64e226f5d44864ee8383fec394
SHA1 8a6b7f62e8ca0aff680b84ac73d511f70390bb3d
SHA256 6bc40f15413f36834716685528160b5a07d4b9e5ec032acbbdd4eda3bdc92835
SHA512 2968c33a93c85488fb825d40eb2b9de1f31c558e92d732b1df20e3f25c27dc1af4485f37da7c658892036a5a2e72a172d6a4d0d256daaa956c373ac6f726bda5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d86b0740afdc51e4a64d9dcfaef95c63
SHA1 b48b530bd9bf314be4f24a75100bc89fa20608ee
SHA256 883afe6da1f623497efaa0cb2c87abc1c73b724d9899ed0844fe422c85598a52
SHA512 79bbac2f69a85045ff2323df95eb8ae70168d10a6ad44b93e6b777002bb2e085cafff2812d2f0c7a5bfa857e4c3ae3ea7e7fe8034b92513e90522a5ba7c717fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f6a57967a4685f0f7b416b698229e4f8
SHA1 b26c2c94faf62020f1643eee45eb4170c396c57d
SHA256 0ba63ecd438606b2694d2b79370cdbc892e9f0fe57d95a7149d1160ac73ddc30
SHA512 955f5518a888fcacaa075e3660810f0d6ed0db25a3f12292b32322161fa148b67ce17770de69a9a8a0ffeb7d1e1d44ddd601d7f6258ae5199004b55c76cb7bff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 5bb21a836bcbbbab90477f7f97710e91
SHA1 a353130c82315a4961ef0d8da1eb45afc11bc7c7
SHA256 22b21e07cfe474e10514d9a33f767ad0b07d9ac8bbb3de4cc48c5e9fd7fce490
SHA512 e45ba916bc08598726e8c44fc2baba7f2f91c633152e8fd2fdda98e58cc606d45d261b9efa0c8ea1076ca2f8d00ea206648f4a1f59487bd9ae311fbdff82fae1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 cb52d7c8ef5245d80e64bfc079e98135
SHA1 71feb7111e83d2575e8b2471f5fabb314d0c9914
SHA256 5cc3c8f2e01b24c0da2853bc2628164d0f83aa05077fc62a1248557997fd5f02
SHA512 e241e6b1420dcc37952450ba905dcc2c3eba3cf5a1d9ce13ba0d85748f00b142f3b52b2db1dd51e2e7c0dbb68e6c865e593072437465b403002f8b1e9311228b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 94675d9bb96c3f139a9513fdb9d77d26
SHA1 f3b9cbc4331e72b2691bf30d6498a7c711f58442
SHA256 17afb908b97794627a615724c9f22e434d801c391918e14a91aded7b8618cee0
SHA512 b4bc7039f331abed2e70c9d2f254a1845b22a9439d0c44e0ba403b6421c735cafdd0a4de9a67a02aa96f3b95d3489c35929ddb73bd9e57b9885b8e304561d93f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 114b63afb62494d1355364cb4d0298a4
SHA1 a38b6b99ce7267d104f01e6cb2767a04ebede78b
SHA256 209f3870cb03e7cb144a7179df77593291fe15c665a37c035171b58d664a510d
SHA512 02eea330b407da9197967a4b7b72b0a1fdc6aa61980adab2aab1ce1b21e4267a9669492ea787c8fa70a2cb1bc7f4e012ea26ffe94c16acbf0fa419c489083856

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 fe2f386d5d24ed6896f448e33bf11278
SHA1 4548a3ec9312f95539433958754eeca099d9ea1c
SHA256 13ed8a3b350d9748e9e4d30f1db505d474aed5eb2fdfd22a0be016288cc0ca4c
SHA512 69158a0d3576551f157b8086b6ab5d32ba76d8ec0b5c7567161cb6003882f071912909d89ef52449e197ac261710ce0b22092fb88caefba00ebfc0e975abded1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 a85a7f145adbcdbbfa5f1786fa7cf96c
SHA1 41ddbbe4dc61ac42a97bac49be1e7a77b0bc9101
SHA256 81aedcd2f0b0090e81e5c4672a31686c2faeab2ecb3cb2f4c5a3c2cdb91cb892
SHA512 401f9a40792e27246cafe6e6efbf0cb91e74f9810cf1e53ecd437ec88fed3aef0d82733386f973fa6b4cbb93a2cd434c7486f35eeeea3ae7b75594b4a95aec4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 864bbc4578d509d5d1e9673e592c4312
SHA1 66eba9925aa44df38dcb45bd3df180f39b280569
SHA256 09363a8f547cec5aeb17c4b5c114422715e51b2c4b3eb0296e66d890cb5f0f41
SHA512 90faf5755820529749f4710a8b0dcb1a67d30ec1411da5781c8c76f12ef7f8733c360fe0c634ac1d174e25cfaa75d10d489a499e9d868b63dfc1734a686943b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8cfe8820b17d186dc3f5cd6f23b9a4e9
SHA1 a3e793052d75987a28df7fe5927127cfea50ba10
SHA256 9b81f8f90ff2c4ae8a3316fed7a6a23a6fe207692f6d64bf7b1e89254a93825c
SHA512 3063d840ca32b941a9a61aa9302753bae22fc51dffe20ba39b352bacad965f015b01e726c50965a71989232c138dc863398a2e98f1c26b7d0e9fedf7671b92d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 fda84c35ec2082dd132c67a81e246b7e
SHA1 035c324261715892ff35c19b7cfdd3a8b6904f78
SHA256 2aeb53ce4927d129b7c87e04c78d054d5ab9049ba3dff562310b78831808d3a8
SHA512 aa5f68af90f6ece4d0901ce354e7763f652079aa9d4c1393c0ed3e3391c17927d0978b98a546dd295d3972d6147141bed77ac6fc9cc3afb83e353aad5b6d42c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 bc5475a71534f44d04e66e2890d7fe8b
SHA1 de09a1bb44bac21acae8b3bfa2eb067bc7900fd6
SHA256 84b1357549c7db62663ac41178621c2647f51872e5ad3fe27571a92c288a7ee5
SHA512 e24fa23f45479905d6081d99824bc5ea297dbf3bd4c37940929959341ae56efbeb695c459d6f921dbd4fc6994b055a7f94a8f3320ef371d2eeb4fc556bf2b678

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 fb26290d1fa3ba154a143f175c0b3477
SHA1 e4df1c719483b373cef6bbcdcd56893d5187a893
SHA256 5736c50d39197aed9bb007eac86219c9484736133195b52c6723b17c7f0f6806
SHA512 bd22a0024ca453d159c44371dbd73056899d28dcb411bb68848143314bff388b71d2bd7e2123627e7c9b9df59a187a2562631e6ee472fd2c5c0e4de6d57d90b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 454ecba70881cbde5f5a4d81abbcc828
SHA1 26ea45dd084ede71b0a8f66a196346d37f83bdb7
SHA256 fce8befb49e575d3c805f9def94bfff3249ec1baab42deb08c4db20597c7ed1d
SHA512 a7dd0a7dc69d864ff02cbcdf1cfe732a14188e1ed7ef8bf99108eccc7fc1a37cc88d7487a668e588a4a4419eaaa38b92e3485d3a14a2f813c523a7e88331d63e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 733dc90d871000d2eb2c29ad871b226f
SHA1 39c2791c2428007ad55c3c05f4e76c1b8da113e9
SHA256 5cff367316a6c188ebbfe7b3b820a2649996b9153287f0b8a56668d1b2b72cef
SHA512 6184cf838f7583e4225a1c79b89839605cf1653b3af5309c910e65d16c51fb9c390b2bda41dd728f042cb38a966436b564aa0aec04a0f2cca67c5648b2b8fbae

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 56aa456d1556e002a6045d07f83b0ea9
SHA1 877e8007a406397629f64c186f7cf53463960d78
SHA256 ae4648bfe88142b567d818d055ca89930781ec8d810880f6d9be792a48ce47dc
SHA512 9fab0e87d219bd47c48f3fe852fa6f28fe7a92d801453a21f7971af4e98643b524b344bf04123eca99a9e9081fffc1cc30dd603e3a03afb09b8c8f0d1ba1574c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 72e4bafa5e8149de0391ffd6b9a91af1
SHA1 cf7a2b3b8b46941b828f6cc76fcc0b4729f440c7
SHA256 3abd98f9c74386b8c8e12613e4e17348d78d5ec804ca1c2cf3844aaac0529fd4
SHA512 47fe07b17663ba2c38e9181bb029038e77b49c56e6bfb9d75605710e12d07ef6f58e5fd140d34585be02c58280b72748ddeef1875208444b5984f1f28b7e3cc0

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 1933f987930f7c7502d65e52bbf025c9
SHA1 3fbf67a11cef11a80b67facdde83e22c95fccd7b
SHA256 9f822ed2d43641005224c2a5fa7b1eeb9e3e278c44aa92e3949b262f14b8f436
SHA512 491e21dd96eba8d91db350e742ae10b21f73c7cca6f0c919c0e000ce9a24c2f4b0926bd2d1d49aa68ce53024498dae08b6524d9cbee34bf3b6e2e3fc8cae08ef

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2c7dc85e37d73979e29ae27234e0de9d
SHA1 b392b8bd03b130055492247148e561bcae9ff044
SHA256 34c975e64b69a0472304a6fa8c77e57ece76e7fdff4c7cf6327e8698c4bbefe4
SHA512 98489b68fbfd5413d84eb08657ef0441c0af827d649ba59560e0da47abc145934b35a3a012ffae8741490706f4992287445dba1d7485fc2e6c6fbed47d5d671c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 ec635dbb0fd8d3d6ade95065d834d130
SHA1 05ac5323c07c9e0bb5fb2b06de6c83f86452d8fc
SHA256 3ba18f053d9853585ce742a0d70a8c32a08f650b76065da0ddee1e76c09256cc
SHA512 79d244145d8ffaff8950b761d747ef64742740cf8af07755bc0b327eaaad61fb7e0433cff178be50d93a998e7b156e652a69f3bdc9b498682e941ea3ccac01cb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d9ec43fe20279aebebfc21c9d5621ec2
SHA1 2112f36e184d87451543b911fdb7123a7c009ec2
SHA256 a0933c7342029ccf4e6ea9a43541e9b5a8e58b4749d5bec2885d64fa6f98fd4a
SHA512 f36e5ae07ab7eab105f116269a1053259344c0c7c6444f90e5c2080c674a09b192d4498a8e88cd94cd94b8d6b3da066f7833203bbf5170584294545a10e1c674

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 5f01260b280ba7659523cdcc12ec9aff
SHA1 192a1fa005e9ed2ecb666936ab38e9b44dc45ef3
SHA256 9e91074220b348877e62fba91ebb161df90306dcd56a497d93603ce20a8fbf20
SHA512 d35fce8d3492ffacc64bc7655bf5f6496056b31da799919b222fc3f1496173a0c40189899770ed39b33c4b78b282e254b9785a66fe722152d8503e4a73cdc250

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 520f2d2d926ec74d331ff4c7f011a94c
SHA1 c807cba9006b8d1a88ff61c5026c7f31f8e239d3
SHA256 f09497d18011b06d43475f2801afe44079e148cb74a4e01049be2544d93888dd
SHA512 a4ac09f1339847d6b5b693cedbc601555448162c867b17bcbb369c879f4e5f3b64bcda75cb21f58426fd2d5d77473e6b051f1692448a94e01bf38ab6e83227d0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 872a604748510631b042c35894895695
SHA1 22c5f6af1446866b1aef21184aa72ff7a9df283d
SHA256 3c7826a367e8903b72e7540376c02579217373e04140177acd398ebd3f781b7f
SHA512 992bc112c5dc3b31253849e6de468e8c0b26a5f984d0c5be6976cce33220ce3f32fbd9142b733f31791f0c76c09a089c01930231d62de6a2b857ea2e36458ef1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4a8d89053dcd507eb56c9a041d66e09b
SHA1 238d0e8722fcaf2d512d2ddca3ffbe393a146ec2
SHA256 62b632d8781f069c51dae1c69b54f45353285b6107819a2f2978ccc366d8b37b
SHA512 8f7dfcbf57729ea876e6442aed467e34d04b48cd3ee5d8f9de7a69b899bf5673c36059872e116156c3dd5751724330b47dadbf9ffa24712d15cdf03ebf4b1505

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 83f6f37e6b02de5fb09bcf90998da41a
SHA1 ac56341bc955e1c98df5ee1069010fa0831b6e4a
SHA256 966090e1975c2b0c330f19f2adf82f8e1f53b2f5d1f0f1d741af458aabf3b9ed
SHA512 b31caff03a2083dbdbb9b8367d8edb0dc585f6d6440b5a3719eb83741ccadbe1da3d76ea2b657a0c651c7dd21a109252c774ebbe466f291d693bc34ff8cd530a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.Skaype agu1237

MD5 afb9fe47a181dc91f0c25b6fb63e90bd
SHA1 972ca99e6fd2b384018f9ec8f7d834da737248e3
SHA256 3e59c4d6cff7103df74c13659483098495bb12f75ae2fa1eb0505dd1cb48c97b
SHA512 31e9497dfca67bf7c2efaa02d1e76d0b24bc14da89ed82036e461edb2c7a0e04077a30acd8e2c9b1fbd51358e1d7d2c8bd7caf29a2a4df791999b4d1862cae36

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 adf2418009770dc423fed51075543f13
SHA1 4ca42add33bab1170c03898a269cb5db1f44ddc8
SHA256 078734d08c627e6b1b889a821e0d1ac2bd0b4c361f4a4dcc50ccfeccc9054909
SHA512 8f6ff182ac62a655206a479e0c23f4046adafb1d8662abf393249773f440526978660012d20099bdd2c145f323c292eaa56ff033e0cca1975ea510897136858e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b75be34f04154dab6ccd7600fd908aa2
SHA1 46a9d664798ff821d7afcb1fc47e69bab5b68885
SHA256 fcafe6e15dd60695acb60a4fe51cd59e5073c017b9b6de506b080957554d809c
SHA512 c71a49878e31bada355c412da1c9091f0484f5f771ecf17f6486f64b07aac47e5d64593baa79511a9506bc64adeb77501d45166d9241550cdebacdedaa6804fd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bbc9ac2550e2318d36cb6a2b1441c59e
SHA1 a143f91cc06692d03135117eb21c4348ce120270
SHA256 3d232ce7169053964c2837a6684b1d167197084c97d10f404175361a7c6cca93
SHA512 3a93cb43f95c403b8767b784ae1f57f1409a6577e29cc79ac5af2635b3c4f416be5c9bac5c2d7ea27e2d33ff1ab77de46a25f89806ff1800305e169a6a513593

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 6eb80eb1e4b9679855d5347d8651abd7
SHA1 7b8a2a6bc3385ba31776921abce00352020a4443
SHA256 7cf2de988d1fa5b3f0cff103b1ef7e538fd6814aee477073e7542b8580b57ef3
SHA512 24f75cf9a5991ace5c4c039af9a97b69a2528d1a589d7724cc4b7de09a3f5f5150e1f3712f607874c14fac890b4e76fbc02e5836513b25396e2bd8edbbf872bb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 3e14d5721b51bdf0f8f2e23c655d30b6
SHA1 78ed06332f8ad7e4ae5fc0552ef1f1140feb65d6
SHA256 3d0809b5733a06d1840f4e68b6f861b217da70e3196d95701a4da38ce7a47b9b
SHA512 2d5bbd788c4b08965b796c0de42e042479ece34a3f062b4cfd3480acac3c197ae3975d1144dc548fcce74fa881e81cee2c13087ca9876f6d7992309ef5e5cb7f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 15c112735f4e7bab22fdc215155891de
SHA1 313f15245dc70afee3d3d332079c969810e9ee27
SHA256 b5ae520da48e7e3459cd27cd2002fe5f9ae3a8a83c301932e2f0d0877bca8b1f
SHA512 52661ce689af03a272f63256d42f4bb5ff5fc568d933b85333141e7c0237d69535776b66ca55ed6b51de9ea22300e6a87a2d57406348fce3c21a553e18dc3301

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 063a736fe9cdd915193f56431afe379b
SHA1 f271680627aec9460fe21687225386da35873ad9
SHA256 0b90ae10f5f9738d088d20be24bcfce9095fe9a036fe0e1cf807e4a1c31570a5
SHA512 64b942a27bfd1d7ad971cc796b8339b63a1f480fd1a1bc58d85aa124b510003611efae92f4284d6af951536f92a7184af7ed5b09be64e7232bd8904a2b487a50

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 73d75f7cefdc50581433de59ab6f47a8
SHA1 b1c28ce6ad1ed11c08c190fc7dff4f6c9c9eaaa0
SHA256 b3500b69298cff885a0ffbb34f3e7bfbf7b68126f3a6c36a9a884fdc96f449d9
SHA512 5dfd1e16ea621634eaa765a03e519cc09a6305f65af186ae9fa6b7f15e3af784c4966b8773972bf1d2f24bd42fa801962e7a9792d8f19fa8b14990ac06c62d62

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f1153ae91d6665c9e79f4fec698947f0
SHA1 ec541c74b3673b46809bab88a834c429c23abe7a
SHA256 d45403d053019fb3c931a8711cf3af6dd2a8fa76c0ef9f9b95f8a22bba9778b0
SHA512 c7157725f06d8e824d1cc2da4a9e73b46fc4c351c2e4a7affdda521bcaef0eca50d348428888dbff595830b46783fa77e037e3fcd72ae7afbeb0953205ed062c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4ecd94794b45f853e23b983e656ea1c8
SHA1 270ac0623007403d2b4cbd59207546a8762660bc
SHA256 cea08e837102ad0ae13df2b47c2b42f5525effad0b72cf33a8cb2fa03bed0a5f
SHA512 02eb2a6f040a1b1010dd2971c30bda09398225717d4bab57fa40f9c5cedcbc65fbb9a8b862217dfb207ef45defb716f60af7be4842e4f57d80c61e936e628eb7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 7377dcdfc494ebd786a1ed924088d744
SHA1 735952baf671fd68ff5e281a2543550a2456c860
SHA256 eca55d6afd19ae9d79b70f867e919a08e94c47838ace4155c5b4ba5ff8bc2eaf
SHA512 43b25a57557e847921017703128e2696fc1dd7022fc004fd74aee2780360e3084719d8318f95c55c46b5468843825a1f149f1c002d1722a3782411ee7ea3a262

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2e9c2f254c652887d2ad1508d7c13c4a
SHA1 8bf61da75f1ef9dab9613554d40943b4d50b074d
SHA256 77dfc48d3a3635a273f8ef6b30e5b6b58106fdcee10f33f6443341e559b02da8
SHA512 96287c6e8c8604e461cce25caf37e74cf144cf82901858b26f3590c0f62aba186c2ad58debed2069852983afeceb1efbc7e3b823a1c080d9eb8905114b5e1c38

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 890bf8b1f32dbaf27f65bb4c38b1d560
SHA1 0ab42fc2d922a11d897ecc8b91f7cb5ce5993ffe
SHA256 21b9c5a073c88fb548fae19a459cf45e1d9fb70a0c4643916f8655ea0918be4d
SHA512 4ed3a6b9453609363fb2b752d87ae2714e39018f74a7daef89c9008c3437fe5c42adc63ed1b816a3c0fc53783f51233d1bd901e2d66ce4f6c5ca161901996fff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 1d2239e04fcfecc63a68a673ee4522d4
SHA1 d5c975d039f881041696a3fe3b011d5f92ef8187
SHA256 70db49a8ded1e45b41dfaf27bde759d949382775dba9f51c5b90cd815a3b8960
SHA512 fd19fad892752b546fe2f127e6ff89964ea3a8411112f04766e7b8a1e5ebff058ac8409917a47a8a0db25ad29c5512d00609414356177538af7a0cc6d80f6d8b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 5bc9f101295c9e734e2eae29ce026005
SHA1 34f061552c67094fa5618bd717d070bdb436bdb5
SHA256 5144e2cab40a509c969f46e3f970e00730c69c3ecfe29b2efb3a2327d58a8f28
SHA512 450f5581bd8995fed12a4ff08ece133f69aa4a564ca377414c2eb3d459def36b3557dfdc1724302a360c836455630935cbaf2f4ad7c7c057a670119726623195

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1bd9a818e030d081621e4f2aa357fbf9
SHA1 69f5b50fa97739d62786929e5d82d1c71b2c789a
SHA256 7d90195b5c79f1274d649cee8ebf2b6819c66f5df75300f7cbac5249c32401be
SHA512 8f4dccb31b914916abe58b1109286722751affe1c7ac4109f415614d4fe67b385ccdcb35605bde042290f935d59a275eada8972d3c6fff129106dc26af91cd86

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 c74bf74cab9dd3147d9fea4428e0c807
SHA1 dec6c6fdd7bf73f43ffac4bea2fb941183dd54d2
SHA256 d1815d42cc4f6973f299794fc973f3ef45ee9afc187fe18408c6c9894c9331d9
SHA512 b5384ee469a99e4ed03e658ef32c3eee6aa8ed4712a5e9e21f2438c2afbc2f344dca421e4df96bcd54d5722a6930f7a7da0280e109977e7ff20a37fd0d862c9a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e1adf01e71b7643c050bdab837456774
SHA1 1625a27b9cd139f2d7c5a5a6a9724f9e3b7c7d01
SHA256 82aa4d2208697b6527ac7748a83f083b1e254e084582b82e3f991adf43c40ac9
SHA512 32da32aba7e2ef19e19e778a1c0bc32dd06fcea083c5c6ac87b15f7f7f82d01aa803ee4485bd069c2b3cae5909a9870a898726eefd928e780cd2bcc02c3b7d00

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 cd5ad89aac78a4b92a05d55572c040fc
SHA1 eed0590bd299d691653addb5635b08d1ee8f4ac2
SHA256 a8cb81a2c24fd496123d36b1fe1c86efed572d9d605bf85048c01c52165e3e64
SHA512 2ee7e11c315c60ff77833ddd5d8ac3dc6d04a001524356d2c6baefe6b94d98189d003e138ff07e7c2752228f28351049c143c715026f9861f232a9cba566bfce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 80e43ba17f92795494aa76bb1d6d6ac2
SHA1 34a2043528ce25015270127fce115353f950e7b1
SHA256 404eb4b3bbf94320e5c257d7a00f01d217175172c82561a64b1424a9f152af97
SHA512 3681c209f50a531bb4bc1667384e0c36cc90580edde4513fa0d711b6dbeb80fb761e30d364511f835e66792d250810047e2804f93de880fa40bd98e3d9701f60

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 b1308ba4e4a030b542dd7480bdd1311f
SHA1 126d50831e8f246ca5c70e56ead7bc69b45b7ff9
SHA256 32e4a4d536c23b81273105c6df51a60284a9781da67cf24f322d4a6c12bf17f6
SHA512 894c24b99703afdd290c4835ac1df229991ae0cb6e6aa37e200d70d2857b9f2916afb1b32620889bd2f79a243411ad73a5b89aebc7087d752548d21d38a2ca69

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 6377d93cabc48e2131919c28f9948f71
SHA1 3c2b49adb722e2b28265262a5859f0ddf1e335d0
SHA256 50fd92de659333d0dc93679a0a7666437377846204a14cd23435fe67d568d0b1
SHA512 198e71c166a5a51ed6a337297a06331532e5ff7329bc15a1492bd44c3c9f1d3fc3119baff4a6fb2105ccf0a8a9fdd74fbf95c5f10bc7926228257eefc08a1de2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ee3f598140cb1c9501d5d338b26bdfd6
SHA1 1cc8bd6723c03fdffb60050828c5b4f222b6bffa
SHA256 07341591154591b05cbd0fc8b6e1ee7d232d83514c58fe2d47ae458d373b3bda
SHA512 3c93068f8b7690d16c9cd944da516ac980dc07bbb0540af7d3517c6752a238ae4439f596473569562ce56a6c5cd31a934101190bffb7ce1dfdfec931e636005f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 0dbf09b2699c3bd8265d5a6b300efe1e
SHA1 432101bbb47406e6f2952c066b031db3a44018b2
SHA256 62251ec122b94eab26b804e2c3ac9701f04b43fbb4a2dfb6aceabed077ac2bb8
SHA512 11c2088516115286d48ab3bc3369efbd548b5657f8704a46ce5fced97dd87221ee3b4f9742a0e5656984cd90b245f3e3787e015216963e0bd3730989d46b4675

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d88ff10feb790c514dcffba168ea9712
SHA1 207f9c88d01f8c45686818540c9a89647fd1ba1f
SHA256 3f2748c95e42d8274a02d13095d63b21245dcee75c1205e180518a6a815caacf
SHA512 afcffdeab49929608d1261d3b2cc2eab78c1a8ef96b98a6c64ca632d14acf36681f453f43d4d2b2a4d8333dff39f1c33dbf02497296811cd9a4ac75533d16830

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 408335473d86a4ba3c101ef8d3b04199
SHA1 4498927064e2851f317d19e74f93a62e9eaec1bf
SHA256 caccdff299c79d74473237d5d700cb29041b2cac18704d9a801f2eeab3da7e88
SHA512 f702dd8317fbc5f2925389c24bbafc6408903e19e75aea3a40c5c870b3bee508cdea229b1f839ddf01703a62b2cd5275275c058738ec8f91d3d323b3cc82a2d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 d5e3741bc9e7a4492421611c09f0acf2
SHA1 fd34e3eb0a07e6ce6c0ea966fe9e92f13c5c95ad
SHA256 9688138614b779b6eff2b10a39631cca65ce290ce3ab800d519a3a4d12d1ccd5
SHA512 9ce8e912047feb16bd4cf84bec9ef1feee8ded94e85ab57d5831f19da377404cf2f9fea82063f6fe3c822b05e54180e73130cb623678da5ca9e7c21a7de1e725

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 1f4cc149cca46c74848eb5ccc934de49
SHA1 089e07c703ba8c7091ef519c31c9a18dd1a3eaaa
SHA256 c51ed1b111389671a6e4cf6542a91b5d71489ee69c0047990eaae8a8354474c7
SHA512 ea4a1b6bd1d1db5aa7f90d6da08764a82af23452fc38304e16327a79935bbeae6bf37b4d592c13de91c51b9babd11394ae829a8cb2fbd2e549fa35dbd4586268

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 a4983dbf0178f9a2fd1961401516f968
SHA1 555a20e80a8546b9ff0694d0583588b2dd0b3dba
SHA256 1c327eb8bca86ba1ea7d2305c0c6c6b0fbe792ba1cc53544802e9a0b1ab6a498
SHA512 531d9718e67a4157244597b2dfe66c3d5a08b57dbe08bbe808ac276122a23edcd69418449a0000b8f2a42eff479c14bd69c85dc5f6eba443a56610b202a2ff0e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f11f050525f503cbc7f9ecd6c0c5e523
SHA1 7f43bbfa88cb9f785a192543ef520c4f49a2843f
SHA256 ae5d7932e357b0541ff65671a9769d7570832c61f5c01ee01848f37fd5d62d5d
SHA512 555b05b9dd0fb2b35c137be57d2fe262673e1d8093f08f15658f93d732185412fca2cbf6775f923482b8221099ecb93a774840d93df4293403d0d349d7d733c6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 143c7e90a79a9714d4932db57ea27acf
SHA1 653cf1c2473d18bb9880304636c96e3acee5d903
SHA256 d63284a531a4896e9460337c462e2f4c47197b09ad1aa4cf0e6d628af7e89805
SHA512 2b9d39f886dd7bd9388543821c6e2f8bc5b8c36dc15d9d17a33e1d7df1b75a02a00b3e98c0cb2a5d41b6842ff7cd8359f124d8451c988fb6102ef166333f751b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 23161d48fac276bc4dbed26819b0de26
SHA1 64f7e3f76cc937cdb8c7fdbf1d0d7737ebfd0763
SHA256 26152c79ce6a77c98e3853f448bff6aedd70defb8eb799ee60bdaa43d6004d7d
SHA512 7b08e103775cf1524e448603a29b8531c32afeaabe0321b2218a4fda80716da794c95a5df773dcd2ac2e65904690a405eebed7d089b47b82693f5f17763d77b9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 905bfe88a51f56667e8cd0101bc5ce78
SHA1 f135892effa9a48db5c19509cc1cd56319503414
SHA256 9f98f0a6064a09be5ce179c55cee4a0e73ed827a9cd02a1ec7c9d97c4d05459e
SHA512 f0cb6dc4873861cf8a355e79ab050a808e71cd8d8f3a4a6ebec2a3290612932192fc4afc90184f1c4a0838625e48b8707ad3e3ddaa53d21c1fb4ce5e43acfb9f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 3d40ccddc7132cfc6f143493cc7d0d48
SHA1 8a53d4ff6a892196fb61ceae6bd5b110c04a6e7a
SHA256 4af639ac8b8e98265a0300e01b655f04aa7c7451776e1c5f525dbce2615458c2
SHA512 d1c2f6da6823b20b1a51472271df045a21469cc660c6b4a94450477534c914c86eab4cfab0445b18b31c2eb476ece66f7a236eb994571c9da74d23d83425a0f7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5ca461108a7a03a228b26b99fce40199
SHA1 ed7922ccd0f625502f1759ffa3df7a6490ec9cc4
SHA256 13919df6b0ca1ed8282bc0bf504ea096e2c635d39bc9149b4ed95cecc1dc97da
SHA512 df2d2b332449a0f4ce7328fa494ac4349dd358f6b535f4c750e4af8c2e0a9ea4f18d4e795f48c534d6067751cbc438d85ada58d170e4519cc04b32d037dbe0b6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 49c53fed4d649cdc8837a3cec5fa8d44
SHA1 4ae14dcc6979cb784f7b091662a27a73f24c770b
SHA256 cf59c556176b8d8f77ed270c0430a96a5cb963bbce088045129de39ff0a80619
SHA512 6d9912a82679b127877951e77cf416372c0671515f3de8203992013a8a5128a4ffd8f8928a726b8bb1dbe9e4837168f3eae35e14e4f104f84a1f72da92a036f3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 de9b536c6baeb34e9c543a6db01f6ddf
SHA1 b9332e5f7ac00777566f5fa7016c51aeab2b5a89
SHA256 a37cb1c15266792313a429aac589ee5e0f308bd367297c6bddd70fdc4ce20fe0
SHA512 62441a874dc255862dffb983d2c56351aac53c2b32942e57865114efb2e5e9bc0e58d5e341e48037c02b79bd7ff593c921e2dbae77156e3c98fc8533d36a3804

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 20b93e8316d63081d76124b74de6ae01
SHA1 ad661fa7cc9c24d598cc16aa49d588f6d33bab11
SHA256 1458b26269b16c3c9c4fc183cc10e3630f90954892d593c536dcd40e8852e66d
SHA512 7b254d6a5ac91739506303257d050fae99d60cb156e52ca590a6163105b4f2931db114d3b9ef7330544990c867678a57527b6d6cdad07e6e93c30f8625d73d2a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 3015bb06db5cd23af5648c3aea5cc11f
SHA1 fa70cb883e09dd7ddcc80fc39c4241505806c196
SHA256 bb72aa4b39212360984c02316ff5d37c1af97e58f98a5d294f92edeb3522ff3b
SHA512 33c294bf837fa56ad7a028e2ffdb54cb43fe4d5cd43a6dc1bc7fac0452f0d904a54284cab96cb15a4e87589c7914012bbe2283f17456b61bc2e2938c81a357e9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 e6a706a3a80567bbd9dd54132db68640
SHA1 dd698e5f2898dabd8ced854bcfe87b3aad2d428f
SHA256 c53f7eceecebeead6fd8b155e706e9fd6df42d15b59e15fb5961f08a0364c8b8
SHA512 2a10498fb8148d0d6aa9732ca8e1278a1d564a85688c02ae90d00b99a744f039caeb5a5234abf7c3a498892886690a1ce9012fabc6191da4a15b115807880054

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 cabccc8cf3a1450d7c308fa964393bc8
SHA1 8d8fb597e81fc423f19e44ba95404bbb845607dc
SHA256 b15def65394cbd88e7a44803fb7044133650f9d97725b26f966b288b367432da
SHA512 01247d6c546d986aeee8f00eb4ff0053452c8583a857055f5dcf24b954c5691a5185d42976295e357d0594f1affa12c195133b47b1ba64b4243d043493e6b777

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 3266d0cbf5c8e9b6d8ddb9ff890c8aef
SHA1 011e6ed139fa9b114f59da83155338e88decd520
SHA256 2169a026e22f462f95112a1426de0a11947294b7cb84187ce5200918b18f481b
SHA512 acde1abed76ffe973544747dedcbce3f9f50767f5be125f38a7c9c1c1f42da2ebce6a68b61838b88523ec114043d494172dd172d52c72845cb7dbcc4d80de359

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 fcd90bbd17e0519d5c3962fc497cd578
SHA1 c2995ea316c77e8fbbf37f147e802beed117f756
SHA256 7680b2bc84fdc5276f1cb445c4714e03afa85f3097e04c8de5151639b52d835a
SHA512 c54b8944d2adb50790dad2a6abf5afd2a4d7324adb83c7a010d6155ca64e6050613f68c156972b55dae2e03e0dc89c46d81e60e46d0150cbc2e4015454c30f0e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 ae2f4bf3dc38a060afe0e858d29f379a
SHA1 11b26622d0005a35afe5ce9e653bb82186ec08a0
SHA256 97da7168432338d463e985ead446dc844e8ad2f4090bd62ea9852ada4adb3617
SHA512 651df12f4785df70bf6478af4f8ddf8112d47e6afb024f0d9a3a1d311587260eef4b302b4937bfef1b971eed1008d93565e04f4ced5cd466df9399c06b2b9da6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 033d3a5dc533a1df380f834d9c540e30
SHA1 193530b855c6403ebfd60cf5b925549fb8d864b7
SHA256 ea34d68fd1cd3483f295f9909386f3a6578b18fe956090558304f1d35b7f5d43
SHA512 f7260b0f7c6e4efab23b1960b49c0dd42213932db7104e71cb1a4c653f73fbf6ef7fe5069b1f98b72114aa4f96602ea2a5c755ff44f03607a4e8a3e1b204d492

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e93fa7a18f588bfa831618defb1bd2d7
SHA1 5542cffa9246387a69897ec6c2fa889141fcab19
SHA256 98cd5260384ceb2faa1c16093733a01440bce8b749571ae0cb4908242c64acea
SHA512 37b0f8f44c27799c756ecec202798e509c160d4e0520101eefa70a92aa637eca9817bdc7331d56d6e98bfb8fa3f02dcedcace4c02fe64ac83ca62a88d1916555

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 04b9e771e2778fb4b39be20d9de137b9
SHA1 5cfde99829ea6f7dbe215eca0bf49b0ffc993449
SHA256 d4f9964ed03848b52295a209bbe8810185c53d108faa9be574b53e1904697aa5
SHA512 4e848cc789b21da41cd1db31313376886fd3a7707e65fc3cb4d553ba42f30016d6b0ecb0af913830645697701b68802f965ed4c43996ca065a1153f9997bda8d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e7c6e950f280f1fcf803bd290d1ca23a
SHA1 9e3df23d70bbbdfe8ef5cbadd039c605fd62c2ea
SHA256 48ed0ef6ae0bb6ff2704b763884ccb7cf0a07b7eaac6c21949faec07d59661ba
SHA512 a7f2378abbca09ce3fec3d5a11db07c25ab31c04bd9b691936b2cecc79dc4c7423681fb519b3fc7655fae47e1d3d45cd50c9b623de6faa9fe9fab9060b669ccb

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 c28da1c40ebe4789d42475f2931e696a
SHA1 8154a4c8e4ce5522e72387981ef268204d29fd71
SHA256 088ca3578527560024e27a3029bf21acac59ef6196119401c95175057b432477
SHA512 d6af7770e4f00487a9ec9c09c9f4188cb23f504664f185cafd85e62ae2491b67b2190db0e4a98d484f2e3689ed8c27c716e458af92fc8cd5d8d025fece519edb