Malware Analysis Report

2025-01-18 20:39

Sample ID 241206-k9df4azqa1
Target cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118
SHA256 ddcb072f404a175818010881666230fc803fb0b1bb29a88836f566533ae9866c
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ddcb072f404a175818010881666230fc803fb0b1bb29a88836f566533ae9866c

Threat Level: Known bad

The file cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2183) files with added filename extension

Renames multiple (2199) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 09:17

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-06 09:17

Reported

2024-12-06 09:20

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe"

Signatures

Renames multiple (2183) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_46dd0342577f43cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_9cb7ddc26e30b52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosStoreLogo.contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\canvas_dark.jpg C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-64.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MediumTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\file_icons.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\pages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\CottonCandy.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\hand.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a08adbdf45420437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\twain_32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-recovery.resources_31bf3856ad364e35_10.0.19041.1_it-it_c7f78e70adcd6dda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_10.0.19041.964_none_e2d83fe00c5aca7d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wordbreaker7-mswb7_31bf3856ad364e35_10.0.19041.546_none_b7efa9d2d3b59449\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_10.0.19041.1_none_a061f8693aabb18d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_bb104a70cd466cf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\47e786300d57b2248515da5569427c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\pdferrorofflineaccessdenied.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_refreshServer.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_firmware.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9777b31b7912cafe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pt-br_ba11e22312bcda7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_display.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8837fcc8cf45b28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-voiceactivation-ja-jp_31bf3856ad364e35_10.0.19041.1_none_af09d6c30fb8ecc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_7e89f7047bc082fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-a..nmodel-datatransfer_31bf3856ad364e35_10.0.19041.746_none_07e30babb0017e5d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-userdataaccess-cemapi_31bf3856ad364e35_10.0.19041.746_none_6b18b66830442fb5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Speech\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5c43f88b4871bf02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\retailDemoAdvanced.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_6095a555e2b0a5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_networking-mpssvc-admin.resources_31bf3856ad364e35_10.0.19041.1_de-de_5844fd597ba9d454\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClipping\Assets\Sounds\camerashutter.wav C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowsbase.resources_31bf3856ad364e35_4.0.15805.0_de-de_f4d163d4c71adea3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cameracaptureui_31bf3856ad364e35_10.0.19041.264_none_55f6985d16619e18\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..c-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_59eeb46aa4fdccb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..lowbroker.resources_31bf3856ad364e35_10.0.19041.1_de-de_06a9ae00d31833cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.1_none_fd1639479924c51c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speechpal-desktop_31bf3856ad364e35_10.0.19041.1_none_3d67c2a1b5ae80c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..iser-inboxdatafiles_31bf3856ad364e35_10.0.19041.1202_none_e636843d96260ccd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deployment_31bf3856ad364e35_10.0.19041.746_none_d9e841974c1d46e8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bits-client-core_31bf3856ad364e35_10.0.19041.1266_none_9b0ab05d400833e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_10.0.19041.746_none_495c794dd75e179e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-aspnet_perf_ini_b03f5f7f11d50a3a_4.0.15805.0_none_682d14c5c198d0a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\stepOver.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-uevservice_31bf3856ad364e35_10.0.19041.1288_none_f26bd0dcdf662cc9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netlldp.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_e05dbd0b52897112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_765a49f1286c2ce9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-uiamanager_31bf3856ad364e35_10.0.19041.153_none_ae27318ee9e43c77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_97ac4c74860ab7dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..injoinaug.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfbea5ce721eb740\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_493de30a24e1338f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a3c84cb0ee42c90e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1266_none_6c7d1e21f203fb8f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasmprddm_31bf3856ad364e35_10.0.19041.1081_none_1848e150b717de61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.tpm_31bf3856ad364e35_10.0.19041.1_none_e1b9dfc086bab9be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1202_none_687eafd94efb2680\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_a92bc5bd27c599ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_4f9d5a4ec957d8af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.84_none_65d0f4a4c6cd4975\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmuidevices.resources_31bf3856ad364e35_10.0.19041.1_de-de_645cad77f93ffc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.19041.746_none_c2332356a565df1c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.19041.1266_none_d92abf553d8a282c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..geacquisition-winrt_31bf3856ad364e35_10.0.19041.264_none_ea6cf49ad27069a4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.Resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe,0" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.servercod C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.servercod\ = "MNCLZRKXJMVEZRX" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 107.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 80.71.20.2.in-addr.arpa udp
US 8.8.8.8:53 122.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 140.3.125.104.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a15f40837c86eda78b9c082be38a70ba
SHA1 d57d6be5e82ae6ac131ff1df23873ee41288d158
SHA256 a797d863e66b8d837c879aa886128641b2496a8e7f33fb44be328b5582b5799f
SHA512 d2864054b32cc3e96420fb3fba0413382b33220e26216e1e70e2079ea0987b554f97196dc544c9b34c1ea83747300b1817c3c829d382a6d2bb38be8edb781912

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 851e74693ce765b432f22ede5db66f1d
SHA1 b29ead6cceaca2284ebc72badc2b8be971260d81
SHA256 68ff9d27de17a6db16b62294f76a3b788bcfcbcd25dfb578dd92e7fb6d7ba453
SHA512 7801940bd7458eee8bdb0f2252f6edd7ac2250bbd296fa6429e489816d717bfcf55bf75406faabea31aa5e4269753d39adb98c9dacd6255177c962dc6e0a0557

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 cb4670c6c96876322a60208b0d2d4d28
SHA1 3666eb3f6e2c063f4bfdcce54b0ca6c7e9029ce4
SHA256 881e49650946c8026b8f66908689385ceebc5f384bf3c3f67b80ee0de20fce5e
SHA512 22ae55275613fd737182f10fe441410aae9cdd9a566915f96dab8377c8a772f6e570831e98058ae000cc3f42a948902d06bd859e1a900432dd9c8e80a75e0108

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 a347ac4aa731281427576d48d8f78d7f
SHA1 483fb1b6a82e4b87768512bba3aadb2479fc3509
SHA256 7c1f28ce9730784a66faa85dc0203d0f51eefe565dc5ed29b30d5ab9060af111
SHA512 5e902f1e7af36849722495c288a74885f9c05fad7683c828335a0377bccab40a444ce1995f12dd8be309467dcf37efb70675c8e459937857cfa356dfcdeb4800

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 40a522590f69a91c8ed5cd110bd72608
SHA1 6b8859c1f80d52e4052d7e865d2d6d5f92ef5f86
SHA256 e8a9ca984bd7b011691f95cc69539050e98cf7f0c0a641c386a3ca27790ee768
SHA512 578b874998f2763f3dbcd5edfd35494d23b19a397a01927c02885f098e3e3cf13ec3a2b543588135d2f13d8e939240c1700e0215d754b3212bddf7c8b3f5e634

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 1e10cf0343f18d923b9116906c34db34
SHA1 6c124e3c70ca55d8ceeb13c02a7bcc7d7eef48b1
SHA256 ba9e9107fbaf0896dfe8fb39c4057cf1fb69133d1fcf37635954ac615c526cf5
SHA512 b9bb007d6cfb409f735e5bd6bc519c2f9b639bc6e9d1069e3f342bc09248c0ac432809a995e67a642a0dd0617abbb2292cbc17a444e59edf6f76a8e83eeca465

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 9974d53b3c82d8b0fda6b519ca078b2a
SHA1 5c6a188d06409e3e0bd735fa3785fc6c8dacc0b6
SHA256 c8c818a5cd75094c7ae07cbaa7540339706f92e017b0a9b1fc422b0f3fb7f349
SHA512 b996a41204edc5903154603c3ccd3c023c613c687512c00fc60621d91dce24cbc852abcbb4841e02e132655c8884fba641a86655069595f9a37ae75516182712

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 39cb9a746683c896e6b767c1f4ca6cb7
SHA1 a79fc367dfdefc2ec6a045603507e3d82908f4f3
SHA256 427d591587fd578a973732e70c2e94c2b63351cf274ff6fa95dda00e71569ec8
SHA512 297bc54b47dbf7faba9220de110c1f50b9723b80dbb485b274f6b7faf766f8fec3038fccf202a3bc2b7998c65901894749ff15a66145869f50ad4cd7b79f541f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 61e3f94a1f6655421cb145ed3efb8a65
SHA1 18d095e38d60feca921cdcac8f4ca54c5837ea17
SHA256 3db8bfbd9758d3caa917dbb8012a3b2fea3e14ba340c9208111ba194a2cf1977
SHA512 4d394389758f1360ef2271e6859b991b38245cca5ebceb9720743406870524b98e714f6fa094f0d5bc05dbbe50051c14249fe8b762cf5c811cac947e234feac0

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 939ae9697e7c209ae26b2270f61a340f
SHA1 61132174d4424d06600dd1830648b48d4244c24d
SHA256 6c7cc4fb79f2c8ee763b7d00a26230c677d53a99ffdde2ac93d3fce904782efe
SHA512 0fa73229744e7182428e4be760dd241651b82859892a7dd6e4e7bcdf5873c221a437b2c4c8c675d1a3c457d23c9804fea256207236d07afdd883c68134ef131d

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 45cf2cfe8989283ce7c72f416976016c
SHA1 824f9dd04907bc4a95ee5438da390509e0c196b3
SHA256 bfc90ccfed849e947ce16658fef21b6fe8b6bc45d2d65b3d954ee978e98b93be
SHA512 86b9d37d377b58686d7014abd7bc0ad478f7beee5db0e5547bbfe0c2c6f65668d35bac4322c472979c5d4abfe6246013d4be9aeab3192c37e6874d6ce94b8a6e

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 3889d5308294cffc8949792cb5009c8c
SHA1 e9fc3d10687f65d0b899d406d2ef4491671566a9
SHA256 f92fec86df7424263b2988f13ea11bb8d6e7bdb0cc18e0e9a0d63beba9eb38d8
SHA512 737e9e3da0deb36618b7c79a47f8e06911f5dc23904d34b518ec265ea4e97637aae192096723922a7e583ec01807cdf1d36d84bb190588c6bbef07f3721fcce0

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 aaf4f79a1f953b3eed558959c2b16d55
SHA1 dc1e948c5b28d90e2256af013ba586ba0d8be7c8
SHA256 b312dd50b9e46564efe7607bf1113aef7476fc8d6efdc096f0bebcbbb9699197
SHA512 b791eab7f2089b586d01d9eb2f8e653dfcf4acfbf6a428ddb29d77dfa8490d3575cd2bb9627032094f7622704478c9a4e5af2f9809cda0ae33818bc290c9c96e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 9582fa288b1693a1046946305c5d5beb
SHA1 a40bd99aa7001747eed9e92d2ded7398db9088b6
SHA256 522abc548de56e4814be65666f276c30214f11509a7d010d53c715e294df7939
SHA512 9372de6b7fb8a136bbb5f2839fa3782230dd1cef1b5e6e28fdc2019da9ece89fb0919818c24769a2ea9f6aaa9833982ccd83130a83a9b399ebb352985576016d

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 9f01240b7b80b3a743f338f08d845cd5
SHA1 4c11e201957bc191118989bcab8be811d66a4538
SHA256 3c61744f7b3bbc56d24af2b9cfc5a7f3ada637732b7a2233659a3784f4133318
SHA512 59d180429a1d942232540761e3fbf97ab0431c30eda20692f62a299f9d4c4e30efd291bd139409b262e47b349cf68a322fe542712a0d7bd688ab6307107899c1

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e7eb4778b51e9e901d4540f8b12f7576
SHA1 d7eec66e421e31309dfe803e7ce14add25290eea
SHA256 5397b4899af03a82590d90cfcb2e127c653ecc6ae3f3c948c864eab6432d33dc
SHA512 57854ba624e118dfdee4748336d6bd83630396f369d862e31dc3e2373e887353de96e4298ab2e696393499efdb89008152a7177882b27dc85ccc65a4de806798

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 56284b092a32ee85952157a8807e4195
SHA1 5f2854877a72c9f5de4c0b9bb18b743f4482a9ab
SHA256 2af39791912ea8faabb6fedd8bb0888ec1cd3c5b98ab05443f9fead89e9820a9
SHA512 54e26c10bda0f73264a3dacf61d293cd909150bce5f817d7d969718098bb592624666ab1b461ab0e7c2f69a9c05917222819fa8aa323fd939313c10b8a3266d1

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 25f5f2e60aed44ec44751abe16cc9bea
SHA1 156030687aaf22f82989d131d0a9fec9215f00ad
SHA256 342eaebb4933dec0093ccf76380d138cca28b57e966c67c8478697902dbd8c96
SHA512 34fa656f27c5c597601fe39abe5d3858e44779a13d1ef7f703f7bac19ca2de4b07410a5d357ef8fb330645123fe66172d9e6de96c58812023e5e7769531e30cb

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 48709edaed1f0fcd078a192708f2b6e0
SHA1 1e377b8698a45f00c4057edcd1d30860b3632979
SHA256 ba111937f000833daa6d1f237e8c6ecd830ca052ea9a8e4eded463edac4c6907
SHA512 5347a8a6f48b34f831172cdedae0c312ea2ac6d621f04edf887c788e887edd2a32c37b022dc067e9ef16b02357d6a8dd910cf1ead5b4140c580199bee2086cfd

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 7c92482ef502cbda64964d514dbb003a
SHA1 63e5a70c72a6b0d2bd63bbeebbab8196f03973e5
SHA256 040b3435b4dba93eee59a6347574d2dcd51202ae418a7e53ed9a516d87a017e5
SHA512 22c4ea4b97be2593272d744b499b98d3d3facb982ab39b7fe328a0eec706f0f58feb887b521e9e45449e84d7068143af69072158418e6a69e975fa5a4ca11f9c

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 bdc74ad51857a27d04b551fddd7c3965
SHA1 e923727415ba8cd57b507fdc4e57a1a4ad988b3e
SHA256 ed60825a44a1a7037808a47b35cf11860ba5a5e24326609ff2205d9f9e945c55
SHA512 8be90162408494f59862893777d6341bf5456fc3a97b7685f34595cb967c07793e1159007bbbe54a4a511d30cd957621d9fcf9f8f29a2f2c7ae138ccdfb9a818

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 cd09d555d9d3a9c0ce3a4e4d21ce03b6
SHA1 dba77ff4ac56c842bf4c51a32441888b02c58273
SHA256 b0af9c94d2cf3f99077126e1c1009c05c304791ad5e71dcfcefa3ef6d6c38550
SHA512 bb313eb3e93854674cfb39e461c3e33afab142771097efe444d2e2adca4a585843306fd59e73e2882eb95c26daa75dc3b925ae2995448d8d2d9e40eebd810814

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 647e75e747f1c48ed573439ae19dc599
SHA1 8f56bdd257a5008e4b9d1f7594b63e6e2e50ae6d
SHA256 cbc2af2ce2a2ae6471a59d35bacb71f285eedf72660f779b07346017f2604a3e
SHA512 b6c330efe5ffeefab4277974f9fef88770bd7ba7b10eb335be2d5512b621d26d82fe365cb91b6dba8c353cab625efa6007c55aee3f14e081a1b483f538d6af01

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 101744f781816f2f8046b3a3e5a71170
SHA1 b03a5690b90925fdb662647ceb82f330fffebfad
SHA256 696fb68521a33d6d6561b1f88791778d18a3825290c50b62937f47581c7f8a3c
SHA512 a9a929a8c6e3e6e13c5a73735a7fc732f47a98d1d7f46ff3a6a497c142e1aa33244d2244070ffeb57368bad06a48899b57c689aa4fac22adb35f4f064a44fe57

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 dde37b1024e368bbe796899267a88f6d
SHA1 1d8c0cce197654185cb220410f0ca36dea83a896
SHA256 d3912d991f0298c3c12569c25a5fdc4a9d0e04839db954ceaec04f8303054064
SHA512 29a9ec2ecb1317a68522a919d120b435c14f36a5209ddc9c9a23de71d6a9ac6037ade0cdb07c1ce651f5177d093af8778d3d4bd60c685d21a3d6f9a18b560ba0

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 c25e2d68066ab5dfb136179874ed4ab6
SHA1 3bf1fd7cfc27123700bbea7158c833ebe1b54a2d
SHA256 b60e73b75749138d0a96df2e6c65791779819b353291f52a97ae4d55ab51b75a
SHA512 19a2c035a8d710d96153b92d4debd42661d5154c685102b61011c12272a6e589cb02f1df7d48e8191dfabead6be99be68c948ea834c114c64a551e2ab957f019

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 86b3a5b7e0cfecf8062c07eef64a2abd
SHA1 e9950d0698e3237d86533cbc17327645c67bafa2
SHA256 dba4c40333f8959b680f157723381349b30395d5fc689d524de003bef00ee23c
SHA512 0be3e67ea0c7f196bd98b0ef56d1a4375deb2bbdff430e0580950a92f9281e7ee877dd338ca5d012d87361d78f2256d7cee22d8bad7087ac64f5668e9b330674

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 120335fde7d8afa1eef1fc6fb7c47d37
SHA1 4840934aa882cba91239750bf82c9f560c07ab9b
SHA256 e0fa3d5b4594c1804ce62620bc06ac8680947300a2dd4b6bb0b511a126668c38
SHA512 5104078287a0371fb02d933072e2335e087c08baf99b8e5ea948f93665136237fd093e3caf778fc66bef448e58454836536a8c5d05833ba8e1a470966272093e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 3cb322ddae1678ce55c3f593efa328d7
SHA1 06f3a82f25992efa82da1321c3d14ff971494cc8
SHA256 2c840d4c4951908334f0dacb08004f0b4c8f4415b3fab7a2d2a44338fd075a07
SHA512 fccfaef4ed0ca517d73b3ff4b34e1d15d282c1b331bbed3fc1cd79c2ee9b384622b2e487c8abf52272ffa4866d5d9290e71de0218644d571de695e427aee4006

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 c921ae8a73d00dd878bcde12e7506695
SHA1 dd607ea7e36d320e8226f159c431ea05ce9c9f4a
SHA256 1a5d06af5e7bfceb71959e4951c4d3aa9a6fa66b62e61552fe64b3738cbd7fcd
SHA512 27363b67c0fa3c6486c46355dccf6baacb22ed44e8d5f39a9b91b8ecbdcccb79f45ff22aa0372814bad235348f02b76382197b440443d34707697d7f44575043

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 ceb8921ea2e6f5359b93240f5b6b7bb5
SHA1 f69d5f7808b0c55aeba60557817bf974c2ff4306
SHA256 21b1313c6a3bea6a27a7f9bc97b648c7d0b6a35ba92869bffda73957c87f9c16
SHA512 25971ae8645b94dc15a2484d76d9c001bb9d5ffbd09d867e148d205294568c268baf5f7256fd5a2f77e1ede38baf0e5cb7dac1bbbd34479ffa0396bf76cde210

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f639384a622c7ccc8f34581c1a352325
SHA1 fd5197cd6e384a07a10ae1ff231e8d3ca47a81cd
SHA256 bd090fcd48d2c3c9e86ff5d027b944c5290ef796c866e020a06f5131c5840318
SHA512 390edbfcdc3405d0db561c82d986931ccb7a0cc4d7b49eb1f65532e06d8ee5f20a5b1a6e93ab359717ba77ac2455c00f12de1346698f32c2d3ccdfd4847253cf

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b84b017cd7c96a4f0e681c2ba0465187
SHA1 43c614790945fb62e135b0a271655a18558418e8
SHA256 d8e2f6116164cde3be8c0fc3366951b55c63e25ed87ba06bb9d7cbb26afb3d55
SHA512 c6824de118951faa7e316784e76aab9a3c4b5b60b9e80a8b3ac2c8b7369261403d7ce9a4742d901bb80bef763848100aab18040a7ea7fb1d6f38b97127f0f451

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 9409c8520e26d328f9b223bbcf37929c
SHA1 a53430a130b33d23775ed25f42a450afc483b731
SHA256 4ae7996ce3aca3858883db76bd1b5afba45460432e729579a8a0f4818934c4d3
SHA512 28db4b7ccacf6ffc177b5cf82c134993518e5dc72b0175c810db772d8b367129433f963366968184ff1d7760bae0e6d26fbc542498abdfce0df537353f8705f4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 46fe9af3d38d2c3672bd098a4c5faa65
SHA1 0a34acf2f33fd084bcfc024bfd026f763c183751
SHA256 ba89451f35f08dab73b9d6655a5a8f005194b02b612bc9536e157e8c6d741a8f
SHA512 a40ad9160bcdebb13af18b9d62b9b548f4186cb2445fbfffc0decad2192cac73a5fe0823eb8c574063857fb34fa85d7e01f71a0be56f3b1a4ec2d4055bd72c5d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 a081aafbc8b36451446bcca7c657ccc6
SHA1 0cb51261063b3d960ca6bbcc063ce136c4c69433
SHA256 2d3e2dcb3df1a529d308e8ca7bbc34224baa863c2b65837c3c653848374f0a18
SHA512 50985394004a41f0699f36ff21ebd5ba18e80794a91e91956e1843497913d79204ca45d6f2893f9f9c2639902c4489266b58c69ca0bc4552167112a0526b7243

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e23d581e8c873b58ee5897a981acd50d
SHA1 3208aad252ed5619af3a26bc690a637dbf8823fd
SHA256 00464ad8d698455e4fbdb258204fe1297a311b96df1a6958bd2443ef1a64b486
SHA512 3635fc9d85cb4959952337ff8bc7750be7ac0649a8afe1b8105e9db2bda407e042c7a4e157e98ad940c7b7a5dfee8906105763664986515b8c97120ed66c9467

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 0f4be2e2d5908f821587a04dc317845f
SHA1 1f10175c3fb05f28e4eb391a2d5174ce54e5e8db
SHA256 cb395f9ff556d5d32b4e00d8b79b7be5998e5c2298b937249d73db3a686c22e8
SHA512 16492ec903534ceb78510a8e64e62a0bfc489daea22378e40c95200247caf2ef738181f7695806296e77f957a0b31cb78414dda5069468fdfc1c8fb295d33329

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f89bde9c98d8645d751ffebfa9d1a079
SHA1 c97fdf64f89fccc254c52a8bafc1b3f0ec7e8a22
SHA256 f74cc969afd2857bbdd7db3ec4c5307bc8d9513e44551ef397f838ab8c194679
SHA512 fa70d56551eec63067f08ea07d80e435e98ed12485d8aed4cc1cb71cab113e5c998f3158518ad650fbe9d5f41f0374211796df5e1d447d05a87457c41264b56f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 cdef3793e5967c5e3fbafdb8435eb65c
SHA1 d526ae2670f5857ccea48f4042e637d42f067c4d
SHA256 2a51c1c97bce51b0b47f2bdfd46ea253d34fb62372be450195dc547271e1052c
SHA512 2e6609d21372a8fd3f934df4a150edba8ad017ee03c9d8f663968da7d83ef059104c4cb0edf802404d4048489b98581be6db064ae31f5f901295ff1db07e6ed5

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e72d87f7d5ceed54aef69c27c2de6e5c
SHA1 0a9cf3063d29c8e512d24ea168f71c6cd59f691d
SHA256 f7863f7b7b54f375b9b6c23878f578d7691bd7c70de003e5b4e39507d1e4a614
SHA512 7a719a8cd959113c074452add44f91217683bcc7b8e1cc1e337cae4f4fd59ecdef1d8fc516e3151e38fbd945ec4ebaa95e277795ab911f8f26a95fd679e7262f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f4d76d3d2e925bc26db0a55d319c0f99
SHA1 2736790f623a0add80afbfdf6e49ad2af82e85bd
SHA256 c996eb3f73f6fcc7979bb31facf137322a36f8e60648f1b6844640c09b711a9e
SHA512 396e19669fa695e6cdbffa8ea0d2c40b463a7ecbb62c8850f883b92c808165c2575e2591e5cc50b8015a36b11c3395675c307f6cab2be42284d63de22cd82ca2

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 f32280ae1cb47870e58c1f424e3c7a2d
SHA1 bd29e0bd4c7a30111021380f22bb500462f95d7a
SHA256 576e8e038a9e414a7a06df4feacb2bd43c9175af081154e90040080c7d0cf6cb
SHA512 cc5a1810ff4356d1ec2d52bc207dced286d9778378010ee7afac22568d990df3e0b6e918c22f81a575a93a74ed49202ae8b2c06332addf97cb72de39641e73b1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 aea9a9721882d16ed22ed0bbd9ecc511
SHA1 2bcf2a4de6070811c91599a4532827e495fdafd9
SHA256 0c091cf2a11e2db6fe5bb34f8b88e768f281fea7531139972e7d7fddd6f56815
SHA512 324b86b466554fcbb996b2591b921ad4aa65a3ccc640392b6306bc631911caa42059ad2f013ff110a5fee8054b52b0bfe25f010d5f8a202df5ec9dbda8fbf5f1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 6e11faf7c0092fe897109b2683ae464e
SHA1 1ff94bc0dbaa8c496e8456dbb6a49bb8a8646a33
SHA256 9872ac93c32c798df16f1b919450f353db03de2f77b2e3bed0304a484b48e80c
SHA512 87cd756b093504a732a5a90cf7f9fe465a68b5147afa6dfddca7b25303599d3e6df68d4c254697cd4de292ae61bd1e242ef22ad79ed2032a061076226d017da9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0d6b8e5f35980f379fd73184364f8a8c
SHA1 2a1142d7a787c91f611d9595344d424e2e76d182
SHA256 e5fc50e2d187282a92178f3a7448335255ead4a51c5cfd9b0f5121b4f4edecc2
SHA512 b90b7a22dffd1f1c45f16eb4ae380a0ba2b1eee21b072752f043d1e87978ae1eae2e06f2438765b4f5a5fb7cbb255e4f72c852ad3d99c10727e65ef53c5d3e2f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 b17ad2cfefe8bd3691a9005da31fcfce
SHA1 64edb2692003487431bfb2568e4bb0e1e339e4af
SHA256 f57a503532b9716b76b2b5c929c5d55287294bcc15661eefbe6be88b05501ded
SHA512 ae4c5621f31637b21a9c9e904222b0bfbcc00fccd389477c62250d5e8dcf6952e7e76f8a75ed698de71341ca4b378a164d7b83a68f51285143019be51da59748

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 39bd268dc15d59e62207bf93d226393c
SHA1 a4c095dda51a000c80d48833d7bf22fbb140a11d
SHA256 b45b2e920d29f3ff999012e2853a6613670e466447402aad4ac7446e81549905
SHA512 89acdbe83aff0d305c9cec9533f3c60a33b573f0318afb8429fcf067d3c0770c928dbe3786d260f52a85ea7f4ad7b76a7a5ac3d2c083b4c2cf906749ef3d5305

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 9b9fbd8663779d60000b7a9820ad13fb
SHA1 57c08ee9579993ca2ab0e6e8500a7604a1c570b8
SHA256 90749a628bd970d775276cd421ce4723e37491b12796343908f243235cf92bb8
SHA512 0490f8e9d6ef6bc0844ad8cba78aeafa6a364e0960fbe1e53432e36d36a175d522f7b82a35e59c2d51f74d59346a9fb17799ddc2da748ec3dd9a6817d56f71e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 6e05b3d2f8f10a78f05992538dadffc5
SHA1 111655d80f277a47aa7181c885e87efeb94fa084
SHA256 2d99f96d6b882f246d724048388da8913dc0784d7c48aaf64d425966fa0afe2b
SHA512 219f41ed9f38723fee33e1cd48a23a803c1bd97aa0588579ece63bbcaf6f2ac77a63ded52da9145bba827d60b6696e602c3981a36c3aa1ac076f1720def46a1a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 3f9d8fafa778e9f1d3e5897f5d8ba4b1
SHA1 a250f3ee5bfa6d68febf2b05ea2f3ebda73519da
SHA256 6f2ac85d4d17acc9f3366487b078daf279873bb804de7a24e4806870c0b5d70f
SHA512 66ee444d61ddb14aee105524955b868645c0d98d9e5255d5c9ac63c6f6b0b9bbec3b1212c929213673dd5c7a709d2f2989614afa4ea6350cb4cb5d6f196cc08c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f6236398c65c9b147a1bb4858b303e74
SHA1 ec2cd6f88edccf4b97965e26f8a9ff917717e460
SHA256 9f6439e94b2216b07706c3d5af6b29b88c034d502e763dcfd230fdd83258d26e
SHA512 6d50b707a459c6ae34ff48aadab585e40e43d232f30a6bbf7b50090f034ccbe066f9c998834608daea60d1bd4232cbe79faf6f98662efb9ebe923516d865acde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 6b958f24cedab0a96c7e096078a755b2
SHA1 eb9e5605f42b835a90b86a77673d783f6061a1ac
SHA256 22a98e3e587e5be3106805945df00dd908314e293bc0d04d505ee77f99c4736d
SHA512 c994029dc586a971f3dab3b790b981206150f93ea6e4e4f7b37f03dab6ad559425f126890cf88315d4d629a91a2cd629000b7cba247babc5cf45f3237c7e63b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 943e50b1f6ab93f37c69158e1b68a0c0
SHA1 e34b13df5122a0e02831eb5296e05ccb8845ea07
SHA256 8a293b2656ec37215717107f8cd0e63e94630ae361aad23475a80d5e8b83e198
SHA512 6dd550254fd4f3067dbfa70ac4a13ee14cbfaae8af7e8b5943ab29fade2acb288107e9bb895773193a97649620121976eb5e6127377c589b9f62089e575eb829

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 3da5c5015f511334eda0c70a5e268dac
SHA1 5a0da3dcecd78e2613f288472ccdd973036f8c38
SHA256 de1ecc8d01b4aeb680db3239da2b2cf39b437e2c36051b01439ac3539e1b959a
SHA512 d8b058a4d72be4affbe7d0e2bb9d3590570ec6f536528fa6561becc85ccb9b15623856d29d298a36af2645effd4bc0b8c25bff9359c12e555c53d3fb7ecdd29d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 9277a8663e965bf3159828b651e58e84
SHA1 a6dfd61c9e71dcca999ae5a8867ac37c3998ab47
SHA256 5c4708c4a144ac651a2e6aee1f71baf61e82d8c97bb450dabdfb4c1b614516f4
SHA512 f7a2c131f9bd2da385177c0faa66a0d0426af04190f62693713ad8837a356ff585bf5dbe905b3102b77b1719272297ec0432bf5d2ad851d5fbbaa8d2d248afce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 62180cdd0924f02b14c092e31cdce70f
SHA1 356f759d63eaf36cd6afc803964b5fc406343ac2
SHA256 e7040ca09df47f4972251efbccf4404a2da72a3f74e294168421888b97246954
SHA512 0ce40a39bfc16f2324f50055590ee39ccfe140c2755cd9456cac8c29371b8b5055ba9b5c42469cae02759a5208a90f710a58a627ba98b4d814782d3d5ae51261

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 6ab3c0f2f82d3a09cccb8abb38443434
SHA1 ffb836118cee778abd523fbe85c1f53c6f94dabc
SHA256 721f7c5b2695b23ffc53a1a429939f0f6d76fd1f672d27b9573627f3980acc2d
SHA512 ae451f726d7e8fc6775f89b7ff6a3aff34f5fe1f5b907663026638fb1ade6bc3f3a31bc7c355698c7d37823fe8f1c4318b6e017ef2924f95589a4c3410a8a8a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 1b600aec4325c043d1ffeb7e739bcbd5
SHA1 b1eb2e70a687c65db93fb4cc235f93294d728951
SHA256 6a23f3dccd4a52dd29618a39b3f0dbb2c871ef2a6aeef84973594d2cb8a6dae5
SHA512 1d1866e13321731e858189e47d08c01419b9f3dd067175aa8069f1c8735bb49af758e914e2a5647daaba78fc97dba05bc9d8414bb62b62ebf5afe104aea219c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9ba01a1531e36fdef1282bca96ae4682
SHA1 6b1418e2cd958a943e18c13bf75c4b56b2f05d15
SHA256 d1a9706a0656f64329ff5614678e7c7b73df35a5484d981aa2f6ebc8cbe89641
SHA512 d71c8787d4d0436ddc9b22389132d0aeb0ab11844cb7a1eca7926dbae3269f44f1e31d354edb7edd08b0f83de4da82cd498b8130b7eacc961dd1ce4548259158

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 896610946111ec6184012490d76ac049
SHA1 2e574aacd9ec61127eeb196fc202cc63cbbac061
SHA256 04e1e0f03c7a5b16e97218f4ac45f2029a124c3f40ea3f8530f29c7961cf36c9
SHA512 2755ff4ae3fddef03e2ebc50af76b2c08fc955ab4bf8663a22187c3779bb00f0054177c2785793ecb6a4b48ddaecc6c33e53b2c7599279a8aa912d0832a1a67d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 eb51c24d3828d8723ffb338d86ee8b29
SHA1 670f05dbe972d6079d461324c45ba0dd53cfa3cb
SHA256 939a9ff1b78ce28d841fa48e8b6e06047ffd6bb8e82c807769c3085a886c3527
SHA512 8f2bd16eae944910a8071b9c57cd437dd3a9bf983dd17904cf6027879ca11e16575ea68062d74aaed838c5b14e21a130f1a01a44c79d99509fce50032dd2c7c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4c7001f3c9b571a4a7814e3eae8c5002
SHA1 2642d5096bd1c4ed3ec1e25f0e373f1ebb5bc641
SHA256 5c82ad3fe4b14ac3c7a61f49fa3676a560f544e57f014ac1d1c7435c64d06070
SHA512 54d58be9712419fc8697c0192d4ef93a63305ff02e235a89ef71b0436240c4aa57f4ec4afa08cec28a3ecaf41fd15f600da7ef16678f23b59b6e2f36b96af796

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 70f5859866cf7cacdfed5420c341728c
SHA1 02b4560e2e87dc91e3847eddc76228dadef126d1
SHA256 ff69d60748fe53af97fc2e7895ccd95023e63ccfb29ef915d7d6917847311a47
SHA512 0c7479183fdccd65f2f2a02e201f9daddc507099ec4d41136e33a5ef4e9b372a7cbc4eb4f1d4357816258362185b0cb2fd16ca91ab1b4b930d18d4bfd216b91a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4575462681008936f7cc32de15d3c1f5
SHA1 df859d1150e7951b1867bd0d284f27caaa2d26e4
SHA256 02bd94816641719a219c1e304d70a8327663698f1edbb0bb8b27c4e683ac50bb
SHA512 70b6fa92e48395b4d12bde7f95de73697a38c5ee190e6d2d44c479a5ec660f9f18a68ab906b9ee7d6dae7a3a077d67b45e2e66c76aee1025b038309b860ba393

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 5fb6204df975b4e5c438c0b31fe6531a
SHA1 bd7f2f8f7ba8941f9b4d804157c1fac4346c5014
SHA256 e41e65c52cbc5ee9382a3d56949e5ba0960b7beb05b962b42cf1c065d16366eb
SHA512 2296f64503b515f4e68526504ec6f337db6586de70c626bcfa93c9d303a1111ab9160346fd24344b40fd5882410973138ea9120e32fe6fd733ebf35890b83103

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 245fae19ee93133c5547ffd20a156e03
SHA1 f26a6b9ccf7fde8940f364196ba5ecc1760fbb54
SHA256 b16b9bf986b2c7b0114c4df0598d64982e8fc3562b7122852c88df093a32b1ee
SHA512 ef72d955a6980ccfc9e56214f7a647c8fc22df8af0bdb47cd47c8f56addfba1e98ee48a53930c13a11cfd235de9b488d263b9956ba7cec76cb092d59cfa9e4d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 8d6100a1b79e93ef6cd1a5a70d38261c
SHA1 dc1fcbeb83908042ccc0c0339a11120585f3085b
SHA256 cb4d5dd20e5b8432ed5efa6065898b6f1f3d7358535d288126b030c6c9693af1
SHA512 1c99d4a80be733dc4a3dc4341b86ff43574c5e99fe979f90ac083e21151124810711519b4f56c55fe25825bdd6f3aa0879465f2dbabd289580980dfb76e2fa7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 af7e471c759f109278a9c491a5a343e3
SHA1 2c834306b8e27627024b503f58fafce46773cd48
SHA256 7d94e909b08cb4fc7098c23cbeac68930bef5e21f7dd58f586cb672f93ba58cd
SHA512 3d5b839924c6d83bf7ae552353a6339ccd0283b12c5d306828a81243dcae07860ba163d8eabb7cf2afc018d7098462c2c464268cd668dda8f6bbb200f2930d01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 4b0732140292044f2d7608a9630a0679
SHA1 e6022251cc10ce9360a663adbb6c48242b072bc6
SHA256 66da8e4a8f2cdd2c23fe2c511ed2b7a43e45c8709fa046dd153aedaf14b202b8
SHA512 aa7e26a85a78c12c6441f236f68e7c67c8ea1a70658a979fca5ed944c473b156477aafd3b0af366a7a5d373973ffc67f566fedb256499e00186ce8353d8a8d12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 2e004f1a2cb51192bb564ccd73b8e1f2
SHA1 2cafd6a308edd657fa45035b42039315452ab16a
SHA256 4ccfc6d73e0bae2ae5bc702529d62ccd344827a03e4bfae813517001dc6397bb
SHA512 0d22403dd70737527f62d93c20a5faa0a88092ec46c8a6c9de8877f984b491fac391eee9f88f10b45f521982fe0d683d890ae9744cc23712f159479834a4e2c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 9f728a9e0dd4f6c1badccc0402830714
SHA1 dd64216cd73dd9d09ffca8f32b42f4460ae2fc65
SHA256 7807859a8c5a13bfb2c72950380510333acb85dd697de6f3a695f0056f201afa
SHA512 76066f39558e88642434b745847304cbc197003bcbb63eea13ace9d6d863d57eddf620590998e373cba7e4fced57eef204cde4d0be2f2ba9cdff94a26acd7b7e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c93ff946fa9bccabeeec76f70db4c9d3
SHA1 6a96e2b0e7d81437817c9a0094d989aa2b779989
SHA256 ce26ce161e94045a439c891a16e754ab53bd3ef0dd35dfd5a7a1d82cc5ac1a65
SHA512 f0b23328fe3b6cf22e3d212823f146bcb1844d3bacf9630d56ecd799baa34fa45ba9e9235a19e4c105762d60678e6bb785097c458b9fee8aa8c71286f9819b8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 9b56429b5d97a22d65fedb873c93a9dc
SHA1 ff7f435f75b21ef3dc0e62974365948cef41e130
SHA256 02d6b9861d31fb7e7fc2b7a5aa068202199e87b6baa10bc07dccd505f14c19f9
SHA512 e04fcd56ebfec00abb52bf77300caa8e0a8588e9cafebc7efcd46a9c286bc8b3de1c759a51c4aee42f792de41a990c6a0a841bd927d6ee95fbafaf7fdf85df69

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d2fdbbe797891d7b9c1d474bd316b68a
SHA1 55e002edaeef74bdc3eae7d049ac7de9b22d48a9
SHA256 b948d9a4c4b892cfd6455bc630ea21ca20e8c4d5a604e0c1cf7487ec9b9e7e3b
SHA512 dda3286cda01b8577a7ef74039741af98db1a9cc40220d1ef0d72317b0cea1cb9508990726df005527e13bee26d5d4da55783c1428fa7a964d0b8fc0b27da029

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 d7c5bede3efbe56ac59918f9f1969472
SHA1 06ec765a98d64ea4b23d8d0a8b27a5a4c7a5f352
SHA256 8773e15b89cc6d13117ae614bf2fd514390a4283f0877f3ec5eeab60da8c9f2e
SHA512 a030f52a9bb98ec66276c6c6f51e19df81c58e08c9c870c46b8505a9025b9ec75fd027685c6158b3186747dde58b36fc0a5636df0a6cfee093428ab3d0a94e57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9eb0b951238c08be8378f55a499fae27
SHA1 e38bb4c6b3726081ccbf82670388931a2480fe5a
SHA256 c15bd36bb6f9f591004232d204361114c0ecbea7a9bb3926fc3438afb1d60fc3
SHA512 b511c27f712bb214e7c1495c803fa7033418f909411522b610fbb4b38ebe97c39330fbb4cf941fde6380c8a2426f25002cc636cf2b8ecead32aa93a461c7f851

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 e0e8063289d4e11f31866f58b80b5d47
SHA1 cb3ebca125fbf3e98147c9dfa04d2f39c257f9fa
SHA256 cfd4d4e6e87b4b684d44af26492d73f86bfc14440e99370bcd05ca0b85331c20
SHA512 6c63d514aad1e61f3f39d21b6f7a84b793f28c681687c9bea693b31473b86d0bcc78e36e271df2de9ba8085cda82c045d4b5f164a7dcfd175a38206b8bd69c31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 df40d8c8b30e8098a801d9b66d066d9c
SHA1 0d866b3bdebd8f75c087e6aa203930dc7919acaa
SHA256 875c9d73fe9f45615b51e421711e4a0f9a9c4c15473a407b6e72c49bdf582a6a
SHA512 2828f8f70bd6f93082d35b21fc492cf3e7282ff94a4b9301bd1d20ec1fa2c82a0ee848832368e6d900c2f6c119d526053151ecdceefebea7748f1b87f2a16e3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 94b115d7769110cf5a7aba7e4ff37954
SHA1 75368ffd2bab91b7df99500ac18af24bbbec0a9a
SHA256 e7cee5db5eb6daada8cb021a2187470b44264c7504e879b65103788896bd0ce1
SHA512 50a2064ae46c7f650fe9629b254967eaa551ef96de66b8b6cfde101fe5d4893f5b19b79eca1c84af11ddc6292f899ba11a89e79b6c0949a171ae3de77a6b204d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 7e4faeb41ce40096a7bee075d3520031
SHA1 bcd8f7b046123a17ad5251a5fe4431a7afa7400b
SHA256 3b2b83038b726dbd170ea728991b3f1d13455a61234ee9acfbc992845ea69a97
SHA512 1ef1fb8b79c51e1c9c2ac6c8da8f74bd68d8841f816b829dca41d35d04c28f97ea51ecff4127c610b268476698c2adf5e1b84e4f74faf5fdca147dbb010f2509

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 fa40b0b3b5856a71136d8af7100e8872
SHA1 ef4e9e92c560d4c7cc4909cd8b2cf69c088ff8bd
SHA256 27f1428653fb65a7e867dd911b7763038896a7b03e83d0fae0be8cf816af3bde
SHA512 630da7c8727b556504b0e06cd0173e9ca71214030b295307c6ca59ad2b8bf6e86ac034b344519b5b056ca215ebb6f8581d70dc4debd0dd848508acc5d5c9db13

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 7debae1e3f7503a6e43b67d194c1458e
SHA1 9f62d006089f606a135b0f0a1280398acf5e5955
SHA256 f7c2bb5bcf92d8c3d779c44028dd36a88a09d2b406d9f60226a1c08292211e06
SHA512 92aad7534f828d1db3f49fe93853dfdbb53ad2750214450725426026b58b0ba650170ae2a2f85c70d9d97b7e83083c96afaaabbe4c84013aa326a58d8efc9079

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

MD5 1a95fef72681ab4e95d0ba55d21c2094
SHA1 f6bf8802e19168f94a81320bfefc2af18cdad8d9
SHA256 6e6618c152c6403d6204dcfea46c467d69cfedcf30221b47cd955800815e062e
SHA512 9494f5f2cf6ad1da8f3bf49848a2ea58b863039c56ba19c2be7371155962acdad29d2248a0446478f7e3df71e7d63f6e0c59e245ca964d78b5fd28a0980e7269

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt.servercod

MD5 d6cda49c8c64dc740e470954ec17da5c
SHA1 b84491ffe19ed1df3592e0607dfa71d97bfd1db2
SHA256 e54540930600169a42072227a5a8fda4b671bfd06015001abb67c65d692dc993
SHA512 d331b1c3a1a260a6a0800f0efe50953ee924e4b322f736247c69948648e9ec2de2255cb974304a99536bfeb76a89812e3b13266aaad5decf297a1b46603f6d48

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 99399d45321b5ff2eb3dae38177b4dea
SHA1 b02db977ef3e35d26ef19c4628b12ff085cc6399
SHA256 2fe4448b040dc84f83fa1ea419f75707d3f26df85e4bd0ab4d0090dbac359179
SHA512 39479439ebb6fc0cd4ed46e9e2f9f8a7e11ed71a691236082bbc95f7ca97bee204d5ca005560986f03317264f85451e7328734e768ae984473a8f89b80205fb8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

MD5 eef2756729901bb1bca06aaa88d65aa1
SHA1 ba50e42e0860dc312fe9d8ec4df73d1e4de1725d
SHA256 7533ae90a05c3748bff33a51f2d4e082a0624ab8c161c28ee800db21c90aa875
SHA512 51a465e604462194e41481cfe8f8d5ce0d42722d3f7a2cf0b53531620a6454226ffcde4d2867787f6eb9ffdd7a2e5cffaa59c586cc05786f65ce88b6900187ee

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 6ffdb71c9b0e6d547174f11f15b55d4a
SHA1 905479b0918e766af4591b3a28e17c16d365bc5c
SHA256 ee19fbde3c9971736d02132e7805ce9ab9fd01143121053eca0e9f2b7df06dbf
SHA512 5edf5f310e1e5e0c91d5f0441ca7416606c1e66f6f41bf1e97da9a277ffe965bde6585ea026f211735fffbf949fe5c63c03500128641dc15cc93886c46cace61

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 718c3ebafef626e99f89c22447c5a0a0
SHA1 f4d6bb35e6eec4a702247b7f62d9772b69b477b1
SHA256 529d7161c447d710598f7aebe363374f3d403e22ad3cd8550dea993ad0a9751d
SHA512 2fb4a1496e6adc2dddc5704153f483d693a8ea5b5350d7dfd8eb2e8210edd136d1014b7a4f430fe8da103a4c279299771e525c5d4df0134a2f14042c7efb8572

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3e55887aeeaa96ba54c6b426e8d9895b
SHA1 414854b2b3b9b560323ce7f7fd8726489e083107
SHA256 13e246935c5b28f0055ff62ef341f3d3be6c3b029ab8253910db9dedfdc7b3c6
SHA512 5a75f9b23a36c47da8e9ffaf8d30936e1b7fdad57222c005dde72d5bf40b882a11106cfe0550c1b03b9a240416632f27f2c3822f17da16fa6749d797b759a83f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d5bba3e3e9567bbd291b33a7729e88e4
SHA1 f3cd716e66e5a6cce1a5a8435327ab269b2b3b00
SHA256 315b8d30941a1d328366b427d359bb7fa28fc296d95ba0c974d99c7742f358f1
SHA512 b2103db3a8775694c557cbd03628174c2674438a6b45c893835df764258644cf4c84d70a417cb28c27baa771bb6c38de697847d5daeeb059f9875ed08e82e3a6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e25e1980b2c0f8308bf33e7e3fb4d88c
SHA1 f053a23d3d95c0cff029928f092927c38743a6f1
SHA256 85584c9cebf02ff8b2a6a3abad5f73477fb997532ae615242115867382d2edb4
SHA512 76021fa3ffbc1fbba71bd9b723e76730c16059fc28159c06905242c25af99fd142fa4e2903641809a14335eef9e79f3c9fdc2e5d9986ce4a0966007726cdc6f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8c85220c966399da82e78e92882476f1
SHA1 1c4b86dc9d6155ae93c8ce7a4f6e27717b208feb
SHA256 edda15dadf96037d7acc37e0c431ad307dd0d74f91be93f6d7e130b5924ead06
SHA512 5860b83cf2528ce55de695eebe1f649970088f266c774145a6ad0b77b72e6a60da371b42021e61c8c74d16224e74df247bd0a53c9e8b39d240834d6502004ae1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b06e714b1c8d028b343390a3aae1a8b9
SHA1 6c3fd9240e8e49aee4a77e97e477a546bbfa2e18
SHA256 f071808aa03f25380569288f64f19e5cc8abb6156e1908d6f466dc0efdc8786e
SHA512 af4d6af9c902acd45d0ea7c1813d31359062870d2cee1359a3b3cad5667906a6de55957096590da04e66aa90577dc283cdfda0e1913e7f386dcd6b7ef17f3d1c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 176e0ee5bb675378fe2a906cf37c0358
SHA1 a25a55ff163fe704fc61653e613922f0f468cdd9
SHA256 1d0410c7576082458664722143247f8bb8560556435c0ca2e729ff3941c45e97
SHA512 2df819949f459fd16f8a9cb010cc3049d03d1077cffb741913a71c809ade82f8ab76d9fa1f88bbb6f8133d537af5b278eb265e1987f9e292b6a7b21afbaea3a7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0a41a97080b262ab97377adafef74e71
SHA1 27a1b930a4e41e3a71accf5a8d06908fcba54786
SHA256 8996ab843a82276aaee314d482b6d6535b61ca3d32bcd8e2a23f3e7391a51f4b
SHA512 5c4631d1e6f2d6441f4647f4b44db9e4464f9ff76231b607fc45520db5d25decae1f21da89166743e863dbfad298d79b47267b72d8c47a15801ef991b7123b4d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 80b1712247b9a0052963b71752c3ec49
SHA1 a9985b1f4f3da783c4cf474d5ff693010a3ad5b5
SHA256 27edad115433c19101d4448514628d64ebe8227dc27a7401c820b2e3e88f05b0
SHA512 ec5296d7aed7000ca7e5288d1fa38adbc7ed3d6c8de98a52bc031671f577511589630653efab384af15761decbc890cae57d8fae059f96594cf5d4606191063e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0790bb852a4bc1d91fd63dd0c3d0eda7
SHA1 46f1ebd917cdf168052c31cd7d6dac5d01c3b34a
SHA256 ed75f71a8a39f038af5c060777f5219e920019715381d002fa282676c865df65
SHA512 111bf07cd107039c86a8e761f62951728b364025c3d1c85f89fe1b6cb41d8532da358fcc35f34a136c977bd29c9d6be20d01724bd0feef2d23aa11abd1577e69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c4154c13451eaa54727e5c3297359191
SHA1 c76e3ee0b192f2481a809bc2401a950894fa7585
SHA256 02c731b49375c332b7a0df13a7c6409da7bce9b6e6ab6d7e64874fcec45aa122
SHA512 b43925398d375b7a80eb691890c8520c7b6f9d30510061de2e14224675b1ab189b0a97abe3bcb75e1e6af9a667158ee81b4ceed26f2e02584228a2f4eb64d223

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 41d207b740bad1904b1976cc21b78057
SHA1 6aeb76db62a590b32b8ffd6471ddd6db2cba6113
SHA256 8a80794a72ca5021e9ccbda41b4d03ae2cd10648d03b1eeb50a8af4dba49a712
SHA512 79097a068a319b7cd953c71623ff09b22dd812541f612b0496248bcf657a05751a7fda73b8c9b7784d364c287f3c416d6a98b8f5e3c2c2278f5ed648a327cf9f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 d72a39c34ef96ea65ef518ba82859928
SHA1 7a7342c908404ac94642648f660ee6fbd3cac7b1
SHA256 56ac0b327711f99d02bffb227c6b4b6aa9bb04a9b0aef7738fd50b55b52e581d
SHA512 57543092905e98dc7ce97f68e87d4ad711e0c3587f5289d86fa818fca07cd302cf5a63a586c44def2d1d961b849b3e17dcb24168d8bd5d5cc9e2f257fe522757

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 24a618e5d67b27b32c4dfb1fc87a1f65
SHA1 d223c0d0bc629ee621983ac12f34c63660c8a41c
SHA256 eed253d95cef34deb8ce245bd619e85e094530936f863472b6eed2b6d301b1aa
SHA512 424953b1aa40dd3e1fdc7acacd2daf3ae42161ad1dc9b1432d4d1bcab78767c9214ccbaf055e445c19d689d415e398523f51327e1e40d40a30f1163109f55a2a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 5d4fea60ec73355469de3708c4963299
SHA1 edfe59ffcb878bc60409249bd7e9b1787fbdc4cd
SHA256 1cef29976cbcf18c6b26237cb1af5d5010f302aa30321abc4297c347f1517391
SHA512 73a05fe0186f6d220e8f48552b3d892f0b5d3e4c4580c35e290bec44403b8a4545debf0b0be884bbbcccbd3980e8d684e6db2b61ebcaa55c186db0a2b13e507f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 1c5e2735082f7fbda834b28cfd9d48a9
SHA1 4b5769d9b1a307bfc1a928de1bd3c07c5d27a9b7
SHA256 f238f9555387f94dc0060ca345600dba61aea7ce9c1810658dfd605c884f8c19
SHA512 ae5c5a0e542aef6cd735c9995ee87ecae08a5506c6db6964390ad55a36edabbbf00c1ec503a42d8523f1959ac59c03860221528d82a3f16a1c4176e041ddb953

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 d517fd73e9ae9e6d661b91e1435c6d4d
SHA1 cf2c5a326876f1d3a768c1024a51ebc7e77ef522
SHA256 334b3d723f9f96c4311a8a2b3d4e759b661d4382202b1cfb1969e6134f39cab0
SHA512 f20a96eae8a79eef754832183cb1d4dc10f67cc97b14c0f7ebcbf47082c0d4e946a31235b9845f69945e803bf31b321a936cccffd08f73205eb97cfa6bffd112

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c1899bb3db721c0485ab4b0e80bbe79a
SHA1 bac675e884a092173bcdad004919a5336634acef
SHA256 9ef2fa8e6336029c1e8dd46ae82272895d46ccb9c9e772ae9e0980d77150f96a
SHA512 c4a4162625a13d6b83473b2d5b6cc0f0fdfeca9f75c23a2f9e75def467a03624dbc770d77dc6710a453d4db9904fa7918cd53d8f33c316c1abeda8098ea66a71

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 8282cd6c9f816b1ded96ac3f0d591dca
SHA1 a19faa60cdc6e17b89a5eaf9086ffd59bca11546
SHA256 b688bbd0de8fd7a3f0d8a310bf359eff50aa1efb75a5cb3ee5a8c390538fd467
SHA512 68fab04bf9f3bfe1c5a2456e90677d2686491f28c6995059b33abd7e03d7dad8d9f2f629da80fe12b516f15d748af4bf1b289348fc9bd4404daf1b5558254d34

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 90c0c43badb14cd8e7431dfec42d22ad
SHA1 6814ebf853ce909d96fbebc13ce5b73ce6f40495
SHA256 05f77d263c94597d361e7192a221561f75bcc5e2a260c55420f896a4f2ae74f3
SHA512 3eba5313d3f20f59d0f9c57f047a2fa01899aeeb5fb98a3c21a063b96596d4d3c710d0a48cea9b03efd0ca93c9d4f3e2633fda88979504c1a91a20421b797fc4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 9567a00f5ca8ec205eb9d905f1ef8dd8
SHA1 8c603fc8209af721d57f56c05bf8b940bb762f28
SHA256 ac5238ca6c1d1ee78ce1e57b510245a1b487e8dbdc44a780cc8e437049b4bb42
SHA512 1390c3f8be46dbb8f137f1ad598a0fc251c1e9e06ce8eddaab9df5d087f3c50e90e10e8644c34b8d8ef2b2b8245e2d761ca0b55718e087ffc235c931eddf079b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 925972242fc535f8c4e9edcd34135834
SHA1 ef2002bb9ecff913b28576f55092c6f9fe65b6f5
SHA256 c305ca29d72d88c296a9e8f2db4d1aecd3a55d54810a0b2b4d49e3f621d0fd7b
SHA512 4c2c65a78f681bbb138235296e9a10f8eedc1c057796976e986dfd6b5b29ef11b33a75593dac2eee56e2cf9cd6721ad808a10e39179a05d61a103168592169bc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 134733bfee5c41151790a2a7fbc8d6c7
SHA1 6501c3c649478ca5aabf6ee3ff23385778278ddb
SHA256 f39a26d3b76df03144943566bb9071ad934a43254d57652f9a3aad6a278e8b9b
SHA512 0d1ff7cbcbad543cc535b55b35892e2cc1aeac89cd1110411880b54e58840a8e6bc625dcd1680d36c379865beda84dfaf5df4acba944186dec195ba6e813903f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 cb61117a7b9cc781990c7b9004522996
SHA1 164447ed46339a44da9c09e7f26dbfe1ffac473c
SHA256 97c35950f7cf11c3c8a310babceae3ccff17f86f33a124d3dd6165e34a00eb8d
SHA512 9135a5e69e4f6e3e3b53ca312ba69e25945301a6aaee5d6d4f595ec5caa3b25ef74d8eb8f85df6bd2f7f266f84d627d84c9c18c7cf075769daf5c7ef5cc6ef09

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 39532e050de72789640bb174fab59c44
SHA1 6f377466ec3e52b9d1c19142eef0a2e22b08f0be
SHA256 74d5d3de8caef67f282b8275816e0b2cc1cda81c7ddd718f6c6efa9235568e15
SHA512 db12e56d635723d2465842c1824735aed51c65d8aa215446712323fe543503b243b47903fe9039b976691679e57583ca4123680ad3db988dc8aa271c27baa97a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4d7081e0159d6afb5368a85b98af0f52
SHA1 3a5715a18ce28563989140f91df85ffd39415acb
SHA256 7a703340797db1c4bfd4742d7738e14fb3b375ce55231c626d2c857bfadb3fa8
SHA512 7a3bf2b569fa2ecebc2142f072a1f556cb63e2abfae26abcfb900ad8fe9ff544f0665b4c94db483f394d76c740fa88a70e7b2823b5667690b18a20d816e2abfc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 bc621a5283ce9e4fd85aff21db5e3c94
SHA1 dcca89c543ee951567e7864ee211080da45ce2bc
SHA256 5adc7bbadad395924866fd7323781e3bc376f62bee51eebd0dab6df646ea8308
SHA512 643744d6e3b3feb5a74be278dfed5596b66662ff27b76871a5c27a4a6918ebf8053fdd45f99b8f3df33209bc13630d5726d2a0447ecac6a5cd34587edaddedde

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 bd346244a2ca93aa67a5a0d805d74d1f
SHA1 fc251de39ca4ef4b337ed6ec0e55777522b0ef49
SHA256 9c09834a435cef36edf3ac4bbace88bda07241039f087473f54b68f5bdc0cec0
SHA512 dba0fce48545e5cb4355b65bd4b7e83eea6d2e270611d92880122d61e49fed28b95673dd73641bbfc8771882fdc7bc64c5a31867eef8b59a8453589880160717

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 08c8f19fc3df3790c89d27b3b49c30b7
SHA1 c358025a647c5aed8742128866fa44ae225f7e72
SHA256 fd10cf14cf5d1bc6c09f6d0d3236512208448c8e439ad56ef444ae6cf4491ed6
SHA512 31dc49d1fcacdb4d56a549b7b38621c62fd5d3f3b1d9f90726680a20ff1d5b5773bff3d935770ff9194f6002f8fc0234b90757f0122c88b3b4ab216c994f5744

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 7f294ee01f30601803939c4132005e6d
SHA1 5054ed36e3c35dfb909c2e33bfb0b9aca6972a70
SHA256 68712a71fca1bf56618375bd3a65d9f7973a32dd20820297dab2047ce00f4fbf
SHA512 169d5062509c41e505a9b9303884dacb83655425295647643323e8b460f7b6b9b22f858550591854cc6d3f029ceec432bda774e5dc5d8c5bfe1a509efc94236c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 9e367d06aad373a5fdfb43d88246788b
SHA1 6b675823c8eb6e58fc409809219de2cdcb56e07e
SHA256 a5941a08ba8a1e26576d7b2dc9498fa1df688d96b7c789de3dabd2f0f63974a7
SHA512 53ecbca205d4e9430472c9541e5618db70007c1592423435127afc7c9d631dfed0dc17c8ad1860fd08b607890d45a3ba9596f42b546de4424c6dae572e8ff4b6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 7761d298f610d6b141287d5bd8f8e286
SHA1 6ff2e8cd79a979688e6e502decc06d70545d9cfd
SHA256 9127e2eda21457bbef14777a8ceef1cc06520fc2f79721e961d63692e54f6759
SHA512 c8e6f0995565d9c95e749bd6098cd6cf09fb05d4f904581a03d63e4327a6df03a79ba0f98706f7176d1effc4d6d46415cdc11da40eaa2a5b118da65386cf28ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 77a7f9153675792819eb825492071dac
SHA1 caf73b5ee88a353281304b5eb66a797391a2df45
SHA256 9e4627a77f2e7658c64e60f86bfdaa19d3f31798038924e8e0333806705bdfd8
SHA512 27cc85323c703b3bdfe02ea10c57877215e74bd2ad394587d908fcb27ca30d8abdadd8448dc39c2c9267d0e94db1b6a80dffe5ebfd6bce3b0961e8ad240567a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 b32782b7790c994a842d44698f5a1ad7
SHA1 2a38edc0d219fafb8920ef3133a6bd11bb5fb49a
SHA256 af1be75e52d24c36213b59db227d6c61b90d8ea78bb8c7c6b5a47a4178f5efda
SHA512 e830ab422e4751604ff3655cc76fdbb3afeafc0f173c55c4fe0b849f15562756a5c143f6581e85c65f2bf226954479eb7b1fc20227e8bbc9db0fe479fef8c433

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 0ea5e539694d7ec9633e6fbda3dd3902
SHA1 ef5755a77fce3f5bf8d8be95fcd0e644dc7645a2
SHA256 f674980e659da56f8ac85cd70377026aa9535b76fc40a5f94ab4ed0388647c9a
SHA512 b61b1be525aa50776f4da04370318a08b1799d42156950d4c229899eed91578008048b439aea1ceb232958b0fdbef85c092c9d931873dac7b8adde850b460fac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 0ac5bb0966e58f91f4f1b84ff9045a8d
SHA1 679b5ae056f1f610897d7a81bb4c5d4baa400883
SHA256 1521f9c8faeb8d1b478cc9d52f768fd298c9d8886ed004355e5859f1a5e43b63
SHA512 583ba08738ad3060b2b5be7a4bd7fcacfcc4e428a0eb926713efe3f5369e6d4f7cf2f4dcadfbebd58e6260a2572efc2e9122f1a0586b203ac37ae602e1716443

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 786aa5566ef768ee49c4a0d1e19cc118
SHA1 06ffb6a04fc5b3f2c4f8eccaaabe350bd910a52f
SHA256 887ee4c7b106f8ef774d91fa4f363dbb93f553f8aaf4fe98aa88491bc084b3f8
SHA512 e3de787dd5825b0976ac5e44e532081d80ea0814984316d8eaef5d99307e816fdfd6de5504c0eac46360702d621647264f52c0ab32088dd7d6808cd845c42255

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 4be73b337b8dd13511d10649b9eff645
SHA1 3fb54770eaa01b0a6c0f923d7e4c92986c16a84f
SHA256 3a2a1f42b1984151ee77df2e4d8e7f16533174e4f31e28fa34d6b7d58cc1960a
SHA512 f431255d2858020a7e68d1a498936bb8e105cc4e1fab135599207b8b4d2d3546c5ddbb116b9c6236545c63484cb592b97e9212acfb8b39c95a29a067df3eb6af

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 fc7cd1b81360fc777d04ab8a5101067f
SHA1 65deea86584bde6db11db22f76aab47018f0915a
SHA256 1aff25b39cb9033aea936f5e92a3c8eb12fdc9138557cb173d12cc429fee6ae0
SHA512 ba26139af85c47e622580f3d582643f63b7d2592824f0904b3be69ff6deb6bf514d030a3389fe2f537d7d8d2b657ec69696ea9346cb9f722c82ba368e53e3977

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 3696beb56b04c4fcced574195180eda4
SHA1 2aac1f0c3a80269516e8130710c4720a75bdeda7
SHA256 d08f64c0d2a356122f48e3f03857ab0f20e3dd072d533c67b27fa3dab716379d
SHA512 f99a051458f356db5109a223372673159164e1654ad1b20a9caddcbc942ab5ab8c0c91df65935fdeccc291429fa73f3d8a1ce9596e192b1b06ebf4d9537a21ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 a5d0d5af59e43ede6311da2832f1bcb5
SHA1 da6163216505632cdcb6d34d05f629faf1296d02
SHA256 04031480c07f57318d600db8a2de512c6d2a4e00ab6706cd4fe4e5b5b4225f68
SHA512 825a0e1ac40ffeab7d38e415ad286869cbe7ae1b5a2263c6ac620d5798215ed14c10c18cf123a46f565fee6ddfda3cd6b90f1c1591d711942f6bcfd9718e7f8a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 c08b1dc2b90efa6b3e2747188b03baf9
SHA1 6b7fd42ee8d2f3c743383d6089c577f7ba1eee46
SHA256 25aaf65986e2d863d7e7bdd68fa2d8bf7cf45b7ac540a9211c6abe52836cb837
SHA512 b03a0cea9625cb0da85d5a9c3c4b29d8b01bdb4101d4f4b37f3943d8490742568f8cd671ae812c6f804c0cb5b9725e2eb4b9998b2428116e08d5fae651be6b04

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 2a95441d487ddfa63c42ff3879059aa5
SHA1 64b257edb7c9f37a8dd6fc8d7c5c5dd8303b23be
SHA256 8935cd37204ff86b694a2b6e7718a576c6046bc005842d912d8b4269ce0a4b99
SHA512 1a60a9a4791faaac799af1005d6cf14c29555e73e3c8685ff3a6b8bcdf68c2583911be72fcd4f5799acfe6a3855237705d07a09e77eb78ec3de9ee2aa7b8ba66

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 c7ca966c9e5457cad751f97ffabb91b3
SHA1 3c5a225722d1b86bfcd9ea0759f6f919167b00cf
SHA256 11bb496170eb207809add1081bd8c2280cdc93178b0156ca423033675eb896f3
SHA512 3f244046d485fa2ffaf27441a9547fb186b4180c15c2596be5bf72eaa0cc93aa60db74106d785e9e9f6b9de796dd5aa60dd2bd871226126aec73b76a7d659c52

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 306c7c052fccbd5ee241b1afca312306
SHA1 de96507501f966900f0129d01ad7c6471672d0c1
SHA256 944c7ba23b9fbf6db5d17b3791b1316d6bb9651461b19e7b91d6c8122967aeae
SHA512 fc6fb35ec824edec33f013be296120ad9a9887bef01fb5d2ad9308dc572147b306f8d39d74774d813508e8c9446a96882adf5b6f7283758ecaf0a0f9b100f51b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ec4a4797860d1f3f06e756e5c20e87f5
SHA1 d2fd82a612f833ad5e2abaee06c4bbc4ad847b73
SHA256 851ac31321992e861cf7e4780bd62d1491ce8e04dfae841ec70bb8a1a1536b1a
SHA512 4ae48d2d759b0caf4fbee93d1b90da1497edd55aaac49417c0f9bfcbcfe0174caaa9397c292575374791fb73758125b1c117195d2e89272376ebbd08c66c11e0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7e828e3969ea389d682a5ccdc5929e8e
SHA1 5d2a7cac40f3c5922f8076ecf6ea853df056e0d7
SHA256 7c31f0a69806622cd3d9207fe51de082b217c1f9b256da9db5f9d84874ea30f1
SHA512 ac43e4fe646ff5b9af89ee771f50e4622ccadc56b865520de68e1864a61568021ef520db172777fc7bfa78ed9d3b80d7770349ed2ac375a3e98cf2f0159333e1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 714bd7a1bf5f8b687cdf4df0105447cf
SHA1 996444549aa7ab1133ad4de634888b841c3c4db2
SHA256 cca09bfc5b58fa0f7fdeeb464fbdf140cafe3b78065168bd0d732335ea2bda2f
SHA512 6c7c88c1c9cd0595ae9d86121d8a770e4394f9e30b7dff9f517cbd8da7bebaef5d41ecce0103b98731fc8ef60fbd334c40804c39df13043146049146720be51d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2a9163e352adbbc19daa85ea6f495e02
SHA1 eefd04d8f4d9d8bb94b5ac2866153784d7413fc3
SHA256 368772c79c5db4d301dc2cd42e7785efeb5dd542966ff97bab5a4bbec78b4312
SHA512 8aff733fda68fa30d3703ff0c2efdc47e48f6658e35707464ab11d67f68be6845d6a50ad586a1bca6407e3d4abf897f51e7c03c86abd7055c5923628d1105eb7

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 42799a8e6bda0bbdc468fb40d7a30f2a
SHA1 9f1c69e27d422b03590f7b40113f7a8a0fa20e06
SHA256 912e0eeb04abeb96516879f24b43fc78268358e3d480e6a6ec7d0304ff1ca288
SHA512 8c6418d6b9ee74e97231c1a936ee9cf8fd449570654cc5a80cf15366541b4e4b41c9e53e996c28aa6b916bc0b336fcc48281f8492ce923dcfe7c21fe3f58dd60

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 09:17

Reported

2024-12-06 09:20

Platform

win7-20241023-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe"

Signatures

Renames multiple (2199) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21320_.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.1.7600.16385_none_0d612eb0a8b155ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..entclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5536a12cd57020f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ty-syskey.resources_31bf3856ad364e35_6.1.7600.16385_it-it_496a4635bb5a2532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e89ba9cb6f9dcbc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_51f0750cff4cb31b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-app3rd.resources_31bf3856ad364e35_6.1.7600.16385_de-de_092dcb7043a043eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8b200ca438fcb5b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\78ce3fd89c50ab2d8d0ffc42ad838644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7f0d0964d059a2e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaep003.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_38b653653c7d630e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\EventViewer\21464de9aa1dce17c1f42044129a986e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.1.7601.17514_it-it_3b0b02d59c06b437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_22d0a47fe964019b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..providers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8aca2809e3bf6497\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_es-es_949f9a643b902266\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_861592c73a32a46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b9bd756f19e1e67b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.17514_none_c67936fbde6722ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\53cf54ff35686c4044952a8cf8b8021e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_556a155877d69b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..moregames.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2a9d472eca822078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_302e68ca7021e39c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dc65d79d6619fbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_196bbbad4be46a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.1.7600.16385_none_c90deabe0336cce6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\GB-wp1.jpg C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-rd.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6d7ed4c5abdfe031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_94d8c43d28c969df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.management.i..mentation.resources_b77a5c561934e089_6.1.7600.16385_it-it_138c245ea7b1902b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mobilepc-sensors-api_31bf3856ad364e35_6.1.7600.16385_none_5e64cd3b287ee4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_63ed8c3a00aad07b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8e1ec0d4ea6e3429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7523c493e2ccfa7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.7600.16385_ja-jp_b63ee8f470f6737b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\inf\.NET CLR Networking 4.0.0.0\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hdaudbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69e9b951684ed826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2edb1393eadcdb52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7601.17514_it-it_00549ab0f94c31a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_42d978a515feb50b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_de-de_47efd9cf5d66c35b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_es-es_15257f1f79fc40f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2e054b96ee6339d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-system_drawing_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_6f122e8e3a88e186\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-efs-lsa-extension_31bf3856ad364e35_6.1.7600.16385_none_252f55f1cea824ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_de-de_871033f0b8a4ca1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_512fa3b8707f96fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_85615a334015f906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\45d49301a9e8ff19669155b1ec5c45ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc15f8cd954588fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.servercod C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.servercod\ = "MNCLZRKXJMVEZRX" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WOy6DyvB263h19Y.exe,0" C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MNCLZRKXJMVEZRX\shell\open C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc3803ef89079ca22a52c6fc4497d682_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a15f40837c86eda78b9c082be38a70ba
SHA1 d57d6be5e82ae6ac131ff1df23873ee41288d158
SHA256 a797d863e66b8d837c879aa886128641b2496a8e7f33fb44be328b5582b5799f
SHA512 d2864054b32cc3e96420fb3fba0413382b33220e26216e1e70e2079ea0987b554f97196dc544c9b34c1ea83747300b1817c3c829d382a6d2bb38be8edb781912

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 851e74693ce765b432f22ede5db66f1d
SHA1 b29ead6cceaca2284ebc72badc2b8be971260d81
SHA256 68ff9d27de17a6db16b62294f76a3b788bcfcbcd25dfb578dd92e7fb6d7ba453
SHA512 7801940bd7458eee8bdb0f2252f6edd7ac2250bbd296fa6429e489816d717bfcf55bf75406faabea31aa5e4269753d39adb98c9dacd6255177c962dc6e0a0557

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 9dad9cd0a65aa31731d9ef9dd1ae0b21
SHA1 c475707eca66c78d4bd9c42d38033f974d300bd8
SHA256 a6b615146781a6fd52698fa1be0a19d3ce9e30f33843cbc4d80353cf9f8f79d4
SHA512 1f5139dc1f3f25aa641caab34ca81122759a68f2adbf9f0609e0b5c84878767be5dedd0f9789f9cd09552b793074d684b683bf684773afea60a96a3f35b63f69

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 009ba00b2b3167f6461d5e1551a86d16
SHA1 517d0b891ae04345c8218d4462ceb2d017af128c
SHA256 fa959fe02e5a5d3cd429b953720b87e426d819ed40f18529a0a0a5d4874af9cc
SHA512 7732ee33971bc430ac13e9dd1632f9113c32f471083c2cf77f5268763d1db70df8e32e9db511375c5a76699d5a63f7e6f40b84df3032ea5b3448f59e5de3b71e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 03319c80fcd3d0a62296ed378c57ecdb
SHA1 d2d065e150d95f7f432dcf97d7172121fcebe68f
SHA256 38db2dda5e979261629175384fef3db8ac99e71e170fb1ee45b0918f0643deff
SHA512 9ba676e17ce8f056298f1efc0d85fdf820b9c9df3a69688a67dded2d70720197bc2aa6b91aebd2cff6e227c306dfabb99c94d7c766cfa59b9c5416672c0306a9

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 2e7586b1a5ce58bbae81c63a35b76859
SHA1 f203ac18d092c1220247b751e942be076298c67f
SHA256 d43d05d9059ae5bb0cfa0080fbe372ad04cc65199a788acbe6bcbb8bb06b5585
SHA512 938101f4b536d559e62bbfbe8b38ee8324a92b2e10ce12b0d4448a30223467661d086785f40f9ab442ac3cd270fe1495701e9102472fe97c096bf591bc231969

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 243534e74c2d2ccb0a8edfeecdcb7dd0
SHA1 08a7b6ee3cdc060b646351877dc97f3ddcfcb0e6
SHA256 77040523a3b7e18114639710d68e3ba205d76497d10bae6a9fedbe7b64574645
SHA512 611c93ffd6a6a0e7a8177ec83fa7cb4ac39b7782f738096cd9a34640100efa99a96eab45343eb08851ac4188772c251b452664d9b02c925b1bb323f9ae119b69

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c0dfd1aefc706c7fe17018160161cc30
SHA1 3d220f8ca1d330c0f612942448e993994b67c2b5
SHA256 abc7f14ea33f3a7ba577b0aeeb939361913f8762302db766c3e1b0652af36da6
SHA512 8db29ff5fbc0ca068407d6836410f6e3e1c7e248627843a67ffc432e15a8ad4f8fd82f2d456e5554846553932c8e763d081fb9c7c90a7484437723db5d745277

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 ac28f6a6e020858c011713e4395598e5
SHA1 8f5d0298f49fab31b05c8edfea3b39af85b3ef88
SHA256 51ac6ecac168eee2ead3d6b514ad68c6c0c3dbd8dc2d27b65ccf6fb2ff216c48
SHA512 c1c3bf75a1836934d0d53e778a4f71b6832696888c4a998ac6aa92c9a3079b82bd6ed18754939c777fa4a1a433f42d029e385a8d4b41bdfcaa795af9a82f9884

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 3e22156cc7b06263efb6ff07cb2d9346
SHA1 6d73a5c8aa359036bf6900333af823bea691c3ed
SHA256 a7ac0789f802cde484c6f5379462106db16baee69dc803ae018d397e49b49c79
SHA512 495ed328c7766c6030c3ca3bb2dfbd57f0fadf0c7c63f58d6005574e1493da425614b5878eb849289e08abf47c101e5a8300be67fe3332b926e34ccaa6df33d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 24194ea3fe0a0dbff8a1dff015ef4683
SHA1 8595f60a07a16cd3f84724f1b83948f26a4bdd58
SHA256 83bf8024c707d66a7bb07748440996e5905a766292acaaf3e6aceb755f227bad
SHA512 5effff7fe684c97ae580a46c5e130f2cf2351266366bb4b58b38ac9b15daa22a77577722153b101d6fd0f5610291456f67c457d2f44e6eb7547a314bff716855

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 6987bfe91bff59074dc2f1cc903e814d
SHA1 f03150f8282c0927acdecc8869a7e7bd062e49c7
SHA256 b6b40cfadae0778c3dc1899390e0befe06627fc42bd7476c013510fc10b89901
SHA512 2607e31dec19b9bca8c5e6991a7e55dc945c32461049a7646f5563a3f07f5e465e5ab3fd209466cf3b8f4d53fd765a60b81b4afad787b2690b87b7ddf34e521b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 4de07b50163a0b7ff4936c4643401f69
SHA1 9f2071f07ab94c1c662101d642aee09506f3e4cb
SHA256 79afc5ea00039e340b845583073637da6bc983f73930575903db636e497bf694
SHA512 4e29479245186b2cbf58b25c4791971966276181398bdef423f41b65b0b0082d98cf6626a10b0e243f7b68d2f78c610d87e3236863fb23bf997fa4cc2852f92b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 dfbf2498f6240e91233e1a7b1f92f168
SHA1 4d0c13f477281afb57d5ba85446c6e1c23a564c6
SHA256 6a6c84eedc57532bb37223fa14108259f94080dbc77b67cb2b1053dd500260a9
SHA512 1e9f8413549cf68bdfa21b06a1ef156441f1eeb5af2b78383d2a71616db9a1cec2ba008829f21bb943051282a4c5497d911535b57e6140ad7cd99ce33f1ca56e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b441d4a96dc52529db6e14517e949a94
SHA1 e4df2861ca2b6f8d2f4c725a05d0abf001fb6b31
SHA256 9ef9162d940fb7949020feabfe6bd47a4224768fb14f31540b2d247854e4d6f2
SHA512 92be91456c4596f2188d6b97bd3d18f2e502ccd106d19483ec393612d31b30a6af942f972bbb44181602c23f8dcb0e0738ca35e8a7d06ae07138183559112845

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 b40835e5e63b8c584bb13f3680f8cd18
SHA1 3b925c3e8afdcc67e94e98b9e9af341aa4ce1e86
SHA256 67531c695e6a32305f50e4cbe13d37385a6ca75f6769cde24ab5fa6b3b0ff1d0
SHA512 0da608d4630779cb041cb42cfe1e597a87bb41ae7bdf371b62b9a0b14e7137ba2316022390bbac9b2e1b419f4348e79a9ff89de8a8932943a7e05fd2585c6da0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 1dededc4666d4a50b74bd7ae2330e606
SHA1 969b2a3700b8e0bd8f6a9d95564be9b98b8d670e
SHA256 3f682b941dd905118b42f055a353b71232c990add641585218ff5ab8201e2cdb
SHA512 ed5cb319ec581c8d62dec7ae759d86baaafbc4048933a0ffa87782ed33323bde93ee9114602557e6442b5dc8684d16c729d7d8b65990b2f5948472dfe8b99242

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 675debe49664a6914bf2fc317231e755
SHA1 1aec8c2d23b24d4589ddf6d4d15b7eab2387305d
SHA256 26ae9e3bbb47574869966ea9791ec268d663f4e662bf0bab973ea603d50d98d2
SHA512 b759dbb6c952d8285b83f98890e3ce1af3e93153d2106018b55988c855ff2d4211df777c08b402b0185d0a79e5d0a1c66c5b5b47f39fb82f8a87727e406b8f92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 d0e7a82de1a5c73651515f2acd0d8f3f
SHA1 f3ed40be920e4c974f12c9591285c828a70e9758
SHA256 c9b16cb41510e26eaae69fdb79f0e4121282ed7f1bf3929718b99f730028db6a
SHA512 33395f178a2b14958a9552222e9ebb5242d7fdd328c1e3e4d480751fddb2c7745e6e6d8eb0b70b37c02992fa694670b25f489d11f06e574f3cfabfc6227baa4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 a76b0e5642bbf6f41f8e8a197a090747
SHA1 7fdd2377b3b7469e9ee8733dcfc1fe55aa35bbe5
SHA256 bb6ebf63db33bad56c67e1f7ef790bc80f4449014320e9a537add1c23bc4165c
SHA512 57dc746635e4f070a52799c0d7edf12593e0a532c0feddd18429503da1321be5e74833d5574e958e04dda18cec570445a38b6bb360feb59208feeb95e2ed92c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 f255e18e0a6a5d3b6f841687c5284c9e
SHA1 f84bd24d8e2d021e4e29b296435939c906583ca9
SHA256 bf140241456ae88ec2dcb1a9b7b6041e2642c5aaf9cc79a2f4092cca8738526a
SHA512 b4690746982a0f30430c1a675a662c5e079488bc634005093847502e54f18cfdb32afeff3cc85878577bde118ead4dc6230f8decd9718ec6b97c5433bac4129a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 c27bef1a3e0f8a3a09604797224cb3eb
SHA1 264d6e4f8c7270fa063c98a448b4644f59f3e27e
SHA256 bddc463a2a13de772db5f1be53ed20efcf5b68796f0578a5fca9dfb185ff0bd8
SHA512 8c11ef1b2d77071b9aa03ffb30b2af97ed2b3532175393fed61fbcec258bf7fae79392e57569e9390bf84422c706afefbe1dadf03c0682dfd948453e18b9c8fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 23a1d73d3b15883c47b5df123b1cedf8
SHA1 f7e5fefa097a54d60ddfff3b66cfeeebbcc80191
SHA256 f5477362053a711abbb15fc72bbb6a01e601e58b147fd4e8228daba910448637
SHA512 6ec831725fbeb82550df1268c6b84d3050478b5138ed9c8099fbad84dfbd2e5479d8e8b668b38a8ea53518c3ec5b9da11ecaaab0f7892d7644816c415b421e5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 db487f60481b10708d55946463779da2
SHA1 4aaa5de817e4310b090c408a5046f245237f1af6
SHA256 22ca2785d28ed8334e3144766f947e2311f7a13c3aa5d34a34e96a40e6b37fb7
SHA512 749454a9415cc76333f9d84e4c16e6ef6c3bc6baed3058583ec9654c1c928018752c6310d09f0c6a75eef13db5fbad2b49a9bc8b4b6f24ac900f602ecbce3a0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 fbf50e30899a3ae4ef64a2c9941de805
SHA1 b68d08c85a24485279922cc5def3f57c1a32fb3c
SHA256 04afa9ef41278358040d536e7ef17ac470047f13cd720e7eb38cc83a6137ad06
SHA512 29736a84ef1944ca025edc40a1932677838f7711dca25393584f4a2f9a2917703660d89f75a70277e734a37887a862fcbc3a7fc1375eb395cb08d3868af1b198

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 127e5c14959837791091a18ac537fc25
SHA1 c9d21bbeabde262a27d5033535a36c9a339e1ee7
SHA256 19d27a4de6c281080d079fb5929de614731de43abecd75201347dee28fd2cdd9
SHA512 e27d98a5d62eaa03459d7ba42d56a8a9789862320a8b01fab60f23814204c49d330a2f30e794721363992340e5de695aa0f86eadee0bd12333ca9cbe1834ab5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 b26444ecc3dfbf80e36922eba19f982e
SHA1 f184820899dbe6c6f1467aaf6a0e7c9b0ed6bdb1
SHA256 0728c13ccaa68d2f9c6a1a05face66d0e7e6d507791397bb13c994ff7d1be104
SHA512 bbf778ab6af3fd5a316580c393c7a86ef7ac44063c25bd75a09dd97476ef38bf31c47732378564c5263ce787070515aa0d726914d4ac88c627441934d08ddf38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 489c64e018672147a1cc1db62e86cff3
SHA1 f6d205eb041781c0f71bf8fdacf8cc6b29526b92
SHA256 533b12849978fe0f93e7935a6614aff1392a36dcf397e50a4ffa58115d6e08ea
SHA512 915cdd6d564d11fc5c32a1fbc4c624572923d277a317f41bacf4b334d6cfdab3fc25dc8a598013b4d3fea05d2e085c408039fc44068cf0fcc34619767da3e320

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 87d08edcb4a916f6ba199c5d4fe0cb6a
SHA1 76d6cb0ae8b38f860b730235816469918f02b928
SHA256 48c60c25fe0f8209ba0988423e387a3e2f3995126ec995b603c052fcb64cfafb
SHA512 a1ffde23abd50ae4028996c1416a605a9dab615cc7b862b6aef991079e127b99146547e4c96534195c6150c141b7a1083ce0d7cbef8898a130bb8a2b3cc96510

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 41819a0ad86f5214720e957d723665ac
SHA1 12bfca9fb8569204cb0c5772add0f7bc0cdde3a6
SHA256 c71ec2bd837e442c49418a33bc91d328291151ea6f782c9b9cf60965b3f75726
SHA512 42f881595421452cd7646cef267fafebba15c8c6639c952f603fd64d721c66c1da2c7ed435544b6216f9e5f8af09e67edf929eccca764ef4a9cf1f42547dd95b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 ff33928c8ad7c9340b5d945ea5e97b4a
SHA1 7f69b583a3fa16eee13634f712ea7ec3806e474a
SHA256 03dd81ebf2651a93b6756eb0e58b30a1ee56c1fe14976c72253fa314c0ed75c6
SHA512 08d376a1f881e42eb80d9c1a96d51f67f1ea49577c8263da445937615cbfdbfe9e4d4ae94b58f67de33533a95884836ec26f6ccc51df9e739e18186ca5c8b318

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 35af723061043a5f854236bc046512e2
SHA1 8eb2a0e30bbe78e118afa5a6c6878c640e75c501
SHA256 904d219e04d1299fdcae4c72f089ce6954d67ccc626cb390e29307bd3e7dd510
SHA512 93d9e2be64ccfc50e026b0bc7da5e7f0342fa484267a2de420e38c48b31cbb5bd81c0813c0e8fa0ece12b47c2bd9575b1f01a4803e6c652b1bc51a7afb0b83a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 60e40fcff6838189323c0facf79446c4
SHA1 ad74b018efcdd1ed2c129487a547bc620b801386
SHA256 8d4acb5efb9b72cd773b40b626b48c69d66513e362f1743f3d497b62bb2db107
SHA512 b80c838ce6b27d83c11c802ff80897504b582ea27f9584e93ff874922b54934c1c80ab52887ba90b3b65dbe143f9e7d92dfcf46fea4322be1591b9b067d5cb91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 ccaf3ab304f7806e2bd022a1d5fe67f6
SHA1 eed196831bef6e72f9683303bf073818e28f9873
SHA256 583bb7cdb372df1304e7449d3cd473a6e59c04a8eaf40ea483a199fdf3a30af0
SHA512 1dccd854efaee1f39e99f63fa807e8912f27734cf7dbe8155898548a1dee922794a1c0ebb0893ae85b0e8bc8c4489df59d3f94c5b84b53c2b601371a349893a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 980c2d2f1dbdaceeb67b0d913ff09049
SHA1 5f948a01c5d070101b0ae1880c1f229921fb884c
SHA256 2457bc2a289c4bf4f4ef519b81ca0a419b8ce671e7784bcbb2b1acf3e5c4c9ac
SHA512 77898dbecc329e927e5b484cde3c253c970393ee43f0328f7843dd4efd1099fa2546f6f441fa083622908a5cf3e7198bbbd94ce54f3cfb28d11f0af9304b05d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 cad2bb2cf323f192989bd5017bdf683e
SHA1 1d598483e3774fe538a86e5febfba9ccc093e756
SHA256 ea0c60f1472c7388de760876ba2b1ae611ef0008f3678c3cd9912a7a8cc6750d
SHA512 c143253fe737f20c522c3638fdce9f9eabd8f9dc8fc5b2651e234149a72834d7b0a5ef730a0a0442ce1c4d8a32e8acf510526c47ee0f4fc8711f7fe72343207a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 d61180c2079cba8fa52fe72959c1e8ef
SHA1 2fb51fefb1a4b54fe266ad949228e5b7e2c64744
SHA256 6ac9b996766bc96a0a3abc55342127b362aa56b9b6652c8619e77f439945668e
SHA512 757f657f321014faa612fd0deafc448d5edeeec0d98fa75364fe95913ec10eb3974fd7fe18a5aaa21f5af51fbc5b4448b5584d21996c0eab2fce34bf35c19bba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 81f86cc2aa0bfc3e13904105bc8c5d3e
SHA1 1b1c18c8c627b9cba421e8609c2c3d5da3d8bd36
SHA256 d5662d0c1138dabcaa0b10e579ea06aa610a552c92f406c19e6f69ab3dcbd366
SHA512 028f8cb16297ea3e70dff341649b2442c819c773d04ba4d6b79ff95c60948613e8a0c548e5320c18f454e5d6d7eb82cce24b700a1458823a71eea56e3bf7029a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 987fe3ec429f2da6691a4223303853df
SHA1 1aeebabeedfaa019b33a0cf546047d8a7cecfe40
SHA256 0da4417242d4578193956012af44d98add913f835adf0abe60fdd59b84e1c6de
SHA512 b2a47bca693ec575e21a69b246b20772311ba00c4f03edf84113691705b9783fe73b1efda7ccdaeccaf8cd13960760743f924520835d654c5241a32da17e82cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 1200f9a761630ce34917e7c987b2ff48
SHA1 871fd79b67d1d56702cf2942583622d273a3c64e
SHA256 c79002e9733493cc75eef0392676b2052c9429ae1df7aa5cce8f802a6959646d
SHA512 6db8c342c3922f26ad73fc3b2eb18ab5d308ac657645817156e4cea23475f7d96ef4152550bbda7029598ecb6ea901eedee1ba01dd9c5e9b734a06858c830728

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 ae91b86c610937be5d6cd41813e48dbc
SHA1 27461791c27bc8477dd045cb3fb45716b0bd16ba
SHA256 2829626ce4acbb3de003ff09d6e2cedeac6b291c493e6f047243a169c1009518
SHA512 47a08e9ed4e51dd9cd66d272e05644159e275324d0f54e3270d419de755463d89c6fd5f125cd9373e5397dc70beb57d0a892cada287e66b1a1c7bfcc3afe1d5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 4f3b5553a6da47a81784f66498720840
SHA1 40ce80721fa8b781bf50ec095dad4dfd66ee784c
SHA256 6c398363557327c67fac1bbf84e1743f80db729e34bf291fe3f2f371e6ed245d
SHA512 f8391e38ccc7bd324c30ed51e189e75982441d440eeb92c5a8661925fbf1124552c1adf31b1f5a5cb6d7bb578620ebe98654d872bbd71df528e55fa834b942fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 435ed5907917289ccacf3c5afd58ab1a
SHA1 acf46a908c4916d97da7d2b115a3b4c7ca2a0581
SHA256 96c1f6d78a358c7ba3294328367d00c78936ec3db27c3c186c36fed77983ad11
SHA512 67c4e59c23b60e4134b430c0f5af8a315da60ce0940c55294ea11e8081cdb01bfea3f7f051ff77cadc2f54774283d2701664028ae716314aa901d8ad7d14f910

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 e0471b0639d00a9056f5df98f5beea16
SHA1 cf1c08c9063bf3a0a025e54c14f00d193852888f
SHA256 5dd6c5b04aa3ed440168f100711d22700dde1ea5341f99274e916b5b18e58582
SHA512 4ed18ba9cc776e3337a1d0d881575703b8ed6cd6a63b7c097c8cf90ea4d220fc75dcbc340b08e2f08d2f17ba41ed7795655fb6ada27bcf31d780deca72ee1daf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 cac6dc2e884faabf5308cec2690e5cea
SHA1 4cc5658852766db5411cf46f1923b8f27f3ebad7
SHA256 3c3805c94c968cc72717f13eddff505af7532719b5f21d033c479b78cfae1ede
SHA512 3340f7c346ff78028e3155f6b64c0661b45211d12185069ed03489e3f14109c32c8782bed499b205dbdfbb478e06f93fa88a2a6e734ad4162431652ab67106b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 ab8bbefd0f429fc03485def41559f570
SHA1 5134715bd8f4fbb870bb129c6dc1d99a1e7caccb
SHA256 5d5481672abe2a8b370a2b19567972cd2959640334a180064c842aa8e7c3c43d
SHA512 20d77063aa13187dbdaf279a61467bf6c7bfccd3e221efd4c73661227a5cb7f71238d8f7e0effa4605edf894be1024fb44a5018e78ee531ed415f9ce3eeecc1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 1070eb1b81cb97bc504159dd2a2110c1
SHA1 02b528081e1c493e96a53c39bbd83a00331bddfa
SHA256 0f498812ef62c3efd927a02b918add257434db90b8ce00a0966d2f68763974fa
SHA512 b3ea0c1415235640a1006f22b39c753f0abc40e1d4bace563fcef7efd2cb15eea8943aea269d54e2e9691f0489a3421ad43fb7d2a2db0cd71a08a4ace3cbde59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 4a4a8999ca1abcf8a8348dd477f8eafd
SHA1 f5f35edca7e3520c0221ddbc225c471cb3a0574d
SHA256 7c4670796094a5ce8a462e5dc753e8d94f2fbdd8be06e259611e414cdfa24a72
SHA512 02d199044d22ae55016353c3fb6ca516b6e5b16148bc84407a0300902ad8c46a89d6e42746f8358960b551c60f1f4a825c880d16a0c0c741e2b7f8ad498d2493

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 d7ef39b5df4abf1530523fc571137bd0
SHA1 f4a770595e3c61e9a403cbf0415e6e8c5843821b
SHA256 9c1f728d573f7cf6cb238adc8041cdb00758366f0dda9a9e3f60173a5b778a00
SHA512 34d949a0a19169ec1b0cb54cdca6783c39cf5c5fad97b83dd26d809941cdf2d2ee4cd853fd4f880cff0c8b72edb21f3bdbe161d13a8ef6c4c2c497bdb10130af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 1f0f8bbc7c753719c7d4d647e12c01ad
SHA1 6291f65cec0bf2aab47f74108713abfd4176ebea
SHA256 be1754964fabde46d0d3b8878b34935b8fc28d3f7a9f480b3a68ef5694872c23
SHA512 c418588d84ece4270fe9393043e087667b65b430c5b6b8bb20241f59e3636ccc58915e90d7e45a1ac47f2c1cae4d49308198991cc7f5bf376fe235dcce6a50b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2d8f42647399367b084d8e4066c55b89
SHA1 3fb1d950afd10b1a149c53459b105bef894d4a15
SHA256 79d87eb6ae97cbeb12e693555af65a0e3a337bfd4deef480729cda6ee0c61be1
SHA512 3ac516dfedc29044d71bcf199a16611206117e6ddb46857cd006acf0b8b7e4312a4569da9b099ed154e4445c320135fe7c4231c4500c93e646483b54a53fe885

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 4dcc9307594e0bb2941741865198f030
SHA1 8a33e8ae23f5e7e5c6db12c4794311fee3a8a74f
SHA256 c371c673ed2f071fdbcfc59261e4ad2cf664b50240a4e00613bdeb7a576705ef
SHA512 9e398766f7d8fe39e950a619b9600d64c04fcf39ee3028805473325baa4e06ed0f39dee04c0304e52517661d9a130334201130263b4c4e4561d4b1792fa49819

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 3dc2660bfe47480919da679a80e8a081
SHA1 18a0640e11e1e4908f15e025cb10bd7149016780
SHA256 ad38dccd3e49aff15755409bbd850ddea37a2f47bcc1df65b61f794406133c1c
SHA512 d9ef2c8dce4eed82b7c516c89ee0ec2f6649d6f6bd7288d68c84cc91635feab817001111da9a8c496414b246d309becb4612d3188c96c58f62b9bebb1b99409f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 bea1dba7ef6bb7e59e6a0caf311740e6
SHA1 ef7485581933530dbd347a92bff9adec46aea644
SHA256 b18f22316964ba4e353759ccfda779822760d536b2670c523d6f7b85326ed6a1
SHA512 dadac95ccdcf05004aa2bf0ca3939991b9a1fef32f9603711f47a65dd50563c17ca77802669cbf109d747a924c0aea0f763788f8ca2d04a1c1fbf0e1b8b5f2c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 799bce5e5f5bcf7580281aa9b2281423
SHA1 28f424a4451d5d816e4fc36f86c1a60b862cc74b
SHA256 28823fe434d53975bebb4dd277b6b3020ba67fed62e70c0aa577eb35248e6604
SHA512 bcdf1ea796ee4d001bf266ec59c2ae67806657a53de7ce6800df5abe722b2c825cf2d8e03d1f0cf3f1e7004e60a9021ca7283a8e14cc3ecd72c10902a99a8153

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 3d6c7dee712defd7e7b1aff69e2cdd95
SHA1 dd73d3df2ae6f386c0ac6ca22e7872eab9df74e9
SHA256 7ec91690f0230d49e89d3120a736e77aa001b5c4fafd217d929903e7544ceb9a
SHA512 709ab3e9acfa975d59d1074c44f807620403832199aa9f9dc329e179c42f85687dc16a883708c49240f58dd0eda3fab589aefb546187a8c4065d78a3f4eb3c1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 ef0263ef9f97ffa354741bdda8bb53c9
SHA1 11b206fcc278fbec70007488b51931f821ec82e5
SHA256 7638e55079975c85fb01c0dd9e5e099de91af78465defdd350483003ea2b0ae3
SHA512 9ec5a1ecd5061c4072398930d71c0f71093a41466175d9db620e59d3fda530b1bec5921c7f11aec710ee24fee67d0f19db1214a1f33b0db7bbf4d1a016dfa9c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3acc5b4f65d061bfdfec0c7e7bc2e2e1
SHA1 c7af800f278420bc76f8fdf883f088e4cf1fb996
SHA256 36c3be5d6165723e37b27aa0c05e08b479dcf94862ddf854e7875e0fa10d6aab
SHA512 474bb5d432d841574f34a91b833e5bfd569b23b2ae109c6bba9d7e2a00c71d455960ccc3c3d60e339688eed95162e3c2eaadf3ec17afcd4fea578212ec702854

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 7f05903b2432cd8666344fe649a68840
SHA1 ebdeb03d35401a7c5c3c5999c9cca06289bd1281
SHA256 220998a8bf6af061d875c76b7f6d6bddfcf534c982bd8de9a5280ae4485db4d5
SHA512 2a43cb146e8f132aae69ae0f61e58815fe7c97b96ec3e45f838a87b8aa4838ce54014b705930b378204a495b8b6123862970c711b9b6ef89d68d75c891792044

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 9591e6934b36a0e822b227da1184c3a4
SHA1 bd334fae2e47b6f48955fdc29af91f9ae2660e87
SHA256 ac6c66cc43c603f69c220b4850a2a54a3ec188ee9ac4e248dd9786dcbde8fb22
SHA512 a743a516d251a88c2e154c9f9f6c3818b9c143f44c16223d92f6daab7b04a95dfa5cc077fef2276d169ed4f0acd5594a068ca3efe7a886dfe638a9cf351e5510

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 55944439bbb9e6aa41009fd028a84358
SHA1 edb443ecf813e7adcda09111f48ab36ec8761588
SHA256 0f2ff8f204870a86faccf71d59e0bb9e181fe8d2477e5e299c907a23d609f646
SHA512 9a5e97b24308ec7e4dec96a7565a2c8efdf90ac7650f017916c3769da8c0d1077e77255433d7574d580df66a7654077de2769fcb68a08ce100154e4b3aa845e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ef6488455b275195e59210ec99b8ca23
SHA1 4c0a2c1761e8e100cee3e2238a801e6666d68fe9
SHA256 7db8716a5f3a710c8f5b015cdce97fae88f40fc6423be90f6172988028d8b689
SHA512 0deaed7bfa1175b073c9d23aca98560e4f700877c816e10ff13d8d424e4a2ffece34324b8c790d35bca70d53f692535f4a19b7f19df98c5898b3f102cb86f940

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 768c9c71a9ba9a4baef5cc128fb7f230
SHA1 a3325f9035a4d616c4992df23013a006e4e1aec2
SHA256 a773d0e67b3274520166ac58c8d4c256c27ecf8b30b407cac3394e5e9f567d81
SHA512 66c4c8469a7878bb202c47ada10da234ed6d4982aa300338c2f657abe84b1258e97005194571879cb4ee341a65c6c38819638700f99df983c05f5306406f3928

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 348a34f59fa7bb8900717d8eacad003b
SHA1 0a06b24e75855b582fa27248d7aa85a3dcceed9e
SHA256 57643450ba049ba35a02b33d706baf3d12234ebd77600f33fb8d1dd09ab772e9
SHA512 4899185dc4e42e2540684aae92de899a21a13c21fde7a47d18bcf9ba9b372c2a64075805c4b55a62cfb46983eac8db79cd9b2454763f2606176919eaa2ff7806

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 002db7d03bc85148729f394e54e74fd4
SHA1 890ce003a028f051be9589b1a0b7ef5ce44b8fd8
SHA256 22967d4f92b989abcc83945a7dd4cf12877e4520340f0b9d4c7a89d0ed617306
SHA512 782520d3666595015030ec8dc6121ec79b4710ec24571f01fc9a90cd5e366e71b8d3094a52f66c0e4dfc5634b099290b3111cf05e48662dc60f8dfe036addb7b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 718c3ebafef626e99f89c22447c5a0a0
SHA1 f4d6bb35e6eec4a702247b7f62d9772b69b477b1
SHA256 529d7161c447d710598f7aebe363374f3d403e22ad3cd8550dea993ad0a9751d
SHA512 2fb4a1496e6adc2dddc5704153f483d693a8ea5b5350d7dfd8eb2e8210edd136d1014b7a4f430fe8da103a4c279299771e525c5d4df0134a2f14042c7efb8572

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3e55887aeeaa96ba54c6b426e8d9895b
SHA1 414854b2b3b9b560323ce7f7fd8726489e083107
SHA256 13e246935c5b28f0055ff62ef341f3d3be6c3b029ab8253910db9dedfdc7b3c6
SHA512 5a75f9b23a36c47da8e9ffaf8d30936e1b7fdad57222c005dde72d5bf40b882a11106cfe0550c1b03b9a240416632f27f2c3822f17da16fa6749d797b759a83f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d5bba3e3e9567bbd291b33a7729e88e4
SHA1 f3cd716e66e5a6cce1a5a8435327ab269b2b3b00
SHA256 315b8d30941a1d328366b427d359bb7fa28fc296d95ba0c974d99c7742f358f1
SHA512 b2103db3a8775694c557cbd03628174c2674438a6b45c893835df764258644cf4c84d70a417cb28c27baa771bb6c38de697847d5daeeb059f9875ed08e82e3a6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e25e1980b2c0f8308bf33e7e3fb4d88c
SHA1 f053a23d3d95c0cff029928f092927c38743a6f1
SHA256 85584c9cebf02ff8b2a6a3abad5f73477fb997532ae615242115867382d2edb4
SHA512 76021fa3ffbc1fbba71bd9b723e76730c16059fc28159c06905242c25af99fd142fa4e2903641809a14335eef9e79f3c9fdc2e5d9986ce4a0966007726cdc6f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 24a618e5d67b27b32c4dfb1fc87a1f65
SHA1 d223c0d0bc629ee621983ac12f34c63660c8a41c
SHA256 eed253d95cef34deb8ce245bd619e85e094530936f863472b6eed2b6d301b1aa
SHA512 424953b1aa40dd3e1fdc7acacd2daf3ae42161ad1dc9b1432d4d1bcab78767c9214ccbaf055e445c19d689d415e398523f51327e1e40d40a30f1163109f55a2a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 d72a39c34ef96ea65ef518ba82859928
SHA1 7a7342c908404ac94642648f660ee6fbd3cac7b1
SHA256 56ac0b327711f99d02bffb227c6b4b6aa9bb04a9b0aef7738fd50b55b52e581d
SHA512 57543092905e98dc7ce97f68e87d4ad711e0c3587f5289d86fa818fca07cd302cf5a63a586c44def2d1d961b849b3e17dcb24168d8bd5d5cc9e2f257fe522757

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 41d207b740bad1904b1976cc21b78057
SHA1 6aeb76db62a590b32b8ffd6471ddd6db2cba6113
SHA256 8a80794a72ca5021e9ccbda41b4d03ae2cd10648d03b1eeb50a8af4dba49a712
SHA512 79097a068a319b7cd953c71623ff09b22dd812541f612b0496248bcf657a05751a7fda73b8c9b7784d364c287f3c416d6a98b8f5e3c2c2278f5ed648a327cf9f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c4154c13451eaa54727e5c3297359191
SHA1 c76e3ee0b192f2481a809bc2401a950894fa7585
SHA256 02c731b49375c332b7a0df13a7c6409da7bce9b6e6ab6d7e64874fcec45aa122
SHA512 b43925398d375b7a80eb691890c8520c7b6f9d30510061de2e14224675b1ab189b0a97abe3bcb75e1e6af9a667158ee81b4ceed26f2e02584228a2f4eb64d223

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 80b1712247b9a0052963b71752c3ec49
SHA1 a9985b1f4f3da783c4cf474d5ff693010a3ad5b5
SHA256 27edad115433c19101d4448514628d64ebe8227dc27a7401c820b2e3e88f05b0
SHA512 ec5296d7aed7000ca7e5288d1fa38adbc7ed3d6c8de98a52bc031671f577511589630653efab384af15761decbc890cae57d8fae059f96594cf5d4606191063e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0a41a97080b262ab97377adafef74e71
SHA1 27a1b930a4e41e3a71accf5a8d06908fcba54786
SHA256 8996ab843a82276aaee314d482b6d6535b61ca3d32bcd8e2a23f3e7391a51f4b
SHA512 5c4631d1e6f2d6441f4647f4b44db9e4464f9ff76231b607fc45520db5d25decae1f21da89166743e863dbfad298d79b47267b72d8c47a15801ef991b7123b4d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 176e0ee5bb675378fe2a906cf37c0358
SHA1 a25a55ff163fe704fc61653e613922f0f468cdd9
SHA256 1d0410c7576082458664722143247f8bb8560556435c0ca2e729ff3941c45e97
SHA512 2df819949f459fd16f8a9cb010cc3049d03d1077cffb741913a71c809ade82f8ab76d9fa1f88bbb6f8133d537af5b278eb265e1987f9e292b6a7b21afbaea3a7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 8c85220c966399da82e78e92882476f1
SHA1 1c4b86dc9d6155ae93c8ce7a4f6e27717b208feb
SHA256 edda15dadf96037d7acc37e0c431ad307dd0d74f91be93f6d7e130b5924ead06
SHA512 5860b83cf2528ce55de695eebe1f649970088f266c774145a6ad0b77b72e6a60da371b42021e61c8c74d16224e74df247bd0a53c9e8b39d240834d6502004ae1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b06e714b1c8d028b343390a3aae1a8b9
SHA1 6c3fd9240e8e49aee4a77e97e477a546bbfa2e18
SHA256 f071808aa03f25380569288f64f19e5cc8abb6156e1908d6f466dc0efdc8786e
SHA512 af4d6af9c902acd45d0ea7c1813d31359062870d2cee1359a3b3cad5667906a6de55957096590da04e66aa90577dc283cdfda0e1913e7f386dcd6b7ef17f3d1c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0790bb852a4bc1d91fd63dd0c3d0eda7
SHA1 46f1ebd917cdf168052c31cd7d6dac5d01c3b34a
SHA256 ed75f71a8a39f038af5c060777f5219e920019715381d002fa282676c865df65
SHA512 111bf07cd107039c86a8e761f62951728b364025c3d1c85f89fe1b6cb41d8532da358fcc35f34a136c977bd29c9d6be20d01724bd0feef2d23aa11abd1577e69