Malware Analysis Report

2025-01-18 20:39

Sample ID 241206-kxgmzszkdz
Target cc21a1139f4c776eadf232306d5aa684_JaffaCakes118
SHA256 2e3926f66c4ed325d3145915efab797e44ad0f58acc291c30637a5267ea615c4
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2e3926f66c4ed325d3145915efab797e44ad0f58acc291c30637a5267ea615c4

Threat Level: Known bad

The file cc21a1139f4c776eadf232306d5aa684_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2187) files with added filename extension

Renames multiple (2198) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 08:58

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-06 08:58

Reported

2024-12-06 09:01

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe"

Signatures

Renames multiple (2187) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_9cb7ddc26e30b52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mssmbios.inf_amd64_9fc7fe03de136fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\errdev.inf_amd64_616c5168a5b1807a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MediumTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1113_20x20x32.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_24x24x32.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\MediumTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Success.jpg C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCacheMini.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\NoiseAsset_256X256_PNG.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\MapDarkTheme.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_10.0.19041.1_de-de_7594eaa00ca16e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_de-de_c09cd8c6afd3a910\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_10.0.19041.746_none_3fa22ede0412c9dc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_7945ea6f95e8be0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_10.0.19041.1_de-de_0ba741680574d7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershell.isecommon_31bf3856ad364e35_10.0.19041.1_none_7986cb74735a5972\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_presentationframework.resources_31bf3856ad364e35_10.0.19041.1_it-it_49736e1b71d3c599\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.868_none_cb09f56af1e015a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..guard-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_5366fa046e1e08f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmicvdev_31bf3856ad364e35_10.0.19041.928_none_ae8ce890d40187bf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-heif-image-codec_31bf3856ad364e35_10.0.19041.1023_none_44a703b11bcb0d0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.19041.1_es-es_004ba6ca9ba3d973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_10.0.19041.1_it-it_5be14f7aca824a8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Speech_OneCore\Engines\TTS\ja-JP\NUSData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_net44amd.inf_31bf3856ad364e35_10.0.19041.1_none_6e2116dc714fa3ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-angle_31bf3856ad364e35_10.0.19041.1_none_23f192ec1e5d7b7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_10.0.19041.1_en-us_cb74d99bb7df4056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host-api_31bf3856ad364e35_10.0.19041.264_none_4280a67eab38aa04\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_10.0.19041.1_none_ca06756e0bc5cf3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmomrn3.inf_31bf3856ad364e35_10.0.19041.1_none_213e826732487758\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ncredentialprovider_31bf3856ad364e35_10.0.19041.1202_none_dfbb9429d8183336\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f26c7822f88d3a15\OOBE_HELP_Opt_in_Details.htm C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..predictionengine.it_31bf3856ad364e35_10.0.19041.1_none_b133a76d6871b2fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.entity_b77a5c561934e089_4.0.15805.0_none_80564c5fe7491d97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_af63b27bca98ff02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\SQL\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_69b309d41ccf04b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.csharp_b03f5f7f11d50a3a_4.0.15805.0_none_9a8ac6d5a05b610c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ts_generic.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_69b5d15a6d621985\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..nosticsframeworkapi_31bf3856ad364e35_10.0.19041.746_none_133fa5a93e4dd152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_40d879163987eb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_10.0.19041.1_none_ed4b5288adf7256c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devinst-adm_31bf3856ad364e35_10.0.19041.1151_none_b93699880b67baf8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..siondynamicbinaries_31bf3856ad364e35_10.0.19041.1_none_48565f3303827ea8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.1_none_3d7b71d6eaed1946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.546_none_db62bf93e8bec58c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.ink.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7a86e398cee91ce6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\LocationIcon.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1288_none_380fca96841747d4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a3a54d1c0d022e4ccf266b954fe01230\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a58f624dc1cda61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.19041.1_none_6bc16a6f427aef04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..t-winproviders-appx_31bf3856ad364e35_10.0.19041.264_none_2596ddec0ad7c9f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b6aca5bb512b8ce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_2032b6420f5c4271\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.546_none_a9ac4cc29056cfd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-xamltilerender_31bf3856ad364e35_10.0.19041.746_none_3adb7004c4fdba03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.19041.546_none_93b4a0a1641d085c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-timeout.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a7fbcdbf03048d2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_10.0.19041.746_none_f71218d1476fc977\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bits-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_76ecf369c7273cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-client-li..sing-platform-winrt_31bf3856ad364e35_10.0.19041.789_none_5f8bb3cb3ae1cbf3\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..management-omadmprc_31bf3856ad364e35_10.0.19041.844_none_93c03ca99a47dc8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.906_none_f36be4be6840e032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_nl-nl_348ed0341bb1fbff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZLRXOYDNWSCIXAP" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe,0" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 218.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 161.203.100.95.in-addr.arpa udp
US 8.8.8.8:53 201.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9056132bfc4ca05f70082f3c57f0a6d7
SHA1 89bfd3ba45277e6b91e810af623708efd61a1961
SHA256 6b27dad9a0384d693b4e73fe60523abcda625f0a80ca152c576aef4b6da31e16
SHA512 677dff65c9f7c607b53484c7a075ce6f7a8c291b3ec2412841189cb828fefde2db7ccb46c7d775bfd075e1a6d35c0feec86385fe2d5c7d067e96f9f6a8c9fe30

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2dc6275ca92561465ec5c28619025efa
SHA1 78cd93223a27b1dfd9b81cc6c513c99eea39b8ad
SHA256 7de4d9dfa352b3f04bca35278caea3d826506e22b286c257d2d63202adfacc17
SHA512 d3d41628dfee0651cf7f04e98a21988c1a6224ddc7c98b9303c1a875c2f5eb22be579335d00082bbf2f2dfc7f365e5956c4f6e9ba881260710244aa557f8c29e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 8742500a4774ddab52ffb305598bb9d6
SHA1 c4c2bc701f1efff065619347b2aa82f8c92639d4
SHA256 209bf9b8535d2d2e9e28a7cbe215f799f5a77b9dab3876717b6d1ce835f77cd6
SHA512 69e10d173ac8af07adf678071825dcd82d1621ad862df6f67cbaf6cdb767c98461f70c3694105afe23728b8002c430757bafa4bca6a3bca131e4acc61e08dbe3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8c0a9cb5b750a9f1d2395c635feda2e4
SHA1 e265e7f68dbc3d95eab348b4b99012c9e6fca44f
SHA256 a542f6761562b75d0012af7e0282e4aead71792b5977625490e59c730357c1e3
SHA512 9858a93a30208a5e44046837a1f15afbc413256411ab21ab544461a75909bed2dfee12e59f941f7607230665631d86e2e6b6e0dee6fc4f4d175a5570a45161bc

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 4d9448aba701f4469cdc748a3ad74011
SHA1 35dee436c26cb91a5168c43ce72d5b5ceb49f706
SHA256 403f0dcb8b2dd5c137920e722664d75594ba1c6f2e5a9d9b182b684efcfbae88
SHA512 719db05f18ec9faa785b99b26bc497d6b26b4eaaea20cbd554e9d7163e06af1d1ebac6ee7b49edb2df2ebfac69df3d560ffce3408778a5201ad59048bfd95b75

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 ef1774b622a254503508e6d52e567b6d
SHA1 f9661a2ab90c2a44799be7f36d234db1acf30e8d
SHA256 9519bd1034976702e6fecba0214aac69be216494149e72fae382db7b1d2f983e
SHA512 cebfa6dc7be2e34cef38b47cdc1ee69068dcfcc9a9021bc705f4d2f902e9b7ac36f945c4367980097eb3e2525f93f971464101caa2b62df16c05a8f664756f3d

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 17e660bc5ed7c4d5fa37f84b27c35e9d
SHA1 24f35faf9128fca18bb60685db10f211e3334deb
SHA256 03d44446773561b3f7a8689d06aa28038ff71d6099bd0d70d87076c21df5edea
SHA512 e0422fed618aba4ccbdc0b7bbe78abd2aaa523ee1f25d85a29e8d9951d6a5d63f3c926939ed975867e14d2af2b1bfc18049cd44b5fd1a6bc6769532f45c767ee

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2c98a9c0fb69cb0a3d26420232a2e8b8
SHA1 4c87ed3d8e2f11136e74e4e93d80f85160bb25db
SHA256 c117303bc291f1a2e88153852f8af67eb63ec3467bf2e6d772d06d04ecf39d0e
SHA512 682c02a73346089e7c0dab35c934ee7b3bd900bc2252efa9f1b710ba91f8527fc0a4007302b27c65df624b6189c24e8ceb56443f89fa4e47a23ac7c09cfdbd2f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 5ebef559c543c80135623ac5fd4b0700
SHA1 5dde4b1cddddec76e6d6c93ddb8477afbc5e06ee
SHA256 09341363a8b8879f7803d735e98878303386da24b39800233b8d605bee351dcd
SHA512 69b2063a5f589844d8bbe6fd65a92db794b2dd973d57110064b175503fb12c3df503793b9fbbc2b72a6eabe201191204050fe8b57bd392e18d04d7d64907ed0a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0ed05172132ed6e49cb651ac3d3a36fc
SHA1 49d8d3b38d40dfc5dba3db5a7ca7635d04a713eb
SHA256 ded15b7aff02c3af6093ed6f0ecbd228b0ef2707e9c3abd269ac68a0fd243573
SHA512 77f8271592d2c32bcd3c0bcd485e27d15078de7332c3b0dae9afd2b83a4b11dd0c6da7bca54a791f46bd1e416e7b2ebc2badbfe6062c0aae0dc84a8cbd6e8efc

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ca67fc173763025495e50acf10c660c6
SHA1 149f5e62e2534976573e404e57b869cc9e13bda2
SHA256 5604deffb2bd5a284e7891581ff62458423f9855ccb5e4843227f0f7d778f124
SHA512 aebca0489a00699bcf184399a0c5fe9ffaedf8f95dfe16c004ce3689b1ba21fc28cc65959d55c075f07e23bc1bc4eed5d3f62d8d6396d73561157643f49fbd09

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 31f77db23abab590e3aabcb1f9ea8e55
SHA1 e71340f2fff6562fefe1445b4e7f2f336abef956
SHA256 53c814c604fe8187f886c0479965b14027b11ee24707b5e4b94b4e6aa37cbabe
SHA512 7f98a3cb6e43b520739dea33e414546c259a9fe1b3e7f79737a33d377b9a35edb366af1d18fd7939440649587bc6aad1d1eb2c7926c1c5a61519954b448fba4a

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 1bd483ba0a5551f15fdae398ecb9eef5
SHA1 87ea23b2f6e472c8be2b8da1353db62693183b31
SHA256 9cb82162dd5855aecad053d1455ff0ce5e627ea02d4843b0ba0f2a1f02f743b1
SHA512 4fa19de0d6e83260277915ddd19380c6d215ccdc90b4222a4c796f014aa5e2246172778f7ec958647d957630bf5d98674c64e49b2b2cb0d7925ee0d021a8445c

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 082dea259e9cc40e7b39ad28491a7bf6
SHA1 ca299740c883c13ece45b982bd95610867ea5933
SHA256 2d88bde209d7c86e4ca71334320b66650d6908035efadfea984cfa918994ed4c
SHA512 7f738ec2c955c9a595bc34f5f1b8539cb138ae9f6a98780a5adf8336c05a01ea07abee4e6ca7f90bc1b6300494827d2da06ad5ad0ced4e62e00250797acf6f02

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 01dca0c5076a1f02465f5a817a2a4b39
SHA1 f252794dc3915528cac6af16295de61afabc477d
SHA256 116636f5fd65c1c70bb3229e86cdbd4ed9d728a27a0929e8af374c977c35e81e
SHA512 d0b59116e16efede7ca597ecafb4e1898624c1141dc7d7a9b7a22154b5530b083cb4a956d78762b9117e657190fe179b9a5750d1ca4b3b17e7bc3f273ba96d24

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f2a969d5fd30389467f61a22b3b04e93
SHA1 4eb0be67a90e989c3620f6d9bdc42c234015daee
SHA256 d3423ce367e72acba7f587d50f4195184bafec1476b94a30a8d280e7749bb6d2
SHA512 f4f7e170f072612d3f428b512b823575626b47ceccfb125fd50a5d68a1cfd3ced3977a33db703378b54709fe7fc4ca6b918df6d0d927f2b275f828d57899504e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b9cbaa37a7bff88a9b1b138848751b56
SHA1 6ecf60d3704b913bef63492c146cb5a3e8674b33
SHA256 e7af1638580d95fa7367cdce117b0f10f088abfe4f80f91f48373bc3ac779d3a
SHA512 754efbfb6fbcece753eeacf89c53b0a354e0dbad3fca871dc87ce2e1cedd74922cec6e1f0bce4d40e27e02d2b3ef445788149b79639915697cada9149fe4834e

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f005b07436c36dad525a40e44585c3c6
SHA1 887868a4148fc7fc070118ca39191e9d4f191e85
SHA256 a4ed4517c26fe812d5fd46d2ba65e9e4a796f152a5b78cbfc24f0a93e772ce12
SHA512 c4456b6d5984a82e0d8148782d2b57bf7953a2e4c4da58bc7b3d6291b5731b99f23395d74f0482f01362e97f802d2114e21ffc8e23a335af2c6ccdf61f4373ae

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 2d08339e5552cc27e9bbdf0efa1a412e
SHA1 cd5465db2cbe69528c0d53138bc2026cb5de64c4
SHA256 c3b7f2ae3a539e3d8b2556cfdc4c904078285d473398b06470d2228f372c8762
SHA512 2fcca4566c19763fea9c8a5914ff9e6df2d558c8c4aee42ebcfa5fa29e8657ebfa6ea4a99779d0d9226a73f87e64c756c71a035a651c213aea659d23781e558b

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 f0361159bfaa3eb101ba81c026313569
SHA1 5df06bc6f521e7e529b798c266e0398c14735ecd
SHA256 38de9b6d3c82548cb141ac866913034fcf1897098a2c41106b92d1dc8d2eca3b
SHA512 9b19b2846d614c9a199a9b67cae843b75f107bc4fb08bf37433adf3945099e931c74d5351b45e91695022e72123cb303ba75084216e08e6e7eb8ca4d171b4d72

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 debe0ad1bbc7eeb6f27dabd84229ecef
SHA1 9d2e552277f35d742fdff94fca15d10cbdf6bbc8
SHA256 929ae7b0c60f8982ce2af2934deb1ce65412706742aaa4b6ea7fefe098aa5ab3
SHA512 9e1247a34360f135bff09bb74378c70475a271a1592190b2ee1ed5f510e7e0f9f9c253832cf3edcb1040d204e68855727addf14bf78e1f6c1e314c0d3ad85576

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 27912a5b9da4e915f81a7422c71f55db
SHA1 d096f3511ff8f11a62b21b3b612e4b653672dfa1
SHA256 cdc1463d9f32eefccd401bcf7361fa9fb86c5016bc75b58cef0a1167b056d985
SHA512 28326d01791a5737d0f95e581b2c945c30d82dd56dd523ce1eb6c369e517a73b7d5fe4419665e7e259f6e807c1be5cb6d27a288b0a4d62635f9d35df7d61036d

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 c55a0025d1b07029ba641f1f403c7e8e
SHA1 f3fdb7f3e9ebcd12b110da8cb84aacc886b915ab
SHA256 d805db307a7c5699516481515756797e5f20eba0b900929d637afe4f5c19db4a
SHA512 3bf8dbea040ba72e7ec82aa7a56eb6d1b98dcc717e9dd0e7bc2f8d1c7d257a27da49fd42807544b9a17f93e41103e8a4d2067d095efeff6f6ae0d54303ebcdd6

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 d123db56ab1c31d94d1a41751e78c4ae
SHA1 06815b946876e4a8224166714b32790dd2603894
SHA256 0d191313f5f4d4142a1cb40c8c7657baca1c157ac98d03d3ef67e9eb6c01bb2c
SHA512 291ea3aa463afc7e8ad169c86f0cfd642953d63a6950be3953230751ce0399d12c3682e2bd45288f5db94a6504da68ad417eec6f1b466cedae42f0fefdbe40ce

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 096fdfd343e404a0b0b9785b8433df64
SHA1 407e635eef886b77caeed7648127e0fe7a9a0e29
SHA256 684340a09c51f8348064d2ea78b7a5d33fd453b7e5495c22159ab1114a8a8e67
SHA512 86675123bdf918e0463926b59074ade29cf603e78c69d42c502948e5cc76f72588f45223b3582c6dbd12bc0cebe927d4c7665c526419210730b65c4bab070c0a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e313e660755104d05481689cbcfa9a31
SHA1 5e46a78220ac2b73edc35856a59c1402586b5a9c
SHA256 0e07a22f60af8f1e556a0c4d681b8b9f6cc625dcd79c687127b021daebe684c9
SHA512 8dd4a69f1cfdca34587160d71e584a7e7e1e3f416f5ae117783fe64b666f76b7f3de5171f55bf77df3181fade10cb71061442ccb22d31ed10f09dd5018e8a791

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 190fde426682e6191c2266b20bc66278
SHA1 662c968fd29fdae3d4e521d2ff67607b54ce281a
SHA256 0724e37d064ed7b3035006a5d34824ddd1820e68ca2069d223de64bd59856f28
SHA512 3bd42b258b50a47657b4335060f90f24526b5becb60fdfe4ecfea28bd68d1e581bfb2456c63d92e6b9881799a8e3e7c82582fcb6525fa38b4a192ec7c280102d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 17c5452d17ec7bd17a251ff2f7adce68
SHA1 d4bf673c671c73bf5ff92236517a9bb83fd9046a
SHA256 aea7dda7a2e39435a3f55fd6f10469aa422860d7e02f00226c3b9d73d2a403a0
SHA512 0900161bb19bc8104e035c29b5c911f73a226cbaa48fe952f7dea41ca0511bf0f56b7640691678b007b995c4ef8732bb60d0964e37d02bf7ab2de1d7c1209da0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 fca564b49d20df355f04467eb8f738fc
SHA1 7c9f3b553c8c34a14586ea8d5535bea9259a080e
SHA256 8d0cce5c1a263f4fdf723978b2b8fa34ff46c34b83ec383e955ba60433627c41
SHA512 9b202fac9b03e05d46dce2c384a4802b4733bafc567ac3640c9a76d302cbbc0c7150544dbef34e637458aecad6c90e360336402097551e4492b7ad7b62b57fc0

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 4f49d20f36ea44dde99438e185c363f6
SHA1 b0215c20afc510ea473de137e8e19b7549905967
SHA256 29078c3b3fbc1764cdb387831e9eb9239d5008a32e621ee62cbc7398b35b42fa
SHA512 930ffd894913a59dcd52bdf324f6ff61a9312513ab4639bf2f80aea83e1b262b844783684cf16da16966c043853e3b4221b055075c1c6354a521fb1b65192da7

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c43aa7aa7a54784a97d72de350bee74b
SHA1 181695cc236112b7ce91a105bf1c827471e4e3f2
SHA256 eb68b5e94537af3e6066c629af56def5f74b8182582fe14d31ede8f1313ea59c
SHA512 f27dc2ed109f118610d6a50fcc229bd7e6a64ba1ea7a8543eefe330de31eef3e340f5d1cff579ecb44797f9b39ac75ce4a1d5e7fcecd645f3c0fbbfb5a32c02a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 9c8fb54dc2ed45e06241e81ce48c877d
SHA1 7dcb68303b7dc904b1662aaedf6617202a1b4296
SHA256 f52d4099f144077d84be0b32562882ce327c921778bf25ccc5cbff054c0e8a2a
SHA512 eb73c59a0fb723269e592079a54b1ecd5abe2cd1233fe9bb4c57c37664cf090bae84ab1a5c7e3a95cb6f1583b97087c96ff956cee5519a66acfd73feb037f11c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c298a1d76976e94c69eda4b86cb2dbb7
SHA1 475224894193426e0dd2eef326ddb695a8a7b819
SHA256 4c2b8973ce3e503847d136040b03fb87a5cc3ee0987f5ce60d0eaa49eccd79ef
SHA512 004caca920135ab3b93dea05465ae1bcd4a7aa1f5a0822fa33748de33dc4b8a406c01bf0007514e024d56924a9346fce79563d4c7dc1d2860fac800b4b7735b8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 6a22ecaa7e3770f32b5ae0102e8e6e49
SHA1 f45ac65f11824c761ac610d33129bbba69a31c79
SHA256 52c379946dab18d02e1bb3486ab61713414ea1be9dab4273b39ef93c5da3763f
SHA512 e5847ba414c3a67edf235760cf52a89090d10872efc9f663864a1f78d3226c51662c924c738a346fd48546d6089ecb164ddf837f6c1975530d0fb36ed4d4ce3f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 561a840d5c5d2fb972c3046f53de12e2
SHA1 340e79c65e13261d98dadaf716bd3a64c0af78b2
SHA256 029577fa75ce3c46747887fbf7b8e5604def41204a6ad1a78bd83c3682d79b33
SHA512 ee3ee1a0ba1786a30ecff17002214b021531a2e05d4519d1d3e1ff4209a6f28751a78463c76e266f9cb7ab44c7591e6f038846fd1a5d0a264487222f7e69d82d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 31246dd8aeff4c63e6aba961444b8337
SHA1 473c61dad023069ce2d6737a8e76783bfd845d6b
SHA256 466a51cdf28733c8cab869ea9c153ed1bf25fb3506f5decbda15a03d0165b988
SHA512 39880640acc07ab96425e92f6777299e92911c39b7f17b97a9c5af263a309c15110d541dae55ce800b8d93adc478961db1f3bf147eeafcaf296e3777670f148e

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 f4038c18ea09605b3514adae41be372a
SHA1 38ab56f9af421d7954ef79d76d5597a9cb13624e
SHA256 b5ec1a79f5116538f0714ef642697494e66577bbf16b7302663efc9597a74ca6
SHA512 96d16dc837251e774feb2024d56513fe4a883ee5a0ca8e3c549b88948f9532238e40670ba8e2b471011943c9b5e6c97d63cc0a381af5bc4399387b2967c6ba62

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 525d4af1ce6439f1d65fdd050a2698d2
SHA1 c1236f9f3b8ba20011ca51fa9f032810c958dff3
SHA256 4cfb3fe801fa496c8be7429d79c4eaa9634f5c266f16cd52923ae5340b0bfd94
SHA512 7f042cd6a838ad3d38444a0616699785d82342dac6ce1d4c12d9033e156247a6b1586a9fad38984ca48daa6e56b0a7334c5e143c8114496f22fd728fd126071c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 01deeabd3dd26d2b9d6de9b39ab7ef58
SHA1 631ce3f26c0b721d2fbbbf55591a970028b58a6f
SHA256 b93a985193127084c5f93a98b466c04d1877015571ff907976b24b65125fe7cd
SHA512 204d72d163ad6ec2e579fad25fe3f2358fe53ced5cdfa8858efb630349eea542a6c6751d9917bdc11cb513862a783abd934debeee4fc04581e8ea7f2265a8d34

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 cd2c1f746c73817214867eedfb05ed2a
SHA1 72d417a92e370275a008cb24fea8641d642f08f8
SHA256 2fbf45567964fb75d992ab5119caca0cdcd9ffe127ecd35b556a30b441a2038a
SHA512 8090b667823be869eea15a1d840d66c8f258473f6c8ce99cd4487d593c6faddae7d0e3ec1d64c74b2b2b343ab154360aa86692006fc8c39c2a419897834dee8a

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 1100b6dfab3648c96f2087d148604488
SHA1 bded89f61aa1d8e5b25452d2966aaa1b2e6ec8fc
SHA256 6c4833430bf3546724bb667174581945bae171e8bd11eb8848bbae319b935e78
SHA512 1bbecb5e0a3b8b7e1dee924b6ff5663c4d4ae837453e0b9bf9cb90186f3dc362095ffcef62069d51d638fb4b656fb1c1f1880d7b5d3cf02822814bb009aca361

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 0cc0c4d9cee706adb4f31097fe3bb257
SHA1 0ce25e6f8dcf5aaa8c997a730d85aa736044f75d
SHA256 d01fcc0dcb20be438f6e56d3cfcfb4a27d79bf069777727031014688e69fda70
SHA512 1edce8c3879d27790112cd4afec396f540390b83e9cea79b7d9ab2d03baff71b1772935f950ec50d4bf539c3aa61c0b2c4bd2bcead8ec6a8aaea2f006744562c

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 522b89a8a988c9c0fa39a21e8ff244ee
SHA1 ae812cdbb3b06314e2326e75319e19ab508b5875
SHA256 765a7ccc064516eb8d6be7a2d5266da1661b35376a0179744fe052f141d2961c
SHA512 4dbba8576ba37522b20758ecc7efb061f5503e26bdd34790789effaac8b5067a59ad7bfeacc0e2b09333615525ae46532b031d307163c1dab364f4f17600b69a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0f5842f24d5def6752c6d1256a559c9f
SHA1 5b98c3f97651ba991ac2f6fe925744774dd30a58
SHA256 329a384dfd9946a9bd7dbcb22da263b15755f5da4e463a2efd4c34a6c7611955
SHA512 20b183027f39b96208dc17f4866a874c9935a766e30fc32da08278c9a656ab5f787ae53ea9c8c01177c4da5e4dc35b3776601f2e579270450655e5a1e99f7d7a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 f41002d23ab59f6a70048bf9fcc78c52
SHA1 136179170f89c41fee958ca67089d6214b453a44
SHA256 474626b21e917b01f9c36975cafb2f226ad7fdb7f99e6cbb7138b3b935243106
SHA512 29933ac2f7c9c89b9c1e09a0d6562d5139e07990be134b99909860caa01e8399cfd920177962f7b3f31edd1a72745f9bf508ca77570f8ec87dc5ac588865c680

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0e94c39525848e4b86d7dffbb0cf661f
SHA1 ae84fd8ba8ab7856c250b2c57115c1f1d413012b
SHA256 0745c380080ec1c43c97cc15ac68d6bee17662e75fe763c76823f0fa9cd238a0
SHA512 695dcec48beafec6cf03b7619d80fd2797d840aa40db7de4b3a01dde8b4e58b9e6d1dc2477f04dd22d589342920e1570f77118ce7ab61efe05e28cae4e85da73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 f58e11b28fb47f2974c70477bd6e0172
SHA1 2a41c5357faf5597edd82dad3bb7193f2ccedeff
SHA256 20e7c4bb6875959f8904b398be3009c93c4b518e8da7d9f25642b7341a3a5f51
SHA512 75d28cbef12f75b1c7a4529e40218071f22da814c3460f04d9aa5df7b00a3be3fd3796182343fd00fd88658e002386d983cf6745f65c1d1d8635f9f3d7c85e24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 75e5c1eef99300c43b1251a926646780
SHA1 e37815c58dd2909f14fc6d7be8ad971eabe80677
SHA256 0691a9f1dce9d64f484c9e1c9c2745a29d770ee1267b35d7a7e7878cbb3fd891
SHA512 ae9dae338b5fff44c3e898587f3071619b966ceb59404a0db91b113ae1e644c597e8a2c0c61237bd7171e980121e6763962d8db52f86606f6b7976e2d5a111cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 47f17b6b83d994f2539f3a741efeac35
SHA1 780e489400e72ba1731ff1e3f80eeac249ba3c14
SHA256 8c90f1e8bc44040823997a26bcb11402133c3ededa7ece40e4147bb3696f1577
SHA512 2967b0c14a94b3a0d3ddb71a0377892cb629727bd4b4b35b180264c0d7ccd97fe455b5be77ba70d71b2ff681d2946802e8632b62673adb2819e61cce6eff5de0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 2146abbf2628d0e49e977bcd77ddd5a8
SHA1 d2e0c3a15a75b6f4e0d71f38a521ac9c0ce16d5f
SHA256 56e88635c4e401b72256e67d1046a5a3a4390debaae02769efb0d9335cda7293
SHA512 df070df91810991d8ee7e0e3e117390cb5c00ead0ba49282c287db1b4e7dcc4525509098d7b62f4a7f7b08c563fa99459a1f5218b03a7403474b2d9232088cd4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 bd2f369cae4cfc52059096488c38e6f1
SHA1 1ab2ba316f501b60a17473fbd0f2eb9646bf120f
SHA256 e10ae5dc1a28f86ce45399b2c106e337952584863be8deb4558b58c695fb2a9f
SHA512 a214bcd6a4a988efaa5066c459af5687699037c0dfc0d25c2fd758b3bd0aae121c663055841682e4a8ee77e76169ceb2012766d06d80809d58576d8761d162ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 d4616fcd0cfca5fde4a165b2ce227888
SHA1 288a75c2fe0ace47d7413900a935e3cda2c3f17b
SHA256 9dc46322f1e216430ee88092d397ab809bfc2e1fce310d086ee403235a9cbfbb
SHA512 acf4b143b93de806c5cac55ee93302e731ca40e20670cb0e59fe66b6b09c1f9e67d96e3dbe6214476e1be425da6d9fab9118d6c3d7e53ed3b65adc73d49c1c68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 22765851cc6a127d69b467601e2b9249
SHA1 a81425a494242af70a0e4075ec43f6294de00e91
SHA256 076a77827e9f29c847120f76b69a2b3f63acc730a01bbc747ec818ec235e5420
SHA512 04b194201a2380b926560a562f7e007e681395bb5756217b80cb264251473a5b070acfd53a08418d1d35b986997a2647f6a043895c2deab081a18f60e96bf41b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 04f21057318aaa4357ca2c44a1f1129c
SHA1 589d62f2b7b654f67631f874bed6c31a0e832d7c
SHA256 e70c75ef083eeebcd02d8b4bf3cf95940512c18c9fbc3dc6f5f29a1fc0197e70
SHA512 e7edd3f48cf322d27420cdac64061a56bb355ce4ac781b45d4e0ecec945325762593579e117c3890dd0ac373ce355b47ac2ff540370036caf6a63476a309e8c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 3d02707352fa3f0b288c9d69bf59063c
SHA1 e0b71bc3dada5daadb90e67a8b869ab539c047bb
SHA256 bcf284da8f0b4493421f4d4b1c1d753cc96f88da95d4cf47bbefbaf6e7ecdd1f
SHA512 2f525850c8b7ae037cfc9f5f6d84c7f860090ae025e796794bd3852cbb4f4148fb649a5f00a80a95c25ab12bb741719baec70e329a03f475803aea1452320c32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 99eab599b15a8dcd8f99b172d49a4529
SHA1 691a24af0a2fe9dfe4ba421f27f36eff5e6c8f1d
SHA256 06f02d51aa29853077c7bd3702b922f437074e23b8d362d40cc02460914c65d8
SHA512 a0c25c51a776945ab0b384a4fb137afece56bf5bbab790649c6cb69c352d2881ec60114386f79579292709b31156599653701f943a0a254866f0785a5318258b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 50eff94a67ed6d7e608baa0fce42c32b
SHA1 5068284817fd2cb62d9c17a1dc33863ee7663a54
SHA256 32fd314965093cc3be17084e289c4f2aabb10eb5648a17791654626c9a534cd0
SHA512 0510302c3eccd6e227a840896220e1988ae46cf28bdec5189c29fb0cacd3158e85317dc14b43a0e13b22c1890c65115a15fcad173045074f303735d8b04084fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 342eeb4bba78e8c1ed2835249c716dbe
SHA1 05e51b518f80e5adc7e01f5cbcc04f604ccd671a
SHA256 92bd722df11fe3a41c7532cdda2f524f77d1a924dc3208188730a4a17f625525
SHA512 fbf8c821563ee4791a934ab8ffb28457a3bf0905115731d6328b4631320113ebdb522ed868a403a0a68b43421c086a40408dffdc29e75a2c4f48a6c9e34df0e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 f3e3af1025175d8473e3f9f503462dab
SHA1 0c954e2d7c04011c09662e7228ec6fb2e921a028
SHA256 26f25419d360482e2fadc9180a19444b581cd0f81542a1e6389d456805593dae
SHA512 988b2cb6037b8da449eef573ecaf5ff7fee988361893359de22be96263c3b9ba6e60094ac37882ad8a5a0a6212b0fd99d019729b7ee7333069458c085927730c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a0f167bf5e8df44f17b81b8cca21c5a3
SHA1 628c6e0b8d625ca5d939506d2f8e166ec21d5bec
SHA256 58093d218a54c6850a8ac006329989cf8b5f52050bd1cb33bd2e769086b66531
SHA512 27e086ea7a32bdd4ac4697d40ba3c0db11265201b6017cd1bb2d8654180e1d21ce8d0e303de4f45787aadd0305f616eb19279fd12be6ff00353b5ea0d917b06b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a97634099d5816dfe3398315ec6ab30f
SHA1 68eb7b9a7fa86ffcfe4d1f26a900c09285cf8652
SHA256 97239701e3fb0586f5a801c0ff1d5d4f2b5ea8c3d7909b5b54a703653b4a97d9
SHA512 1deb0cd185be82465f67e4b4e21822f345a065442e88658a658bd1a2d4c08fa6e7d2d1bfb151e9974f38489ee86fd90c68c52ca88549c17cc2c098fbc70dc3a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 963945ebe039822a878f0592904d7ddd
SHA1 34351a8539df2a1aa0b264bfc06a4bb9af81c607
SHA256 1b84b4d99d0cc605684afc7609d7fb239a7b2998044bff937abdcb495e3a4a0f
SHA512 dcdbd2b3e8bb6d45ef1acbab72d9dd00fc0abd16b9c9555e21ee5c5dbcb833d978fbf3acebfc36c02c3bba1df5d6282827f4684b878aa6910f27e9fe70f1d5ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 585f03ce3f4e3774470f1794e026d99e
SHA1 a7de9c955cfd937ff04730c197536ecb67f05b0b
SHA256 321022f125fdd7620f96a3c0c65fa6004bdc89934494c3fdef878b2ce5a8d5ca
SHA512 4a0af887bb0fd489d7440597975411e13c8a167fa545c6c5f0e298d79860695140a35e15dc2fa3a85613f6dd1b69bed7f37ff05e67a60db3579489fa049fadf9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 12a326516bef544ed9ea703aec64961c
SHA1 13998c240232b2d5ae66ce117fd460c839bd1104
SHA256 e6c62603604a6a93a0ed4b4dca3fe81149246092478c1c78dbeac9fd61067df9
SHA512 7d8644682980524390a4efa74d528247acde8ee10cbccd3266225950678068ecdb81d2981bcede88154e0221ecb27db9e5b8a0f3f030cbadd3482e9f3eb2c1af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 58da77e459b0902a26976457e68a5075
SHA1 5ed398e1f4bff92ffbf04b4803518ca23684f245
SHA256 cd06880f522ecb720f28a645cd5a67fc982a360bc076b49ab176f712ed5465e4
SHA512 141f4a497d6094494d9430a3a4106544a0197ea3d4c312c991c98456d1baa45560bbe99c45659fae636efe76427fb384e59331765f204b1347ca298d71ad4cc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 83af1df504c9eaf688902140d8cfa34f
SHA1 04307560d742f1034ae0b3cbb7efccb42581ed20
SHA256 5f582f5bfc185d20057802ee77a45dad02fff9988f6ec3263c2abb99c1795b18
SHA512 de858d3762546f1afeb92223031273c074e8e4e008095837fcb2b9927cd07ebe2559fbf352f3341b7713d4ba46c93e537b16cdd5abb3e356cb80453b7ce3f401

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 6fad4b8676b3464709df64ff114fb081
SHA1 52b6bd82d70e8c28efa836e9204c8736b0dcb4ea
SHA256 2ae80e73323fe842e1027d325c1c236b27c01d13953d9b5090eff78fb001461a
SHA512 e7d53781498986df4653b1f5bf0d594ee33672efb81f57e06d14a0a96a498968e5bb0b21193eb2656b0ee778606d3272a0551a9cd94b82a43cdd477f1b15050f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 38aad7fd84c02936c9defeead8e1952e
SHA1 fa1b41ba905e7d4c1af73793b154799dbaec3fec
SHA256 7f8d376a0caaa955a0250148dcfb85ba6bd45d76c0dbbaea7914f7a8a619fdd2
SHA512 cd5a1f42ffc093cbb9b96bd81f9cdc44c3946726783f351ef988307d82b881788e3f23f7e5b036fbfa84eedcbfb27b9089ad24514d64e2f287f447562bfd904a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ade6f38b98e762b5504444c8f2f586dd
SHA1 3c6b5996b81aacb4548640b1e0180b9dc172fbd4
SHA256 9c9932eb332dc6c85b276e18dad87f564cd644f30bea4ac6b674f2015064959d
SHA512 38d2facb89a61c7f891ca5d5b45cee6fe572615d1a6b7f37accfec5b7030d05f695d026c518278328b16d9da134ce0ba1a79b4fc15da44c439dc6c911db54bb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 d1a6666c1adf57530767ea3c179f18fe
SHA1 f7388c89ef088a93049377222fe421f3db133d0c
SHA256 39a7a07fa91cf427ab79b665d8097f925f264ad84b11a604251ced511c83d89f
SHA512 2446b60496a03cc09ebe112f0e6adb845dd97a6342e6a32618866358ca57995a52a9590a3f47debed5e8bc29a5b6e3989d07be17df238614b03fc422db948344

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e84b4c2fc7f758d7482e579d41682ed6
SHA1 428c38fbb73b222da412c7e4452028f3fdd29552
SHA256 2581e20cb0c46ef7198d5fa783bf69de83f6fb691b8304467e52e1d583714730
SHA512 491723711fab60c0c1fbf6bf8674adf15b359daffb488608f1bbb842d6dd73de2620819ced109eba05b29ae03dc328fa48a644b964cc692c8a042f0d8b2210aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4da59f80b9052eafa2f720efb61845ef
SHA1 18a77821b2e5e1d68c295db597c70234b93521c4
SHA256 f60457556c6713c4f63d984c726432b92a30336bfd61349280a7bdd6282dc8c6
SHA512 abc4bf9717afe75f1c11ff97446a1d4cfc93e0dd91659171f56c10b4df0f3692427ffe915d69056b883b9a456b6c588386e4f27387174aaa360fd68b635206c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 701016b623b7dd6046164ca1cce3de94
SHA1 3a8548f49f4b116847f87f5f0b15f95db5030bee
SHA256 9032643735d247e96717be3a8f4be5dbc1521ba35c73a5c68300306dea562811
SHA512 b30f7780de10ac3c2c22d36ab8d7b4c997a2f67484015435385685e1ce4cdb5974e49dd922e574fc830c6d61df13ca5d4f013d710bfec88e71bec7d3e80c3875

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e30f8e0ca9a2f3418f402ad164db63fd
SHA1 eb060af1c3f33625ec5b39d858fe1f3777bd8c20
SHA256 7fbdc14e228498ab7e2b5243a2fec28f56d8b120dbc44f8456353fcf8bb97b6c
SHA512 e1366f3ef311d4142501b1600db9f0711343ebd62f0efdf1d0fd5ee3bc59f3c4a0871e523f0a27fc336f6b5148d9cd11313927ab4fc3da269234722326996f12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0b425450dd78bce0871a5cf60c9e2b06
SHA1 fd40e41f8cda1d242c0a00fea3575fa6ed13ee5e
SHA256 a79172f5e5e82be6bc994b00c1c1e20f4ff770a316ff06a082adef3e2789be59
SHA512 8a09c2dbcc12244ece264a4a0a4f6ec6a5343fd60260c61d0bb72522ea10bc6d66a0a44b085c87b12dbc43b4318e0fc03f467a0c3b8bb054142f520fe267de3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 3029045666a1ac671683fc78839302dd
SHA1 4587b17d71af8b966077104ede5ee3930894e88d
SHA256 b913d97743f5d2e0bf0f5090b72e9bcaa7de75d9bddd1c18db55d190b36563bd
SHA512 a4a3b16c5b4f40daf23e67e660e438caaea92835a5775cf520a1c858de8a631dcb94d06ad6269f1595d357ac30265a51de7c4663a02ae04e105b01475b30f0f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 243eb2cdd2a0d3f07707c54f4ba0cc76
SHA1 34933dca1e88ee28dc98f192c7557c329c657ac0
SHA256 11e733845272c49cf43d86b2e0d282c6a55dfc3e16327eb6f269d6a316367933
SHA512 54a8309e7ee80968450de43a631a54c4570914ffa7de154afdc6873a78d548563c8219baba6c6df2c56c4147c2add373940f76c9d6f72e12b27aff1451d0cd12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 32acc698f29c5d118f4c8ae14ca70d91
SHA1 48082c2d63496631c06083473ec38877867cb696
SHA256 1ca9b54da20d7df0afbb401621cd35a27cafb14effb77795c93eb32cbdb4de19
SHA512 e9f9662939a9e1b1167b241f4e4daf5a07fd14b1f45cfdb17528a98655fa078d66bb64944fc5189818d57739621a167282f40ee6258cb842395df2c5b35e0337

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 b52ad703a5c4de33c173d2ce814475a7
SHA1 2b93acc5d71e00480a19050b7d99f10d9745d860
SHA256 054f015ecfe4aba8db0585ba7aacfa8b7e6ca0b4cc6e1da67fffc4584307c778
SHA512 5823bf892bf765503694049a2a400fbde540f5c2efba8d03c909548cfe0a5ccbd77df821f74fbca54a87dbeabd37e7addfe1923eaac7bf92e40fac836b644192

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 32c907781d3882f33598d2082ef37aa1
SHA1 a0994136e771fdc650b7ad158b6291edff526304
SHA256 40f291f8e260c8799d8260b163cf27279808bc6929a70d6bbc33dc8eb9fc653b
SHA512 d6a9844bd426811884c60f2b40c016c222156cf06cc1b768fdadef6598882536bb6481902abedb985247b69f842c945c781a929e966bf4a98f9d5bbf0f5cacb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 4a8cd75d4688c97d7def0184d04e2f2b
SHA1 5aaa493f1c6902bb290c08f59805fbf85ce080a4
SHA256 f4b65ab2e26aa7004b493e39741e7e45d65d707b386844337248df8e820be743
SHA512 62f399f500a7ba1feefdd79e1cef5668ef7e46eff64bb32c1cd0c0dfcab3e4d0f44c96687fd0394d2ac5177128221fa8fde0503d71a1e08583cff114216d993c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d1f31004ae59e95343ca2fae8cd904dc
SHA1 bff3680f39b5ba37dcae69f2a33c9de6ced4711c
SHA256 00811d85166e55a5c894352a4a5b4907b69b390bf3d55ea7b695484e56209137
SHA512 3bc013a84cd46513b91267e36e6a18a6b2007a4d33020286f43ded69fb89c1e9814d6b7f0be15011b7be301dfa78b3769f1752141cb7099dbce06166d15a038f

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 69f61fea0aba5cccf27d202b897075f7
SHA1 23baa41c4b2d8612fbc4962b5c99973e439420e3
SHA256 c28323f35ab7fd08fee5cae28f660927330fd4e9e05796a50424019753ae1552
SHA512 a8892e3c037e6847e4c43f6e2337dbea4b83d4909cf392c74f2bb572f9c27136697fc071242b0979973625704e1233971bbcf4d11f1fef726ed5325e73b7bf20

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 a7a6a4d9f83d222c40e7c53d97481057
SHA1 577624632b1e7b632d28ad797b059b5dedb42846
SHA256 737b7614ba834535f3a447a7fd02022e73b2d1387f75d68f5c2e869a21cb7912
SHA512 c14e420525592d34db6271d38da42054152bcf399742ed30b84a92aab06765d645e6aa26c7089e2acb8bd0ea62eb9a3e6d59be54496d3f5f85211c73325419df

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 b44d54378310dca84ff168a6fa2e23ea
SHA1 2a987fcf0b133e835b5b2c0c132d550419b6f4eb
SHA256 d56a195dd28c3f15d6629e20594c708c31af320a38f8c9ab7d06b448caf85beb
SHA512 e2ed8035dd34ef5df407138097bdef8398b903992de63f9b78fabed9f1db77e79c5c097bd3d9cda2f1aee1879ae852e667997473a62f24ece46a54bafebf97af

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 777827cc42419c356915e2ae7b657ca2
SHA1 f77ea9c7904dfc03a22453fde59e2ac85e471e3d
SHA256 9ab217ba388f2ee9aca8a8387bc8ec76ba3d3034169b645e395f9024995de064
SHA512 2e4518c0310e29c3ccaf6177d1459646df7a3c4f7facb8096162b178bf2acf4358ebe176ffa11bba98322eab2bec959aa126188aa57ef4430c0daf6776cc60a0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 976a355b60f0e905da184217d9f7f1a6
SHA1 e96b0fe2c2962228a2ac4619bb616aa0ead49a5b
SHA256 b5d35e219775825776a4dd65918468164f3a69f9d5d64f308d7a06c6bb5e96ca
SHA512 e7cb01a436b892b59afaeb5e29aa61ce7cf34fca1c8da582b837908f6cb6234871fc1f7aa2ab6cc5154708fb1a6128a6edbd6a9b68ebda094261dc898bc3543f

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 6b7f6a2ff054e3612c90bc9311370352
SHA1 3cc51dabc0ebc33d7c8adc08185fd8f4ee403931
SHA256 8b9d35c38a3215e69effdcafdf3fec9337e4eada2af0e955c260c5c7504aae4a
SHA512 95d19faf2b93f971914ec1f8b1d7e8c836d7314670c0fa0e430047112f6fe6df4572d3a0f244816b76020800ca9826065bac898cca0043d3e3359e31ae75bc08

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 2fc37b8b4102f112f2b1b8659cc7742b
SHA1 3a3ba6395257fcbc8f23fa099d02734ec22eb738
SHA256 3391e53f39c9f2e0aec80681921f54ba38808815505865c75753732754040ab2
SHA512 77f0ed26538f038891c5a00d18191d4df2114b9bb96f6c8a8d5061b5865a1aa0c43a1c7fd13aa7dce60475ba15e541aa2f88e148374ead563a318c5ca58c82fc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7f55320d7aa4a6b209e003c956264941
SHA1 03e888a1e614885f8e78ef98a59a220c99752e95
SHA256 0d96f1137288034d2c8b6103763a55b0fff9e848bd2905e821ca5651ed5440e9
SHA512 e8a65c639c97f1f33ea7db7a2bc3ff3845c7e10fd75022dcd941d3a3997b29fa030c0e308b9921938c38ac9452948d80c35faf619f6f2ff3f60f5a1c362d6669

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1fedfb8d7761e9d1bd04f909a6011f9a
SHA1 e579c960d0bcfd8a8385c40da2d8bc57a824cc71
SHA256 a146c4a62670467d6968781f9b766186ab105c188b2c56c481b6144543743d0a
SHA512 e38cf5e18c160ba37540f97927018fe2891a085f03608a271fe581bd840746b86a3dfb709c014c069b858d8ba913d877608b10eb1b1898c9e7427d878a73031b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4bc445527e1f71706ebaddf03a228223
SHA1 279e881e9844d465ef04786d6b5525ce9f59bdd7
SHA256 b174e1f1ede1797edae9560c58ed8c0ef206ed0a8f7368510b8c276b8e2e8ade
SHA512 50d8c61448bccddeb7bab3131e676b17b956fecc4b61dece11838f38434ab11a1370a69bc9be67a511431be090cd08aa978c0cc4c5b60063d94e1a3a5a4a5ad6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 1c3cc5ea26aba5b9679ef34a9c27e5d8
SHA1 7bc635e6dff6dc2c46a0a5f8eb14e31a5d067fd7
SHA256 ec874ec5825190ee220a25c24be05cdfe1dbd8d31980bdbc838176507af2a516
SHA512 7afe7b3c116dd5dbed0ab814f77d8c2fc6c5021395c81905debf2de99c60ec70101e4d385c1104ba35f8d1fcbb4b9c0ba46d41fc89be48c0650c99031906cc5a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c1f3f435b91785bb40d77965810884dc
SHA1 45c6348e96b5b6e3d5d59cf9d0b74a319a0edfd9
SHA256 09cbc67999927b4874cea4fd14b54378ac57c9384809ed592903e5b8a6a9558c
SHA512 aac43df26e91bbf564a8b06a2611a604bba3b9b04c619cfba9462dbdd2f03a42a604210aa2e0e76372a85a4da92b0cd745b964cc58f406537b25062ded5cc0a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f6aa42e918ea8deeac751603b4b3a582
SHA1 a63c963ca691640eadcb2e9a6d8d0cb439100274
SHA256 1696682e3b4ce3f64ddf1dd02626c30a238e32208121f60bba0c0d235a96dff3
SHA512 ac451098726dc47e82cbd2950b93d565f96583953d70dd2fd6feb68541b6935eeae0ed55d747b8eb0e2c86b487b9747336a03daad8a658296727076e42e0ecfb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 67289fc4ea900117c5f0e618e15aa4e5
SHA1 f7a78f7dc4b95cf928cc8d2d861abfbf92c20311
SHA256 b60c935a666ba6f0dd644ac34ea467d4090da40053594dd7d3ce0f47d8b0aed5
SHA512 e74c470315553f9e956f4973a0e5c84a54e060c8834480c980d9dcb3771416cdbacfc9ec52aaa7437b57340a4b7c397c4da28587a4b146e118075e402cb7dd40

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7c1cf29a3d643cfc56d3788eec02a921
SHA1 15eee516b7b95a580123dc65b2b2f3d2e9703027
SHA256 3702d087f5570bf15d91a32d0da5efa47b4258538a92c5204bc732cd70bba798
SHA512 f533b4160730c7c75d4852c7bb23bd4f168fa398d799d462a9aa075724e7e90cbf4d5d928c1478829a5446030cb0e59f305f6f997ce86add36bc12602daddeec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 0462a27ca42de6102bd2636987fe9f6f
SHA1 08ceebd37110c254e741b50f21a49db218b2c31a
SHA256 646832f1db870efbc92170b631d1575e7bb805b5948eafed6ce300529e282337
SHA512 53f5aef6ae1fead4fd86923669e543250b4378e8bbb6ba2ce636a2e671e05f33aae3cb86a5e29e30aeea64c524ef829b79431f5b20e0e7b9bfd300467fa47137

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 175d20dcd1dd761d496468d5c3de3175
SHA1 f77a0853494c628b17d40b79900fc193159ee0c6
SHA256 6fdb286943e3fc575de526ae4cfbde54c3977a4b74c799fa2633b140f0529853
SHA512 fcee237cc5bff9f1f8a1eba1bb2d6fa7d59e235f41244c3580c6f066d25f662749c0b132986177350b7ea52beb6f93f876dc2d7884fe8ddd9bf5e92bbd9fcf70

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 71300b51de09c416b5c3be1a354d6089
SHA1 b3a03fa7c824ea68d18a4bfbeb45ef92114e2a57
SHA256 1b1c4b6d342a51d64b5b3ff3eb2d2c8b8855dfde798a0cfd344c7229af552d51
SHA512 be0660803948aee146b517f4fcd39ec8bfbfc4f294da957a7fa68738aafbbe3537e4b84051514348b3c02ca369194202b9381cd7eb76c3569a2345fbceb68125

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 49030b9cd66b8c45677d97b57ef25421
SHA1 023326e473c882985a255cb94dbc433da298e0a9
SHA256 a2c43ff1ea38239de8868cc20bab758fb38f3c4da9ef20cdce466ee0b6502aec
SHA512 4ce55a172f5df7904021fe5b7de94946be406a05ab59df35a0300c1c7c19c27ac4371715e41c2ca00b4a864560d3502d6f339748ff07ea1f7052d4ce70987a37

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 429121b36c34a360f4ca8f328f3f3b54
SHA1 c5d410b296cbbfce10e13f44a59e28c83d6e7d1c
SHA256 6a7ee145b5ad522147ed6d945c2cc6990f2b8cc7c4f7c428effdc9275bf6a117
SHA512 d86a802399e8a44641c844dd40e913a2bf1b319406c5e3a56f28c170b7565f5dede44067470b3ef079996e7a45cbe6759ea5534d424bab09d65e7a5281d0f95f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4f15174e3a60a26ce4b602cf2aeac5fc
SHA1 be85d026120a58c01beefd986093601c0a2fdddc
SHA256 8d2b77d26aeb470f6f748b6682963ede748fd5e43908e6dcd48bfa6e0c154c1a
SHA512 11c55d8ca998d1389775ecb2a43869a38350a2319e0508bb086544005fbcfdf7f19ce8d778322715db4b547bbb7bfcc53935c9d2ce600eb41db42b1a12d4c285

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7aa30fd525f9aa044563ab4ecc4a5790
SHA1 1adc295685e4987eb40c7d43099fbca93ef1e07f
SHA256 1d3d0e8803a09514e7a262138e9bf6604762669de45ba9c10d77904797706955
SHA512 f95df676faad01beb04aab18ad6792f6d9ad234afd345e9901b8a7575e6088021eb0d988507f2b1d812f0a84f7a58ed423fc53053102d890867597fd916565e5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ba0b03c93f4d1b082f3a0fcd5e5b6b0e
SHA1 e4627cba06ab661f2ef9b056e071496ab8299e05
SHA256 6e1f87360875635dc881339511d29f846b6b97eabb5dbd08fdbad6ad14dc9d0b
SHA512 801aa1646163f50b99029c6a5f7203829cc9c09f07ed1dc893c7647bd6178815daa1158419caef37f0cd6dcd3459baea6bf3faf8c258ce5700e3b46e6b5789cb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 0dcdc12d1db169275984b3886d6ed879
SHA1 f5f0727c8745b82e131f078e9c106b2dd2dcb67b
SHA256 2bb39f9bcaa0ad0d76068c4d5094ce6faf162e18a1bb01c251ddcea9b1914a1e
SHA512 7438b2ea15678b9d11a8ad9089aa7c359b4c6c250e738bbcbf6c9d9e94220083ec82da0ef63750537be4c4a23ad5b9e3779b67343ed1fb9fc86ecd62d6768e67

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 064d20ad9694c2f6fbe65094616cd204
SHA1 544b79baf9d10bb1400658e7b479617ff1b03088
SHA256 1bcf4f95fcc2c2ec857a77432c4e1f2efd5ef62f933a78fb716ed12998e2bfc6
SHA512 d097f9f3268614b0b1375706c8630fcdd5a17e0700755da216cacd12ea8b4a04b8f170fedec9f4500086124ef12aa0565099736ed102eed5bf9f3337d86a6267

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 c45462708b280cf42613f9269445e118
SHA1 c00ec0e3bec44d0deaee16b0de17a5224a2afc37
SHA256 7d08d9cb0a5ab86722ce92ec942d497531db1dbc8c4c855a01406c0fa46979de
SHA512 4ded442b709ce4a6f9b8080eea512f1db085fea568c1a0a11201aa41b16d5ee9cb0535cafe82c802f162c4e02a3953adf68dfa2c5fa9de4a133f9fb16ee73fbf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 c22e71bb1a149c12810891c43b335b73
SHA1 37ffb2c3c888595878ac9c44f550b34d10e1c33f
SHA256 989bb4cb6ed4816193805705eb17bdddf934679a856c2835e89e0b3cd2d40841
SHA512 8cca3139b5463f45678b5ddfac750d6a057d3a5c58f76eb149cb5aa20095ef763f7f483ec63d6e91c1cf762b9cbad583ed2182a1e11e67ffd662835b9fa770ce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 02b336dcee5a71569a61c2b1757a7b45
SHA1 14ee39e8ae4951c89e877d88cac979497b0c64ac
SHA256 bf3f846dcc662fe017a460838386c28433f2ebfd22d8406fe187ada46d1d9182
SHA512 cdc9b0e19f4601de0522860b3e696ad73b157048b8f9d90424c091117507f6b90b9c93d6c77867cc7c88c901bd64ab043a6b0ada665a60c9a20a4dd239b1c3c5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ad79f072341ecbde654b287890e281e2
SHA1 c8cd5d9780181d932368d5c81b4b6bf763a4e022
SHA256 cb5244ea541be51a64ea8c76f6b60578f7647a2f036ca3ffc77410f60f64d1f9
SHA512 5104c9801eb4b8cb9aae906922b5b88a8fff25eb11a7633d293faaeacc87e87dcaa29e38131749809f8560ddbce4210d20a60d97f9977aee9433d8c429d9d614

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 4ba67e2b31dce2e43bfabc6b1987a8f4
SHA1 666d13a8dbfd5a9f266b9d659ebb2996dc166533
SHA256 fb5a09a0098e38de23e5ebb8b013373cbb24b33235c504b131a66ab2f82c5e99
SHA512 b415a7e4b54630aab49dd84ace0b62c6b20ee15be4d4b646df50303be1982610227bd9ae57a357c0464f0442ebda9017c77f0723165676fcf8a8aec0cbf7d190

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 72646b8e67c18fb06e07274533379e5b
SHA1 f4dffa8ac15be5aaf2215d520901a023cc9d255f
SHA256 2d8e3d3fe40f244fc6aaefb49611f6d7683ff62aff91835b537beed9ff607a92
SHA512 a6ff62a4b83125bdb2b3682b29eccc697bbe69fb0e61be0f7183fc8bff909aedd652c4fac2767513401dd443867f67ececf8720e46eddafe8514c09671cde83f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 1489b58ba9d76a8a4ae0cbe8c4152c88
SHA1 8c74e06a396a88fb5163613fd3a6484f66c58217
SHA256 079de18ee8ce49105eaf87ab90c638c22b9dc954a15542547b472833a937bf84
SHA512 0f2c03ebf56fafb8774eb4a00d4f8ae613a49b8bfd21371cd2cab8b7da34efe71ffda8192fc7141a979eceae1f44772c8bf56f89da7744f4d4325eb1b91cf0f8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 b0f1fbb0eefa8205d6e27ef0a68695b4
SHA1 33421b2b486893482482e67666ecf132fd42b325
SHA256 35a5b6bd997c794f7edde4718f6013ef3fcb41aeeb526ca8532d40c9ba416328
SHA512 8beb25bf4c3ce06cb042e6fbb26d3e6314736e1de71b5b8b12f4955aeb479540c1e0bc313fdb981eda60f2a342e507b473202371c1f8f46da265659d1f7afffd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 8b0d16df9190c1edb10bcce2d4595f31
SHA1 61e83bbbc06d272cfce6351fac5df334d3002acf
SHA256 c359405c5ce4920e61ce90f0c72171c6e909d7e6226643305568a5a4e4493c49
SHA512 20eaa770b9d52f9330154bdd2313656549d8f5040a204ca7e44abffed15c7ad3e0d81cc5dd858f536959f372db855c2dcd10263cdbf65dd35ea3a07943256929

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 f82e90b741810c7058487d2ac081330a
SHA1 5414620c57734d209a2bef572a9efee53e01c7ad
SHA256 564085658041a3cd7015bc2715a75aa7df038b2f224880e49d6a1350da5b0667
SHA512 085dc70073c5c90bdbd6c7abadff5898a33de5fac8d9c40feff2b81a164e355b0d34a0eaf59820623276e210d44a2f4727ed93842cefd291d0c25eeebb7fcce1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 7c802e8705a8e328dc1ba5e882157ad8
SHA1 2c46d210873137ee8f4cf3a9c461075477cf614a
SHA256 eb67e9ae76cf2928602e22d7ee8061716e4c332b3e305c5b135f859976415409
SHA512 80a5c2dcb4a7b8b314fcb22285af84c77bb7cbf9f7c08b94171e2b928927af0d04af64da5314bd14b44c917e7ad91d7778d4a67245351b8edd9a695e4ec47e9e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 198508dd2b6ce666e1ab8f46da797581
SHA1 e45db6bd475598ab70db6814586129b6cb411a31
SHA256 63df0bdeb51e53dca48d6a390a8279ecd88d1b35022e3ee8e2a6e402d9a16a42
SHA512 680c42493de1b0c0cd6fb1ada350cbe3ee5e77924f214bedbd4a6bbaf39882936b27f0a2c50900fb56693acc4a603134872b7f4c155be4f953a316de415bb80d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 7afb5b6964f77de92e81554c34f74181
SHA1 b3d82c00b85202e1532a22914d98cebc9b4a6abd
SHA256 1ab4d164c7b725de0c7bdad2abd495a13c9034a09b2701e0aa27f6a5f3b2d0f9
SHA512 37495dfe42232852edc79fb8bcf7b548bd73c38da6ef34d483ac67e9bd553922b086264d1f441429e7b4b6b2eed659cdcbebefb9c516df8881ac92a01d18d148

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 853bffc212de56b79d08acec45bbe70d
SHA1 c09fc4bad2b607723d5a2aab52b52202058434bb
SHA256 c77579521b2e699544dd9ca29051c18cfc3f4e902c0e60d1a2483890f1645610
SHA512 c581971e8d8a7e8da3a9df32c480469909a7571fedec4667937ec151b7857d0c207145beb2b16f0b8de1f6fa1f30d6e019c238a1ac9412dde918aef944f838a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 01ad3f04fa0ffe2097666fe9bb2b3b9d
SHA1 21b12188762407ed98def7df612cc2fc89b9d2ae
SHA256 de8d6bfd20a089bec6fe32e7deb6e7be62b91babf06b7fd119daf769b7e78aed
SHA512 c0fcfbfaf3cd3b33a3842115130a5ebea67a5a17a4a1d6a107c0538bad104f2468cbc0024ba636bb873dfb5d4e8a1d58194a8104090b0373073c2f9be9e166c0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 710769d562d2ef62a12120e9012610ed
SHA1 d96c34413ed0e0e29ad4d58093408f1a6000af41
SHA256 7e79c7e3761744840860a60f9a406432c930bb765bd0b9630e72a9fddb4f1602
SHA512 9b4ebb42571f943253e2a627cdcf87f1faff1471c27389499a9f635f18cea1bdecfa2781f62b538e20baf3166208575dffd361b6036aad9a8d1c1a33342b6212

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 39eefc3647a8409fa1ca8f5b591821fa
SHA1 1d4978bae812a82041b735930a0809202983bda5
SHA256 6e3341df25ab2afd7b991e5f59a57a184f2c7e33daff7d4574a2186c92275409
SHA512 81c421bafb54acf6b34aeee268583f8f235eeef8742b53913ae45ff2261625ed4850841cc1cee61e0656834df507ad7596548d7ec082fdc4c4bcc188c6c24a35

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c7a2fe4c561c090bf6fc490fd34f4ff4
SHA1 7011c214c79675bef173eac3299e18d4dab85e94
SHA256 27989540a84685e0e3b52edf96ea904b009a2395d2ad9f92b91f33ca811154ae
SHA512 8e6716d90665a25efb8a980b3e495602ab1980b35450896af1eca897ee804d70f7bd3645184f360932b364560ead9a8fb3c20b175f0db3a26ee58f92b520a25c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 a1635a97b32121561a44a7a7ba84fe35
SHA1 b09268c6935101651631590f9ab4ad23e136661a
SHA256 58bc29ed110487e90fe79c1b5b2e2055d18ecbecb267249103bded3f8cd26297
SHA512 3886f091cba33fec4841726549867b89a94ebfbebfbece2d4684faf62bffe8fbae1d20eb8cda28d92e13aa230e10c44283a6500aafdf45ffd6356a120c46b410

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 438c5864625491f41d4ae23a01bf1414
SHA1 1671ead7a6005dc410eb5783cabe719550df1cda
SHA256 6b1d84c14a4aa8afac4962c3401a582baef30bee89c2c217f7476d4abf159f37
SHA512 0586c927dd9fae54b976cb5eab4157f456c7983312daac7d2ad87ef5c800c87ffccdd123f2d3c5a52aea6791624813edde27976c3ccb53b3ea97638d643948a3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 89f382f260a035e188a05874eefaa7bf
SHA1 274f81903e02cbddc7c21af0c006dcfa2dfa6cf9
SHA256 ebcd9ea60bce13037c3ff0eb8d737d8158a4f49ed960d4af2253ec45e51565c1
SHA512 8074c5e7b47568101537d1e47cb3bcbc1d9dee2b8f841c50adadfb423017455e4c7123512dafc6571473734c403af5b3ac4d42ca3bc6da95c009270d7fd1865b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 4c9730b66fac55485f0e1f21804732da
SHA1 0e05cb644d7cbc87d010d2b6f0ee13a17b4048de
SHA256 22a446c7897cd507780ade5400bc22f63f4d6a9e0e6fe6b58007cf94e9604698
SHA512 d1047286809b2e2d14a855eadc8c6513d831e37d20a4e5c5194dec9c14fc4f36134d9b432bc5ca19634b2fe1a721a4ddd325886f40cde0442984340d7601f788

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 926c3abf382fce618a5c0c6794d83894
SHA1 5e9781ea28b32e418cd2ca8ba701f4b4ede1fb9f
SHA256 9595f2ed217f2aaf3edec2335c66e5f77af6a9d04512fbef632abdb998e788c5
SHA512 569aad8e1ecbd6b417a1cd89b841ed9d855e6bf43b7945e2b61c576bf0474e7f2d14a7951bff3b2cc6f04709dfbfc9538419d00b2cd58a777917094d5587725f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 8193832579508277c76968e71f9e00ea
SHA1 1b9e8d5fe6127175f0074dfbab1dae74d8b15b85
SHA256 edb3715b4fa2778b8cdcaf22b92a91d10446801d355e1d6b435f2b4dc13a2a4c
SHA512 17b4833286c8f64329b42305e150bd76a5a083afaf493d1c3ba38763c5a079d7842f170898b9c4491bbae53c648049fb4c1eadd110b0014f0011f56f0aac4a4c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 9967f191f25491eb0923e8e9aebecfa0
SHA1 5e8fdb6365ccff75824df7d2f7cb130652be5517
SHA256 a6358b2bdb2ced728c5263eda5371a1d01dc75c3cd8e8896fcc536dfdbc6a0e0
SHA512 bc7033c79b722fb8d6445e066591223af31c6202bc2d87249ec0b916b5edf90192ab207709fb518cce6f0d02a97b0d2e1f93eb0979f3dc9faa1864877b0b6824

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 ee3a88178fccbaf9cd0e2c7977263b1d
SHA1 524b657c37c72e845684c30f01d92dfce1d476db
SHA256 71779b68f12724eead1e5f88b41448992592511d8654e900517616b59c4573c9
SHA512 8a0224ba237155689ba051d784d8f938262d51c6156c79ecef7ec26a8bf2912dd307cde216efb182026868d7d8bf118a468343f95d078d4f00e88ab49d6ee002

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 a411fc9179ab442b6756f5ec5f0e4ff9
SHA1 b98bb6287808017b228f84057958e8c2fa72f7d4
SHA256 f90b5da550c8a2fb64f9b60d3aebd7efd4a2e009b7c05e0cc6af54a7953d1f85
SHA512 7f19f7692b8e3773c8c990c2557fcb7252dc8473b5226f563089b1e681c6d04c6dee647d45a343e8cfb4e2820f68caee969650a23976c4876ef950991fbfa84e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 c931e6de9e471781563479bc9b8bed0b
SHA1 821fe9b6cd8aab63aacf1fb4d4ca479b022108a6
SHA256 812fdc9b237797dfe0a13fbf3440193b3efb570739f4b1085ef23bef137f1842
SHA512 200483245edecddc2f40464e7b4a88b2fe1789996e71deaa6c325ceb890fc3cdf49172b49bb6fe2ae52a7ae189e7e453062eb4951cb80b43f66ad10c50ffe4e8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 35701e34e6d3a1f67fc36681f4af220e
SHA1 4193af8580f6035a21a5026b403270d322009263
SHA256 71b91f57c28fa3a43faf9a5e0d4d26a46b44075fd0c1dfd26400886df46a0070
SHA512 c17c193c48a592e79b7a2265cda35cfd9477bb492c09930b517297a92b725a3840037ac603bd4106b6dd65ef170cf3e38d3ef53c2ca62d4a0336ffbd66490676

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 4d3c8195a408e38b839f23a400ca7339
SHA1 b825d53ab58d7158892547040cedb00d5a1485a3
SHA256 6885a0c7ce0c3143f1cd641c1af06b592bc2d9475fba751a37e8249207877667
SHA512 583ac88138c126f731efda6b3db093b5d6c31e076465de301b6e0a5e1f142acb5640cb188bced62f433c9091369582c3e50c08ed209bffabf88a60f43e4802a8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 fe7bdec6cd298a4520f0d3e26e56428c
SHA1 d423522f76d1c3110a37de3dece8f93998825544
SHA256 64c8af3e54e3cfa044eccd6e499e2f0b26bfaa23e0515d4133c2f6b9672e42ca
SHA512 9b0b33030cf3c6b4e2ef1591bf1964a85a80de6a24fbf0933ddf849e2b14dff9dced883bce0339f46cf5fcb3cb9f99c7edd9519ef3db12c1658a848d419fbd08

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ae201867d71c9ffda26d285e92caf8e6
SHA1 0d99d6fc7ca036275911c704bcca7fecbe2f435d
SHA256 484ab0d340fd4c432063cb530b742374a8e2a20c021857b34dd5e7611710b118
SHA512 a29293794198f7900f53e4134509c5c4f4e2027477d267a93ad382f6b901975f31dcb778aad64c5b8ebd149a05f34371fcb2db9a2f61e67df55ca3ee8dee3ac1

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 f1f2b638f0dd3127e9c6075b165f35d4
SHA1 c60de295775a49eb05e4ad27a2bd2db86fc100aa
SHA256 a7c421905c8dd70e4a3ecec4cfe90d32f3203e630122501d6194876d18612c06
SHA512 f7b706839e553e7e4d3cb1192545a961093c2092a71187ec272238550f1c77ba1e6af18ebb8fa9266192bb96ad71342c4cf79091a7d9ee5c888c1ba736e3ac12

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 08:58

Reported

2024-12-06 09:01

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe"

Signatures

Renames multiple (2198) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\channels\OCUR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_neutral_7c21481229e1e66c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6F.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_209bc1f2bf7aeb04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3295657625316fa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_722e878d194be5c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_6.1.7601.17514_none_afe5eac6921f1c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.spo..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_de-de_704a968fb4cc0133\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5bdd2bf01d7bc0ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_d9272dc26349e436\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bits-proxy4_31bf3856ad364e35_6.1.7600.16385_none_0d39ccd1226840e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.msmq.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e342842f6d83c308\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_73edc4b92446fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9cbb1d5656f57791\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systemcpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_152b0a9b894a4531\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.2.9600.16428_none_73fee6b3701a345f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d77998142ec36c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4b73508b0d6a645b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3946be823da1aac0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.1.7600.16385_none_88c445c97b26f0fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5646c597a746df57\settings.html C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..oundation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bd4fb7a4da83f8ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f32580d6cf22ed9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_6.1.7601.17514_none_ea4c8a7b6c447320\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_eedfa904cbfe02f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4260e87dc94e25052b34ea78873dfedb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..eraccount.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cf978a34335da7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c31f889fdc5c9c1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmiperf_31bf3856ad364e35_6.1.7600.16385_none_9f706a4c13ab6b41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-assemblylist_xml_b03f5f7f11d50a3a_6.1.7601.17514_none_2b4e40c201026eaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ager-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3cbcaca4ebf0ce6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..iles-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ec506ff0bdc9b5ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1340f4790119b230\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-restore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_706db3f8d7bceae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f5369791f5ef9fd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b36f5e7b32a82f8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.tasks.v3.5.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_b1a76b317f391dd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img3.jpg C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_44cecad90f56baa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00d.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_62efd6227ab667ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-mshtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6dea4504c2e0e073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7601.17514_none_d008c232e0f69c1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c216849e273364de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a85e924971b68fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a3645f7773564239\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9169f04eb7bce565\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\dcbadb02f6000b436f1cb0fb736df3ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\ehome\MediaRenderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ksfilter.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05716bfe9bc460c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_1ae1925f96e1ea47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_51a64269f04431a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3960237ecfaa3316\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b6e52d4a605b78ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
File created C:\Windows\ehome\wow\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZLRXOYDNWSCIXAP" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe,0" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZLRXOYDNWSCIXAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Is9h1N0MONun0RN.exe" C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc21a1139f4c776eadf232306d5aa684_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9056132bfc4ca05f70082f3c57f0a6d7
SHA1 89bfd3ba45277e6b91e810af623708efd61a1961
SHA256 6b27dad9a0384d693b4e73fe60523abcda625f0a80ca152c576aef4b6da31e16
SHA512 677dff65c9f7c607b53484c7a075ce6f7a8c291b3ec2412841189cb828fefde2db7ccb46c7d775bfd075e1a6d35c0feec86385fe2d5c7d067e96f9f6a8c9fe30

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2dc6275ca92561465ec5c28619025efa
SHA1 78cd93223a27b1dfd9b81cc6c513c99eea39b8ad
SHA256 7de4d9dfa352b3f04bca35278caea3d826506e22b286c257d2d63202adfacc17
SHA512 d3d41628dfee0651cf7f04e98a21988c1a6224ddc7c98b9303c1a875c2f5eb22be579335d00082bbf2f2dfc7f365e5956c4f6e9ba881260710244aa557f8c29e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 de6b269f631a9927f78800e5fd330178
SHA1 f17770a7437e5c7fa1f5bf38d3a110c38cc1a4c8
SHA256 31e9d9214b82d6f68f5871fe1f69cf2d984c13d2294e4b5e10a31b7b8d7f0912
SHA512 daac23f4e552f3747cf6fbf44d5511d60315ec4165b0349d28e8e41e5e9f0cc97902bc64d0b003884547b4894ebfdd6ee5e7a5024ff9f999d283ae1f9b56f731

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 7415043ba18b99ceff78068898d4605d
SHA1 a5ad6af74a9f588a4b22a47167278531aa82c1ef
SHA256 8eef178931686b09640c72221fdc500e88ec4ce37b51bc7b7dcd68604d632a4f
SHA512 7cb8ba2a6f6e9668196d9347508ca0a5bc7aef5c14c1d3a2aaea8facd55324e4eb953c9d90635b3ff635ea8ee450eb03ba3ff26e14314d540830f515de287660

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 8fe0880f4d55a2919ce86ced928c61bf
SHA1 32bfe52108af30fa45bb4b652d1d430a94c1e9d8
SHA256 b57ae838755d13498b7c7fc4f94ecf2a1a52cb4cecc75353d41d9a586450c6af
SHA512 cb5308af2189fd69b16d122441cb0138cbbd925bade6d9470362e1f6d62820398f9a51665951a34ab2377d6e37a2b54a4e8209530e394cd8555cb4ee90c384b1

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f8af3a3aa830e662092786cf82244789
SHA1 ceafa71225bebc28a14ef27e98f8861bfaf2fa06
SHA256 74efb7a5b550fb784dc1a38203cab1ba24993ce1be3bf3982387eb395f49765b
SHA512 b553823ecac02f778c1be56e500ff7b18be3f15bce4bd507c1eb6f342302886c9ef17dee3e80355210015d8c2a5763328fac820768d29d434a4adbb7761fd54e

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e44d88ce6b81b3642008d7112f7dfbd9
SHA1 3f519f8c76e0e322cf18c36e89d391001d833552
SHA256 eea5ffff905a317295b771f7389c069247db92acb66b4edcbae6db0ec23ad278
SHA512 c02a0bd38de8fd286fba3daedd828e2d2d9072ad49f1df0f231146db216532560658f7904d5c36af347ec836e5ed09fb800544782821b934deb01de29c2c3c3e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 2d4079aa8be61188a72344b0932bb362
SHA1 0dc07f656faa95173139a82ac89823a5f5986aaa
SHA256 fc8691d0ae0685b85fd116038f3df362d17611d3d624be3519c769bc243ac3e8
SHA512 41f7101a6fced829874c59e9e74bd193d141b26f45e4223075fac738b616977620499ee96f4a9c3ae671f79ba7e208680af6116e32e3f3a724fe2165c8d0f7c8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f3f3095944ca29a54a3b2df62363f473
SHA1 d74c112ec6b0ff6ef2fba808e397c8978de80f8a
SHA256 1ff851fc8f7d519af4b4b21b6c93622c1e747471f4eb6f09668433be07e7e228
SHA512 037290bf57e735037ce59e4576fc7ffaef97e245212ed90ae273871cad87a6de6ae7b696b2c330e63483e492e208c264d8706ede7746453bb7c11de75f4e36db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 96551042114879723c1b0ee4ef74a26b
SHA1 8d0ecd8684417ae9b298bb9fc21f3c0ed3ecae5a
SHA256 50aba2d343ae961e47921d423987749f1bb185206fe09e94ca6ff0d46e4cff29
SHA512 57fc1f14afbd2ab5ee1335ae08019ff111865cf477c36ae3730bb5f163b6586f7d87aaf32a7901e62026549b9e18c8f389008d281c3579289106f28a9b88f62a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 201bd6f12958600a0d062d708f68a1a4
SHA1 5e760121dcd2a360e27a49aa6650fe2c8fba5d0d
SHA256 553eaf3fed9e5afaeba7339e6f8f43ff71d4983997e5403e6e36b1657182af11
SHA512 e29d40e442d62d82b15fef711016324e327f18fb220d27e38849023414a164b486d28d45e93b0e3d2c2670c5ff387e00ac843fc75239177ade67cc4e2782741e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 a5b798ec7d62b9862b864e200df8b357
SHA1 b57609804960abbe3efd5fab0df9f347e10c4c3f
SHA256 9e6db1dce9b250d3f6e3b697cad15473caec0ac49768493f50d78fbd91d98ecc
SHA512 9dc7c9237094b84b803ffd8467028d99970bb6d8757de861157deaecb004167661d5512eb4eef888a8bf8617c598f2caf50d910a43b2643b23effece11e38d09

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9c29fe1d49116fc545ba1264b52c28e6
SHA1 bce91c4fa2e520c717766c691f0b353d9db82010
SHA256 b04d2d427bdee8485398ab16cf5a3ee089f06689fce825d9242e5e6e058c2706
SHA512 0fd23b986ddd39166d4ed33559a9d7167fc5e231ea4ee8a0cd4a8942aa8de8378e721802c593c8fb680801d13365f764814bbf6f625471dfc39027d051ec248a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 8ba153af59557fcfa9067453c97aecdc
SHA1 fd6fb0878e1e6138d940defabcf35b29f9c639ad
SHA256 3565e23f2814f52bbaddeec8d909bcd55f8de0149577a7e2036ed270843a342b
SHA512 a3ab0b7cdefab78ebd665709e3a1f4351a0dd81e8f9d5df662b4d02919be0a1a8cbb517570218a7bb9d2f3d5258f9d1a9f23514a1f899217db477490cc1a4cde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 72a95c6d72f00c460c87a717aa834ba4
SHA1 12cb3521b326b2e7ea26ff2277bd538730367c37
SHA256 b4424cc6f13b73ccf6e7d9e9ecd1eb0b26d4bc6857634dadd243a8a954ab50ce
SHA512 290a6cc1f39feab0060287ef4187b6f453dab2b8fae3f98250c761a835a18274e5a4f6c9a449e99fbdabf2135331da20d484cacf11c0065e5482eab90e6f99cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 7fe5bb28c46264d8dbdc500958833d41
SHA1 682d9aa3030eeb7f56bca3d64b8281c86f39e51d
SHA256 71f789a1a0961641006b30a92331ef4c350335bfcbf6238b1bcff1e4be432eab
SHA512 6120058ecc0a425719d6e726aeb6539a460734cdfd691868bc424d53157754a7f59910985274654bca5f9f4af6426c5b9b2796163e82737807cac3923dbac626

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 5dec7f0888666ccedb22aee154e61b54
SHA1 8e2b5cbde0be528026f482a60a4f6863b15f9a57
SHA256 1011714d8e1239c3f4b958e097de84cd449f9381b91715eca271bebc42e34ccd
SHA512 29684a06271bf9e5b9fb78277bb22cf7db756fab8e55feae2b1d2d359655f232f44404b452089ab54dfb060e012982506334e9ce5a8046e4cf949e83468a5140

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 125f61a5489e0cdd1da58d64886b58b2
SHA1 05acbb0865114f7ada8f2df26611ccf4b7092341
SHA256 341cd9e2e558de6d147d224d68cd9cbffbd739e95e2c6a75e203c0b20793bab3
SHA512 937307255843b04cb600d2858c839f712adf8f2e4eb1062ddc4a4f9c72296afc858c1e88bb8366009ad788fa6e3f8e09b283d3a8667545232bd78fe6058d486c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 2ae7c2dbc093bcebe6a59553d45403f7
SHA1 e128ac26314d9e254f9b5429f6713c0e6f7f9ebe
SHA256 c8a42426a7aeb2199f89faefdef8f00d01767746693fc0528a0c4d0ff6b62ee7
SHA512 ed784d5551cb66e9d6df43cf2904fb877e123595a5e010d828697e7b7fcfcc59e7ed6f070992676092fd83eefb7300c76bc2a9a959dda6b97b47c7547e17fe92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 142a0d831033b1d0c6e28c282dffe130
SHA1 d9dd8380c6950eb9b4fe5eb518a7268aba352b5d
SHA256 c8a815a54dee29b071f4a6418eafbf7f7bca9d0cd1f6bc83baf60456677bb469
SHA512 2c86f49831c41e10eba88018d4b0f4f587040abbe28b39c5260935a012bc39c854bebb4def884d9ba9d1083714848efa6d4691a95efe17bf0fdeb7c6142d2d0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 a0be433e5a8cf515f9335854ded08667
SHA1 1a6e0642f3064c0514971208b4ad9c59a5c9b852
SHA256 a9b821e75ae9e7d3435a8a796b3229a4b6e3906afa689cb430613093cd59448c
SHA512 9c41666c68b88ac9da783c9dd74830fd060323f8dcb69dff7555dbe6a09414aa06b3f9c94b48ee5c4634cfe94acfbd718b71a519ad22a7494c884048e54fe05e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 ccf9c8dfee86df0159a5d02327e67595
SHA1 a3d8f180997ca611c6903c123c2b0e33b30a0175
SHA256 1578c83d13c75296f5167c39e3b2df0d7b342003b32d99eef4234deb5b482f2a
SHA512 a6c4875800d01f9f9b01c0e9b52b5afc0cb1946c78c0cacad8a1288ae3237fd5a45b9e5057ff04ad8936458bec857b1ed9699fc7e12973ba9eaabe0633305d11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 c2ea02f3abbe56596481048e11189692
SHA1 87e677168c2e252ef8c58f80ddac06a3e243a36d
SHA256 49a6e8d7f44e6115fb9cca99fec643325be3b211144325b0a45f2e8cbeb2c642
SHA512 9a58ee8b9a9f8f5b7ef389fdd4c48a355a075d84a63fc7c832b3e3b393738786e48b0cec9b443596a31ae427c00f7dfecc3976798b6ea4017c5bb83a524974bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 9a8494240879fc9cb25622797d5052a5
SHA1 3fe68c3fce9e709ccc217c9487e1ec33b67a610d
SHA256 cc29a0ea0c025ee3bc3b78d3d1337cd53d0a427e39af5eb23ab0398874c8b0d2
SHA512 fe70f39f0a027ee139166b2cc0a28912ad3315bd279843c20ac02ff4050590464f38f2f9be8f1d3946bc3b056ee3d9cb8b797214d9854b096b33843b030614c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 e360e8146e2f8dd5cad7eba45f15455f
SHA1 bdec9e57b19adc72840a847412e97dce4cbb03f6
SHA256 19fbbc0ec4b3ad0cb76ce472e9a86cb456dd1730764738257ed8a29e70dc1acc
SHA512 63ad23d8a220d0a33c330df132257e56f6a87de27067ca1d19e8b22f8afb4597efb0bf2c78bc24631eeb067656a2a6916791ee40b37acd43c4afd56ed2229846

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 9931dbce6ffadd2730d347ed50876197
SHA1 fdcca65c032633c146466b3a39ec537392b13990
SHA256 a69921e549b18edcfd64c90560906eea7889f8ac1b767af38c986cfa4cd8431b
SHA512 57a482fb62ea305d49064ecd734ea748fd2dfc6c8b370c0e5bde0db2c82737d4ae4bfeda26fd3e446dd3bd0c58ca6695ab09d36923f29d9e234229ae8e4d083e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 bea6e6842812dae39b2a3e8dc9100bb6
SHA1 2e31fffe98304252f508df912578b1376d630b00
SHA256 9c1151a0636e71456e7e466c8f97e80bfb2c0f60bbd986b994bd7adbf75d22a8
SHA512 de2c06e386d996321893df93d65a235956644b5461cbdf395d831e283e0ebd133cc51332f6fef6b7be5df63fbef59b04b485afa1642de6a61a39203765b21632

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 60e601776d3e65aacf1ffd0aab374f0d
SHA1 c106e075aedea4167f3a4130f8a7f62fe947df9f
SHA256 d27b1cbe25f624efc007a090f3543edb11a42aff11e87336236e9bb51e542bbd
SHA512 410eb05c5d0852578dea3ec9a49d368dab0cb2dfae859aed5962206a0ef6457e02c6fd14e8a92d11b64121447249fd4f8bab00ffb3e9c63a7ea15f1377ea4527

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 4fe7377b3b99ee7b7179379f1314332c
SHA1 93e7541c40c931d728bc7d094b4366ae5166291d
SHA256 2aec2650b1b7e7d54b8094402df7cd4e34872ad1601cee78080fe742df263932
SHA512 b1959fafba23a305ece05eb65d4bc4cc577dfeaac2045219b60317c4f80b20cfb4381faee4c5de8ef91944808b401ef2d20024afd5f8ae199eb5816185803d81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 dc66a71ba4c7c42b415dcb115bf1bf7f
SHA1 eadb1e4962bddc3a565d1c0aa3f6d9f19f04508b
SHA256 b55e87e5237a874d7ac0dd38cc820d7ee097aeb60747e26fffb3308e2060f1b9
SHA512 1a4d57865f904c88c8bf022b9d61cab4e16092c75864a22cdee6c720980b526f342ad2a704a52eed84ebf67a07bcc9bfebdff66f3c8b653c8f2ef83e6c20a7f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 f76a3df3edf449e24ad600e51e41868f
SHA1 f0b1dd00f7f5080afef01f895dd4e61e27f8c10a
SHA256 7294cef586fddfca39bc3d7b1ff4e1e0a020decc1563e41f0a894ca3ba18c50b
SHA512 d530a4eeb1e8a306781d4c6d3e38ce348bdfada65463513c8931b9b00c0250e3d0111c33358c9cc9ee6b25ad594363ca051867549886b62356b4658409b4678c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 319e38acaa07ed319388a3058d4ca5c2
SHA1 6619ea7f4125723b6cdf4039458dea91e6f2b474
SHA256 b5ef48a0fb9f61ceee332d3321121a7f05b9a58f9019ce685b634290250f6902
SHA512 080ff3f0abec6f6c26532a5012c31d984d0f68564bf2ad9b898d4973f8740c3a2132338860315a9e19b79e224696f6424b6a3cf8482ca7a479ebd93294051f1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8335e341f788b608d80787542ebb921d
SHA1 1e367db36b8be317d0d832d63fd1e11151bd452f
SHA256 b3eef9208d2da3e4f3dca30a2c3d8217e312769269cbf255c4f52a1d7e981517
SHA512 08cc2a0b60899813de54167bae9977c6be426f54b274f20d6cbc6f7eac869d66e65fd84c91a605d19837070bc849d517b4ba2a55eeb5963083bd8ad2fe843d18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 acd77682cf1402af75baef1bef83dd0e
SHA1 97e86be21093a8f68fe9d232521db3acd17daff6
SHA256 3b0a82d41c80675026b99aa27c81966ba808748c74c7cf5c2ab9d3a0f630ec1c
SHA512 cbb26d0df1f55c93d2ee6000893438f7f01f5f701c736eca1a6760e8a3c0095c5cba77256896bb2a47e9fce92d311e1e4a5495cfb1e1519e0e7806001c0a885e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 ef45e8d2fa60830631c04f8b466b2253
SHA1 bf69f7dc72f79d30e81fb71b6e7ed12d2e295729
SHA256 9c6c83dcb52579ff518bf3e991fd4761cdc494ba5242bbe12d6b906f3fcf3e90
SHA512 ffc1c9735c226b3945cc849f0691a10df8b3f545f9796ecc5832166b1f7400c9ed4f8e30fa25501913a6c9ddea366622c865a1f5516ec7e82305d61ad9aaf25c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 81210be707035baa596ae275f0ecc126
SHA1 85cbdcb31257c35754f4d9a3c6511706a5ffae5c
SHA256 8008c61c081fb80e0ca3a15ecdc678040319571ec166ff8c32bbd55dc0f111dd
SHA512 34b37a0ef630202d77666ee2a715e2cb0babb3db41afce924da6c8f867308a0a0d93ed1e7f61b988ee01ea66f6ad56c043462dc0c31a21ef5f33c57972ed7c6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 1747acd4ff68be090220448e08dc1e5e
SHA1 a3494b844dd483e54d3d61e2fa3a1967bf50517b
SHA256 801db052bda0543ab45f8d5e08531340e3f14fe844dbe89bba7f83cd9e364a3c
SHA512 cbaa076b292f0b02b1087eb8f6b2ca523bee691ff8cc62de405eada7bb3e3c62d9f7098db602c81f24da2dcc54ad52595e80f249129d405512176f15a7ae76fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 856024c10461da970273de928d84860f
SHA1 aeb90af0a6d52edcd68d90bc8d4021f8e488221a
SHA256 b56cc838ae371ce7c28beb96bb21a263ae2221597e5b4d464282d81c7ab1f345
SHA512 a209811fa1ce64977780b1fe885bc77a2b37bab60c0704e2c9a206f1c6f94aa04c5c3b327ab56f94f4850d36da7cc9b40329179c23bc6bf40fa073d8edf34f4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e329623dc64b93b3d6d02b1288c13b67
SHA1 8dd6bd80c4b1c8a8327be892ed103cacaac2cb28
SHA256 c708a11e35459f241e6c8043b4deb7f45523fa853576105719afbb2d4ea16a1d
SHA512 f8b131cffe6611002c8d9c8dfc9b68951c0ad0e15a7c0096537641cfeebf933a3cc9becc8b92a6ddba7278f57ef12582f35d07cd1d312f33fca3d13c0c5b2fa0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 0730dd0feb84703e20c8f9bbdf98d10c
SHA1 e4db572a8510a111e56a4f55b8a5f02de31096d0
SHA256 126e80beb542e5444724a2b7ab3dc860b2682655e40751c79050d94d4d40a6cc
SHA512 3f8a35a3507ed49b51bec5f7676cd76aa6df8370a4ed2520d0c86de0b70907bd3fe9b187cd687086df9f8eb323d812f19c0de186b3376c757ff94c0d887e429a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 5ad25818c5baa049c86c238bdce22f7c
SHA1 2efb82b466470be67f80798677b62d2d14a2acfc
SHA256 a581cb983dfdb322093e9f49308761403f3e48ae2fab75a93255c57798120e12
SHA512 b1e598f90e31055e8050e58e73d10497b0062df9be8a5351fe3f46d672c6a50d69be527d645335951882c08ea76cec15d0641f57a7f8d14cf2212ef679933950

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 fa9127dbd6bc4a7a6defbd4a7cff2892
SHA1 3f9f7dc59a3ef94b1d707f870e12a48e5644e24f
SHA256 3ad46f1f729a020f76642f90f7b664a16f107fa013835b99a5216881c3b49c40
SHA512 0d50419d040f00dac684d76837a076eec5fbfe5ec2a70b805740f03eb89f327663c86a6501e1eb08f02e14f79b0628e6e8844e6cf29c885c54763f48bcd03cd8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 8962f331088ab6c01c9ea2eb72343271
SHA1 e76ddf5be9cfa524ac2db13530c9bfbd1f6c2f20
SHA256 157c34c9de0f3a95c96e8ec4ae5cd6a5cb965913d0749c52dfa9f2e74c28e611
SHA512 059af04f93e9a1c91dfbb84e217094d584f19cc19c7ebacba1f35501f18bcacf53117735495b4b2e265b5a9c816cc551ac87d220b2d184bca5a99186b023850d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 b11296da97346ac811dc710151b3d7db
SHA1 0406d5706926e335fb093b5608febb9d530eff38
SHA256 1213c1b1251346ace2d4cf5efa5a263cb6f130422573de09b5361a3078a9d8a7
SHA512 4e7af74781a5030257420575e5285a785d38ba627a3533199c0ee77259407372c611f057aa8d10cd64f4a7b96a6c0da4c0b0f337b9ce93f0126d66625e5bcefa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 1befe2a6d0ff2ec65ca6ceb9c4a5820f
SHA1 fc15815fe652c3121709e1db2eba7d506bac32eb
SHA256 fe257eb7ecdd6c17241e82f8ea0cca2db56e898f9f8b1862f89f132e9ecb7e07
SHA512 9eaa374038ce2c04d8d35ce2ef9cb90150af676992ab366c2fda337b6417e8af56f51d8ae3399d2623f534ff60ff70bf05997296db7ddd2f117bbfd2dc44df54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 41bb02ca9b30fb9ca6ed567be7c348bd
SHA1 1b43a5a31efb5207cbfc03eb0e0b85ac7325246c
SHA256 c8fddbcf7bc0c734e020b0fa43e29d688a10d138f6704b6726b1d4cb905780a8
SHA512 ae11ce211a3c1f33dd5c22398914d853dfaa240ac491f04ea7dc561dade78fcd980f8c41e76946e027d5866de328b413366aaf2e02c7aa8de9f2d75f81088a98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 b391a6cd8f64837121d8c5e377adcf0f
SHA1 ac4af4d2478c2994271eaf72b3e2a2fe4cc2779d
SHA256 2490e65557e01ca850b98408891d296ca274249f03b27e2e179d0a3288b170cb
SHA512 f31b638e587a108349ccadd910acd1654e5dbde0689a1ed29b6748b93699ad5103062dec127b72f719cc19e7ced15d1a3e567aff440c0f651bfccdcc970dadae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 e4414fdd78125694972218f489919543
SHA1 8e7a595751a421d6e52beea03ff66d87f6e7d0de
SHA256 c3b5277ec08f742b976a93b43fb51de95314505e79c50225a37f194ef754ca75
SHA512 bda5e3bf52d41ca7243e8d58e802055b731bc9300eafea3a62195d5dffcaac2a5786d65a921fde82e6146feb4f41ed2a599169247a47e41d052ac9f9021c4cf3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 e7254700fe9eff44f33aecb2998b6ef1
SHA1 71a3f33be3ce7779f0e834003065fcafacf82c4f
SHA256 a1d4b2f7d460ac0187d4337a18987859eafc56d907bcb8183c6e8733589de128
SHA512 490eb13b54aa9f9446691eae63c6f013bf2f9dbd49dafe18cfa3017664bde9d3cf7aa12de1bb89717eb1aef5bad811203e5ce5075e32972649ab849a1d303b2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 e606daa0438f4805d887afd7c247a4f9
SHA1 7bb0461913ab899b4716d658cbe5d4faf150a716
SHA256 5981df1f730d85f8b55ab46fabf1a396b7cd5af53b6ec80c30fb748ab7881023
SHA512 afcaaa3a7c94be3b85401d3bb632e79e96df0e970a7984b73831e5d95baccd878b142da39b0f4c2bea702ae05c3d56d19d3931b4fd9f1eb9c70ba8413839a76d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 c9611f0ac69e667e10ed3e967b871169
SHA1 982dd2b80db4511f666af8555d90bb0c32b7a2a1
SHA256 df2d98ae6c1a412789d029daf75dfc737c331130bcc3dcf52ac2f471e3b77316
SHA512 bf54f5300842cbac167f891ed6ed516f4ca84093958bb830eaf48bd0bd43b175e318669c04362ae0caf46df637262d87ccf886a37153aa2cb9f00e521a9af60f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 bf21ef321c8da239d137e9ea7f1989df
SHA1 241367f22a75bd0650fb2705c89286608be0a678
SHA256 b745a7f4e150b5fc14bc38184bdb7ef581cac8581e08412bef0512f355649cc2
SHA512 9be60a18def3b178f4442d0943be6b33875d454da0ade7a7662fa841796e825d020883df851c2d5bcf14a364efa816fd810e91cd5cb487a378877775fcde51b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 eb168b09f2b9e306c4ee53914d4b2287
SHA1 88e6295ec4f9239423fa18052fa7002f89554269
SHA256 fa61b25a584fd2e8da2edb7922d9648fbf785e772e233831847fcb2fe0689dd1
SHA512 c987a038ce4a11c858915f36c5972f15fd27d719c6b550965844ce6dfb84d6ce8eea55c3bc5c3f34a5f61caf75192c0fa7d6f92aaa99659edb0811d44bb40594

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c73274afe7ce07ad9cd191975065389e
SHA1 6b6150ebcd8fdecbd43db62eae54af87582b0e0d
SHA256 6368cba0a217fe6b18bbcb5cb191b977a23adb87577655cc77c84c233b165b49
SHA512 78f90ec0b0d726d256ca6415eafc84abfdea001957402062501d3a8648b191255fbc0e0cdff1c7498f3edeafb4873f6fb4834f634c69476dbfba5bf759560762

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 ef9641a9bddcd7a4c6dc8254d7cbc32c
SHA1 42cecbd59ab33f7aaab5137268b90cf93263a8a1
SHA256 c3ba70d9d392f71d4406d0d0954ebf8a458b1a1abdca43c80d763b891b6973c6
SHA512 3ec98e4d153ee53a75c058c287017cf55d2012bda2338a26a3d4f5d0c320e30c7b5796f4738f75f78c71c4574a5907c490051fd7334babb0ab64e857ba977917

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ed41bceb587e04ae2afba15ec68773a3
SHA1 7fe2d247d511945b94a019307354778dfff99b1a
SHA256 a02830f81df316cb6ac50e9ceceaa46e5b11b399dec28f19c5cd3143e81dc91e
SHA512 46d304c2e3115d3f4837690a96a692e2c0f696b9da7a025d71e3fc2bfc3a91568712e7ee19a9578b1bfe97cc666a86c8070fb63b3beeee6fefe7b1564c507ca0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 1fab449ae1f779e0b8406df9e9e73070
SHA1 eecf11f751962b0b0fe11f7ed268d77f2b873e51
SHA256 104baca47b04647efe5e017d814c0857de2d807f512256a5a6432d9c0347224f
SHA512 92a3f4f38ad636a03760827a3ac995a736b8725e2b40da952d75c72241737d9ef7464c6f23cb6e517b7c6b9eb8802b22fa11bd9417cf2630f5a3a9b5806845ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 8250f447d09abc539ed61d0362a32c05
SHA1 de86c1c04f040718090f4fbf8c8ef7daac43936e
SHA256 1200d3b030b1ca50819c9b3bdb35a82828ba211309a30fcf8255494766709160
SHA512 032b51fead256c905c81157a97bb5e9474abdfad7f2af39caa332a159bb9675a2a92c447d905583db115b5a33dcd6440552d962d31d7a8621a3f3b877457f5e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 6fe6cfd0d541c6a1f6cdd90dd38ef144
SHA1 3949853ac7cbc56048c780c84122454670feae82
SHA256 0e76b731b7797e7cc7ecbc0bc881a6a35538b135352877a45ec6bb9515f06a73
SHA512 764696ab4ec1ae0872f53bdbeed783fe6246f6b0cb13c1864c3e1426f08079a2b7809b3fd93efa53f55993b5ca7c22c50f3cf32c3acd7d6b382cba64cfde4e45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 906476a0812bfc65f2050b48714d1599
SHA1 68cd039f60f8f412743d17eef931270e2f31a615
SHA256 74649408abcad224b7bd6784b9c2e18a149f84e58d6156ad80f4212394d787d7
SHA512 0a68b2fd2e2f39f1a3e1393ded4870fdb27497b94c0c0cd3460e31d5e5629659df2e20d6d41b1747ebb413576664c783b1b1b2636addfa2458839f6b89b530ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c1c6bb4594c196b07cb021978a556da9
SHA1 a52c3124a89a06b344311d37db70025ff962df38
SHA256 69f9d765fece4203b20fc56fb77b8b6f5811d18f92687dd67aa12074c2d0b0cd
SHA512 d01076ef09d41d7a5baf9d97fb08d0315dafb3bc7883fa8dcf2f709c5d39a5957dcca93a9834c0a849d6edaf18bbd65ddc5ee7adc0fad5e0f4c89941ea81dd7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 473b3702c0d10bd6b17828f7ac9ea321
SHA1 1f9a0a43e644b6eb097b61af31fbad092e984b53
SHA256 f531a5771f6d94c97719f729922a95b2a9dfbe035a88944ded6a24cb5f48db0d
SHA512 e0bad97e6361b2e7113eb71beba17a6a7ea1729b176c1fd5fc6b349ea309f22dcc9cd643a904ef5bbea33287a57b8331a12ace56967986629419b5a07e393eb1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 edf20613107f08c3db3175ec058f307d
SHA1 b758801b35b3d59416d0b201b9224e73b7a11377
SHA256 8d5488c661892534d1609a16f56eabe75f5cc2620cc44d2cf4180c97f3e44b11
SHA512 4a9ae98bb3fa4b548f631425a3d96aa944e28644f12b0b1720a037a7ca900659cecea6e6cc362f7144f7e3e49d1361b8fecdba123d1ed61e694354a6be3cecfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 02c7b48273b70d97809d68fe07e5247f
SHA1 434602b4b4155f1504ceb942c690d4766bc91c32
SHA256 8a3c8049e5e4586451156b0713e116fff42f7ecbfd26b0a9ea91b15a57d4ca55
SHA512 f18c2ab127df093b00aa946cc20c22eccba0b50e5f936271e96fd6fb23140b996002405614e59f7162b0f740b204a1976f4c89166781690a0f596fe146dc16ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 92d30ec1d325b5b88a40d664fa81f3d7
SHA1 4a6209b222957d65cee6b2c899b68b3f5f0a8d79
SHA256 2f62a6d25687078cfa70fec323bccd98a7ba34629f780c2c85724ff922d5620b
SHA512 05a4b0b8d51c33550e06499de44f528759c1621c397e9d4b1d238e2f9d5d30d2a624d6cef8b2e0414259c99f7b4784c1689576cbb4e77b7ead70c3c1c4b82963

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 52183751542908f3186a4419f3c1b985
SHA1 b0666d44fd25fa668c2cc93c5fd1a6d87dd7fe73
SHA256 48f43b55865fd474224ae5952780584b43ef797a30879b28d18a204e81a15bac
SHA512 ce26ec9767145fb52a5b9e2c9771274d406f052ea354a7caa33ac31402ef540c58906d6d5e216014539d0c776ca04559ebe04903233c9847975b9a045080ef7a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif.EnCiPhErEd

MD5 2fc37b8b4102f112f2b1b8659cc7742b
SHA1 3a3ba6395257fcbc8f23fa099d02734ec22eb738
SHA256 3391e53f39c9f2e0aec80681921f54ba38808815505865c75753732754040ab2
SHA512 77f0ed26538f038891c5a00d18191d4df2114b9bb96f6c8a8d5061b5865a1aa0c43a1c7fd13aa7dce60475ba15e541aa2f88e148374ead563a318c5ca58c82fc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4bc445527e1f71706ebaddf03a228223
SHA1 279e881e9844d465ef04786d6b5525ce9f59bdd7
SHA256 b174e1f1ede1797edae9560c58ed8c0ef206ed0a8f7368510b8c276b8e2e8ade
SHA512 50d8c61448bccddeb7bab3131e676b17b956fecc4b61dece11838f38434ab11a1370a69bc9be67a511431be090cd08aa978c0cc4c5b60063d94e1a3a5a4a5ad6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1fedfb8d7761e9d1bd04f909a6011f9a
SHA1 e579c960d0bcfd8a8385c40da2d8bc57a824cc71
SHA256 a146c4a62670467d6968781f9b766186ab105c188b2c56c481b6144543743d0a
SHA512 e38cf5e18c160ba37540f97927018fe2891a085f03608a271fe581bd840746b86a3dfb709c014c069b858d8ba913d877608b10eb1b1898c9e7427d878a73031b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7f55320d7aa4a6b209e003c956264941
SHA1 03e888a1e614885f8e78ef98a59a220c99752e95
SHA256 0d96f1137288034d2c8b6103763a55b0fff9e848bd2905e821ca5651ed5440e9
SHA512 e8a65c639c97f1f33ea7db7a2bc3ff3845c7e10fd75022dcd941d3a3997b29fa030c0e308b9921938c38ac9452948d80c35faf619f6f2ff3f60f5a1c362d6669

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 1c3cc5ea26aba5b9679ef34a9c27e5d8
SHA1 7bc635e6dff6dc2c46a0a5f8eb14e31a5d067fd7
SHA256 ec874ec5825190ee220a25c24be05cdfe1dbd8d31980bdbc838176507af2a516
SHA512 7afe7b3c116dd5dbed0ab814f77d8c2fc6c5021395c81905debf2de99c60ec70101e4d385c1104ba35f8d1fcbb4b9c0ba46d41fc89be48c0650c99031906cc5a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 0462a27ca42de6102bd2636987fe9f6f
SHA1 08ceebd37110c254e741b50f21a49db218b2c31a
SHA256 646832f1db870efbc92170b631d1575e7bb805b5948eafed6ce300529e282337
SHA512 53f5aef6ae1fead4fd86923669e543250b4378e8bbb6ba2ce636a2e671e05f33aae3cb86a5e29e30aeea64c524ef829b79431f5b20e0e7b9bfd300467fa47137

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7c1cf29a3d643cfc56d3788eec02a921
SHA1 15eee516b7b95a580123dc65b2b2f3d2e9703027
SHA256 3702d087f5570bf15d91a32d0da5efa47b4258538a92c5204bc732cd70bba798
SHA512 f533b4160730c7c75d4852c7bb23bd4f168fa398d799d462a9aa075724e7e90cbf4d5d928c1478829a5446030cb0e59f305f6f997ce86add36bc12602daddeec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 67289fc4ea900117c5f0e618e15aa4e5
SHA1 f7a78f7dc4b95cf928cc8d2d861abfbf92c20311
SHA256 b60c935a666ba6f0dd644ac34ea467d4090da40053594dd7d3ce0f47d8b0aed5
SHA512 e74c470315553f9e956f4973a0e5c84a54e060c8834480c980d9dcb3771416cdbacfc9ec52aaa7437b57340a4b7c397c4da28587a4b146e118075e402cb7dd40

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f6aa42e918ea8deeac751603b4b3a582
SHA1 a63c963ca691640eadcb2e9a6d8d0cb439100274
SHA256 1696682e3b4ce3f64ddf1dd02626c30a238e32208121f60bba0c0d235a96dff3
SHA512 ac451098726dc47e82cbd2950b93d565f96583953d70dd2fd6feb68541b6935eeae0ed55d747b8eb0e2c86b487b9747336a03daad8a658296727076e42e0ecfb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c1f3f435b91785bb40d77965810884dc
SHA1 45c6348e96b5b6e3d5d59cf9d0b74a319a0edfd9
SHA256 09cbc67999927b4874cea4fd14b54378ac57c9384809ed592903e5b8a6a9558c
SHA512 aac43df26e91bbf564a8b06a2611a604bba3b9b04c619cfba9462dbdd2f03a42a604210aa2e0e76372a85a4da92b0cd745b964cc58f406537b25062ded5cc0a4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 175d20dcd1dd761d496468d5c3de3175
SHA1 f77a0853494c628b17d40b79900fc193159ee0c6
SHA256 6fdb286943e3fc575de526ae4cfbde54c3977a4b74c799fa2633b140f0529853
SHA512 fcee237cc5bff9f1f8a1eba1bb2d6fa7d59e235f41244c3580c6f066d25f662749c0b132986177350b7ea52beb6f93f876dc2d7884fe8ddd9bf5e92bbd9fcf70

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4f15174e3a60a26ce4b602cf2aeac5fc
SHA1 be85d026120a58c01beefd986093601c0a2fdddc
SHA256 8d2b77d26aeb470f6f748b6682963ede748fd5e43908e6dcd48bfa6e0c154c1a
SHA512 11c55d8ca998d1389775ecb2a43869a38350a2319e0508bb086544005fbcfdf7f19ce8d778322715db4b547bbb7bfcc53935c9d2ce600eb41db42b1a12d4c285

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 429121b36c34a360f4ca8f328f3f3b54
SHA1 c5d410b296cbbfce10e13f44a59e28c83d6e7d1c
SHA256 6a7ee145b5ad522147ed6d945c2cc6990f2b8cc7c4f7c428effdc9275bf6a117
SHA512 d86a802399e8a44641c844dd40e913a2bf1b319406c5e3a56f28c170b7565f5dede44067470b3ef079996e7a45cbe6759ea5534d424bab09d65e7a5281d0f95f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 49030b9cd66b8c45677d97b57ef25421
SHA1 023326e473c882985a255cb94dbc433da298e0a9
SHA256 a2c43ff1ea38239de8868cc20bab758fb38f3c4da9ef20cdce466ee0b6502aec
SHA512 4ce55a172f5df7904021fe5b7de94946be406a05ab59df35a0300c1c7c19c27ac4371715e41c2ca00b4a864560d3502d6f339748ff07ea1f7052d4ce70987a37

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7aa30fd525f9aa044563ab4ecc4a5790
SHA1 1adc295685e4987eb40c7d43099fbca93ef1e07f
SHA256 1d3d0e8803a09514e7a262138e9bf6604762669de45ba9c10d77904797706955
SHA512 f95df676faad01beb04aab18ad6792f6d9ad234afd345e9901b8a7575e6088021eb0d988507f2b1d812f0a84f7a58ed423fc53053102d890867597fd916565e5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 71300b51de09c416b5c3be1a354d6089
SHA1 b3a03fa7c824ea68d18a4bfbeb45ef92114e2a57
SHA256 1b1c4b6d342a51d64b5b3ff3eb2d2c8b8855dfde798a0cfd344c7229af552d51
SHA512 be0660803948aee146b517f4fcd39ec8bfbfc4f294da957a7fa68738aafbbe3537e4b84051514348b3c02ca369194202b9381cd7eb76c3569a2345fbceb68125