Malware Analysis Report

2025-01-18 20:41

Sample ID 241206-myhb1stnbz
Target cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118
SHA256 71f233e11b8c451d3d6be005a2917b2927ba516bf06fc32d3556939ea5eee4af
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71f233e11b8c451d3d6be005a2917b2927ba516bf06fc32d3556939ea5eee4af

Threat Level: Known bad

The file cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2188) files with added filename extension

Renames multiple (2166) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 10:52

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 10:52

Reported

2024-12-06 10:54

Platform

win7-20240708-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe"

Signatures

Renames multiple (2166) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387337.JPG C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48B.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Boot\PCAT\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_6.1.7600.16385_it-it_54ce46d8fa086a37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.web.administration-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_2696d890a7769151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wsdapi_31bf3856ad364e35_6.1.7601.17514_none_1cd9924263f62a5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_547282bf26f630b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_bg-bg_fe9dd62ff9adc95e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.16428_none_a56da9e617d4f97e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasdlg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b5afe525a97d54d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2svc_31bf3856ad364e35_6.1.7601.17514_none_c0c61d2e94ec5676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_53322c534d972190\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.1.7600.16385_none_a9b5c1d91f03e0b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.services.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bdb26af015505132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_570188e306c5badd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09395f7bc9e271bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7600.16385_none_46c3389a7ba0fe0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-browseui_31bf3856ad364e35_6.1.7601.17514_none_32ea4b9e4497e627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_771a80005b31d4e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2a1edd47287b12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Architecture\img17.jpg C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..update-authenticamd_31bf3856ad364e35_6.1.7600.16385_none_599889656b4ace55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-handwritingapplet_31bf3856ad364e35_6.1.7600.16385_none_0e7f345e518d2f24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\tile_bezel.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d4f1b014f6db1cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_48647f8af4b7dcd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6c842e64642498f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-localizeddrivers_31bf3856ad364e35_6.1.7601.17514_fr-fr_7f75b558ce50e208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasman_31bf3856ad364e35_6.1.7600.16385_none_c89b3bc369a58c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34a24d8db984d377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7601.17514_none_42b1da626b987aed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f87b88708e64e2ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0272c26ce89b1b67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..pe-malgungothicbold_31bf3856ad364e35_6.1.7600.16385_none_41783c072f347b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-hlink_31bf3856ad364e35_6.1.7600.16385_none_b3b71cae7dccb06d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03c9dd5ddb97a02e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_dd82b9463bc08c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_en-us_56e561a9c9acbe85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a1e2bcd9e0aceb23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-869_31bf3856ad364e35_6.1.7600.16385_none_cebec624fc8535e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_networking-mpssvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c8609145475c0c59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sidebar-adm_31bf3856ad364e35_6.1.7600.16385_none_0688f51648fefaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_72fb97bd170404a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f5c28046cef0583e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnod002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7145c9418d473b42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.1.7600.16385_none_fda2126c6830c4ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-scheduleui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a324c31e64989d11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.entity.design.resources_b77a5c561934e089_6.1.7601.17514_es-es_98641e8c865842d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keymgr_31bf3856ad364e35_6.1.7600.16385_none_1035859c6656c89a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_it-it_09ad7e5b5c2bd611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\inf\BITS\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5b0cb6b945e1b347\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sendmail.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_edea87c48ef95a58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-icm-base.resources_31bf3856ad364e35_6.1.7600.16385_en-us_47e7a61cd98c4a6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..store-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7be3a24301ca4901\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe,0" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack\ = "IIZTZRIYOWDQFAF" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 d2987286e7c10a94c88eac7ed4bf8cd2
SHA1 cf80d111a96cb914bd4338b93e57034eb70af8f9
SHA256 cc5f8be5ec53ee11a61f1d380985ccce61e0bdc0c9b97cfe20b4ce1b45ffd2bf
SHA512 638ff7d95dc3332e862a2ecfeee36c74d33793ac2e7eb28f748aaf81673f8dade1ed73248c2b2a355293135ed3d71ddb95107aa4095551e039fea3a69c6be61b

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0cc01bf7c0763dccc55ed33cfc5d89f3
SHA1 2a34db5912f21bc5a3f66f9b267e75427bb29a17
SHA256 fd4ff0e8c462dbfd7d5dd714dad7619b7908e8cac8dd7305d451a2da6b67b71f
SHA512 a0cd8aab7857126e18bc361f30f799e9ffb478cf1e8b72a6df99894023c30a3a149a81b0bf62b2e85d2775e9e6d2889c538ee1bcdb4b5e095dd55a0903d68121

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 afdb33f91149e43b4ed602b54913afc9
SHA1 8818ae6ebcf2c67b7b751feac2d37624ea564f7f
SHA256 6132d37569433cc1375a2fa19f59290cd7768e4e59287319c9711687bb87e47b
SHA512 e9178f477ce31fe31332e89e37cd3e5a1cf57d993f8a655771bee6f20f683210932eb230b16a5a5ac56171858dd500ae3004587f3668e6e5584e038f40b7557a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 f84cc5e6caa797783c57e579e27ce122
SHA1 08832871e7cbf9f5598b70f4ad72d720341c6d37
SHA256 bd9645a90c2fda2f8c010887587797997096479ddf1a3447faeb38651e0bf365
SHA512 063e9eb05bff32be507ab2f6f2f4c62e55e8247a85d693c049f1c6b427601bb3d370e33337043cc94fa0abe7ca7f89a82f0ad41b70bedcd7d28107cc4883561d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 cca181e9f98fdc4a7b7ef610b139885d
SHA1 da06d2a4fe0eb0495a20f9c69cad62409a73e9ef
SHA256 a5b55a3d91e2366f5de79aee3d34c300d91557ac26e06dff6601c825a8a6c2b3
SHA512 20752090adc27e25f1da2a3211c7257c40d1da97a88a78ef22ad10a582641584fea1c4287468871f61ee55fb8ff5a1449cbc2acd5d391840aa341262cfcf680d

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 480226b487ecf45f73b4793be87cce45
SHA1 027b9b8a0932422fe5f972648bea36875cc7f71a
SHA256 383e7d60611ae49dfe32052617bd38af9ea6a5df4903675e28c6cc8e6cc2b0f4
SHA512 511baff0d01d16e400c34cff65a46aac643c78a0f7c715849249a4cbb84bece169866af174a737531e7f73f23fdcdd54b8e21f4ed534df77560bfcff225d1945

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 044682d86c145ebaafe1b8bb73f6bb51
SHA1 e4ec61d472c6bb50fad6331fe9b87ae7ab88ce47
SHA256 6a32947998018debe5f8784c6c608b14c2b17f2e48b0d1c77a43fa4f2d72708d
SHA512 3b610c86e1dfe7ce4ddd5bafea2f27fbf1389bec77a840857f14f5513e6417741baa8ca2bedce4c18ac0c6c8cd5890f9f9a57caac29b587d418f62f0b0954e06

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 2481c5ed0b9c0cd01080c74b7c8a917f
SHA1 46619ba5f821bf8e9c274f6373b86e146b29fd87
SHA256 915a1cbd26638531cced2458a1490896515fdc725c51323c01925b7babbcdff7
SHA512 d0d0260f3ce969e2d0de8832aea5eb69a6ba501c6a3d6c689a71ad2f4772603b4fc6c41899c1e08d522946114c7778c49ae4dc54ccde219969e54f15a8173bcd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 337b1966de4da3f9e7baceefbe703c6a
SHA1 cc1c209b48cddb76cd94f62f41dfbd6c67549c37
SHA256 b584c33b5bdba46dc24a3928b919891744187bc2fb92f8957d26d9ecab54278b
SHA512 00e1951eff58d20fadcc8e4dc3b300ea7f888d0592d021812d4d7d3223a341095b662c3cc98e2f35c970aa1908645b95c2e5eef7e4868ed0d9f1e69535f9f360

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 ae2ab5ebb3886d8a6761733e8e3ed7cf
SHA1 53b5155769880cc50208d960533c9f0c511376d8
SHA256 582aca9074962a99a778b388a9d82253beffcbd8766e670a76da58bcdd887a48
SHA512 1e7098939a424c643677bf4d0cfcaf54f0d7e8b428e99c105d0f41f68f657e3b79150b03d7bb90b8a042977b438499abdcc2c8f86b90da5e985aaa5678527462

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 2686e9ae8d0a2e689b6560a07f25d033
SHA1 c057f457414065b7fd7ee17264c5111dcf8daccb
SHA256 8cbfe3d13fd2db1147e69ca9d8c5887badeb50f9bc2292a811bcb76f01a159ee
SHA512 115bf33a559441b40f1430227e49f4914357bd82eb23b9fe4cea0a03904c4675f181f7d49b0da355d4d9e5fdba8630a14b3de41f43d1a4ee5a9b6d825dcad706

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 61084b2c4b204c0e54a36ecd5546ccd8
SHA1 6d99d55792ff842ff100e6751e6127ad96a708a2
SHA256 03b1640278e09c2a574c961e1b0e2c2897c91d92f7c973c8d65dbedd81358bd1
SHA512 735e304f9d94a60770f25006b59b28ea0a2376b0734b1f39fb0424f3c6745e199c4db6f13c6ab25cebeb3ef1af19bfde87e0827b072a03e71812ade3ec5d1267

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 1abd905324bc7549a53ee42d83c17537
SHA1 aa6fcbf6c681384f16bc944a88232a66c7a966c7
SHA256 b8d4b9f2aa46886a3fa25ffc1a41c4c212d1f8536226343133b1b6633011b24b
SHA512 62b279901370c450f602d43ba3bb91bb28771e87378372b5e3c32dec77062d114a213ebf0a192989692227a640ecbdaf58ca0e1b7237a69f3f039b2d3dcdd88b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 570bd48dfe7bcd89d594cf3e09e9018f
SHA1 795ead59026485bdb6b16cf1c277a4e1f5bc8042
SHA256 4957268d3ca5562ad0a724f42cb61e20fa4505dc6d92fe51a2748fe95e1797c0
SHA512 b9715a2b0573bb719f6e69355ebddb03f8e46a90d0ffc3cb3507cb938aa91200945e60769f76a81d5591cd4ea6fc89af7f0755813b3d44b1e570940b5d093fac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 c1bea0ec01c50eee7bbffeca1c3c9f1a
SHA1 763e54af3902491abf107cfd2f7c8bad3b3d0abc
SHA256 e01737e66c8c070a335eb70d868f42893c67c300bd762822acb86d8ca2af8c54
SHA512 43ed16bce26716d6e49abd61c0a6bf92a10907453380039ddb0b41cfa24a955e1ee12772e11e532c62dd7e105b09a88476911a1cb1d9df2668d5b66c141090e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6da316ede93c97b7b1b4633b3840e31d
SHA1 85ac63cbca1bc203b3a6b82333faa65c4613c18d
SHA256 c949f67d156005f866856d9b678e27dbc23fc48a94a484cf6bc26c6aaf1758e7
SHA512 34a37f2287be03aced809965e1e74afcecc8846878073521574c36396dc3952553339d94a07f6a2cd8377633e033942a9fff1da58da4b095a2e1d640618a8432

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 f64b303c8828b856eefd98e6b2dcffd7
SHA1 796acb597817c109b7bc81907fdd3499d74c533a
SHA256 f83a63af8cffded9312caf8bb0168d4d036c32f437736969557641b8bb88c6dd
SHA512 bbb8ebdb7f4067e4db97ec48ab296e1fbf4ff23c8252951094bcd60e1a2166bc2927f84d4a3d80badb2ff6232e42bdab4d1a474045c19c6a4599d90102a6da21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2c9a1217002e96c6635334b2e6f48689
SHA1 d6833502aa1d25ff1d6b623e4a10edc3362a38dc
SHA256 ca2b88b1c23357ea7953ef8ec459b7a10dc1484da5838a4c4723c4331f8f6743
SHA512 cde2136cae93006a6d8818a2d48a93d94425444633e86508590e53dd63fb528bd8fcd54c28d49ba5a65e42aef652bdd44fa2b9098720e10f52e10748af1ef9a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 b1436755117110bab0d6d987bf012673
SHA1 477a1c4b2c789f9b03df7f2506e8b388c9705c72
SHA256 3a924be922cca3d2e34355f5f9b3c8b8dc4cfecc89f2057be47d202bee61eabf
SHA512 cc123f215864b34e1b15dc54e40aec02ab7f3c48eaf49038cb03f16d7434581faf40319ea90577988491a05d32acd1e20d6b19183aa57def84e6eb8efc098b45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 a5be5693f4cda862df105b4143a026b5
SHA1 cb56ca3188a353c47ff31ed1a92e49a83f4dd271
SHA256 6b62174a4d7d192ab508688d357a150d1c5432275324a8cb79919d17ab01def1
SHA512 4fcaf91756b692889f0c58390f1037ca03c276230877ec4dee154f6dfc272276ea196b9034b04a857f8f7c2b0e23bd048566551afc5f6606f7e40d055870d81a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 f3b1830d5c9e8e28b5a1a3b9c4b4e5dc
SHA1 55441ea054c1c915c2d8f86c0ed74861b7adf4cf
SHA256 23873f1e767bd3d946561f3e8731d91e82a4192e86c42908e5805a6310b7acd3
SHA512 e605b3315d868791ccc7603da4754ad717b72151ff54e75f3bac5ee7d48616decc23a06d0265401c65c3d7b46e9a015022b0c2bfb9cfb045e7d93700eba1bb25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 b743627ae28b5f3064256bd0d7b085aa
SHA1 d3b790103e89234bef876725a7d8a4b99c28aaa6
SHA256 da7a22881fd76fe289643065a3194e5802362f9b439fd89a9a29ce7606cc455d
SHA512 82e3773a9a100d2d2c52d418a8b0d15033a1a6440ac919aafc12e88b8502fe239399b9dc4feb6a2d0baab2c9557d839934235ef1639c679bf59f3027196958e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 36b86e37720d3b04d195c026b607a4a1
SHA1 b8252dd4ef64e235cca67e4b2dd68c43a46bb4c5
SHA256 a1182c93250d33163a2d8f6fd0f5dc307f087301bfcb6b2a966066de172219c2
SHA512 fd3aad1e39ec3ccab350c583970cd39e65feb6f6a30559c2ee711dd105bdbc5622a921963f3a8b02b2b20907830236121c97681f5dd924d0b7954e02841b5d7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 029dc797f725ad74d9c69a931f7c4a42
SHA1 b44401cb2737acc2a5874b812507d0b5d3a252c4
SHA256 27862911f4d3e8c281fd2ff74d5e2c473f40c20e304b76f3743ccc729454c874
SHA512 e2e7dbcca89562275816fbf8d91dbb7e8c95778d6124f47250f8eefc2da7e4957c17bd9fb5172318ba9e623f347b24d07e4f4749335b501e284f4fa12a0e635d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 3a608fef537b4a05a6aeb00f8ef039a4
SHA1 363bd562105f6cd8ef47431fbd563fd179d02ee3
SHA256 dc6eecc6307350e48c16d8e0db0c5eaa0482d70eea217571d524ddca45f9d578
SHA512 818a4644fc3199a8cde631b3a8fa6c33b020cabcb19444941557c91483b7e165fe9baf98c86cc5297df8574e4e01a5f1d53fbd7210c85832291760971ac6dd70

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 f370e5de9871118d0f17108addd150d9
SHA1 1eec1facbf25c21176d0fd1f7b6d0a222aa2bc27
SHA256 44308a9bc54b35a8d65086c0adc79603b3a15ff19176d97856d2ceeacb9629d3
SHA512 68b0a82b476e78dd5d1dcc1e1c49298b9a3f8220508d48e807ef624817eb706ed7b19b3b1b173e14cd13bb3590f585e08917e17fa65dd2bb113a9201154ca881

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 b04723245ee31833d42d9c30431c379d
SHA1 5363b0dfd75122d76756177ceaa3c11e13d15821
SHA256 30067b70808f2553118574618fd6917dee524eba3b18b38150feb3564f6b73b3
SHA512 0d281717fad0a322eeaff1536cc8761295f723b9a1aae8aff2c4a5e0718438a0239354b73683c58090dc48e311c4db6c3a2916907787478080fb4812e485bb33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6c1b22979af19f95e1b07c9fb4402448
SHA1 d7c03c776fb67771de708b9f8360ee7aa298e393
SHA256 07234c762b993c6e27253780e51bea7adf8d5b90107dbbd94dcecd2e555e5d1e
SHA512 589b2c8e127dacfde9cff498853de36b6e565d3c2bd389a86c58e4d591c682d65854e598006ec5add40e5952fc5bdcbd8be6d96b88249dd84e9b46b01f1ce057

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 f51eece49bc9956b919a896eeea299d4
SHA1 40317d2ecfaa697b3093b65af50a90c2b68d1164
SHA256 2194e07af5629a490bdeac0b56c05a7d64450fd61f56e3e35ad6a7504051e6ef
SHA512 75f0208b073bd13eaad901fe96403ee749d318f71e1585260c7b42b7408c206b91e67afcf2558a99513d1da232e31c341ec638dcecc7eb9524a636418dca25df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 42042383989f130e15943a0fa19befd5
SHA1 b2eab647583cd368fb93c7a68433529e22bf77f5
SHA256 6d3a7585af304450234d20ff6b0144d5a236c50aeae0d3f54e1e55d70e996dd0
SHA512 6a1b36225e48fe8e069489a407d84a7de809bbfa11baa33e0c558abb293df6c0d4def9f108b8bbf82b88b922ad2cb677216dbb664bac12bf0490692b3e3d4947

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 602d5d8085844bfcb698a5550b552d0b
SHA1 87cce6f8abb78f7df93e27ac0c12bae36dca5028
SHA256 2bd743302404a8c56bafc266610a9e010bc3ed8061e64d9291ac4df989650b85
SHA512 8476660661d3f8313d72a479e4955234f4c6daa765dbe65bf1dfbe51c7bfd5217b07814e93e8b8ead5d01ed6fb2d2ca2f0ae256f59232d525e80afb5657ac3fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 24adbb7437ee9604a6bbe2ab788fcc2f
SHA1 2c3c57f2f0dc260ea5533f00f1275b2e9ddb19a2
SHA256 f77b125fdaae31f16e0972f6ca49864766f7bdf181a061ab4c7408cc072dc210
SHA512 b0e842117b732cb9b461435332c2343398484a6a51bcdd44189f31a96d229aa14117ae1a27e0fbce1b2d899a6eae625ca623d475cbba20a8de7f860646426103

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 b4f5d73fdb2a54b2aab529d388673a59
SHA1 f4cafd6e3319764ea402fc298efd786f0ccd9b56
SHA256 40a6d04f8e26bae5c9cf851de394a7d271065a96dbfa023219742e9669d01234
SHA512 a4c71149c9ad220e62b765b6e3f83c8a7fcc8759cf52ab543defdd72c148f50306347562a1cce94bff0ba3e2be3e4084d5b53b6b597a715500ae66cae4b0df70

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 faa78a75b637c255fbf5dda8c44f34a2
SHA1 3aed2e72248400a99717e8bd3d11e8ec5170e9b5
SHA256 52b25ab97368f927f112d43c318ddb9340734493388ca633628a9a947e139d6e
SHA512 c4069186c7d0246f4b4d0cb5ce1ddbbaf13c10226b752895f922ca17e3ac1cec727ef933ab362d5150bd2aca04a22b97695bcde1cbdb4dcc5da3d822309ec280

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 bf188b8ba29b166d3b236d1be1ec6620
SHA1 25916b56310ba2a9bf178a88145d11ea3c84cdf8
SHA256 b4b9cf5d7092d475288a6cbcdc4afc252fc188e4a840bdee817aca5e44e63549
SHA512 e23f787b9f6cf07ac507741cdc7dec6f4719590d5d2ef770be4a4e4f9bc7ea9a30faebc95215062ec6f4bb65dd1c7d823593b1e6fdf6b23c4e9d742959d01909

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 f0ad82c97f158179783652541bf34219
SHA1 40e435777d4a7755d275ab9352a8709bb81929b3
SHA256 ab66f60833a896c0996f3106633339ce366be0cb35c50752930db971f151ec0b
SHA512 dc97a287a022a7be77062361527082a29ae53aa6e13db857ae9870b81a9012414c5a2811b8ded2ebb63e3000076d339e32fc5425a2ea3093590c1861d2d56df6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 be60f53005995e4e89b3931e97c4be97
SHA1 8c96e2bc5cbeaccc84381496f5e1e43fd8594775
SHA256 39d038c79547a0ecef9874c32c8575ffde26ae948e5deedee25b9ad36d19e36c
SHA512 435aacbdc1d89ec0a37ebdb983a5a55d9d1188fe6c81434aecdd071e492ba717f214d0c33f09b3ff4fcff86653b1eacc7623b1def95446ad5cb5220b9a9e8f69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 9e1c17e77ac3cf66173cb8559d1f3686
SHA1 38e78d63dfa6204c06bd06505a7da1d7a8238fab
SHA256 57f9563ca906a8a8d396f5012ec101a8185addfedd6508a86072e4177b83e11a
SHA512 951354300d31eafef56eec0263d0d726378424bbc1098ac3689e2eff2dba81658cde0bb160603c46ee2cf2b6edcb88430d69b3ffcf8aa5ed2a29aa9aece6c98b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 fb77e6db448a03b95901aa748460b267
SHA1 e2696005358316da49df8ad82190085344ac8caf
SHA256 2087a2e1c821e5814135dc454dbf57f14427f858ff93a5b56ff50d7e6a67bc46
SHA512 3f43641f848e686d0a4129cab9a05cd1a37121dd853d0612880f1b0fce8ce314855e8b7825c355d12546cdfb9ef5067d6b2e86de9bbb0485cc874f1aa5968e49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 925d86d7f5c8f9a9489e0037369a34f6
SHA1 b3226cde685de5b08efacf90d0232681d6bf8133
SHA256 125091db9da116832b21b2f939ad9bd0bd143540c139c96e563b2c700a37d42f
SHA512 d142f335c810d3b71844c4ab754f9391b9898fc1abb67b425341235fbe9d6d5af72327e89de99b130594694adfd2ec78f003cff483908c391486857da43ce84d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 461ce5b4d08eff5c87b3435184a7a981
SHA1 03bdf37e216d8e9278d8fb1fcecd6424bd74ade6
SHA256 38c8658e6de4241ef5fb411d0c09f9e3ece3b72d3bd735228c777957d4812c9a
SHA512 efd902e07aa99938df6b7d6200d03d41f52050eda95ba36d4fc660e1c7634d41baa61af8360852dfb3f048423df8ca199b0226feb7bb4916cebb0d67dbfb28d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 8052ef491dd1f4e908a94becfbca4a3e
SHA1 58ce0c8f86b6c61a1c9ef65e60335f9b37c1fde4
SHA256 d6be4be0b2a1b4f57ea9c1e249069a07004f957862ac8cae0b39746e02d12871
SHA512 4f462785d559fd5770e2c67fed6536c6c35d9ddf46ee0a38f38530de27d961ea5d1148aa2a950372637a6f42466e3012198d4bc24e77aff431c11400caf4f7f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a1d93fee069c38b6841461e1a1022226
SHA1 b005145b5ae0bd4257638806c2ed75eaa596d6ef
SHA256 d1f10f42367a253697995d2ec611d35db8cde64b04180c8f597bcdf0652b3f87
SHA512 ec4ff945e4d502d75d42283d17d1404b2607b25624f7a334e4a667c3a08f2fedde69ec6a27efa39be78d88cab0e2c41fadc6c553aade90cbc8abd0e8def94c7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 fbcb3666b45894e44f02d746682dd527
SHA1 3a5fe509960b84c2141f8c52c9b02f5997cc0304
SHA256 dae6ff4cb27400f802c9691f497c37640cbf7d5a7e979606f22dc2d9bcab3419
SHA512 4a4059ca308017143b651518da810d0a29b360e7a4459132e3b270f2a6a37a187afca0e103bfaccac2b06ec688c22e1e4d8b1fb6b1ef3381c9b39436d9fe2b20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a67148840af4a7c0a9e2387f152c1b70
SHA1 8d4605219055ba2f4e104391ccb7736df00154f0
SHA256 5c1946aeb42ffe6907c082e4b9410bce2a4abc549f6625f06fe9fb72eb867272
SHA512 d78ee37aef100f5e9bb23cc500ba6568f4ef4cf435c353a7ef4e5c3a48136b8116b30097fb6a750ce8e11b453f5f998e699a6dadb95d463aec0ea7a9845a05d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 76022fc4bc2eebef24844bc49e7c5111
SHA1 7b2385cc1ff5633bee13dc4629dd0fadee13e997
SHA256 f9ce49c044f7a060cd154254ea238035d4695526341387d4e01a03f815f29bc2
SHA512 84fd7faf743aad85cc8a2efafa169f1868375b497ece838a992442aa5b8a39eff970c8bc76913244f5f05c42185851fcd43bb4dc3fb53af357a62aaff667adab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 99e4ad50d4b0fb2d32f1369c0a7c86b2
SHA1 dc34ed6782305174540fa4799c060c24262a9e35
SHA256 7da706b959cbafc0f0be6a449dd3f818187910c4bb9f45d1b7c5b3f83c4965cc
SHA512 c6975b2592f059f6ba3b077a14321836f79cf49f4d24f5c83202179ca893fd8d8851b1537ee4d93c66da90888322e60eae0594bcac468d4ee925498460aaaebf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 efd15d8b775dcba027460986b761b5ac
SHA1 1e94cb914b9ce1cb2fd5eb5351dbc8b6b4e55a26
SHA256 e32ccdf4323865a93fce6a5e17dd5c6cf880eb3a53b98832c6e4f593ae644e93
SHA512 153f1ede83c0734ecc7babea479578e29c54f1b0f1573a81cc5542ed428fce3498c2d9b98709978066b426178646e2624688b40c8400ea275092e008888561e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 8821d50387dee1493f27ef5ed9c6b218
SHA1 ee9c16d0de4ec5d7d0a52f78d91112efa88295f8
SHA256 730a80ca3815e36814613b5a78abb4b2bbb2e8cd2bf080a0b6cb16253ddd0c92
SHA512 a80cfb8a97a0f8c42064a41ed9a083323eb844bcd7bb5aef8369207f188ccba6136a8fe7a60653a2cadadd046425e69e8e04353040f7b612533a670614b6dd30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b03959b853c22f00419f6e6a9d9a2fc3
SHA1 2515bf2bc2b031772488f9002001b4e0b590d9f0
SHA256 94000062a4f8cae8441db5d7808540cf6cfc810982549e5fea9aac7c40fb3bf4
SHA512 5544d5120445b214545c95d565fc0016249369994821581d9a11b4a07563716c2ac2a610b774e65d38fe4ccb8835b3a10762f5a41814df77ac7505af31c5427c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 d3a796d3a06fa66b9a7a790c0db1185d
SHA1 c0343eaf2f46ac288fa11371a695fdac1b8bb5bd
SHA256 841cbd8eb38f2617c9e610b42ecf682c217ccc40359ef7dc39d4f8c46ec1768b
SHA512 4884013a9f6d14343ab8532d8af6d1af9419f7d9d3a6badfdc56d56c5b41ceedb6554366208dd70bbadf12aa63570c68f57878195a621e4d117fa877ee43ed7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 aa1cf16f8437d2dc66dd972292a4993b
SHA1 e7885d1639edfddeaca790cc2594fa5e03110a9e
SHA256 4b3481b44afb0022da2b0c417ab5ff392048e701a6eb17d7ae11165cf7202b84
SHA512 8d4f68ed6563fa75d94885da2d6362d0aaa08e40316461ca9533d3044f3231006b289a089db7a195d1dabec3c06a8375b37535daf2fa7e8ef0fe3bcccbda30e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 876f3644b9064e95d2861c255818235b
SHA1 cc2dde68fc12b8d883dead29c701e448476bc11e
SHA256 d18c78e8c025d214187a217753ff4131d3288fc4da37498f18b3788d70575a4a
SHA512 e832306c75d96a99157f9544e46fb1cd5b86fc43c2016e90057896b4f102dab1a3693ac46f820a7586349aad08fd315ff1a43b3bf9614e74dc5284e2ca8ef7f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 1ea7a4aa93b6864b37af29b575d95b99
SHA1 e89ad561471a0e8319a24622274708f71b538547
SHA256 facf43a817ce265f48f707ff8355a7a2c822f00b884937d72ebc0ce04a795c99
SHA512 c43dd96d68f374c1e4c9b0ea35cd246ccf42e004e659f026d0c77ecb8f6a887441c1ae3805b21db87155c94468780546140cbd42fbfd65512d0c070ee0cb0514

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 6b83d89f456274cf14aad2ff542e3665
SHA1 86f35f217b40ea9e9983901fa01ff633856225aa
SHA256 aec4e22c0e27a41726d757e736a4e8239e1ae63bad1021e347f3cf072c2df21d
SHA512 24e01e3077102fee3661ae60ee7e64330576c566e1580d7d8ed43edc3fb1d6afad6647098d732173b8f581b86bc67dba856cf0c1b59521300c4f0fadbdf9b03b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 b05472c5f534f379b6dabae2f4b7824a
SHA1 00fab94d6a4f877fb0fba49290a30aa7d07fbdf4
SHA256 0b069fd20af9580f3e2a701245f387f9af177fe2659355bd9bd3d98bd4163117
SHA512 9950a4a45a3a9ca8cc1f13d2565c3e1b833f1e6a35049a2ca7f6d28ff096506594ef2e24a7ae0fb4c8ff075b2b03e79aac770df0a63fc3129699823698d3caea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4e4bee40169bf2af3c2e5a3a67c1dd5c
SHA1 9cc8a6153adf0303e8e487d5affe0420b51bc9be
SHA256 efc97d9cda8d3f851eeb1c843daf9e3bab04ea3b59b3e5ea42178ef65f78007f
SHA512 896a81ec4d3530327f884d08e5a3b26801ef2e98c084dc9ee0ff9e24c5d9239b20d733e2be348269bbae36a79de9965fe5623d21a6d5a2511c721e83938ab2a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 df187480febe32248c652e5af29c0a79
SHA1 9cb4c5b241e47b712b4f3b417deb056e930b52d6
SHA256 d3007d6f1d3e258662a11f05ce43469fb16c432bf12802899a0d110bdf8e3729
SHA512 9fb49f62e90fd9bee54b461cbfd7ad8d5109cb8b31c50bba54be0a10f6984af8b0aeebc0eb4f60af7e4c15a82d49764692b8af62c84a7c3f8de9a5e1c1e87166

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 583badc85112629ea8e12ab75d58b7fe
SHA1 1b91bd0580c3f49c9aaffb4b7fe908839d153370
SHA256 dc4ff5bf03da476dac7125417b7a558b094a0e58702d226aa1f540719885eaed
SHA512 3c66ee5ef477e751c958a4894c8dd0c8fe182d6994cf1ee64156e890bd120d295a36920ef5eee3d68da0a7d293d02b592647ca820b5ec8001c9541d48592140b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 8c4489ddcada399bbc0c226303591f05
SHA1 02943998de3b050f9d68135e60e29c996ffcdaef
SHA256 16895a2ae7e14025e9ebe2724e379e0196f73a4269a8d69adb617708bfd410b1
SHA512 72d06548e746d0c95314cb21c24e3caa32cb71ef6665ea938d17b7ab1c5a43a7c0b3c1c8e509343f410ec69811b83846401beb7c50c5a8cd9650f3e659780efb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 2237dec3c5cb554b7a803a8b087f1d29
SHA1 82a31075133de4b923d59ebcf5dd415152670a9a
SHA256 6233947c552c0c09ed9a50207baf5a719f55378507743d1c430ed50bbb4f6784
SHA512 bea3557bae28991ca9ddc0489e00009353ebf57ff7049d36f5dc25284c44f8e3a576a15bcc644b4862dc45e9bab1dd4d4bee76a490a8d7a79fce4875f058fc01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 cfbf8b69b7f13f84ea9f20f423c73e3d
SHA1 824970befb0146ff33d4d18a6bbf19e1e87e542e
SHA256 6b29cb49461b64a31e39af9c3adfc74dbaf9c1a4fb86ed81e2bc4b4d3ecaaed1
SHA512 73e608570cfab3736c8468cf214cefeae951933d04010c2ec1a6e5aa6d7eb3fbec459a8c3b1c075b5f1e6fc865409759aa33c220ee73dc7ae292a9bf87c1c829

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 d583e3afdb78aa5fc0ec5ae5606fbef0
SHA1 e5201678262e805f38b71805ea27352229a2f15d
SHA256 118a3f8dd2789a088046a94acea7c5df22f9f3db8caf05f62c6fe0c2bab5de6f
SHA512 16ca8e911c92097cb51480db9f13a2d4ece84f410ce4298b759c387df0c6142ba5ce14dbb643b797988013068c3f36db55b271a15d4a928aa3d4ee221c5f2e01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 8ae5a785f81e898063206e5f4e1c1856
SHA1 2855dcc0c997f364ee9d697b7207754f3f7f6d53
SHA256 b5d77afb512db99bf9c2b5eeb9b65e8c2bb67481782ae52f4e8ecaf93a48c9d7
SHA512 20d51e84e01551fef31632cbbabd1fc0b0d18b44d11dd88525dc4708d469483a4913f41cd0c1359ce862b011e50e8cba18afbc3e01e103c32f2ba523928acd7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 3ecb6213429aec145776b4cda1c51f2e
SHA1 ad4056528744d480218afe1c75e88d24f9847d3a
SHA256 4af5f8e55d1f9e470d7345c070387a361527481785e8834b7d831dbeffea125a
SHA512 21a1d3a7845a2388e292e7f88f27c322f5988aa9785a126c1fc73ae903ac1dca0ef6b709d38c8d5114add4d02cd942c38bb58bac83ba64dafe3b3583378afcd5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 473e0eb80002b3ee524c9b10b160ed43
SHA1 b945ebd1eb9ea89507b434979fb8e370ec959152
SHA256 9a9dde10ed8caef322c33b5100bb7fdb795d2358e09d1d5280e139ea4fe87750
SHA512 091477266c55f8446d3403dc206e232d2c77b173f6d15377de50d76dfa56105e4b83e7fd28655feb657769c9fdc868fad7197e78e0edb35253b823dbedabcbbb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7067c71ee6a5501050b4a8beba55ea85
SHA1 f983c29bb7da592e8c1e45bd2a32ffccf8057046
SHA256 81911719ea5af10a51f8e4635c97b855b376932471694ad9c72945e99d0b4319
SHA512 d4f839c37995c6858234fbe8527dc774b096253acccf559af3fea213639437282def4e1ef919d578685f4c9b27d08f37b80b300050aa9672f066b0ba31ca5beb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc34737c11c980521c442d1bd40285cc
SHA1 2635cd64b7089badb9056f635ad4c4d0450b2b83
SHA256 b66c35da313d816e01749d3ed100d834d91382b13aa7bc7344cd37e8f1bb1bdc
SHA512 485395e73e612cef7561e45d8d5ec5795a18fee904907ac83abab8d961cf4a278675066e109870bc7582143811c8aefd703ee1eb65aab8930aec6a8fec9a38ff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ec17c5805533d60ae26302a7ca4472dc
SHA1 672d49cf7f8a8d17bab2c7bb3843b61cf3ab3914
SHA256 7846039372c668fc8e5d17e0d87a59be001a49e1101a195e85f0f09793dc6f0e
SHA512 7efa6e1bfdfa5b8ef80d4d25fc35eb63ec094194f5c467b21f7099f1962ec4f0d445be94c2ea87fa65b5daeced04f46b841f5088230ea52f1accf7ffd32ac7e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 eba0930a8f01bc8051b2cc1d95f2faf1
SHA1 c0193b484275204b345ef8dff6d08596bba5b3dd
SHA256 2231a4c31daf09d8e7da67e31ed065bf219809377ae405ed30c5ca2c3899d0d7
SHA512 55be2b72a3dd9d21ff9297260c2b164e68b42ea6b9c5d20e3a66cd613d1919d41e60ebe843b13e023431e4c3d3be7ef0feeff57f68535ade5275b1541b653ee7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3fa2e3d70411a9429e7c53a7a2c7888c
SHA1 d737582acee9e9728cd12f06c873de5b22535abb
SHA256 2ad55aa69cd32e6d23b7245eb03d099dd1cd9cbb7a0a519a9b2ad8f324c930fc
SHA512 92885d4d77f50d05977aaaf357585baf8ef46677fc8b4f5f99677dbe7c2c28a356a7b3d3dea9fef03a45f69256bb7469d91de950f229dbd1f152e82e28403c2e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a8c1468f5a6bc9ab128007647c088f49
SHA1 87a90d7b02e03c6aecce4602365c2e18128e126d
SHA256 4f7510ebad30854bfa25ee8e1ea87549a38308c3684dea8f6b694482c9092a18
SHA512 7d3e097babc64767e4945d48e67da400ed4f974f4cb475868f5b115e135ce8d231574fc125bff7a3ccf96022d9f30bdbb41a679ac7f7dd9990e4f345b33d76b0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 723f8bba2ac33fa7b76fb84f68ec10f7
SHA1 4b9fccb04eaacaeb006485bd1533c4f609612495
SHA256 848bb3191fbaf767959f7b5085d58b5a192e509a7b6af1e224d6f57e61495387
SHA512 22ee5219e510b316c24a805e4dea1e45f37faf876b628a5234b702a6b821735b3f9d59fd758345ea7f7a90b3f5cb2d12f6fa616487a0249286d9dbb73890789e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 0ab469236e16a2686b632da3f6d1d98a
SHA1 6456221c8435cbf609eb4ec13a7937f03d5c9f85
SHA256 05f667dfaac396ae6cf8819120d05b1934cf1cfa2b616129bd677623616beae8
SHA512 4c21a4c87d93187717d49f1d5a6050dcfb1a750f3204fd1130fa1f52bd643aa5c646f66d8a435fefe4397363f0199783ebfde77d0d05db399b54c44bd82e0b18

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 13dd0b58761be35411e1aede1e47b2e3
SHA1 2c14d7a9bd549a2b4e18731fd777fb98dd84a8f7
SHA256 124fe7c1bbbfbc274fe6585216a2581a6731a7566f2edbda4482292d74a57108
SHA512 e5bc59a6825c50554094921f15ef94d39e6d5f2f837942e8d38be739648b55874971948d0c93cd52f06d055cef74dc97f98dce7d8313c000459fac4c4c547e3f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 0fa9a4d0bc085144f9a88eb224d068ca
SHA1 6d43d7af25f915da2742d28e1bf2f66f77bbed81
SHA256 dd4b8ef0e91032cea5910c95933ba15e6e6a27a62228b8e541bdaeb8fc48d929
SHA512 0d7965949fe4778ceadd8ff2904a91f7e9fedfb939c65a68182f4d3e4a0a12a267f5011ef08b2c9e7b121d05d5edf0a51b286fc3163ef5538761cfc74dc8e3b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a5a4816d7929ee2041b907861bf52dd6
SHA1 e76a2b5b6efeaaff3d7bebe572698b48eb1f4468
SHA256 f29318574b974e8ea535fc4dc0e52ed9ecbf2ea824f6eb4b1d5a378260c459b7
SHA512 f495734e11cf2e03abc9a97906d3b5f6c108030b0b78d924a74323bd0e3d34d59d6ac62ef383f3d00a5b14a1d38b2ce59bebfc60064aa8fa4f2b6534cd1960d3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 94c6255fab4b37c3b3e0e515f02ca848
SHA1 2f05c00c9d80cfcd214ec9443a3b3b02e715b3ba
SHA256 e0e9f46798dd1faa70cc21bfd54a21c3afefa2df6aab1370046eef0bc8c6847a
SHA512 f004094b9d16d8ba55967c159b60087a81f5594a4a2c254e421043dffaa2d0f4e844033a8807df7184a7874cfc02fddf55efaeeacf231eb0c1f781a98d117c4b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9ee0ade9d098e982ca318e636cfb7b19
SHA1 56ca43c2708908cee6262e8b22bdfab695cd5800
SHA256 164dbf12dc2a66041f9cc87ab882f18d4de17c8e6bb6fc7cdd24dc8f941e04d9
SHA512 390ca382ada2492b795281421ba096d6ddf773aa0f1bf754dabfd8757c1fa1b96e7426f55d9994a221565e13315008e3ad36c26077411e0960b011f4379ce5f5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2c33356c3db49a43b9b840d9f9f649a3
SHA1 da9aadd4baeb0fcf4d230360045c4c5162804c65
SHA256 282a26aa6c184d1cb4d3a09e7ceaac7845a400f4cf2507181d4e90f02f5aa057
SHA512 9802b6835b81b64f357286dd2a4febc3921c1d563c5f027436d06e8b4c0bdc0bb3526f46c501fbd2b610d02c8b4611b7f47eccb229616e251275e618c67d3177

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 060c2540f71845811b1ec8bfa68bad0b
SHA1 ffaaf75b9f945b7f682801c47bc395d1d3dff3c4
SHA256 a6122f2f0c39d42fd77d0e3214d2327af11d81b4c7ac3d76716e20b6b7d59d0e
SHA512 000da66eeb900cdedb417261e1b7fc5f300be7a4dc35141e3f470d03696c8416078de67538be71c88b2735cb41f4b72c5ab6a3dc1fd906267e4ff2957fbf4358

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a4f0d68922aff01bea1c3865451020dd
SHA1 fd50a6d403fed0cbfe2878440af4e3d431e95b1e
SHA256 561bd5b4c2c9879c4c05d99ea9f0c41fc42c120b08e879a1871d0da778376147
SHA512 77f865ce4221b4a37439002c8a133c0a4c2e739d8b3cd5a374926bc4e03a85d7951e05ae2222f1e9d39a7c799dc8817f962060cb14ca11033b547dbca26b8178

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-06 10:52

Reported

2024-12-06 10:54

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe"

Signatures

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpep.inf_amd64_2e156c5dc4231642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_7a75739c411a71d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\moe_status_icons.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\hscroll-thumb.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Spider.Medium.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\accessibilitychecker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\organize_poster.jpg C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..brary-mof.resources_31bf3856ad364e35_10.0.19041.1_de-de_2ee4c7c71d0c5961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_presentationframework_31bf3856ad364e35_10.0.19200.101_none_4651015603c18d33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_9e165130188df1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..c-ctnrsvc.resources_31bf3856ad364e35_10.0.19041.1_de-de_557d2803241840e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..dminflows.resources_31bf3856ad364e35_10.0.19041.1_es-es_b7c432154e51cef3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SplashScreen.contrast-white.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm_31bf3856ad364e35_10.0.19041.1_none_5ca479c80833f252\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c7_31bf3856ad364e35_10.0.19041.1266_none_80ee0d6ba7785a00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.19041.1_en-us_f1a623e235b38978\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cc90afe3d062b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\403-12.htm C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o...appxmain.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_62bde4342a4c7869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lers-assignedaccess_31bf3856ad364e35_10.0.19041.844_none_685e75c3526a8f72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..ement-wmi.resources_31bf3856ad364e35_10.0.19041.1_es-es_ff48fc5d4ee3f3f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_gpio2_glk.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_56b1cce5d1604cd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.1_none_d1fafd8eeb2a2637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_el-gr_299ad75c3be31623\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4a87ea29a85444da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..diosettingshandlers_31bf3856ad364e35_10.0.19041.746_none_bacaf9eec0055626\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_51f6607da12f6fb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a1f74f660e2d2e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msxml30.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9c876c7e0d849172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmbtmdm.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_bda01717804a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\401-4.htm C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..gging-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e0cd6e6002b580c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_9422beb194a94204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_bd6a9b2ae32602c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..telrunner.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b86e662e5cd8a100\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_10.0.19041.1_none_9f03197902471ade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-servicehostbuilder_31bf3856ad364e35_10.0.19041.746_none_023b74f176dd78ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_10.0.19041.388_none_189d4f2fdba30664\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.confi..eprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_79b28e48742461f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.device.resources_b77a5c561934e089_4.0.15805.0_ja-jp_0f1c5dd1912f3cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msls31_31bf3856ad364e35_11.0.19041.1_none_c0370664e10be438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-dmcommandlineutils_31bf3856ad364e35_10.0.19041.1_none_e0898ab34489d994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.264_none_693d5f2f14da2062\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-universal-internal_31bf3856ad364e35_10.0.19041.746_none_5bd1ad835950bf9a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.packagema..ce.common.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1250f4c68902c947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000414_31bf3856ad364e35_10.0.19041.1_none_a8dc5ae3371b2936\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-editions-professional_31bf3856ad364e35_10.0.19041.1288_none_51444fcfcf940a66\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-vault-cds_31bf3856ad364e35_10.0.19041.746_none_d55f82ec9a67f2a7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4980aca4fc783f0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_4c845e7a8653a401\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_it-it_b1f14780879a25d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-twinui-pcshell_31bf3856ad364e35_10.0.19041.1266_none_670f6f14d5c78d75\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.19041.1_ja-jp_94b519f57117f8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wfcvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_24b4263934e4a6f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_rdvgwddmdx11.inf_31bf3856ad364e35_10.0.19041.928_none_e335d045e6e79b2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-system-di..s-diagnosticinvoker_31bf3856ad364e35_10.0.19041.264_none_d7bf0361c74aa88a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\domDeleteAllBreakpoints.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..itorservice-desktop_31bf3856ad364e35_10.0.19041.1266_none_df51ac82c74c9b27\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\StoreLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.linq.queryable_b03f5f7f11d50a3a_4.0.15805.0_none_32f9a7160661405c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_0bb44b75ee330656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Splashscreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1584244fcf77f93a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_10.0.19041.1_it-it_89a0c8d739b28a7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack\ = "IIZTZRIYOWDQFAF" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe,0" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cc9a27fffea9f5287dcc3acffafb9541_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 216.254.1.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 d2987286e7c10a94c88eac7ed4bf8cd2
SHA1 cf80d111a96cb914bd4338b93e57034eb70af8f9
SHA256 cc5f8be5ec53ee11a61f1d380985ccce61e0bdc0c9b97cfe20b4ce1b45ffd2bf
SHA512 638ff7d95dc3332e862a2ecfeee36c74d33793ac2e7eb28f748aaf81673f8dade1ed73248c2b2a355293135ed3d71ddb95107aa4095551e039fea3a69c6be61b

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0cc01bf7c0763dccc55ed33cfc5d89f3
SHA1 2a34db5912f21bc5a3f66f9b267e75427bb29a17
SHA256 fd4ff0e8c462dbfd7d5dd714dad7619b7908e8cac8dd7305d451a2da6b67b71f
SHA512 a0cd8aab7857126e18bc361f30f799e9ffb478cf1e8b72a6df99894023c30a3a149a81b0bf62b2e85d2775e9e6d2889c538ee1bcdb4b5e095dd55a0903d68121

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.happy-hack

MD5 514b7284e15d524473dd6e649cc27301
SHA1 94d24368e4f3499940d7fce0aaabe252f389a057
SHA256 c0c33281b47b7d6ca44c51378f3c89d751d03d9affed055cae8fc9f40b85d91c
SHA512 3389bc4dec73f988ecdc3e2868dfd5d68ca6c8e0aa463db5a91fd136eab4625039db911620f67fef8c1029776cd86284c0585c03789e43d4b6817e056bc1a8bb

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 f90d213245f08a3538b8d763bbd3b388
SHA1 6eec8e8af206cdc841e33dfe03d542c8bf9cf814
SHA256 618693e991a2fdc42cfd475c0f470765327bb274100772416184456c421d2c72
SHA512 1a9a8d0d4d49e4ee568d3722105a0b2d4d0e2f351dace5f46affa5023ea213554d1600bd7d70ee881e05ed9fe584a0dd611b5f835d7663c0f9447de6c2fa15f5

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 32c5f91a553f823fd0298b38bed1db00
SHA1 a46a7f5df9ef84c5b7a415734cda8cf4003a6e85
SHA256 16ad961bda4518e959c6242ed724a05aa46b83dbbeb3ea9dd84ce612aba165a1
SHA512 855b1556d4793a2fc7c2327311c2ebea6b13650b99f97941f17c3f0350300f098b295f558041508d5fd630c86b57981033469c3aeb942ebc11227a16fc0384eb

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 618f71fe9eaa2330d6113274bd59e07b
SHA1 3a32cfed61ca9a359324707c2f6631c23bd0de35
SHA256 d92d7d995ed8f18bf4ac96b02319398cf27e8c68959cea151beeeb417fa631ab
SHA512 2dd68ad2779ff21ea477bf9c3b1c49c56df497af83864ec0a5590170870868041fa141e714b9c88a18c4c4f28df9cd54ed4d67a9202474bb98d16c827b0fdd00

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 680804e4d200de4c3426aa76fb69c8fb
SHA1 85353cb97ca6c1ed216ffe4f1fa01913e06fe232
SHA256 3db930bec72c328e1986b26538fc8b0084b9be2f9012ae4f5d6d8753801858bf
SHA512 cb0fa086ece1d42c863e9d70fcd352aefbbd9dbb92c96840a13b67e4fe1db7a04590c7c823c2928d685653b73efc82083c4e56c963a4bea009f83e1853f4df8f

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 f8197d161778ae564634cf521467c380
SHA1 000e56e3d28a2fa321f39c7e30f9e683c360fdbc
SHA256 4e2d87ebd5e2d2e7c924231b61f4518f693ce85937a139fe0874281078454df2
SHA512 c11b4e406eec3dd52754e1f6406e2861532541b60b5ce0bd2176c1cd216f8c08a6c6e56ad67529880d24629442fa957bdaecd13bd3387d410f1d93037f78a46a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 573080a5b0cb8f722602a886b6145f79
SHA1 914545d1f421e85d1e8424b13bb4c5015a21e46d
SHA256 9d59359b67c5cb4056513368886bc711501b23899ab29eea19c98a6badc2bb55
SHA512 8467600e9dc42ce9dfa57032f9d7eca038ca86f7dff6fc0b45eadcfff14dbbe11f1735f6e471314ece84615c3bd3a3599c888eff877e97910eea83510731bbf3

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0afed3233a3c75994f75feb235051e8e
SHA1 c02a354ad0fff94a53a19ffbfd9cc1715b7545d0
SHA256 ef33126087628c139a3eddcc5acf06ef218d7442624b6091e2f71902f16aed9e
SHA512 29c3b0a9471bbdc990c961b6525f75aa6ae66aa2c3d28215a21329b2f2e5b89f40035b9216b510905a3e5413a0125267ed7cadda24f778015362361a24b74869

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 376ee00371e816c00feefc7c2f17d4fe
SHA1 0681754514c91e318a5dd18fde53cbd33e6dcdae
SHA256 dc36e45723fe376a8386cad56d3db97a3d2b24226abfc1706d1185b4283e3afe
SHA512 a8b75dc02c651e53b218fead06bdde23a66d5ad119b5ae3a4113470b490f5279232b1f38b697ded1cf480a9c551d980c8cc961708a4b8d3b675e8d3598c1835c

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 7e8dfe8de691800499ce4193f81a14d1
SHA1 18ca734f24e9b6fb9a554d9cc42143bb092961ee
SHA256 d9a560801ee751222e52dd07f516fc9dc7d6fcab69ca1a189db183a9441bf595
SHA512 4a22bf9c7ef98b6c28bdbf79b78b9ed1e6514ac4f961330bcdcfeca0b29540f9febfaf92098972e3ca0d60172e3a3b1bd2417677c582895a3fa016bd7d3ac0c1

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 74ad7962866bb5538c7df1121fa2ac56
SHA1 1df05296f5a5fcc13cdeed25e7988bf2a1d3b360
SHA256 fd43274d09d3a7ad05d44d16124b3e078c312c9ef9e9cf30a2f6e30715524956
SHA512 319436757dd479fc2519e802ae2fa02cfa554a7b41cb7b9dec80f7f3bbe25e0b85a7fb2ddab50e959ada6df910965c4e1d24cce39988f8ec8e1862a60b06e1bd

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 67ce77007d8ed01332e7b52b52b47f0e
SHA1 28353f61341e19e7438df0310d49d4203595d4ad
SHA256 3b5f22c6ec5e5d062a76bc3815650fac53ad6131c054f3eb7edc63fd93be4247
SHA512 361901bd1e7ef125e227ea81e827e621e1959584137ad2dce5e3a51b75661b38c5cac7e8f9418d9fe5229533502099c19838c1a24bfcf6ed062808991b14fc2f

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 03efa01548ac819046f2878db70ed5ad
SHA1 d18dc07c818f24a8f47c142471cced6df9774013
SHA256 b1366b1130c424ae465616423759505e4c466908f510113f07ac500e82af7c59
SHA512 1164e262066fa862c633a4019f0cb8595158ef823e38b96f93c3f223b34216b0798326257dbe21892b228cde73668093b6076ccc6d0ffd2afb0f60627bc52bf8

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 8139ad54928d6849509b557895a02e86
SHA1 fbbc033482ed7ecfcc1ea28fa45ad5fdfac2f634
SHA256 318f904236d36388f99886c81d37acf3bfdfe6a2c908bb9aed629d00a693bed4
SHA512 2abbb70e83f51d20518da8f4876eae27ff19b69004d76ffb871ef63fb0c900b0fead014cd82baec1cadd96b54856ba42acdd97a519344471485cc9e6a2f4f02d

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c8c44de29ffedf51eb3b9bd7f60e685a
SHA1 65eed414e9cd67fd7bec8c13a43fa5bb736d8f55
SHA256 3f9f8c282306d807afd64cbe894149cfa571696d3fc138434b37f50541b566b2
SHA512 6926e0f91561dbe87dcb05d13e6317e2f214a1cd710c8215ee66bc47910662d0b6fc205fff54703dd8377d849a890786dda6c347e2aa5631d4dc7c98ef8b0a47

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 e0f0715795f80d8770f7f475590e9ae9
SHA1 cd9d2a3798ab99246a93c110696b05347986d8f0
SHA256 8d03be3d832ec0956e4782174260a552c64eeda8d2a0e159b7d11471531ac1a9
SHA512 1979ddc6981cef9ffb6e0c04e077165a42fe1a7639d5e2c10f1e504dc9845fef031f87d75b449ff166e2e7a08f85a765eba2807b9efb60ed5920993b4e6c6120

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 f8006314d9740404d6416bbad6cd797f
SHA1 d617d4dc41eecd46d55606525f7a2f923d305d87
SHA256 5166dbe39fc00f2081ff8e20ff7d00c8ab741824d5ae59e7060b88f4c704d68c
SHA512 0cbe62373172f350bf8aa0e025fa7e51dcd5da4dd3be46725db3327e914ea9eda954752b14c95fa1c0107e4d64eaa7d447e48ac67705601e9750d1119bb79fb5

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e00c6e4dafaf95b93d2bc7d4b3d7f318
SHA1 14c666c25c517641444a92cf2628f28870ea02af
SHA256 c76b5049e3ae29a6179de61841a0896a20f12518ef9b0047893a57886fa7aa37
SHA512 d155e1bf9770c98468836b0555553357c8d35d3fa9595e666cf655ba545d3ac857835b4a264752e3eafeb56cea876bc006391882e1b62fbed8e1cb2f2975393a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 02351a3c99b1aad2e9a6b45422eccf35
SHA1 55b512f4c5f1908c693881e73b3ae5480bac55e2
SHA256 9aa21e71f610fe679724f9aab9ca558f67f80853375c54109d3491bb95dd5b8e
SHA512 eea67c9358d2c3e045e6f14bc669e56ffba276d7e15b820948662bc187d50bbeee5c1dab26a8ef076d3d7fed0f2dd17812c609a4c0eafcf0b6f2d09e132cfcd1

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9290c8c124e28c1b9993ed20ea00d49c
SHA1 233d4696d0b2877b9d09a3f1f534442102b74384
SHA256 410c237e35f3c77a26ecfc71d60282170ed84c0196ef2b747ad4934de1ba6981
SHA512 1704422d59d1b9c33ee3c7d9bee6cdacb4ef11a1c6922ec449ee1f4250091ad38626afd0f6e242111f130ea65913c1b5383f17572d1c9e82e9200854244697eb

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 b1ff669f62387b6c2ad93e265498697a
SHA1 5f7f38b2a8ed13d1395cd2958c91ff8797c22c2f
SHA256 5c584693ebe88942abb695cc76093f0c587c314361c811ff3fa445132a6135d5
SHA512 15c576d6a859e977c9e3a1a6d0b6434447994569232f164b56b33adc3a8c9097bfd3314ab4cb2fc40085c37a090e377cfdde23c7a827424b63bcb488cb8455f4

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 f4f5188d60eae7da5ad19e47cf0c32b4
SHA1 81f6bfdbd6c28cb2ff8f3d203997900bc96f929f
SHA256 b03fff3cf1ff59521c2a05275bd72dd839b2b1ecfe35e6f4e4aaa15c0f6c5c24
SHA512 abb585641dc15b019a6ce4c32f40aa482f25d9f3fc422dda439d113715cc5c115f7ca9c5f93dd8f7e4a980fa781248f4ed744865cb64bf6eb8bbf322b35ab979

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a1277c321f2b43ab8168fa586ba1ffc2
SHA1 37d91d532fafa5581da90d60fc184b671a735bc2
SHA256 4e321c266f9d8e69b14414c345ad64b7e4a94b7f76dcc2e1578baaedb12af72f
SHA512 34f8254aa1e42d79278f356930748c278106561d77fe46f97831acec458f9c2b5baab274092c5dce798bb299703e38502d6ff6d7ace2424c692f4912d1637f08

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 42d0697e8d178ddb9684e54762cc4906
SHA1 dccf300b1c15046baacb8d638c4cc9ddc1b8073e
SHA256 d27a5b943f39d9cf9aeddc5c57a2bf3b9945e62045e7e6038d27a98d4445a7c7
SHA512 45fe660653de01a290c2b6a9db6ea1652fefd3b0144d8206657fd33363d6c46fd424e1d8f98e50161912af08248e0a9a0a702244c2ca3473c05b0991412f87a1

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 6a7d3bfa5ed26cef4c5714b7f3b0b27e
SHA1 b6fe2bd75b1c59c2a85467df8fe7f33131438a9e
SHA256 4958c4b59c28fd2e339b63c4efabe6e8748e6d6c3fbf4af838c6bb2bef966d56
SHA512 621c509b14c8975cf42c32883aa1b4ca24f909515cba1e695993ab4cacf63aa03f224f08e0e6148913efa05c42852186d927538321f7438cfee207aa42d29d79

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 4f5c3417082f78f05758de68b295436d
SHA1 a5d4e334ea394f0f1d1f150a08b677a5d121c9b2
SHA256 22feb834725f808a2711d48949d89662294b5569faa2ab0bd35ef98240ab68fb
SHA512 dce50943449e4ad1722a87f46bbeb23773550c72166d3997841a2fd3de31852afba25de05ab97bf7add1c9912a7e08c722df0dfa30b20df9b44f52c5a25c33ff

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 7490c56b317638487656ccf2e978b4f8
SHA1 d4fdd014df629d93484a166f7dd56f6f90c29368
SHA256 5f66a68f8b0e644c5e58345c9825621a9ae959f65ffa4a9f9c951775e708fbec
SHA512 8eac0e75b8b84e31517f32c805fe65a993c21a5b00c3cb70dbb3708a0988f4de6bc8e92d19c1fcf5e71037b070db42b4c01e26975ad364b214e14b939d35826b

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 43a45c5e48391811c03dd6c7f613910d
SHA1 5cca8d3a0ecd1863d7110c162fc7ab1723976dd2
SHA256 ddb5ad6f8823c0669ef05ae9e6fddd3be8126be3764ea3f4b7551157fef76bd9
SHA512 88fb3769f0e126c587627e00233aeebd5858f177a0c063eb323d16586bb9e991d8699ca10d13649cd779749443daa74df69666a31fe1ea56e05439652c80a670

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 2671d25f66247611d161f697565d6956
SHA1 a171fb8c6c06be07637373675452183e2f88376b
SHA256 bca16453b1656628430ad35a051702870c3f2f7afaaac02c9300a6f5fa124c84
SHA512 e620b1bbad4ef9550a2470b43a436060ff24fca6270e844d615bc019017c27b770dfafdd6836634417bf65c8c53a6749361def4432a456b94eaee656289f7ccc

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 51d10d303989d338d7d45f1fbcbc9b97
SHA1 1b3381762131ee389a4c68352f4e413bc6007dd0
SHA256 c22341b75d50811c732a4e0df5b6189c168431d3af9d77f7b7d9198919134c9c
SHA512 a2d168672fadce155e0863c696e6051f5d14d40f7742c16731cceb08862e2a4f61fa0720c823f60d8116e7b3f0ded4a00ed2b3599a5f680ccfb61bac90d96908

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 70f6a96db114a0cb980c71e06ea46be5
SHA1 1e06ab526cb4b87651c59801dee846198c8c7a88
SHA256 0858543ec5859ad78cf8968f321f79a417b0c74c2d920098a88928c9369699fb
SHA512 64368aa909de8bd0d81319f82cb4ff0b164e06b4046c00b75f75201f83536700de51e1daf3ea5c17b4233fb651fd032252a9c69dafd8834f5c88b027c52342f2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 f2a86768bae592fb9722db0445baaa84
SHA1 13d922f301e4b83f0fc80f0c52bdd2db0c1727d7
SHA256 13598483af2971c788eb56c3acfce0ad765b9049263be821e4218b1cb2e7d6e2
SHA512 259e3bf6c53fd5bb5b4673a3c441b95fc74e53a9e04fe69796a4eb13c76c11fafa01b99971ece1f599707f1b0e3ee78d4516745f449ebe699fc700e927fa5ad7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 66720f224a7fdbd0b9cd84fff8717cec
SHA1 944fc541f7d94d565fce6f232129d50e4f5e5418
SHA256 c904df80fc51407654a5e5bdde83f07a475f6159f5b8d0106851cf966f634f2b
SHA512 3489f45e375a1792fc3451be2dfe051ffee3f452107d621674fb2b5752ed507f8c39c4e5d391e3ace0479f479f47af14711c13a8301a8063479fccbb5847d553

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 c7c649669392ff6b3d2392d2a9f0e484
SHA1 88c68a13292fc57b18c1a700890818601132458b
SHA256 d4fb2fdd274e47567cd2a20c3f96513d37fdfb629047699909cb5ac4858222b2
SHA512 7266bfc117143cd24d29bfdb9925e2d1021b72ca48f667bebee4f24e2669b1e953041acb56a3867a33c934ebf2882499adab83b5000dbd2d66aceaab3420931e

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 23d2f2232781e89b4c6ca48411e3ed18
SHA1 90ae4bdd72c04638a6e0665ad9523d3f90880fe4
SHA256 714b747c6fa8eb5bca8f7ddcd55983a7a8b2e62c87561c78b2ba0461f02c374d
SHA512 10d227b28fa519036ab8a70fc478f399de7d09ad2d188d0495a338013372d55944dd648add904a789f1fb384ad8a758293cb2743d816007b22d57d71c5f4676e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 66ed7c1f57397a65a1ff3973d4bfab53
SHA1 8f4888c83c6916203a5eafafb463124f9623d7f5
SHA256 b3b60e0f119671053d789fbcf903054d9f3f1a246021d0e7af3f2076e0cdc9a5
SHA512 b78ee3bc3ddd8ac22d33fdc3bbdc7fc9f4eb75fa4d2758994aeb0224430f6782da3bc92a74737926349e55d5014763af1ec53863f131c9ccef6c5d7733ec7d2f

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 4cd288e8f1054c4a2f5b4ed993e99ace
SHA1 151a2b0faa738d12bf38f6e5fca175b02ef485fa
SHA256 7349ed96706d133f5755ca9661b13c9003e3989f8351983e706326695d18c4e7
SHA512 8fb3ef0f36222f580992586cf66474c09775cde64bd6c89cef76a8f153fb5d1f37bb1216c00bfd0bf177645c3dc085f17c29bb8a95d46f294df25adba00c8128

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 efae87f4a77b352a995bea7654b3eb8e
SHA1 5e17eea6fe71322aae826af5a79682e69d8eee17
SHA256 df4f12f3b26cb26f24d9ae5c03d4dca1130aaabb17aa7772193cde23b175a73c
SHA512 5b0d43b68c96bba72b8600dcab25743d153561acbc8197b06ac9ec56d695812e12b231d2d4bb932a47cea63a56d17436447a50b690706afbd2f0adc481224ccf

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 34d2b53889ad8de9761392fc3849a01c
SHA1 53d679ec52faa78c5a52d62e66ee1ee2ba6f4907
SHA256 ac1c480339777231ed3fd00cb818ef4fe39d5fb5061b401922323a7b51e62be9
SHA512 c8c7e4856b639bd8ebd5322f8104f93d6414fe828fe37dc2de1a2b3151d0ee6b4c048b5f82220d5d5a6f52e0facdd8991b7a8bb41a86f27157226e9e5dca0dda

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 ce48bd48e673740879efa519bf50cc24
SHA1 ce7474b4cb995af34294892aa476814ba1000840
SHA256 d86a2d8a2573a0b5ff84135ec9632b62101f3d47d36c854c707781d75db8091d
SHA512 b97511dbfa8b7967830ef99776f4f2c7e7b4019c816dce41809a24459c0326aefccf68e9a7967e9c3d3a74722a9593c270ee3eb18348bb9f9cd0a7e1e1217d85

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b7912dd216bf4732590f24933a7b6233
SHA1 d65b20c3b3bc7461ae582b557beb79c0564e3432
SHA256 294272545eb574ac931213a55b7153857842e70ff74e875bf1572689866e49b9
SHA512 90a128e3fb6daaf2e531e9a282a15361e8a71de5e7af9a016d09ff8a6dd0a72ed7abb44ddabb3e261faef873211f13e363da597cffcb943c024f5092f792b9b0

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a5122e15f8b9348c47ebc09e30230b9c
SHA1 936e9a0bc37ed3087541a17a8133f3dfde16e156
SHA256 ed9427f52e4f78397cb81d0e32926fd820fdafebdcc4a549b73d5216ff2485ce
SHA512 5c83c46a2d78de3954f565625abec0eca3748030d21a84ecd4c5cd1f469d91fd1bc15f333a24cbad6bb963c691a53af18e75a99fad219682f483ae581c1faf75

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 087713bc154e6e945b242815ae4cb1b7
SHA1 fdea528cb4741ea1465c8d2fd292d0112eb00ef5
SHA256 9f569336c07ff782fc567efba7a97150cd9ca8dae9dc9a3c435e69b1001b1ed2
SHA512 c7c9a6e5e97511813f57aa40cf6b7c9f0e39f47681a25bc9fff99cefa76e36e89089baa1e405ccb8a514f75a0737874578fe51bf7818bd62822fb3625225a6b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 f7b74a1b01808613dd73e3fa35cd3327
SHA1 34ed5959608725dc00be06f1bb4d0519d1631229
SHA256 37d14455876e4ffda4b11cf980957cc1ba69c52054f562265c44bc16c5f11c68
SHA512 77fc21517e5392fee477f3cf0f2a9c953d3c3966412cdc464d4e88a08f29a1c9e48c68c974ba828f51f8d706edbc0c49598a0ebab5850b34843c69be1cf66f64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e2c6596a8ab052fce96d7c43c1614afc
SHA1 44db4067f8fe647d929826556351b5f6ac912d2b
SHA256 72e6764a90cfaf1204698f222bcb08a2d5fde2566e19222216a70df9ef5a2ecd
SHA512 85b1b0d9885982838505bd10eb4eecc971f3cb294d97e9382d646116cf61b775c6cf986c234bd11109ff9c09c3752d0c6bc09de3367fa77fbcc6347f1986c354

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 80f4883fb6a9f4b0305606977e3378e5
SHA1 557424057f23b191ac02b0f419d5604aa106325d
SHA256 27f642253c335fb91d41732204a4cf8362f50afc9d1dad30fc62ce7bd871bf28
SHA512 b8b47519eb4be122f379079114c6cf3634559c677b672011876b9d338bd42b9b36987b85966dfea470ca3fb8fcd6a553f833e8cf2a57c62e65ba14f9c4163e66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 375aa61c30ebb4fb435fdcb7daab8221
SHA1 d76f7ae9ce490aabbfe44bfa035c38e79034e669
SHA256 c0937a25fb111c774bd1589e89c740dc73b9cb6b201df9c611abbc44d5067d9e
SHA512 12df878b94e2efaa51ca9b8aab87ffd1ab61fd4c89f49236151dae2358a8f6c15a20451689dbfe55d887cbc402663f97285c918e6bd4af450f397b5319cfe0c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 d0007e61116b0d21c35a4ce92dbc46cb
SHA1 53c1f8389180423aa213078c600efe345c731053
SHA256 7db2600fa450783378462cceedd2d6472042696f43fed74930d966253861fcbe
SHA512 8c721459596c5bec6830d59dd11bbe0174c8ee70b32810385f3e062e34dd0798cf4cc245c0587dd751a41b4d4eb3024c04fdee54a27bcb40c5927a640a8d8ae3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 580ffefeaf8cabaf98efeb005edc14e4
SHA1 d2cd9e17121c4f93380a7da56500193393b1cbd1
SHA256 7fb680640364f7c9ebf9aa313c65baf3f40a9b9f02fb48e918fa42daeee04994
SHA512 0927aa9ac83d84eedfd2d4d4ee029da65b8bfc002473c80da98497008cfe20c41ab2c5f72ea4d742543e90aec053d49a3c842a0056e1ff826533e959b176869f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 7c3b536f0175acc04380f318d083d207
SHA1 594c40cc99367f861c8891ac863eb3153353d68b
SHA256 0c64d8c65b77d338ca28b0fa8c39f4093f39e4efc03e8b71b82a813c2c19b15a
SHA512 a9de4fb1e9c2b73d8980189941b53dc58a1d9d5b665f100a5ca0c95e8570dd0790b7747d61b2e77b9d158e4e8619a1c6ae9912e46e9188bdee0eeb8e71522bab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 138dfed259a14e6a48b256140530bae6
SHA1 9e30d8714a4d1caf3a59bcec1f73651f55d1b68a
SHA256 9f22c3bf2921d9d82de46a23f6b282a023688fcb7821cd21c2ed87748fa3d806
SHA512 0a53c2a0ccb7654cfc6a1016976adf84dab20bba904ccc83bc599b9c7fba42b88bc01e0c5eeeffe7a37b2627287c5ca4b400ea63fbf2e2c7eb03d512608a03d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 54ed5aa0edd168a3a83949cf928fef77
SHA1 66f4be51ae0bbf653509cdb16241fad3463e442b
SHA256 b3ccdb91e52434f51428f1d2900725f23a3a1c7af7c3ed1c6f579e648ec7ffa0
SHA512 e6d3bc5bed672b2ad93126cd2c81c035de7a43558da8b37f24f9f5929953faeb258987d843ef2daf71b299f021336dd37d395c399172d06b15f1239b29201ab1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 45ba09c41dc67ea641e6e10cdd543cc6
SHA1 77c356eaeabb682894250c173e514dab6acabfc7
SHA256 b23fea8dc4b2798ef01a5207280b56ceb93eb18249c51a15ae48818c64ce677b
SHA512 30ab145ca8ed12e108c596511b7174a1d638177946a353eca554eac620b8aebc4719d5586751ae28b2563437b9087bc1922f768391ff24a3f8306b5621587b3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 50e207ecc1efeb9e0ecf3a9948819d73
SHA1 2564cf7d379eead75205d09c97245e2168cd96ef
SHA256 270ca119b373f09fad88dbb5f42c61e76a024bfcdd205ae4284ef68a1918fc22
SHA512 e489894358d0fef0911466605d5addd6df6d82b02f54070ad9ec3f88efed1940d6ae67ca06613178c8d1d55efe4294c9945f2e2027808d4e5c7ed1a2e2a506da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 9c38a2d56f26fe8ddc04c8fe22939040
SHA1 f621d6051b32c23a2710e4875994de4eaa04c648
SHA256 aa59c3f8ae935cb940d5f3ccdf0898f92f59f8a8e02b55270d6fd10ec9ee48f6
SHA512 ce3dbd538fb9022ee9f8bac65c7f1648ad5a65aaeb3a60977b5a7077ad3fc739830adab1b6839cf72a67b8067718b8f7c7bd9ae8a98121eaa28816d4be3be30c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 4fdc568a647b39293a44f68b93f19297
SHA1 302d757fd6a8e968c97fe76953bcd516f7c5a33f
SHA256 e4ca0799a468b7eccd0869511a5c05485a9c983699a00c09f818d83dc3fc3187
SHA512 e68859bae66856fc4a6a0ca939b89d1b18fcf0b54f54ffa027421121757189bc6d56f4fef5d9030c6f9cc185340a49dbff46e179a4280ba435d50baa5695517a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 d64e2595edafc8f4df678c9164b1d828
SHA1 7ea10a71b71eb193ed58911cc109711f1922b5a4
SHA256 338e9827aa96fc189b6fdf6fee2cc8b59abf3516e5dc9b584ba7bf1616b2e4c1
SHA512 0bc6b8e9a7878642cca3ae85e1c8921df84d8567f0d28fe19f9642823c9dd53b16c43f3d27057eaa07d8dddc911895bcbf6a5afbad0e00caa257e9f50c2861b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 bf0b2053d5dc0e7ee6d5fdafa0fee4c9
SHA1 736a91625f62138456b3856636f9797620e9c6f1
SHA256 37db312b0734bc681a9512eda4688408ee2af61ac2a105708f5d4f0f9787ed75
SHA512 4348d6e7534e7b12969a582d6cef8186a7c2feaefc162dddc2a54483fecd08c40266a2a8435d32f33fda243551f61aa36046e68d9b05794256565d10e1812cf6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 e85c4ff85518df8b209dedbe269dc206
SHA1 6477c712259c26cf7af722870ed0c470e79a77a9
SHA256 bfaa24d454d5d39ba313f0fdfe5583824685f8b420cc21b4a426f9a965e60a44
SHA512 972a99b0b593ec048d1bafdb64efa01f4139c8a06edab923b48ce1d4088fc215b5082ab494fe1470f408998c11b225c3599cf47e0da70f69dfc9d98aa2e2c7f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 cb56c64957556121a3dd7b14244e2e29
SHA1 7f813b3181ddde4d2918834152ca99adea55674e
SHA256 a49e62f4413bc6211fdcc97658b5d5a9e0311b6083cb4d0ff66bc7cd19fd7ffd
SHA512 826d41c3d545a85298da0059d064549d2766553b5a134b08569387273d7cb96159046a2fa3d26d5a001f171861c67451a8bbe9237f73b9d48c786a26713ddeda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 c7378ca2e66617b1b87ba6eae292e0e1
SHA1 328b733514ba10e04524c82c5d79095ffe4f7135
SHA256 934c6dba7b017d57e3557987a58bb955dc9b47c7460bc079378a6a34e14cd88b
SHA512 4beb3a8015c53529f7b1bdc42911c17d9eb16857ef111dd289eae0e1934be00920fa5f551ed5b8d2c7f06899ff0047bdb92658fac65a821ac0af27e6b45676b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 da1b81684c38bcc3791a6f6d256dff5a
SHA1 3f8951d649df73080be02a2811bfebd6a709fb0f
SHA256 4356ed2374f270a09a55da73615cf003c17e1aea5fa86aae37c7f640ea710d8e
SHA512 b846acc0ea3f3ebaa9d0a49d376c2d4bb8da7d92ccd6b71c9fd51e8d86584d8500e7935837d08cf82a0eb3d32738445e84ad7b9d9c5bd1ea878e3b082b8c61d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 67d8f58730889a8570f3c007efa43ea0
SHA1 b124aab0f5e3a5092d9814c662d2695732ee6b77
SHA256 684d3bbf2b939f42b3289144b2ef3daf6c17b64f387426f35ea20ba8d92ddc30
SHA512 839b1d8d9b02dda047f2165f03c6144e67941ca05f0cd101d9dec9a99c12cc405613428bc2e80032b2b279e9acbbc5d94acaf3175d5b0c6494fdc1a6073dcdeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 56b669b5cfcb0d5137a46e9e68b25724
SHA1 79c100cbbe780e567389f49266354c141247c6bd
SHA256 61f24d05b20c787e6c59f38f4748044b61dd13ec6dde678f41102a9a3c9c9a29
SHA512 29cf7110b082f179d875b549eff6ade1a9ffe61c5042692124067281b509e2275d12c6f3bf8e3961bc12b4169d68757f2050e6c87d54719b6201c28d874d797c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 6b5779450f0102e64a48e3a5ad56de74
SHA1 e4dc6f754abc344453b93cc8fa1911826298c7f3
SHA256 3f3b0463e4dd2cdf1619cfb991a2462e0731db3c9c192d4c96c917b3625e09d7
SHA512 b76ed3d40a646257cc402caf395640f54204521b96ffbc0e3f0fc38ac3a38373fb5af71434580ff64fd59a9d4bda1eede260c9770fe65701b7cddd24994703c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 59edf98529400ba453ce987f1d851fe6
SHA1 7afe30e594a357f2c46efe5fa1b7d7f362a6ad1b
SHA256 3d753ed3b63caec27d59b0c53f4b39c54e4281eeff3d1bb50d2e1ed1f7730c46
SHA512 cadf63d9cdaad08560ea1f3df1331200b0bc6a43872c693cc6b4ffd3cac95a94a6a7c174e4249fb5f253d0f980ba6c5773d0d394a444f58ac694773cdd23252f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 d6aa6ec0f15f2d4ea946f9e6897fd41b
SHA1 d8f668799226e9b9e84f602a376debd84d890f90
SHA256 7156203c1c8b35e69e2c6cc461dea5dd887f6f89a22065ed716295d50fda39d1
SHA512 19afb225104d4d9e194ea440227bce3b1a949e409b1b9998e084c13ea729961a145e8b36913c65cb8978c31cec9add5014b6a908b3626996316e9fc6ced65b2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 26a32649f899bc2400a0af3f2914662f
SHA1 bfb562bb84bdf974d80b179414b1fc10afb3ace0
SHA256 939a0f37755e67a7e84d20956decf1ffb2a46869d82e63a0b8697ef0b81b6689
SHA512 a36dadc0f033c11e9c6f47da7aee22d8cbf82c2e7abf9ef0c682fe457e4df75b99049d445200d538403574085f84f4411b4c96424ddc9bf6d7e41a3f9f0e6ba5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d6ccd75c44abd203073cda674eec924d
SHA1 d2dda94f5c6a415f9a92c7a43b2ec219f8d484ec
SHA256 cc2b014ea28abe736ad8760ffe664d41b1cac9bd6475aaa85dbba9e5e2659bdf
SHA512 a4840b7278f31d6ce6d3fb6895184b4f40b1ec092fedcd73a2adbe204e0f2fe7dfd63d792c4acd6f2aa45e4b9be69d42d79af38e87184ddfcb1e167625c6fcfa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 eb99641038baea41afac01ab68d9d439
SHA1 55775ed0ba1e57656aabaa7e87c3008e724bb97f
SHA256 ecb5511ad522486320ee347f973c3f0710716b002ae3521ff5b409a76e563c39
SHA512 fdf7fb8129ae600e92365793f96de56409734d0fc75c448f4e9e2ad359f17857aec9f9b28972e0b5de0411d9c93c39a88137036e729907d9f8e439ade87dc8d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c1634c99651c5e6a5d640b8f2041995e
SHA1 52bf865ed2dbaacebc74134d665dbb594e183efa
SHA256 961e87b83e468cf1712edb9104bcdc7f96af3a6ef0ebc28d93beb6730b906cec
SHA512 7c2d66478143db3334c000a7ec3cabe7c6393b7a4e10b37082f42c23f525e4094962d262cafc4aadb5195c43e2a462c9f05a2f78074a0387ac748a31e4a4d05d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 9017982d1f1715dc1dfbf3f00cd0209e
SHA1 dae1adcb8af1d9cf52f015089ab12af02430ca86
SHA256 773b5b157a436927b0df6424830563b8a1c9917c2ac14ae47c60ef68266cf7e7
SHA512 ec8f8ea0868d39abc993c8444a00e13d28b54b9ed2a2c64d2c079ac139f36bdf6316f2e06457f9617459048871965f80f7cf431244aa5eaaa09428363ef59d74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 cbc84c0e42cf1e9e8e5c818a05588634
SHA1 274a2efa8c932276fd60f5c795f542707a9934ac
SHA256 dcdf144dcc5ae2c1e0ddec95c4d717ce5019307a347c1955eaf780be08d002f9
SHA512 88085e9ff821e2ec7ffb3c3e0036c908fe5e8f92cc201bcafff1fc8acff8d71c9934aaeb8c567ba8238cd2bc0cb5404e804c83a9ab5c0807ae86566a64399d1a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 24a66760648e9446e977358245bde963
SHA1 dc66fad7db2a3027c14ac46db31fcfe8a2dbabca
SHA256 9b25df1a688249b65795f49e04d7b7fe5d2d019c93e430944d8ca491a6c6779e
SHA512 fbe5886c2ddee09e562e0f90d8889aaee79841036a51091e4ec2abe2d7a8c8024f8cf93c73385928ca00f8035a0ba0b389fca5b56e23ecfbf79d221322eaf41c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 cf0b3fb2d3167301ea9caa3b88430ed5
SHA1 f1d50c5b9588ede62468595235019a483b8f72ef
SHA256 766827adb6f709d20272e609354916f2ad7b332844b59f036210d82d59aaf7e7
SHA512 1927cdae71a0231840bdcdacecef67389c449950deb43e689415bc9b03440d468376768f3f415f89284c2758ceb183ce111ba28d0a24319fe2050e8907dd479b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 c19ec5e80be613632d1e88a4dce87282
SHA1 4df6e0dbd4f8e1e637e92e08d6eee61898766531
SHA256 8d7c601c9f5b0ed9faa7d8f2f7a1225ffd0ec19da0b99bbfef0555f303ab8f8c
SHA512 abcf4a1a12fa735556e430009c748dda9f3c419371ebd24d97d45f72659609a3259ec43c112320dd7f84eb6c70f6f5718c174e6855f74ec0f5ea6e2ffbb03ed0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 ab5aaef07ca151f86532ebeb9c6f27aa
SHA1 4b15917af1e1e664d7453d64a3d5a888f513f6e2
SHA256 5ad8bcb12f88729988778c20325b68cd7c9d0ad15806e550ccb28fa5e4224ce8
SHA512 b1996827f727e38988e952abd079dee98aa0007b3bfbf3972cba3babba2ebf8aac06ccc912dbfbd9ec7f0d8fa8da2ce0bf6c07a9e0ad3bae6d17f0286f0991ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7466706d73d174deabe3a1c28e9a85c3
SHA1 b5eb8bcc81a41d10fa8f92dd48a8f384db3ce51e
SHA256 5525ce89b283e379562dc6b559dacf80f90f17a087b51de4b661f4b23846b26b
SHA512 5a1deefb4e28e98ffcc1b9d8120f43570948f2bfe5d8315e5650241c951db4d950a463b79905409674d6089e51f2638883bc75641f2ea93cf99e6e0278753fa3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 8aa070a4879a7a08e0c2e3c5d4d83605
SHA1 9cacc94fafc27d46bda7f8b618b177fdfd7e4425
SHA256 253288460d2c4f6e3e5c5bf758caa9dee16b66eb96a8366424e5e07560c7d5f8
SHA512 da295267e13a811d4d13fb5f663b75346f82a90c9ae5dff34dad1b8ccb280d753bcbc41458a564b1af36c0e98500bf484d2c3c9104dd00bfff8c61f555c6c1d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0ffc02cf9548f798857d4fdad486f105
SHA1 94e1213882ad91c6e97ece6bf676539b07d1fcd7
SHA256 10db3443f4521694bc5d62b89d313c3b7c37a132fb7daf018f43c3e5632282af
SHA512 303158854d9efd6bab0e446d2cb8650ec278a97a32665f845828730ecf0aee6149196c9362da27ed76b4e069b5f069836895cca10913cfbaa8426485ba13b7e3

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c0f60fd9bd97524495eda94fdd98dc0b
SHA1 22b434b858a7f436c7957bf319ff4aaed1a42922
SHA256 207c577faada02e75a759265006b2ed10d214a781a919146eeea97855ac2d5e4
SHA512 26634a8cb706c395c5fb18081eedf46adfbda1f80eb278ac4c50d8afb4db96376fad87922940f18f4616b2a461dc33ee63e80097493f17ac69e22c94eb03ae73

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

MD5 d8aa20026906edbf57eb658c53d8f87d
SHA1 8df342b06a0ba113a54c7902a0c96952cca3d796
SHA256 365d18ef109086f4d293d0eb461e6481cc56544e7db698dc35e5f0f52c01889d
SHA512 6c5de6cc5afdcbd5d554fee4451c4294af58bb6e757759e2a64d36d8ad4526562524177a8c4ecdb3672f831768be5b851843564273257aebf6e1129ffd8b7f16

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727697480019881.txt

MD5 15d68a93626e0424e675ebd457045159
SHA1 80fe7fe21fcdaf67981111eee7d11ac672d405ef
SHA256 6d5583ee9580a1301c24b7ad211bec214a7c9366a7392aeb701a5b52ee26e76a
SHA512 2bc5153dc6176ec09d1612b6ec61f9b693a03ad01e44b11c73d95b556a40ce01c807b33ac3b51ea814f6c866b7b5487c294210e1e7c76601240882fa4e7a8d22

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

MD5 60877160467b1260269bd77067c237f0
SHA1 69df5f74e41f3510bc7d1180bbbee52bfbd8bf0a
SHA256 448bf93d8cf09db50a91db1b1ea2e11603bf9c39c72fafdbebb581b81bc99e50
SHA512 7bae371cb0b73eb7b6a5a94773d3568a5f0911f7e66ca6bc0f074e3fdd76199feef567175619a36b2a4fcef3978bc5f7f7bdc124cb69656db8b934ad7260a231

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

MD5 a53c6ae8821c67645d15ea4c3a065900
SHA1 bce16881692cea9c436dfbc5cc4fb83a241b5da9
SHA256 b1744f466e5105e847e662a71071ff527316b076b9fe70a22ad9e5dbdae25581
SHA512 3b7dd35fec573fa7a15aac4401e29cfaf4b28f4162f75d8856cab00a75c19122bfaeb89aa5cb5b68d2f07fc2f4ac621709329211f7db2b4e43ae6c9970cdfb57

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 295313f16f8b9125b537d629a897f02a
SHA1 889a860213cf04b4cf025b62a8d01e10f2bd56f4
SHA256 151e956b7fe96ddf65903e588f8eec80778e12dd0220cf8ac6d50d609c88e200
SHA512 d03541a6c8cec1f7c9425c5c05354bdcf14d5d853a7cdb6ce61a70c85413530d96827dd3cccf112d3cb763fa3ef0c4e29d4b897dc450bc75b0109cf52e6a199b

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7067c71ee6a5501050b4a8beba55ea85
SHA1 f983c29bb7da592e8c1e45bd2a32ffccf8057046
SHA256 81911719ea5af10a51f8e4635c97b855b376932471694ad9c72945e99d0b4319
SHA512 d4f839c37995c6858234fbe8527dc774b096253acccf559af3fea213639437282def4e1ef919d578685f4c9b27d08f37b80b300050aa9672f066b0ba31ca5beb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ec17c5805533d60ae26302a7ca4472dc
SHA1 672d49cf7f8a8d17bab2c7bb3843b61cf3ab3914
SHA256 7846039372c668fc8e5d17e0d87a59be001a49e1101a195e85f0f09793dc6f0e
SHA512 7efa6e1bfdfa5b8ef80d4d25fc35eb63ec094194f5c467b21f7099f1962ec4f0d445be94c2ea87fa65b5daeced04f46b841f5088230ea52f1accf7ffd32ac7e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 94c6255fab4b37c3b3e0e515f02ca848
SHA1 2f05c00c9d80cfcd214ec9443a3b3b02e715b3ba
SHA256 e0e9f46798dd1faa70cc21bfd54a21c3afefa2df6aab1370046eef0bc8c6847a
SHA512 f004094b9d16d8ba55967c159b60087a81f5594a4a2c254e421043dffaa2d0f4e844033a8807df7184a7874cfc02fddf55efaeeacf231eb0c1f781a98d117c4b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 723f8bba2ac33fa7b76fb84f68ec10f7
SHA1 4b9fccb04eaacaeb006485bd1533c4f609612495
SHA256 848bb3191fbaf767959f7b5085d58b5a192e509a7b6af1e224d6f57e61495387
SHA512 22ee5219e510b316c24a805e4dea1e45f37faf876b628a5234b702a6b821735b3f9d59fd758345ea7f7a90b3f5cb2d12f6fa616487a0249286d9dbb73890789e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 0ab469236e16a2686b632da3f6d1d98a
SHA1 6456221c8435cbf609eb4ec13a7937f03d5c9f85
SHA256 05f667dfaac396ae6cf8819120d05b1934cf1cfa2b616129bd677623616beae8
SHA512 4c21a4c87d93187717d49f1d5a6050dcfb1a750f3204fd1130fa1f52bd643aa5c646f66d8a435fefe4397363f0199783ebfde77d0d05db399b54c44bd82e0b18

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a8c1468f5a6bc9ab128007647c088f49
SHA1 87a90d7b02e03c6aecce4602365c2e18128e126d
SHA256 4f7510ebad30854bfa25ee8e1ea87549a38308c3684dea8f6b694482c9092a18
SHA512 7d3e097babc64767e4945d48e67da400ed4f974f4cb475868f5b115e135ce8d231574fc125bff7a3ccf96022d9f30bdbb41a679ac7f7dd9990e4f345b33d76b0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 13dd0b58761be35411e1aede1e47b2e3
SHA1 2c14d7a9bd549a2b4e18731fd777fb98dd84a8f7
SHA256 124fe7c1bbbfbc274fe6585216a2581a6731a7566f2edbda4482292d74a57108
SHA512 e5bc59a6825c50554094921f15ef94d39e6d5f2f837942e8d38be739648b55874971948d0c93cd52f06d055cef74dc97f98dce7d8313c000459fac4c4c547e3f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2c33356c3db49a43b9b840d9f9f649a3
SHA1 da9aadd4baeb0fcf4d230360045c4c5162804c65
SHA256 282a26aa6c184d1cb4d3a09e7ceaac7845a400f4cf2507181d4e90f02f5aa057
SHA512 9802b6835b81b64f357286dd2a4febc3921c1d563c5f027436d06e8b4c0bdc0bb3526f46c501fbd2b610d02c8b4611b7f47eccb229616e251275e618c67d3177

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9ee0ade9d098e982ca318e636cfb7b19
SHA1 56ca43c2708908cee6262e8b22bdfab695cd5800
SHA256 164dbf12dc2a66041f9cc87ab882f18d4de17c8e6bb6fc7cdd24dc8f941e04d9
SHA512 390ca382ada2492b795281421ba096d6ddf773aa0f1bf754dabfd8757c1fa1b96e7426f55d9994a221565e13315008e3ad36c26077411e0960b011f4379ce5f5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a4f0d68922aff01bea1c3865451020dd
SHA1 fd50a6d403fed0cbfe2878440af4e3d431e95b1e
SHA256 561bd5b4c2c9879c4c05d99ea9f0c41fc42c120b08e879a1871d0da778376147
SHA512 77f865ce4221b4a37439002c8a133c0a4c2e739d8b3cd5a374926bc4e03a85d7951e05ae2222f1e9d39a7c799dc8817f962060cb14ca11033b547dbca26b8178

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 060c2540f71845811b1ec8bfa68bad0b
SHA1 ffaaf75b9f945b7f682801c47bc395d1d3dff3c4
SHA256 a6122f2f0c39d42fd77d0e3214d2327af11d81b4c7ac3d76716e20b6b7d59d0e
SHA512 000da66eeb900cdedb417261e1b7fc5f300be7a4dc35141e3f470d03696c8416078de67538be71c88b2735cb41f4b72c5ab6a3dc1fd906267e4ff2957fbf4358

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 0fa9a4d0bc085144f9a88eb224d068ca
SHA1 6d43d7af25f915da2742d28e1bf2f66f77bbed81
SHA256 dd4b8ef0e91032cea5910c95933ba15e6e6a27a62228b8e541bdaeb8fc48d929
SHA512 0d7965949fe4778ceadd8ff2904a91f7e9fedfb939c65a68182f4d3e4a0a12a267f5011ef08b2c9e7b121d05d5edf0a51b286fc3163ef5538761cfc74dc8e3b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a5a4816d7929ee2041b907861bf52dd6
SHA1 e76a2b5b6efeaaff3d7bebe572698b48eb1f4468
SHA256 f29318574b974e8ea535fc4dc0e52ed9ecbf2ea824f6eb4b1d5a378260c459b7
SHA512 f495734e11cf2e03abc9a97906d3b5f6c108030b0b78d924a74323bd0e3d34d59d6ac62ef383f3d00a5b14a1d38b2ce59bebfc60064aa8fa4f2b6534cd1960d3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3fa2e3d70411a9429e7c53a7a2c7888c
SHA1 d737582acee9e9728cd12f06c873de5b22535abb
SHA256 2ad55aa69cd32e6d23b7245eb03d099dd1cd9cbb7a0a519a9b2ad8f324c930fc
SHA512 92885d4d77f50d05977aaaf357585baf8ef46677fc8b4f5f99677dbe7c2c28a356a7b3d3dea9fef03a45f69256bb7469d91de950f229dbd1f152e82e28403c2e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 eba0930a8f01bc8051b2cc1d95f2faf1
SHA1 c0193b484275204b345ef8dff6d08596bba5b3dd
SHA256 2231a4c31daf09d8e7da67e31ed065bf219809377ae405ed30c5ca2c3899d0d7
SHA512 55be2b72a3dd9d21ff9297260c2b164e68b42ea6b9c5d20e3a66cd613d1919d41e60ebe843b13e023431e4c3d3be7ef0feeff57f68535ade5275b1541b653ee7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc34737c11c980521c442d1bd40285cc
SHA1 2635cd64b7089badb9056f635ad4c4d0450b2b83
SHA256 b66c35da313d816e01749d3ed100d834d91382b13aa7bc7344cd37e8f1bb1bdc
SHA512 485395e73e612cef7561e45d8d5ec5795a18fee904907ac83abab8d961cf4a278675066e109870bc7582143811c8aefd703ee1eb65aab8930aec6a8fec9a38ff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 88bba452e19e5d46c741cd04c74c1ba8
SHA1 c030bd0f0e6747131a3514e87c67f331393f1d2b
SHA256 b80862ee9d914803cf9cc6cebbdb2a3ac04df5a46d53828fd00b6871691c7f07
SHA512 eabeee8af41ec2e4598e3a140f305e252b7c12f62c68c5a04fbf1bb540d5fbcac2efe0b6dc6772d5adaa161bafc181b36c57a2d64677a0875aa748ed0b8c1efb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 96cbaff5380fc0d69a63a48a69d38be1
SHA1 ea84654f35a913282f46a60feb2331b590b127d7
SHA256 553e5fd351b6d8ab60d60eb7c1e50a6008ec3da2faefe7226a18edf06aaadb7f
SHA512 fcce8bca4ec47d93efe0d2c7f0162d79ad864376ed7a30d43077b4dd6c627f0f3be39eeeeb50318592152c220b5dc1ee2911c9cbe0b73c95dbdceacc07cfe567

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 77d951460237e559f8a50e6690cfaf19
SHA1 8cc19428846c1db35354d0781c19743c976b79f0
SHA256 cba35e7ec46179bc799d19885b4a5fe609e748b29ea997ef60f79bb356e60d39
SHA512 39149b01bbac1deecb717b2b29e73fbf0bd1dedc2ad3494d364383695868aed4e33dc0ce04a220e6cc55aaa68d84b3ee4e8f3eaef0619ee8a0735b39a3e78ef5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 eea5ad1c3ddf112925ec2779d75519ec
SHA1 9e6c320881c891f45326dac6d2b741964dd37f85
SHA256 d88f607f2a9f8dfabb8967d82197cd8c471967b357a01508b591b03b6c5c89d4
SHA512 9e9769c3b28f4c7d74b082ac8d43307f4b04fe7edcc91fbd4aadc12073c8caf7bc073b92c1acaddb2b43cdf94f44c45d643890f9951131dfaa7ce9b8d1c30016

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 59de8e91509d9fe63a3214b61db054b8
SHA1 996f309e77149d26cfcf625f57f0eb7e28eeb343
SHA256 7019d803841722b01cc9ff10976fa3b8c93dff6825bd082bef17360dc33bbe92
SHA512 49644ac325306eb3fa293fd7a74fcdf444b93362fb13d29000994703c13b549fee861b9de46dfdc623e53fb3c34932a68d875e0714f928aebe0a0b9f4cb591ae

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1b5db9072f4b0743fdaecf7b80defb91
SHA1 643d518e4f985758b946eef087ce4a386067df70
SHA256 87a3c6bb5fe01932b8bc88bad4aefe12c8d44588af7c8202db5bdf75e8b2b7d7
SHA512 dc894cfef923818dc02486855dcc2efb0c2fe3e3b212a3c5b4d71023d415df20d09aa0015788f0c3981ce019e6ea2d03ddd169e6297bf5dfd9edaaec21b30d12

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ed0cb0ec90f2fa4234abb731ec58a81e
SHA1 c5a22596b43081e55f172b9d4837733c17f4bbc6
SHA256 d72ea5995377a38bd67f96374eac81b6544e529673c66a65b7c8ae284a189d95
SHA512 2db264406fff4278c71cc9f07fdb7dc05987edb9d24cc054ed49d59ee2c1653bf5b6f3cef6d8118c6ff1747ad633daa0d404189e1f3dcfb8a001aa38f0620fb5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 df16d9d033b25a06d9686d79a7521e9e
SHA1 d2d3585c1e4e37560911005a9f5433b8856ec145
SHA256 2e8977e0101da3cb9b5c27521007bdfff2656ca8378c7fc4f8d29ad1c53d888d
SHA512 b33fc41e61015fb6fd1011b783e01a88c961447cd7923a74af3d6883fb495a09dedb35203f4d0858791b5d09111ab3375f2b645d4fd52aaaf7380def2ae1f734

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 2c3ab41785ac1ac5a83cd0575b6884fc
SHA1 0bc7c5098dd32dd74e7e755dbef31aaaa5d3e3e2
SHA256 003523c4b3af3ea447554f3e9d8436c99d596f8ab72479e329f0739344460aef
SHA512 6f3b23536abdae73542720c83de1429d6f1d7b0155ce81f1828705131a1b724a22a792e3555b47a21582a983232c43693f50a2994565b1fb585b5f500678912c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ea6868683dce2ddaf642037af7914a4b
SHA1 6d76396cd098b53bc95e4a7c1c3c8a9d66991402
SHA256 2f85ece69ac1a70e9597ba0260695828b965aee771aae8c37f5eee6c0f84e298
SHA512 a631b31f3faf463168caa0aaac5110999beda57cc996d11dedbf62869506857be9ce70458bceaa7ae1f07d198baff3cf608a14e5b7daedb64e0f267898e2bbb9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 3a7456cd097e6cc2144a7b35450f447d
SHA1 b5a6ee9ec3ee8f3d51d99a86e9893c0ab767dd37
SHA256 68b7fc2f022095fa1e16578ea388d26d44d41fd508205f595245198b60185657
SHA512 9f3ef81263f5cd97cbbb0545bdaf9b6316f3d74775e9cb755bb1e578f762ae2d0d0beff0a8875e145cca168c15b6dc3b6d46f863c3413607cf6db06e7670d8ea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 333967fa0c6a25e38422df33e677cab5
SHA1 31ef5683557b2b436ffd796bbcafe885a08fe789
SHA256 338011f70a04c52492db772e0af91d1e3c7e8c729461062e29c131ae2c651277
SHA512 507c8c39a3347fcf53295bb06a73197e59dc4c113ccde90ecc7eb32d5d3f1e693ea0dd468d216d8ea73423cbbbc41a41ff2b8b9eabf53f6ab1827446176cc089

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 2cf6a23a63cbb944aaaf25001a3b41b9
SHA1 5a7525cb4825b37e5d3658eea3d575ffa962faf3
SHA256 5b0145f4ad7c1303be46bd79f06917935b2453b368f8a5f5bfe5c91842384110
SHA512 633ef27ed6324a528a62d2c9ec632f962813c63b6d64e074b91ea4690eb5b068ceb554611642f095e30284d6ec0a54396cde379e6df00518a82270f877e8be4d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 730cf2fe9e041b9106db66c681a8d778
SHA1 137e34aa8c37ae7577bffade6b27057e45aba0d5
SHA256 90017143560d0443e2c0db690dab169dce763a644531c3c02596d4c8569f017d
SHA512 58a88be3ffd982bae7ae23aaa68104f871a9e8c05e3a1a0ff17b072256f5dcdbbeacd3fee0b10091c23dfc8f74eae0e476f6a38f3a77ba0d5de4e34d4c2cdcf3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 437ba090fdddb8131049076a51cda558
SHA1 ef5c07ec5b75c7c4641567b8cf03d198eb8162a4
SHA256 79a0ff455086673b9f20bf9a5bdb78f477013ec20802e94e71f3cf1b57663773
SHA512 cc78bd3a732eb158ba416ee5cd28b2509fa3281884abf1b657242347611d28f8a004c8d9ea9356ae7535790040338f085e63f3aaf53dae32f2a4c5c92d60dd9b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 fc8696362da0c7f3e66592eeee3284ff
SHA1 277dcc17b66d97c079691104edd8e5360c93c68e
SHA256 0b553cdcb47993bac2ed0fde1652a418ffd483b4ab0946ae0245ec843b99baa2
SHA512 6315dc5690aa8684ec8f4f9d1414df318a9db22900358894845f10a55066f412610f525f80b477a60c19c863961573174d93dc6b3e41ab013bf1dbfc62cb5868

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 58a33f3cf92b4acf9f93eb9263921c01
SHA1 dc6c36d9638d151539714de04254ac6a49b34324
SHA256 2bccfd31e3f792c37321b3653c8a3fbfeb4c939821976ea6dd6cfc0ab15ca2b1
SHA512 fb6a5e6daa16dfc137b6b30449fa4f09157ce60be50502c46a7935040059dcbe9fd29b37a1fd95a2c8811eaca939c8be26ebe0b4032ecd1ff1b1801014105768

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 f1acc58be31de9f3bb14f2db8ef14b24
SHA1 2d77a91496b28c8bfa50676019d54f690a08b08a
SHA256 bfe618c7daf74e11d0f84913ac519c33cb7591b8ad92dbc3f1e224f49e0dbb9e
SHA512 de10f557e13e1ef4747b5ac2d86bd9f90ee4251432a006a317a640ef69e6595fa1558a780005fb266173d01c41defb3b141323ff6c0dbdeee5afcebff6d2bd24

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 6e9c58de2eb228847b5f4f81e859df6f
SHA1 d7be6c560cb3cda211aa9c89b502169de7abdedb
SHA256 443a3b3a4372ca3732c1c5b608d8c7c6c2077161c043ff972174db408c8ffb4d
SHA512 e697630373c1ea23d55916e3df682f2e496edf40d838572e7aa532c97590fa95a1f7619d7281a24cdf6c045f5fdf6160c431874dfe43d20f052aa40a95b26869

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 015ff9f70a3bac803b5b97159ceecbf7
SHA1 d1013706505df4668fe8a08fa72bf6512edca02e
SHA256 d2c5fe841adc30934ec99559a8e44c7cefd6282345279781d7d179dda83d9f75
SHA512 bc71697b13f6c85323a2ebd3acea07046e7a3b24abdf42760ea0e6f6853afb3c93c0fdcadffcaecdfc6630dd869b8ad5cb81e2c9a83d4b13f556cdd9c08f2cd7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 3aa3efac117c14b436b3c17cab9ce8a4
SHA1 46955db8c4e070fffe04ea0b830d871c686bf6bc
SHA256 bcb2eba93aa61ff9d36f893ad13edb98ac9978f040f2fd3442bc02e36216d898
SHA512 a9aab19a273e7cd5989e335ab0b4bc74d85b6d11d9921d177999d94d6531da526d8469b8ddb46f7ced8a00b4b247fbf0c5c9aee366bc86c9788d81d6e42c2445

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 efca7658b5e1443c22c301c08a2d3f20
SHA1 a3a8dc612ca93f6f3677d0ddb29c9f95dc8bc463
SHA256 e3a2dca95e3819d592c8734e0fb7ee82dabf123e11ff2914e165ef4596b87340
SHA512 68b547c4c74dd1f35c0f93e0d6a4f1c5dc6872fc483a49465ef472f67460c4d120eda6344ccec3b6b4501310ae495998dc3ba3992781d0e663de89cf2375d4d6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 1cb21dbac6d5bc6423361286f4a4c99b
SHA1 bdf85fc80b3c6e29a4ca21ae26d86719dba04757
SHA256 218a09adcca437a13098322feafb586a1c2a17d80e68aad0eac0869b9099c7a9
SHA512 a6cd48b24a3ae46db9852769219e77f72964cb130dd44ee06bbabb4e2c24d2b27057185195df7b3df4212f3a91dd0b2b2f3d409e96b52af1895cec395f329738

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 09d76490de0381336c50cbcd6d1e0197
SHA1 207a9b8b67b7c6f7668264730b6b34240c0fd6b8
SHA256 23d19fe5a9761c8534fa57f343fa24f8d72c41fdd66e26a1e6288e8898ff8bc1
SHA512 8601aaef6498fa0ff83837b4a7437791066a4140f959f23839584dda3db28b10cb1e98831148627c90a014c1df045b8b9c9d1d5b0b51b470b959c35dc9d4bceb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 ccf8c36fa60984ded0feb9cba264bfd3
SHA1 51921f8b9eecfbc8b738afc35337fa8d36302332
SHA256 ff3c2e140f1efa62ae2fa994e7b09372186aed5174d00b0523ce5393f397ade3
SHA512 765aa3779c1a629aec106363c9314d3b2ecfef0d2a5469aed8041e55e577b600481feb8c80cb0007c98e07567ca70000ed89b44f3e9f8d63e1ffdfb3c4c6e6c7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 1a5c5ce1fe5500b2c828be9e92900c2a
SHA1 b571facefb4e5310e8748c4416501f12160a157f
SHA256 565c5075e409b15f4fe84908cdd09b4b87f8fcd8ae19b85341aa7743919f1384
SHA512 7c4651adca785ed59f572543740d31f48fd8e7da93dcb091912ec78d84320a5a860dfbbd22e15339e61cc26a6410a7e139f09c94492ca7becbc5409f230d415b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b2d9998fe01f19c62ed4e84b111e35c0
SHA1 328de7c8b1c1ae8cbfebbf3616c8a9d87b9a08b4
SHA256 df2ed1edcff6385498a2c49a988016efbab121585e13dcafbe2352fd288342b1
SHA512 4b95d7472227ecc9ed6ecffda19309794096fb98ef680122f9e0486ac58cf8b811df9a98ed7c06b219c2fbe49790ef3f1c00763c7c3ecccf22ab6197a36c8deb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 d3a12fa6dab7724575ea0987d9a66be3
SHA1 bdcc94a1999a4fe518784e24854de8ec2e456dc9
SHA256 1369c4d9ecc48fce0db8916c7bed1e381d098eacd687bfda6a573af79e517a81
SHA512 08bef1fffaa52e980a2c91bb7f1af108002e74de1136913d69c1e028b045a4b98434e2b26a0542ce2571279cc0af67cdaba45642bff7df64ec1e6497b4e4e406

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 3d5c8bf4bd080362942484088a3afc71
SHA1 7b06706dac4d744fe8acda02297645982bf2df3f
SHA256 13f42ef91f42f6ac0eda1f78a60353946910c10589aadb42c5767745c032060c
SHA512 74b831a972805b1dbfe25427d1c288083d74c953804773abf03d5f9d44186018a7edbaf52e10dea3a728bb0e1854f1f3f3ca27afcd88e0d6b42cb3f502c401ba

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 be6ea772089a22ed13d839065e8411da
SHA1 98ac37fd28d938d508a39b8d8c10e569571c97fa
SHA256 950e054c93ba92b934dbad2dcabdb920f537202f904d2eed3057ad5ed289768a
SHA512 72df1cfc9694a5cad6642afd338cdca557a168ab6ee43ad3ef9377204020a1de19d4cd2c2b591b07d904b7d04e16b52ffdf75c6d0e21242922ac9848bcf7a9a6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 09b2cc9a00da4f4046a4f9dd63de6d3e
SHA1 45c64e94ac34e278a696bff657b5660d305fdde0
SHA256 7d03ff32fbb75fd59955d817e54f3245602792f72f116470498a32ac8121ab0f
SHA512 9df0be7d6d66d6931ef738ee660bfc2db28b6d2a4c3ec54b40e43596f4f30d94cfa4346c6c429d00a72613727cd4bdc317dd28b276e416d39a58fb3c0c350df8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a78191f29cdb2ea859d4b0eea3d6471a
SHA1 e527b9763151c102772b8348338a92a52677271f
SHA256 8c0602ea6d27d29aeb42cd9808465a98f8e4bdabe2f3ad5ab3311f21ce476162
SHA512 25d074b1775d97a175c100b3ee3e0134be04e140109b8cd7924e7ad4ac049742b3140c66d2fd856d4672e1ef27f29d74ec244d596d0cd40bb96d38f6ce4bcb17

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 549722115b74be15db372f8b3e72f1e2
SHA1 4b51e8e0dc2d2dc71f694ba0576cd4a9b968821b
SHA256 5884daf9af67cb4013ca3df781a8a13270b2bfa794a94ebf0cd56add222d89cf
SHA512 c4d4cd77edea7c3b6fc021702533706c11cfe42e95a1b47d0c5170937d9fb5385aa30c79196115c47b0d477b11398d3badc2d301ac6a4c4a8af1d4f5d773f60e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 80339fd7a0ebb18fd9d224c477c085ec
SHA1 fdb9d11f9e4c3509c47e861b31a6b13e1c34d56a
SHA256 2752fb2fb143990ca5f927368ea7285ac34333a7c37e897975c733635e71849a
SHA512 a107b0ae552d61d92a1eac88a5d9a06f1978a1b2d598691f2cf5863974c93ce42a333a06cc9c42d3d1607f0cc4764ce30821e1960bb45c49dd331a22800d7d93

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e3c8b22af5203623358c57524a78ce0f
SHA1 8f46b74ffe9bc3da13b78eaf354974abe886168c
SHA256 04379a54d66a13a47e6c5e1e3b11d5470fc3bc93cd0f4162ef98c8435cd8537a
SHA512 84aff6f5cd79910acb39904cd502a52baa101a09fca69e066706dc40a3001c37c1ae1a0adea0d67b5edc9425b41fc14af5f4387932d72ea3f9a6dc80f55affe3

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 ee378793a43dc6de677f8cd3796dc482
SHA1 30ee6021ad5333f13630b2f0dbf6f13ce4f1c4c0
SHA256 0fc2a9e8ac4dd7152279fab8e852815417b4a64f6eb409127068077f1fad4f56
SHA512 a0fbac121093012621ff7ecae57a8ea0f2d0b3de6d24e50939ac41b4ad222820d6033c6f455f809da2a744c17d564048b2722f9d3944382ec63a88c9c5e76c5b