Malware Analysis Report

2025-01-18 20:41

Sample ID 241207-mbcg9atmfq
Target d1ee60da399d2520503b3e134855be44_JaffaCakes118
SHA256 5ccaec3ac28c38d1af7ab4661d2d6c49dfc31eb250a598aa57be448e0b7657d4
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ccaec3ac28c38d1af7ab4661d2d6c49dfc31eb250a598aa57be448e0b7657d4

Threat Level: Known bad

The file d1ee60da399d2520503b3e134855be44_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2218) files with added filename extension

Renames multiple (2189) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-07 10:17

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-07 10:17

Reported

2024-12-07 10:19

Platform

win7-20240903-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe"

Signatures

Renames multiple (2218) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angelu64.inf_amd64_neutral_3d6079dd78127f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtx64.inf_amd64_neutral_410e89ed86071c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR17F.GIF C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-help-legapp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dfa289134fab93f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_c29b6c0480cc54b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\1047x576black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\selection_subpicture.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmtdkj3.inf_31bf3856ad364e35_6.1.7600.16385_none_0aac5680b7a55e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_rainy.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_164e092b536913c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netl260a.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_37d5568c6cab39ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-hgroup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_84349890449a5d7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cc18236ec7661409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf6d5b93b496da35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_tsusbhubfilter.inf_31bf3856ad364e35_6.1.7601.17514_none_776b19f55ac34470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Engines\Lexicon\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\verisign.bmp C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b940072721dff350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba88bec7f5c72fd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..esframework-softkbd_31bf3856ad364e35_6.1.7600.16385_none_0ea5105470d7098e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_43907f7b80523a4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_7.1.7601.16492_none_89bc8ef5c05582ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e5eadf52d4094a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_955baf9439a9939b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.1.7600.16385_none_1d6e705f6d025338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39c1a15fe5d380f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bdcac3537e3a78e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile27.bmp C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_659c9fcce8b577b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnts002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a943357dd09aaf46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5bdd2bf01d7bc0ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_134e0f99df9fe86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9cd7bc24d39fe04b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_795116adb6780e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_040354651b707cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_793154cfd188fa36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netvwifibus.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7bb34d7390074ab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4dbe3af629c49981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color120.jpg C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msac3enc_31bf3856ad364e35_6.1.7601.17514_none_a6e637e4d9e690e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0b85cac1a55255e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6aab823616410bef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..order-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e736603b3f973403\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_caaa1808998835c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e4caddd130d36cd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cf30c64ef5fd4e54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_74a4f74e5a3cf6d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-moricons_31bf3856ad364e35_6.1.7600.16385_none_410fda20fe51f655\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d63da416276891e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84ef507e8404018b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_8492ec5f045f17f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hcw85c64.inf_31bf3856ad364e35_6.1.7600.16385_none_0446c109eabcdb24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_2263ac496b569d1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mfplat.resources_31bf3856ad364e35_6.1.7600.16385_en-us_04b29712979b660c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da1c4bfb8523f11b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD\ = "CDYFHILIYTPKOAP" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe,0" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 49ef217a4be1764efc6de2d27431d098
SHA1 878acc2b9424c33f3eb9be4b29f0035d96cabc52
SHA256 212a56ae6b6fc3d2a283e21e4c8c3b4278c0cf62737825fa531eda9e282ad721
SHA512 7f7b9c42a1c7373749cc603a42b61e3dea8e45082dca6c5ee122ddb067b2613fb5be214a50e83713197194b94a0ca4b67dcec5b0c772fc32b2665a18f76ec697

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 be1dc028d2f035bedcce7cd8a122aea9
SHA1 3d75379e53f9d171d54397b39fb60647c909d4e7
SHA256 e7f7c475888528ab972d3cc869b1525d5357e8dc98dab7bacbe80fae6067c545
SHA512 7fa586bd16ac488d022c83ca64a1a3eba0d5b5afbdb1990c84a038112d645a5d8acd3950fea1b37c93d7824ddf9cb0e6d77c6e3a9ca2659313432a047c4614aa

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 922e98ec9524eed724cd3005834256ab
SHA1 682df3ccfaabbded269c6f4bad657caba508a04f
SHA256 073b6f4fa0215a48d85792fc9ba8753ae9815e8963c1f802396f0a5e07762ea8
SHA512 09791dcd63c7b1a97e7c3ae1f9a922ae812a10a701bcc34a809b5daf0388fe3a697a68191e3f0ecc001b28c0b9ca2993e20287b1040514c3e20c9c11a8d092a5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 e53854dd264edfcc739a4a37116a664c
SHA1 61cd057673af4abd2e39d443be5c6355f2bf305d
SHA256 80c2bb8f4d15a9815581c48ed490f19cb72569c4a252b028d99d5ec9e19a4ee9
SHA512 b43841c075ff0509193b33cf35352c210be41debef894d9db0b151dd2644c2ba64e2f8d7a36566e121bb9fae4511fd3d00bbff8a45a0af6f99ef2a9ff20f4844

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 2800d6ff3c636ebece3b90eeb7b05747
SHA1 b9cd04926c72ecdd3dce1009787084d8d3257ded
SHA256 125e29b603de78767f80946f5765aff51548a896b232604e81556ca1a7cbcb87
SHA512 6a50ecb87866abe928eccc55403cc95f2d2a621786732fc658d0a62bffa4e899321d200ae7e23721b736a956a565fee02ac05979458650608b5dc8f6c4b4e6b4

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ef35419e914f1806023d3e64ef383b85
SHA1 d4b96591348a57d7ce99997dcfbc4a6b1cbaf80f
SHA256 cf8c5f4c50e30e0f24f5b223f5d504c431f792cedd56ace27b38a1e3e385d945
SHA512 41b5e4dbdc5da8c1dcf88e950404821dd589e25141fb9e89979fef72974482b2f56e70299a5fc7f933fa9c9e6ef9c289df73df39fc9e98141cc7a531155e0eb3

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 02268b5b44128b1e5b261fdefaafa4fe
SHA1 123e77b47a0199d779cc52114593cae9edfb7137
SHA256 408dd9e49be462e0e2690c84f479b26507948faba197135cf838229e6ad9771c
SHA512 63fc4bf98d88ad2410cc3a9a6b0bdab45031c8e24a8bd3619b01924946d4b5906ed4bd9bcbf7eef3cf342f6311ce31efa5f8d3b7bc5920ab05f5b53ac1001886

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ea089ea81acc69c3b524760249f1b4d9
SHA1 a47388f47f95f040b86a47c74eb2185eb805848d
SHA256 db563171c6047268a56195dda8ee69d2ab041c902a2ffa3080850f78a9347acb
SHA512 a5951351b25934233cf22e5d5bf0e9b569ddb08e56aeab9f1e8ae9a799e13639056da394193d5c7108b62f47122cdcaad8e6ab86df31cc4e7a993077e5c52b41

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 76ad2fbfaad9578838e68956efc70c95
SHA1 4c1469462cd9588648a16f19d5e3e33d97849f4d
SHA256 6aaab9a6fa8ccc0ad1691fd41e5d7444f28efe4dd45aa7e47225fe2c002e3474
SHA512 cfdd80b7639c1f5003a200a8d92f7e9e5ec33c55af3fafd611a035a78ae7bf668a5a67109546d8739c4ce816760b656459208cd1b0a4f2a5029d9e9bcafad09b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 23d5a74cda1f64d5383971728740e172
SHA1 dcf6cde9ad1a1542c3073f5626ac7ed6fa9aed95
SHA256 f71cf048e25fe1cae94c683eaa8281e3e3b2a795d34465045ceeb323d4d3f7d9
SHA512 bb4dda06bf6c1a487064ce9d3313962408a0b36ac43b91f80b3e41e14b7f44cdd948ee6352af3220f466471aa8fe1d9e2df7b7190701fed08c8b5ebe6ef80ee3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 09f3b8b5eaa9fde733c0e4e8a3c39956
SHA1 c9b8300d25eaec2518f319b1c2559fbff84e37cb
SHA256 1df07fe8680a2647a262f017565d1320eec3b3af2983160a564c6921381bc4b9
SHA512 3d4b332666ec80a3333a492b54c867684b8fa6f984de1c96ca26bf1ca5960b362ec9f48a82e1167cc837eda6905c5d3c32dc4eae06ffeb46ed9df01454673860

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 1fe06052cecd9162396906f23a8f4dc5
SHA1 8b13dba41d0e529e80bc35f4919193d64e584ed3
SHA256 ec62390d91417a5856eb43f395a3da09f8a48d60bc71196dd569f524bc581a75
SHA512 e08168f9c657026c999efec513942ef9af7dab6a96daf6108599cc0b13770391123c820c68e00ef651875db6662813b522d19e5755e2eb23dcf087152f1d6c9f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 56c9aded969266c8a94bdb06a1ec2705
SHA1 4b095516bf5de599f50d8cd0718af3aeb6f93d50
SHA256 ae5e7999d439b083f7c8a14bae259fcf310258798f99d4dbed3b53422e0053f1
SHA512 4d67ee8da9c4e1065532554c95cb6db3db8656c276c7dd0fc17344d6c1eb06a71546c1274ea8a3539625b58d75dcfa83262f8cbf293c892e317a493b0e5e1d0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6063162775bc6277835d705583dd2820
SHA1 4d2cf3a0e3871f6c3fd7f3476f06fee7e80ae351
SHA256 f964c087e8fc1b15fca4ed2405ca861e2d406398d1a5d9911169015f61f23fa2
SHA512 6d251eb5e3099c95b3abb72f72ed31cfc6f9a10bc12052bad0a2aedcfe63bb18eb820d09fdf49a1910be2ae217a2da527509886c494a4472d475445c673db2a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 e3fd39f3f5d806fc81052c621eeaa88e
SHA1 2ce17de9fb8bac0f527d57cd9257c649b17c10cc
SHA256 65af931249b729617fbdb3eb2539c5e419bae58f63841fe88bc81db81aca2a66
SHA512 7438ad542a57e9d16303197806ffe6710ac760e72034c525b09f47b71ce1f5dc05f33f036cac40695ae901d16e093c3094a37c2fa345f67ea9196dc58998bbfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 a96a6c89f9f373f72c082d29671c9b46
SHA1 0d675809f91501fa231fcc24599291fb93992da6
SHA256 9b3bda4fd3551599b7c7b64c3ec88b9611eb28128dd1e0cb12b1b3d7f53b71b7
SHA512 fbbf7b11bcc1099a67b1de00be5d24a890732e16374c464c7e0b8f4d278c1c708108bd08d3a227501b8cd3f1b6f98e7d4513c553cad40495a1a3b2e43721af82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 8212eb2609de88e64b8a529ddc6cdf62
SHA1 a03518a2d7cbf995c67d4cd79b7b2b187172003f
SHA256 5ef0091f0ac4778c0eadad099ffab6109ee55c67564b322bda9b2fab7902b660
SHA512 262c89cbfc754e120408d3132cfc0db83198542cf108f033cb97ac2f079bd64e7a1d9240ba416a835aa17a20cf4cec5f7d53456a6215369f27533560a08f0f3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7968f9e66f41ef98d0e3b30e5629a89a
SHA1 866f63c37293e59a34e5405df4f79c8ad41797c8
SHA256 3555c94216fc3e9c579031da94dde377589656ac30dbfa77010d35026dd67340
SHA512 1df4cf47fa9809b808136913718acefed241ca6426be1f47a0c82dea05dac4c1933723914246720b0ef7e06aeaf4c5fc868f58c448a36019946f4195a6625aef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 4e30f6c8449a0391c39b5df4076a9274
SHA1 0bf1bf1284eea57f9a26ce8c6e472ae604ef90f7
SHA256 3b7bba6c9c634de901d2664e137ec16ee0682b98c2ca4c08f914ed3de8f899e6
SHA512 206833fac62256f7330eb5fbd19a26cb86cb2105d688e6e2bf2149135ef333e671cadf93100564aa97f89bd39507150241db02b4368adfc5b0ef56cd0e151e25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 40213bc38b949a4a76e7be1120509e4b
SHA1 8c47480a2f68a7af3cb949308c4f9eb5e0ba701d
SHA256 3ce89980edb091e0e2e8741d8852fd1c6ed563209eea8c460b7e49079ea2f64b
SHA512 bb7e45ba719821ad201adac76ea672485e9256e86e72a5f2f5737f87d4d7f22a4e6a1cb7719d6260b59021c9538d898ee320c47e0d980c713a8d8006ac07b7df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 0e1cbd9d662bc54b732205e40c1791da
SHA1 d73e59e2be2889c82430a3a45a7588c815667de2
SHA256 62fdb77914ffd3a65e31791759d3bf51dc0255a4167e7a4e3ea07f16dcf4345f
SHA512 21a70cb1e3536c88181873268be3e4668ecfda1b8b57bd3d25c3910055982c2a517a042f5638f72b2b38e244165dfea5a2785c148c604e6dc4043bfa7e38bbf7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 92a45c6475f3aea0f80c439d9948c8da
SHA1 c6166c834a33701f671e6561455c15024f5ce787
SHA256 0c1b12df883f9efe7976ebc1e8f8de80d95753503514b9640acbb9126cfa66d8
SHA512 e9eb243c77d6203e49ee075ba93499da9d66dbdceb754e0144ad8b2e8c9d49579a15ebc0a1552a868da448ee241bea66a24418e06eca661a41ae1c9419c34295

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 93f2346e1f4fee5355ddff4df343bfe8
SHA1 c3aa7c1ac72ea68f49a3684fd054d5c61b0f274d
SHA256 881596a53b7b81a393d80c8f93c8fe60af5ec93504b2a95fb86e14e37b28125c
SHA512 6df7581e5518935fb9f1b703d8ac3325f691db4c50fda02664c7176eef2f881df1da91015ad4becf473ab21b2ff9270cdde6086fd989a97832e90016f281d00a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 4f630a1ddfa91532f2066979d9ad8de2
SHA1 e35244bf800280de601b21ce26be031a1ca8aa41
SHA256 e135e0925ecf15d91b76a7976a08ab55da35d8a23eafe339c5807c352c9fedd3
SHA512 f0cd78e109c0dc81e615d479ee2a935a0d076cf7ba58d3ad80c1185b077c3f4c143f77ba2b0aefe5e15380aa7d3964e97f539c39e7fed593c7c03422a5a0463b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 28b0224b40ee4021d25ff146088be363
SHA1 5379faf5888726f2eacb25729e033c9cf92903d5
SHA256 b473bfa14f8976e2d3429eaab29563adeba9983f6d6dd04110d49a758628b4e1
SHA512 4c0443fdafb5f381525a4cc323241e5e2dcd28441b0be13877efa9595afcdf4e2994bbb839f09aa5ac220ab75015c34a64a7d97c067d7274df41baf805af451d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 67a1fb49591b758dfae9232519c31a39
SHA1 af1609561100203d3f23374a133fd4fced9e86b9
SHA256 0843ffb7b18ea3e3343d00e732aa95189f235f69ddd311ba5afdca2fce2accca
SHA512 bd3f8bb41340a1df870c2aefb44ce51f15e87423bd60319e8a877bf453a52ebf750066c138c058fd42abfcc1f4a7c6ca57ca339d2dab80ec158330cdf6ee4aaf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 b9365a91b04cb86d9786c571fe385fcd
SHA1 a7c94c1de83fbd0b0137b2f9a005b8e2858af5cc
SHA256 c8a1aa4508d95fca8e73d72634139f633cf975cab3a7512e1b7ae06f2cc47239
SHA512 35a3458d85c540d28fd16f7a0b43ae5ef282378dbe42a6de9f9a1606d1a4380c24ec4024f1e20d7d19293405d4b0709134a61530ce3bc9ae9cbcee2435305f1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 014094b2781c35f02e329ddafdeae4e6
SHA1 842156c25233ce1535cd488be87a4c132d7a995d
SHA256 49bb42017c4b64881f775c88be5aecd7ff645fa1f741b7bcde467d59f22776fb
SHA512 ca4dc9dba1a773fc05d3c798c95323b1237655c56a1b8f7dc23a080e7cdf53f5934d58c25f784f679a5da0ad59c648852b764c54cfd18c895b881650c2b8e61f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 39529d2b256dba9ca766a1430032e733
SHA1 c6d63f7c06dcf38dfc066a6eaace4773a2a41deb
SHA256 205a7ecbd55a0108e5bb00b121313e66612b820c6bbf5a561d0955b09687c394
SHA512 bcbbfdf4f8cc10248a33853a130416b23799deb17b827a34ba9f30c8ab2b55031f908a3e4b3d6ddf78aca01f5a81a1d13145a3de86513076da1cbe9b5b5f61aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 767a0241148f082640e18642cfa1ad5b
SHA1 0811de3686f88c06d979f3b86afa17c192e0c236
SHA256 7708be51f36a9377913ef6f10b3f563d9e67cc7c68070e43d6c5ac1b08f6f9db
SHA512 ed4a930505a545337bd90f8f9c62cf9e967d8cfb9c19571f06bf5ec36071ca7af28f7bee4d6012007effd5256e271b4a074bc3b4946edae7caca2783c8b732f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 975caf233a91803a05bef325c41af6e2
SHA1 187f4cca95be04cf5ba50830306250e3a5df26ad
SHA256 d87e66d589282a1b1c7b17cc337fde4631563a86d26605a2184679299d75dddb
SHA512 0b97468a186477d1e484da260e68b05aded5d927b40f068be5da55f8bc789006db25bcec5de6e1d8022247a7ae64bbd8e04681bbde0865a376a16a7b0f4a4af0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 a5d1a673589305b7a5397f73de372893
SHA1 edf9b55f45fae26392a37e957813841faf22b452
SHA256 eba26c39a1d1a29e17bd3ec0c517f745140138ffba25f76875b0afc91f06e42b
SHA512 b7a057c64b05736d3e822ffe6f5ad8792c14625e57220109b6e1373e9d01e037d1a9d06e927d96d7e0568dd19c357e9d121c7fa7c7f30d7db619bf670aacbce0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 2bbd857d2e53ff323100f6f6ed062900
SHA1 72446915e7419b614ff2900d90bbd4a1e87667c9
SHA256 48e800f7e34026ff8f2d7809999381e5bf2d8b49aee8d7d52776729c4647085d
SHA512 2f4c68d49de153475e88aca2af08922f1346708f59ef7a226fff7733700c9586279ba21a891fc32ec3271d97ce22adee607ea258c975127b0e8800b6993cdca4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 77f7133da21fdc19dd64a7c62a190e78
SHA1 3d386491aabf352ac4b1131238227334b41c48b8
SHA256 8e6b7b0a34ff45a9189a240e5cc1ed4163de6ed6d87bbdfdb64367dee5cb63b4
SHA512 8da7135f98900c78d6f421a41278fd8751dd3f6c8d8c29b0ee65fa3a56e79bea6a104d101bf15872e5f36c236528cf6cb8af476097f19d713dce8ab09756d227

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 136478c128706a85ad06049a49bf7cf2
SHA1 6b93f16b20a457aebd8e114d941b3f39bc5928d5
SHA256 3b6140643d7cc8c2348cc286915254e87185eef44c222020474d882b24438a8a
SHA512 e6879e0dfc9eab30d6eab36d102dbbb2541a68aaabccdbea1c912a708fde0b2c8367d2ea2990a6380138072f7050eca4114cb8dd020daa595a07e4ea7877f805

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 aee0f930484494a5419284267c905852
SHA1 0301054cb70fe0fce4739a16fbcdc8e6e2342385
SHA256 21677fafc039c5c27caf9858625a0a0ca5e9b8442fa0f6092a516c1638dca6f6
SHA512 b72382bd0f15f150ffef394c954356e722b59c250191921cd4f6f5abc71917b2854c3ebc934fe17a8e20f76b8d6eeddd5ca1bb13da57c459e4ed0beac418edd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 b5172508f678cce808de834e6aecdd2c
SHA1 d39986cbdb48832835cdd2d90e176adc8700364f
SHA256 1c7bc03ace2570ed220c138e98bdf3e4f8fca98f20347c1f6134b412e3948caa
SHA512 67ed8c0aaa9068070e3ba51e7d1217c6ef767367453509c191db57467031315dc3170a2241a146d83cba9c50a6e77ee64f93072d60066cf00a3151d42fe54e3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9970f89579d52c0a61950d8612998333
SHA1 442b9d429ca94ea81dfa1d153bbc198ac446c08f
SHA256 c0f206ba59018dc7524e08d6dcd9959e23d4e6934256dd3b8c7a60bea0b95813
SHA512 a276034a3fd90a654b3af0a438632a64db01396d564028935f97ddd2f82924b1cf059f728231d96f4e8268d6884618f9ade8d8791af6a4cdb7935212a36b13a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 1491d8f6430edffda0107138c55ba797
SHA1 fd9fecfc8fae6abe816cf725373a93861b9c4487
SHA256 6f1ded49680332d67f98f0eeaaaa9e3047dc20af20b85ce72382baad53772059
SHA512 be2e6859eab174b4104286551288cdd2b815c222c3febd4f448a0917dbb9f138f05794322831582f4806b27cfcc238abd9047883d403dc5e54ced8e789d0286f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 b339137f1a033cd4c0d1a72abe9d0078
SHA1 525f9bf2a903bc701e416f90ee34da2cc79d1d45
SHA256 2d0e1c7af5269f57a44d68f22fd23cb7c64fa6222fd6339ede448dc243fc2204
SHA512 a987b4f540d969b3c7403da77fe1bdf5c8fe7b948225ee1b3e6bd13bce3728593167c750de4cd79816a3abd7c2c71a6ba64438caa248633c4fefffc2db363a11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d8466cf33cebe86e77dda4531d736cf4
SHA1 c3acec9bc327be098f2a61b7ecb0cc9cb68a2c0c
SHA256 dc7bd141ab90801e0f56850caf74a254726e453147bd7af38c653047b118e820
SHA512 dbca55d35583661e9e010ccdc8aa7e2bfbf9f18c395572fd3c0863d50e49f2f4476fc5b37c59b25f146765b33f2c8467af00b65e846d4d3b16f3a21c13f7edd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 ea09ea06257128384aa2f00c1a299c91
SHA1 c9747fe48f7c11d971d7b9e4ae300edda93fb4eb
SHA256 7d9187083000da60d89b9c1d187566388fa07e1c4ce749b04c01d9bc88755a24
SHA512 d5a5fe61d7975ba0daf85fdbeda3b6e785681c3087ef9bf067fa7b3ae3599110a0cb21370b3ff7a3eb2a9280dc02325496fb699d26531c81573cfa42c297b3b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 d3613c00810dd8a08f0466af9da24012
SHA1 cf421604a03a9ad15e86b805c033bcdead597395
SHA256 d7ebed7e66196b8f93baeb09e9f62cce950bb87980ae4b6e02c4f0f1cd05c626
SHA512 229ae23b7356f94abbc89f5e95ba6f6dc01c59a2f7db8a190f58760b13d8018effa228a0e65cbf54b47d45f033f37fe217fa72ede888a99b84294ebf11254b96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 0269ee8304abf426d66c4ce5bfeb4183
SHA1 270c6c89d14de52eb200aaf46c3ce5f26e2a83a0
SHA256 d064fb8ad4b2d87472589ff55b170dd3ef226a2af569efbcc9d703c14199755b
SHA512 54d870dc3b5d400f4c1d8cd9a658a7321b30869b23755aa9ad0ec0ea22b417eaef70826d27a4a73d54f273179913c6e1be4e07d1dd658e58d1334a9e46a93105

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 687b967934f532f84cb570a602b440ca
SHA1 430a845fe3a1ac93e1e663d3fa47f70aa7c64e29
SHA256 254a96b9082c2a43ad8212c928049eee0e7ff571f2ca89287125a0d8785bd8dd
SHA512 8ff56401223648fcced076c218baafabfd1e0f02c448f0f6f1c6053644b032e09eb0c0dee6f26350f4e952df5d6d9faa78127220e80629c84c5d8257b0ece50b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 027bdab93e3f823f6d72916f4174d997
SHA1 00851bb330ee715167f89109b921342cb86d75a8
SHA256 d70d342f26cb752290ec8ff7f8ef65c4bc3c5d64da68c1e460ae389e4de60ada
SHA512 7baeb99111c5ecf7620f2194c7e3c61acf3b751dca15349017b16ee4c61cadf262138551a2fc754ad3deb19eb166e0b1a65edac9807d96973b09a13871db49b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 811b0db09ad82b27aa2f9dbdca99cc6f
SHA1 d290768f208b30f9c15afabb9c22dd276718b1cf
SHA256 ef1e82e6763c1667d8a4de513a7f920ae907417c249ee6abaf63efb8268a4200
SHA512 8b4fec17df0d1a42af0739e555d44aa334167c4abfc58831e97875623443700578bdb76cabcaaec73730a9359f48e6da39eabe2a61202983e541fd4fc345d902

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 80bb0fa39e45c896e95570217fe4c994
SHA1 b227361aa720c9a42277c415c569f28971fb0ac0
SHA256 b14ef17dbd47421b055c571fdff4ac99e55f81e4e0a17e1b1be82fa5f0584422
SHA512 e5158a08b7d21547754c331e2e236d4f581dd3c2d00dcacd75bba61fa7ae3ded5ed7e3cdea1b5caf9dc99648b65f81e7b1f6d07cbfc4dec2c2d1c8c78d4363e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 70dbe95b6797295f416ab70b10e0af3b
SHA1 88b64a3e0e2d1227a9c994f850e6fac08bb0dc93
SHA256 e11f492e12280918c0cc82b19a46663e1657c598c46f2c6302fa527133d323fa
SHA512 bedd0edc5c29f97a517d90f5d54c90f95639389a272aa29c568c123ae9c73a21574798b1fa3a7a7e9b6d751df8eab7b4b571450a6cd01968f54a7ab2bbeae58e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2babbfe979eb81a5ad6a8aabadd79c5b
SHA1 9bde184567607407c2937f9c1ae6b2135760f357
SHA256 0a8b4f13b778d73907ebbc84b36fa1652aef5fff695738d7358dd5cbe6c35f15
SHA512 d8332a8008d08ffc146c4ca24be171c7ceadf19805511f5dce7d12cee905b125afddce128cfa379799a009539d196cdd1c3c23ac4cdf10e8c006f7c43b2695c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 fec73d328d56112ebdff3db0864f0961
SHA1 f5725645e7261e47386b429628d1391e9596a04d
SHA256 8e5215af6ebd2a5cadec4d273fb1f881dd006339be0fcc5d92b2db5b73543263
SHA512 81c78cb6cc7b5e5d0ea057cfc40e8a23930b66d64fe868697d7b536e58512d8b6441a55d3d2ff7675a674d95669405591487ad9823b731b829121783f3676362

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 125d8fff1473741fcb65527c1c041c71
SHA1 cef7a03e7f5c5ea3787858dd17480c5856a910bb
SHA256 3de89cd29515d45c901ffea53311429ff78701a3879bec8e1ee582a1ed47e036
SHA512 feab01ac57aefcb85d52d252de908b6a5dc1d948c42f3323cedf525228aeca51660a03a3794e5941048475e87d59041b7c409db470366334f5b0f3caa38267e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 6e82eaab49bba8476da6e09c4ef21839
SHA1 0aa8dc5f35084e46727628cb119de28ec98bc84f
SHA256 aebc25dab57d52557a0b4fa05dbcc597574cba2707b27fe4f39fc77bdcba920c
SHA512 e01904180759e4e61d7294a568d2545ca2c36259add695763bc273e180f6a38618816344e10593e3201a4eff49c37bf53f7d818fd71f545fab837b826c801b3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 8e7c534c59f8ba66cc64c3bbbc93161a
SHA1 b7fef744c0cf3ce0b6a4323650ac69dd6d234da5
SHA256 0913a5d9a747d94ea6a39e7a9dabb40d2ab98252736b649b9331889a4650e399
SHA512 57a7eb112392eb6e4d836bceb30e0d726adefba7fbd1a661883485a08c4c2dae4ba878bf1b115327e8ed38a5d9851ff671524f2a5348c40e3155adeab7735c0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 fcef41c0bfb8746ae03b8c9bb928a611
SHA1 eb2b7f166f63d6e21a0783d57c2e3092f0b3683f
SHA256 b86fe8770493d789a49eb35edfbbe6e85d803ae15550f72fda2865d7c96510eb
SHA512 7da098df5c4c62c0e90783dfa92f9f5c810e182b405bc705b4649a8d8370a0c76fae7b57059a5cdbac9ff0ddf299fea502864391deb51e59d5340d09f7c96955

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 5c0d4c2d2386b2941eff1946e008be1a
SHA1 34e4569c1f431d340c4f64ceea42ad1be7db0c65
SHA256 e4904d06854aa8c3674ecfbea2b91b765a374417360332ede95feb9b0030d0f0
SHA512 9686a955bf7eacfbbf31d250193d17b0bb1c63216536e42f03aaf48f47ed7aa4b8c09a1bc068eb1b131e62466bcf69cbb189b95e620d38fc9e0c7e473ec69447

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3602d85706bfd429c9d75854c1230819
SHA1 9330b3413af40afcfa5589955badf34b86e93560
SHA256 f99b4ee5ae0cb0edffee138f1d475a75e52a7cb7032625fa979dd42e4f3c64d7
SHA512 f53e0a30279ad3f6b33c830fe31cf6dce7b8db11a06f103a09f817749ba0967bdaa6bf35b72519f3979378f5c7e700597b4b40598b3986ab37ad1aa6e81f18c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 2eabee2936639b4bc4cd065f72c7dc76
SHA1 0aa0545ddb44337bea593a8083505b68f0c5996e
SHA256 5de0643ac1675e75cb73907c86dd1206c89ed94150ec45e559fff5d1f93cffd7
SHA512 bc73aaf2aed11252008d3e721b572768c270743df8a6a5531ac3a238464b21078bfa4f7bfb72d9bda80c7dc6c26bf6412694780592eca30f2e3b29b6db3daeab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e9b2c36ee2dfe413a1a2b0314c10a89e
SHA1 cee21b733e44061f1f7226f6ad0e98a8e2989376
SHA256 6e79a4951b9b648a70e7664903aa8b69d9d881070a11a2216dc7facab0d72309
SHA512 c78eadbde04e4df99fa447b99b735e7c08eae3dff1b58dcdaf7aba580198b01f77e349c3eb1b326c84d10cc3683c4ae5c520d2058c98dfbf3f9098bd8e9c0973

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a531452be29be716070ef141d566f67a
SHA1 771300be9ac216bc94a78730857c1362f5ba85cd
SHA256 b3966e5430efb5dcbb2480e73c11b15c0dde540a3e1f7bd44969aaf7b356d7d7
SHA512 110ad4e456471d1f6deaeb5ba622685322cdb204c499606e97b0fd7e23f75d6c77a2e633425cb6962ec71861ce3307f329636849c79510b3f01df8509d0408e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 6a78573e6ad910077900b1e690877096
SHA1 971afee01a57a2c41406938a099c84b3f024c9f1
SHA256 4485c3b435c14c5b79a053f360b526454344672268467aee75bb9f9e67fad1d1
SHA512 45899d42651ef40ad6b3830629352c1d098c3702ddd85c2008e08f861c7a6220c7e9932e3b9dce06f7542dd6a2aca9921d8e88ebbc9b7415cf2b60b6a21ddf96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 55e426d28e549791c7f337070073ec91
SHA1 29ea82c49105a39c99bfc6baa655f628c87168b8
SHA256 bf4c7fe5c7ec0d80a4aa4bf9235250764ba2c02d993756330cff1ff9fbaaabd6
SHA512 3b45c77fd8f89d989fab96ce5c6695440ad7eb92006ed42f61e542d9d30c6fa4d944f6253d3559f0b81f99da99ceeb0883267ed1d0ffed7fde6f6f637ddc8dff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 0ea0674eac5d35d9758a921ce54ec1ea
SHA1 35dcf2c97b2d0e2520ebb4e2985e6376817a4ddc
SHA256 b84c4c3587876f81f57c67a4d6d3b93ebd314cafa8d3ea2b0e601c4eb1d1ff26
SHA512 b9d629c4bf0508ed6ae6b1a223f3e04b6807fe388defed9f93591c6884c1201f1b8cf0fbe53a973382e9956d0149106691e08c0f3cc0284fc42ca1b8c630e50a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 1d6a7891fed78f1aa748a1639ce644de
SHA1 616acbf6c10988125819fc4f2c3f50572590e8e8
SHA256 455762476c91f242e46c731ec637e184e4eea4558d5f895444ac66ba7f6f056f
SHA512 45badab8c8d539ebd42e6363592c76e3f181b9e2303cf138155ee6df54ff48d835cfd788d2a18063a324d2b690a240da375e97513911a62a08f2004ba49ab5af

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 f1babfee0b1ceb125ed43f5ab5675fd6
SHA1 ab0ae7c21e2e12d2c9eadeafe4d329f64e09bbce
SHA256 1f729b1131e33665c1a90038e8838f5e12f0ce857fe969caded03ef7daabdfa9
SHA512 f2dd69bf120a654a4cbecc439803b1b23be9f1d0d66c12aef17e5484e2cae2c4990743fa0402602a0f971e2be2084f698e24b627d5ff6222f61dd3671d7cf037

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5c770c08a4f3a6aebb49fb212477eb0b
SHA1 ccd05102a660eaf331bacdbbcd7d1dab80f7d484
SHA256 fc7fb7d975fbe285d11f9110fcdfd929eea983276f4d10011a8c87402c612f2a
SHA512 3ab6b5ffd3de6681a385e14a8e0b5e45dee33c810c36884d31ee05a0f00b6ff32adba2ed0535b4963574c575e5d295553c8b3513da03dd9ec24f49e2d8d1245c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e7516c66ea50a66f0fafc0655b2c2a53
SHA1 5bf95db5b9b2b89f9df541e7e08e1b13de9cdf39
SHA256 85e66f44369c3671552d2524aa614b94736c1f665635733f5d0ea87152cfd111
SHA512 ad2f564dd43fdab12cb92e7a9b53a4285147d800c878d3bb432791ca4249c9c722a99e209cc8d7ae0f2d2087bc34eddd6a034dedb0da48b33281cd11a64a6380

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 eaf30806ad1a78f96812de54d930b6f5
SHA1 6a79ce8ae2b1acfe611611b91f522fb0af015596
SHA256 7ed54632b8dd43a684e5ea64b2ed406c17545b83e1b7e07616baa1ae636e3173
SHA512 fc428cecac111f449212d7e6b2798929a3f6a94a1e9e68c51b50c89d0684f5cbeb2ae646d103bf570b61b403f0cc46d719f5a6f6d129f44e658b3c2a84c74c4e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2d19236928565d01b9a1b20e9a0adbd4
SHA1 88e4d988dee7945401b62da51d79c845090d9ab1
SHA256 8820c4cd7e340dce9d3885f13f396aeff733bec68e942fca5185841079e77481
SHA512 f4133b02429cd457cf2e491f2a2ec758b178a72e2b5e153f8ff2e5413bfa48f871736789d0ff47b4c5013a160890c888c71960d2932996b882673fb91d54e876

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 14db8b707e4127a16c2bee0ae6613cec
SHA1 09c282e19916d522940131ce0230f7ed8b6ca15d
SHA256 8bccf2ed6bab6e896138c99795bb1b34283550ae7b1fb884400615065bfd76fe
SHA512 2ab863128e5e54471cc135bef93ada8b4acad9c8eb5c99bdd2257641feaa1cdeefc4d9704ee345e8e53f7468eae9caaaeaac3fffa4d624521843808e5d4a5af9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4028b4900333a1dadcb1be07470d6ffa
SHA1 38bb6c1051c1fc6caa96bee83d9fcf3db359c6e5
SHA256 fa5226ed3dcc9032f82638db376f62dbf25c238672444227c74bc1db80b490c3
SHA512 e322234bb1c43c6832e4fbe0dc6b5cffbf7d6d2f481933618031a5795040fca03936405c98e2edef3f4ef9fd2df91abb7a6a5990def55b6cb3333a4fea5c0f53

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a2b7aa1dcb3f78d68dc47007e7c1e9f
SHA1 c19f40cdecb1d02de72d76e4e28ad5264f130462
SHA256 d2da634e6d0d0d55e81df55ca460d184fa0b0e26765691dfcbe6331da70a88db
SHA512 a974a73d6c1efa2f6e1e7013e041e358e20d89582c8f6dfaea9d3fa765dcd072d0f738e013ffb35429ee3b7f0760e0bee1a4964f61eb662b8e44378cf6faf500

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 8d7561b1ed0c1ec3da731827a4908525
SHA1 1a6f7733a912eb6f6ad6565d043405b3f6ef248c
SHA256 5236ac5db42408f5989d146b6a376ca2b51a60f514b384242a2ee910731552a4
SHA512 8b5096c43e9fce48ff4240518629d0733717d371641105743a95fb3fee8eb8d858426938c77d7392b81815d44a075a39beef5011ad4ece6c6d59563cfdaf8f41

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9606daa754a8e9563b8f7a51b77af113
SHA1 124baa0f0b13c70214395b9b5df2d0233e556660
SHA256 c916aec122122af4ebdac136341e9bacaaae7f9ded6e108cc5659472b64dedf2
SHA512 b0cab7d5992c84d3e5bed65e225d5277d780493200963137118b46345221d99640b929305c7a86a0fd5a475c4fff961b0471ef65b51f7c60a55fb3a177899bcd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f024875bbd7f3f4b26a1310d6f01a9d0
SHA1 a71825bed22fc70a1ca44715d8ba24983ff476f6
SHA256 bc37fece17c6a209724291ea97231ca0dbe70a8d78895571775be89c4db110e6
SHA512 b2a181580ea714d9804ad2a75754703edb5fe99e7ef859cde779cebe1e405cd251c7e3c3569eeb847c91ab387620052e45cdb3be02bc7e9246688ee0ae71c772

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 75f9d66295630e128c09148d8b7e6a40
SHA1 422063e2ebbc639a23585896f818c27072da6f00
SHA256 2a7f2c91209cbfd08bbf1c6d6633203cb02cb049c23375adc7b1a98f63c9b4d7
SHA512 37cf2510c01fedca9d394a22c1ede24c7eb75da5d9029703deaf7ad709eee17478dd2eabff9c1edd876ad73361f20d4e9db2efec863ee1582c4076ac6b6b5333

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 bbb786b5a24fa371b09af71a083e1e6e
SHA1 553a81c3ab6f33397595345a201788fb5865e076
SHA256 17af19fa63d41d361f4d001076d7906b7761accff74c2abf20ee927b770df9d3
SHA512 31d92a83a07421e51faea225aced077e34cff2f6a9d54f9052fda08e051d2b801241d276892e0ca197b9a649641f5399674d52fdb19a32855a3e760517b38843

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d1d477d0c373e08a45df5340f842abc1
SHA1 deb234d4ae44e261dfd30bf2d19aeb8c7d1f312b
SHA256 1fe543d8e9454a985c2a5701997997899bfbe5eeaa63e62183d87e947de4d9e7
SHA512 1265b0e8fc0accffd1e426bfdb68188888c821fa40149a7125d94b8ca9cd248c52678af91c75188b415e03d6893a981dd164cb34f003fd997668bcb0c1cb8f8e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8a49ad9aff95fcf5a4355322a7967122
SHA1 ec1773671e831c0dacd8e966c2b24747a89856a4
SHA256 a0d74e8409c01f862412cf9629b1b975e657832ffe304b69361e0d594eb9f2a1
SHA512 64ca52a741380879cf8bb3a44ac588a2b2fcdd9daeb3cc840e92619dd87dddb2e6c7d34ea15e60a4871d2a43623e5f0c43c60a6e96274ba627504ceee036beaf

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-07 10:17

Reported

2024-12-07 10:19

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe"

Signatures

Renames multiple (2189) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_b74e18ebf47de72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_fefc1160d15aa667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_ok.gif C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\[email protected] C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\PaintSplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\sr-latn-cs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\TracePendingIcon-glyph-E72C.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-150.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\wdt.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-150.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons2x.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ThirdPartyNotices.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBarNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\optimize_poster.jpg C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\192.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\DeviceNotFound.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ent-appxpackagingom_31bf3856ad364e35_10.0.19041.1202_none_8e6e738db02280c1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..dminflows.resources_31bf3856ad364e35_10.0.19041.1_de-de_0f07ff385f4cd189\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-mscories_dll_31bf3856ad364e35_10.0.19041.1_none_74142ae5912830a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vpcivdev_31bf3856ad364e35_10.0.19041.928_none_8a9d24318ecb0806\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..ilityaccess-manager_31bf3856ad364e35_10.0.19041.746_none_df3c22d6a04a589d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..uetooth-dafprovider_31bf3856ad364e35_10.0.19041.746_none_fdc3acdd83fbafd5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_10.0.19041.844_none_66e08662312299b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..reservice.resources_31bf3856ad364e35_10.0.19041.1_es-es_35a0f1d5a19e3cae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..b-onecore.resources_31bf3856ad364e35_10.0.19041.1_en-us_839dc9073d2320a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-custom_31bf3856ad364e35_10.0.19041.746_none_74bb363b3580cc90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networking.resources_31bf3856ad364e35_10.0.19041.1_es-es_5c420a628fd75b0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasmontr_31bf3856ad364e35_10.0.19041.1266_none_f756413118cadb53\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.19041.1202_none_7f995fddf54c000c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_10.0.19041.1_none_cda2c242ecc5e6f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmvdecod_31bf3856ad364e35_10.0.19041.1_none_787b91d57fada8e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_4912794f4d3b36fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_displayoverride.inf_31bf3856ad364e35_10.0.19041.1_none_323aab02875f9703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_10.0.19041.1151_none_6808a5d10c74690a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-internal-ga..forcefeedback-winrt_31bf3856ad364e35_10.0.19041.264_none_d293379c68e7c0f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\INF\.NET CLR Data\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Sun\Java\Deployment\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_8f0461b9464b5dfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000040b_31bf3856ad364e35_10.0.19041.1_none_bd42bbef29fddfd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..espaces-spaceparser_31bf3856ad364e35_10.0.19041.1_none_68880f7aab1f03eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-experience-ussdapi_31bf3856ad364e35_10.0.19041.264_none_772d1d8b92750f31\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-resolver.resources_31bf3856ad364e35_10.0.19041.1_de-de_e100efbab3b4d69f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ccountsrt.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6d0429812759eb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-f12script_31bf3856ad364e35_11.0.19041.1_none_9f36cc568fcd859b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..i-windows.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1030d0016d8216b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_d23715c9ea6f2f2c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50efe1c272cffbe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ocr-en-us-main_31bf3856ad364e35_10.0.19041.1_none_fa17a73d6a26d84e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-portabledevices-winrt_31bf3856ad364e35_10.0.19041.1_none_7081b742c3e29792\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netbxnda.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_258a64392e84e507\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\yellowCORNER.gif C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.1_none_da86158885d71eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_genericusbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_148384eb3f73f6d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..aleducation-license_31bf3856ad364e35_10.0.19041.1266_none_ac8d2c3ca59c96a7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..inproviders-sysprep_31bf3856ad364e35_10.0.19041.746_none_bea59e0931f7c640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mobilepc-location-api_31bf3856ad364e35_10.0.19041.746_none_f93585ef038ccb12\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..sprovider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_983275e9ed90289e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-proximity-servicepal_31bf3856ad364e35_10.0.19041.1_none_b8308fb28e1c8115\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..on-aad-wamextension_31bf3856ad364e35_10.0.19041.1151_none_de426c505bd0f24f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.19041.746_none_7a559100246cff2b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-configuration-data_31bf3856ad364e35_10.0.19041.546_none_e065b8727ebe89c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.264_none_97d9b43333298975\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\images\accessibility.png C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mpr.resources_31bf3856ad364e35_10.0.19041.1_it-it_fd2164a99d888d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-uso-dtuhandler_31bf3856ad364e35_10.0.19041.153_none_c0c4ee134c2535a0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_51368bcefc1e9492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..zard-task.resources_31bf3856ad364e35_10.0.19041.1_en-us_3cd170a093af8072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_10.0.19041.1_none_f6cff495bd4d8c2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.117_en-us_1b3572f483fa94f6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_10.0.19041.1_none_bdb816b529b17cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\6.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7c1013dacc7e978f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-tiledatarepository_31bf3856ad364e35_10.0.19041.264_none_ac56521bfe3760e4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f30bd101c4a20012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe,0" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD\ = "CDYFHILIYTPKOAP" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe" C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 49ef217a4be1764efc6de2d27431d098
SHA1 878acc2b9424c33f3eb9be4b29f0035d96cabc52
SHA256 212a56ae6b6fc3d2a283e21e4c8c3b4278c0cf62737825fa531eda9e282ad721
SHA512 7f7b9c42a1c7373749cc603a42b61e3dea8e45082dca6c5ee122ddb067b2613fb5be214a50e83713197194b94a0ca4b67dcec5b0c772fc32b2665a18f76ec697

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 be1dc028d2f035bedcce7cd8a122aea9
SHA1 3d75379e53f9d171d54397b39fb60647c909d4e7
SHA256 e7f7c475888528ab972d3cc869b1525d5357e8dc98dab7bacbe80fae6067c545
SHA512 7fa586bd16ac488d022c83ca64a1a3eba0d5b5afbdb1990c84a038112d645a5d8acd3950fea1b37c93d7824ddf9cb0e6d77c6e3a9ca2659313432a047c4614aa

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 e22e22db010e9f4a830df8ea2471718b
SHA1 2521b3bb7ee06ca6a3d4d6d4beb158cb95911db1
SHA256 59083415787c1a433457a0a79536018f10433c7532a5f5009d2f108fb0724228
SHA512 fa01b14426ee6f4a8b75a2df41bce160f4070f3a1c51d1292c64901b35fb87824c0cc94a28177c66a9d16e55ffeb2f3b5bc8e8c44fdfb41af51579b9620062db

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 e69c423968b5c3fb39b4f55e9681d790
SHA1 22d4353bf8056993e96472b10cfe099c053fa3cf
SHA256 ff12df7416e996181bcb177ad2a63c3c3b750f3ddde360f4520783d2ab6863db
SHA512 886bdacd25404e8b3b3fa4ddc0efe6648d73ae224c68f765949d39e7f245d426088c6224a4fcd57adc11dfb878a32cc4ecff596ec2e6dd949001ceac8cf0b841

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 c3c052dc0948d1a1c15667284607602d
SHA1 2bba396a1fad0227c696b910589e5a338571e7ea
SHA256 d043c458fb7ae8e345d659f70183e7ceac97bc8635eef955f199504ffcd4ebff
SHA512 ab94918904439e2b52562981431246b6460d2d2c2cd72d7ee1556411e434e3a2e2e37b4dfb8c44d93ab177f5c279f109d8a599b5a12a5755b9bbf2c603f45a96

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0991adc4d5f3f49ee13e910ed864a9c2
SHA1 fb8f82054193e7dd5aefd176d48a01dcf484c737
SHA256 eb2dd7d116a7a7bbbd7a9a4039649147e6bee3d72a14e2a769919eacb6a66e1b
SHA512 19bc6f65c27c40b38733ae00956a995eaf28fc54aa9d36649a3528cccef94c7592b87f29d052d1d58452b8dcbd4cfacf3df495207100cb5f39987a3af9d350b5

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e27a7f8b87a412ea2ff225f22daab29a
SHA1 6d75474b0ab80ec2bfca5a41ba017277d13cec46
SHA256 5b4296f029df0ed362a241b3b9682f1318aed3aeee2f27ce8addd7cc3e138fdf
SHA512 6d7cfc254885210e7f4c82bf21c92defac7c23eecc581d876f5e6d588b64fed9b26f4397c72a6d0efffae696ed7c40e4df9b4f862b6ca881d08a72ce35030375

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 076087874b435d7b475e53958eb90314
SHA1 722e1506cfe524f6311db3b639bcecc79835bfa0
SHA256 f47b7c23eb87c3d7e4f21dd47dee61d83e8c14f54c68e152808dd3f1438fd0bc
SHA512 aa9181033762d8f97f2b11c8acc2ff3a6635158e85e00354b3024b6434681ea94c2bd632f242370f6ee4789d944f35230e52e5beb23245e2c3144e7272fbc77b

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 e9662fb44fe5044c4a973a54e46ebb1b
SHA1 dceb73a9a42b68d0f7521775fc1d39db77a5b68d
SHA256 8811ab69d74c987e18f517628aa68242ffe9e89b8875390e765e49e982cd7841
SHA512 e9f19e32b87561a8e0597e04c8562dee648813eb9c1eec677518239e2480641174971ec4d646422337bcc46e555afcaa97e6c939c1a88ee8f8dbc1229380efff

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 9c5a8fb435e88360d5981fb53141a251
SHA1 3ad02e6010f0ae9db9542e1341e1cab6e0577270
SHA256 310490d62f1c6b39df7f4a1e65628159e9644bd965909fdbc3501f9bb31123f6
SHA512 4e6156a591787c7b74d8903c09d08ffb04f655f8b9901bcdb355f36270a1f4ec1a04e3254f8daab87300f5100c1dd709dab0598320363c9ed00aae500922f1a6

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 a155ef1760863c1ce7cb36900fd5d050
SHA1 6083a6f6e2814c19012c0903efd4962eb4177bc6
SHA256 fce2b3f5b9e5bfd22a2f8020c7a734bc1890fdf9c3a26c347959d2e8e29a3ca1
SHA512 143823e274773a2655e3497b04a77c0e0914e9d6c4182f4e653f210e5bb1fc67e5d048b76f4612afe4ac5c11e1da38c01242753ee33e27819e68ae486ab52dd1

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 cafdd71299cb01e319ee8125d086dcdf
SHA1 17446f7349e5552b6aaf8f8b3cbe09c3a4621e7e
SHA256 5f91f8ac30c4de825288b97838630768f18f4102640c2b802eb266d5fe4b1a3c
SHA512 7fd0150b34549e24e942d105b17bfc1f19ef089cfd82e9e555c78caf5d2a8c49567d9021f94c1c1c15edd93509f61ad10ac78496dfda3b6831a317ba053c61c2

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 4b83a1cde686875f5a4312d7969c5557
SHA1 164793c28e872cbdcc5ba8cf8714a75ea582c15f
SHA256 75c890e7559f93fad5b801decf81f53e192a469481d790f26a91c0336732bbde
SHA512 6e66d39222ca34462c4e2742115e2ac3551343d46a457d0a0e46d34508e37cdd5a984d3020f5728bacbf27ad92993aac7b2a5339d238fb3af6fb9d11c2da136b

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 de9168fdedf82945cb2bd1133c160f9e
SHA1 ec3ec1f0c27911ac1f6e3ba8fce90ea5b84c8478
SHA256 8cc1aeee8e301c8046412a97888943abe11235d60274bbb0d6edb617353acdbf
SHA512 f0ff506429a1240b5fca402974244a339ca81bc2695b3ae597eac886d7b583ff04591b0ed733c6eb7dfd712fad1ee10afcf9c334e3a9927cc1b73def7ed1873e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 8ea6d42b18321800c7cf5d12adf73521
SHA1 08456c989850869293836b514239ea3bd2456b1d
SHA256 702b945a4156df1b5806a7c22a5deb96c071f26cb3d13ee46ef2c5734aff8adc
SHA512 e67dc7691c6ae7fc92a19f96c33e172c0f8963d9ee0e1d39db02f0a0827f2fce1f3bf5c768854f9980f3f7ce6247a1fed62dfa03c3bc6f1d56fcc4cf6881135e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 1ad64dfc3c827a3bdac670f6117d900e
SHA1 94e9002ba82c959a5b514ff1ec65d8d6a19b2413
SHA256 93994901f75024cc7fc54502ff8221001f3f847ec91d3eaf68d176297cd0edf0
SHA512 2fee786356de3c6c13b5766ecf82933774bc95114f04bc58f9ca73fdbc0bce0f4529d446eaaa13a4957843ae1202b99726cbe6548a345ac4be4cb5518c4e8a64

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b48e0651f7e7b61366fe529b14a903b2
SHA1 1f51a5fca32c7f41d1acaf8ebdee43e63423ba85
SHA256 63a74387379a9bd5e49bc3bdcd143d627ee8fa78474662ef2ecd026677ceb67b
SHA512 8525f6b6aeeffbbf69801f70a650dfd787eae4307d482e4e24f50374ace2d90bd114fdb77e08ec5416cdcf770482f056e8cf0cc235bcff67043f62356e718128

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 dbccd272c704d9a4874d8f8f1b74920d
SHA1 6189f0c3014df32a01ee2b00808185a4d64e4765
SHA256 0e0e1394fd567126a59b72153b6ccf8c9f42cd70b8c51e4416560e4b958c3b26
SHA512 bd5d2605e4eac36f80c5b6636299ecd38a7bf74455ffaf9f0de12b765cb954e65a7bec285d634f8e5b910f31a2c81c977e0d10c5698a498f4bcf39f1221c0bec

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 b12c779e88c48baab1c483b0389a2a97
SHA1 a8b98bfbb24863d498106b60bb549124fbbd2c62
SHA256 5555c6ee09bbc9b0805b5d08c32e19c7945b4ccb5813fdaa6ba0c51536813e42
SHA512 02869a17724bbbc8ac732c00509fc46a2fb45496108625fc6d2bfadef09bd0ba0cd4c86ec871095024171656a08e208ef8a6b3576cb9809881e0e61ade542929

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 1eb10a620fa4ade5b454dadff09a59db
SHA1 47bc241708b6ef06641ece3260e1f3d2f8d8da0a
SHA256 08ed67a546a946091265414e6a79d6a79209ba1bb082b2c1a829a49f35066310
SHA512 da2c041325e3167fb8e2e362db3edfee9d4f149cb0e2fb727b994df510190a5e728b0dbc02ad9fc9b312d0ba2d15b1b72b3a51d8d041b527f5aad9c8f433ffef

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 fe8e9ad7cf729fb4e8dfe6324e80d9b5
SHA1 86677bf7dcaf7c8391238ec764816f9ee0f0f45c
SHA256 9059897a85c39dbd1861e8a188589b53222bb3dd700e5d9a2b5bd705549cbde6
SHA512 bb0d168b3bfc71f15024643a8e9e262530e19bd30c66b8ae7cbe7b624db4ba5bc18b8e9bc70c53c2f78951febaa91c5f349c45512a12b967ce914411e83a052e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 6e3ed5be7320cb035811ca4b838993e8
SHA1 e3cd960b3de600884b24b887ca525981b717bdbc
SHA256 242c12d70e2421de8bc457820591355205593515fd760e7197d8f7818377b657
SHA512 b977706057101ef8a707d8d71bc89c19febe1d93d07d794870ab08f214c14377250620fd7a535e886ba031470a3d4690261ae6e7c655dad39f6d8145a0dfa70a

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 598f94e46fae38a149b108b647591fa0
SHA1 433ddfcb8eef2eada3ec77ad8bd74e9fea39cb71
SHA256 d726381b9e411b164b8d8d157377d976bc9c70d03f4acbc86351138a2e571c13
SHA512 8645726ef7bd67a1f5fc4a69dd277297b2613adfb3b563c51da7097fda7d446af184c1253dc95b5dfcc5ca13c982bf1b49ee2665c867c020d8a2374c3db337bd

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e8cc1fbe062bb6cf732db76ba6a8dc63
SHA1 7e16b1cb004ad5a2b737904909b0de369706c676
SHA256 cd5ed555bbaa186cd46310e78e06f170a00217aa3d39e7b963b3599c7982495c
SHA512 1a6c901c8d6db75783073e5e2bb75e77269112cc3c1f18205844e4a4095c04bb40dc68676bb8bf2fcc1e5b08341b7160ab2463e952134af2ffddb561795f06e8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 b78be9a727ef13f70d90aaff4351995e
SHA1 f5c086bf1285f65794617efd63e8dad3063bbd84
SHA256 ed62057c4428f26c922c773af59732167c3c2c451098f0bef5e66b9b2685ac8a
SHA512 7b070ab4b7f07d80fcb0bea5bfb275faf5c67cf3510ded4d6d2832600de6484a0a67eb56c2bb7ae0b3cc06b19243fd886268c66b06f5c4822a65f0ae8e3b6f7f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 3647a1a85c4dff756ace78fcb0281236
SHA1 03fda8c6a5fca6b2db075dad4aabb22f8597153c
SHA256 8e384bef41b980c6c6d9ce4204691648aae2466647949789559cc5cb60304bff
SHA512 fecb8df05349bbe0e84c18a884ff4cc27ebdedff5f14e5bf911d9f93ea81bebf543133fdd648f4255e05bff868d259765562eef541838547ef2d09ef2da18642

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5bf1b79baa48e8fcd6d70b8381c2d14e
SHA1 ca49460a97d0dae7d56d0a2b2b5ba20c4cb0072d
SHA256 0e35f3d90891619ac2b7e5315a23216f3a44eaaa21a30d5a334e3a07b7acaf45
SHA512 2f3c99876b6424627c8cba1b44a9477b139058a0787001cf994fdede7b279fed317e9cc7946af1a45a587b05f362df30bde8c61ae44fcf7bf41eee48e3129355

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 542a44168be1587acec354b02805e187
SHA1 b4861d13d35192e25c490f998d6d5ef8ffab8f19
SHA256 55fb0e84e9cc2a27bdea16387e118cf9e97106c6bfcbd8752c709a6303a36ef3
SHA512 38c22eb86951df239edb43fa1d40c46a66346c1e44326e05c17370ef7d5b1391023788964ff7cc426a1a54204b33e4c1e97047814eabbd82def2b41bf78d0735

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 16f5ca929b18d04973096435f4a439d5
SHA1 1c6c76892ccef450b06a7de057bd17bdcfc69aa0
SHA256 a9e9fcb20143bd5064c34595ec6fbae0ba3a59084da2f442fe72f67daae068ef
SHA512 a105a33381ec7690e2d25b5eb86055353f3ba3c147686b100a8dfd4554919d192ea3a6dba3f2a79288ea40a9cd15c786b2cc6cec093217834de8bb7aa0ebd492

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 753418bd400ab019e3ef6fa32b2ca7a0
SHA1 4c57e0f420a19d3c9491dbe42fe08946d24f61a1
SHA256 67bc6e573fe6bf49df6004a8139a6418d853271d29eeb8068d37c39ab43ce8b3
SHA512 1b5dafa587756d4532b1d226b063c17fbe7e241e16538c8722227eae7ce19240d05843d37e9b95a1bf0d37f3ebe3e038a2e74b7cca392f8a39e02bd013424914

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 3aec389e2fbb62fa93477ff5351b8a82
SHA1 c9954df2819fbc19a17bb60c6ae4d345f590a236
SHA256 0bcd4c8a2ec9d7914562f0498b21f2ae48fd1ebeb59e93438e80b394764c99e3
SHA512 9951bed7f4378a0618694c1f3a866a4b04a64486fd98179f07ab2a1d5d5b8599fe3cbb6dd76f0fd752c43cb67c777962d0a4f183c139c5649231dd12793b247b

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 93c9c04cf949fd03d4f40534632b12bc
SHA1 3e5942a3e651703e0768746dc8d59feaffbba52d
SHA256 3b6b3cef8643bad952451c32205cdb3aff3031e819730545d10f55bde7e81ec2
SHA512 22b733a434d59cea1f6e5dafff0b2cbfa56b5d9ce9e37bce6d06e3008c3dfe07c9b28c0689046e1a460e8edf03cff26c05b71ce5414bdffc9596d2ae8086f74b

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 eb15af8ade385ca8fd2977e849157c4c
SHA1 b8a2422745fbde638c2475f3c967415b3831fd1c
SHA256 40b859933b6834012911b5be81aee3cf5ae318c3eb15f77182dcec341af80848
SHA512 f737ed027d23942d36b965526c52cbffaf242705fb882a9903a2b77a630c4d87a30d8e52ad045faab55bc387f66f5615ee40b07d37795d6023b4a360beb44d23

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 07b52513ec47e40a910d1c17a9cc90ae
SHA1 f9fd9cbc4780731627326b513a6e955d040d8bef
SHA256 2fb541c94fc128cbb01f1530a12a1ddc45aca800a40155ea45a6391bea87621c
SHA512 668e794e5a99684272d92967406e756a88d22d11401854ca8c6f7059b19c478577ae8a0bf64fee72571d0779c0dbe508696ee4518f850afa594bd6e024b9dee0

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 5e9361bd102ff597aa7d45fee6a0c11a
SHA1 eac6a85ce1a603ed067d716e2e8db3977af564bf
SHA256 48fa86087511918b24ba8010f0fc0c02c89e06e99c9a0d2dfdddb519537b4f4d
SHA512 f9387849bcdd2b188642b902337ac958cb9925c77c63efaffcac3d4d78eadba98310e2dd9fe5bc747b06b6e9bc96466b5f14edc2cb0b96fe56033a8bade3ddbd

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 83aa6dcf6b65c805d5571d125412c416
SHA1 5e1ade0d6efb347a36f509e8228cc6918907c907
SHA256 6923aded35fbff3d3ef55f4ce1d4a956530cba4a95b8498cf591f21c6a3fdc59
SHA512 ad1585c26e938d68e5f83dc0574ed9a74c7f82b44d09c0e5feb938e0b656a57496b4848fc2974b2486c9af06f250e2a0c101075e37fac96e98fef35cca65bee8

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 9f3498b1c62a0fdf854f0a3307e73257
SHA1 1a3d9aa53482024ed1082900bf8d7dcce8944ebd
SHA256 1875170b02e54eedd1f9493563541e468e9c908f4853f77bbdc598cf899ce436
SHA512 4e7b5ce279b2ed95734811811477ba29b79fc03de91d38cd306db05530c6c958bf31d5d5c16beffa1a277e2d4d8b293b33ec4702dd1756c01affd3db1cc97671

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 89d49618b7effdb06566aab6815b551e
SHA1 7a4a9b81287a9862ae65b18ad498394457ff6577
SHA256 7b67a499e2c8aa5ba4d2812c5bc436142ff9b9eeb674d094d22a870953abefa0
SHA512 4e97a7da7c1f77928d95739f0c9826b82b01065d506f6d2dcbd9d84eca4ecd990c706c536af42a2a559eb45fa21da3c357cb16772af8f80c07da10af5ad4788c

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 2cf9bc5136eacf74f7e038c3f457948f
SHA1 946455b2edd5c70b28cb216b759452ca6efe144b
SHA256 67ef0dd92f55db4413a905513abae7a79770f9481e35e5cd646646f58f30fe8b
SHA512 ce4ef8fd0407354d2316b5f20451bac41c0ef846ae15935092bf59217701bb0a2b3112a34b83a9a06f4af186aa8c2131eb22b88175b13880ba8b87015ac68c67

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 dfa8378adc0b6e7cec8d2c79b9c7f098
SHA1 d70d1e509c78ac7513156e6a899e1d9e005aa24c
SHA256 27d7dfc4f48bcc40827bd094597cb1197609ec0de28f257d3adc5cfbe29c4c07
SHA512 a1fc3ce036b8eb109e57e8d0380c1811d1dac1e6eb84d154975e3de156968ae666c0ed5c120ad8eb3d32b7c39791fa48022351545684b75fdaaffa131b893934

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 7a501683964192dcba778472e0e02435
SHA1 d1307bc97f72e17c814a20dd6149fc735411bf37
SHA256 4608b3cb57dc1403e9a4b70b39db61b57142732b11d6ba0573c9cda180a522b2
SHA512 5eb400ce8c0886f5dd28d45335571ca86371fb52a345fc02fee5fee238ffc892c68972cc2d5d76bd1269dad47c1a88345d840a99b06c7e2e8a37a03cfb93b612

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 aa492e03ce2a2511dd2e819c0d1678de
SHA1 58d8dd31429bcd88c03da01fcff86a2b79d2de67
SHA256 b4ce7d6eb173047cd10f6930134a6cba816b6ff374a2fe719fec77981b564e8f
SHA512 8e5298fbf1a0d35ccac8b174fe4569af8dff22ecbb9aa017a19dcadd602d506b934dd1e37944be3f0d7ce27d6c80a615fe7f13682b3ad3965a4eb0f66a440993

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 d5689bd365c04d98802f85c3058b5da9
SHA1 8f5f2cb957fcc4a30680b75d71f4d2b415d44f80
SHA256 6f8ecd53d22b449ab91792eda99537348997086d623004facdc729c21d52847b
SHA512 6e9392ece107110f6bd59bd84f912c5ae73fb356fac23c14abec34a22b3cfca00237b6a29e2018c549bec64051d642b277b9967bb0cc7e5b776aaad8dc19d999

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 f8bf46c77f093538829def1c34cc3007
SHA1 5ab2d949ebfc99c061a0d5dbd567e232f201ac25
SHA256 d4ef6d66e41df23b3f1cb4ff42b9fb466dd83cf36f6d2f26c7008410cac34a53
SHA512 6c3f8b368759c364f453a52cfd27cbdd953ec28adfffe5047ebed854be09cddc7bcac3e580e4b36702bb3be5df799e99abef7ecab1d9666a8cc5daec7224e3e3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f6a2396839158b01fa8c5c2e4072db41
SHA1 b65edfa0031b018b5b7ef055568a1d8e8de379c5
SHA256 58dd5a8cbcfc7e4357271efbdd59d5d3349f2f345be299a1e4ffbe5abf6432e8
SHA512 2bc4c64c1bb96797998ea7f14e22a01033e2536fc5fffb18e5aaf55cd98fca1ac00a1e137b58c31c3188cee30f8b4e215990098a46a74eadf8dd82b441186e8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 61eae5da0a9b4e3a7261ade8fa32cc9d
SHA1 512592259b2d7c081c9d707f9cbb53c16b95f088
SHA256 5ba03633ba28d23c5139a47667a04be91d62ff4851c15af211b6f74e973d3131
SHA512 6bab71a098d24468e3be934d3889cdd14e1bf6d18184391c02c2e9ced0cdce066cc5c05e5027a921d2dc9aa983f679a982379de1c187cb7f6b26aacb181e225a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 0395bf57459e7c48c9c845ffeb0ad8c5
SHA1 1f9fad46dc80fce262b00d52156b47fa5eabc59d
SHA256 12aa9d94e5fa54baddf0ad84877e943b3a2a9caaea6218428534b4fcae44f808
SHA512 b5c0d33513938b55a8639df5c7cd7705f8b94ccc86a333d85887350919a462ac92eb8ef14c2c474d4dcca2187b1aced855f09509fda90dbcb459b8b54d7ac3b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 5c972a89baf53c6a0738aca3273693ee
SHA1 68da582a0b88cba10dfabde3f7a9c7816d538fbb
SHA256 da6e07995d8db7d2020657ff50bc632f9256a4db59f043b5fba1a681e864760b
SHA512 bd52a26322ec5cb59ee116cbd42c334cabebaf5de6f2b6b98e9e309a1c2379da2a6779e3f6b3f7eb20393d81a520e38aa018e49a1e553c0fc79583d64a33d999

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 539d6232bcaf14b2d995bfaed8020414
SHA1 c1652c5f2f2b70f52dce595be063e5d555668012
SHA256 e577b4e6a192bb8c3a038005ccd30b81ac0cbbae6705edffcd999b3372938134
SHA512 a96e09c8521e4d01433f2f281af62426543139d40a48ec320c55d73e229e685319a0acf96c21a6652316e11770ce39c4a2111f8a6d1eb310bd5ae496551b2b30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 c025b419615fca1e503b8e54b9cff3bc
SHA1 a033ac037ff9bd6679717ff7dc3b6a85693ea9a9
SHA256 92d198ab1a042378d56b8fb7d250908647f6098d3dcf061bedc5b2f2471795b3
SHA512 636c48d27b5db1c642e1829263e420c2a0b523419fb58c0990cda34c115baf3276bc7a10f025306142ecdcbd811a41b8864b04a0ca66923ad3fe700dc22e84d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d88794aa0039f49c999e855c3a70591f
SHA1 34ce446746ca5979062621eab2828e9b721a1a1c
SHA256 d1489e8dd68335f71e25e49870a92d2f0eaef91f749e74bbc6cf8b4f56e60edd
SHA512 b78ee115a5d61aa50f7d7e6b044357381ff30f61bd4fc8bf27189ec10f5446802b024d44bfbb58a5ff904abd83836dac27c83cdb5c20a61a3c044719642429b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8b521601050ed3c09696d6e5181c201f
SHA1 a6447609d33c39eddf71047402c8fc36dcad21a7
SHA256 1762461e932dbe705152feb7e39ee8543bcfabf0bd7272da387023afbe98b61d
SHA512 333c083284a5ed5f0491519dbf5d1e110a248f0049b0f23ed0e89b5797ea7cb5c2213c161fc746aad8ca79c9237821f21a5addfc2ac06e275de06f6deece2560

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 e3066e8675b78962ebb5ceeed97f3790
SHA1 2ce1af28fe06c5e94294309c38421d837a795e0c
SHA256 809f3b1b81b896ca344ebe02a7b25ca3a9a148a61736dd0ee49efdaf7f6439bd
SHA512 18e865909fe9c14eb47f96d8e52e9290e2420094c48bc2bd70b3786979cbf96da8edd22190e294bf0bebd4de54e73c6b462972528416713cf4f18430d507da5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 3fba1bd61368e3e478627c347cdecaeb
SHA1 cb4fa1de138f151ace37f5cdce78bc257b4b23be
SHA256 d478ea6ee470e4a1ca73c7518233099c64eb3a47335fe520e486f154b2b6c029
SHA512 c60b2e0785f0827a00c813fee9d7e2437fe8653a10141f44349d5331191d2470708f2357d0d8a1727ff3a9d68d48dde32fd7db414af4711e056fca7e2327a475

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 8f456e16dd413814ac9b9b650632bfd8
SHA1 cfa237de8c54dd3c756fb97e06a4e7cf3db74bec
SHA256 9bb38904088696408cb946caee5ba00656cf0b1d3bcdb53262a772dce7e90739
SHA512 4a68bdd42cd49955119ee62e238dd79c45c8042d8f0590ebdbed28ffd0d4440cd7f1c172fecbc6bb220b554078da250cffb33d4706e36ee08ed200d033366c52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b7ea3c61a09c4b0b50c19ade899642b9
SHA1 45ef3c57490d67a2bd11d4884ac07dcc45ebff03
SHA256 0fe559d9170bc6105a1d8ed913c98da643361515cb186838bd53583161ae4cc8
SHA512 66b87c55c98c10cc1822ff01607cae185c3773e951cf08ff3b78712ebcebaafe506e5b59059bf16c008c453eade80bcfbfab4b6821d65437e373e20ad42b55bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 9f04eb4ef031dd6ade6b92c5e3abc7b9
SHA1 fd34ad4bfb6a524a7cce058e5c1cf1c3f4d36a9b
SHA256 404fd1be3d163f0857a52b211979cf0d0dba565c5cb9b45b2de7bdc80d81f8af
SHA512 20d0ed2e278ec9c98bad63d998b75ad2c26af02ac18f7e6abb8e92092cc45d3a43c5fba3dd2c0fe4695863b0f33f359d2da6c9938d61bc19bacb38bef8b42aa8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 0d3e18fdd48433ea1c8d8d5dbcbd3bf6
SHA1 2f453a9883a6e65630d03684c1b4d8ac01d3e2e9
SHA256 aa647939a1d9647d70a51945cdb7a160b69e2d077f2c5fbc7183a6ee992b3a9f
SHA512 61a503b2c47413c6d0f64dd0ac822ccc9c215c613509fbcd501d5f22295e9f799d9674b99cb90a408e6bac8e1adb7c3a563420ac1357dbf371441ddb8c2b9339

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 b35c3338dc5914dae1f661a74317a641
SHA1 b5abe6cbd0b6092cbd7b5b25722c4d34d3cb8386
SHA256 429780ea9f9a66e4dcbc64b955a180680d39fddf2c975cf8c40a58be2ae6c6bd
SHA512 272722663be6225fd48809d22e06f24ce370a78cd804a9f1e70bb305ac0cc212cb3e9f017b39d62b4f221a3acdd727f3e7663e26348047e7a0172fcc664d586c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5e5d5b895f6489ff6cbb9095abb6161f
SHA1 5016329483de3d037fd6c8e201d82496528d94ec
SHA256 120ffc3d1140cdb1b56ea1a034e622b6fb278035808708013c1b8e77621c2718
SHA512 941e329252a82a1fe22278708b1e407f929a7b6181030dab377dbff74d4b47929a39bbfc930f0161eb33f517c3dca8aea651e33fd3a1cd2b68a9a47cab452a0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 3e7220409646929fdff371bf27b77f6d
SHA1 1f3ae99389d4902a7fb2a7d1f77f7bfa36b5fd5c
SHA256 7ef70886dad33f3c8eace4fc52544e877e638a87994f27280ac391ac9f6f1e0c
SHA512 398af6da16bf49b2e80be4e7c17fa74fcc2f904d3044ab92f74e7d883f7026889e249fcb18a7c4abc5c04ad06a04ade60693204c4a2c963cc0a2251589492fbe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d3919a0e345c802206e4c99ea717b727
SHA1 c482a04aa5927d49816daf2ced47aaaece3dd1bc
SHA256 fc14d94e9be529ef676186b9dd831d3db8ceba83cf0903bff7044f4a1ecf1b00
SHA512 4cd6944493f4f2230e3b539392f7cda5a241bab3007825908fd8bd0a54f96ada05c5600a9ce1494ab7f01173da26c985fc01c3f3e1da867c087c43c6e5b2edef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 bbb1df185ebd617dae6815d0422792b0
SHA1 fca159aefc7353cee2cfc75abdb1eb8cc43aaea4
SHA256 6e2ccd127c9b350ef4a15d0c5afffb673447ddcb31b3e4d6aba54621d0b5fe8e
SHA512 5555a7dd69ee39262399c9890fdd25d0170f6d1d930be54d9f53d947e98c779b5c7f1c43fc18d57070d1e8df93f6c11736b48174b005088de069012f7c84ef66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 73e0cc42538e67719bb981c564b23c66
SHA1 d0e9b774c9670d4f06e82418ea1eeaa033e388e7
SHA256 01d43e8b120bf6cc4319f7e951ee1e411f32e179e96ec91961766a4e80eacec8
SHA512 e23a6b08e01104356b990046ef5b5c7986a720ffca1645f892e73afa4d9b2a419f6c8941d950f9d5337981c156fcc417040c8ca48cd08ac4c18c6ab88fff5dfd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 637cbe0022b0f90819c6857cbf119875
SHA1 04a1736f999ebf040462a688e9821d01c3709998
SHA256 d6b8d8ef33ecf6a3bd0bd97ac76f90ccf62ca12784a9e5ac02c60e698021b6b6
SHA512 f90f1db892e4d7dfc0749e8a5262405a0b53d8455251adf2d6cedbb40ab90d6b2a6641c440c82b0e0ab885abfb2456514295c3d6cc77510d3d4fe84559fc3fb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e929eb85658394bbe5ec85cb85528a02
SHA1 b9b8e182006ba9c24b73de55fbe06d4e944d89cc
SHA256 d52138c23764ed8232ead08667ebc2135e15d2181b4367c34f3e86f771cb448a
SHA512 4ef5b010f1d4ad2a277aacbcbee3508e962ce0b489fd58856ec4c200747a6d2bd239da3522325d31a3b30f2f6436d4f7b9fb5baf1c6d95e0fa62ce8fbcbab497

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 4850cbaeb2561b4a37b2848c72f4bdba
SHA1 96623b238638d2f2196d1ad8a0d829f98f605171
SHA256 52b69a27ba168bd94be2d379ad62d8baea9f63971ce1e6ae5d118c925a76f4c8
SHA512 0911a1a66311797e01f36f7ab27b9b9e9646fb67eb536d52aa57e6556df98b9abf4378745bb4d904efa51348aeee79cf34555389be4bd4e527f56d411a9d53f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png.CrIpTeD

MD5 366e84642032787dd1165c98320c2b24
SHA1 580372dd8ef6d0ab3a7d8da506f865663f91bb99
SHA256 631ee2bf504d61d455a84497ed56a74d97cf23a9fbd84d158e613494ef804538
SHA512 0668ede5544fdfda0de6aafa5f90ffc1161291918f85b33b5b11a8a60f0bb442f6a407ad2d600d374739c3eebba80f7d8909f28d94a572978d7a6e389e572309

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 2aad4c88f6a4b9dbb62b48913add0997
SHA1 db24f1605f6acf89ede971d572af6f88543beed9
SHA256 11e553670525854319554d0982a7b8de5588e956c0bcac913c733ae3e65dcc23
SHA512 fe007a67956d9e2fb10dbb73ea170c9d045239c5e298c3225817696b9afa9ef5cd6191d82c4ab0d387daa936fec3ac79561361b6ce0e285a98d9e3a9793fb5b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 90ef027e36ea5466af4de90ae8d32ffc
SHA1 7128bb715556b4dbcc43416c5382c77fc7b893ed
SHA256 dafb6ffb95910e0e78bc9716ea85c304927b472b6ecba6c54c54e897ca98eca9
SHA512 d55dfd98403a63c67e65a9534832e811a377cce4777257a8fc19657f06a3267546fcc7963da0bd12c35fe29cf45d06766d6fe1666414531a2b7f7b56154818c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 eabda7ac007d6100abbd89e52f758c44
SHA1 5c0d548eb36c1b0d91b1c4dcd4408238791f0431
SHA256 05020902992e0e5c969ad367bd4e199e81c6ad4c4efd58b207c77b5dbd2ce81b
SHA512 76dbf2e2ba9d2f3c39af530a53965fc3b08c82075d9b0bfc36acec7d71c084ce2aad04c85442d1795d56fa18d505eb9092a8d519b4870e88c83a4d3e32e85edb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 2a7ccbb4b67f664305ef03f7dfcd9332
SHA1 6909e9025ec766e048b1dae005cfea44a426dfaa
SHA256 929a882b817b8ef0cd72426b738eac02522e312ecd09b55a180a44dfcab5a95c
SHA512 4fa362d1893cda10ab32b8a344575ea94a58eb515837d359441f2a5645d1c49ada19544ee164a40283220e0a0b10e17147e765b762e0d0e94cdc821393099eb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 baaf02a650f58aee46223981831801e4
SHA1 9dd24f1c10a394a378a7ea1f86f4fff132329925
SHA256 888f7182f10f08b16ca6c24035f41ecb41aff12d6a4d0fe41055ff6f1c3f145d
SHA512 7522743fd80bc2c9ead063327e0044b9a7702ca806cb7abde7667004afc9253a4bbb586f6b3623cfda59749bfb8c9515c3b4e462a4c73e5eb9ca68f9bb8053fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4ea964e9825ad4d64af07fc4c94fd533
SHA1 e4fab6089b12c613befa4f8955f232eff4ec06cc
SHA256 a5134547378ec0df59e6a908ac84a8925fa09b11ebfd96706fa03806133a74ec
SHA512 7a6da67cfd22f51bee653969f6a95fceec395bd96e2587fed56e22ece5a88832cde10640fdf06eddea418592c6f3777279a39fec39b5b160c6f708baac4c9017

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e1869f6ea3af812b874545c099cd7f6e
SHA1 b3bdacd824cea2f855b28166ddaecfa709255b1b
SHA256 9ed01331708c11982da0ed8cb818bc27cbe3d8f74335713bb7aabe45ef9e2733
SHA512 3fdae5e7667b62db3db1a59ec91888e40f18a75aacf49dbf93765aee0b97fd612b496ecde43e1656d71b934bfb4c3d597ce252f677f9b1446d13722d72f94491

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a0e0dafeba83b4b9b814958970287809
SHA1 970715add7ab26e7d7a2a8b1faedbb07e4a74680
SHA256 fccaa8eda46f6997cf85bdc52bff169e4c3ac86fb25ddc0e34554300e4f68f52
SHA512 3f220194a6bcb7aaee1809a2f5e727cd4ca8af8d529b65dd0193f322d2101234a99d887a63c99b8892e4fa99ecbc735760b169075b72d708afb43ee57a0ba70f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 057ffd5a9135544affc335bb11f20032
SHA1 3caefd2c69644cd102a448d7a52aee4019de3d1e
SHA256 78e6358171bbda82f3a51dd9cd52feac97960b4ab8fbc2331f4baf4fdb0b04c6
SHA512 6899f0c75d4cd80bba452c2ae79a8d2cc1216bac847fd82541b2bba74df0ddbb95311971f9c5ecad1638306c6daafe89c043f738fc023b2834a1ec422cd21d73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 42e7a627c41ee54c10f8834b2b28205c
SHA1 f04fc144736a01c1b97963783163da35459510f4
SHA256 954abaa5c72a70dd53be35d16e1dad535c9477767d4cb82e172b8580d24317f1
SHA512 76ed4b33ac3a9ba8e65ed50fa5ba05814fa8f71fdaa0f81442ec04389bbc2427e28fb53dd2967a06dd5b26e12a0ca82b2bda602979ed8a0a19fd719419c5564a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 86cf2445b40142080f60d36f114115a3
SHA1 4e9ac2964f829493c7705f64596d28a0bfacf302
SHA256 d1c5f73f78ff5125651e40bce03c0f691b4141fb0a2040e7cf3c00769d11ba71
SHA512 71a56bac2bf8d797b60971c1ce5ba6db28950253ee59df1e3e994677d280c64529746f73bd8fbf190764a42722b0f4f8e7e024570726673103dce807593a60e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7db8435a0d944a267428015ad58ba050
SHA1 6935a53b2d4acbfd9440d806ac939996200b0e62
SHA256 f814aabb5cc6b570ef158960aad25b75c3ab7085a14e5cf07b913fffcbd2f57b
SHA512 1d93d3fe605092e7dde180c4091f8284180ffdc732208fe45b04201e03c80935c4299d10c11a629128b57b010d8cb0e7c9635fcdb1c74637520f9d94e8cc7a83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 2b88d863c84859d52e5d9aab723b8860
SHA1 c0ec27b6172ebf098c816fecbc4ce23c2e55353b
SHA256 fa78a73ed3a32d4b79f413c4a9f6f6b618fc0b2b290440ac4717c39df2d32869
SHA512 9046f02fe2a7c068dbe579ae24ece26606ce3d72b8188e9b7a0818f96c8515f3595b5065b1e984b69b40002ac89e9ae9edbb609a41ea2ab5fda0c55f0fafecc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 29d3e0f74755cfc16c463e23ebdbf35d
SHA1 6b4068b44d7deba03385122e247779611b9a5b32
SHA256 ef8d381c9f027bd5fb602d4222eb06d33a06feb97a32ffa4e8645efb13567e0a
SHA512 85ff76f65c929a9f063ef6c2f95ae1a34fb1af97e9890d107eab0110d7f4be543c08247e3c1a0a342745827ae4638a93e2d71d880f3926a44114e8dd19bf6259

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f60b273b5f44881d21f76ff9e3803640
SHA1 a381306e4d4b8cd3c9d44de097589fc31f209e49
SHA256 ffa1d0cc2db3d9f6bf9d743945b874b6946f05cfdcae8eb6119ba382cd5a69e1
SHA512 abe508b51eb6afe4b8c0ac0292c91db64e7438079693fc865969820d94b3bb08e1c1924b8d479886ce8a260de03588426d646668926ca291d8c3b193c0598183

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

MD5 75807db5fb49481db86af7627c0d8fbc
SHA1 2a008f8d8817314d8eb08c456efc3523a90328f2
SHA256 50f0787803ceb8423dbb43d9cf15aededf3fc8a52d2c24cf0d4435647e454ff9
SHA512 3ba8392defc2731406329ba9b4eb4ee3995ac0267a41bc5d603673ec66e112590940bbc4804e3679b2d5718569456b28ea76f3596895b596fbf4f965de52f661

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 f95242d764c38fadf2012d63ee904b84
SHA1 2c180aedb77396e05f210bd98944285925239353
SHA256 12aa5991df1f8d9d86a756247195216b38a97f0e6054abcb5b21419a999dfa22
SHA512 b1bec91f00831902dec301c61b913c3db02c2a8e5ed60acd8c0597bdaf6b51d4de19c7dfae4bddfa189dd9b17b01d1fcd114b9d5532da275dfaaac9521b9717d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 cc62392a2fe90cee152c2afdaac16ca0
SHA1 6b627440178364c24aaf748d4e020d93db25861b
SHA256 841b94351c476064f9b2066f32f6aad8f41d6d171f6245a6aa5e8073b22afac9
SHA512 95c3d233988588e24b6477a2e5bedbb9e483d1f37faa7af4b7e4612cde40a47893fcaca04bb68ade8e1ed460735bc0eab180d7cd38891a4ba37c8b33d9837096

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 b7ae67e69714b59de1a22f99b8ced6fd
SHA1 6cb22beea9e05cf636830c0979e3a1f46276fe1e
SHA256 73d9dc5ec8206240ed49b8cbea272bc14ed51d3730ee16e081984b6d62d67f84
SHA512 601350e163e74e2b9849da328c5f20ed3573c33ac6c02e378ee97eb273c7ebd370e7789c9826e56ab479b98f52fba3d131af6f3511059edfd61b82e110a9ecb3

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 95ebc438a4e487cc6461347900af0466
SHA1 5a235d1ee5d413212f03963bf462ed8602d986d0
SHA256 8a48e40968beb737b16ab4108ae4cdece9defc37ecdf8c439306e1e0e9917a91
SHA512 69fbbec2718447bd79b49ad0f179d5c545a25824fa2c12434ecfd6db1fbc01c65c01c7267bfd01f9b0aa423fa2807cbcda7ca4e6f09134f26a38708dbeee78c1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5c770c08a4f3a6aebb49fb212477eb0b
SHA1 ccd05102a660eaf331bacdbbcd7d1dab80f7d484
SHA256 fc7fb7d975fbe285d11f9110fcdfd929eea983276f4d10011a8c87402c612f2a
SHA512 3ab6b5ffd3de6681a385e14a8e0b5e45dee33c810c36884d31ee05a0f00b6ff32adba2ed0535b4963574c575e5d295553c8b3513da03dd9ec24f49e2d8d1245c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2d19236928565d01b9a1b20e9a0adbd4
SHA1 88e4d988dee7945401b62da51d79c845090d9ab1
SHA256 8820c4cd7e340dce9d3885f13f396aeff733bec68e942fca5185841079e77481
SHA512 f4133b02429cd457cf2e491f2a2ec758b178a72e2b5e153f8ff2e5413bfa48f871736789d0ff47b4c5013a160890c888c71960d2932996b882673fb91d54e876

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 eaf30806ad1a78f96812de54d930b6f5
SHA1 6a79ce8ae2b1acfe611611b91f522fb0af015596
SHA256 7ed54632b8dd43a684e5ea64b2ed406c17545b83e1b7e07616baa1ae636e3173
SHA512 fc428cecac111f449212d7e6b2798929a3f6a94a1e9e68c51b50c89d0684f5cbeb2ae646d103bf570b61b403f0cc46d719f5a6f6d129f44e658b3c2a84c74c4e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e7516c66ea50a66f0fafc0655b2c2a53
SHA1 5bf95db5b9b2b89f9df541e7e08e1b13de9cdf39
SHA256 85e66f44369c3671552d2524aa614b94736c1f665635733f5d0ea87152cfd111
SHA512 ad2f564dd43fdab12cb92e7a9b53a4285147d800c878d3bb432791ca4249c9c722a99e209cc8d7ae0f2d2087bc34eddd6a034dedb0da48b33281cd11a64a6380

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 14db8b707e4127a16c2bee0ae6613cec
SHA1 09c282e19916d522940131ce0230f7ed8b6ca15d
SHA256 8bccf2ed6bab6e896138c99795bb1b34283550ae7b1fb884400615065bfd76fe
SHA512 2ab863128e5e54471cc135bef93ada8b4acad9c8eb5c99bdd2257641feaa1cdeefc4d9704ee345e8e53f7468eae9caaaeaac3fffa4d624521843808e5d4a5af9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f024875bbd7f3f4b26a1310d6f01a9d0
SHA1 a71825bed22fc70a1ca44715d8ba24983ff476f6
SHA256 bc37fece17c6a209724291ea97231ca0dbe70a8d78895571775be89c4db110e6
SHA512 b2a181580ea714d9804ad2a75754703edb5fe99e7ef859cde779cebe1e405cd251c7e3c3569eeb847c91ab387620052e45cdb3be02bc7e9246688ee0ae71c772

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 75f9d66295630e128c09148d8b7e6a40
SHA1 422063e2ebbc639a23585896f818c27072da6f00
SHA256 2a7f2c91209cbfd08bbf1c6d6633203cb02cb049c23375adc7b1a98f63c9b4d7
SHA512 37cf2510c01fedca9d394a22c1ede24c7eb75da5d9029703deaf7ad709eee17478dd2eabff9c1edd876ad73361f20d4e9db2efec863ee1582c4076ac6b6b5333

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 bbb786b5a24fa371b09af71a083e1e6e
SHA1 553a81c3ab6f33397595345a201788fb5865e076
SHA256 17af19fa63d41d361f4d001076d7906b7761accff74c2abf20ee927b770df9d3
SHA512 31d92a83a07421e51faea225aced077e34cff2f6a9d54f9052fda08e051d2b801241d276892e0ca197b9a649641f5399674d52fdb19a32855a3e760517b38843

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 8d7561b1ed0c1ec3da731827a4908525
SHA1 1a6f7733a912eb6f6ad6565d043405b3f6ef248c
SHA256 5236ac5db42408f5989d146b6a376ca2b51a60f514b384242a2ee910731552a4
SHA512 8b5096c43e9fce48ff4240518629d0733717d371641105743a95fb3fee8eb8d858426938c77d7392b81815d44a075a39beef5011ad4ece6c6d59563cfdaf8f41

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4028b4900333a1dadcb1be07470d6ffa
SHA1 38bb6c1051c1fc6caa96bee83d9fcf3db359c6e5
SHA256 fa5226ed3dcc9032f82638db376f62dbf25c238672444227c74bc1db80b490c3
SHA512 e322234bb1c43c6832e4fbe0dc6b5cffbf7d6d2f481933618031a5795040fca03936405c98e2edef3f4ef9fd2df91abb7a6a5990def55b6cb3333a4fea5c0f53

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a2b7aa1dcb3f78d68dc47007e7c1e9f
SHA1 c19f40cdecb1d02de72d76e4e28ad5264f130462
SHA256 d2da634e6d0d0d55e81df55ca460d184fa0b0e26765691dfcbe6331da70a88db
SHA512 a974a73d6c1efa2f6e1e7013e041e358e20d89582c8f6dfaea9d3fa765dcd072d0f738e013ffb35429ee3b7f0760e0bee1a4964f61eb662b8e44378cf6faf500

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9606daa754a8e9563b8f7a51b77af113
SHA1 124baa0f0b13c70214395b9b5df2d0233e556660
SHA256 c916aec122122af4ebdac136341e9bacaaae7f9ded6e108cc5659472b64dedf2
SHA512 b0cab7d5992c84d3e5bed65e225d5277d780493200963137118b46345221d99640b929305c7a86a0fd5a475c4fff961b0471ef65b51f7c60a55fb3a177899bcd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d1d477d0c373e08a45df5340f842abc1
SHA1 deb234d4ae44e261dfd30bf2d19aeb8c7d1f312b
SHA256 1fe543d8e9454a985c2a5701997997899bfbe5eeaa63e62183d87e947de4d9e7
SHA512 1265b0e8fc0accffd1e426bfdb68188888c821fa40149a7125d94b8ca9cd248c52678af91c75188b415e03d6893a981dd164cb34f003fd997668bcb0c1cb8f8e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8a49ad9aff95fcf5a4355322a7967122
SHA1 ec1773671e831c0dacd8e966c2b24747a89856a4
SHA256 a0d74e8409c01f862412cf9629b1b975e657832ffe304b69361e0d594eb9f2a1
SHA512 64ca52a741380879cf8bb3a44ac588a2b2fcdd9daeb3cc840e92619dd87dddb2e6c7d34ea15e60a4871d2a43623e5f0c43c60a6e96274ba627504ceee036beaf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 62c8d28aad17ac101e75c9ffe2ae9f4a
SHA1 008c550b9af4e27a695d9b74f60de9cafce73986
SHA256 6f7be5b5d596a61c60691cb4df79a8041222008903bf8ab49eec8d5a923668b6
SHA512 d68888be735355d09e6879c4de3bf2de72ff77a1b367185f8f30bf3b92d7c9f57a7fbaab910cd264852d541646f647bcf0a575c759f6ab25a411c8246e6eb05c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6717dbcd7ae7feb4663af312d1706dc1
SHA1 1657d71dc96b8ba6d0db3b2d003871f095726b2c
SHA256 4ff4917b9ddd3e4bee7efd1c7989131a30ba23eea3a9b3e77cec29ef6c360994
SHA512 f2519d65cd14f05a73eddabde49006a08c4e1eed1b78e489f7e777a9071aad07a55f86d28d619699659c1a736319ed2e1e4d983f24327d4e9a2d53ff66108872

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 096c0e7ac5fed7efd8803c572c0e870c
SHA1 6d9c5e04c11dc7e6df28dd6198efb707b6fccd16
SHA256 da171459d72f7ed309af750c4f4856ff48709f9c598d0e6fb475f7b76dce0fdb
SHA512 09d6ee1e98bedb59f5b93ebc108a7645ef7cc0e9a83f91753a6d6a14ba91bf64db9839ddd38fd9f2a0ab0a105b6db38b45b6742a2bcbb9b1019d86ee0b94dcc3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 330294bcb2e3b38248429c13a2129c6d
SHA1 108deedb800df5a8f6baaf18425625fef790d160
SHA256 a62b9f636a839be3614cdbb3cb23227389cb6b1c62b1829815d8607ccf29aa2e
SHA512 9615206f1eadade472d097f107580671236533f7c79ecc5de19bd9153532e41bb9c54f33844c6db9eb28096182a946b34456c45e972e122c75714acb954dece9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 0e8b696de756b70fa73cb7c34a8350f6
SHA1 7b27717dacc0b35f2171aa3be898879930ba1d62
SHA256 8e3271961163420e567ba8dc8f5941b150b943af3a1fc39bebb2f1278619d11b
SHA512 be5bdec3968157a3cfdcd5cde17def7011041926e7c0c71720942f0c422fed6b37d6815eac4b3e9066ec249746cdf9d6a29aa9ddbce6b403b6bc894ebb5aadaf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 bc2caf5908ff5d4f22387317d751e88a
SHA1 f80ee545405288b26c4516f8f0a428e280b0db20
SHA256 9d3580ea2b23a9648c9551a8456591f5b9e8f33a45d7b5b3c99fc240619a6597
SHA512 c83cc8733c3a19a87c27711adeef93f203e9e3fcd71963879721d6c37b527819d292b050c41399ebb75eb5520a55f59c9882158dff6e8a897a667be8e55a626c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ded9658d06db8f03d1fdc1b65be0ab11
SHA1 2edcc72560308c714ede12fc99132d9ef02e7cd5
SHA256 370a90559716369344f5e0db3c2593a6978c3635cba7405a54cc186521473952
SHA512 b68ebd3fd134136c2149e358d81fd5b5fcb097e5e0d3180493520ba807c00ad2f72be6bf84803e2af032c2ebcae5501a4b5e2d833906b9057e266fe6e69d8e29

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 d95c93fb72b6eb7b356640a01ff7c923
SHA1 949ec9b26e505f71fe1b9634ec2ea626b94a99cf
SHA256 c407ba73f987d36fc5afffaa358fba6f8be906a08646b50e8202b5cb836f0397
SHA512 fe078bd2537111d79ecede28083e176544c41d39c7fd54f4abd03abb56683f2a108d8b1dbd930c13eb8939a91a3529a83d82059317048706a42d8f59d39aa8eb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 0ac6de9a317475650196a51c5e1b4f23
SHA1 650bd5db4643c4b2cba652ad88334ba29cd55c49
SHA256 0499d56a7da07da41165fd83f3e88d37b454da37ba5e24ed0fb35fd8077a89cb
SHA512 b625b446969f79d5e01b9d6f5dbe2be0d9b30fe929a66fb94618eb3e8fc7a97509730628124e788c185b167ce8c24237b10e2259c458b0e907b0c69dc0c6deea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 4e23558c30f59d8f690dcbf9a40a0ab8
SHA1 86f027274a92ee05747b5161139d435f08575d6c
SHA256 0be34216d0c0329ec2e583a3cd41cb74bf8dab9fc7f90475477c4ec34affc666
SHA512 95fddd1d2a5153d07850945068a697ef9bfe9cf0a5f66d5c9f064370b1ca2d386a9081cd1a541aa1935549f68d934f56e229331f8948844ee546564500d7baf3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 2ad50f363a201013d6b3cdedbdb0effb
SHA1 7861249eaca00adccf2f7b3f8d62236c7a409bac
SHA256 fa74129f4719627daf004acce9200bcb8f721bbad246129b8f7b337c600a334f
SHA512 15e3aa291059671985bfad7a68d97570edad712263f05c6e67b85ae23cf1eff5a2e6d3b8eef12f154a2821a0a2de25934a156bf80b8bc5d531b5fe64de59e5fe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 251fc6d21d2c0c36373a806d11e1659f
SHA1 64413c055bd05432a43725ad3316dab13fe0110e
SHA256 47c16db867b0077185bb9ee51536a517e6105de092754c0710f38bbab6e08bee
SHA512 12a9f254e0be1b89e39103482524d0f6519f28cf1085e87f21b2bf62d9c2bd025ebb20e185709b10475102cd43d1ad4b9da6a13a0f6e32d2be8fab3fa694656c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 948ee47e54c68e597b0df0aec7c537cc
SHA1 970c880a079abd45e91165e556ff98caccf41e5b
SHA256 612f76c9b05063861a699a8a0527fc954aa76602951b19e6584ba9233cae2969
SHA512 6ea53f7b537c21bb18ec40af267a918fc1fb5488f2442404a1362b3ff7e4702caae65aa48ff26a16136b3dae8fdfbd7e2dba89893264bbdbb673703694c0e5eb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 b13363d9dfe842be0349ac9b33319bcd
SHA1 c04a0122a2ab7995c6ae8d416579e2901cb37461
SHA256 f41b15dee3f4c383a42087516716fdf6831cdb2c4703a31e3a8f1851ba3c63f8
SHA512 be5f451551c34312a1aa4d9464de34bd56eddf196b323754125ba554b07411a42e690f0691f4553391166d60b2363477b82295691ae1aa1606c7169e2d9bbfee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9e76d13c394cb8f83802d4451465ff26
SHA1 bf3525dbd6feee2ce1c6ec24d6cd1662d7e6cdda
SHA256 c1e279f084aadf729fde824405c78d194f4f8bb0126fbe5aa05b2a579bfed8b6
SHA512 9e1fc7c0d359219a3f063401d784665fa860433a4435dbb7d1c830f855b538e6f0c0587e9ad1c78b5fa32c195029c797f9517ee1e363521a45b3882f7f1e5f3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f6ab23cd41270e0ca0e0495313499f85
SHA1 c0c668f0c47b9b395a4a3534dc8ddfb1625d51ea
SHA256 ba294cc276383a194415e2f0ee045eef4c3a531a40e6672d3851b74190533cd1
SHA512 886089c7bb95fe6c30781da0be4fcc66a27c5da9961eed2eba0b77ab3bc0853d2c79d3d0326eff34859d1b82d2a34173f745aaf9945effb0050b69a025ae4053

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f448a84c71be176102e08e8194b80157
SHA1 d4700983423f0f75996572ab9e364098ecb519fa
SHA256 77c138d4452cec24926dc795d4c9ac0c6f60d4e24e54d1fed9c66c0ba6ee23d1
SHA512 3814d02f10c95abc74f56f8f37e2aeb88f1541c0b7bbff482378e85b5d13f02467fde8066c364869bf623ba5972dccdf3b43340e1818627f8924a502c660fc22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 ad4dae990acbfa5775e56a85987b016e
SHA1 0d3d5058305ecc2832a7209e47d0e16e1cff1ae7
SHA256 25767357a078182d6b03d7e38ce5dbda341f4842d96089510c8e7a0c91dc07df
SHA512 c20e253561553b966b36067209661bc1559251e30c78d4f7c6e6decef536bae3af1e97c6a3de3a00026b3ca843d694dd6eedca79d7cab08b090708283cdb06a2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 bd1f4f606b08cc2937be23679413d752
SHA1 4f82bd07ba88c8e9c259e6e974b17b3395659554
SHA256 b001cebccc4554d7217bc2d4827154ab45b4b3b88803c8c08333dab5b9885f26
SHA512 f93bd4dafb4179562c6683c4d809e8fd354718f8ec3de16378f1bccabda87d6aa915f67e45156ac59d2c24fe90d7a2612440231bb632e5a81cf81dee20073f09

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 7a7bc633acab2f32278593c37859eb22
SHA1 5b830b68b275d0b96abb0f0ef1660bbbc428348f
SHA256 76b002fcd9497f4826699b51e7bf94fb4913837aeb8cf83e9bea03ecccb062fd
SHA512 5c41c37d2df26263509f9c889e6430359100723578255f698ce82ca955b2920c6510a7af52c32d6fc6afb1ffe44b022ae320db070141179946c7656f7e94f3ce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 aed6bfa13eda3465a4684f73141f6e16
SHA1 e8368ea0ba97c039c0b6aa702c1053d3dc7cd3cf
SHA256 686c237de9005b6a56609fb8602ffdd161becad41f67439f35a27acd709747b0
SHA512 e32d3c2af82348e569a249ff6fac888f702385a7e600d9e24e98547fcefea8249243499a98a05f67c40d4e946d399ae8f4a5720b28caaa525832be0368918c10

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 e165dea56cc6ca5db58815a0caf16e8a
SHA1 821fc12e529f850bb27f2fb4fe12169b1f9cf13a
SHA256 7cfd98dd23792d66d6cb4883701bd496914cb06612fa80c63ca2df21d9be25c3
SHA512 dcc1ff85b09a6474200712c7b87cf5a6ab3d0e9f147bc8ec7cd0a072ede2de9d20737900bef1b7fb882b0f8af4503fcb57a5e881af27f6746c094985399d0b8c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 55878f0db8120410363f8fc72d5c60ae
SHA1 30e7b957ad052b4cfb95ea2fa8cbd2464f73c4c5
SHA256 fc3c1377c22698c28f20eb85443d7485292c6a30271c3d5e7f353eb54a5ec26a
SHA512 e118f1986090d634b06bd3f6e40d25243d061d05b4082d2b0e5ba85b7f911647a850446e39cfe6d086b712a227bf1de4aa6f83195c112cc9091ca0a46a65a22c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 a5e66eff3f34fafc11fbc983bc15355d
SHA1 206bae0d903d2428ddcbb02ac081b6a448d721fa
SHA256 34829597a2fb0ca4b6c6dda5d0bb4f19bcc3fd3d6503fd77eae194cc16d96ced
SHA512 a4327ab6d129dac9063f4068b087ebe765511e9d95f5c55313892ff93f4227593897182e51a69d8e5057ae0345de5aca2d30badbc057320c9ba15029a3026733

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c965bba607ec2233cb36f4c5a52f5c02
SHA1 f8fe3cb00fb435d37af05e967ad169a219a2d7bb
SHA256 be53ed1b07e928148126805fdd5ff9ba9d2ab0bdfa143ec8b90f2b5eddd6ad37
SHA512 5fdd628456f3d07b2fabdae0e16c2a4253941a57b950d691ef8ea7e5c15eda974d6caa2183c23a967d2fd412616cd049f86e446ed20696ce3ff2a1e72fbeb107

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 9795f1cdce48d8fa9c1404544f8e233f
SHA1 a7ee9f52656afeed9c1e5744399637bc01b939c7
SHA256 6faedd6f1d244c154bd4e6f121e1df5ddd31688468b817fe88f3abae1de5019f
SHA512 f3ebc6ddb6d86f0d581dc2d0126c11e126d01e8e0d67c2cde6cbb7d536e3cb77d2c41523975e6a6b32a9795af51685a72b843ebfcf95ccea8c3aa4bd30fd99ae

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 17d2e928339005bd097f596316062bb6
SHA1 a69b25ed14a6d115e08a4843d453eafe8009e266
SHA256 6613403191e695d205230b432c623b371b1f2e105cd9d42dfb64f57dc4ec4f0c
SHA512 350f3f1375ed35f38f499e4b0cd882796d3c1fd7a0b6613101538bf39373cfa93ce371d604d6956dcc4c9c865263985ad53dca1fdf0d47290dffb7d98072776c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 159fcb2684d528d7ca9d9362a84aa4fb
SHA1 047295c726fd028ac1b6c80763366ccd3204afd4
SHA256 f34e2c59e95dd317a9083b0d1d19bf3d61bc63e46993cf443cf6ec8aca6adae6
SHA512 e62b8cff817dc83e0abae20de20b25e90bfa8fbc6b079275ecf319ee5f927eda81aa433500fe1d8d38379e7df922d9b4b6ea57437afea57f830dabe3792d696f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 d202afeb1a2fc9f89eb1f04ba80201a4
SHA1 a6a65a7823bab6d42128b15d7b78e04940a76e90
SHA256 0c786251616901f0a43b3b0ffda1815a27178f7a476446747a2560177b94562d
SHA512 e2768830b235406df50988d57bca48a01f0457efea8a2b668fc53cdf61585cf28627b5ef935068aaf454fc634f723746e47446b115741a485265dbe70006f70c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 dcfbfd95c485c94806e9d59979463168
SHA1 7d63e5ee98c546d6cbc448fbfd68eced56b70af5
SHA256 9b375ec1f2eeec1b46a656cd06f7d8c465482d154d9072bb721ec894ed1aabe9
SHA512 9bfe77d0e7e8365f3065f09231f89317c610ad8561f19473464a3a0a10e3154b2249ab49d7c2f3a703f0c0968679df8adccafba435ddcedab1d6ac1a673ca1a7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 cc70eeedbc3c22d826371c683c28923b
SHA1 e2760b728d858d1c3405d9164bb2474e39fb02f8
SHA256 f9e70d71a0bd6669f4d01fffe3e88efe0f61e50e388bdc9e9691c199de801e98
SHA512 c56438795ce91475d6dd31089e2c563888bf29d3d5e113b84ccc24f69aeb8bfddaeac4ce39d35afdbcbdaa41a1bfd88afc598852b550665c3f71edbd7027ff36

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 be53d7b86e50166f03c8e9311846660a
SHA1 67a6ec7637997f016d3c8e3f286e69e259cb3cd6
SHA256 485e3a11a02389132b89f60dd93c71129d3b844e5824b2e411bae99b30e09f71
SHA512 9c01a1a2896517de8b29ec93b3d91d274c4c2971529e539f6a02471472bf66bec126d01331ea991be361b2918cca61543efb7791be008df9f023f58e13015f6b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e12d8a0ffe04ae04e7ce88d85c35f030
SHA1 5bea1518785c137f773ccff0ba767fd0b5eda662
SHA256 f2c15e9e546e8d4e41a5b9c73116842cf8f928cb66a72280fff975d49e6a085e
SHA512 da6b1b7330cf68cce6d41c11175219cbb39acd93353bab1733622c45ff50151f8577699b3a659d5d435ce2c3aae296e70274cfa47e4c93dddeb8f8916ab0e912

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 9fb903a8252408c4c1a3c3ade6ddd04e
SHA1 2b0c4e1b599ddc54c7a6b00c068031d2d3ab637f
SHA256 c97484dd0ac0b11880bb2a0e0fe787e18a13080752f566eba7d050620df72cb1
SHA512 30c97ee7241f268581588d1035bb15e664f476f7177f937f22709b65607ce7adf3d403daf3213748c8b49cb62e351ee56dd127e6f6566d9f7d9b2215df5e3f75

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a0c863f79a60280d9ffddc488ac7e025
SHA1 bb22a269da365dd8db327a16326ccc6b038b2a76
SHA256 15c6f64062730b01938ce1ef91b7da957d7697268f7d2f98eec9f77f79d43306
SHA512 624cad122ec104395b2e488e28465f51cdd661babc46474dc91be390270f8f92763d5468c0a289b52df0894f7f503ea02ecb12d0953747bffc1530fa0dd92c98

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 efee1c8c248e559bc65d3d08f55e8cf3
SHA1 a1addc0a931e2432ad518fa51433aaf031d07e75
SHA256 9eaa273e653eca0430b098c93e0c34883a0126ed6815f89a80783b68c6e08340
SHA512 f4740a5c9de51fd0322b0a35ded44d8706f8b08f22b1d77d256b4014f8c779fb58d519faaeac379df4b9356186ccd82af5c04959221fa560acbf86c45a19dc8a