Malware Analysis Report

2025-01-18 20:39

Sample ID 241209-j1xb6s1pfx
Target d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118
SHA256 2e34f7828aa1fc71d1be8f195d084a2672a381fcc102194c674ca9dc30b89e06
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2e34f7828aa1fc71d1be8f195d084a2672a381fcc102194c674ca9dc30b89e06

Threat Level: Known bad

The file d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2198) files with added filename extension

Renames multiple (2186) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-09 08:08

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-09 08:08

Reported

2024-12-09 08:11

Platform

win7-20241023-en

Max time kernel

119s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe"

Signatures

Renames multiple (2198) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_neutral_77b02fd738dca150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR39F.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b7ef41a9e894cfd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00h.inf_31bf3856ad364e35_6.1.7600.16385_none_e0755475742561ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c2306efe3c8d60ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_windy.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09bc2db811bc91be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_618f61fff85951a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f8922af42048d70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b2e2d3de2ab71642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3094405920cde107\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3205b7fc4ce1bb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.7600.16385_es-es_8ecb40c7ea83231e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_uk-ua_2c0ca7bfc736eb01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-odbclogging_31bf3856ad364e35_6.1.7600.16385_none_3a95043523dddbb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb316cc19a0fa275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fc6c47376b666361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a67126b4588abdf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio080b339b#\90abc5cbe9278d9a7b334ab3375b4fa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.1.7600.16385_none_ae00f59c6a2932c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d1269cf8c70fd4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..geadapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e16e6ac995e69f7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-isoburn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_83f2460f600f4c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a70ea7ed431315a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_6.1.7600.16385_en-us_14569492a0cb0c5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bedb1fc5861a7f39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-adm_31bf3856ad364e35_6.1.7600.16385_none_e7af9bb6e7e4ee65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f9f898cab21033de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky006.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79cfb2879b6148ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ef1bf7026e3473f\settings.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_b323fd6ee3f98653\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnhp002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_611d6748a544306f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_58218e6315051c80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.7601.17514_none_316718c5c8c82e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..ents-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2a84ffed6cf35d53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_990ecdcb74f5bd70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_25c081fa77349ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5bf77d2614b209b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e7fafd0358f7b21f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_6.1.7600.16385_none_328ac5712d6c3c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-bitlock.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f658b78fe4d2b67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-6.htm C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\vintage.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_bg-bg_cbf67fdab01d5b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-system.configuration_b03f5f7f11d50a3a_6.1.7601.17514_none_3539ec1dc8a9d396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square_settings.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ification.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b980c4bd133a482f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ttpredirectbinaries_31bf3856ad364e35_6.1.7600.16385_none_13c790eccc23afcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-nlasvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fbf5665a7e994f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.7600.16385_ja-jp_125d84782953e4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_46fe072361f2f103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e787217f186c0dd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..gnt-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_03a02730cf3d9315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_830e6d6eb958ef87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HJQUJZLBLCMCNJR" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe,0" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0798f82786161ca795dcd6a0999baf47
SHA1 d304ddfc3bee87e23a2a2ad8d4f08b8ee557234c
SHA256 a8e24865a0861f8281156eec1b3acb9e4a2e5b705923d39f07c860286510969b
SHA512 80b9d7fd8ce4b66494bd27eb0783c8acf832dd6c493a280e5e64cd2e8a9e0411c93015896fe965a01fad8c974fd2bbfa0d187e9fa1beddf4089d9046615edf26

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 b1a295e73a5b5f6a55a54e0f790e63ea
SHA1 cd29e9e01272f86beb2a1f138a1d195493b04460
SHA256 f606f6edb2f72fa25c3c7ddf3ed0ce203c65af45c8e98c0eb8d9beff8ed4725f
SHA512 f7ab05ab1c74f5eaa13c588d7ef8eb2f822beb7a80ea2b1d76aa2fdc862627948be76261f772a754094f1f1941bf6d5aec2150018488beb30fefa1784d43bca2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 8a596152ad321704d33b67ac1be4ce3c
SHA1 0ecf107ff9973390aca720c0d238b7a341f14f74
SHA256 c574d238b46c3234e5f332afdbb0b52fbb67b76449e30a05a1898ae9639501cc
SHA512 7b8e95d9c68c60831c5a7cedec4104632dd32e1a5174ec01951e6234b8788cd9554043fac8a18c8957386bad23783dbd4d6a5a521119cf54778772cf53cbb50c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 80c9ebb0058ac6a2d44543f856ca41fe
SHA1 f550874460718b9956c541a6e987681dab28e198
SHA256 8abd0bdac0609fc23de515d9c7220244fe60ff872e081caa339b628af2d62cb8
SHA512 07b17d261802371cc807252970c40f23489e7c406a5478e4dd84457d31da452e3b5906f8bd1b05f9d370b3505b14b4d6ea2e6d085ea7de19d5693a23049c9d8e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 129bba7bd5c8c954b46c6794c60ff0a3
SHA1 05584377c69245b8eefd81fd34f98bf3e4290ae9
SHA256 df615449e75d439ad89fb8b16f010c0bce599353172ca3888f56f0781b69afa2
SHA512 2b0e2db0259f2aad71f319cc1c5487a00558edc919138c26e94003be70d9e4b947c9120be56734e3de38029c9d6df1c4c3478b3bbb0164c20bdf89d5d7a04f0d

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bf0a19546a62058bd9189f6a8a3a08c7
SHA1 c397851d71efe82cc31ec1d7d175c29b84c3ab62
SHA256 f6029c3eaaaf5cf4758a42290bd4d60ced866c3bd90640571fa1406ed50f289a
SHA512 a1f3f3a70f8eeea2536bf4e2ba112235845766a41db54035f74f84ef97c841667d9f16159983289b42ed8aeb788e6d54e58191d8c10f49a28ce2712c7d32f577

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 d13e288c0c71d13ddcef4e8e08027f06
SHA1 6f592e11d92eb3110f237434dde5b7c4dff1872f
SHA256 a3cc6e54b562ccc1a0c3f1a5160bdc93d875a4760a35c05bd1a0dc04551baba1
SHA512 86e5a3c9cd5dc54d3dd7fd8f1ef6277ef0c347920ee50d88bc4a1f5cf6af1485d4de0e6d4d0a814b606936d07bd2d31e0e2a355125f6b88b290e964d3ab63573

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 7a2f450736d4d013e96aad75c308599f
SHA1 39c949bf1da42dd25d51d4ced1e1b938a694d0fc
SHA256 829a1689f04f00e78290cb7466dd4d650f019ac079cbab7a5ff515a6611bcaee
SHA512 701f20aceecaf4125d08ad096d205e95477b3d012a5bb434ffae142feb0a777250cc0fd6c74574b379297f360342545b8df1bb3ca8423d659f7e53509e7baa3b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 6ee9736b22d1daa48f587172c5ab61da
SHA1 c267b8222af6677b326b27a58146883f5950369e
SHA256 e4b99b18932a35d5bc033a16e9d8b02a250aef2e50c8311badc23c2337f6daa3
SHA512 4b41f6bc8e885cb755b82ab93f10f14fa8120e7a9ace8fb630e17b733fd6afa016b37e313dd5f8a4c7967540aafbdc2520ee78b3d9bdd8476f3a0a2b5021969c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 424ba69afd55b102bed94a81db248986
SHA1 54656d0410d7f3dd27d5a8065b2b310e8db741db
SHA256 118d44a7913030f7706f37a2a282fb24ce68882511b1a84c594b85909e90caee
SHA512 1cca5884a9da2525c502c543e883e1689848637a10e682aae8bde5f3a1e676c80310332b6c3c99ddb2d5c790bba78874af526e700d4dd513b8db6c6105cb80e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 e5c3a8c9e51ac8a392175b51e10ac13f
SHA1 ea7e5b8a9d290b6e0372b9331484528a9f51e017
SHA256 bfb8cdd631517026ee137c783081f4e9ad264554b49ec0e76f9653b2ee41f3d9
SHA512 d29ba7f51c51ea0ee9a82b1666f222a4290fd71263f4c11aeacdad452d4aa4cb1a73ffe871ad09c49616c1d462a36a382cff2e0f7f623805f1827e26e35405dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ac4f976a462b209e401995425537f844
SHA1 8f4ae9378990f44e5aa5f9b8aca5f60444c44670
SHA256 522402522e63f4d6b412b057165cc7ba3e02d96ab163d90345a1781696c15d2a
SHA512 fe2907646464272becefb954b537f871f534238d262da0614d1b2f37cf2b9469209ba13f6ec950b6781f706ee3ee9c19f7cf2b91d37ee41ca08b945da2d834bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 34fd09a0b406b5b68a3e81b9aa2b60f7
SHA1 500712eba56a56e11d4cf7aeebca9e75fd06e335
SHA256 923240d3c997f1fdd8bf9023908ad09f8285dd2fbb1a0d0fdf3c6740a47b7cde
SHA512 e712edb092d99bf234c301a3c00c1c6e74d36330d728e984a8231e5e1a29e9634219f636ae115d86f0391254e1bdc1f566fc7a6d317454e15574129e11cb386b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 8ac42d0fdca01aab73351068f783f71d
SHA1 0aa5eee8aa882f63707d1f348cfd368a4b4a3b05
SHA256 dd11ca0207ecc5bce2edf03098adb1ed3f40ccbe27972452193422b5c54a0ba0
SHA512 f121cdc0a4e358ace7efce1fbb12ca7dcf7c73be8e913525108dfe784094d98a85a5f9d8123c0c3feb857872e58cc8b2cc00ab48f10a2440b43af92ca8ef1dc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 5391124ee60a4133432e22449ff25002
SHA1 a2056f958a10c7328eada4a70f7191b66f030223
SHA256 26ba5d993f2ffcbb0132ae53b12edbb3d54c4a00303d2e7c541905daf5b844e2
SHA512 a9d0b922b589985e1174c54b97300fe48cf2fe4c684410995ac95541d27bc40d7e824efda5d572a178378a1f0d8c525f6877fd302cf6c7971273e9a39e91bd0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 d5953db1ecf0fde16d43743c1b033a2e
SHA1 981ce25c3ce8116e5b81daf4073de209fa1b0c82
SHA256 7ee1491de2b43e91974f925b2ce0999c4682504b69b197a12ebf1d60668b99ea
SHA512 01365fc1e74a1cb7ac24ea79e244f5933f060318d16703c1580a4604fa7819601dcb9a742942232c57e8305035d58b83fb51ff8f30bff4bbcebc3c70797b4309

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 4ccd0872eed07528cda51c590352c551
SHA1 fb36241d3839aee306f0d3ec3c15f040dacb5597
SHA256 9f9860919caa43016c05c95c8704fd39c0852f89096cc64f20f08c2cf83083f3
SHA512 db62cf1353c1b196cb1c413580fb03433783a36c69c6e5e3689f36b59b6c1f56177b983ce74c879d444e1544a3601977ff9cc9c2dd361b5382c023c5b049ab2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 7da58acce99463d2636a4d41b189b63c
SHA1 254d2d0f9786049e0c252084fc1606197c8eac2f
SHA256 96d272c639145fef9914bcfa9fb44eed12ed52e1e336dd328ae3873e0543a384
SHA512 3ba8492819e1dd71bb3ca5fa675428d8ff6ca63a033a73402afa41babb09363d64feb06882187114a7e63d046e394700db4ceaa7021e7bdc420ed66c7c05cf12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 0bbe9d39cdfdad9ebdd6eac2de5cee87
SHA1 c615c5153050b082a3519d8daab762876b471994
SHA256 46b7b98df972afd26d4a482756da86a1ccb6ee02ed5e774aafdf7c01f07797a2
SHA512 dfcf257b61d448c0a817235f09f0da4fad237b7776a96ba5ca08578c5b008e922714ffafe835a550dc3f02848d7e3bd21ab09ae63f0291b56f7509c9d33b402d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 2e2c0704b9c7943d888618f5f20888f1
SHA1 839b257f2fbe8900d4bbc1d274585a27c8f48ee1
SHA256 e28f4ac229b0a350c6e294f0ce8ac50f86aad0b73218592395985fb5d8474151
SHA512 dd29bbf899ac2e00ea8eccc97e6bdab8462ed47805c5b1a8936faa76fa3155639a0905a9dd415291b95b6b9955b4401c0168d7c4749e93c3671509901e5c5d5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 701d0c1f61f7e7fdd990a10896b49622
SHA1 0d3aea34750bf1a83fcc886c0b53873be12333ab
SHA256 1f91302b4cb16edc53a72669b3ff1eef39efb9f95634533325827f14cda3ab73
SHA512 46b0f44e31b1216031e430a2bfc2310dc8a59a3f23f5af058935d13e82e53242f98600924c10932ee283cdf1492eca14652add9005fd4ad0109b79521adff84c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 eec07dfcaed2fde34b7aa6ad44c1dd55
SHA1 f508973b31c3c062641c39c06763efa8983eae9d
SHA256 0a8587026093071663a829ea5ff00d15d9b84547cf9a2522dba8d25293df4ee3
SHA512 13ce611844edcbf56b8245c71a49d9e1d70ef0daabe427a9ae4642c0352f4db48f870a652e016f1eaf22b01e45c3e1df8f74a36c58448ccd9449aa90da50b161

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 fa5b874fdd4493c17aab60ee9946763b
SHA1 29f479383947146d61bee7b9938148c47bf62ece
SHA256 254656f7b580484f31b7fa2f072a540fecd3dbb8caa9baeddfa6f41d6ccfb3d1
SHA512 6cdce7e611ca636598ab8dc8d3b4a5737cff202dabe93f548e978bb0835655030052b1fc2eaa2933aab9583fa410b441b24352ac3eb525ae94880458d6229375

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 fc123acea3ca12434cf521901265e678
SHA1 834b9a3cb1de6def97f17700d9762ea7d9fc3664
SHA256 4aba6c3d67b72d1f88e2e0821a733e8d51d18ea778682bdc3adef572d99242e5
SHA512 de6e49e486e61e8b179310b3595432170203a80192df55c1fb629d25751aca6326d5f48086e9cb31f664097b49d019e944391480c3552fd3dbb26d4783f3d08c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 91e3fde97849995dac87426f17d91c95
SHA1 3b14c0697ecd8bd34ed97a8ce6cc128289e0a3e2
SHA256 a9a875ec511e44481f851bde386fd0462322d3a819626cc36aa1a5b2cf3b2046
SHA512 b1517f3b0ccdc6e0c66e57be8370ac738e48898c48c842b145a9e093c65fe00d1a00a7a9100a69f54416405a1de324aaffda8ad363f0d6c85808fbad4b939581

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 2b12f1596d21629c83e93a8af893dac2
SHA1 0a27f272a3f94ff94fcdd1ce52290c208e3ecf2c
SHA256 063a06daa2c0600f03bd0489be96132cf0ed7e01bf490f401c804ee412c3af88
SHA512 5b2411c26c4ec9c6815a84b87bdb69fefea62b42668182b900ba842034506781aa69a9669ccce454c570ab59bcf01a531dd0ae426431d8b5e042676d7f36a746

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 a70c10f81c33b6f609dd77118c698cb6
SHA1 44a277d7a511542a1f17a6c1c6c9140d65b130a0
SHA256 2c6506fe96608fcd1db3f560d116e80dde8721e6a4901152beda6a3faf641e32
SHA512 9555dc2f333cd12979ae39650f795eec78e747526ded9836b7a5f0cffb9575261afe8fd713d6fef34f8c5d3f49556440f8935377969ab5cb560445137eafcfc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 3fcf41731577e8a5e545cd86ef4a70a3
SHA1 9bc531e6585e8ed742a2b2567291eb6fb118ae55
SHA256 9ce573257e279ed0276c54c1390786fd1b96dc8ce5843e15b6be17642fe79b51
SHA512 80ff6b39e239f132fd1332ba5a642ed90f21c60b342d096ade18c62e1aeb0b79d6eea8107b9fe61fe06d450b0c25eb02cbc1f2b7bd13d9df150019ef81f29307

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f445bd00fd70fefa28bcb1816955a00a
SHA1 f99b7c27ebf213f889ec284f51eb940be54e38de
SHA256 4717685128b54715c6930e054cd8b72fa6633b64bdb88b82f4c2d54bc10fd909
SHA512 3e419d26667077c2dd0ffdf1bbdd94553e0dbe699e176d7cfd3c2380934980d5a014f9fe059696e60f8cb8e1497f256fecd3c1fe178640283b330a7387d71c0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 e105dfaa3c62007641f590e1daf31a43
SHA1 d0faf2bb18e4156ad6c164ef7820ffe5012cfbe8
SHA256 c44ab53ed2d0c7f05243d8eb8b913da284c8a6cbff601bcb150c226459f96986
SHA512 3e8a24111cdbd13f038bff9fc86fa3d4d2a479cbb7aa48d95399ed869e17a8e68863d1715d6e684dece09650d525be4a717507e0d6d5ed3e35d68473e2f64315

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 789f7cc813ee4a13eb5fd311ce15369c
SHA1 a4a350a17e275e6c4fd98d5627708d1d3aa4dc67
SHA256 d8d37407f9457f19b392d86ec2462bbd31f83f41ec768ec3d6d287fd5f397947
SHA512 6cd2c761361d39145d2026a6de0829dde531058d54f57f7d2519cc7867df0fd5b115167d3a2f7eddf58205a8c90b7460565e18943ae6a05237385802cdcafe28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 8c6d22f4adf09e1181b59cdd1b995fad
SHA1 78c183e36f9185f18665b649b8ba1f71ba04029c
SHA256 882586d76d814e984d1ff86a5de163d03aab2b4fc3f82f2e25a56663353bf6ec
SHA512 3dd2d6eecb54972ea8b0e3c56eb229ab84c866588851e9d6bf81c15fe9289a72aaad350ce4b30a6dec5c94218d8c00f618cef0de63b3188656573465225ce3a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 039c8177b8a929921a0f7b4010bcb6f8
SHA1 41bb63c931d3037adab9f3cfa65ed1c49224d567
SHA256 89bc79a445c220fc86351136551ac6436384a463e24aa7d15a6d4c5b8a74388c
SHA512 6a3dfb184b5f08b1cb084659b11171ad988531653c28ba9e975551bf504a4e5bf8e2d616fdc94b8b865a660fd3550b7b20169c3515b3d95500ff266f8d3f6a54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 c66d24cbfc6dcd95b3e85c4c301e4c9d
SHA1 e52a20df07d2a25abda7ff18df172bf5639de0af
SHA256 208cabf423c838d8adac6a4d937671c1ecc0e607862c9c38df2374cbf76ac99f
SHA512 5ccd083dd19df05c3cdd4d8ea561d536e5c52d03271311a8e2a9374b8c7b573a6ede9b2b0fc5a0a637a77b92691d580b55ef63c0fca59c5c4e1b8e4dac076547

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 bc3949fdd1145d168bdf91a9b531b565
SHA1 b5bfd55170d84a367c1c7f3b12e56dffc8f0c5c4
SHA256 6b9f46095e94195e5daf7b3e66324c0e1c09ae662d4e05833fe0b137737aa4bc
SHA512 f25f3a756e23a2e18e30248dd4bb897303658663d0d522d180d73b7c5efeb19e337064299a082dab46f2aabb228ed065332efaf3ce3dd206bff72518415508d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 9f9c675286a7c892857aa4341fdaaa40
SHA1 e6079741378bd50938203f026af04c4f3f857a5a
SHA256 9ebfc85ac999eb8365e2ad28a7db6ad775f652e19208b75a54b6bc4c484ec6d8
SHA512 70b7700388defa22d18b6fac994472fa423808a12cdd8106bbd6563f6544f7392a87f8d95745265644fc8d4050290fb5fb7d481286ca5e42aa129dd9ca8d5c43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 3aff1c589cfe1ae1706a2f09e6fa51d8
SHA1 d314f3576dec18d99632d314104184e7b13e8a54
SHA256 0383916055449912d877f531423fa19f4ee338089d04e860c0a122e138ebeb41
SHA512 9f316973f81df6e2a78b9f5c4cb68e419ede9ab62b9660ec4348a8d4a997c281ecb53db14ac3a9f70e6f826186ec269b82f4a3cd4f656ce41c54154d4a538f56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6607b07f548a5aa7e1fbab0bf4835d0a
SHA1 558f7fad6a2cd46afc1cea0ddb64b80c7092d6bc
SHA256 63317b3008b31be6b08197f282ce622976dfb478a240f11eec3edd5fb8a56058
SHA512 6c2343112ec9482a3605582dd08122a833455a1d9137a56b5b89cc4649571acb9c2105274d46dae3f4093d99a71b14e3e8b14a5ab3ef0786df2df7360ce80c8d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 c1f45190fa3336f10ac184a06d3aba8b
SHA1 c33877768ca0fa40fe87b0a41fec881f3dc65a98
SHA256 1af61a194720572cfb4f32e2e590f4082dc76763d58caf7b25da5be29a770026
SHA512 7bf45a67eca9dfd83809d0ed18b8f7187c26f62a59d2830799506488af02f225a56b2c6cd7697c99f13e0f8fe5a82e0d983141653cec73d1ce4e6ce96c0dced9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f93602e65e2a3329571e3bda1e02d1d2
SHA1 3c46ad7ae84772e656852eb69547c562763dca13
SHA256 c3ab2ef5d1ca3c97c4bb8f43c8935a56f5fae7c9014fed88fa50d2e8d35d6d7c
SHA512 a69593646f71b1fdbebeec35081d4449f77e40c9002d4d3ab1d68522f30ffadeb4379adcbe68cb81ceff3f9be28abbb172aa0b4da0b90c684578ab67ffc86dc1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 cbaa5ad84a81010ef1fd77d7787475d2
SHA1 47b4be2c3affe9e626dd6243e03ed91b4c53b056
SHA256 e4c1a2a0a1d33d9550e5077a318d307cda0de4ddbcc779246ece0b2f6c779f3b
SHA512 e4c380dcdd02a36662c60d4aa7af6da7ad7efea1a320052a2d03cad4725eaa81f1dedb3bc2818ed97e0f5f191334465c07ff6adb57e5ecebefd4d41eff1773ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 e8cc389a0399755a318b7af9352a8a04
SHA1 9c3042b366d218bdedecf81cb5fc4dfca9f0913d
SHA256 241f9230321339966831fc80c00a8cc8ca9dbbbf0c363e0fd2274d69c56d0c2d
SHA512 ead8840d56356116cedd3f11e8d0e8e5ffe7eb7010839a23d95665eef93b29e9cf202b6700736c35feaa567a3bf3aeb742ee893dd2156e2e5577ba62e59f75cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 a89e9a56fa3bc05a4ea31fcdf09b0ccb
SHA1 5177b6c070cc59605de64fe34ea5ade63a96d004
SHA256 3ef49cb9a6937b06005746b44c4c8d6562c01f5086d9d1cb8b3f5ce8099b311e
SHA512 fa36acc065be0a1547ec206a7de42d5329b53fed65f9125aa0bfeb48a067180dfac70aa228b4ad3ad97674432187c8fa5d41b82a5236e7d1429594d61f33e710

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 342af442562dc10ca26cc1e63b26389a
SHA1 33341fb4b1ee9e0f18c931a29df9da0712ddb16f
SHA256 b5dbd676eecf3c1531cecc820e7074d6edc41f240aab229d334eeba098b32fea
SHA512 18ca6d9c905cd5801a2b1960556d774743ad0b8f5960f755795bece42d4bebed2c57db48cedfb7f5836226a1853349afeb55ea6e57c0f14156cf5f0c918d1441

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 6c7683a9ffafca89c48576b226999253
SHA1 f58167ee0e826a89bd0ef090a4a85be6f93ba9a9
SHA256 f77ad849f4bd0ba0197bf208d4ca2d248c6d441349db5c19c5e8e3b43536428e
SHA512 db8256cae5a1f912d18a05c48980261bf409d46799e5d73565b67d45745e11ff3f22b4762152b874ad0c53be04c6132172e6d24842319f4db7965bc47f357be2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 21433b8d5334629362f1434b5b3a9708
SHA1 6a180cdced3dea83dea36dd55f518450218f7185
SHA256 74a6f5d4946816c5cf1be388f69ed6a04c3aa3d184a3bc2d4039837b3adecd7d
SHA512 ee20f91e7891409b9d2c6fc5442ac572ddaa4286dbbc3943357230b1c95b8baa5c7df14b0a8ee42c692d749dfa3ba18dca8b731c929f2d27f3b36109232c6ff1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 7bb06321d879d6e30f5c9d759187652e
SHA1 a418355ef0593c517e656b76fbf4ce752df42a25
SHA256 01e2b28923b7ef7dcfc2949bf434b58c24219cb02c95791f432177d4ce72c7b5
SHA512 edbb5ea8777cd1d78ca66f44f4dacd8664399224704970335595e5110fa67f2ae91e12caf76636d61e683d661c25edd177c42f2f8e4883292d31cf7bc1b8f57d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 175f147c1143133ff334a6214d58dd96
SHA1 50e317da04c8d61e8cce4fa168740e3a2346de6c
SHA256 d5a08b0ad5500523b3197f26744a8fb2ea78f601c007bd54a6fe3f8ccce896db
SHA512 22da6c4c22089f944ee4fde86dcd7eae2e3fe5d068cd1707545c28d90d54a98519999d7660734fe996da342528819505cb11fe2990a065c5dd2c41954ced3101

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 c21b4693659551803df28d8c20a832d5
SHA1 f59d6d03033eed0ba374013409f312abc03f8101
SHA256 098a9261fbbf2d40f7644b65ffceba2c1495ab82efa89878f44a9bf663331fc1
SHA512 5950c5bd3d1856db15f42d16f54bdcfdd3c1fb370ede1d9cfda5d968ccc63e71548794a5234dd7a0e5714f96145053d9ac0a81f623e5c363347676ce82e2c57b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 dab345170373aa88ce0171837337bcc4
SHA1 220719e8779e4f07e6ef79a866cded4165beceb3
SHA256 5bb9f2077724973b91e36ffb51783368839cddb28a1c81feb0c64164aa75f6e5
SHA512 dd82df47c5c4c04575802a1e9cb6bfb3e04b3f05d1e2b0eef80b1c09fa6d6366f1ed31023ebe2a90bb12d5a91e97fdb3a1c926111d0047b2ea81f89b9b1be060

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 4c24a391f1e4a8f9649b837be88d3ffb
SHA1 bf3763636614142492f338af890e6d344ef3ad34
SHA256 cd355f4a36df71d5ef9a5b5d0238cb92af83cd6ef7f3e431df996da513702261
SHA512 dce2cd8d9aac27a64018348110ff08bae2709489d73bbe7fcb6b9aac07b5742875004acf6530fc6d8758445a5739cd57efebabc020c5c4aad43347f54b93b5ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 195cad8076fe671cbf94e417c870537d
SHA1 b2f680f5a8bb885eef2cd6407b59ac2de7942d93
SHA256 3c4a9b5cefcc0c3f5951ab9b62f513525b9b96698e26059fab75b0eb472a4311
SHA512 99a918e4b8b23fb92b990c9bc66132ea56c4216c9490bf793cbd306edc04ae32a461d758c450e011ffb80c93154afd4caa9a1073d16e61bd7b05ce54c3eaac7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 1bc8a0141981772afccc08132e91109a
SHA1 2fbea1157abd1efc1b61d5f5bf9a72d242897f7c
SHA256 b97119f4b8a09c8be8d73c33b40ea52c9723797f0e22f6e45018e092546e74ce
SHA512 c16163d200f2b195a9fa03c90022d88edcb391b6ecda6e809d47c7bff0c932921b951c9b2ba29c7d49c114f9c2c7527446d20b5b81450da955e8c109c71a5c04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 120fe55ed54399f60efb48bc5ed6626a
SHA1 91c000a4b78b659c07907d856e3a3dcbe7fec201
SHA256 d9ce4d43ae50bb947584d96c84f960e354a96dd34204e289a793c58a02e70c46
SHA512 ac460b44f2b48135546967ab0aac0143c10c9c4c9c89975354d8f35b02ad9ffdc3ef56b99129db9826fe3c1d04979fdbf4e16c143b4f19efd151195f5df51c69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 0cdd21470e973d41860cc45d08be719b
SHA1 130b3f2cd4fca0e4c431d089ba0b950cb284d65e
SHA256 c4825e4da1e5c6c97c8356381fa295cbc275f666f6efcab04eee91586501656f
SHA512 c9892d41e08811663f2f565ea8582ae2635bdb0c31cdc58f5001df31c4b6b38fe8fd877c03d0d01bc3d8811dc8e2f9da1a524b83f22c5587ae44a7c04093a85b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 d514ecf2ada750095ecec3ea12e75958
SHA1 ffaf738e4d052dad7f7977d7dbe41af3ee5c5561
SHA256 f663ede12698fff141ac0fad512f74ee92d0dbf10c58a2d7f209abe894626a01
SHA512 66e1fe75254ad5964991321817ea880af75942df170806def6ce38c325d659dca0d44439a223780a909fa8401004430f7a039641cbfa91a3f2a451c318e7e627

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6e781858e220e90efc306b00a67962d2
SHA1 02949fa07994fadf8997f0ac0ee62fbf38b29ddf
SHA256 9e213cfb6e9959b861e7e5c7a2d1b110fbf292f05fcc0f7d7709ac7fcc33b01f
SHA512 fd0a83b8e6adda3ea0ca725e578955da51e89b15368453b69d7dfa8d17b4ae158e83f19d52e0966a28d8c4dad68fdf211d6266c8f6c07a029e1a6347806b760e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 77f739191380de7e52ce4ef60ef4e979
SHA1 1d9f13110ff7b712a189330542a55e531fb29131
SHA256 f2a284ce3d9c6bd63a2e83aa8a49dcf7661835ce01fbf2211f3b9dd525be8c46
SHA512 758444171a78550884e26ff21672c36025789ee2bda7fab37cd4caad90b83b6a62d38c422395335590b10eb95820dd660b7ae44ee49e1af43fb637bbf55407ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 a8a20bfcbb03a2974dd9917d22dc2be2
SHA1 566ffb7231e5bcd0f20deaa0c0103dac59f359fa
SHA256 7b6b767d4fc71cacc93b63ef0973caaffc1fb1da7e4ae34c5d84ffca9117f5f3
SHA512 4f8ec9cf3d8112ba401a180a24b6d8b490d585b40e3c19e7e6ca5a78eaeac35d7d7b27afad427d43af51a62c9d60352cdf3822d28418c4b04d34dcce020c3eac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f16e4ae4bf17a2de24dc68fe529ec653
SHA1 de72a0c51cb43cac1cec17f034f4e440ac9a44cc
SHA256 154756e2eaf28f68c1cba083cd4bf60e03ce1a47189b8a907bc02018a25bd0d1
SHA512 33d22f033fae0ae40f750fab5da1b758a222b3bb0d78dde9a45a18510ea1d9ab1424e7706d7a0f87811b9d3ce3acd6e683001336fcac94b3456587ae4f2e7f1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e89c68540a7453a0af02f60008710e6e
SHA1 f8edb9e9e2f45f4b47cb63eb0fb3d85fe1a2d369
SHA256 d1aebf9f31f8aa8ffc8408108bc3a4a906bcdad587f246d1db287f7467013287
SHA512 3ab7f48f4fc369b93a0c26aadc50b67064ef2534ce26b5c7230006c73d32eadeb6af0940eeed6f44c2d4cab0c1a6fd70b4e709a228de2309457dec39b204a5e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 a82fc2e21bd02256eb3d324a4cf9f3d5
SHA1 fc555d71e919c2753aa5ed827d294f622f012862
SHA256 392323c6f822c3a6c3ecc3895c1cb4e27a8d1934e54f3beb76b21f96790983a1
SHA512 0be04a6e1fd16d815b6fb45378b8a07a635a977bc1e69143bc4baab3368c95d6d253c64354c48da1e1fcb62d64e5824cd214992d3805fbae28590a0c40ee2285

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif.EnCiPhErEd

MD5 d2824b599c581a152e5e82eee9a0b745
SHA1 46773721931259c788c1b9d485461d736ecca068
SHA256 6b0f07de31d8e4dd2d4a00cf36ca7a58acebfc663a1158454d8d68df31a987ae
SHA512 31f0cd8f99dba20f2b398dd3d08b43e3d8b30d89e920e7b1f2da9f93ce1139df8113e2fa464eb2b6d188f383508b05a0dff9c17bee911f665748debe88d0b975

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 a08038a56dd5a8430da84afc1ac25e70
SHA1 53ae6bb8ebfb274fd4c99118547aade312dadb42
SHA256 d48700880d68cb3e70cd66138d3536b6cb5c8f9098082109322ab45d5a2dd4bb
SHA512 7b5f76dfabf9a4d42a2db55bc904afa5004d847cb893cc5179d0985b3611f8a913c5208b2437be40913347d2f36240702253f3f7e6f58935350623191410f42b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 31112e8152dc0abfac03f9a996f48b55
SHA1 cda5d167fc45f95cd4bb7ffed20dea98356b5f62
SHA256 b9d13b05b7405238d76a711120bd88f19af40b2e835d313e8c435a1e16482fcc
SHA512 7a1447c03866a84f54833d92135b9f93160b5b6bdecb007d489c718699eda7f045828c607b0666eb6fd65d9468db8395e57ec0143680b75290941b40c7c5a00c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 0ad31b401b2f54a8ec46b11d19770d18
SHA1 3813962c9867b4972ed644b498c316b718c79fb4
SHA256 bd74ef7e70b48f9ac3f79955f0a06407ebbd2438bf7176b944969c9fc5499d75
SHA512 338368ee82c34440fb9425fa80b5c36d4a144191536a58aa1f65560b608dee2c49dbe5cbb919ff6b29e176f38dbe5ec9f46e315928c7c664cc4c3aaae98624ad

C:\Users\Admin\Desktop\WriteRevoke.xlsx

MD5 282cd41f6c2a96ca5f27d9f4dcacedaa
SHA1 cc7a8be869e45ddf0ad77356bd3f20652742235c
SHA256 cac685af6956eafa06f6410d152936ffe67d5c051f66ff7ddd6950023066e506
SHA512 d2b444ad516fe0c45406ce4623a4960a720396820583cf9451cd22861dd9d99ef54220945b5d9c4212f386dbcd2caf750320a58c3e8c38b5d41886405dc06e12

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 13545d2ec68f771d2d83488d443e24bd
SHA1 394531448eb4aa69e54ad5a7113b564ce4c8e246
SHA256 0491749f804f30374c38386505aadc9ca3aabf954308d4e24fb4f507ee4a1ecc
SHA512 6df3140802b5e43c55cbf6a450e39e596d3d5e1c024f47d3ae45ccd1ffa0fb2c40085e5f18f3b3d64ead0b528786779d24cb104fd89a889e0d5041165a7363ce

C:\vcredist2010_x86.log.html

MD5 323b79ec803edc21792a50de4ea7f016
SHA1 333261f836f586aadaaeba1cc26e2abb8f219caf
SHA256 38d4c33cd7ab323b40b4024d49f5dabb0546272359a43398846f94cbe97e765c
SHA512 8d4a8673498e289e0c1bcbaa603edc9090d72899bf76230e94f97438b8121cc2d133dcca174068722a742a8c1a2c8e71009be35ded795b16ac74c14ff9b2d91c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f6e46cfef5980196bb303e3de02cb3f8
SHA1 81938732d74621ebb38d8d60cca28101013b29e7
SHA256 b8494415fab4e1fc5fe11fbf50f2a1f466d2e6831916fd2d727500b309bf53fd
SHA512 918a3e738616ef6e7e3b3aa17228acd9e1630cf617525158a910fc8f628cac55f0faab8ebdd33b52e4e6abc157c9d37fc2c78e7e021238f8fe5d3be4e08b633c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ebe92eed5ebd6b4cd612bb5641683edb
SHA1 a99ab66f8348ae052398fd1edbf86eb40ea09fc8
SHA256 1e1e240b3b89c9696a70a9bd4658f87f5e505e4db4109b8110963b25bae88279
SHA512 287a3ec5152e7fdf0e85cb4512a33014a23dc128face82bde27b43ad312e8ec2dc562fd67acdfaa13ad9615dbaf73f948a99e46f278745a2bdf31bdfc61e221a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 49577f4d8d16855479f77590f97320a3
SHA1 895d65242e88365016d606778c1c5e1cf21906a8
SHA256 95575a7fd8da61f586a42db01abda8ba56a3d56e46c8e15a5ea0e9aedae9eb8c
SHA512 ab02f2513f2e7e6824beb5fd308c9d560d5ba15639e79a0ca5cd9c95394b4e1011fa493fe2a78a4170db72b1bbfb87942ec32f8743f72b9984604c9c2d9aec53

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf6084e848372a8afcd85955f12a735e
SHA1 a59c2b06c486707b4932b661ee4e9b890040c480
SHA256 037f870304e74619250ce314d7590cf332663bc474009f746e02458ba9544fab
SHA512 db6c508a432f6919caa63e316e24dd533e7b6e33744e0603e3f9371452214235a04e107ea0393534c3f8e99f0f0815d7d588fff611e45eff7c4c34d7ba000fc4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ac8eb69abee19dad425d4ba4fa4169c0
SHA1 1e5a98d1929fc03de7b3c47c4c83ceeb343577de
SHA256 396e2d15aef3664b6aa3d0410bc0d4a06ca7e6879a6f1115e457a3b58d9ecf58
SHA512 fb045107e5e9ed3313dcda1d842bd31a99ae38d5d0fd3037819392fdc5a90a5dfd8e01e2ee639e0ba476d0e7f368b2c0ded19f684d5202e384bac393db1ea66e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 634dcee58db44b833b6add584d3bd9dc
SHA1 a86c804c8d9dc88c722552470b4aac0c93ffa3da
SHA256 b20838becec7af28fe21360e14c31788d24f3f9aaa480a35cec0f716c0b85f2e
SHA512 388334d89130c1b2a05736e1404998f2e1108d887444d46886798ba61b69a911ef4390c18773c426acc26e95ee9a1adafe99108e1e99fee0df0bb1776fc2b420

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 89dc14dbb6a9287df627c48d919eca8a
SHA1 6119b72375f12e876d0aecb1ff63e6f07edbf856
SHA256 0faf0c4334ec81b70f2a9090d0323009fd639ff8e7f22f41fefd5c0e49c4a4e5
SHA512 a0a0c50037595af7b76eddb5556aa85868b69e6f91d3367c31c5fd3ae5db545114e1813315547b42e99b1cd986fabfa43662335add267fc4cd8ffee2e5ae2e56

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d2f98c1efa381c6b49c7db5cec795d37
SHA1 bf1c8a1b1d690933915072b9c91ce9717e350488
SHA256 ca3b7f41993607d4512d9ecb35a6779418cddff033b9c461c2db64eaa5be768e
SHA512 1172fce7feef0224991fff92a593268bb6929c4d391afb6c10837f188c6dff7e3009f124d878aab43094bdf5ad799fc39011eafcc03046ff0f526235ffc0d132

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 9662d71ebd4d6ed1f57be964cbe6c6e3
SHA1 d34d452bb946f6ce7d7a740b18e8251443a9edde
SHA256 de48fdedcb5c8f3f8941f67903d8c68414fc490ff97aa00a05f2263f90baee0e
SHA512 72cf211b5ccddedd84480bd08bc1ece348d3fbbf0be11a60a8dff67375f24668b65f44b3c1dd43ef75ecbbccc98af5e3162e8e28e1c1ecfef37133ccfa876ba7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 99a1e04abae5bbb595db007a97450536
SHA1 9d527114e87fccc7bee21db5dc2691a8fac2b8d8
SHA256 48c7f9786c7678ea05222e394e5096403e923ad174900ae8eac6c97faf3bc869
SHA512 7549183b57cc8247edb0245da203f96e19769cedd8f2ddff5b7914162a3f000481fd722067c89223bc2465603da581c6b379227f4f704fb0d06014cc73c337f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1910bdc61a47f40764e99418e59220c0
SHA1 265664e44ecf386e245e44d451c0a52f4d955f00
SHA256 85c4332279b7982dff2a5705a79869bf7b7c5e1bf25c12c7971268fa4a366de2
SHA512 8a8be835becf464508369e82748f04a438157d31c072f1c4adc0fe4c069b20c32b223919bdaf0540737f30aff0e9220f37a50f067ac356cfef01cdcc014d041c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b5c4a6bf1a83f70d0150b927deae3793
SHA1 b415339ad985644f52aaa115f206e46f400aed25
SHA256 a99d8904326ac6441a1bb3cc37ea5a6e2ee1265458505bce212397271fba0e3e
SHA512 f1e1a8d5b946b8d9e984734c902c98e62af8ee9733ee82c71174b137ecdfad4b59d726cffb57de77e341e77331e45eacebc407503a5fdeda6d6a86e9685215b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 1326c90971be76954d79ea26c6e592bf
SHA1 3c60e3499be27e2936f6ec9ebe1cf361af9ab810
SHA256 c4933a2268f2867545cdb373123a307c2073be639bc5a168b84f7f35903f1ccb
SHA512 b645cc7de744b3d64aa749fe6e254f2de40ec26e19f1f1f5ecd24ec32d4acd58ff51fcd5a03dce2139d7b2339944b595574b9973736cfbefecd74e7d9ccacbc4

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-09 08:08

Reported

2024-12-09 08:11

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe"

Signatures

Renames multiple (2186) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp.inf_amd64_614ec8e6e63777b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_9af3a8a63d4cb5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_a76330a2da8329a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\GlowInTheDark.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\javafx-src.zip C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Marble.jpg C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\185.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v1.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W1.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\163.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\5px.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\README.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Medium.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\CottonCandy.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_dual_mdmzyxlg.inf_31bf3856ad364e35_10.0.19041.1_none_7237a5a09aaf3d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ngservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_f49c969f0ebb92a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..-backgroundtransfer_31bf3856ad364e35_10.0.19041.264_none_f41b70f07139975b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.207_none_71e36689b4f98543\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmvencod.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d523267b45646e48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_77933e3a0aa617e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mydocs_31bf3856ad364e35_10.0.19041.746_none_28455a15d192643b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_de-de_1a9a9ffcecac9198\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4c80f410cdb5291\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netserv.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07bda80433e85870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\i_warning.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hgattest-wmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f510d56144c332b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\header.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\unknownprotocol.htm C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_64688973177a8a60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Wide310x150Logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_10.0.19041.1_none_57a5519767269a6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\NavOverFlow_Info.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b9344561b8bc947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_10.0.19041.746_none_9a7c8bfad3928afb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_acpidev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a1168fca20107098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networking_31bf3856ad364e35_10.0.19041.746_none_fff95d4fd950fcc7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\BadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wab-app_31bf3856ad364e35_10.0.19041.1_none_f89a6b0476f024dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.dsc.core.resources_31bf3856ad364e35_10.0.19041.1_es-es_d03782bf9e58b4c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\BadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-64_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.844_none_97ef5f6f3319407d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_da-dk_96174522c177d5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.19041.1202_none_41f8992b2292d6cd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.19041.1_none_a99795d4c367fea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\Square150x150Logo.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pmemcmdlets.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9100645818f6aad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_423fcb2660cc16d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-pdc-dll_31bf3856ad364e35_10.0.19041.546_none_842a8106fb96e070\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.19041.1266_none_22ccf50c942e2ac7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\1041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_b137064c4442361e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_adbc089469a13870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_10.0.19041.1_en-us_82d42c2e550c7091\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-100.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\03 - Computer Management.lnk C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-2.htm C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_10.0.19041.1_de-de_8520b4ab0307d07c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..4-payload.resources_31bf3856ad364e35_10.0.19041.1_it-it_c598f76f83cf7803\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ackground.resources_31bf3856ad364e35_10.0.19041.1_it-it_571fcc07de7d2b23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_255fcd60d7fffa61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c6da1c936afb281\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\ImmersiveControlPanel\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\memoryAnalyzer.html C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_10.0.19041.1_none_491f03a2b80b5701\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..clientsku.resources_31bf3856ad364e35_10.0.19041.1_en-us_435f0fb5c1db539b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_46f2a11d47bb9cf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..on-server2003compat_31bf3856ad364e35_10.0.19041.1_none_236fea524cf00d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wcmapi_31bf3856ad364e35_10.0.19041.546_none_27ee6a429550ef0f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_10.0.19041.1_it-it_ca6ed95c914413a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..s-appexecutionalias_31bf3856ad364e35_10.0.19041.1151_none_772068ec0224df49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d1ba47c62091bef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-holoshellruntime_31bf3856ad364e35_10.0.19041.264_none_96649bcf936e93a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_iagpio.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_421d9e87f2ef157c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartzoom_in_disabled.png C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tartup-fveskybackup_31bf3856ad364e35_10.0.19041.746_none_868c87747a5558e4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_10.0.19041.1_es-es_5503eb74745e685e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe,0" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HJQUJZLBLCMCNJR" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d8a8b733a25d11d02640a7aed1fb0982_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0798f82786161ca795dcd6a0999baf47
SHA1 d304ddfc3bee87e23a2a2ad8d4f08b8ee557234c
SHA256 a8e24865a0861f8281156eec1b3acb9e4a2e5b705923d39f07c860286510969b
SHA512 80b9d7fd8ce4b66494bd27eb0783c8acf832dd6c493a280e5e64cd2e8a9e0411c93015896fe965a01fad8c974fd2bbfa0d187e9fa1beddf4089d9046615edf26

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 b1a295e73a5b5f6a55a54e0f790e63ea
SHA1 cd29e9e01272f86beb2a1f138a1d195493b04460
SHA256 f606f6edb2f72fa25c3c7ddf3ed0ce203c65af45c8e98c0eb8d9beff8ed4725f
SHA512 f7ab05ab1c74f5eaa13c588d7ef8eb2f822beb7a80ea2b1d76aa2fdc862627948be76261f772a754094f1f1941bf6d5aec2150018488beb30fefa1784d43bca2

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 21b9fb1833da9bd74530a7ee4f7476a4
SHA1 cc567524a86d73d7d16239435deb4ffa102c9cde
SHA256 14fbbd9ed9ec9b226d877ef66964204afed5be1439d24b461577bbba8e54aded
SHA512 0be803d686f2cadb87fd1e3a5fbbc5e87606598f0e98ea5bafc7afdff8dc1606042ba614384bb25fd80c3c3877cd8249f4e0a4c4bb7e53b9c36a08bfcb4de7f7

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b13a76e2e3ac1a9da5203b219b938128
SHA1 0c62b321cbc7ef072a3290942e67823d8b6f40ed
SHA256 3576e0d2a34ce861d2e74d083bfd784d5845a42ede3e99886d9ae705a61ae9a6
SHA512 d6c9e9ed0a6a3bc25618c42838fe31c5bf6320b1bbad78bb34f7e98951f3d66ab697ae83b6922c6b7bf5a4abd880deaf4fcbcc9af82976904d5e08440797ea81

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0f75dac57e89a893f84174c93d05d1b3
SHA1 44393559d25c0f76938e8af03de037ec89a53873
SHA256 6b43d99792d874d04f5bb34bfc86134ec94a18199bd4822656db5769f45bc517
SHA512 e7a0e237195389a922552b5a01ea93b941bacc06e87e34f88fa497ec1146c1df4b7f0216ef7469a225afecbe0f45773d90c605b90477ea03e41bc028dd2487ae

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 94bc9616e4fff829474c82fdf54a0119
SHA1 bcfc410b81b307641fb71270c829eb79a23264da
SHA256 0aa902f83841f5a339d525e7f660885f00790cfedda060c5fa04da8eec24d291
SHA512 81fa9da03b41c760e30612208dd2acf8fe632e84dc079ba29c52a043e24a27b82dfff4075198cae4d0f9808abe4bd242b121569c7b1e9116b451e02af153132a

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 49de608feac34dcb7495ada0d3b94e29
SHA1 244b825549d5a5ef7796d71670736db18e5d408e
SHA256 ff1a4745f7056cb477049f133dd92f4a1eac8de518b66723ff900336aad230a1
SHA512 0356264ad3f372383dd37c9c7d2773691f062e97fc33a234b32f407f06f0fc9c4f43a036c24847a369aef8d767af2987816edcb90cb0b15b8ac8015475553c75

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 9d778b9be9ad9a7e284ba032653aa478
SHA1 76c846f4c26370c30925b00472bdd01422b239ec
SHA256 40f69c6befd7e979820c5750609a795e69da3e2a35cd7ce1ee3a01a14ea962ec
SHA512 92428f5f0c3ea8ea57402761a45edea928ba4e16b87fa8560b5d6f5f4eefbd6aa9789e94e975b6ff99e8fc4b7835a4fca0b26c1235950a68181201b0c68e9e8e

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 f5a602aad193ca61bafa833b93543969
SHA1 5b60d2d029bf6b7ccede44b98d3a572c959a29b8
SHA256 9d8f27bb6beb871cdc64bf61466eb7c3ae57cf39a82213c318bc9fe1de9ab6c9
SHA512 45274705eb3af580a2b29563b712b0b3a0aaaa49ed0c1b9dcd5ae904f818a292b13cb2b9f6c0c692eed626dee50824283527796acc750df938d806943d6e182f

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 a7bdec1927687ae8247602d657196a98
SHA1 fe80dbc8d805d885c3bef345a764f76d41269ae9
SHA256 2c32824c7c03d21e799bf3fc1c31dc69b64764443d947a0bb685c73764a99291
SHA512 dc129170ea6245743fbd1e4fa6abdc5f0be9843918f3d7a7ead5f23867cad475e98cac8ffd6a8827ca36ed8a3baa2e4935c40659a5127fa026076858f4e11177

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ce92cf72f12dd1e1390994a5b3b6f105
SHA1 509ea4f29c54c03dcd9f1b0b23e6c8ce7ddcbdf5
SHA256 d460dd5385e57cd561aac2b2663b2ddbcf34b88d6d55783d1759d1908974d1a8
SHA512 18309fc21c3a1f1ac3dc01c7bfb565d63cb3e5f1aab9b27954c09bf5a690470f84cc9b4e1236057be8a198c64f8954a134b62eb0eacbb7e92ada23f449d0b255

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 cae9d33ffd0f01339f5016ff0d75fb61
SHA1 8897c8d0605d9997d74191d2278a614847e7f1f6
SHA256 650b70321d9045354c2c5ed95351289eef3899801229d035c1ca55b30b6f623a
SHA512 6b7a7b6c0aa6f2412843c4378e697c44d9c9bbdfacc9916beb69b9120eeb30b5b3765bac2df41a8de02177a9a96f97027850c620ec59c40f6bf0c8466dc7d65c

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 8c6994496f4d9a37222c1e48668e6d75
SHA1 0ab69413ef3f1969515a4a514ab621e18252c2bb
SHA256 a9b35514548771604a3cee1a63c30d20ea66e1d78ea3f8f44b08da77ae080981
SHA512 4c8d2c6e2880a04d1c8e4f0a2bd9d0da24be5fa43305fd614a76f01d6dcfad803de6592b8857b3671c4dba45ec8e06e15bc5a349da932299d5290f9a0aa12480

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 6db95c02d327129927661747f97ff627
SHA1 7c27b505bfee30f482e49bfee7bcf2b0d44011cc
SHA256 056c8a5bb0ec3ad3e6756d516ca8ee29b7de985e23be9bf8e640736f609704a1
SHA512 7767c2fda66cdc782698a6cbd9d41fcecf0c8728cd85a00f35c9b7a3f0de8784602569b69f3e5fa24cd99b644ab5c2c8d9413d261fc0a68cf515e2d2a934a0d9

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 acca44e2a3e1e9f197989d7c234bb0ad
SHA1 1481d80242211307b878021b1a94eadd254c6297
SHA256 49c3a25c32a61e224fd08a350902f1c2e52996d758cb34cdca570c89a9390a2e
SHA512 31f550cdffca51be6b1f61710eef484926daadda7bed0eea322f304dc0f552b2077b96980ed39ab2c35e548668099dab95e4ade3d454b02f7533ae903786c1c6

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 c00d5b47f13d864fa70411be8f3dc0c8
SHA1 d78c57deae84b50f5779f720577d841d339b9355
SHA256 f882984d0dcc1d246ca240192cce93ef0ce5207dcb86b50a923a08e529ac5c3d
SHA512 fe44fbe1ab39546232f7902b1f3bcd17c0d323548a323c6bf3a48b963c4c27ae830653cdcc18ec97648c308da844120b640f670555390ad2f1051d40f6be4ecb

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 0d800dd617aa792c978b62d630b130dc
SHA1 ba7eccb383641f594d0db86c44435e93a44f956a
SHA256 3c2aade2305dae350d25336f2727df75a9f6d69cee6e7d908fa4973a83e1376f
SHA512 a14b504028f9a54c5253e9c207f4b3386da7dc9b303400dfbea8a1772e3510d007bf19fe865508c9d883724e4bfe42831ca13d3e5d8dbe42415e5b6c404e86b4

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 82f30e54f8e5c414477b0c5f76458e02
SHA1 0ec851085f783bf8b81ff276a7d1d65264b62c36
SHA256 979732d4b4a72f390da1666b9bfb34cc6b17b73c424e1cc00e27f5dffd467279
SHA512 58c41769d86742029ac47cc0560926e07566caabece7fa44ab8e08142dca408357b7c34eaad36cc63089ed1488315a3134777eebcc49fd381ec96d947e880dc4

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 d4b6b336dab0540e514e27dbb5124855
SHA1 e744ab01e7ef123ff559ecfdbe55484d9876d8c5
SHA256 098fa3144c54e9722908ae380178a9d0aabff10b55416cc7252a1f5930057308
SHA512 cf3dab1c496a857cd82eeaade465469d3a73ad3d3fe9a3bbaeea76878a1d87b8c0fbf7b41f862190d058a5ff040dc45bf79db2dff8c074eec2ff30967bf3699a

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 ff254a6d2535fa3167ca1cd7ac15edfc
SHA1 b9627379ba723584041a3422817a4bcb8ff9a213
SHA256 acfb8ba3e0654e2361cf8726f9f8a2833af886f529e87770f5bd59cd4d8544f5
SHA512 392d8c17ab770f7c259e94ace38bc442913c84a858ac4b0b42ca85a427d21e89104bcea95bc634870904fabaa2fc56205aea4a54f14ed7468a5fa2b685e4c4d3

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 a56f6de8b9b92c4f7e8d6ab70d3ef8b2
SHA1 4e8b06498dba37e07e2ea7cbbaa799ef4924395d
SHA256 70dd981fac5eb64ee23491a7c76e61f097bfe6988bb48f8516640fc9a9bf01f5
SHA512 3c7f65578bd786d0877885b3a0bb6a924304e472fe886fa6807fc2f2b498ce9d991962e6e868a82ebc695f21fdd0a7e22909707a07b9d480b285f3de8ced7587

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 67d2019624c89cb3106ecb21b4f07ec2
SHA1 aa1816622299b47733e12b9ca0b52932061d654f
SHA256 080d1f38e20100e505d208020bba11e123347853f024fc7e264058019a7d664d
SHA512 3efe8ed13f6b0b9c979a5079099e949afa15b93c17f6472922229dde3df509b28d0a755623a15330c49c50f09b9e735d5a31160eec721b1351db8939cdd9ad83

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 22d567aa5e7816a1389680dd23080c89
SHA1 ac400a8c2843e5bffcd853c596cb55ab5663c654
SHA256 39a27ac6a8b5c673cda79a7b01c4370b43f85a76bb6fe4d716a980e794e70ab8
SHA512 09f3daff1ab283dfb07176b84faf552528dac016cdad6c071a92f4857d4f279d48aac5f9a4fd1f0c8369600957eb8a967543eaa3b46be86d96cd1cb429771bf6

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 fc4bde9a28d7a21d68ea9a32a40935c9
SHA1 717403e318ad54809129da6f1a2dddc4082dade1
SHA256 23f19b6333fe5d7003cd3a28ec2787e43c33d6bdc231848ac6106c1ba69bd4e3
SHA512 964b7f83cac0cbce9cbf489568ffbb9f02ec7218b331a6e1b61519a4739409d112c950a8112a296eaa1e2c3bb884bbb961667371aec00a25a274e57589936d90

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8359820f64ccc01e1a5bc982f75b1eb5
SHA1 96a102a1234d6e0edfb0e98e5f9d07b80f970c3e
SHA256 dbb4ca0b0075d4a3bf70d29ff68abbc82608b3f92046db16b3b5a1dfadb6059e
SHA512 80b0b7f9657fd0ae5dfcc8679bbdc6cfd912fcfcaeda3ad47d84a5d58dd1c6d2db3d47c78fcf828fc903a05661153f3f33bd18e93ae321f0a5d8ac093785fd52

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 bbc7bf2d0ce1bd69da7d6bbab3d3e1b7
SHA1 2f1c76e802503fc334dc14c3ff01f748932945d1
SHA256 6d07235147a9c8a429cf672c9c4620e40a021ae5af5a1f56b398c232b831d7cf
SHA512 6518874f7565c15cdddf22b07517d4994c316683d6ea2172463a85adf1219f23a3393af49907c05fd241fb1f47097e5ae9e8ac8d4a3657d3fff85bd450997206

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 8881d9161537b3fe6ab309b85bc4b81f
SHA1 07852277a750fcb8933eb3e4944f62ba99f9a9ee
SHA256 f7e1eabe2394f7a76bdf7b259408862646b5eaf3d38704f423662e37311f92dc
SHA512 704d0538ea00e7e3428a0369fe12aea2f05be75e1c098e3871e088cbec31e6194aaf54c9ca93b20b038d284ce90480a73bc9905725305dc06a22f53bf2a04cda

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 71f7a4b8dc296a0679e87a1bac87e9cd
SHA1 33dfd64055458679a1310861376c4320ec333c52
SHA256 23d2b0e975277f536dd84aa114193a7ccfdf09b195f88acd6faeb86bedb1622a
SHA512 84ae2b8db1f43215423291b3d2d471951cddffd4b7799f521cf00131eeb65aa91cd58319027c1e8f57b176cd7c018c1a913bb1357fe31e8a04c2df57b78a10ca

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 90b5a58e098e3d66fefc74d8595f5c7c
SHA1 e5fed1807379b8798d25744a25be890a6c8dffd5
SHA256 730f00f33c6a7c9b17c8bf0eca7d60f58e38f492302e5b6d1c33e2fdc04e3d2a
SHA512 417f08e14356b60c8d2f714148e03983edc7d821e570f909d33f0ef6db4039b743404265134ce6d2827062b88ad7a030c7684424c02c7fce48a01607e73859f8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 15398e13f8f5ba13f3f9d2eccde9fc53
SHA1 8420ae7165faaab47a0e9360ed4b59a5edc782e5
SHA256 8a81c2eeced224c0c5a94a821e539e72b9ef24cd7fd61ed5a804d20a9de6d80d
SHA512 bf08ceac8374c9c606a738903f6a0f6f33a0929a5cb2275dfe3e07a92832d193b0adfa314c10f173915696ecffffe2a004847b67e0775eea0193404eed728103

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 3616f549a9abf2fd1b92a8ac8314729e
SHA1 1d5d483810cd1960c9edc68c3147a4bbe62f7443
SHA256 9b98b9c08cbafc2353ba55ae92c94a4472f6f71609d56a1c763e703321893249
SHA512 cd65ee91667e935a2c7a8d6d42cb2f02dcda8a2d35f96c917ab1b3026f453dcf92b9494a746f1b51c47f207d836a53084a358a300832d638287555be85cef5d8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 29446d69c3d1fb6d8619fcc14389d3cb
SHA1 3e0140691a77a4c4fae1140bb972854b401ffca2
SHA256 20bb7a0ee74f41b6637db8521cbb1b2e81c30d5e664d6dec094f68373ca60f8e
SHA512 e15f24f8d61e03321ea1fcad8d8f4a47fb79d310408823f4a64707711ad9f57714051a07a419bf3787e40e6f1e9c2a8bea799085cad3116aaaec48d33cecf523

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f8d4f74d289f1e8c183662d6fe87ff04
SHA1 4217c605ba7104aa57a7342445aae6cc9d6b4424
SHA256 9e0d639e97b151bf6135561564aad7ac7ce53f44eab625e0a851b5bb3e685fd1
SHA512 0bdce168610165a67ac3068a0f8f4aa20d3f8e35da501b49799d75567083dab444826b2d6700eacbc9164473f789e9da8f75c3954d189ed3f863598eefda2673

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e49c349e173382bdd6dcb3e0f4d95746
SHA1 9a2949f1cfbe6b3748fec5ca3858e238affcff71
SHA256 7e5b836599745185d38296f7cb7f2c8584b021c07d1976b7e1bbdc8444d6d97e
SHA512 8810d7b788cd8d3b4fcb3e2151c31e93a1d6f6a085b92a6168b7264dc0d37118f8904ce4108d9e98caebaddc632ea34b470ea87961587752e59d9757df7307b1

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 10c5bfc39dad74d07e713fae5308735a
SHA1 38c7e2b1dd1a7cde2756f05b84138eeba35ad53d
SHA256 201a11d09b6d90c11089f059537d699c0f6081ff74396a4edd7d95cfa9e88527
SHA512 2fca9056725ff6c47358f6f6d7ce01fb7a41142e79f9b54ff0936063f51b992d18d6df1394c40027bf944bf2f5cc39416241a095182d9f41b94b4a4a1e78772d

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 a8983011b12e068790865900fc3ccc4b
SHA1 185fca57d82ef170a8d1baea3d50e554c73f2593
SHA256 7199aaad0a41ebdfc5b2b711d383da173ef9684430cb0a0cb29a5a8b5da30c18
SHA512 e58eaba6af57fc674f856e3b7ec53ea701ea4e432f2e0e6db2221741c22b2a73bc8bdc9874012826d7a543d02d09ae2d8d760ebddf256dfc074054e7cb610914

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 2c25b523242c89e19f4a5f196fbe09c3
SHA1 d9f9fd74c9aff570e48fe3b3f4a155481c97e89e
SHA256 52737c8884532c8983249d6e4a92244f427518ef5e02d75974d23ab9309e8b1f
SHA512 cace7c3b2f1e91d68f5436f14eed95e02d69fe6ff688d18362ebf81db43b6b28d0423d24ba4fce936024e69ebe4287c3bc710c945af1ba196f66105c426c6d1b

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 38116cafc9b5a88f67b96dd675a435cc
SHA1 ba0caf30b05d91ab2b68a2f72585a28a64d68565
SHA256 f3bfe6c0438c87ed7d77a55d407073f7a11340f426c7d1e7febd5bfff13155d2
SHA512 330c2caabb4c7f7b93db948f2d989386762601f276d48e665af2c65d577a5cdbbf37fba06bae28170c434bf699629ea1f0e34c07c7b7be8b511c55ec690cb60a

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b8a894b2c57ce3c8ff027878ead8aecb
SHA1 30ffe5560166ab6fa29693170a98f46eaffd6c6c
SHA256 6de6b88ca4846fbc48ea6039ea28efd6f98cefe81a913c5d657d171c41ab4ff9
SHA512 dd78d22abb8edcb0adaf5b2f1f367caec6d0a6a15667dbb6eacb1c78476d93321ab42406e5859a4b23b930e1ecb91e91468c90d3a384573ee8b787f9daf9f620

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 bc27dbd0644376aebc9a56d75973ecd0
SHA1 5893fc0b301db389fc3835a21d3002546ab1af6e
SHA256 e0531968495aafa93004e5876bc9890485d69af2b7e4e736ed28ac2411dad245
SHA512 e2a30285c194bd28716ded1327faac2857f2a163b3f2c87c9a25f29ed43f2b4da89a97ab9c4cdc37353cbb6081b33fd37d6dd58c3413a771d6161c8c70f39ec6

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 8bd0128d02525da41630765746fd27d8
SHA1 9818f422f44abef21ddf823002f3d6b1e8c45713
SHA256 dfe9547ac0388c10a81672d19f4c2dc371cc8113674e374679a8502512271c56
SHA512 4cb31febb5ee25969bec85ab57ecb4dae086bb49070028495b1f5ae331f33754f4dc3a66d70693805ebf6efe61f2e945c58d4ce280152178b47ef731f45f21b5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 57029a2c2e734e25cd0c887a3c5b6043
SHA1 e251d95c89a4c25aafecca7605ce7115fea8672e
SHA256 fcfbc851cb9049ea25de49ecc32251b14a2637c936efb5736eb57d6eba4457a7
SHA512 de10c543c8a379d7662a55638ea3d95816fb92305143c7b83ce97ea4a857337c1a8bfb5e66bacfcdf848c1a1278529f4cff8296375292c51fc447e08103f5253

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 c46172555c0ef2efb994207444f954e9
SHA1 512420202d86a0fb6417fbaaca472fa505da225b
SHA256 a40c93a0b7bd0da5883e054e7ec43ae98101b01726e37e8df644cee23c1a8363
SHA512 bab4bed0169fdfa427fd88dfd8a1b3a15c49bd7df9b35697305121dde785d0aeafb9bce56881352e231c48f42dc428825a884b5e1ab5dc3b0e32afac46909d1e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e5c63471d5b4b6d4acefe1e88785342b
SHA1 4e547f4e01de5a840790d596b44d29ffb087f26a
SHA256 5df774981b2cd6051328d216c1ce6dab0029ba7ed5b12f46dd95e2be6a5c1196
SHA512 66b965278faf2a23e1d96ddc922cc26b849cb8d656c2f7abd5e1337e4237774215ab505fc8618edee780c105f6bae63c3529ff76e463e450c827da159c506d1b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 45c0b5e6f5ee4bf38b73906c44668adb
SHA1 1d6ae4975c73524dca658031c141c15e1c554e8c
SHA256 bc3fba9459343847a2062c4d85e2155c2b086fbf0571b1cd91ffd1789b59636d
SHA512 f4418a7da1f3ef2fda242492ff41ca6e5e3b6cdf7c21814abdf1f486a2a32cb0492ad7d486c733475bcfb742af76c0dae36a35bae6a6dc6cf15838160dc227e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 8b8d049c66504bdfc1678dffe568a0db
SHA1 9b1219252472fbbf1e322367c7b1468229d307c6
SHA256 6cdf238984b5394c08095e067dc4f429f57c14f2efb502fa6fe07bdce7025dc1
SHA512 a0f01f2347f57be5b4b6de38106287e700ae03fe66553d2e15362e17dfb9d243423beb7a515948a17158a55b1975b03bd17e8a75e33fc94f89380bf08a793678

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 8efb53a501eba3588f847503aaf3fe5d
SHA1 2d56562b806b2f68a5c7595b3c93e1e8914568f9
SHA256 7904d1eca415c78d5e9f46d7cfadd4c4bd3d53fe4b586d096e93cfc48962bf8d
SHA512 12dd38aa4ff6d93d95fb6c495398f444346c5e47136c04009dec092868b65044f51b2f8958a8a316c2708ee31fc625e369353e1539d09a899e04f7626ef6f0cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 06436226600864ac9682481f55eb9f1c
SHA1 de98ddff17a441d5fad7e79ecec7bec63b848aa9
SHA256 7fa4de5a301878c9a8ffbc33fcaed5d34cfb89c7c1b63b75da962aec5d921782
SHA512 943d4ae6d44464137bd64261145ba35210c2ca946c91343eb7aa68c4d1e2f41b71b75e94435bf5ffc9036a0f8a5ee0ef9712b497a4ccf1b2a29856a2da41bfd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 ad40a91ce1dfab1bd1eaa403d9583d3c
SHA1 86095a01006ecbfd702ecf34dc2f5ed6b40fe537
SHA256 0e71a93d951fe5b2603e7e72b8b336b4ce6a729ba29d45e8b6f68f5109d24e6d
SHA512 9093d7863fe1c8b33021bf06a4e6f9f40253067800af2cde59f5393ff4621af6b8dc74cf0f3a347e2fc5d3268d72cca758239ad796c83a516021a9f3c508adff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 bccef4b71b948b984a4e99710f73bb52
SHA1 84dbbe64f8989d8135d0ed7576dd4f9bc653ef82
SHA256 ce9fcb49b53987e17eef1b8cf7e58eb332114858a0079766f568bee6bc56fe7c
SHA512 eaf7ff72dcfbe20469be6e767d6ff6725d256a8f3aa376b1f525d541543d8e6e7eef281e144d76b983f60d903de537515d4bcbaa6d57f73fb203080467003d8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 e21b6a391049a0790ac92e35655d2c53
SHA1 ab87da520f88f7ba42efc50f799924394b5daed2
SHA256 33b7708a59ac4d40ec7638b0361c25256d32f31b2d5b738759af5b2ff1bbc40e
SHA512 d77a733047fb615ef592c0deca88f4d5c0f040757dee4f42de3e7c20c70019818f933b1d10c8b8cde272326945d32980e079521b697334629976eb32980f2d33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 a7fdb9a59cf04ad0dbb64f225c8f2c2b
SHA1 b6b9250ccdd349f2e3d9ca4fab11aa5b0264165a
SHA256 70f47574346196f5d7b5af96bad834ea08eeb253a99d7f5ee1e9592328a15e64
SHA512 b84b0cff52d20a0b8da70212a1e78e7b920b8b35e30685effff19d99aca19e2bd780f23b4a8b3fb3bf728bb69ca70437d150d231d2b7f31d15cf467a76678924

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 05b0b67368a68166f2230bc82d99a38e
SHA1 7d49deafee23ecd4d992791a3fae1bbdca10bdda
SHA256 c2cc2b9426a02c09514d57cfabd3dd2078d2b8e2f08c67aef6b4a35c7a52653f
SHA512 4d698736d8c41058cdf993613d7b22dcf81930acff884e4bbf11674e354c4e60f7f221ae67f014b64df214bc727373c14177e4855f59a25d9caa762a1a36e932

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 2d1b37c55b3be13cbe4659c3aa0a0fb8
SHA1 f8d5f7e6cb7a297886953863a3cfba684d92497c
SHA256 638a8ce3213e9e889e6750ec6f8f24eae96cc79ab0dc5fa898c68bbe6c4b07db
SHA512 b85baa3477bdcb3bb0fa812a0aefac84d9bdaa2b815d3a5117817bbf9c723455ed4650dbbc5ee274db4a16fa15d3c0b0a284145fba4d604b0ae6937bb3db838f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 c4c4b6f83186923f98728182fae5b372
SHA1 329df9f89c75aeedb59cbae328ba4c248c0d1016
SHA256 aa72c05793816fab9b16ff27ad1ddcaf1f4aec5c6cc1f2e4925ecebff1c9fd76
SHA512 b0d16d47f80fecd983af9e0f90a142e47e0a57298f63643b3fd2d5c8293980f9e9003cd634ae84cb336b7dfa0f7298009414591f8f293c959d4b9033cb118179

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 dc2f04685c6e34955069a5345718dc45
SHA1 e9c8f6d3f17420e546f3b3ad664a93d967ec0db7
SHA256 6ec7427e439e64ca5ce219cf8431e4b1667432fc31034429bd61750fc03d6fca
SHA512 c48c7de0a3bcbe43eb9ec2826aa41751c4f9070b959d802b25ca44e55a6229f524de0da030e80e2a3d664515c83f35c0331e38d316762810d5c5619a5eb63fdf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 679c5d28f5e78143dc1f58dd20219182
SHA1 29ced8687f32e926588c018a16ab62dec201543b
SHA256 e1e2b3418508e6136d5ce13e3cac66b0e1b6409e5d06e88b991c43047aa803de
SHA512 7433b8a7915aa47c7af54a32898064c2980e48f88b73f7a4d719754eacb81cff1787122d4e0420cb41a4c3713c24dd441d5ab300129cd28e9e910530db6fd1d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 618c4f3cbb48f93546e475d7f89e826f
SHA1 c133adb16a27742f8039cb43f2ceeb94ee73f0b0
SHA256 3fdd6a8218d8bd4d642b0c34025d34fd0465adcd6c0161b9580795fcfc3c363d
SHA512 aa8088e395fbce928b48998728191166ba55ac8f273366a6f59b0c61dee6988c71dd904bbeba7ab458f82fd91897f085068d5601ded546fe5d4835d2c8fee784

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 421c88f266db7f9ace894617c921e1fc
SHA1 e860c10300e4dc43f626420c16a19814085e5a82
SHA256 db5ff3fee6b54a4288d9d7b9a81e36261bc55af3cec7008e9547da6f940f333d
SHA512 efc5da7bb7a90db01712a1810734c5db794c83e3f60407003aa17b7959e501e08d75d1007671510ea4dc0ee1091a855e369a41b779fc21e99a5539a27cfd224b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 37a306c72fb6c81de395c40360f78aa3
SHA1 d9b889eb278d7c85070b5905bdb3058b976d9a72
SHA256 02ebff342de7ee035d98d227908cd40a61c6b329b3cf72c001f24137c7d9ff71
SHA512 73c4594bd789261df6a17a617022abe9c75336f4b20ecda9007f42f69075df3ec3353c0fcb3ed094f73fb84c31f0d972b05e4ac1e078e1f15cbd47be1a327f7a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 fd907bd5633ddf64dc686d97447cc1ab
SHA1 db64d8abc875e0494735a08d0e2ad81573f099bc
SHA256 c8a98db6ea7fab6629102ea8d56f870eaccbd6f6bb7f5030c4674aea2cd592de
SHA512 1bff99b74ded3ec610dfc898d05e7859bff94d6989a8bd72dc71f14f9c0f7ae3209aa945b0b9c416789e48e306b0f006e5796fe4fadc54d2ecfb438989efec5b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 fb1001bf348af67ef44f1a74a9ebbd82
SHA1 5805ec134fd77064d2f442c340c6b530f232e2d7
SHA256 8be8019ed61e463ec0128ee9e2576c33e1538dbfb81b6d5225e05ff47ab06b9e
SHA512 72f9fd42440c344bab240712cc215dada3ae66e7792c23d858d0330c4bee89d7ac7f89df0f4069cc917502d3aa731e19b44a6a6e09de8a1717062fbd18aa9949

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1aa5a77b4c740d514d2548dfde695e50
SHA1 83d7e97bf306d5826ac51a5210137a81ebe4ebb8
SHA256 e9e41a7191e891324faf8a2ad30a87c839f1981606a0d2b01a941060b57c0742
SHA512 136eb8b80ceffd5621b18fb7078d8d91cdba4f5376f02ec699b0ed9d9faf3e1423578483d05c7b4f5e519664d41e50f62a0bdcb136f72d0059e0196001e06606

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 e67365f803e5ea363dd3f41c039666df
SHA1 d67b65b4ebe2bea44a8376ce80b03adb3bed2737
SHA256 33907c4a1b049908105e3e02b8b5f858fbcaf713d6c2235d9117ca81e11895dc
SHA512 e99ca4266c1833c38e5adbbbd9de18a5cd7ba15c21c5d9a1332d16f1b1b8bc38dfe3eb1608c7b8d247f37aac5991aa20d6d6283025ddc390852c9f78dd3954ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 fb99fc23abd6f55ebb64d7c973afcd37
SHA1 ffd9f58aba2db5650f4e2dbd26cc1fdabcc87757
SHA256 3836c000801966f5b45bc79c0573d7fc820078406a3ee36785aacf25a41a406a
SHA512 2df6cfb0de75f008e1f7a2988b666ec002a63de1469c7067fca362357a2500770a07d0d0824e08b7036eaaf2c2090e7ed11cd3141f9c19c5b1af0b4bcecb6ee6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f69e4d2ffae012511d61a765223e094e
SHA1 011c54a1b32c8991a52d134cca96e359f76ac44f
SHA256 56542e45c3bf520f6f070518f50eae4906a612347f6f3cc0279d4268f6012666
SHA512 28ec54d48239a2706c5f8914584ee4f6330908404d05c669e135a13eeae8bb0b8cead8471f43bfc32ab318fc2702b278d0a07f7ac370f51a4760868b1b351a5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 0202bb30e013bb8915e7a15a3ee1c518
SHA1 0852bc95918f6101c53f9a73d8d6722d5f8aa132
SHA256 2102379882899e66007c964c465bdde979ab0aabb1908d673d30a210123167ea
SHA512 7429f2dae228beeb7a02dca3f311b19ca1f6e8bfce2066bbe774af4929a180320e400a19c5a4559a1d616538ff1d472b8f45b57a398d292898c3a39076c79201

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 2e2ce737c9d59a85e85a136f57b625f0
SHA1 77cde77db4f594b269f6ee2d8a2ba007eab06e4c
SHA256 f092ad0b5bf0b8808b386766bac58c74c78f0752d6121d9063c389abf6da61e7
SHA512 25e1a63b3403c7b00bee4215c32428e1613c54a99f4895ac63af0168f43921e82563062ed7f1c5e6374568074f116d1481a196212cf589dcc09f832b88357e24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 34dd18c6c6e02fe1f417e21353f28467
SHA1 2ffc3a60752db104d6be77b5c30f1cc3fc084719
SHA256 0dc7d13e6ae5b7e2d515895e6468cace51f70264fe592c89c6ba685e34ad27b3
SHA512 d7a95208a3817288ae6ff946390ecc758cf0d22e67df8d6194ee16453b09bb0427c5f05e21f29a31bd5ff7523186cccf15622128c7f472a8dc17866e190fe32f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 1bea1d0a743bf2751f4d4afee1474ade
SHA1 5925e61d5bc22cda5d5c2591c20e4060f9639d12
SHA256 62a4e74100f6057270208ba843ff8b8513c06b78f2c4f4594fb130b64946b5df
SHA512 5f84a3f8cb097c1a16b2b96111cb96280a81df8490413a18077e3dbc1b6aea4d11ab27bb1ab998f963e22a244a36878e1e1f6ed1c093a6dd0f52ee8c06da4ddf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 10faf5be1aad44bf971ebe5b9444ecb1
SHA1 faa5337c8568cc043669da64f92eebadbc2ac178
SHA256 2cbc28dd1998d30d307f32a5add1efe01d1916be033c314856f40d384a33938f
SHA512 53cc91d77402154273b076bd64e75c70a7924fa32cfa725807cff38ec16ff9c71c6d515941695903d2a20a42870db899c29d93b7d7afdb39c127ff0dda019b28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d628642f911c1f15ba3b99aa6e9d06fc
SHA1 d6bf7bdfb310a0997465c8128ba07b9d5328c285
SHA256 d286f85b89231a834728538a1753de6b17abb33939c1783c31bbc912296bced4
SHA512 48a1705a27fcd22a43c111184668446770fadea5bbf80f4fd9e23d06a41d8ca217cf1c24135f2073555ac3ba034366e65c7aa34dd50aa599cd5337d1bd683bd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4122c2ae8578181051d6508070025069
SHA1 9809965781ba9fb3cd9329904fac612f322353ed
SHA256 f2eb754d20ec029d395767c0719ebc8258418e644c79a22fa12738e3292b8362
SHA512 575c0df1076253fa28ea137271dd7ef41fec06381ac2bf71e11cb1dac51e0fa6a18432d46ae14447bde3fe77fc7a4fa99cd82b277b3cbaa33ee7086060eb86af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 0809783803298d2f6ea8d9898b529aae
SHA1 a41e8a71edea9c9d47a9de6ea51370e73353d009
SHA256 594061d1a8d0811e6f9ec56f14ab3f7ed348dcbfedf98ecab84d7b42c7aa6dce
SHA512 1c43e3e75c13eb8647e3d80c697f7ffad23ae882112ff16244203acd43ee51cdbc42874786728210a2b3139074b5dc0f67addd855c52bc9606f918687ceb21af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 9c9260204c21fe000234418733d7a800
SHA1 6f4b46e0f6e193ea815bda9c3060e8ff1843dbe8
SHA256 dfada79ebb9ec8a9a9f676250696a219f29e8542c9c65175d68e06b212f305a4
SHA512 3378ef1d094b41f804073da6bca4956a2accdc63425e7950938d14ff1e355d68c7b34b5b08f78a0d9ea5f960b20fdb4a38c0beed8a564d68cf03f452bc4f9d7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 e17ecfb6fc5114e5826bf23ad7f0da14
SHA1 d7a2e8e6b1f272eb4768144afa41886968a83e54
SHA256 180f5e473bb9dc9f0d378dc42b26b40293a3ddc3b14c19f957e6f7dc774598b6
SHA512 45989f5f6124f143d30e1f436ef8bc6ffc68544a7bc6e539f4e84b75025e6aa33c5b7fb071fd3f43975bc1ee3f65fcb6406a4ecda0e2ff47b960b809e812f212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 bd6f6d71f36a765183b5e37812deb732
SHA1 c1ece897a5cf917cc717a7a3d5b451b6b4b69858
SHA256 7986bd838bb73f6dd5191fb8101430d347be237d8ee99a4d07757a63b20b4bee
SHA512 f6e0a48ae0c97662f2f4ca6d4e654ff3615efcaa56b8cc61572ab13c3476b7906748f4deb2f9def0ef1d410061e1617027b74f5cfe50e22df7855716d82c3dea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 dbb405de31778a8845898ae06ea316f2
SHA1 28896b143adaa7c19692ca6971d6e25a0c6046a1
SHA256 83cc00eb5fe0a9dc1803b6c14cc7b8c4b37520d0622741c2363bf53845a195d6
SHA512 9c44b8389ffb36376e431880c5db5e2fbe8dce451385a732766e604f6024894c41c4e5193b931c34b3c93f588186006cb8a076c08683122dff6eac3bab9741b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 b07b0ed41733d1b5083450d4a760623d
SHA1 309fed6b36ffc0d274a6876c29af3709ab857594
SHA256 5cfb6a75a8a79920b86ace23cb6a5f87da178d43bb1920d9b6ebc62428c6099d
SHA512 e7f56adb32f7042e42e542281a1a2bf8f7ec1ee17d73430fbf5b84d60beec25eebc69d4ca3d2af183889e561fa64e1f37b618136815f9006290c5d50612da106

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 c198a08dbfc67a61efac93c5683c589d
SHA1 9ef1547e03a3d909a245db5b7ab9a3f139da931a
SHA256 7099f419127398190501bf51850f8db26a97ff8004bf049d6a60e7602e8dafd5
SHA512 917ba209b45d4fd6831e081ce81f9ab8a851f568b7a38ae7785c953614c84460405f9aad72d4feac15a6cb004d569b35028fabab1fcbd67ccc8a9a3dd96fe22c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 1b353ab0b1236d196bbd4fb4bdc89cf0
SHA1 91b03e8bae0925258dddb495c45f09b22d177fe5
SHA256 7de64953cc8ef2693d5e87784a77f4a5f3bb3175af1a1ef962be0fa7c065d4db
SHA512 6ffa833f48b94acd1391ec775fd2990a597ea4fa0b5bcf3edf7ff2d8b6ba2ee68374a1cf6bfc47604622fa03175e7120a7056f7cacf5ddbbf8a4f6be11216462

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 4d0f2ed428b98a2d7b9ef41d343e648c
SHA1 46430c49b01353511143dd054acb48d40813e0ae
SHA256 8c3f51cd7c9d223cafb11653ff38a857eeb35f39b16d3882140dd53dc7b5e917
SHA512 3afb5d7967ef09cfc0ac75423481bd5d97e75ce6127db17621fdf608496b91898b30e4e0f4e8f8ed099958c097001f41b1882e12c975b9481d767d1bdcb1d853

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 54e292f735b55aeb0a26c35a4fbc0dcd
SHA1 b3c6ee3bbc2eaade610cce8136d270c75fd7999a
SHA256 f00e059ef40d5993009294286fa4a9c3b9b748c05c6d318c43f52af376adcc95
SHA512 93e4285b9502c07e236b6362fb25cc3b753de4e29dde4b7c23382d33a2fd28a24e4e5b7282171e19504af0b34a484e92c4e206d16813deea67d083dd13450782

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 ceb2e4cb8781db62d7f2fbaf34a1f324
SHA1 1a8ae511562988abae084a4f0b496a0c7de5a165
SHA256 e367f1604326475adbae6df67d98c2c601927d94db8e385c58bf633bf186295f
SHA512 bdaad30a17dc4b7749446a2e926bfbaeb4914c2de5d4a87b2f77bff65b8d511a8dc7305e9a94ae5ef20407dae3eed2dd08765dd165e5dbc18437443a8a523dce

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 120cfc93c3b8cf472ba5152acde41310
SHA1 a12d225ed1d9f714038b42c892fac53cbeb2bbad
SHA256 040c6cf0178d5d20f1eaa137b5504e4b51643fe46ceecfdfa150674e8c3d167f
SHA512 aa39a2fe4350f442a5559bb23b9a4d885ff580ccd266d640ac66c56e397655c8565106fcefcb51ffd2caba6ecc46a67040da6aad96b10f955a785a9a487c06e4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 5c9dffea8229d7c3e37cef17be9b677d
SHA1 a5baa17a7770db7c16a71933079426170d95264b
SHA256 3fc41b97ce7d84906ac32df8afac4fd3072bdc07852f3eccabfefa7011886aa8
SHA512 5a5307e202e4818f5da016b8d9673c5c36defc3be87e910ea77162a921d7becec2c1ee548f8aa96d2f988ee74a8d78ab5f4bbd7d1dd75715c12892b3a20bab47

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 d4f529f4ad850ce251ea9d05c544a210
SHA1 b593023921410c217ff91a40164e65a2b1d528ef
SHA256 ca0e6f96b6bb1222e55b9d9e53dc754546cc75742643a939075ec98501568456
SHA512 56900b218f36a3cb3d1f798c571eb6558f7ae619fddf424a5bfe2ee17e61a012c45f6b949c71b2cc39712235a2409b0b0120191c31a07a14edc5b5dc4d86fc16

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665202749736.txt.EnCiPhErEd

MD5 8eead6a3807e775ef5234ebb9c8182bf
SHA1 3ee7ed173193e2ae779d9eb992af3ebe4d5790ad
SHA256 63a89325e224309161d11c24bd621de8b7a1de2e660f31bf6065bbea38415cce
SHA512 3e9788ac3bc4cd7bdd456e763af556cfdad00858916f5f12f743d6645ec3ee0b14916fa03777a1570f4fbedb569a775867369e3a04d5525dd3c7569775eae6d9

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 7ccdda0430a259e97b4f7262137926b6
SHA1 197f4410bf7ad97988e462ca4063e0c49d7bde46
SHA256 2fd4c54f3708a5f28e7030aee00f5a2cc392abf3b1242ce4ddb4e228de17117f
SHA512 8edbe2764d5830d49d0ea80f310ef17b95acc4be7af5e2c0617d53b862cd783362ba5d8586038ad130ee139cb35a90f0ad642e2adc82ebc9f5823c02121798fa

C:\vcredist2010_x86.log.html

MD5 e32768da5ed4acdb8fbec126fa0434fd
SHA1 d524b4f9542b5d80aca35a0748eeb0be081b3351
SHA256 9d8a0b0248a368f59bd424821a21d01bbf56114bd30be670fa77e7aae0367ace
SHA512 656fe4ce93160c0fc7654213a899a195a9fc479ee9a3fe04651544ce84be935cf0cf4e3cd60f75b7aee34b57be319b451c6232a29595e63d205b913d182f2162

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1910bdc61a47f40764e99418e59220c0
SHA1 265664e44ecf386e245e44d451c0a52f4d955f00
SHA256 85c4332279b7982dff2a5705a79869bf7b7c5e1bf25c12c7971268fa4a366de2
SHA512 8a8be835becf464508369e82748f04a438157d31c072f1c4adc0fe4c069b20c32b223919bdaf0540737f30aff0e9220f37a50f067ac356cfef01cdcc014d041c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b5c4a6bf1a83f70d0150b927deae3793
SHA1 b415339ad985644f52aaa115f206e46f400aed25
SHA256 a99d8904326ac6441a1bb3cc37ea5a6e2ee1265458505bce212397271fba0e3e
SHA512 f1e1a8d5b946b8d9e984734c902c98e62af8ee9733ee82c71174b137ecdfad4b59d726cffb57de77e341e77331e45eacebc407503a5fdeda6d6a86e9685215b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf6084e848372a8afcd85955f12a735e
SHA1 a59c2b06c486707b4932b661ee4e9b890040c480
SHA256 037f870304e74619250ce314d7590cf332663bc474009f746e02458ba9544fab
SHA512 db6c508a432f6919caa63e316e24dd533e7b6e33744e0603e3f9371452214235a04e107ea0393534c3f8e99f0f0815d7d588fff611e45eff7c4c34d7ba000fc4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 49577f4d8d16855479f77590f97320a3
SHA1 895d65242e88365016d606778c1c5e1cf21906a8
SHA256 95575a7fd8da61f586a42db01abda8ba56a3d56e46c8e15a5ea0e9aedae9eb8c
SHA512 ab02f2513f2e7e6824beb5fd308c9d560d5ba15639e79a0ca5cd9c95394b4e1011fa493fe2a78a4170db72b1bbfb87942ec32f8743f72b9984604c9c2d9aec53

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ac8eb69abee19dad425d4ba4fa4169c0
SHA1 1e5a98d1929fc03de7b3c47c4c83ceeb343577de
SHA256 396e2d15aef3664b6aa3d0410bc0d4a06ca7e6879a6f1115e457a3b58d9ecf58
SHA512 fb045107e5e9ed3313dcda1d842bd31a99ae38d5d0fd3037819392fdc5a90a5dfd8e01e2ee639e0ba476d0e7f368b2c0ded19f684d5202e384bac393db1ea66e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 634dcee58db44b833b6add584d3bd9dc
SHA1 a86c804c8d9dc88c722552470b4aac0c93ffa3da
SHA256 b20838becec7af28fe21360e14c31788d24f3f9aaa480a35cec0f716c0b85f2e
SHA512 388334d89130c1b2a05736e1404998f2e1108d887444d46886798ba61b69a911ef4390c18773c426acc26e95ee9a1adafe99108e1e99fee0df0bb1776fc2b420

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 89dc14dbb6a9287df627c48d919eca8a
SHA1 6119b72375f12e876d0aecb1ff63e6f07edbf856
SHA256 0faf0c4334ec81b70f2a9090d0323009fd639ff8e7f22f41fefd5c0e49c4a4e5
SHA512 a0a0c50037595af7b76eddb5556aa85868b69e6f91d3367c31c5fd3ae5db545114e1813315547b42e99b1cd986fabfa43662335add267fc4cd8ffee2e5ae2e56

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 9662d71ebd4d6ed1f57be964cbe6c6e3
SHA1 d34d452bb946f6ce7d7a740b18e8251443a9edde
SHA256 de48fdedcb5c8f3f8941f67903d8c68414fc490ff97aa00a05f2263f90baee0e
SHA512 72cf211b5ccddedd84480bd08bc1ece348d3fbbf0be11a60a8dff67375f24668b65f44b3c1dd43ef75ecbbccc98af5e3162e8e28e1c1ecfef37133ccfa876ba7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d2f98c1efa381c6b49c7db5cec795d37
SHA1 bf1c8a1b1d690933915072b9c91ce9717e350488
SHA256 ca3b7f41993607d4512d9ecb35a6779418cddff033b9c461c2db64eaa5be768e
SHA512 1172fce7feef0224991fff92a593268bb6929c4d391afb6c10837f188c6dff7e3009f124d878aab43094bdf5ad799fc39011eafcc03046ff0f526235ffc0d132

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 99a1e04abae5bbb595db007a97450536
SHA1 9d527114e87fccc7bee21db5dc2691a8fac2b8d8
SHA256 48c7f9786c7678ea05222e394e5096403e923ad174900ae8eac6c97faf3bc869
SHA512 7549183b57cc8247edb0245da203f96e19769cedd8f2ddff5b7914162a3f000481fd722067c89223bc2465603da581c6b379227f4f704fb0d06014cc73c337f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ebe92eed5ebd6b4cd612bb5641683edb
SHA1 a99ab66f8348ae052398fd1edbf86eb40ea09fc8
SHA256 1e1e240b3b89c9696a70a9bd4658f87f5e505e4db4109b8110963b25bae88279
SHA512 287a3ec5152e7fdf0e85cb4512a33014a23dc128face82bde27b43ad312e8ec2dc562fd67acdfaa13ad9615dbaf73f948a99e46f278745a2bdf31bdfc61e221a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f6e46cfef5980196bb303e3de02cb3f8
SHA1 81938732d74621ebb38d8d60cca28101013b29e7
SHA256 b8494415fab4e1fc5fe11fbf50f2a1f466d2e6831916fd2d727500b309bf53fd
SHA512 918a3e738616ef6e7e3b3aa17228acd9e1630cf617525158a910fc8f628cac55f0faab8ebdd33b52e4e6abc157c9d37fc2c78e7e021238f8fe5d3be4e08b633c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 1326c90971be76954d79ea26c6e592bf
SHA1 3c60e3499be27e2936f6ec9ebe1cf361af9ab810
SHA256 c4933a2268f2867545cdb373123a307c2073be639bc5a168b84f7f35903f1ccb
SHA512 b645cc7de744b3d64aa749fe6e254f2de40ec26e19f1f1f5ecd24ec32d4acd58ff51fcd5a03dce2139d7b2339944b595574b9973736cfbefecd74e7d9ccacbc4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 384bac30c070a58d1b7996213484d937
SHA1 9bce172e760ab2d5646ae3c5591f63da8b6661ab
SHA256 9f0782d88714925e269eec476e583543b9719b5bbb904de0e1d6f7bfb5da81cb
SHA512 00a2c9658fd4bb8c2fee0f743a50ff63e2ef5f071b73a713e7b5837fffe3ce0710a41c4ffa6ba61ffba453e46591bce50343b9752f2c870504e08154ba563290

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 aa8d5c8afd306086530f44beb64793db
SHA1 cba8bd0f1f3413e4ed06f5952e9ab93e6800e6a2
SHA256 bccc2d208e458be3ce40e8cf9ec3516435293bea4787a39f5c8c8f49d0fb709c
SHA512 5446e65496f916f99cb1b740815a7cb2f3406f664386de87f3f560b10987e9b36b1842112da2f081e6e9213f21dc924ee4f254ebaccf696e131b911f4e31cc6a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 4becd636bd4e429f268b362fe5ebfdd7
SHA1 18e47038e26e97b225193874816983c44e8df01d
SHA256 a5ad7c78b71e615825e20bf0b80fe451122c992fc394a18210948a0a3a9abb77
SHA512 792489f62628c271eed020a35a9e95dd50bf699490098d87be06c8817c0b2958acc2bf764b4301e4aebf0f7a1e0a46b17be4eec2818a28283dddef1b4b710d9f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ba923a704172917922798376fe411c0e
SHA1 84a4a3b274dbddbcfc6d947ef2d62e0b664b87f7
SHA256 a481da906603ba1ec2428a02bb3310ded597e7530a9aeb0b492ace9cc86ce5c7
SHA512 85a439968984cf463616058eeff06cf61acd9bc2406ad59f38ffe1fbf01144dc4b270be86fe82cf8023907b409673d5ed4f60ca83061d63edaef0bec5474a1b8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 834df86574876676ad42abcf7cb3e3e5
SHA1 6d3c646e7dd0f908e4f46ef1ceda971f0c8c81c3
SHA256 6bcb5f7094ff3dfeee3c51514521e39e996cdc86149787228ba7b3fbd3e57620
SHA512 f2aa14cf149dbfda325b0af0ee53ec72a8dfbfca133fbc5d2b170ce1abd652f395963c58420a1bd9f0033b3c901229a9499df935c0f0023522440c84f5875037

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 83298d45adbf781a95d1fc3b20d58371
SHA1 2351f283bc4050825fc3011b88ae4ef448c0b068
SHA256 60781a040a08464bec19548ad3bb2a95ae8398ad21d6c1afab44bd55d7e9c72c
SHA512 a769e73df90d8cff89d3a8b556acb608de4aad5b23faa5ae2159cdb3e30999a471ee7f3ca0972358aa6c88ce11c2d7ebe56068d23df84c074f1a5e9719c8578a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 0c6744d6718faf539f421c567c134e76
SHA1 a8b10427f55ff351e93f37ca1a5430dd34fbf7e3
SHA256 589e21bc36a10f06625616621777ba60ac4a53d260ece5ead744739326cbdfdd
SHA512 87d7fce224e5c96d3d6b1629ecdd11f6bf97ab06c8feec1f426ead72ae9e3236c61a5dbbd508f9b7e8b5f4b5ad016f51b3e0e4eedbbd9838acdcbca251c4c7ca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 f22fa8cfe5b675d70c19d4424e0d98a8
SHA1 9e84d93af2cd50090a253f46c38ce5c774ad1a74
SHA256 c300b982f0f0d91b87799439e1014abc850d0a5e245f9295de89f7a6dc448142
SHA512 ff7383178613d5b11fc1d524962fbd08096bfa4d77e86220f862a64ef66958d4859590fd945876ec03fd978c1eaaa91d80010272d1c12e7f52f990bf8a86fda7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 f2845cda5d9bd97450dc91b449a5c7b8
SHA1 84a8ba07d5f213b76d55a8dcab52d3a94a8d8f52
SHA256 1cfe8c2bb45fcb651ea304fe7ebc7a5cb1c88c5db9f01b824420f8c0363d1d28
SHA512 3c84c19afbb20b28446ed838774c8db3e07e89ea561ad509d9fcf5c83917b61b3003b39ab91d793cb1cf099d4605c9a7390919d3b44d6745d968be4c9419b31b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 555ee83d3c4f1190c3e5c03e501a5ad6
SHA1 dc16930803577768faed06acc210ab96fae185fc
SHA256 2a8a0ee0638053ab3e5d89adac81d570c19df6002b67f1f353f5338327520439
SHA512 0346e2790a99c7ddbaea2a3c7410fe50a412f11f0bbef4e0a7dbbf8fe1bf786779ef324046006292c5aeeb4d2719647edfbf830a4bb28185b006e72f21478ca9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 2756cb74653b5e6b426be817c1c7eade
SHA1 705b4a48bf80e269f897f20a74638154b6171dd4
SHA256 46fa5caa00cb479ebd08afe6fedcb1fcaf0f2f36240f5c1b7dcf6cf05efe8df1
SHA512 667c1a8446ff20a78c4c2e98d306f42731b62a955d22e08845c187ff1ab57c95748854ee3abeb86a05ad62c5eaae8ab544a5815bea1d28b0f05888c59b4adc9b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 9359d7af9f109bda1c44c83fe7c35463
SHA1 b61685e6a950596931b8f1eba9cafba4163736da
SHA256 074f49cb5f0cc15248428f6eb5477530fa7fe1a6ee14b5983c18ca9bc43776d5
SHA512 dd7294bc0c493270a529c0bed101bef14d4bab40b31d1ad55473ce8bdb2eb8b9df8a9f3102e6c72473659eb52fb2177ab7a5f1e346e557749b0a48b59e5ba59b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 952ae3efcc47962ea5543556b16794a2
SHA1 0325f2574c5bcd8b9182a545063c73e5a7f5e66e
SHA256 9cc2e120aa2ffcaae53573dec1f0c31fcd39d356991a16099c19708c83be6d6e
SHA512 5619519f691cfc0b3e95fe1d9b0dc5cd6904cce886ee91623b9d77804b87837d4a5abc3f07bb613dbe266d221225c83123f5361d75566cfb7b650517a5cbabda

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4fcc4f99a7b14c9fe820ae9317fbebe7
SHA1 d273ff0ac8a6178b13580edd3d0dc0d9c36e6a0f
SHA256 9bd3fcf3c275338c27ad35071642a849d8070e08752e71cb43c8b48d82c4d180
SHA512 57288df89e814816887b9b7c5e1e32574d6ed218b260119563485e693c4cd509c2a0db9c22d4d727c6601183080780acad13829ada3cbde99bee41595b1d606b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 8732fc71352ea840b9e62280a927381e
SHA1 abbd1f6574d89011d3feae2bc1b54dd27f2d8c34
SHA256 87bd717f0834d24ea38d049f5ad85d4f09f40f1caff958a2befa4e2e2d563854
SHA512 4a3858b6158a159c5ad1ff654604df734b06bf1ce0dfbd368028e31d56ba8046fc208a9549d8f78bbb8406ea7adf871142d9af4bb154213b5b13f64e43e6b537

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e62229f1587c1ae96cca032d8f3fa97e
SHA1 deb89413cd61fca5a33dbd642335239e9baf428e
SHA256 6e78f298a40924327b4210be9a8619ab8e8f6836e6e5a5f1ccb03616899fad25
SHA512 add4503b07516e4783303ac82b1375ca1e1b15b6bf01e195d7c6a75d968c5683c33da2791d8d1d054a5ca49d8b1591f20c563cc6823fd5636f46ee39eb830aeb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 75b9787182f82d18cd57818a33329ac7
SHA1 78a017e81ab8d536d1781d0a0de362b25386593e
SHA256 b29c644946d7883b31112c230afaeafa8b0764e91ed7857aea7cca39ba5c80b0
SHA512 cb2bf5cf735636b892364b127c95301d632e2b98d474d005d12e10edf9f1d079653592d968b888a42bff00bb309c0fcd1f51ce11a8a28c060f7efcdc4e7eaf1e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 995579078d4a89a0df66f29d4f13f256
SHA1 2ab474fbbf49d28c1c7960f6274dcb4ad4734c5c
SHA256 a669cf0cd09c5c8c14367b6a2d70c1cf7f39d9fc9640a8c4fef24c101e31427f
SHA512 57ef87f0bc39e87dd9d7fd0f25a7e8a9c8b78f64159a468dc17febb4667046fe21969be3358a5b78b13a97f4c3b9e7e7f727d65e10deff731729379df1b11127

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5d65fcc18a7d88e72921be51d4cc65e2
SHA1 f6146f4af1212022ba0f9d6504f24b4c14b14e63
SHA256 cdd48236aa0c9c685ebfd1dd63f4855fa5531d0864020f182fd76018b3d79b07
SHA512 b358e1e7a2daa2951bb2e7501f88a6237a15449b26f8bbc01177155d95cf0a1d1e7d013dfa46f177d1b84a3e123c0f99ded83fe30fd33389b338b6b12bdb4897

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 786a60aa5adbdb8f5b11199fa5b1e527
SHA1 3db6b43e2d5f96997cf357d7dc83b71fa5e719ea
SHA256 60d09f524ecccff55456e007a1afec1d88fdfcf69af20053567b3834887ea7a4
SHA512 7dc5ac80921cc30cf4ccede56f65d015bf60f76fc1b48533207d4535cdf82a600ba0c76467701fc513a53f7d3e38a4c2a9520484ffd2e6700f61134c08a12b13

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 d0932fc06e7970b53321f1fd9663d5db
SHA1 36d6f06276e9056e0bdb20489c8687fa4361d3c7
SHA256 33ad2e9b942cf2b07365d96c90a1b63675ace588ec43ba5b979432624f2df675
SHA512 15eaa523ce13412ea4b6a0a3d84ab5d67eb630134060ad0374049662639322c9eb28150d5142691b121484f29ab0257178b63cbeef373d712c8c7c51c45bc88a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 9d694093a3397169267223cab8a26b14
SHA1 e6814472bc1b2a4b75733c913dea23a23c16792c
SHA256 203c0f9d5abb134045c5ad5fb986169e590f79b13c1ce0aecd2253180b0f44d1
SHA512 81bb2ed17162bca00c915097b4ba46678459354129af3009671a48fbd495ef1e7f6bddf7733e0fded515cc84a83d843daaea4d1a22abd50474fab64e9adeb2cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 3521609fa4e31949490ac91ab1b3cea0
SHA1 912abaa5f2e04e232f93913fcf7958799299024c
SHA256 9f94cea9b5d50cac392bc80a065471d1be991c29cb2e5f5ed35a730e9408d688
SHA512 56e72b2da348e12e8d3fcbff4144bd7fbaedbc2aeca7720a19fe4493afc1a3ee90ab2a96400e85470cdaffcd538f28272a5bbc6877947585dc05bd0e978f09ee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 805002d3a85b219c5005895e5e870802
SHA1 18e69a21d8285e09c0121158ce36c33c3c962885
SHA256 c4f1db595f4fafe107d7c25d4a43fe802e19dac4ecb9d70d41ecd807a39d0ee2
SHA512 bba3afe2bdb64bc8b3ce364881393d31b3be0b12b88bf8d4078142bbdff05f5601d54e285619e147742b0994ed26ac4e1983e9c41493fb9c5c02e13b326cf648

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 cf63848782ce5eaf1403c66b56a686c3
SHA1 f7403769e6b599d15a835419a11c800bcf8f96ca
SHA256 e4da6734be11dde6e534566253593374e26e6ba911fc035344191063bbf2d380
SHA512 bf4a372eab46759600ddc5c9649c115662e34990d2f3e17173cd998daf2cb829b352e6c7fc9d1177257307af4c7f7fcc65f837091f9c03514b45b4cd873778cf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 bb2dc6f8b9dab83860c7d2ec4e0973d7
SHA1 fa715524a0d23136512d875982959e69b5ce0ad3
SHA256 b79026bba6f67f702fea2a1f4ff86e0f0aa86a8e8659554a7bb225d21aab5f0c
SHA512 070364308635fa6410920ed91fe59a771db2b30b659b54b234a11da608c5e91496ab6ae6fede41eb38d488218f7937f9aa694bc3611a0a599fea2009656ed0a2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b444df3763664e660598aaf5b205f43f
SHA1 f67d6f7b839e77ca7f8acf80ce4d9f43e4935a22
SHA256 cb36cc8f9bc0eb2da4070181823cf52da44e2bbad241799bf17bd0b75b64f47d
SHA512 19e601c1b51601c1ccc202ce410a52d93ad980bfab11dcab829c642db331b70778a7ca377497a9b0742353ee14550098da8e401ebb4f640a9c8ee4f8fcc23a19

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 f6c6d6be4c6a5fd97097150e292d4962
SHA1 4d95aa4aafa1e4c7889834a83f3109970ba1a836
SHA256 b7606d13fe2e2a46c997abdd27bcfeb809f70f089bf2db354a7d55e038c81b24
SHA512 275560dfd1684786239e7a8fca470d7e221a2f0272bb5b8eee3a62a97e62efe36ad52b8054fa97179e0aec6a487df265a5d68c08eecee6cddc2c6aa65aa8c3b4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 7a5547ddcfdbe8aaa8a7bde2e36b25b4
SHA1 e24215d441105bc18deb6ef852397e754edc7526
SHA256 09ad228bbd5a12ac3e0c9674dbc8249280550a33058dd8155c1de9e67159674d
SHA512 eab22852ca1a80e73a8d067c53ab7df0671fa536146c5809aa15b34e6a7a5d86b4093417794e47bdd454990a990d362ce00f1be345e24b3515953419b755c83f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 2135f14b3702cc459c7be861824bb92a
SHA1 0ebf141dc7f4f76fdbef170abbeba3632ec99ccd
SHA256 e698c8a8bc027ebc375e91bc3a30e6e251c863e9d0f53db0b269a53ed980031a
SHA512 7be0ef9713a5840fe37d7c38cf6736dbbfc241b23bf6abc97461ba663ee6704db3d2d14da7600e38bab903a20786e81156c8a84278b73797cf53589fb889bba7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 a1d190b409bb4c30350861dddd3efd47
SHA1 4ff2e2c0b27caf46b454d48a37f022436a64f8dd
SHA256 3326c17e2330e4ff9b17afc518ea101d51b11c6a314863ab0787bfb2ba2cd792
SHA512 52cce59a0488d5fc4a8f4879222345c025ba2ddcabd07828108d2879a52a1681e59082e7094e80b4be4ec2c998f4cb782458eaf79b7d0b6af65ec92d07965ec6

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 f4d9ac7cc1f44d2e5f01048b74a56932
SHA1 c25fe43bf9c35492de6d205ed73d3b157cc5a2f2
SHA256 606f159086482498d6a0451f080a9b209a39ba6538a7c397a2faa5a8af28d304
SHA512 3b43edf44aaf4cbf008d802f36a0d3f745f6b32ac3171168f9bc3031ea8cbe276d0ebe8f037387a0bcab6e1013274d84af3bf9207c91469983d8e6c55ff1afe5

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 17b04b6f818da895685e87201160fe14
SHA1 6e4a6896b6379a241185eb686189bc635aaf2c2c
SHA256 11773056f8859d284f66cced29ff64c0b3f39a7c92677d82dc42e2fa06bc68a7
SHA512 8160d8a5b3077da4929b9058b32228ba7f6b65c4bdfd540082a131e19fdfbb3da8429ce6e431492cf01f6f9fd42af203f4c4bcbb65eb34e7ba10c60c3567104f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a0bc4bf769311fd3bc393b2dc68ca7e4
SHA1 f1080448ea2f3a1250ebf90f13d19f25589781b3
SHA256 81f2a3bbdbb01cdd3aaad040aa110b17a89e8e8846f9d0f6ed80b4450f02dee2
SHA512 ebeb25309d33ceede6245e884a38f37babfefbd6c5d37f432aac2e237d05ec1557fd71884429cc6cf9c0c6270b17ff0f543233e1523477077677f19ca507f6b6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 4f28f3a2a0ca2fe272d91eadd910a3ec
SHA1 a29e0a722cace7ceed0395e0defe547ca5756acf
SHA256 856b25a47c0c415c7c92c28ff70c48e74b610c93ca61db08ab0880d3d9b31069
SHA512 5b830e3aa7ae57cae47f5c9eeffc40766e29eb406565f4a95be878f86a24e6825f07c0027a5288c62aefa9ba26ea8a559f0006eca8f37bcc6c2bb548cd6a16f9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 9272d369f360197d0faa5fca55a433da
SHA1 7b64c3779e5381ffbeb7aa7ea41beb2bd5d8ed98
SHA256 7642bc5234c0948473fba0c29bc9fedc03ddeaa463e513f0c7399d7043368336
SHA512 7f4ddf50acecdd529f1064f6499bc47c5bcb0d1c129cdc66eb34c391c6b669ce0a8eede08b70288473615cd6f00043b5be039c5aef719dece4b7981a56747d33

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 35b0bfd4ef2cfca03675d0e9daee2256
SHA1 e7f0fce8e25dfbb4a0004e3c15776fd528baa7c0
SHA256 b8f11fbac3b530824e50e686adc3141ba82330c48dd8921f16e034137e187b00
SHA512 29a90b00bc82918fd837f7cb8742c8fbd874217a5844a99145f67342a867894d8e14f913feb5a750259bd52bb224fe17e3e253e84270a3d28617a4be4a042bcb