Malware Analysis Report

2025-01-18 20:40

Sample ID 241213-ktbybstjgx
Target eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118
SHA256 05727c011be355add7081833be82a806b3e3383c6042850bc14f426c1772e50c
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

05727c011be355add7081833be82a806b3e3383c6042850bc14f426c1772e50c

Threat Level: Known bad

The file eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2206) files with added filename extension

Renames multiple (2178) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 08:53

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 08:53

Reported

2024-12-13 08:55

Platform

win7-20240903-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe"

Signatures

Renames multiple (2206) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_neutral_b71dd3dadc5c3e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_neutral_fc4ebadff3a40ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14693_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_de-de_067ccc311d759f4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6d7185e7a86c929a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c992dbc0e2b8fcf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9ee17dcfad901389\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_918f040171f9e5cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehchhime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1beea3847e669739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-us-component_31bf3856ad364e35_6.1.7601.17514_none_b52573ad8e4c2d89\US-wp4.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\en-US\epgtos.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wordpad.resources_31bf3856ad364e35_6.1.7600.16385_it-it_95a964e94322127e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\inf\ServiceModelOperation 3.0.0.0\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_29826b65facd5de8\epgtos.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_6.1.7600.16385_it-it_72775e95c29ea40c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_edfd063ca192ad52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-video.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_92631b00d25c02a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-14.htm C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbvbda.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d6f047b42fef165d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\next_down.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\inf\BITS\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-10.htm C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_1439d69c93eb335d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netxfx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2be987dd5f0ba63a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.iismmc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f465ffed89709d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_64e79d5ed59ac593\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa8a6a99bd7fa887\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7600.16385_none_5094a717453be501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c1807d712cdfaa49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a26a3b2bf0a79de4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ba69506bb51ce5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..tigations.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_4a9432aaab5ec70c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ff8ccdd948084a9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_1964092586ab4352\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\ir_inter.wav C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-logon-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1d74d8e370a8d6d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sisraid2.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1b19615657897f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3910482e71b11e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-atl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fabae5f21ce3f6b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500.htm C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_es-es_74d22baa844a8668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..c-journal.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1455c5fd61329b57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_a7ca3e47560bf419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e883ac4543d94e67abd1c33191633865\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_51a9c0732ea27a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dfs-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d01b29b3f87f6f57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..w-dvdplay.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fed1f6cdf68a4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Audio\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_16272132ac0852bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-previous-static.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c6208a3e6353f33a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\whitemenu.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_6.1.7601.17514_it-it_6c4c25c99a715b3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7600.16385_none_bc743c4c6248bf52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05e99d037e04f79a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe,0" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TQEUHEWFJVXEXDL" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open\command C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2ff931b756ac45e6ff5f76137d70008e
SHA1 076c72b895648b9fc524b4c954057ae60597f54f
SHA256 e6cd0ec310309f6ed7e5e79eb2bd6a7a4db56e9f5680272d2793e74ef31f35aa
SHA512 f32745b84909309d178fa46b14000e1c8922bd87e087e16ba5f84df35ec3b4c45724c7ddefcfaf6238a42eaf1c83de4b4404c35ebe6823f3b471e03dd377a2ae

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 308196d000a45c48a3610bd27938821c
SHA1 345416e7a9e8fbf48b2efed546131d134febd825
SHA256 aea1aeac9a746dff68eac418536ccf03cdf5745a9f43d2329679aa303169d568
SHA512 246763902cd7aeb8f410be89e43be536bbd7470d8fd68ca0eacb7c03481814597d5a2eaae91e28a1ee1398786900e612a1c6644ddac5fcbafc8200f4aaee1736

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 6ce2f5ec082a3465c7dca28da77765c3
SHA1 df7f3f12f8807fc0d6de380cba159c0be5c98e6f
SHA256 a3765511707d631b87e69db1a92c22ff39311bdac7592c86456ab32f13eb608b
SHA512 dfb60b2d8798cdb54e4e39efd787337eb590ce4f16bb1948a653f841ddd09427eb7d34528e759c1620673329e7be0bfa81f814aee87ad2d4fb35dcf73b1d5226

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 a4113be0628a2b13655140284b967e62
SHA1 475d9a356512a54fe71c006d290ff7b51fe9692e
SHA256 0a2aa7cb01c27b9d8583146c40cd98801ace60bd56db4d42bf40cd4d72a622de
SHA512 d35f672a78073363a628961f75c7960bb2ce513dc43a97823101d484ed5a65089618fc6087fcd8719f9c11599c09b7eb8adb245189d66b57a80944a1944edb1f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 5af36daab13a5ddf7c868d2eb5bff321
SHA1 91889c90daef8652ad888b420c095f9954848fca
SHA256 9e3f963cdd0ab371ec8a0f50a1c5329ef39985ce7ea4070d0abea70d90eb5bf3
SHA512 2fee2f6152f6282dec433a5fa34ec6c26b38bc8dae05bef65c8f7aaf15c0fa8d1ab5040e9b6c42229bb8f2f98716d6e9dcab027e3778d4fba4d3e4afaacfd9a1

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 568153425d5dcb325fc24d6b90550042
SHA1 bc3bc67dd2fd58a68dfdaab42964fc38582437e2
SHA256 3a4b35679f58ab63964b00d0be4d2db08cc8a4a520e0bc8b767424dc4d49244b
SHA512 eed32c211df149afc292665ee8c97a14f8e5549b0fe48fc9b132f0dcff800fac72fc9c705e5242f44fc929b45786ca78b2b33834670d9725e65e32e426129dc2

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 c446dc793ab6eafac20e6c8c3c43f98a
SHA1 dd71a0d14c47e1c7956d6d9e360b0d48f465da8d
SHA256 88e8826bbad018379310814435749230cf78a218f1807a99d12b754618f550c5
SHA512 8ab2abff2c0dc54a8ff250ba1f3f75bbd16c9255c5436f9537f9b6dfcd68deac77766b5463af6a18ba89794adf77a9e73d9117ebc74a36a265a49ec32134f84f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 0afd35c14f5d5ca32bca3458cc3501b0
SHA1 3bda4b6992176c7061b63713868ec1a2ac518365
SHA256 03d3c17160f5fda44b711d2242dea1ffb146e840c4fcb870227b44e30614cbfa
SHA512 feee48fd0f98a9f004d1e69c8f6812d94f34e2cd043f79a677a72855a718431b0557c3af67d329c8d89365b31da402c6d23a38a351f4b874859b4a6b21a030f0

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 a117f5d23e1e420cd2e00065d0a37f6c
SHA1 371d963daac71cfd59b2937b2979fc966b3bc543
SHA256 784284adc481579b9197bfbcdaf67b9d9ab8a8490b060ce9c9194da3d75a445d
SHA512 43677ffdf541a7320d5be5d780d07e495aeba15961cd71574db1a3263ecd0d1c8ed45eb59ff76cb3c93484361eba2e97d7e9053da92fe76305c5a20502821e83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 9d2ae9c3a7ebd781c0e20721af656a3d
SHA1 e3f04ee0698358dac2b9529b88144633103a8c67
SHA256 61aa4c4a02cf25703474c1e4245ceb388f6f9ef4f1a4abb12526a1742e8c4d09
SHA512 14600426f43e6366779c34db5029339e48f0b9336c7aaa6b53b680c5a22bf662d1eb9fc45264d000fc1df36c3c05b17b0a507a54e494373e387e374a843e88e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 3d3d20597b37c3c05d1bdb723265771a
SHA1 e205ce6aa255e87e55c56f4a82274634da45e416
SHA256 204a0376acb82c2dcd98bd73b0d7b7cc3db90438c1c10be26618fc0c3e608915
SHA512 5b435cac32849b8c53726237efde9f7442d50eb2d858a0da191e31432681369b09ef03df9a1b3b1e400bc063e98e259030796e3653b2fa5ba18d6f6f4c24d11f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0feaaaabc2611069495d92c5cb1e1140
SHA1 1f3875143012c219c0985fc8b4999fd2430e3cd2
SHA256 3a3faf75d8973e0e5747933f49fc8db4506ea5b631eaec1a84701f56e529e4ce
SHA512 d70cd2f77b3ef8f62276873d940b7a6648c5f6b5239a7abb43d21ab1cd29ec5a9461f01d1538271053fe333a59378c1ef48759e8404af9231e4439c5581892a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b776145f701b31dd98464f08dc58b4d7
SHA1 0755ed07a4b289bb441d521c5b1b95837288416e
SHA256 4e3959a047864ec6bd7567390e38dd21271f7183d2bcd0698e48331f8da7ef3e
SHA512 05247e464cdca97d1dd222047a88a9e34f3a6bfe867e093a2f1b2823289de69f8cc618fbd11eded0c82be1e4bf31335d8c0c19c8883edb370b077230dac53566

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 4b270c31ce63ed963d9600de9db3c256
SHA1 f86205087216b22addb33cdb4e9a6e7f530f0212
SHA256 568bdd9cd54f0f21980da1d0155ef6a19e2667242858efda5c10fd9d1cb36e6b
SHA512 5494174ec7b33a6e0616597e4e5d15f04555c7eaa40176dc434df83ec35c58c0a0e3811e2c263dc9afdd08147bcfad3a7f9987318cabdc3663c734735a90e15f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 ecab79c3e6b0863d92a824b111ee7250
SHA1 21fdc54cfc4e9e774fc7bf9100f1e8c7c026d122
SHA256 f3462835712019dbb491f4559343641946647c46bfb6bd66ec279eb34b3cbd85
SHA512 de42473f7ab57a839b5bd60429be4e93135f1b13fdd4bc64204f8281cd37d4d1e104af092a368a7e1ef3562a178cd4edf37410f81f82d914a1d458cc0d3e7e78

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 c84f7e7b733e947fa1f8124c5ae4bb1d
SHA1 f094e8039c798a82bd11dded19bf3b987a1a07a4
SHA256 05884c2231d8ab5330fdd43aacde163b045d183c8d679e8da3816df6b91ebb48
SHA512 7ff3ae3d4a43c844e4afd4670781d9feef0f880809c539274608ff327c01106c39a30a87026d47ba3e859db97150de383eb91ccc6cf37e92f327734f45abef68

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 88c7a2432c104237df4ddf832f59ba40
SHA1 a7bf50b54f5991fffbb0229a77721e598f543306
SHA256 1a40d49753ae9f23deb93c71ba210afdb1146528cef9d088134e370ca28ecbe4
SHA512 44fa0678ad7137d113ff46cb06cdc7e7b1e3da296b3069c0149cf3b694393180b4e37449b2d9f08f750faaa8c5aad62988d954f8ce851adf81893c9be9f4c3f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 5e81083a08084b96c761930023de2739
SHA1 35d85ec858753cd7e3c17b6ed1362c7f19aa6070
SHA256 19726ec07450592603e16ac4cc9fa1617d3aa9de29ba9d246dfb8794816e8331
SHA512 d09d06158aea5bbe69862ed2dd80db28dab969f9ea1e8b5851d0a7c62e85e7286ffe5fcb2a1efd6af7023e22589248c213abc7ef5d1dbdcbf1bc305e46af147f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 16a21a157cd96c9377b2f41ba65caca2
SHA1 b366ddb7862b59be466401ac1a1f710bfa004c44
SHA256 dd824421294e444e1682527000d0eae915bcde394245105854ffecffe0937e06
SHA512 22ba7f9855313d7622f7427543eae83a6e51cfb789d3c3ccfcef226481b6d59b8a8557b43bdda6d23d17b08d6c0eef7e152194ba03bfcb7842289e7225a3da5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 d2e19cdcca6a24ea290083e9126f48b3
SHA1 bc5853b55f2a3fd81147f2e6ddcca2b5c1385d8b
SHA256 6084a85e13f9fa472edff6185d881029eef345a3ea138aaa8f597b18085cdd5c
SHA512 c06fb4baf9e52776e9fab6548e402c9086ccf0a1f2bcd5281f0972516c9bbe79a3312745bcb47a7c5879bfdc01e8c09f1d91c57a169160e275a36b25a3827545

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d86ab0e164e2ab9d5b7e6b78c06c15a2
SHA1 33258726d8e072ae3a2493a1ca31909474f05026
SHA256 487b88336600686b20e581763ba1b782c2afd55dea36b4d12078498ca468ad25
SHA512 b091260386dfd7db9f79b50359878bd629e6bcfc33ee03fdf4499dd2bb7988628c03cfe30259cc3c66e599c5d4d4664bd426dc9e31d4391dd1bfdca621ea21c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 b41473174f2bf665d4143ee74fd20ddf
SHA1 6421ae626f2dc8e73aee18252e28c22abcfd27d8
SHA256 5bbacc24e1c69bad7465b4e88fd4cafd2f3efb534e0e19dc5305943479834ea1
SHA512 f8f7d07f651bfef1fe44fc9db3a0e150dd2046e6aa7e813bfbe27a73e53f4d47f61f2051c11fda4eb936b7244e9c0749c17115eb80bc362ebe40bbada6c5d820

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 92fae5d83196912e1b0fe6da950980d7
SHA1 218bb9c74a827f807f857e8419aa37faa9f6abc0
SHA256 036096333db46906ecdcf54719f2a20a38d6abf968d2a67f95725e50ae537568
SHA512 64a2a3395c769202d10377a47aa0492ed1d150129389d49df53cfd74d3c97222832ddf69234ab6f1875af36fe29103ae15d200a39035d97bd80fb6a93d12ded2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 66b375206e4b28cbd00c010f87913257
SHA1 ea09dc7446d23b5ff790a180ffa929c25fd8af57
SHA256 eab18a05c2a9296f90bc9739bb1e9be79e921e37a4ee4577b8e07782bdc3a96d
SHA512 a2f5fd62441cd373a97345c6ce6f604f6bd546e8e24f22fb638daf7cda8118671c987e99f87117471a5cddd6a4ee502d92f807385e8118c7acd5d4fcc2bccf6d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f954ec48a5b53bbd0f47d07b34e34775
SHA1 bfdda052dd1cef63134bbbe76b577ac562fadff7
SHA256 b3d1a6db3ed3694cd4bcd34b00d868926bc9ef1c36b5effbc754ecee97ce2b49
SHA512 74701035445f01b7e7121696ce93bb09bdd64401a915e43394246d9c9b97450986bc0bd76b45c56611036142d67b8afe9bd986dd23db394d1edac8465d74844d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 774537dc17e29fb00225637059f74145
SHA1 5cf03a60639338eda34b1a53f9b00cdaa5ce3e84
SHA256 c0481b9224404fa9e33eb6dca83e163e4f8b7ee9e6e82360e06fce5f760ae33c
SHA512 c57692bdc8884db7919a91d061439cbee94b397ec8cceca59669798eb65b1667a2ad40af863d01f2b2daaed00581a7d7d0b1d20c66fbbd3b3d1654672d36874c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 de1e30394e9bb7b5c9390171e2edf08e
SHA1 be88bda4dfc5389d3c226057ef0a5020b283874b
SHA256 13a4bdff0e5a9099244ae0dd02a460676fc75357f22836ab2eaff6a58e41f35c
SHA512 e228c68c1eb0726e804a755d285b8613a2e0f79ebf9012e68556473249b7886a141ae070a9bb4d7491ef85712b66f148f0fb1e083ecb7e85b853eb6c828cedd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 6424921ff78b555f6799e103deb31d7e
SHA1 db44758675f2eadc31610a844737d3a504b16b4a
SHA256 3c2b8058b1c40c2d80609719d11ad0436cfbf80b904d30de10341e1c7b240deb
SHA512 13ee919e9d0a69bccdd325aac3dc07c824a9fc24abad3b48340d9bbcd7051a3cb9474168be1ef523f4b9b70003bf5124bec1e30804807a64e829ae17277690a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 78c1bcb57910ff4b6ced432155a9abe8
SHA1 0dd17e48e4b43218961f0edf3a86f9e968a00acb
SHA256 95f8408d60f0b4cb5db4e2f6f1fe97b0538d7499ec60ea9022ebd664469fc9f3
SHA512 8679498cb190e74d87e51e21c3cb82aacef080c737db84619593a955168ab1bea0e4f57f0619320ea89566e6d857fe09fa8709673006e84b1dd40f0899f90cf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 c57d22ee089c712099f9bcd380a49baf
SHA1 f7d0a1f2832f171e47fe9de5a284c3e5b9fcdd8f
SHA256 7733d65b45b18c1ffff27234eb2c4e70ea03ab7f37dbd9deb43ad06cf621d247
SHA512 e8400b141fffed2abb734d2c2263f83d894f50c823cb14312562649676de262fd5a68229f563c397a3ce4e082a64695235d1acbdbd8c8353c0c9f8e7a26983ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ebdd0bc1fd4ec4184c781637b30a544d
SHA1 f34ba9a99252bc9258f195d3a7e1a7d6ee4f0311
SHA256 eada0bb7de231e5dd6575b8e92ce490b6d0f86be36203067e6ce7dffdc924d64
SHA512 d88d000b933fbf917ed51190b611750b94847e3dc4aa48f0ea9c035315eac63cc88dfeb9534e09489fe33d09a192fde4bc9bbfaaa1a82dca5ef921006212b9cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f24397ecc74ed36cc9aa347e695e99c8
SHA1 401bce779a87a3509643d68c6cba9de1b6a8d0d4
SHA256 854f48970ad82c1a93817fbbffa83a6f53a94abc063e7948f4080eff93c85837
SHA512 fa94e5690400331eff6375aa102c640fe543796eb2efc8a6644b42188fc9a38d1f0741281cf5ad7de940e5328f0e3cab865681a0f58947b93f3b3a2754d963e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8ba2539f6724f27d79e3ff89ff4a1351
SHA1 ab7ea147017297c3af68e77766dc5f09a570cc8b
SHA256 c8ff0085acbe0f2c5d17718f15bf92998ada0d607d9d7d65add0075758978ffc
SHA512 1541850f24dae250195dc7f52f646c1a34ae5dba938525fd53c9fcb5a25fe2549e37ed8765b5d55990c41c172a03b5010365bad8d10ef9c28b92dcfbfb9bde54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 32fe44285a404de5141356572afc36c8
SHA1 8f58db298e51abe378bb58b7fea41110377d6e3f
SHA256 00ccf62046abbd8dbe6260dff598587a68044f77d8670c818b5b3b80b6e5b758
SHA512 2fd0d99a75187195af56d87101e7644a5c9e70e0e38aa2f92652073185d8ba980f41d4152af41cb2463656e8906bf43c8f0875b93b4629a3b2f818b438beeadb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 c58e8fc435c43a5aad3b7726b233c503
SHA1 86120cfde31e10c8454e28f4141f3bbf1ea08631
SHA256 b9bf5ce6cd39258f5c38d9b445177518ab5a4e0a06a9816604716ba16bee6421
SHA512 9cc8e2a6ee576c6b2f3bca25da7f507913bfcdd31d3a97ff50ec226628169ed78e8e94a67ff2783becb8ff94e6c73908a3bfe826da55a2ec6bfc4bfe18645f1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 01b97c877f11bcc4b41f0769be46afc6
SHA1 e0775396638e82991f4dfa6bc998d2483b1d504c
SHA256 c871112b5f495675660eaba44c324224cb30cf66d712c6b7b530320069067bfe
SHA512 f515a81f4372bb591225a03537c3c55097c964a839bae79c39c2efcea0cafd2317a96ed881ef2f701e0324d50d1307aa33a1a14d6dc03e64fe33b58fab52b121

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 5fcb56017c9936ceb4053a5ed7a851dd
SHA1 c79d8482d24e2975392ea9f3095bb67a42d2fd76
SHA256 a12b98372b25467d1458cc0131f6bc41926ff8c0a276404c63783c88fc2fe9e4
SHA512 4586bf4dc1c0c58040e53a7b9250b20e6ca352cf77dace83f804e512fba7e298fbf1d0e9ebf8b1121ba2a9600b8a82d17c2116e123347703dec9bfd191efe81d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 d2268c7e3bd7ee880fdbfbcbd23a0011
SHA1 5ee5fb24cd4654af1a1c03e32b236697fbdf9541
SHA256 d1eb2091017ea41e8d21ca2fbf74dbec0a44db362910e0d01560e62bd787182a
SHA512 b743db5be94765ea08412390cd9eed83fc640a4866657de471e318b9c71782a698455f74114493ad1167c10f2d734c64474cc85b11ecbabc2517afcfed55811e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 48bb3b19e0eb7c7d76e234cfc7d098e4
SHA1 0a38d25464bf877114cf69b02fe72579919cbb7f
SHA256 faa47f78ec1f4d00f8ad0781d70fef89fe7a7a9d7e90b8803d96683c5615ee27
SHA512 225da66240a69e17287f17d8c27fe0be6baa1ae1e9ae238a01b9630b6f0dd40805f19f410b5a7eff6ca85170507bee8a03c722dbef62ad58bfd8243c3424a2be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 bccf83e2454583dc9486694088fa04e4
SHA1 cab54ecb4352737ce10abdbce72aee443c7d70cf
SHA256 3862ab44d5225230e499d3b3aabcde09d2ee08cfef841b5a72c71cd16cc697a7
SHA512 54f0cc233cd9616bf37f3bf71f16a8dd43861b63d19c8d44a501290ae03d09f187cce7421035abf9b492ab90f5d3c3d22252a06efaf714cb7c234b8cc5106cc4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 133b9f441b638c24319f997f469b7a91
SHA1 1777c622904247ec93dc9869ccdc9ab350a5faf5
SHA256 d2d832917fd886f3ebbe1768e630b33065aa8115bfaab8305ec696a31538cf1c
SHA512 6d12d901a14253d9c2051ac6fc6b39a63e274a294e61107536f77c2e1e368e622b26f2e4c9c670aebe6bcb8668c07c63052d9a3f32181ef85da535cbe65d4edc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f84fd5cf6984b26f21b91765048baac0
SHA1 802845d117899bb81e8b09c4b5f3ad5f4c9ff6f5
SHA256 f49e0b25ec6acc63a1e7c564519d1a4f9327d60cc0ff291a6d8be2ac88bd0b70
SHA512 986975469fbcc181b4cab718aad3c5e4ff03da57d602d743a713efdbb3521c296808b977b601f84d73f75744ff4c2e2c2bc96a284bed5fc00e5f3e9a1362abbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 5541a77b2570c15edb5f0e158d083d53
SHA1 b16369ccea1f112d984e197cb380dafd4289d58d
SHA256 41dd7c1a78cf58ed82e963b28d5e8be1df942040e34c358cfe9777c2022e00c0
SHA512 a530de0e7164acb35d6717d3e2d26ff38d61d788f1ad3272888b627debe468448ff366961256dd92a91934d61e22ffd8272ef862c7b4d9948901259e0a821f36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 d8c66f6725632d7c47487b8306f398ab
SHA1 1078fe964b4448a382cb4567a396c6e20a0c6ef3
SHA256 75a500b3b0521786c63b1dab41c29024a32d9883520fffcfc6ba92641faa17e7
SHA512 332f8d2770e96f8e99f5ec95284707543d4fff36888a660bf77be76a6fe4e6ba7b4bbaa58ba8318508e5f39eec05d6978a4e4de3c8ac021b1a773e584f056314

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 2b9e4ef9cfc7b3c1446a1342830d333f
SHA1 bc2821edf001f0bbc38765b1e51bf083e2e51ede
SHA256 e2da8866205b9049a0687f3f6bc4f432ba695605be464c03e95c9aec7621d2f4
SHA512 6e5e969d3ebf7e53463c219e7b878232b7d8a8b72d8add49f4e4be8025cfe7b3986be70fc9282fe1829e000f398c53188dbdf88f62b70a506e9fe353c8137ee6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 9d2fa8b6159039511996b8bf46941e1a
SHA1 7bbd89a281e086100bc10b8d53fe61dde5f53b48
SHA256 51532a084cf6128fd851a7264d21dc09595503bc18efc9770e31ff77096fd5ff
SHA512 3bed7c813f7649bc99591220b68809d1e80573b0ab02e88260f8edad5e1e7178eb8954c2dca7e10a28dd762590847fe6a73d233c8867a650d62d231fa07aefd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 2d7a73fdf07ed69e553041e56ef54db5
SHA1 42568d12be7ec21ad3acf9b4199ce1eeeb243125
SHA256 e4f23bad197d607204c8645925c8f62d6a804f7d5fedadc416d7ad4faa964511
SHA512 8a33467e6dab3e13a7eb2acd0812963bc5386c9fca94c7775c6f504edf21142bde753f4b65fc3c98b334c163faf138716aaaab13034a2a55b0c6a837899d3f75

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 8d7a4b521acca81678fc11861b765e16
SHA1 ca7a1265fb34e33162ec89abf01017811065a7f3
SHA256 7562dac9fddb74da177d4de90471b8c12d535d43745fbc221b3b5e53fd1cd811
SHA512 2b7a38328c28a86d5a9da4c9defa4f2ace7fb9b44cb97203b6e0f36e4c3d8243f16592b257b2f2137fe89284be6d4d2beaf4a40163b00f1e501d6f98984223ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b7fcb535d29043c4c1e9339a41f86230
SHA1 9b58c1d6de5c3adc2c6fdea07b2944fa3ab23f4c
SHA256 ed49028df3c63d6fac5bff5d5230c024eccbb31f1bc64d0c9813f110121cec2f
SHA512 c47c6be3558f645916b28bae66fc90b8c6f011888db19d4db5e3583d6b6067c4c69fde48c9d8a121bba4e34fbb841c78a5c9588227c51b15e30604615bd0665b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 410e64be2fdfd5fee0860e1288dc9d89
SHA1 fb5c3aba9327020310dc3f7ebda773e90519f5df
SHA256 3dd4160c82d884d719158959fb3dbc9179cac4cf392f77434e4c18050e6caf60
SHA512 547a21dc5c713fe6f7253bc5b3c3e3bbf4413d5d119d52c4c6c6fc8bdae2c784afd2de075f3d06a6011d0c668747e2f16d3cc7aaa4d199717cb847c1d6161f28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 f3a05a3598ef2f82ecd73e7a13e56a06
SHA1 6276a8638119048d7c8b8461e6e0d0a87bd4e1ae
SHA256 0d9c064233193afa47f71d8037d10153ef2ce30cbb4cb005a14edc289ebefaa3
SHA512 8418ac2361bbac05e8c6c877acf641df4a8e10d32bde2d712f8407e8a2bae106e877877f08372ddcc93b050e72a7a1089fab331608595983f1ee9f6ac36080f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 6e95480f9384730c13d8285134a75c9a
SHA1 fe0952904ede42035bab9153c28dcf42b3d7822b
SHA256 ba5bfd88e42137a5d2610175b87fa57b094edbd304cc94deb6dc668e2b94a91a
SHA512 5919d5d2a1877aceeba7527d1ef93f44bd08e7d8843dcd1c918f30e6018178cd93242d8d72fd0df5135fbf07e979aa8fc92ec4175475ffeaf047b4c210b284de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 d46d1aa54cbad2c3303a29e6d9e0c3fa
SHA1 1daaa820197dcfacfaa1af24e1791b4c9b99eb0f
SHA256 e992702dd1a59753694d533a145fc8c11ce5eea376e155f5a6835c4431d7ef19
SHA512 0d9588afaca78e28c1b2224673d6ce87c5391b901434ceb8c1f1150457069a35ec81408e91332f715ef5b7fb6609588df215ac0132f946021a2952ab43e41ac5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 ede5c1711e585584e7ff773698579847
SHA1 ec4f9e92a39cd66f44c87d02fc5f35992be52edd
SHA256 96bd15cb30ceb64a151daa980c2620b3ed532425ebd6e523be3b1a6b7c11044f
SHA512 e6b45992b715cd6b87728f66d9d5561ba1fa7214226bb7ad16b0c042131f7b5b3ded9e7cb618c18347a44e29a65f7b61cbd2d06f36e28ced5f2ae832241075c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 e268d3f7e16de9a494bfdcbaaba7ebe7
SHA1 0e97642db0f2829e899d905f88ca544dec46efdf
SHA256 ba7e7f04cc58e9d4564b0a0d5014fb9f5981d4b0d3996a572522fafe2ec6e743
SHA512 4f40072f83ea332c7aba20635303ee56c2a9fd8195b1cc605907304093f9d7071807b75c27ad320cff532ff3b27268054a12f6a136850150786678320ff71b37

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 9657814cb68a14e9db9ed00fa2efc981
SHA1 5db3fd02576ac4f353b17c9a5ccead8a68d8b95f
SHA256 bd945031f66cc3ce157b30c62416c4d9d9234ebdc18576cc96cd96fd9a33a3df
SHA512 ae886d79a0ed73558c53b661d2b00eca95ec2889eb15a833feb71f619938c3bf960ae2ad10cb3ba20ed4a493448f1d3f241894b8e80af91374d0a26eca2151fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 173d17ab79f07b18c932bcf8d50cfc6f
SHA1 8cd17b54657938f9d9627a4c4f47b76252c4381e
SHA256 f03970ac16cb97bd13c07364075abc54695ff2e3f643ada7638339ba46f1451d
SHA512 a9b6d649cced25ba4d030d46972fee18e3b9bc5f6fce4d1f2c15b126762dd8f94338acb2e890f13997743409301658a020663a946295f9bc81137c989286ac9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 d0f760025a9b83ee2593ed604df89890
SHA1 302840d3c3319653f100c6f32859e2371077f30f
SHA256 4fba4d5acd782caed0aa6dea3751ad90619abc033a353d6af9e9b4be6081e938
SHA512 99afb31bcc8f7321a5cbd6b3c2c8d704d315aac7dafbb0e20d45251120cb9b0ac23c3a89d1dd9e2a0511f74af63bbf3f63d654cb60bd08e7555ff3ad2c340040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 5c92528e7955b5df58f4333858997523
SHA1 af5a74de0578db13c512bab4aca3574806d018e2
SHA256 2cfa4d2b425a836c7279da14fcbfcd61d4ced3f48f9faf37fa59c2fc2ed5410d
SHA512 3b406750c1e6c6e6e9a035850ba75c101ebc10f98acef2860a76d9fbcad90e1659479c1688c577c482c096738c6772647529d64abac394ba25c1a5c07fab87ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 9c86f2c98bdf3c32c120eb2a8be372a0
SHA1 dcb3c895062bc96e7841082d85d15b8444aab9c0
SHA256 0886ca4b255d9cd3301bb2b9798cf3a572f96ed75d07510bf0d9d735cac4f309
SHA512 5267afde828d73394d13b61e6ea95b30d60524d30f4377174844d285a4253fb1eb92124973155508b403a6064cf4fd5e82b7e2c8fcbef8de17062b7025702234

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 15c1fdaf45b4367a3b8b8462be64b8e1
SHA1 30a10bad5b7a2466b032eb1742893a3373733739
SHA256 8b8de23d0b12084812419d5183beac35c30c2f962e2d1e43dfbb2f1c204ba0b1
SHA512 39e531991df5eeb0ad34e52415ca2ff2fd6b48d6c0bd39aa3d22484a2deac069313934de36cabc944fa0e57920b51fe9279f0be024d40f405b25818cfa845872

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 174b1f5af94dd46f910d5b83748dab04
SHA1 3ed6fff0c13679dbbe660094272bc04a7fa7ecca
SHA256 0ca146497c3eef92028b113e28adc9bd2768a3dbd2d551ef637d24acc638f04e
SHA512 bf05632caf4229155d28932aec395bcb07c789ac6c08be822ce73d837a22c14fb3b2f77d745390cf9911ec467add8bcf8bfa52c326a95963284950a7965d5f20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 7217dd6634805837c5dbf54fdc8123fd
SHA1 918867cfc7fbbbede446b0ced3b9c1192d2f0424
SHA256 773bc437bbe41a809aeb09bade49c563cf6744c1195b048ec6433552f8773690
SHA512 72aac8e68df582904242f06726b74030c295c4b5da629b4d8d7e05ff74dbcf68b9079452254af6eee3ff67c5d5f1120216bb1a956747fd66ca31a6be4169cb64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 ff0acfd77652a2a2c753d03706cc7112
SHA1 9a449fc12ec339f57da4655213d68a404532b6e2
SHA256 1be8cc8cfc1a6c37ea424b10fde89ed37c324f3cbb2ba4c31651d3755e37b55d
SHA512 5cc1c09acf97ef899aaca929a3c2d2a5effe7b9b6d718fa01ca328a746b0b248054fb62a9193b9cffa6aba1fc7d606b7c40644e3c6cdb3a6263b370e122bc5d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 114ec7c3af47fc89c8ff13c60effb077
SHA1 b438597fa4e6f0bbfce483b07b0855398b4936c5
SHA256 85e71e9c461e6ffcd3dbfa841aa35f26021208f51ca66e86f042cfd5373ece18
SHA512 6b50a263d455160c2e8d365225554bdd3c6d1e5659dc33954cc21b27d4b2c574c040c7d3a19aa798ad1802850bddc1cbb26b1f98d6a9ec6dd4d4db8d0be00051

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 e423bc3dfb65b3bee708b2dac9becd46
SHA1 935705c26e4fd21dec74790eb610d4aa36e560a7
SHA256 05c45d58d347eca6e8284128b178c1ea44843d192d308c4ee3b28877a8ac3672
SHA512 462b71f3fef30c5d10d42c681690aa5e1f535face4702e61dcc78d3a345ffad0b36ce502af01af8b05ad7fdbd6719de0469523a63ba77bd0b6683d8dc4b90c20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 56c30d8f838174add62475e9218dd956
SHA1 440bc59a423da8fbdd368182678e9406d617a3f1
SHA256 2587da7712753843e036cda181e6bfc5c3f92fbb2b2c5e827ac4f42bf19edb15
SHA512 268f67b76407dd1c7fe70499fec2fcb4b07fd719f403414588cde53fba879f484b13bc3899fbee0f3bad5ddbab5ee9335b06d9ff3e3d5b342cd35229c1f6f999

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d28d4439762289384f84df31844d3c7f
SHA1 06595fcae3992dd070b6e8b3b01f7ecca4c274cc
SHA256 f6b8141c391037333757ef0a09ead0a686c083f737d621c37f7fe9dc42d9d059
SHA512 b9f726eefb18d28bb6145cb5b44f389c4ff0f29f7745e76055a1b151417cc68d31db592866c9c0762e2a612f0fa8658d95545eb71e75815ec9cf41f7a5e1ed2f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 eb2de057b857811517d3aa6bfaaa50a1
SHA1 489e3fd7ac9a56a18296f786082be67156fabd7e
SHA256 0ea5d7d24bb5f7d06757372e1978ffa1f6910e1633e35d9be755e8f2f9d196ff
SHA512 4b439af49b91228a8a5670f3ab5213d851b69189313f5af5bf4796b4623f21de53313f0601fa1ffb547d0f68c81abba86987cfe221a96b38186407208076e94a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 9db841ae6ecc42d80327706c557de779
SHA1 5fe066dac83461b3acf3e1c7148d54b6c3788adb
SHA256 b6d5dc21b793b9261270d10d31796bfe92abd9e8c5aad494f721e5e95adf8033
SHA512 d7d51fa282750e43d22071f8e7e9c73b8f3b7e1aefef5d6ab10fa663911c6f79416578dca59d08e1922e7504ed496fb9d204c835c25d438c4dd26775a9060272

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e790e800e0d231443c09231f98cabcd0
SHA1 71db28074616f71714511ecb45b97c9c95d17557
SHA256 841607e808e9dbc3b8002918d1c2a1b6b1198efc6cc097e46ffb466bc79315f2
SHA512 f2eb7b7993845fa3b38a9a8bc46e5c5eeae01154679314b04641bd6b476f312cfe4593dea8f4579d28e6194fe0dedc36e417da5d9f547efde2cad0e81e6468b0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 058e87aee6607fc8551ad62d3e82f6cd
SHA1 0c7009965b154da5d724bda8b2e418e7ca7d58c3
SHA256 c51acaecaaa67bc6873eb75fcc1c7e8862aa4ad96f894ce1d5c094589fccc4bb
SHA512 e38c6444c299be43c90feb5e4ee524501c8e81bc91adec5dabc0e3d5f3a8a2ce295bc2a9480cc5ed528c876f0081c59f085e6065fdfd3261b7aaef15eac742c1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 9dfcda4ae06e6fc277da3de6e60ab091
SHA1 00dd086850789e542ab9b3829340db434ce7521d
SHA256 325e085cbd5cfe05e95299a824e4c0ac9b0a38cb59885a85c030162b375fc2d4
SHA512 6352fb3dd9e69758d470580aae87441d59fdf30d1ee40e7d6ff30d624ab627b5178ef5e307f481c94d32335f3a34785d5ab16535bf1545c497affd705ad4fd5f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 a2e48459de55af07530f8a31911b6596
SHA1 c5dd7d39cc509a6c15f77e3a9e904b87463c1191
SHA256 e48fc5e9a76ecf80f24985248b1c198f2416253c7ddf000c64af7594aed7fe36
SHA512 f604c9592dd77eb14a32fad59670c1e81ac9f07924e3b0040972c82e72935d51f0302f94b9b025c94250f0106fc335f0212f73c26f2f25f517d39f3d3b9fa9c3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 2ac7f97a61c52d664f0295b12f1e4612
SHA1 8efc8eb971e41be2d6886bcba1a5e9093fa8e26b
SHA256 3ae13e70f3481d974122504d70acb6889427c71181b680307490079171003b4e
SHA512 cab0fa2ff31f1ed50515965c5b41b6be53915b32466aeca7a96c5fa2d42e957d6fc58cf6d76e1d14eb74f222198b0bb669dcd5844ca0a20730649db773b32fa4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6c41c04d6b8cb360401875ce57603a6d
SHA1 2f460effe6410e809948e3741ddc94e740b88f98
SHA256 624a502a968febaffaeeed711ccb390773d64be7d99ec395f6ef2da88ffaf151
SHA512 319a3ced4d0ac1a72bcc842da520d7c9498a23aeb84c13f477191ce7874209767cb96af34d1d72941cbe3e55d57f1f0107ac48e2d3413c9397a3970464b40eb9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 cb7a7931f428df709956f6bd09f08517
SHA1 b25afc44dd87767735dc96dd20c64ed993ee3bab
SHA256 f2f516ba455afc9f4a12bbb03396d6cff7a3636a5f0b1384ccd7ef074d9ef9cf
SHA512 7454ddc6305bfc15fe059e81adb40cb1868270c8b0ad79e2774c1acfc87f036e22e313fd9adb3675b2891dc2d0dadc77a56c82fc29bd771396e123bf8761022d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 aa03b4f759516273885fa0b4cbd8fcd1
SHA1 c9af30a40eeae1dba53b4dececb32f32409a070a
SHA256 9cc25b779a124e98c3967a6a6052f8a5dbae9e2dd0364f563cc306e7676f8998
SHA512 22217fde0720a287865818f2c82f49601a29f2576a55e15cc0ab72dce94b5a66b9b0d91130fd7ec45aa5d407bd74073445f6393202299903f57a93e78bf44e19

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d427affa7f97fe2f30a1d32cf1753181
SHA1 78f5c1eb2a3064bfa34ca646bb534c586de35f50
SHA256 16491f5ca7c99835eebd2d6cd857635d39436a730669322e90ef201fa7731ebb
SHA512 4bca2df04932b27b70002f8925ed89611f70b3f9d2054b998a05a1e1996cb175de2a1a0ba0b8b70da467db43ab27f8f70d34498693a14de010d132d46e57598d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 83c5bafd0de674e89d0c38bb7f19f4b0
SHA1 c5e94a9f82ce4468532ce37b7d4c2344d1ad4791
SHA256 27e9bc80e1a63e1859d0cd757beaf93eab00ba45baebd7f703fa26debe43ef55
SHA512 1eb33f33cf5319d37aae7e477e0848e38046bccd71298c17f5d312732a2061c8c9cdf2959cf9b6bf42b06c15fb9e970ae9eed6989d9927a50f49e0f0ef0d7046

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 08:53

Reported

2024-12-13 08:55

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe"

Signatures

Renames multiple (2178) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_biometric.inf_amd64_edc558d403ab30c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fdc.inf_amd64_fe3599e7eac09e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_timesync.inf_amd64_aa4bfe1897922114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125_contrast-high.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\9px.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\temporary_multiselect_24.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\farewell.jpg C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_remove_tool.mp4 C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-400.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\151.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_LRG.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-250.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\Movie-TVStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MusicStoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\StopReproTraceIcon-glyph-e916.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_6eef9270869f539d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..settingsenvironment_31bf3856ad364e35_10.0.19041.1266_none_00391982e430c025\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1266_none_14b8c34dbc1df417\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ratorschedulertasks_31bf3856ad364e35_10.0.19041.1_none_373f3db2af841e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\unifiedEnrollmentProgress.html C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\ScreenClipping\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_10.0.19041.1_de-de_115e3c7930ed0747\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a329abc1128d63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directx-dxdiagndll_31bf3856ad364e35_10.0.19041.928_none_9e9e408251c787a9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wab-app_31bf3856ad364e35_10.0.19041.1_none_02ef1556ab50e6d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\CellularToast.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\401-5.htm C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\tree_icons.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.19041.84_none_dc38e61c21c1b710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_b6b0c2e496a2db80\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_10.0.19041.1_none_0c2491a439f55f8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ingshandlers-region_31bf3856ad364e35_10.0.19041.1081_none_1830f07005c2525e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\f\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.filesystem.driveinfo_b03f5f7f11d50a3a_4.0.15805.0_none_20268668c5582045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0bef72ece9f0005a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_1dc37c5bd1e4ad66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..ponents-mdac-sqlwoa_31bf3856ad364e35_10.0.19041.1_none_73537a6854750989\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\InputSystemToastIcon.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_nb-no_e0132477454b2a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-microsoft_vsa_tlb_b03f5f7f11d50a3a_10.0.19041.1_none_8b13e4aa62a419bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_a91c7b19ecb3924a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\tabclose.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_10.0.19041.630_none_57ca0a77efb2334c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_448fa1ed64ad6da2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-certcredprovider-dll_31bf3856ad364e35_10.0.19041.1_none_60fe3ad7eec35771\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-game..scription-component_31bf3856ad364e35_10.0.19041.746_none_96020d9c6674d6a1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.153_none_7021b9937a60f661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.15805.0_none_be984aad4cfbc2f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-npiv.resources_31bf3856ad364e35_10.0.19041.1_en-us_92f19536f153ce43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-provisioningxml_31bf3856ad364e35_10.0.19041.1202_none_7c6ab7a8e8712a09\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_gen.htm C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.1_none_f06f63ba929fc72f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-angle_31bf3856ad364e35_10.0.19041.1_none_23f192ec1e5d7b7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1023_none_c9dbfa256e864692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Outlook.Theme-Dark_Scale-250.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..agnostics.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d10b91e1120e581d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_10.0.19041.1_none_9e16129b03037c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.19041.1151_none_b46b739f71bbb8b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..provision-framework_31bf3856ad364e35_10.0.19041.1_none_1b184e58a3702f94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Light_Scale-125.png C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b0e3802c7509fc2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pt-br_1eeb72850502686a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_adbc089469a13870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-networking-..e-windows-component_31bf3856ad364e35_10.0.19041.1_none_bbf3b27114f29f94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_es-es_5271e4fe1d5d533b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_dc22c8f6a2b16b3e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-l..layserver.resources_31bf3856ad364e35_10.0.19041.1_de-de_6bb3e75033baec07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nager-runtimeserver_31bf3856ad364e35_10.0.19041.264_none_3a70ff62ff294b67\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1fea7e4c08c4304d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TQEUHEWFJVXEXDL" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe,0" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open\command C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TQEUHEWFJVXEXDL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvu40GibjG6QKIo.exe" C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\eaba1ae7456f1a50c16a6762371e0bee_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 218.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2ff931b756ac45e6ff5f76137d70008e
SHA1 076c72b895648b9fc524b4c954057ae60597f54f
SHA256 e6cd0ec310309f6ed7e5e79eb2bd6a7a4db56e9f5680272d2793e74ef31f35aa
SHA512 f32745b84909309d178fa46b14000e1c8922bd87e087e16ba5f84df35ec3b4c45724c7ddefcfaf6238a42eaf1c83de4b4404c35ebe6823f3b471e03dd377a2ae

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 308196d000a45c48a3610bd27938821c
SHA1 345416e7a9e8fbf48b2efed546131d134febd825
SHA256 aea1aeac9a746dff68eac418536ccf03cdf5745a9f43d2329679aa303169d568
SHA512 246763902cd7aeb8f410be89e43be536bbd7470d8fd68ca0eacb7c03481814597d5a2eaae91e28a1ee1398786900e612a1c6644ddac5fcbafc8200f4aaee1736

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 9122ba7946af070febb6a35a4410b0eb
SHA1 c20f78ad16dd91effc54a5f5438472c54e76ea44
SHA256 7ae469821a0d47868a8566d4e09b8bae27677c71e0eb453aa299074d82751fee
SHA512 50f99ccb09a5fc204fd4d54f0956492c910caf5c9cfafeba26e2f46b4969c10411f3c9c8e1347e7620e14689d0bacf46b09b1ea3f3620ed0406ff446f8a2fcb9

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 057bfd73ab68bce2f0540596539be4d3
SHA1 a8a91791d3c6f1969f7c9e0b424f4089896e5588
SHA256 7510d48299583faf9d58077e8058effad2efb068654181c07019b11761874bd4
SHA512 4cbfcbb040ebeec9c6ea6e5a2043b9971c8359225da04ab6bc15ba5c28549ecc76a58ee585208aaa1b36d5fe559c90194a4ef22996fecfec4f9a21af8b963ab5

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 afa91c30cc3bbb783a7fbeb6a2824a74
SHA1 30b63ee86c911e3068261145a9bae555738421b8
SHA256 2c3ca14d9c07ea0d16ba1f233cd417a806fd93094f70219c37c379e020a54a74
SHA512 98d17f5c0a28446bd1156c8e3552a04c696d34204366ffb27a685cf1eb0515a727119481d73f7c7ef9e88aec288d8177bdd6454cb8ad09406cd0fa8b1941b86a

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 319961e45639d50238ba171976432ea5
SHA1 99acc67ff6ef14fca74c4b6cdf44128bf13efd88
SHA256 575e5aea178a81fbb3d3b6df07be528a8ab401ca23d4964ddc87b5791f7697bb
SHA512 6abc27c7475e9850903ba917f36a7e0987d438f904b48b541169a9f3b1dace0d8f65f2742e0227654b13574eb83b189970ed0f4406d798af10823e2ae2fb8299

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 64c2fcb392bf790a20366a407bb6fc1e
SHA1 d41dc60fbc505d5e53943c09f171c98008fb46c6
SHA256 b992fbf54315a1a7f02ce0a55e783e1e0afaa8bbef09960b1ca01cd205c2b285
SHA512 719eba710016981826c7edeee37e46d052859ea990b582f45e356b2fd27ae7cd93710c9e74e45af7b4042ade4441011d6648659d60bbeb506de7b751aaf015f0

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d03707eb86eddb9234438521aad7f327
SHA1 81685b11cfa1a541b19db0f8624376fb7cf235a7
SHA256 ad6c3d53b033fb4776259c62aadd9c0334eccbc35028ddca17c38611e78c0e3b
SHA512 4ec68ed0a76c1a2457661ed2ccb3289a072b829d009d07a678d4cfb37a476751cb6db2a76ea4c4346478b85a04b2b16e896428d9683c8f95ba350c44c28771db

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 e5aa024de5705c64fdfffe5805342bd9
SHA1 007dc2cfd7351ff3478a74a5b86387fc8b9c7d42
SHA256 943385f334dbcb970b579e5df6ded978990ea5af25da27c9281374084787e966
SHA512 fa069b7b26a19ced701293ac23fa9e09ea61dcba2b6953c7cc5022fc9da17e68e45fea8f981656c604a615a6873b68658c622508e81037c4ab62c59ca64d15fe

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 e216494d41ec14970cbc39f304c50c08
SHA1 14c809d7cf9e1e0c4bd05f57d5386841c26dc714
SHA256 645a4cd8c781b97d6cdab9de44a5bce90e0c49901b8fafe4e82233bdd277fb6e
SHA512 eff6924940aad9b1b819400208d327aa465bb4283248f808f4bb60f42db357435b43d0e52763ffeb21b1346c22e79aea795514502d7fb5753abb0c8b59359052

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 82d85c6d018c16c4158c2b18c997686e
SHA1 eed578088bb12e8e1347a0f17776eaac836146f4
SHA256 6cc6cc36788fb45d83c75f4570c975a4ad03221a61d64e767b3f59ebeec24a14
SHA512 6b654726edf859e0db5bb15edbaaa48b3816c37851bf929f6264782173cc2edb04d56600079d95ea1f9d1c18d48d2e2ec652c88b81e725b1467c3dd348d62150

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.EnCiPhErEd

MD5 b63b591dc4f68edd9c033af2c18ddb51
SHA1 bc0b072bf672d859112030f50e4c17344bc8212a
SHA256 f581d7d88a3f68a88ec15a9a14fba82a8ed78ecffe3d28d61f84a6a3128ee329
SHA512 dd522cb02e7d0702df9f3e83ce74008206a598667614dcdfd31405e9e876ad9dfffb685f2b83794320a20aa804392b4751302f3551aff7b004dfa3947e63a391

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 568a0e9214a57187ea2d446300314563
SHA1 044235bad57624e641dc687e4228af75d06ba9d5
SHA256 e8e79fc1d16a5846418019d9359df4903feb98e15575f3fc8f2498d428fef392
SHA512 9f5fd1a0f7493fd4c9549cee5f5c3f5ca79b359a5e82d678e93041e512559ccb0fc072476919e1f2af3d2f7b91f7c1a82db9fd83d779777c93cd1c95df00605a

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 970d9e70f2dd7127b49358a429d86aa2
SHA1 ad7bb16d70a6e0ea6893649f294837901f65b3f7
SHA256 abcc997e6e688f4d0e9f9264d4c58e5226c0a5733861d5e84fbbec2040ec616a
SHA512 f07d15693a62da5e8254b73d0592234db2d18843025b49d8d94a928da1afaa2d2c65037c800f31f868a29743532342a58d025379c79b5f6f76d99b5a76ece498

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 2b6378117c5a7ae2650dd99f23620164
SHA1 eec76e3b37b898b011d944c281d3b26c8173c49f
SHA256 cca4336db1b67fee8b781f33154a465662c9312637a54ecccf0bfe81d873923b
SHA512 bad221cc1ee4da142653edf5abf222a81219f01f6a0f1dd592f83baeacf33fa60752dd77a312e501f5bf3a6f381aca465c480b8be732084b69e75b198326be9b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 bc2c2fb18d44ab0cfad4340ab2bd114e
SHA1 2a2771ad1c8b1bbf708490bf3a025e4382ff82c6
SHA256 2e64240ef89412c70dc0150bfd6186a43d2eac2c853e1dde528e93e16cd9447d
SHA512 7e74649959a327ba6ab46b44a8e1941c3ca853222bbfe1f9a9a7a2c5a9ba8ad9613feef8527beec716d3bafeca83f5a79e186323583993bf4b7f9d080e1cc495

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 3eaca119b48ad788baa189fb7090aecd
SHA1 dc7a4361bf18f60a79c646cc60b6964d735bb0d3
SHA256 bfd4433c743b65cc4ae54122eb5acf27c2514120453f57e4fef8cdd41ecc3d44
SHA512 d5fcd1d0aae3460c7f6ad06e8e15589d80e444b3f8e44dbb5a7a397b5e5363e0adca1d1a0b363a68744ac9aa8fa27ab94b985a053633b77d4d76c51d4bc67685

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 a896f40c700e017604baf769bdb43742
SHA1 d954ba27bde79a0b9c3f3976067f7667c6a0a0c7
SHA256 fef5afb9999165fa0aab8514ae1ce5fd02ea831b6f117d8bd817feb78bbb8070
SHA512 db7ee13780ccbf60cd7dd63965302a91229f9d6823a627bbf7c3b1e8d6ab9caf5be360cf1fe86c7cfa19b85415414f94b2f354468255c3de38c053e99830b994

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 dd4474655b6b53f985bacf0084c06600
SHA1 8879b102b615d86a24d5a024ad69f7ef092c516a
SHA256 ae11bdb80d387cb592cb25785ad8e61363d72562ac05cae6be1c24fcf0d19ef8
SHA512 093227ed7fda66fb8a9d44a815986aa1cccf5065e7bd27d9e8fa70ccc7a617869ed8ec5f0b5b1adc8db68a34a0fdd4fa212cc93077b72c30fca209c3e477011f

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 6e04b831cfda0694245e4a2222a3fa5a
SHA1 e0e4f1035ebe1dd71c850c8e953ea034e7d2d00b
SHA256 245f06c2b646210ff97279cfddce285924c431e380a245e165fe7b969a2ebef3
SHA512 8d5940c199195fe704952d020f08f7ca7702b0b1379338756b7bf553b0356035b0e2957594c9952be4db16c95ac6b5930b6ebeac3e77179a942b90003c458e94

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 66a00d360bd01128cbbb2ad199f98b68
SHA1 fbb89cf25bcee986c2681c61d3bb646fe9ce80a8
SHA256 289484faf1488eb98bb28739b0760e89d928df19a0177c62ec9e39a69effc353
SHA512 055f5cbb7778f6a14002fdf703fceb32008dfe566b4eecf4ffb5bffb16e8718b3688c0c4239df5ee089ba8af874df52a93e8a65b69998447d56a780fbc01879d

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 954977e34f68f8944da838d2dcd53a6e
SHA1 1c6dc57f795692345eff06da4e0e81ff38af0db6
SHA256 fcb9d0b94544bbbc01b1ad8881b588de8a9c025e3081654220d4013ee23feed8
SHA512 3af141d26e994393e2b8169f824cd0992a9d9b618b39191f1e6d4472c13f0eaa1b1b66467e2dc6953219ce3c84b22db2adea16ac110ecfe1b0bc27d9a99dde36

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 ebc42057c67882eaa688f6217866f31b
SHA1 85ae22fac195276e60595bf094af34f2e065ec8d
SHA256 b38ee038e652618eb5ab70ff2ca51cba4732626edd968ebe2ee6fd2986c99ed8
SHA512 8e64d322270f2866045aaf500e249e8da711171a433bfc46b5cc755a48864710e77f29b07af33665a8c8e57975264f143fd7cb7fd5ea81de4989dc5f70e18789

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 9c3cef4cdf67b036bff23133914b7412
SHA1 2dd550d1fcad35938af976315a96b7c15491220d
SHA256 0574e947c95e17c47f18caaf1b71a848ac287cad32bfa9d68eec080f2f1963af
SHA512 b9555d9ee8a900e298d2245ead865f00fa3bb3894e8c4fd15eb9b00d0a51e8aff558c2187287bb7ceb30ddb6de81de9cbdbced34618e03e400f61105aab21e4a

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 f2478bf05460c5bff384d1c3bd4931d9
SHA1 974fa163c76e5ffa654664bc2c1d311c085ed99f
SHA256 08cf59552a0ed33d6ec27a86aac0c1cd8b214a6eb4664d70fd5a3e97ef3787b3
SHA512 b5d28476de89b933577afdb38b7719d1de9315846023ee80e737d80bcc26370418a84b9d71db3a1c2b6fc8fe016ccb53e2b76515f953f6e65f48e400718c3ff5

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 3a7cbe3f06b5b137de16af01e52ba379
SHA1 baf8bc1fe3142020e6382a0ab91174889aa6aeb6
SHA256 60eafc4cf64747b5f2bf0901412da8e93398e9e1d7fd603fa5ec76299e84bc50
SHA512 3f41ab26b70f97c00ccf164b0e9283c17ab6b99a3677a8f32cddb32b1371c4bc22bfd2eb8054a0c0dad0471f8cb3bd364e8e6be410eed6520852d3d909551231

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 84d741c162ed2d3b9b867fac240bf829
SHA1 b569a0176992d94bda05a5dd43f6bd751cbfd5fe
SHA256 085da8172039932d9a9fb0f8b8640b934c01726305c336629dda5e6b9d9c4fe6
SHA512 4b792f09d46e179a7c217604c8132127f9b6abe5e5cbe040f2448cfb07d7a393f3a193a9faf343ce5ff57496fd3826fdd3a572884e784b06501cbb81e7ebf944

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 9cc5b21a4ba3fdfcbc579ba0b1fe2542
SHA1 c1af846e30f9f7b44fbbfb14d915bbb2c651f59a
SHA256 e8c2dea3238450399365ea7b5d1c838068cc532bd2acb14f2ec23187d4c33932
SHA512 c138e8078a4efeea034b0fac44aa740614a5e8bc0dcdcb38e7917ae247fb31eb3f8ca764b09cb601ee70ef504cc6e1ec8412140fd584055951f142016109a944

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 4b84e5f901f28b0617d55c1f118254aa
SHA1 a32a707430a94a8727fc963f3ad98a24c31c74d3
SHA256 f5fa10066be1987accabf37cf41a27a547df09c34aedbd72735f17fd9956fc19
SHA512 f6a8c8b0c2a009ce702dcd7a090f23677e0387ba9ff66c723c3c3394da39e34fe568abaddf4a535440b8ac766dda506c9230e7ae4e57cbda2b6b3cd3275adc53

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 20bde353162f41e20d9162308ae3ee0e
SHA1 b161af5b2206f13dfc236e712a4da09f45cf860a
SHA256 368c2cace5f1f2579e2f722146159dff423dcfcaa34a87cac7097266fced60b6
SHA512 d79ddaedde80f6c86130ae7ba858cb6d0a8d65c07e0efcaf78a250fe2b44284748e21c771a56cd4091b067b731216a7af7042f6670273389819814fff908c7bb

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a604c8ad297b8f269f264e734f1c99b6
SHA1 bcfa07f2dfa8b417ccf6402d63cc4abd2b987567
SHA256 445ff9f79cc47a30848406408d9898d608a37227ba3c573d84f1a3a303b0f10f
SHA512 55cb76c89179e1afe1fd59d65a309ad60e3276f73fdc3befa6290da42de8c1af690237e63b2accd52c59e896839fa4bb789e81ad29b05b8861f90753096ab06b

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 571b9ea435e57ffb343e9a704268cacf
SHA1 6e079aca81fd37aa4d5adfc4360d2be0dd655500
SHA256 a5180c4524aa4f4b5b1bd1cc49b43ce6fcf9ed4c1bfd4b055ade0e4a226edd85
SHA512 6cdcf250fe0507a809d2c47c38a907c180867f27a6d625a9e2b8f2bbb9a77ff44fb43ece87473b247b986691e413687397987754e4bc32fb80d1ae95814dc799

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 0c3ce38f0d6650e5a5cdb2ab18f681a8
SHA1 193cd738eea61d317d881094808c697dbd4803e3
SHA256 7235b2f48251db6581b079bdd62da8d56bbfef398527a2d9ea81171161e7c2e3
SHA512 1e72155e3c4f86efdfa4e30efba7828c1cdeea670a07e451afe9152ca91f87725b9b01d7789c6cac1b3703659325c528e8c1100e7e6669c4658411ee08df82d4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 5731b02073c82838c8495a0282f9480f
SHA1 08ad2d870448aaab207a5eb8508aaca67dd5f4a5
SHA256 6227911fb7f6764af56497d25df01214a2cd2c1b6592c298d7ed01e3f331cf06
SHA512 c3386a0e8aa3c6272d7e8f5dc7cc8e365dba8a4c144314436a941a73a66969923491105d46bfe77096a83d4d63bcc7d77d4fa1f55322db674d7965a14206bb09

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ace6c5a85f9606f734f032d525bc0688
SHA1 d401440fa4643d622bd3e5438b75ecb0ee8d751e
SHA256 214385cfede128e367a33fe7e4022ec1ff73280115a29e210ea8c659f765f3d1
SHA512 72e59d640e36fc764e59f96da745e1175b33f8619c19d277afab5516ec0e040b20c1d13db08a1f674e12b96d76463c97bca9d9caddecb3a645f6e9872d7d8111

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 197762ef98995a54327e3e64893eb94c
SHA1 b8e531e77f5e312c9d43d54d96c5d4f8608fde15
SHA256 9e4e9b6ea1df11e234b9a0f012e86dd838ee7801e6e87ef6c3d8c56ac73f8cdf
SHA512 e69571fba2f7fb8695834e2bbc018e2dc6e5b28ae942221187d77284a9ec6d615a2154e1840c908e2cd1fbf2604d43680793682160ff8c4610a7241424ecd684

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c16ff7cf83be2aac5e522caa01d3c283
SHA1 5d975869d0b26bdb7655e01fb120df300cfeaea5
SHA256 1379e0ac46e01fbeea7b05115bb8e358ed5d372def18137cb6ca9bdb5e8884a6
SHA512 85b3a8889e5c752b2139df15e47c212537747ad1aefdbe8da0cc4abe7ad47319c9b945d54890ce73760585b6447f6a53338700f4a207cda3c0e482681af864c4

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 54eaf06cf608a4e587e3a17527d21547
SHA1 5996cf512f54d727296b9b646575e786dbb0d466
SHA256 babd18ccac9b34490e3a20ad2431dc04b3332819fdf3408d185bc79abe182379
SHA512 3c1b4707b290be3e0ae53d1b6cf7887820f219a7febe74492176439706768df56bf7bbc3dbc8c38b721a3087dadb26c5948279d98f755c6b8f7a4b4b22d0c75e

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 ab7e2a9ca4443be2f88098dd289f5df7
SHA1 cd479b64ff883dd03f8ed21d67a54b0181322be1
SHA256 72ecbeb14cefffcf0c8140e1308d8fe47711f65ef2c596a009f0f2922d50cbeb
SHA512 601665448cd94e588823f9d02f248e20429673e81852dc36b5799e24270e2c2d17c628294613eea19a91bf0e4b6af2ba3595b8fd8b669213d73598f23d7c51cd

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 960d5bed27ab92d3654d48fcc020c6f3
SHA1 0f3949f41b5ca8fcf8d6c147ccf2f8c3826e4fa0
SHA256 dc642cd53ad46ea59316e69292b48cc3d046bb30f802e0b7207dbdf2cae1aca4
SHA512 8e7364ba038cffe323b1474913b390c3fee64ae0a15a5d2b6b12b3e59401777bcb7bedd3be8538e93149c720e77afdcb6dc18c7b342cfb4fc1d22e803afc4110

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 492a2dfe39061a110efb1b3a38981582
SHA1 4a4f6f42f56c825057e50b84cccee160eec35e7a
SHA256 3d662afc3a4db50ae536c4d510507b8846682429373d73818d49af6fd2ee4f44
SHA512 4520444bc928f6dbcc0b30955b082d7c692af3ca0bcf781680f83d2faced348bdfdaa7c3918c7465b7f89e64232de85db5216b61d4e2403f611a8a08767803ad

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 34bf3c4d3d8e7b20fce89f4462943d25
SHA1 b5fc22faf0404b1f3d1e9901ee22c68943dc3708
SHA256 e68202c8842f91da1f70758986ec22f730b54ea6e3e43711b0d1846bad77df04
SHA512 b9f3c91522a70af27087e140f639c136e5b06b2cd12861e2c8045db284300ef9c0bc85020bb226b6ad26d08f394746a8fd7f759628b95456f5ed456e2b8c07ac

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 62c881f916e0d7b8fdbd71a844a28ae5
SHA1 d96e9e566e9b34369d1c9c22e8778dbc05861442
SHA256 0ba19cd7ab18524d82f371fb7a519c3f5f49f4273bb49d24619a0da09ef6e01c
SHA512 8553ba9790f3a63e1b116f97aced2d89c655f226c3c4a4a8c6e3e982d265c7d892ecaf3b1ca228c411f2639b0f31fa1bf22a2b910c0018ccad95130d1fc16529

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 d5b9e1b14bc146bf0ca125868339e696
SHA1 ee25c0927a90a6c82e6aff0ebf38177adf800c2d
SHA256 a7175ff388863554548f94d2ad04476a03a9b7662cade5d4dc1c35d237f56401
SHA512 de998ba891af60aa4aabe2903d31a0c339fa7f62ecc6e37795b292608af9b9e0485a5330e29c66cc1e3f6bb07b6b4951f5de69dcd489bbf9409459fb27c75966

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 58314f164db23ebe503254b38a44ac39
SHA1 42917d13a6620ba52ce2bd470d7b9afe07745201
SHA256 eee3b4f09e7d757ea401a02b3df51686c35cc4ed90ad5f907fc729f1364fa49b
SHA512 b87b59407cf4601dba647b3345c450eec68b66119d202dd43d23f612cecd8cfa4f2ad41c0e2f29cc4724a7b7916bd5ae239ad079dfce895144245231f4132463

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4cd80d65f16fd0a9b1743660bc172343
SHA1 63ee6d807ce461fba70efb5e472f065b08e2c58b
SHA256 ddd8f6041c1fd21e9df0701b2115e433e8993892194ec2ffd6d1f7a83e36efad
SHA512 1db88efb12cf3e00bbc59bfbec4b3be1a184f2d143f5563415f8787554c28bddc861437de6f9d4ac7f756e3793c004edf16640f8d16dd07378d918c2ddb10195

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 bdfb01a0ef00f94bc5f689bec6730cd6
SHA1 e2f62f579b9d21315034d520aa7d125a320876d9
SHA256 b6dff601c47770c80f2bf7f1212b6f2c7e0856a1bf1f2c7f4c7192859302ed8a
SHA512 66a940cdb8871e02c5dd711f25e8bddbcc045dbec127d9c70ba972e4cd75a0653896b5eeb9ba476174b6d5b1291bbf13caae8f21cc398dc21d98f5042bbe8a80

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 45f14c68bb84b5773401236b35e4f43f
SHA1 eb1494c4fc8af76cd8e1d09c00c8a370db4f3f8a
SHA256 c6a13d4f4bc5b8be7ff611e23d4bbb3df173acd2d86f4be2044a887eddce7e13
SHA512 5d6d8241262eb3a8489d1037d7da5febca2488899829ca3486f59a3ef8b6642f4f53d0f7d42d61716af49e4a66ab149142575c37f81753c20d30c011756c49bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 ed76ab57160c20ee981c7b65fb142947
SHA1 f8a44c975689da049cf94350710b17384898f278
SHA256 18c3064657e1cdd93c8ec8fb5df5c1837bfb112c0aa90c21eb201f616077883d
SHA512 ff0620d8cb56b77a1005bfb1aeee1f589d010662a7ca0c772b65947d5af154b865f1606f4efff3cd284e11adeb642e7a353f703ee68d7e4be02f3018f992216f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 fcce92a228c7225706bfae0179120e03
SHA1 8d34b0830cac2f50ec371eea2f5ff25afc4b49b7
SHA256 ed6ad2a776c527365b7b9c9a322a7ccbad724bcb62f761892b68f622885f2596
SHA512 1191df8a43ecfb4e7e5ee5a0ac3284a94549f4be61a69b3e04fe2d49df1f506e70a27df11a75fc791aa0358f28b3000bcef8f2d0727519eba00f32213feee507

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 3f6b32812a7ccad41646f0da4ad46d29
SHA1 9cc8189bf4789f36d4253e87d6a2a7e1d87471ba
SHA256 1a3c8fcc9ed6e0c27cd20d6ef7ee4d0d383cf5bb48f2c2c53b5b77c2e1e225f2
SHA512 eca8922f83c6daec87dcf732c774df1a5a864dcc485b2338a14b7e5d46c9bfdb40b41d00c87a83132c52451f5e0881f8f2cc790e9f04ec6e08c7c8e70ff9c6f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 027bd1d06bca46b137932c2b4491ab88
SHA1 204523968b8c233b9a2c7c14effd1ac0f1983cee
SHA256 12040041ae39fdcb2c9d5e4f339e9588393d8fd19b0656aacc88b57d7d925ee5
SHA512 a2d08a2a33bc44b91db37ffbd1c65d4f981208dd343e66f9608fa631f5fcac116b046cb58350e25f911a5091e02bea8c6d50d7287044e6bacc614ed7fe8942b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 171d842de3751a2673cbf64d84121437
SHA1 0d76a4e8b0eedfff0aa167d6ba6b5a3949f56c18
SHA256 93c62068cd02779721a859ed4f5ea4a63ec62ef6b7c1129c6609eb302ec983f1
SHA512 952bd002fdd43630039d7a5cce29720c22023072b5671089fcbc3a75ceb56a3db2a3db13ac886bbdd4a915ce16830c0ceefe0b4b84c778854feedc617e099996

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1940a00e240fad7a7b2e769a9058e4f3
SHA1 44e4e6c457a8ec0606dd3a9f64e5b19d9da12792
SHA256 8d00b6b096d2dbdad2e6292f94860738da19e3ebca4e95efe39b818b6f405b33
SHA512 44108799b0739d4d4237f251918943d4a06106321afcc7b1bad2a03cfe7065901e9ebb8eecbfd65d1f11c7adf01a10e50d564d045d1b76e5480059c9fce7303c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 9780ab6fcc93cb4cd03c00cf033ffb35
SHA1 c862c5e5418d23a062c4adc146fbd27e42c8e833
SHA256 e9f801836206529e605c3a697d2ad86a9bb21bd81d8293aa65e4f4ef98c61e93
SHA512 3e37396739eec54d48d8c2f60531b225fa26e9bcd86f0be57a6e8e035b09ebb88365b0d7a39bcefb2900d55085737f93bb7ed1cec3ab829dfac4eefec65b4809

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 7b53e7067e97546fe95f19bfc4c7851e
SHA1 a8c2a5047ebdbb02c404c6c4d686892952cecf4f
SHA256 be8162624468cadd49c7f442c35a0858e78bbabde01eb1594c3ce3eace4ab322
SHA512 ca014ee460a8f66bd1a11327da6edb5c2e6efb67d0bcadad2f9987476dafa8e2b457fb439940e7965870f636f84aa0e02cbb97fc7f6d5967cf07a1ae33d3bd6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ece1775179ab2a34d5282a59eabd83d5
SHA1 772243ce7efd6df4a52d7a717a657a6b0a8a23dd
SHA256 00cefea0221f69ec3568d67df09fa5b470c94d351c8423124a07944797eb5721
SHA512 c9f1ac38f4fcc7f127dcfba3cbc95c72d581eef9991d06b8d6aa4694cc127c7429e280eb8d50463c0d963c7594d8d8c37bee978ac0718686dbd0e14136a93d38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 e0f3caed897c2631a59aea150f71404d
SHA1 de8ee3fe04b2aa6400787da51d9c45f92b118d87
SHA256 4bdb6d3e86be5940ab252568714fa7bd93dc9592f258702a8a2005979b645c0d
SHA512 835ddf28cf9455d70e6ee4537f0b40af0d34a4d0ca15b6079f9833498817eb10eb2d5f9b66347ab867c9972ee882478fbba5bfd0d38e33dfe6996898eebb2b3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 a1d4c5bdc6903f4f93100ff9647d23d7
SHA1 123f2d614c7447268377af47f3f37af2bdf1af86
SHA256 9b28a5b7f9f508701289464cdc492e688ff724fd2c0ea600dcb4dd73d10cef6a
SHA512 4836b6fbabf451800db2a2420700adf7f64b867171b3f82ab8988452ee28576ebcecbeaa83d220434f01fb9201efdd4a9e0daebced0d074243825c11273e3504

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5c9dee8ca5da00e053cb00fab91fc001
SHA1 25605c695e9347132f94e7c856fbdf0f0d737384
SHA256 520377a315bbf53d7a6c7bb26f24c08a258fba1eb3bf3c0e64ad7490e5b3455a
SHA512 3947d443b686edce5082ba7dab0254187da7ba83250aeeb331eb3f97bcf00d631ed67ce23c97efa52efa8082c11ee99a3d7b033a95c7706e4fe6353ae231f091

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 69d44cbd874b1afba06e12b460848b87
SHA1 e862ce420e52fea48a2604e6a397e186e546c748
SHA256 94f8bedeef5eae18720c91dbe1ab1e15c41cdb84997cf7af9f132228a72897c7
SHA512 8812e3f37aa560aac439fffb012277a2015373ba092cd16a892ba104d1ee39e27eefb5ff572272dd169ac301923b2146133232929836798fb60986628a618399

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 ada0fa89dc6c867a6ce131d178d4b315
SHA1 dc51a033c95e9382285a345aead4b427fddf92e1
SHA256 17b6ab3b7f6cf1a010f8178dc24a0706ad6bd7074304b5a0f32bed7e7436c131
SHA512 03629c2bc5afa7814defd85addef55e2a520ca8e6972caa5534cfda4b5f760ef32357c7f2792abc9d71da71e646c0fe63c440b3114f6653e9183c019d6686dd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 6a9bda0d5e53f003b89878c20d3deba5
SHA1 9fdbd0f04a089f357f92d21ad26b16f541ad4cbe
SHA256 b8142163643a48f335984a2a9d607fde962a25cce94d90f4d7f95fe93f1746c5
SHA512 1a1a5e4591bb1844a51f62482dd937ee898379e8d3ba444229772f4253648cfbb0856cb94fc105168192754e82a3a945ee7b189471288f40b1160cc4891b5694

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 78bcc0832d6b4837793dbeebc69a05e3
SHA1 410539ef7ffb3ecc2281f684e9100943565b6806
SHA256 6e1b5fbacf9ea91eb674cba6635d6d45fc677dfb18d584be3808c4391436f8d6
SHA512 09ff8d5e54547b4afafac74409ab91706280e7c3b13c44778e3971c0edb5ccd77428b6d85803d5a5cc92e886ce908ca78587941c7e32412f7628c9d0d29e5399

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4dcd296c5d56d3b9b02042bb86e1ef3c
SHA1 6013534af24ed0fe5f155378569e5a2c0ed87958
SHA256 d9e15d4f9c665f6525bde81f2b9a82a54cedccac84d31a077416db70119e119b
SHA512 941e553321465dd039375b7ef21eb75986d513591fa8dcbe75128449dff73279fdec9247c0d75adb5ae750e56d19d38a4b6c6c1e833ca3be26147e769e82662d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a34c6dfbf132aa4db8417ddb5834e033
SHA1 04d9f526bd003922279da1205641286e5dd98c00
SHA256 b1a72840528dac7103806df4259f5bbbb426c79c88df4f074d65a8b708d31a12
SHA512 ac8c807007dfd8603a9c5bd30bf0970d8ed1af0048835430aee9fa8312dc1465cbbc4eeee8b733f947fb24c99038788b71adb0e65fbaf21adc96ee5ced346086

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 ecce24da061e94e8e15125ab4bcba2d2
SHA1 ac5fe2bdf52bb82efd5e81bc0556916449dd3861
SHA256 566104474aae5b2f20641a206a2b30b45aee61585d28dfd4fdc433a7777dafd3
SHA512 d91d39e87e55e5379c66c0c60cd2b6c032dedf54e015c5e7848a173131bdacd281293f36b66c2cf4e4d62ecac2d21dd135bd981c564c1fb5d9afc0290c05c7b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 17f0973509347b896d7906fff9aeaa88
SHA1 8f1c9873cd8c3552b6fc41bba683e25bb53c7af7
SHA256 083cb2fe18862fd5e5b0d7da5ae5825f7f2e28e81b10e14cc1a2aeb8a16d3dfc
SHA512 06d6165a9a7282f1b4c85e4abb25a4ab34c8c929d3d18124da38e3941e18b2b5bbed02485bb1d8c3cbf75b8d3bceb8a2414c168f0e1dcea52cb0ceb9d6e46b40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 d7a3543a4306abbd88aea50319bffa99
SHA1 8cacff742d0347b6bafdbda9917412ed6b2a41a8
SHA256 25e66219105c5435eb4b257f5ffbe7562d32474662b84364a41ee2b40e851f10
SHA512 de26fe6f48314f61fababa92f31afc906dbf33813d19456e75e055d05ef8c12e028d6f24c03364bf5f7edd945481af61ba9ed68e76cfabb726d4f253f1f80a9c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 81817fdf713566f0c930ffd7da0cea56
SHA1 59ab51253d72093524844b995d058d03c1444c2a
SHA256 84a7dcd9bc81a618f3a7d5d8536fc8973eb297a5e016a7da6fba1fc423ddb0e9
SHA512 77612e49d8f69290f5217e39aeb76b7a04155791981e76a8923c40d075aae95e1f0fb18cb8c369fe55752c09348191561ca4963ad00f5f22a006d7bce510a9d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 87ef8448be39c07bc4b786170744aae6
SHA1 f2e80b1fb9e6de695afbc8e7a3c52f547acd3111
SHA256 6e98870752a43c9875c935099cc1aa2ce716a393c64668b5327aa5f4dce43897
SHA512 80b0db73fdebf86dcd0ca13b3e4596b06fe362d9d7ab850e1f864f09eecae34d62269d467f6586c3333550f358753bda51877ab32f1b1f859b1c1e3dd60e5d64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 d6bde72089eed1eee6ad0dc0ac6809f3
SHA1 adfe2375bdd1b0a9afb10167badc305711d49fd7
SHA256 030ad0bf09918365a0428fdc801add002e8421cf9ce38a00a74120592a4325ed
SHA512 12dda160a5e13d2ea676ae249eb1bed48033fb4a2ef2610b5db51458196426aafd64d4ca0bd8600a03b044da6d00cd841bfed5493d0d6024065df5def65fc666

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 3098ace25a3ae8ce7da5a87b19eb8a41
SHA1 94837107b2a64e68a92873f1f635b1b42b596492
SHA256 c62b6bba55ed4ed57967dd36151c9b0a66c75c1ff77c773bf4cbad77977359af
SHA512 fd798f27b7154074e03a860f59b47f03b7e7549a45a6d815e78a5fb3798f43fb071a0205d1f3b2dd072645367599c6bfffeff6b1d9ffd90b66f0731bdf4f0bb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 4b1b9131573321a401f7d39ffa15188d
SHA1 8b84bc043641887b0a28efde7f71ac8f6994b9e4
SHA256 ae911946b2f4faf54b4edff4a4fd7989c5d86ba042f011f62af7a111dd487cba
SHA512 d9f31b0fce33927a3fd92b1669ce4b7b30add4daccb9e1f795df3d156439cefbd34b291a670c70fff01325b6467b4f706bb350f175f6e5ba6021c2f629469680

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 829847eb68553145b3430d1457752394
SHA1 71350383772c91426145d66670101c8cfc988111
SHA256 a707de27a1fd3a5156cf499acdcca0cbd663736639837fa288c10367d8334624
SHA512 d698ce535055454ca7f9133ab24be961eefdf3b08258e7662991a973c372485c73da0d7b41d2c5b45f4ad84c4404ddf348e9e90ca209d85e07450b715a412879

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 5fc826ded04d9bd79f6367a1403a1531
SHA1 da7612ad740fd15739dc541c909288724ed89da7
SHA256 3ef0787cfec41f8235bf35abcc235c54519da749ca39ba2532aeaf2dc007afba
SHA512 e7e255d3a19ccd48703ec351c1de7418deed4d9813a312689ffe752bf952f9a8cc0d3f0b0b75b144967bdf45a5e4f9b175faca363bdd6510149612f4fd59496e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 62a49e0e82627b557c86d99d545cf20b
SHA1 1d5e5d85a62a101e412d266dcb3b190c01f9e5a8
SHA256 7a59c3d5c8a1fb58d4c41709dfadcdb190c7d86ad62c4640b0aead5d9b49d28f
SHA512 ba3e456648b8ce60735f32b08a4885a34042a72d780fb647dc9e0180ce39a18096fe01434037113be4b3d7166df835301cc0e31265b6be489af3efb91317466e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 40637fe50561cc686a979ebdd6d0e5c8
SHA1 8a6612f2ab38f53875698a40f487319bf9248746
SHA256 f12a21232cb78839c69bb780162af1831f328e2603bc26e56f31078ee316e1ad
SHA512 86c6683572cf1e9c16a1279ca3ce0abeb265907b4bc5767c0dd0141249090498771683f9567314a7425d7e3bf84aa7797ad4dc09369aebaf2a8ecc2d6f533e24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 347a7bdf4887a3a956cdcb4ffc0c550e
SHA1 d02fabfe39badf4d4e6c25805e233be8c57de78f
SHA256 6c4bc3ea1c4b30ad84401e7dcf9ebaa39187444a6fe074f1b16878dc641a7e04
SHA512 a6c655bf4c532c868a741e671c5ae587971a8d22c246e2ef6c8e8ed20a320406da5fe67986de26de5f620c2ddc08496e22e657b76d769f2490636b922c93b1ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 70498132b899d782b10a78f01275c211
SHA1 7389f052584b064ad6e5e5fbb94f4958911b1fca
SHA256 f7c004051589f71db10ef1aacb5032ebac77f63c2daabf4887b71fa755dc7b68
SHA512 1185d34f2d07c877db1a91763b2f1da681a5a1485e38e823075bdbf57f00670590a1e0fa078513932d750213fb91304ad66bcea891034de3c542cdda38d8a8a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 da0016328e37f09b3be954786321ef10
SHA1 feb7bc230110a69160a3aad5f18835668cfc1c8e
SHA256 9eddd4d991c52b0527e65138cf0c89436f8a717c5268e071074f373ee417c17a
SHA512 2c94218e402743f07826aaac2f68f2697796fa455ecd3e16cd002c6c2745d282d57f19a17469feb25fd289b99da232e4619107860a423e9bf1fe35badd32f35d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 6e7d67648023b87b3458146b17455375
SHA1 cd6c476b46e34308c45bf8e76e8cdb497b34f149
SHA256 82ce543723c5e0feece5fea2d980b78cd8014b2ca7605de5247afb5d7c68986d
SHA512 ebdb01467d660c2d7def91c077abdcb09e64eb96269b5797ef63eda1c1f81cc55b567bf6e44ee27dc433db35f1a3fabe884db352ad2a5e41838b200355f865b5

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 52f878b332811aa25de064510a080cbf
SHA1 b4c5467a1f7d75e913a149905a65b78c93039383
SHA256 4f301910141564556fa29e8a79edece212d149b83cb6873c80e5311aa767dc30
SHA512 7c4d73fdab9970e4dd0bf6549f03dbec316e192058fdb958cccc5e0897e414b8a6d98f7bf8d323900da10f32c0257c7a457fff40d96ffef522cd9d3fdb6e4b65

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

MD5 9360985fa1483571f291dac3d6e68dfa
SHA1 7a7e55e95c8c89731ada6ba28bfb4fde02e1bd09
SHA256 7c573cf700a4fcb8d5aa393f6ccd2a421a263ad9b0bbfbcfd4fcb0d026801053
SHA512 965f3ddd5f6d09288383546faadc5948fe79f890c29cc6f0112075cefce9b994b923184263b6c7b6888c3d3f9a99bce3c4d6282f7a8eac20a1d37ccd9019218d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

MD5 499a4aacae5cd17117d1a2a34d890a4c
SHA1 a93d6dc8f089abc6e0224091e2f70e4c31d09a3b
SHA256 3a876ae773acf8a8d595262a71261393528999f244c9b9e3c29e6c3351040eda
SHA512 b43549c2a749f6de8a2daf2f0078d2501fe19d97eaa724801062988332f4ce2ed842557828f8b99dd5a1c0038ac3d68d86e82c959bb5f08ee1e1d1adb60b4782

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

MD5 bd55179e52f21e7f7f654305e56ac4d4
SHA1 f815f672e331ad2ffbd840f895754478860b25a0
SHA256 caf60bbd5e084ef3f2ad6d4e8db8c31600da9974f74ae50d3aaacb7ae0196f78
SHA512 5853fbb208dd1d80a0875956105dc9a66dedb6e9956f81f2216e0b79e50e4aec49d4f2a95f644bdcaff3d4e62f9d171a3f38b78157c0a6f8cff4921d18b09062

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

MD5 bec76fc1a0115166cb0e8b47e0d754b7
SHA1 94c8057c942c6f4cc9f093369cec7686611eac9c
SHA256 56c3c1c37083b906aa90ba47e48db661c1062f9b165aa4d1275f79776713303c
SHA512 b5781bca2c7e8084ab31188e2f23a5c01dad28cdbb6918cfa7f952841acd96182b725645d131f2153dc88c7b82e2b5376fede868a431c4d1d5c103e73642d61e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 fd557a8af7e65611c4878033ccae455f
SHA1 a9f696b89b242f9cd07b94acc189466f93e3a238
SHA256 a809638744290c0e428f7fe39ab4c95209b35b35d51e1b687b0c32c0cecddb79
SHA512 3cc7540415acd1f0867683b2dbf2b62de4c02b2514acdf509d1e2a7388b818340bf2ba0ff470d734115f038272ed5ace955072a37972a183311ed03c44cb96d0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 56c30d8f838174add62475e9218dd956
SHA1 440bc59a423da8fbdd368182678e9406d617a3f1
SHA256 2587da7712753843e036cda181e6bfc5c3f92fbb2b2c5e827ac4f42bf19edb15
SHA512 268f67b76407dd1c7fe70499fec2fcb4b07fd719f403414588cde53fba879f484b13bc3899fbee0f3bad5ddbab5ee9335b06d9ff3e3d5b342cd35229c1f6f999

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e790e800e0d231443c09231f98cabcd0
SHA1 71db28074616f71714511ecb45b97c9c95d17557
SHA256 841607e808e9dbc3b8002918d1c2a1b6b1198efc6cc097e46ffb466bc79315f2
SHA512 f2eb7b7993845fa3b38a9a8bc46e5c5eeae01154679314b04641bd6b476f312cfe4593dea8f4579d28e6194fe0dedc36e417da5d9f547efde2cad0e81e6468b0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d28d4439762289384f84df31844d3c7f
SHA1 06595fcae3992dd070b6e8b3b01f7ecca4c274cc
SHA256 f6b8141c391037333757ef0a09ead0a686c083f737d621c37f7fe9dc42d9d059
SHA512 b9f726eefb18d28bb6145cb5b44f389c4ff0f29f7745e76055a1b151417cc68d31db592866c9c0762e2a612f0fa8658d95545eb71e75815ec9cf41f7a5e1ed2f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 9db841ae6ecc42d80327706c557de779
SHA1 5fe066dac83461b3acf3e1c7148d54b6c3788adb
SHA256 b6d5dc21b793b9261270d10d31796bfe92abd9e8c5aad494f721e5e95adf8033
SHA512 d7d51fa282750e43d22071f8e7e9c73b8f3b7e1aefef5d6ab10fa663911c6f79416578dca59d08e1922e7504ed496fb9d204c835c25d438c4dd26775a9060272

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 eb2de057b857811517d3aa6bfaaa50a1
SHA1 489e3fd7ac9a56a18296f786082be67156fabd7e
SHA256 0ea5d7d24bb5f7d06757372e1978ffa1f6910e1633e35d9be755e8f2f9d196ff
SHA512 4b439af49b91228a8a5670f3ab5213d851b69189313f5af5bf4796b4623f21de53313f0601fa1ffb547d0f68c81abba86987cfe221a96b38186407208076e94a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 cb7a7931f428df709956f6bd09f08517
SHA1 b25afc44dd87767735dc96dd20c64ed993ee3bab
SHA256 f2f516ba455afc9f4a12bbb03396d6cff7a3636a5f0b1384ccd7ef074d9ef9cf
SHA512 7454ddc6305bfc15fe059e81adb40cb1868270c8b0ad79e2774c1acfc87f036e22e313fd9adb3675b2891dc2d0dadc77a56c82fc29bd771396e123bf8761022d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 aa03b4f759516273885fa0b4cbd8fcd1
SHA1 c9af30a40eeae1dba53b4dececb32f32409a070a
SHA256 9cc25b779a124e98c3967a6a6052f8a5dbae9e2dd0364f563cc306e7676f8998
SHA512 22217fde0720a287865818f2c82f49601a29f2576a55e15cc0ab72dce94b5a66b9b0d91130fd7ec45aa5d407bd74073445f6393202299903f57a93e78bf44e19

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 a2e48459de55af07530f8a31911b6596
SHA1 c5dd7d39cc509a6c15f77e3a9e904b87463c1191
SHA256 e48fc5e9a76ecf80f24985248b1c198f2416253c7ddf000c64af7594aed7fe36
SHA512 f604c9592dd77eb14a32fad59670c1e81ac9f07924e3b0040972c82e72935d51f0302f94b9b025c94250f0106fc335f0212f73c26f2f25f517d39f3d3b9fa9c3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 2ac7f97a61c52d664f0295b12f1e4612
SHA1 8efc8eb971e41be2d6886bcba1a5e9093fa8e26b
SHA256 3ae13e70f3481d974122504d70acb6889427c71181b680307490079171003b4e
SHA512 cab0fa2ff31f1ed50515965c5b41b6be53915b32466aeca7a96c5fa2d42e957d6fc58cf6d76e1d14eb74f222198b0bb669dcd5844ca0a20730649db773b32fa4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6c41c04d6b8cb360401875ce57603a6d
SHA1 2f460effe6410e809948e3741ddc94e740b88f98
SHA256 624a502a968febaffaeeed711ccb390773d64be7d99ec395f6ef2da88ffaf151
SHA512 319a3ced4d0ac1a72bcc842da520d7c9498a23aeb84c13f477191ce7874209767cb96af34d1d72941cbe3e55d57f1f0107ac48e2d3413c9397a3970464b40eb9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 9dfcda4ae06e6fc277da3de6e60ab091
SHA1 00dd086850789e542ab9b3829340db434ce7521d
SHA256 325e085cbd5cfe05e95299a824e4c0ac9b0a38cb59885a85c030162b375fc2d4
SHA512 6352fb3dd9e69758d470580aae87441d59fdf30d1ee40e7d6ff30d624ab627b5178ef5e307f481c94d32335f3a34785d5ab16535bf1545c497affd705ad4fd5f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 058e87aee6607fc8551ad62d3e82f6cd
SHA1 0c7009965b154da5d724bda8b2e418e7ca7d58c3
SHA256 c51acaecaaa67bc6873eb75fcc1c7e8862aa4ad96f894ce1d5c094589fccc4bb
SHA512 e38c6444c299be43c90feb5e4ee524501c8e81bc91adec5dabc0e3d5f3a8a2ce295bc2a9480cc5ed528c876f0081c59f085e6065fdfd3261b7aaef15eac742c1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d427affa7f97fe2f30a1d32cf1753181
SHA1 78f5c1eb2a3064bfa34ca646bb534c586de35f50
SHA256 16491f5ca7c99835eebd2d6cd857635d39436a730669322e90ef201fa7731ebb
SHA512 4bca2df04932b27b70002f8925ed89611f70b3f9d2054b998a05a1e1996cb175de2a1a0ba0b8b70da467db43ab27f8f70d34498693a14de010d132d46e57598d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 83c5bafd0de674e89d0c38bb7f19f4b0
SHA1 c5e94a9f82ce4468532ce37b7d4c2344d1ad4791
SHA256 27e9bc80e1a63e1859d0cd757beaf93eab00ba45baebd7f703fa26debe43ef55
SHA512 1eb33f33cf5319d37aae7e477e0848e38046bccd71298c17f5d312732a2061c8c9cdf2959cf9b6bf42b06c15fb9e970ae9eed6989d9927a50f49e0f0ef0d7046

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 9c1e5e321514eb465e8b2a52fdb95ea4
SHA1 6cb9dbf94c6b12d09fc37dab3158508448457ead
SHA256 bcc81afb6b55245418f3dd3cd271ded45eac62af0c9fcde34916ea740679f8d9
SHA512 62b8277bc9474c54e9b39504ebb04a0f8e2e63da8cc1ad8a3346cad4fa7335f20fbe0e477f8184e76099bb9de2d2f293c88c73c0e81cda1fc4399040ce2d42a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 06e10ed35ae49faefdeed239d13702aa
SHA1 1d3ef1115b09bff09060f324c3ecf5a9ce59acfa
SHA256 245179e6f5b4743f8dcbabf669909d8aafb2bf41699b7265c134d358b0c9b98c
SHA512 073e24d40d0bb98a576d372157f12f346e7f8ce66c3a9e54ed40fe41bef692efea1cd3974f300904facfe53a311689fd64db92fcd8bccff8c8d4203c44c1bf2d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 daaae28f41b07cfbe70b246725c2ac2d
SHA1 fe2b7753fdcc59edf50ba4df71d3e187ca8b3802
SHA256 d81f1d74c5dd82ca355b7c716235cd0babdcab913fdf34dc6742601c651f966b
SHA512 698fab44c40942b5fa2b0eb7bbbf8900526fe631ad608a63ca247e08b30e3841256174c48b5f2038a7faadeef4d3623975498e7df2e0d1af0157c4ed924e9843

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 05bdf4d6aa0a38f2848e6d81d298190c
SHA1 32b4b32cb12a0863ae672f8d2262af5a8a96aaec
SHA256 47ead8233db906e5db45e3241d3775ee3d6bbaf4e658cbac5b5e3929052c80c6
SHA512 0087bfec6e7585f22214561fc2ea84e8b42bea093a5db0e3173706355953cbedd55d53eec64e87fa9971b02ad81d5b32c7082fda45f42f07a9ac71395730e853

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 2d27e242e5790fbafc4c294f71814053
SHA1 8bbde7d9425a8f99d4f6157282f7ece6a2644b5e
SHA256 0aea34e4d969b190775e231579e94060468061a5c882550be660a14c9e9e5756
SHA512 00aa34e006ed0ca876730cfe16d12bb340a358f65c4324bcd6ab1cc123b47670e21decc65974e3eaa9357a7972048d221203cf08151ee882de62e1734ace7ede

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 6ed53037c06f3aa45b1068af189960da
SHA1 52e7db045340251215d741234ea072be4516fd05
SHA256 a49507892a7f5320791772dc8aac1975f909c9c177c7a50ec19ff3153b50c769
SHA512 8169fdabfd1da2a7c9e7d63aa7159a6e47c4fa8f1429b7bbe04ddd52ba1bbc9be7c6c325f5d3c20db9a010652d8c2a46dc45406c1b98ed8a0ff07425c5367d85

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 831cc6355efc51c176b3bbb31647146b
SHA1 3ca2c1ce4c1d4c76eec07557628ef55567f7ecaa
SHA256 3268b70c05ae16e566c8c3c572f86ede4ad1d03870235c3a1a35e5acbac9c84e
SHA512 c30ac8a063973d3d5dec34aebf2009b035920e1df7f778869e7c265b4aa1cbbef5ab12a19c87dc4b0620e45cdd1b5930a4dd73a7a27ac08cc3554da68acbfc43

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 6b89a202fd93d18cf6e0f8480a386f00
SHA1 4a431d0d2b4e6783763b51941da1be7bc1307fbc
SHA256 f113fa336f170877fa646db6dca43487d9399d97a01ab4bba519c84afef2844a
SHA512 f0662e1fb5ef89c70b9641d9f49b2314f509a3140904a436abdfadd03093118d16b874da886c295ee31356c1290656f6c0acacda8b2b4f88ef45a3cd8e4a7612

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 6ae86f94b3521f8ed39d55b5d9122a27
SHA1 64099f94b21cc87b7ccf218fad627000b1018f69
SHA256 53b31ff8dbffd8185bf24d62c4b552979f54ed6eb5fc6c86fa221b44e689336c
SHA512 006ea4fde30115095169313c32003c938cb2f23de692481eb3a2319e25e292c616e38dc733a3082b2b38ea733d6eabc2b2137eed0830d30655c31b3af1d9124a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 a99f36b022247ba46f9bc87cb5d44303
SHA1 1fe558dc5450b9b6c84dce98ed92c343ecd2b6e5
SHA256 4f4f761156619ee4fb06b93e8da708798c4dec7f6aec57da49c32d000b8f478c
SHA512 8c864729c17b4c82aca296958ccc678f3da3e16c22d7cd55f5d6a0b934014d97b3d586fc33bd327160e64adbc463f119964489c468cd089bf8019f9b101c205e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 09ce631c895cbf9c00b111c995a1d045
SHA1 ecbf7154ece6403182b78fbdfefba34f2895d59f
SHA256 ecd637255b064fcf743fde86cb5e432cc1d8245153227d29cbec977ba52ef706
SHA512 10f8992e463a98827a6c2525b54d4cdc93fc77b4359530651efa2c04f6ba8066aedf614925e9aed376b60131afe5071f176afecb98bb5406b37fdce7dfea6212

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 4c47699baba7ba1923be41377457b929
SHA1 bcab712f53fa4efdacdd37c644689e593e33937a
SHA256 fb544d9c679f82335d94ea739d6352479d3d97b9875cd8a62d4e89486cb7e8e2
SHA512 fbc0bb3e88ca2c953cae69c423d7f321fc4b42a0c85f8e2a27c1bd4bf26844581d4e4e5fd4f83d06d4bb2606aa47724d4f8d35b304c4f39089c285a444e0f02c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 0367671fc4f8f2e14e83fabcc82fe30f
SHA1 93444f9e6652b80de59bc6267b158960a7543ef2
SHA256 1fa2f82f42173f5928ad6af7867e01e92dc522b3084b08ee3d6ccd2ff60b306c
SHA512 ccaebe676ff8cda127032d2f915cfb5371e44ea3a7b6e5becc725fae6d6e95f93c8877bf07f739f2130766fae8c141f6390142edbca8beee772f7360406b4eaa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 0dfe27252e6b91bb7886799c6c410fed
SHA1 87c03892d838d0ed34ffd152738b61bab484d507
SHA256 9aae95baf0b14253bbbb9539e9dbce846ae77d96d74998eb9927fbb551e709f1
SHA512 4f609a79e77328f75e949f9c01bfa0e855537231a5cbe5472a0802b6e59873ba3579c6be7a3a6b8ee31b19dfdcf9c240e41f74d18eeeb11417aa837d556d999d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 bbc2387341b2068d130b731614662485
SHA1 49dd2bcdc9968533dc8cde424f966514df6cc916
SHA256 c3c655f6ef7784466a0be66a205d21826d7453f75610232d45dd6799f6eb48f5
SHA512 56bb56da1dcc4f9620a69c53a3049f23602ad2b01f705d97cf49ac6485cb0243ea280662e95203571362d7861b593446faba4bc5a43c6b83de855d0db25fd436

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 b72ecba826965e367f1097cdf7782a1c
SHA1 12c26c2b07cb5d0fd9450ad2ed63ec57e468965d
SHA256 5678f3039e654003bf3879bda423fea7ade8e12dac4031d1d488073224ceac20
SHA512 8f057e10ca90d5511c71f6eb64ebeb3cc040833723667c70cb4a9d607476075f640d3feee0be37ae8bae58f71d237d2a82fd6fddb4bf18540d8a936587b0d8da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 5f18fd6258d8b2d8c2741e783a7d2bad
SHA1 7f2f7d9d019a6e71f6212ec8397a1b4bdb2a6b1d
SHA256 9e38bb69324cff4bc12bcfd6b88235b741bc6064675a37fe6e3028be414f4685
SHA512 933c98feec567259c51906e71ff6bdf7aae591cfa38bc69f9c998ceac65e3c4980caeb15eec45e5c276dd5ebfb6604dcbc3c22e5ac65401f40974bbdc1be4c50

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 dbba8ea8796524fb3e2bbf3d74ff12b3
SHA1 db5eff40b4acfd2170910bc19e8f70dce38245d3
SHA256 b8c75561eceb58a95334480f67a728cab565439856a7a3bc7303a44b5619ee2b
SHA512 17c96574bb9ad8b5d0d6211f0713874b66dfaaf60b41baedbce11b4a8ab35333e9c78801ac79d4f345d919c0a34b51252009702fafe435a6b60d9db3128f8426

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 8b2eb90bf94fe751b1fdf76dc9e54e21
SHA1 c90f3ddee9834f8c1c5a49ed01fd1bcb425f948b
SHA256 69a701fd922b8fba77f58d9127ce2c293339ab0d0cd14e13195ee81cb11fc1ef
SHA512 106185d1d852245edbddd70c80ffd9336900989903804f575c608a76b39455910a95f3b636e5c1a29be74e33db7093928580ae657f20495f1008946add051dd2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 52e32948620bd5d0ba3f1f8a2b511729
SHA1 bcd6528d4be58c522d0b42c4e4b140d416079ed4
SHA256 894682955831dded60f84f02c7e27bf9b92353868c95ef467a35c63a9932bd58
SHA512 a24ba3c9f75cfbb2fd072bffe18819cc347998a0a865710af38b13e87e025c7ad3fa92a2303636255f33a4a8941cb294233129b17010ca19789cdc5707b65b40

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 d445062d7984d9a8d210b3c3e20700ec
SHA1 ce0c5f200db36199145a04a870c49646ce5aaa09
SHA256 34e85aa404c4d0cba57364672dc667b3c415a5554d081eae2e28fe14b354fed6
SHA512 e6b75cae8ab8ddcdc58170726f9e92cb6a405b9b3854ecfb2cfae9265768840ff93a7d10cbaccb57930c91db0a575698d549551fe65688f61e381a2b48f504e4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 4b537f27a6284341550b4d2c0dd26beb
SHA1 873b1fab0bf121e13374a5df1743ce920a4cef5f
SHA256 f3812868e0b3d717ff5440270cc225de8fe6fff939a58204f0131bcd91941955
SHA512 f612bf6da05563e71f0ef145b8bd1c09a2ca0b5e73be403f0931e624aadb6767779a512318b28f11555d135d6e252f2be632091b56167b2279f3db9b1a5897ea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 3f765d359f19d42a38e0086196e23916
SHA1 c378c4d880a88525cd568350c9069e79208b44f1
SHA256 24673592a9b7eaa87e0479e78e1808742c8c7d8e4a376b07920bb3cdb71c7c12
SHA512 16e482eec3e9c14129786b320d6c91e729a95167d9e54eb0b7703b61d77a6bee896445fcd3a4803626b32d5cc7acc586ea9a2452bc5bdca048fbe2fc516d37d0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 92b816f8ec6553e7613a0e645005c440
SHA1 510b7f9f357a8a9b87799c240515eff55d765266
SHA256 e31a4338b20753ba2c144b2e2ba2fcecdd7146172b16a563ca0eafecf94b2fca
SHA512 3b73f9757e4ce61aeea1d023a1be98f7d1965ac2a41fef3d53f1f84aba4822748bfd84ca997c9f5f33e777cb09d8a4a9c5e7187e38c7599e397f3c39cfe25e90

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 396f67fea9dfcc251c439a6788578b82
SHA1 d35e54e8bf9bce2408e4d1cdef605df2f804c67b
SHA256 0e9710ab624f189a0975c37680111567daf4f09dff8b22b8a61b13a42557d7d1
SHA512 337513b7b85825504002e616b5178255cfef733df474692db1ff3228e02895e209b287bc0c0769bbe70548d7d02e0e9def9e96fcd20bd71fd0f923f21bfa508a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 1f0b67dc9a8b7937b621ff9233ec3c2d
SHA1 ae73dc6bad5320d7da70d26157a8abb7dd57b590
SHA256 68e05ca6e19ad3cc6a8bbd1c225e219ba521425e1a2784db59b47e9bb4d5ef9d
SHA512 294b9671672b41fbf464f5605c93e07e3b8a82da8f566176d05582d31003d0a37dab894d0c2694ab23652097fb5b4c81c6bf9847ac155193ef498c50cdcd6c03

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 4b9ad6f9cb8ef4c6262c8c61e872f919
SHA1 9277174f0c2f16ef7a853bf52a1a4d26d2d6d981
SHA256 f517abe73a0e175f0c60a260324f5db174876bfaab0724652a3f84d1a1b21c54
SHA512 e7a9c00ddbca92188676d4eee9f54f40a4180fbd956c2a257f9ffa56d9078d44a3181c31f66ac922087b6a3ab35b54b0fda05905be694b9e97ab32c7cf362c5c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 4c8afa78926ff801c573f755614007bd
SHA1 018f172b65d98f1c46e7587b87d2a6a7e3f2d33e
SHA256 ded601a16a27d131658984750acf38fc386eb1eb13d55d136d8041a4dd8af254
SHA512 8c2fd356417403e660a7066bf65262b6bf6b20a5e237c9beb6bf9c363a019802c0b8f453d078fbc05dd30d851c8b98a5d0a7b63d75d7488807b10529022f022b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 a67f74c3796b2ad4991c35d28ac21cdc
SHA1 1bd71bf2d80f47bbc30ce60de74336b09ba17860
SHA256 b28017abd625f3a87c42e9ada7063fd3c49592a4ea2bd168f75fa6046f428306
SHA512 a8a1ea15ad4a29529e6965db14c0fd58bcd417ac9848a50f49bfd8e7eb7948935f47ad95db40ce1f50c39fef3249ffc21d0d52a61547d0f12bd76ac6df608d41

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 6f2ce3bbb83527f37a8982fa0904f665
SHA1 d12ebef93ceea6cccd2484b451d63e812f77472d
SHA256 c4271c2a4319056f8f7f07ad2b57b174575cb254d88646800b25721af232a300
SHA512 d6fce3bd90688b84aa8b2fbace73f5b0af5e9060c54b5b740d53bbf6998a2e4661a6271566968e925a00d3b79faca9b37e846fb31281deb2224c39deb18dc400

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 b60c7acb171ba1c264f7cfd2d4b11a0b
SHA1 e6fa8a0a6315d1d74d462f79d6a20b4efe7f97c9
SHA256 37454c7e847c648c74f42be48b3ed2e05a2c53935d964822da67a982d4702145
SHA512 730409d84c964407723c1d59f87f0b9327e83a7b5b60c84d21d1a942ff00552cc04a6fb1bb4d4abe47e68014069a7ec87afd1242936189e088cb9c147a7b4edc

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 13fd186b0e78659c23ba64b7e7142ece
SHA1 a7d516e5fa23fb25364821bed976a05b2b2cfa53
SHA256 4511b659c2113732031c2e4b6cf5ba604e785dd1385a4e86d74c87e6926e543c
SHA512 b3d932059123b1f980f426164cdabc03fa3c3e6e77d6d14ffca0e1abf46e4f3ddc691c52b173942cb916d154de08561ca1b417b4a6cffccd4fe8b071caffb6ac

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 85f3fc32689251b2607a30414f88118d
SHA1 a120097d4d37e8cab005ef63ac9a500899f2bad0
SHA256 5c714964889574021a2c148ff28d53e98c1ace60763f4bb440495ccd79afac00
SHA512 6432dbdc9767b27e9a7f60c8b19addea52f07b8bfcbd1014b52a1fdc5f01bac34aa5e488250320cbc50bde48a5353953c00e19b06623631ee7b126200cd6ab0c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5f394fed3b200f63e6b9430124b058f5
SHA1 f459d17a9ee3ed60c1ed780d38f834c9be99c270
SHA256 9eb9ee33d709a97301743b8cfce723d3900a9e80917366dca6280e11f9c0a3ff
SHA512 279309b5182ee1ec739f2f99ff0103bd7afccb35f6da56763ee0507b48a7c510602d931920ee05d4d3f58f726991d6e2d73766664310f7d80f0b6672e45cf4c5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 13f05d9d34015b41b44bb4f09c21dcc2
SHA1 4fbe58b2a69219633d5ee83ef8aa6ffbff1852ad
SHA256 3dc2e985630c738004adbcfdcc0ac00ccab02d1a6e47ce48b3cb5ae86b3632b8
SHA512 3ffed0df813fae43eb1fc602f8597883ea758af497fd635a7bd20f95510d53d23c9103fab7860e43e6ce387d1521e54f6affcd1ede3cace949a02a8d3c985199

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 3925525702aab0b4a5c422ece5718290
SHA1 1f20d2c773e252ae9e4deabc566a120ff147234f
SHA256 ac10146c000cef6b2de2f5e13a48cca58495f0c7251876c6189bc3b609b2c128
SHA512 39fb789557edc98d7e2d1509c8ef2af2f30ddd3781893007aa26404963cc4daaa622092bffd2d402eab765d1b18db7d2b8276595f36e99961a6bee4c2aab467d