Malware Analysis Report

2024-10-19 10:42

Sample ID 241006-wap7dswgkn
Target 190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118
SHA256 e5ca48b24fa821addd11a64d1e672e62a4bb5b56f4ad9116d9ee8a51da2831c9
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e5ca48b24fa821addd11a64d1e672e62a4bb5b56f4ad9116d9ee8a51da2831c9

Threat Level: Known bad

The file 190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2211) files with added filename extension

Renames multiple (2175) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 17:43

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 17:43

Reported

2024-10-06 17:45

Platform

win7-20240704-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe"

Signatures

Renames multiple (2211) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_neutral_dd07287cee791f3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_neutral_34624840c3163a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6F.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\BG_ADOBE.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15169_.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbac995d886cf4fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_srpuxsnapin.resources_31bf3856ad364e35_6.1.7601.17514_de-de_5245d157c99819ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2093f5f4d1e0f348\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de44258d81747ce2\flyout.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\43.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-mail.resources_31bf3856ad364e35_6.1.7600.16385_de-de_00ed58017fd687e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fb393f53b1512e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0d95a376735c4590\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlanpref.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bb16e0f59e5ccfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.mediacenter.sports_31bf3856ad364e35_6.1.7601.17514_none_e7db1fde0e47a515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..river-wmi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_02c952f0fb621d63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_de-de_90e2e552510bf577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_it-it_85f6ad66bd1a90cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_0844da926677dc8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ermodepnp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb5ec32f73606acf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_cdrom.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_215a88533b6cb696\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e99d09b59838d6ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28595_31bf3856ad364e35_6.1.7600.16385_none_554974e545715c34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7f7f1dbea0773732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_it-it_903f1f30e9abb911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3d768ba88496e3d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..stant-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d159b756bd047a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dhcpds_31bf3856ad364e35_6.1.7601.17514_none_1c77be6ebf25c03d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cb3073d2ecf8808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_e4e845f8dcca9f23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_57b2acb0891ad7f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6eeb10037d176959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9a8d9cf3d005048\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cfb41b171c1c79a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_b4d76dc2a0a2a6d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_11b913172f0cb26f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d275b3b482a27ab7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20420_31bf3856ad364e35_6.1.7600.16385_none_525ce6b7474ecc75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.1.7601.17514_none_de3cba55d23c9ac7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_8.0.7600.16385_es-es_e4fd476272535913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_37e3f297f894f855\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\performance.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b88732508e157123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28598_31bf3856ad364e35_6.1.7600.16385_none_552905214589b007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmnttd6.inf_31bf3856ad364e35_6.1.7600.16385_none_114b74bce3bf356e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_40be65277919565f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netloop.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4d52c352b5c38bf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_3f223e118fdfe4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.applocker_help.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c49c1f7ba28e2952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\ipdmctrl\11.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\inf\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_amdsata.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3ea4ad375858b344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_hover.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_7ec36f4d129aab09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.certmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9307421bd6b8b49d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-diskpart.resources_31bf3856ad364e35_6.1.7600.16385_de-de_277d1b6cb03cbe8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cef2e308cfaf44a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5ffd1c0faa410a61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\rss_headline_glow_floating.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LIOLPNPCITEKZMF" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open\command C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe,0" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 dbf3ded6b30bde13588a68f5d2ac717f
SHA1 ba43837d84cd13c80a18f8ed2f59be004acbb029
SHA256 1999691f3e1fafe86d14e0c2cea6ebc299a420e9fe880feb342163a9bdafe839
SHA512 a648ca50e97bbfad75ecc103330449d1cc2986b7cd229bedbf7aad5b78f3ae2cfe8478f6ee66af43da2754fcee4b41a44e7628734137066a76d9511fa7236c23

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e4540bb0021999891f9b000dd2cb29c7
SHA1 b8076729b7338e626d8a6f00c4d1c22aeb34e4fe
SHA256 649aadea885947cd66b59619da969b05632aee426965b54def6d33854e7c74e6
SHA512 bb140d5a5382dc710f52ff25f5a86252064426f93fb830b7d2510702ee4843fb8929c3e0a537a84fab66029e1b2910653e3f524afa9e7eb9d3fb4f0c64168449

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 8ddb9fa07cd93b0d2fdd5aec24cd9218
SHA1 a0f0414079b9d15669d6376edbefc9b4abf9e881
SHA256 61e45a25335b2b2fa61fee8f2d978264b15b20d1c79912a1bead1f56fdfe0101
SHA512 376f7832b091d8d9014b73c25dd7e7203928d5f022aede643cafa896b963f34423e71fdd9bebe6e901db45fa43630b59ec6abac676459419ade6746e5710c4f7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 c5a9a5a56e17555b7cc3541f59cca886
SHA1 e8f16d6b620ff9e0f17aece5d6166966e8ff2a57
SHA256 719668e65491b04712937913d552200fe6a9c8a087e406512e10b36d5a749759
SHA512 4c817311220cdedea05d5340ad831d82a400e3f1e6cb0fc01fea710d17aa47152ccb0fd8547e1df34336b59df72a9c3a0034f422b09faab2829ef366db1bcb55

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 481ebb38ec5409dd696ea0017ed1deaa
SHA1 7062b479f13838518d8f8795c3ebfc8765acc78c
SHA256 42c84dee558c2b3ba3a101955b9341453f48366b14fc34d76fccd02cbffbd09f
SHA512 48c99257f4dd0c66645099c98007f620922c7152c46aa4014b8ba1328c87df790b2f100142db00d7bf67701b4a05839f082a06883cc44a649ac6b2dd9005e8e2

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 21d8a8dda10ecf56c5e42c42b2025c43
SHA1 d966814bc9b40c6e8d7a0ab299a8fc795eae5bbd
SHA256 10b1054249548ef6757fac7311a2fc0d7f7ea5de16d1facc17171bd762723cee
SHA512 ee437ba13fa9a888f44aa7e4158f4deb1107948d72a537fb7c60d659d1ced5e4b7cf704972898557e48be6d457db2d1501a9e90838b573e7f771e41818635d9e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 cf1068cb75d17c65bbd01bfdc5a24ce3
SHA1 fcdddf8a6e0003adea8c0a7c903e4faa81241c87
SHA256 f714df26f64889655ef611764e5b1fcf7eceb6c60aca826465a6ebb8d0b5b0a0
SHA512 9a46d325f93235998426a413ddc1e4e3beba48cd7774d4aa5a1bbe1c7c8057c648bb0bb74994fb94ee5bbaeeff67370bb19076661d2d7114fcfaaf3ea782bd63

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 b3c8eaf93dc62616aab426947251fb8c
SHA1 dcb3290bc535088f9d60d6db99f826673bbc3d6e
SHA256 ea6d315b1636ae01416cc6fccf95e4059fc7bed19e0c6eaac8c646c2870ccd72
SHA512 71d7425cc952d2307a5fe8b14dcebdd54f8476d6d5577b311b2245470065de6e3ee5e30fae70b7695249d55ad55659fb620a2e7619b7e639fdd7c134f90c44b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 c310c7f7767b18176e7b792f95784ebc
SHA1 6db6c1f2975d3bd101939ca0660a67c6f85b9059
SHA256 f7d4066869198458dba89593763373879dff8faeae96e90cc6a66865b8376327
SHA512 a1aa1dda8944f35203e59c6821e71a81b54a00383284e93fa9119de1bd172fc8a4b89d53ea198c2565abf8ec9663d36d8d3ac16d1a52f8fca1a2edb8e2847721

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 c68606f5a72d41f7cb3b1b763ceb86b8
SHA1 ad4185891408c29cb4e85b970a24665f22137932
SHA256 9385101d4f117c9a7eff25a2f24e738cacb9684bc051e07054355aad5d20848d
SHA512 31e2d93e032422d6da516605261724c68c4c234ab45731f0d10d0b21e9c463e2160e981e3d6340e8c1a7b717f94c85f1b0ade117029d1c756478deaa1439add7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 19347b2a2302e8fe5b734106e063cc73
SHA1 bca32ac053466877c025c647e579203a17f2cc6c
SHA256 9a1a91f98dc3d9f18d353c387e2a186f339647d0223f1bf7f80461535e591d28
SHA512 db0f7f4c23fd503dee5e224377636df71b64f546d4edabbe911d1727a7559ebdaab84e23c35cfe6dcc71722b6f7d1cf04a30cbd917d78c1e198c9b413571c065

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 4717d579df9f3876c3b6ec338fff0a85
SHA1 9794605bda35dff427fa65d009880eb302d91409
SHA256 e6f3ba6e6a493c57c7e44cff0acec43c0471eaf269cac6b78fc32b60e95410b2
SHA512 1933c23d05047964568ee2e1fd38ee5d2b826e3fb4c046d01562ae1f1cf9d47a73be5319fc5064dbb254e1d606af9fd474ef4e569ea9b4a844fef14b31e7d5d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 d3c6757ae9d68e6726cf6177bdc68d53
SHA1 752223053b96d5e4f5a8d2213f92a67599aa0921
SHA256 12dc1cdd50eb5c85555abfd60ac19915c3b4243b1f3c088c41fdc0f8da87f05b
SHA512 4dde827b8e5dde16d13b34953afd3f6bb8c6dc676d4b43b3493e6dfb334a1d4f3b8c8b5951398cc217ddddc8fa1ca18f2b4202d761f0f3bb50d3f333ca6384ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 208ff8edb539c946f265f637d984ad42
SHA1 1c3397f8e1a556e19fecf23d1afc93c1b816a680
SHA256 7185e2a7546257d50621ecdc632d07f2428e01a8473973e6145796f327f3ab72
SHA512 794c2d28332cc7423bcd38dd13d1402a1efc66bdc72a2c06ec104b67b445b116005b1b8252d47b6bea44343195191fa0b8e7401155c8775ef120fb353549cabe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 132d35abe30edd187468ce627e0cb0fd
SHA1 05603ff1e96ac0e27cd8fef25af5cad790e576dc
SHA256 6898614db7d88cf226e77d8db08b29dd3039427d174902bbe35d82d6ba25e7b3
SHA512 ac46b1d92c804782e519a7ca48a8c59b146df95806b49afa51c3219852dd45e4041fd06f0941a0095ca70a3b14522c0e03f9e6a166b132091a863b8492db1b50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 80ff55caac2f824a45c43eec1812943e
SHA1 4626de060cc01dfcabd0789427ea5f9c323510cc
SHA256 cbae4dd50fc1a9e4fc87f8dd3b6016bfad7a88a624aa5b00b656248b3fe4bfea
SHA512 a10569121344ee315a4026b7eae0ede553fec68529aadc9b0f864a8d39f97dada61e373d2751332c01a8f92c000e8b35e777f1ab667ef8834a21b48552818dd6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8314af45f96e2e6222690fb1a0adefb7
SHA1 6dbaff81859c988f2fce1863945327a884052dbf
SHA256 44b212c8e374cc401703ebd76fe8086d80c5bd9f566b163722923176ec36da10
SHA512 71f0c066667ccb6d1d0461819ef47681b8efa532c3e701bbdb1b52c69b2e675fb6e8dc45a4042f891e3d3d3e83bb563c421a33ccbaaa092257935b7d1883ff0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b202846c63ad1fb749e07effa56e7ce5
SHA1 ba546fac8eb269d9f5b095d0c0f141fe26d8a8bb
SHA256 e48d6f601109f1e9049d0dcad386ef4ec0ebdaff0c1df14991ff88025a6d2fd7
SHA512 ec2307475ce3a5c1337a27fb57a29487a4a961d6e201bb968c504eea3775f6559d014bd136e95befff704f83467c279f0b1fb107a8976fa932e6bf559012962f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 8e632006dfe404ea6e569386ad3a999d
SHA1 a2af194d6f9f0d7b7abbb3016bf7aa43f9e2407d
SHA256 41560cddaa29e62c60cd8c8b3ee1b2059aa8a5fa1fe95e07f398c06590fd34a1
SHA512 a332f67c3526213214a7240d5d7f7da77586dcb1861f62a0a5a48e64eeaab941b66dced0e9b608d4499e4dad5f08a8b4aee23283d8c893b83d8f991a1588c115

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 0914e02313af4bb34f104a949f63c6bc
SHA1 cb6e2e3f5d82d111ea99fea5ae0bd9d5ef593062
SHA256 adf78a0fee74c1f0ec8a677946d45a18b74441904e552031fe88b45dacfd6c73
SHA512 4c42ff9b51aff8be38ab830d492a5bfb9923afc6dfbaa2eca33deabd9793e89b6db020a26589929aae40e96519bb400a74cf19b90f2629f9bc19b639fc6334c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c70689e1d9fb78bda00399c753282efc
SHA1 d97233ec95fb25c212ec8fa5ff5d52082aedf8f6
SHA256 5a34e24e1c701dbd9a060f4683fc032c87c20b51ba68cbf586aff828a7e99a70
SHA512 bc5cf6c2274988b5b54251e82f5f76f6564d76d716bc037e63ba09b015762f9f8b046cd11afff11be7f9f92b0642e49c93064754880580b07d53d56d9a584cee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 1611f5adbe35886eae96b34b1974ae10
SHA1 1090d73ebd7e0d6b951999c5484531b579fbc6bf
SHA256 74e77e80b67d514867f5027ad35fbd26f0a2e5f380bee0c5506e66ebf37219a8
SHA512 25c187ebe04a0b66c4a6205744e9508856a5cb4e5c3d530555144d26eadf7b31f15cbdf86c7d0d096df7284899d8d55c4044ff83168917e03564d935024b701b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 0e00dc0fef70cb953f11d35b6c95902f
SHA1 e137d33e5c87627572e2751370e709f71ea6b49f
SHA256 68f87d3f004e5612ad2f00459e775c20a8654c392cb3b2967c63bf286ffeeb7f
SHA512 90c8a0c505affee68ce30d21e2626e2624bd5ce37fbff33aedea270c0dc3490daaf3af0e51e8b36cc0d128fabadcf6bbe3d854531b4a4ab19614382ddb8652ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4550e37a62a16494503f4f0b0f40fb84
SHA1 4cb1b7a2fecad0eed0625ebd11b5a66b4087611e
SHA256 47001995556b9899b41870db8411b7919c4dee43c15d0dcf3db6f0edb8979ecb
SHA512 df762d91f83bb1b2e83971afca53f8f7b0e055897ddf0436d26e517e417778e331d8c83cc7c2e747f9618474f36bfb515f4111e1df94374ebcccea42a876716e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9122443d3ac1509bdee3ef0fd0ae2416
SHA1 9902df4a95213099b2b1c8609675eb9c9b9d65a0
SHA256 9550387068fde2236b4a8c140c438a4a1ea443bfa890ca9be592e26e9fbce596
SHA512 f608988121a2d87269d0ddad65dceea3d517ae7390ccf82685d7f11bb05078039ea6f91152d2ac56ba6ff6595fc85ca883384386c96bf777ea048e517a5cb070

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 5cce0c9bca79ccadc62b786912731b14
SHA1 b0c3b376ffb5e7e2c461d3d89b188765a6787bce
SHA256 19093fcc48678ab892bf332d64905b6e5928bc22d2b0035f1fea3015e29a4a43
SHA512 8af9f5f24629352d44f46d12733762ac57144abf9d03bdcc6280d09956b1ab6d827c69ff5a647d0759cd01732228c10178c75d5f78be2ac053b95e39cdea9fee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 ac45470963a35f7c9e7fc0c0d12e62ec
SHA1 6e8eb903a0a9ae29bcd51ebd9b088d36a6ebe8bf
SHA256 7091bbfc1f15d019ec9bb36303361f212e37f1f43482c70ea475b5215346236c
SHA512 02790d454962ee77019896f7bd8558063a1f717e4f100030eff334ec2424bbf3042661e6f9301c3de9a25bce9f5c9dc2f09015d924496ad30e85d09f8c60df3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 bd75707c290327b1adbb73fb3fc0f606
SHA1 21d5f43245888535f6eef8325ffe531d25609d9b
SHA256 c28c7c36410a917c2b253b795b1f66504940744990e7ed7c351a58426ef6035a
SHA512 f43f00ea8ca1af714c8174d9b13bb08607c430c886bb845cd6ccf7e7e147ebdbf5ffbba2b83d70465904e904e69d0da04050fa419719787fa5fa93058f6dcf65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 55acb62bcb3310059aceae984a3c4c37
SHA1 ff6fdb962989c9b6eac07c314e3a4a9e1fc84ece
SHA256 dc8d628b3cc8de6140c05cbac7526547c08b54c52c39bf8899175de5ab847979
SHA512 3dc81714ce16bbc5ccc5d4ef5e268705b17924e5f8e8a5a94a57eb9d676ddd68d9f9bec2a1d6131b21d7d4d2348255e247db6e22d50e9a52741a5fae872c4eb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 cef5640c5b42a81ad860be5bb48e73f2
SHA1 569c3b11e5deddf34dc78ecadd4acd0ffbe49e24
SHA256 28a2a35709edeecf668e6800312e2e08d47c82a1a2d424c8e728c1c76c44c513
SHA512 964a7bb646d8772c1d5651d6d05b2fd55254a288671c877c2532af713a0c3e065466e5a8c706017f014d16cf31d00143730a85aeb42ea888e150cf67da5be46c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 9ca1949f9501dbb0fe0063a564e454c5
SHA1 da1a8c0e91e7f21e0b0a874c43b6f101da15347e
SHA256 11a6d815c3a1c0a0c687dab1ac3b94a788af35bc54b3a8558c686bf35641fda4
SHA512 b96b62d12f4560e789009ef721d677340604ce12d8f07e85ff4cee8bb9c9e53c05303bdcb01b5d3e620767c434340ba2f8b90f663c606b986991bf396e59849d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 4de5ae87dd83f23b7489da5c2447e576
SHA1 ded4359faf1e3984b707683e480f9b988c52ced8
SHA256 122c78903b3fa757c0d3b2890ca894626a10a3326eb9e743b2636906fb1591fe
SHA512 fd76125f96e530b889c06758e5af63f1f3e53257c3d0264b88eae4d6b4bc6e7b65b36e154d9000b49bca68ded04ef23688a33f65bca274407411f2dfe468179e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 89317069a9a30967ef03b5fa0800901c
SHA1 a0b53613495ff1a1d104147b526e72d29c8fa420
SHA256 55bf18adbba7db1e9bb1d725352ee100d5c884bbf65e7e7b2f14b66ae1eaa4b0
SHA512 b8758f6d177e0c04360f8d3eb285955fb6e311b2a5d4fb1894c7829c0818f61f0ec25e604385545014c01e54db186062a83b1b009a8958f27cdb9cce2fcf4dd1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 3e8c3addd5bebe7b8dae176edee55d53
SHA1 f8791f1d0a600a550d07e21b25e1839427684e75
SHA256 d4900f4361ff572f34a7bf065719d0d227ee011406a4736d92e09667cbf7dee5
SHA512 f04990ee1273d818ca29b6bb1db967f519818ceea4ea773e73e28319718a6f405a81f39b1c1de9cc27d438daf100e4bada107857aa6c09d2d979f18ce2589fa8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 884ba671c252d4b6cc0009e76c7d257e
SHA1 3f363327d4999471784d62cd23b494fed29fe18f
SHA256 740f203fc14c3586e91623f34e6484f5db688e1846ea9f808dc0acd8cc051047
SHA512 d5a5e272c916ab050e4c242b745e3082a344646a19d3d7b782c8d8a770dab58a2fc4f59bb3da94a2af46af9de4e8260e7df2a28742fc627a33c1d0477a4a773f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 18f48bc3b40895c6c24af5669d350e11
SHA1 beea7535326b0d79e853e5c2f87c7589db825b79
SHA256 879cfd78b30ad0bcd9d5113d6ed14a9b189689b23680a0d578336000f9c45587
SHA512 e301b19472fee9c49ec20a218b4b4fbd8c5620e12caa8b951b80f43b0dda9d25820e804726a6216e0ddf387e5a79d8ba2af1b4d93e5c58cd813e8152cb6f88e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4de2ab6258b27ba97491c347aa8ba252
SHA1 831ac2bf1e9f7e4c1ffd50fb1199e889534521d6
SHA256 7b5bc0b173a13959bf8ac46eb861058fed75ac4397c3ab58dcfd4fd7d2e84fe1
SHA512 b502c886e74a702cff967c417a343b4f819b89f15e8345877e14237d70daa14255c8fbc2f2e5f8bf507c2528965d0906d9fd7f7db32eb169b915f7eeb8e8f805

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 e102c8385024115d53bcec542b2425bd
SHA1 0f5d5b31334f1f0e8635020619f3b17cec964d70
SHA256 b6f452d33cdddfba861b34b3488bfcec9fe8c5f6f89ef4b6dc30a707696b87f3
SHA512 3f813d165d10589e5b34e74d966f7412b107011791618f25d6d23f43466a3372405bf14053931daab560689f921c286f27946dba1eea0cc2a9024b3c559bae3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 2469cdcbb1e3ba3e0a2e657e1c2b872d
SHA1 c35f812b6681bff78ab6cdc67572b1fc887c332e
SHA256 cd7f306cfc217d6f63e830e968e59e44115e14c9d8aa956ac9a7befe247f196a
SHA512 365ad71d571357f3908dc0e7df79211f450b3ca1a0280d5429f378b6a1e23bc4007e91ca79260d9cdbb9ae655f4963521ef2e74bce77565453c6a56f7061c2a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 c0e6c3545ea6576a1825b1d0c09b9c2f
SHA1 9cf4ec0fc1872568ca327c423956317e25c579b9
SHA256 3f8a162e5067feee9f967cf0bb38442a0bf38484ffa1b58782263d7def583d64
SHA512 5681eb35652af9162aa2df31122ba1991a711d46557da53e00dbb571e348fb68d47d77bb53b1d0511799fa94b521239a69e48788a952385d96f55a450c7eb56a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 e931b0e6c1b9a78de8de7de96ba884b8
SHA1 0b6f2da1ca966b663d188e621b0eea041924128b
SHA256 9e49bb57e6fb42e1a582f63aa2fd16f6216d4309e57496430af27bf08d1d7777
SHA512 d6fd2929d623e24ce2499b3ed01182642bc553753ac05d57fcdd21eb14fe5389eee971d922ba420adc67f4dee4b1da2b4248d2991e6dc259898f9b90ba025f5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 7f251a0409d7c41af7bc6ec35858cd90
SHA1 f433d4b68b8dea1e38026c953a420ef855dd72cc
SHA256 9dc8e1d9809bbd327e450a0c16b659d1e67b4bffd7fb3b1565c0e9ad620fe003
SHA512 7da162fa0032550b934901495fe244197d61280275f9f314a87ce359386d9aca0f53d2a3d63efd46ea532268116d4589494d9f1a33cf1e5b364d12224aa0da6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 a687b56d5980a2d01e6ee3b784a4f04a
SHA1 cfffe1a700f341536426f094ac3afb394ce0cc8d
SHA256 c8e5f635b4a2d7927684055bcba1061466a5c50b85f52307a04624262b19e457
SHA512 901b0a2c2b90636d9ef7c7ef1a7e173d1380c5ae16c66bc16d821d76631d16021fda169c0a654fc10763455f8d76b08a641e36a36ce7e09b350630b0ba961a10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 e7d980adc95bb1ca6b48d8513e84d27c
SHA1 51e1309227d9cb8f4977ec7898766529835e8b70
SHA256 80b6eca35026ce71de1168adf89bdd98cd73024e8758a9ef45fa7d9e4b538398
SHA512 8731dccd3055f46440900edefbf385250c8c2930d140ba46dd8127c549d5e28f313c0a93cc90e9439caae48a43e848e7ecbad3e22f3e968181a4dec038d65ad6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 f386e17e1f24303da1619890782275be
SHA1 9b1223f61578ce63050024a79a0facdde867035c
SHA256 a28ba480fad1eb9ce09711ae76a8f87c283c88b2cdf0785f6468b60cd4a38b7a
SHA512 d18889f94d413a459637216a99424e65492d2169e2c136542734133da3b62159e75a6d55f2134fe37323e43ca5fdd50b891f9a12c0646af8b864b83ba7995fb7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a07a40a554876f2b6bb1bbcea2d523aa
SHA1 1b7f1d2a8bfaad7e266e2fde6b498ba52b39e7f6
SHA256 37e103679960486617e91db75e1dbf4992cb2b26c17c10c15b20b4fa31d63028
SHA512 31679616fd6e687ffd7f0517e4a5aea0d0b33db4eb4da3e4405d6cef880d17aeec4e023d0d60cbecd90761f0200682fa21baa1bddc2a28a8c8024672a22fa5a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 066e5f6acdad8db0b6ba3eabbcd33fad
SHA1 e64a1c5b2219ff618fa8ce17672336aebf6501c2
SHA256 8e233e937eba23590d51645125f8f84f7e12c39a78b30c0d5355aa2e9e85527b
SHA512 111a0b6aca93ed199ef82eaf40868902594145620591a5a00fdbc3e1de22e1ff6804a97f143384fc7fd8dd2ef1341553453050982aff705c3022bb12bec88fc4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 05bc63194175cadeabde6c72ee07301f
SHA1 9347507804718d3741d6d1e479d097aa4bdb0bf8
SHA256 c54c6ba78d5f87dac23b460fa7ffd898d7955f45a3035c8e95a7cc3ea221f2e8
SHA512 26ba4c230f41db351faf9292050678bb2fb767ea0f77356ad59f6d91e6cc716f0007430d1d392b24b4c0e5789010aa51a12dda6bfa824abc3ba6dfed93cdb9a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 a6fca84947068e834612ccbf320c179a
SHA1 f5e979862b1606313a2cd6dfdafae6fd5fb76806
SHA256 dbca4b32ab3456d4326ad766444bd972b904c2591bfc14931398667a51a668f1
SHA512 c7375d3c3333dda24d592edad39d305e7b597675bf942ddce10a0caf022f9181a6fdb1c3efa997083d3f974467aaaa3b5f88e814c1286432cc927c512586cc64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 4033c27ec002fb889e16b8704e147ceb
SHA1 b75cdbf6096894594b1339e7552aec803a92b1ba
SHA256 bb1e7ca0feca14415be0c5726ccff12f694808a8fe901d5c8d84970a5e8738b4
SHA512 c8703281fd3e25776d79a6f4bc06b830151da0cd9d96dd272af7b30c7e39f19b5936caa3d03128745ee46f64fca911a87050d3b449e8984c9ad93a0bce2c3fd6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 870c5bb2d0f3463272ccd735cebd31d0
SHA1 b14ed16440497de601b209fa6d13352b9b96808b
SHA256 1a6023a18d06b16b10fee86ec64d381a90acf49216928cc953cb2d2139fa7988
SHA512 0ef79399719d3509782787f4b7a927aa76985697ab05b3ff170d67defbc5ef3d0315c55e3b25bde78ff64771dfb474cae76ade5d829605cb606c5d4034f5ccaa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 db69d5c34185ca5add114f4ebb5ccf47
SHA1 3a1a4b3a68e0b6b0407c0c7403df63094258f906
SHA256 7446c63145b4d412f4503b4afca486ba7ff2ec63125671cf25d2eb4e72e22f8d
SHA512 5df395d45eae3a114c0da761f416f68db94163e1acfe003e867b04bc58e6f156a0248bb73413d0d50b8008de4e4e8be871c3a42bbf304df45ef3d29028c8b9f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 631b4653d4a82926095de803f93c15dc
SHA1 d2ece15574b57d4bf3017ad7ad2ba8a337241086
SHA256 c9ec27d4e2db2cccec1303ee0b9a994b148fc852826f0be36eebb492262eac00
SHA512 3cc1693de437a71d6aeba76f0cde2804fee7b4e142a8a67f743d512f2a1fe9adcf3f20bae270c43b8cce8310f8490ec452bc8a3d578f90dcc87d4572f5034801

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 f42cd6fe3402c2d9f94b73fe373ea311
SHA1 2f3f4398e5a19b080e122ad68d8a09e952dd256b
SHA256 e1ab62b7e502b946ff468adb83b5a5224c3697479fedeaa5869349e6d6eff95b
SHA512 4b22f2b35ff9596db913d73e9913255f9e867ba89c79c74de3e299175afa5e7be3087490514202a64f8f271c726ea337511b1c7c2c9aa35500de0c77de08ed5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 b08e097d0bd225cdbe2945b7c99493b9
SHA1 b785e3b0741a9744784adcf5bfffec8435c68e87
SHA256 99c6fcef3ecfed9fa12eae4d48222266768179b263832803bc2ad7be342c0595
SHA512 6c65598a8e1528c59ff70e2a43a5021dca851b83bca4bb2b802098fcaffbf5c6bf82f1e093aebe5cd98e7b18948b07df98d9f888c1532c65007c909e305687f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 3c9b86c21a69e531eff0398b97aa0f84
SHA1 eb70ea8e07ecba92672f141fe8705f8481f6768e
SHA256 8a7a5f631da653f765a0485570d70a4bb08125cf70bcd9bcc2a59ca394b9475c
SHA512 c8173f71e8f6ce9d99940ba6b2a569398790ae6a98ea62f3df10aa1d0da7987e1a944959166e9bbf2ec2dffd42b73c09d6021a4b3d94d23c06b36a8bf2583f52

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 d8b46abf973b67f2be6a422ce759e596
SHA1 99e5c2e0f83fe567a21d9639a752e7f11090ac93
SHA256 5e262b8131b899aebe15ae38fb26a5594cb7591a9c008a530b489854ae11be16
SHA512 510280557f4e86e4d5e2b7b7f3dd60919c58b473dbe69bbd3953543acd9840d2e023b42a3e5225ac4b707c9c5d3c106b62efd284484c2a53300ea471ed38181b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a0f30839f73f4401b9c1ad1d8c97b983
SHA1 42a85684b561c4b11a2a9a228546f11f7b55e80d
SHA256 239637299bdc2aebea1c6ee39dce7495c9c8825c8dee3d3850804ed83224785f
SHA512 c4bb57654cc1cef3a93f4e5771ca3ae406eff82c93fd3293a583c39dd9989548684cf74ba5b0abb308f4e23f52fb18e727a12b1437c7fa00d527b74fd62cd687

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4d89c404f424b882f058bc1325b5aaf9
SHA1 eadd46cc3b74103548546de3b03a33c2b167ffa7
SHA256 1fca643c813c643fefb99a969aa64f8e6bd2388748b49240040436d68d54a0f5
SHA512 f75c73da3d2b838ba0b8ebe702b9a8c7687ccc365f671d1892b94b2931933312507cabfac040a14cc66c3d94944925318645f9149e7ed59578760312fbe4c856

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 400b2389d9f78d5f888089b315600952
SHA1 5aad55ff9e28d3a857aad90d09631a9127e161e9
SHA256 c257b637629707cc7cada67e34012d33c8a2b3547c77fbce5e387a9935536ffd
SHA512 2c1162e9d6fef408fef9c5e9b0fa0186dc1f66479949fb9ebb2b3c027dc88c11bf9ace7ac1f1042503f9013aeefcad527624178ef5c7f2c64c3385cf7be610d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 1d8f92372f120802867e89f405200119
SHA1 204f1c6ab20f92884817fe0e3920b2e99c75e223
SHA256 f4932cba51c3f9939f33fb9ce2d5caade3c2d6a587b421d301a6fe9bc0028506
SHA512 ded4a2c579d8aed9d07cefd326bfd859eb1459438133d96a7621e705cf5b97f34dc965424c3fe6e98380ba63b791ed608b5f4cc9dc6c0d6639795b0edd03beef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0930139476df5677e44598d586530ab8
SHA1 8b39f605382659348f595c2cd5015e9bd843a43e
SHA256 6c47d5438cd8edf012a60e8caa193cfb5fc61e84aa7f20996bfdfaedb4c9ae6f
SHA512 893b512ce574af54959a90c34ec2044eac31d8016cfca1db8ffd5136154fd5d954ca42488d37572673d4268c099afb6105ff0c32265d486956f5cd3d28d00d0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 7240c6dbe1a3d0eb93394c748dc7d057
SHA1 77505eb8de7f690831f7540363ef50ae78a0129e
SHA256 0b589cdd7090474712211e2162bc30ccdad85663e646c69611d218b1ac0c62e8
SHA512 f0b81aed6aeba800e08058ce54d93ca7970942df0498a6703c5d6d6e04a481ce1c430a7f1a136abc6dc9d0783170e5418cf05dbf953449a0f45b3f6262e9ecb9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 6892f0c757c376ee0227652a348c68a1
SHA1 61b68ffb74f5fc52a34f1fcd925a778ca8db65aa
SHA256 48268132b72be6fc06aac731c782d98e815012df0520b8bafea153b8e1a75149
SHA512 72013068dcb0995b0cc927e0a17fe3619402c72ba65fdcbfb82dfaccc4a043dbe91c1bf4978c3543b809d8750a396005b321740b1325a6f515676781b49c7227

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 740a90426c21d4701a8449ff33851d6a
SHA1 f5fed05717917c26b1d237489b7cdd51a18a36c3
SHA256 83f2befe52164c2390089aded60ced729ed2a976ac10c7c19095a382a2dfe26f
SHA512 d8a33f3888547e67959ee9cc454451b89840054031a9c897ebf04424aad88429b71a51b7f042753577609b2ec3dd7470eb706b8a678bd8835a83b76e73a164cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 fdf84779ec79479407ba360815b590ac
SHA1 a5dffe14dda894412d9ec2a5966486e1c667de1d
SHA256 51161a40831b3c2d63f1942677f69b93bb689a511510d1fc16cbba01ea60e415
SHA512 c602f9c05022ae810b1a644e6ffbb14bc0d05cd462800ccd1b512c70e6a5bca2e4b5f54d666b1341e7ed12fc8ec047d5f977daa0440dde58b23fe4a8ce779cc8

C:\Users\Admin\Documents\InvokeUnprotect.xlsx

MD5 4a0ad665bf72a11a2c0bf505dd3b3e2b
SHA1 b0d1b67c26e688b44e8bc1f3e3490cacac29ab85
SHA256 42af645c1e1638d25cccb1185b2c2b682712db811b9f1b8e76f497af57ce7211
SHA512 19a0f98cbf6448fb0c9c17f58d4933c4826cc03a14ef3c71a5ce7bd50eca18e69ebbbd59b1a80082934631c3ee005a1b237dd30ae323edd0c331f45f43dbf7b2

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 eb083270e62609cb84c1b542d6bcb429
SHA1 a030a269f9ecfd8430f1ad4502c99019f76df336
SHA256 61d8fe8c4445c4e7ced431aff9c9801585658bdfd3faf841bf6cd8552fb34a7d
SHA512 01660aba02b71412b1426c678f3f60df9a77cdefcc606df350dc38a2042754f70da52f5fab98298328585c97af1c00050f8f63bd75c61b59df058eea9e5a3652

C:\vcredist2010_x86.log.html

MD5 6bd4d3fcc9614f5042d128765798e45a
SHA1 b33925130a795d9c52768f32e1ccad659e114fc3
SHA256 a28acb3ccf4331b9bf4cf7c5cf062c62ca79b94304cb98b917b4ec67baa59639
SHA512 8c54fcf70c94c031d830474e905ca57f32851899405e86212544a8e8645f202aea2c7c31601cea9805b324cef832beb5e80a1258cbda868aed4e6f90a9648178

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 a5a992f7b3414999c1be60c59f7f9486
SHA1 1d3ce99ac047cffb3fefb1e31f69cd4e2d9c5c4a
SHA256 c8c744c9b8f6e7d68c9057cab37ff0f7819d9882531cd9b1fab5756bb2934f73
SHA512 3a18a405f9dbc94bd57d799ebbaf409523ccd16b83118e607fe95e46f9f37035102845e40e2c1a66fac4229ebf55947d385e82303ac35107e2a0301ab1ae6a0e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 343c55e2349e709de4795c210d9c5caf
SHA1 21bb5da9e3868692285cc8981edd66c906934b5e
SHA256 7141c0cbf2ef1f344c3b3d97875b8c900c02c662b2525367b79fd7072bacf91c
SHA512 b797d8d5bc441d07aae1400f2035796e3da5f8346a4f5bd0865c29838082966f4af1efbe925f6efbc25d3d8938c990837e77a3a1668be28e7c52cd991906ed80

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 7a5574706804dac0dc7aa67166045994
SHA1 9fb18504b989c2bb339515893cf7e08ccc4dd30a
SHA256 983ed68703f66cd6ab5a5bff72d2cec5bd11be4bc28d9a00b502d8b6261819f6
SHA512 ef3393f0b1ba943ac1e8bc9b1363aa6748c204239e55fec03a6f4041ed2cc184af06851956975d9fda68eda9bc7d382e9b781700d294dee23acc0695da98b071

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4b99a877d43c2c42ddc68568d56c0b09
SHA1 3fd8a6e43a640abebffcf7682db0aa11d026dbf7
SHA256 dc49c22112b3a6db935acf53d00aae7ddbc291bea66298625fa8ef2e5b104e16
SHA512 696f7a0b332e49d92312e60c1a94f32ce0f21faf99e73e5e59f324004c8e4b8eb6ae9529a329b3d755dabd5729d4bf3da40d60aecc838413e366c3d69eb00967

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 31c667d5bf0501acfb2899e7aa2f0f70
SHA1 81e146c44b3bfbea8389d01acdcef22a8721cb3d
SHA256 afb52c4fc382b004f11532a54eb747f71988985392c5cef3f4412b6dedc7b21a
SHA512 bba842f0c926efa83a71c7542676ec55211cd78470800778dec05bcc74e315214bcee82ea8837dead4fbfe7fd018b317c1441f5f98b8bd38f0482be70d80244d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 f53f1e363bc57142a7f87c109ee99050
SHA1 67bef5b25efd27090a2e9e3eff2e81144d41cf79
SHA256 0e60d5935dd9f07550e05f6c43970cbb1d0bc8e7d6da32f6fd40518eeefa69d0
SHA512 26569f9681cb2a212873ab808884fe1554ff1b37698aa2c682a2e45d6943825ca7b1afbe08532810e8039d5cea91e921a0bae911582b37162189b5d909bc9647

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 6b3c4eb937ef757b33ea87075d2f47c2
SHA1 ff8bc3388c8f3dcc681056f48c574e9fa7cef5b6
SHA256 e8fb2104ec333b65ae6423b0f42118436f6ce583269e0fa29986c6cc08250876
SHA512 f246714ef61187ced6c84c9eae4868d544c399b8157db3f32472056c6024e579adc356945cb86e1d98306893c21ede2c5995ca6e971c56f6869a85e46421832d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 caa26e00d126a0db9631abaef7abfbc5
SHA1 0f9a16da8d1efa554d038a6d578878b457201a42
SHA256 05dfa943edb20f5e1a4381845eef239d736db66d31ba92097047471ec74d7ede
SHA512 27332145d03836efb99888941b499dad50016e7cb5bcc285526970d848ad27fe7de398b53e5787b0ee70a0798d5236e13b4e217febf5d1fb328e9d9a892b0275

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 309f989aa845850dd1e99890c05704a5
SHA1 6cdcf2683518e9119bf2b6000d85f2ee1a6b8000
SHA256 1265165239ebb25fdba52ede5df7d98a174a160bbc4112ef287e8da278d1f049
SHA512 2e0133d263477ea69f2336a49e6a8fedde10d2e15a363cefa958afb26ef3e823d617ba7e368882bed8951b550e93cf459398537be1446c81a1187c3d66466674

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 817eb55e6b13ced0939d56268036706f
SHA1 d9e52c6af71ed4573af016189d7624f66db4438b
SHA256 fabda69505ec979799a646592b437779de3fb9dd6740c58351b45900291809ee
SHA512 c562aee47bb12afdf7b6bf0b84a463cb5e7c471e3613ac70f1d1036fc835c7c3c0fcc7f7c603edd88d0e83551db26a3120789313f587cc21cc7a04c6a0fec1a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 87272acda324b1ff670ccb939c330392
SHA1 6a7c506c22a2d79e212715e51ff8e86efb15083d
SHA256 dd556f56bd04b00388f82690f10d87e939243c0528da741d574cd7152451dfbc
SHA512 737846f9a955dbc4d4fac90300306314af7806ef8155b6ac0537ef974f012029477a9ed7a789559a03b367dc36e80355d2e9982ffa12143cdf9d1e01c46f0cd5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ba336e0745452747581bbf3d4a2438b3
SHA1 58c2a9a4888d8258fede8373212cd0624435b745
SHA256 b952ab91702224b1e7fa060eb26649ff808cca931aefe4b69e89fd186e125782
SHA512 377fb814a2cadb12df284e12e9cae8f159a282539fe9e5fcb30a5dbfc71037fcde32d25e9fa8feef22c9b6e7156a96bc948a24b4936bd54963980b0dd901bd66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ed1353f8ab63188a794c39fd8d9941e3
SHA1 b2a2bf17cf19f519e80195f8ee3670284527f02f
SHA256 30e67ed8c10b253209058426266a7bdd94123ad04181102de79a224e61a48862
SHA512 32c4dea9d3cb1e7dfc5825316bb1ce1fd582838f9433200d43b08941cf562246273e529e69178440ae7efa766ab13d975f43789a3e4ddbd23c9dd415dfdc4da9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0ab083ee570a828f344fcc2b5e18a6d5
SHA1 95b09c91b07ac1c648a3092d49f8815432ee99f8
SHA256 c488d43aff60dfe6a4bdfa421e34405024a8712ea4957da80818e3fea8e4f975
SHA512 4e3a5ec15f61e4462c42e4070f240119e0a0ba04cecccf7f97d640d8d403b483b321d454270adc44caa1cdc7d0bed06e975d81822f69ad9ba27c2697f3d00aa0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 edaa4a897ed6f289af966e0b1c6e69fd
SHA1 86f001467d4febede26244b2299c74d36c6ab806
SHA256 1a6a1085d66b30991a65dcba90d69e08de6ffc4d6b89dbd54090b08949301c54
SHA512 a210ead15e51706337ff56906c26d93f4f9248514614c16fbc8ac26355ca30ebcef846933225b732f7cf232dec0c8054e50d776d9a4eb7e9ab2a7e64075caeee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1d61dcde05b2e5ee9abd4088e3acc111
SHA1 76f03a52d94f06d1438a08e260beb0e41962bf3f
SHA256 a42fb3ef14d2d2117bbb5a2a1c5c6ca0f9dd630991f160ab47827f18e4b44b31
SHA512 a386676bcf3ac65a5da459500336b1fa934bc4559848098e47712b865c0055f0cfe773467b6d05294aa78b3e155e64f56907066feefce131fd1bc909d2c37560

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7f10137d94d8c562836cd8b61edf66f5
SHA1 d7a3eabc7603c608ad6c3d212dc0f9624de1146a
SHA256 47af7b7d47458ec58c67c75f19c6a8441c4033d362869d7a8d29a69fd774813a
SHA512 ffb22a9e66381d76943bb418b311a26099d025a2167941f93c9efd74d5b9e8b8ea59cb49f16d4ec97ac7f7a9a834a62b13c9b2a22487d529d16761dd2b501f58

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3ffda4097d704187ebd10af3ba0072fb
SHA1 5bc667811f126a59a278492c743f6627916a406f
SHA256 bc816e99224a93bf1478844aef2690d86385ab4bccfc2a3363f179bbc674bb52
SHA512 b3527f94b68c50681da942bb8f258fa5c2271fab785542d533bc029db02108f04d01ec7dae1d74d18b37901a4afb8d0f00ee1a928684b07cddc5421f5d7acb32

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e4bd1ae20985bbfc106f991f16c2c353
SHA1 edef5864655819dc8bb5a0794b1abe81285c61a7
SHA256 886d38d984ed0fff3dcc5dc75ea8cd27d5c14057eb191567703f0b3c3846aad9
SHA512 f4ff850f619a16140071af969fff61fdb37e53c62516d66fb95949f5c28475aac6c9f51c7dc3a0a358b696f4a6fc34bcd63a0aab0a2171fcb77346e2c8a42e3f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4ac76080c540734ae097789e91863524
SHA1 608a7f77d815264a29aaacca2d807f16910be1d0
SHA256 bcca634198485b1cf3cf8479c7237f4bd8e1dea73431a2eedd91d0f9d3942ddf
SHA512 48fc8ae167b3b1fdef016e248ce3d8051859e11f4743ba975169748f727638f0ecb133d06b029fe834080ac7086ee29db74ca944c6937a61cef325394de12aee

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 17:43

Reported

2024-10-06 17:45

Platform

win10v2004-20240802-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe"

Signatures

Renames multiple (2175) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyAlbumList.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\15.jpg C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close2x.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook2x.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\204.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-400.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\12.jpg C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Sunglasses.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\151.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MicrosoftLogo.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_2x.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\ThirdPartyNotices.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\x86_microsoft-windows-isoburn_31bf3856ad364e35_10.0.19041.746_none_680d56683fad152b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\HCWhite_Search_TraySearchBox_Glyph_100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ttingsextensibility_31bf3856ad364e35_10.0.19041.746_none_06e2dddebda5c3ad\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cosa-desktop-client_31bf3856ad364e35_10.0.19041.1266_none_51e937c8b7fb1678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..sh-helper-extension_31bf3856ad364e35_10.0.19041.746_none_976088a560b9aba7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..nable-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5df8c0ca70db37c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-fileserver_31bf3856ad364e35_10.0.19041.84_none_30e5e60f38dfec50\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.serialization.resources_b77a5c561934e089_4.0.15805.0_es-es_15f4f46cee534d3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\wide310x150logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_10.0.19041.1_de-de_99d39566e682dab1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_storufs.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_daf3ff6659b586dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbaudio2.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_1b5f52bedae47e99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_chargearbitration.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f5e48e07938a91d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_cht4vx64.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_478175515845a06e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..smsrouter.resources_31bf3856ad364e35_10.0.19041.1_es-es_12fbaac9d0a92f0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ation-mfphotography_31bf3856ad364e35_10.0.19041.264_none_abc4650086efc4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_10.0.19041.1220_none_93c7462b7887e964\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\INF\UGTHRSVC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.AppV.AppVClientWmi.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_media.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07689d00f1e9763b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_10.0.19041.1_en-us_c181cfb777f3d08d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-thumbnailcache_31bf3856ad364e35_10.0.19041.1151_none_be3f45bf02b1899b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-playtomanager_31bf3856ad364e35_10.0.19041.746_none_84b3b6e25b5864ed\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.dsc.dsctimer.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0ffdcb6686081ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-btpanui_31bf3856ad364e35_10.0.19041.746_none_54ddab438a3b7643\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-perfcounter_dll_b03f5f7f11d50a3a_10.0.19041.1_none_a3125f897c2c87ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cloudfiles-filter_31bf3856ad364e35_10.0.19041.1288_none_15222f9b449cad62\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.264_none_b07f10045e5067ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..b-odbc-provider-rll_31bf3856ad364e35_10.0.19041.1_none_d9ae550fb073a134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_es-es_0b683d9c04e7fce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_10.0.19200.110_none_08f6f40c8a6c46fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netmyk64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba79d1f6d6ddc5c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.extensions.design.resources_31bf3856ad364e35_10.0.19041.1_de-de_532d0f809c0e2b72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd518ee0d#\35da45d13c5581cadfd0546af1ffa6e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-100.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mlx4_bus.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_aab5ab0f7e5d38af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1202_none_7d4ea219d613c9d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-devices-perception_31bf3856ad364e35_10.0.19041.264_none_a3573b07f2fd131a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.engine.resources_b03f5f7f11d50a3a_3.5.19041.1_de-de_4ca3c5f42501885c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\INF\.NET CLR Networking 4.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ktopology.resources_31bf3856ad364e35_10.0.19041.1_it-it_a799c329163ea6ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..container.resources_31bf3856ad364e35_10.0.19041.1_es-es_6142d98a5cee3959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-predictionunit_31bf3856ad364e35_10.0.19041.746_none_11630d8270062940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-clrhost_dll_b03f5f7f11d50a3a_4.0.19041.1_none_ec9fb50806f6fa72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-tiledatarepository_31bf3856ad364e35_10.0.19041.264_none_ac56521bfe3760e4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_sensorshidclassdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6afe2e4e6ae6db91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..hangehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_6fe1df642ca4a695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_it-it_e55e9d700ef575e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_82d656b6c3cfbcbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_c51155dfa7df6fb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.153_none_692d4d323b980451\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidserv.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0afa5adca22d7adb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_10.0.19041.1_none_003f59aa850fa682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_10.0.19041.1_de-de_af4964eab4357bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_91c1403566d0303c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-network-qos-pacer_31bf3856ad364e35_10.0.19041.546_none_cb01ee53d6697641\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_04a6138a18c98833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\forceStorageCapState.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..rm-libraries-minwin_31bf3856ad364e35_10.0.19041.546_none_7dac31b7cfcccde0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4b11afd0bb957415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\stepOut.png C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LIOLPNPCITEKZMF" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe,0" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open\command C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53wTw1Ft9rFZ5YX.exe" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LIOLPNPCITEKZMF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\190ed4fc7d9bfb3d7e3d4185f349b950_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 dbf3ded6b30bde13588a68f5d2ac717f
SHA1 ba43837d84cd13c80a18f8ed2f59be004acbb029
SHA256 1999691f3e1fafe86d14e0c2cea6ebc299a420e9fe880feb342163a9bdafe839
SHA512 a648ca50e97bbfad75ecc103330449d1cc2986b7cd229bedbf7aad5b78f3ae2cfe8478f6ee66af43da2754fcee4b41a44e7628734137066a76d9511fa7236c23

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b5590c0522ce4ab97eeeb4eecf96e3eb
SHA1 d742d6517553f054195f9e6797ad033ef7f44c56
SHA256 45f17592940fe97f8065eb751835d2eedc7a6d33f77d8a90d3bc04d43da8c5e3
SHA512 83122fcdec73cc9273b3f989a5348002788f42bf71b8375453a51a3583df5d5fdb3f53f13a93b4f60bfe9653dc1f742b919c8cf455d982ebe242b1ea7b88bc43

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8f7635caef5e40b7807478ed54cfa98b
SHA1 ec16262fcbf25f2bfd27fc2f8dd82f0d36abb28d
SHA256 90a9dc3d0f4d62c546b81ef95c95711096b11105e6f6083c311b42bc945ef439
SHA512 47d64fa04aa15c4d3eaf8cf661a95f3ec9d7c222726ac971a30c669e33d082dc9b188879954a5c57e1e1c0937a4f6d1fc482b93d008ca8108ce85bc3d85e38e4

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 fcc0c038ec3b109327f839cf67d6e2f5
SHA1 b597d51fbaf5193d074fdab10380577603322ab2
SHA256 e86ce9d81b7c121a06327f91dd1a76d5aae6045f3b6b2800a36bc6732dc94445
SHA512 5da5b891ced88bad4b33e6c6d265b19015abddddff6570cf67f8463a2812cccc4b783aff8859c63906587045277c9ddf766eb15048afdfc231aab79f13c21288

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 d9418ffe711a9179b0e1acea20441f6b
SHA1 872a45abbd55a7f0e13dd261a2224f4fb9d6eb14
SHA256 046ffdf72e37d8778df5e0ad7ebef87563283d7d9fd3cd3153cf53907a6a3c1a
SHA512 617bcdbf99ca33687eb30baf6ccf77afb86fee855ef1bbefd93acfa7774dd34e7a7989d685f1220a35272757d2af10b17a4fce22efe6b269d42a0c069c1c4218

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 90b4a91d94692cb2a41adf74df2c5198
SHA1 a8c4856cd875113f598ba1ca45c019e1b9ad331d
SHA256 acda954eae59e7a0f7b6d4c459f7460ecc893399ac52df320887e9bb37e1b040
SHA512 6415271bb6d95e907244fd171ab336176fce5bf48c897889d951c17f9615f9da02738cdee6ac1a2f4453afce9c495f21e38a695cee922dc31545eb3d264bf0f3

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 3b4568dc20cefa26dd0133156c53edcf
SHA1 c975c93d525f515a8fa2e4b9f8fbb0708fd44f7d
SHA256 821aee0fe6f80b54b267d17cf1bc6fd3fdb4ff1515562df7465240756ce41977
SHA512 5b6c0f31498b6006189247814a337bee2a263c5f39062502bd9aed757981a0fbe0e14295e0bfecb248c91cf04d470333d41538a5570123f30298544aab454d3a

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 3025aa4dafac2fb918d8e413ff25ddef
SHA1 56152eeea577530498dd507a19c7d769c9fb6216
SHA256 c32c0b54639b519c1d90cfeb45d57c3ffc7a6757040ed8a403273089006cfca4
SHA512 b581d298e04eaacc111e6b9e8da6371e9e56ac43048feb6024c5b7da89bd0b3a3f5b34ca9dc58264143738506df5cd13266949feb27204f84da9f05e9cf2410e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 c54d66e6fbfe3edb203b927f52ee5704
SHA1 bc93c5139ca7f726236289b42f0b6716ebc99d74
SHA256 5f3edd6d840e32fe717f54c6795ca8d4c2aed86a9af1c3a251d37997a52368cb
SHA512 e7268ae210b79eef00247fbbf033736bc09f0d240cf2640ccdf3475c53542cd4ba5473109c511db34dd8575d18d8bddccb7ee0d13846f6c9006a09f6df51946e

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 bcd432e4e22cc120e7fb40b09fc4cb47
SHA1 3115915d278f065f5c53394609772e5877e75b40
SHA256 25fbab75392b13e596e002c09479b914d35b5cdee5443b72bae826959ae453de
SHA512 3614ce63683699b641e7bdd7d4d88aafd6bb4500a787cefa5820abb2062d1b652244e9b4c1d27e613c11ca64dbf3d3a4e4c3fa3d0cecae69cde4f9b8c359e2a8

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 c32ab43539388ccb13a1f5db08327348
SHA1 ad0a477e31c9eaa5392a17b3facaa46b499d9cf2
SHA256 a4d1cc01bd7808d97f2be07fe3169a36c8d29eca6aa00e6acfb167f1b7dd5dac
SHA512 9f0e60c35644564a644f32e11e32ed398986780e16ca98cf8062b10e5ca4d2b03e1c8632f0d3eb69bfbea4571b8836f4f93bdfa86f8d47dedda54fcaac4a5fea

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 abc3e8aa6c26044c609b896ff83bdb35
SHA1 686e00c48e4f6c198bdde393886f0ffe87bd6345
SHA256 5f90d1e920172e08d76d95d94db650e8b282f652366d382558d07efda044a860
SHA512 1b8a21e2d9d566f285c30790b70bdfd46a5db4bff8225ffffad1ec0133634a6f0db22782d765e4236e286c69a83716aa813445d2fddc4b80cb5b718b29d94a39

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 2febb74fe5811b7880921c5c4b77a573
SHA1 f91a2218ab856b6fab2cd03dac1b16aace36d0a2
SHA256 5f7fe23ccaadb61664606ebe4487764641bb618ffa69f97ab69ce8c80c50358a
SHA512 1d6556a147e6650f2413d50a14b917c46908d63aa5c8ee0d7c2b37ad9347b2b361c6a81204bde0abc57eb55e0c6b63de87785529358102d7b117b6bbd9b16fc6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 a4eb3d19e9ef4a69e01cbfe863e88d73
SHA1 d39f5f2487c0d9fffd3d09aa25edc514feb6465c
SHA256 a79109e4805d1626bd425fffaf43e74fbf8493358f0c91869bb2bf8096bd32db
SHA512 88e5ea49cd4f00acf62cd5f28eed3a3481154a5d1369f44981a2151e76fe04dbde8d47cc2a202e7e70d31878393eba97702baf5fb64dfa7011766191d7be5b33

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 689bdbb27a34ea07c8aa3ffbba8e78c3
SHA1 63dfb4cf40c0a623507e31bc005e6202dec10e9a
SHA256 85c74405beb5214b542ca8f652ccf88ae8d5194b509e6929b1f4bc61e3dd1dd3
SHA512 9c3a66ca268618887f735906e699d7b8a8067d76ddbd22a4252ab0ce9cdf79ace0b08889d13c76dbd13d7102296416546b26463e22d1c4d90e22814ed2cdcbb2

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c388645621711bd844596ccde655fb07
SHA1 689e18e23016eed3a90c383a49b557a974d45ff0
SHA256 d013ae87e48ab3a3196629308585b5b6bc0595209dcd1dcb4e2f05b0e763205b
SHA512 9eb2781b9b855736d4b50920a90e7dd59cc1e2b47999296c5f100ac2633fb54539ace5c30f45207f16f0a899fbb48af47e7ba2a1c919cfb966e755135dc60d3b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 07d1cb30a9afefae0ba3fcee42f16d61
SHA1 c923db5ed3672d94e3c562e6f6c8a50b16a80f98
SHA256 15860cc515f8472441a4e35db8e2ef7835cc01bc98192be8e348ca3484e94248
SHA512 e925d68a2ce817b821ff0e39df0633dac1a8acbb8960e8933066b5506b94fa95909a04fd669ad10db21fa3860ffb79fb805e7a0ad0e6670aea94785aa2ea5543

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 334a13f4943e6fa77ff4a3494124eccf
SHA1 40cae387feaacebd8f78191d6f40d77f2bab0e53
SHA256 fa49b31ee39278f664a78b62ab5a0ac8e742b73d9b6b674c9e296cf7a6045679
SHA512 f2a53ad608a0571576c24f39c5bab973f3264ba5e1493d138a3967aecbcf032ad0f22e77ba9966ff21f8b2c27c22c2311acd114a266cdd5bed9175bff63ce53c

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 fd7e7a13ac5e0929403990bed482d19c
SHA1 619d4a7b72b343d1540f1d14a1843b482727f4d1
SHA256 85be627bce9b2fbefdfda53602a8279e1c0819924c3023d141080d701d0829d9
SHA512 dbfaeda8aa9351db4aa4bf518458a2fa3c034fd11088e48997c1b29d6c58c3fc1374cf03a07f6466b6236b0c07d837ce86568add2177003fb3ea0a614f1695a5

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 c1ecce5ed0fc5739b8998eab5adf667e
SHA1 33920f7e5eb4a21f792bc347afb92b1d2a74be59
SHA256 23389b70d61202cb5419469c07745b3fdffbba48b2573e7c930c36b4ef61482f
SHA512 24bebd5da66f4065cfad608547459bec5cdd95b24140881389df1fe255166196fc197ae498a7752f95d05b777e7d3fcf11b406a95b99352f2f050ea93dd38e2e

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2f2f8b9b36216cb9338c982ca652b156
SHA1 8efea5a097950bd72a4e84f4c923768fbb670c1d
SHA256 bf3213bd0243645f2d936df69cec5f46bba16a025079c325b1d0eb6290fd03d7
SHA512 2b31c2ea9e66027e8ee2d49da76d7fce362e57cb4f3f1a3f48e505727a4555c55735892050828c4c1d4e13237f86acfdfd976142798a8e93c3c60c869ef7abc2

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 d640c506299f075c11a3e237fea3bdeb
SHA1 1724ce2c0d89eb5c4d5c353839d75285f6b2db86
SHA256 477e16c5795c3f9070fd9993cfb090dd8100a2d7fca5c197e904aec85065bf7e
SHA512 77211133cf4b13164973af3a69e091738dce716a1ad36d4806ff8c21d6d6820cb5e97e40cd1623da1e61eff0f2db782772c153e8684bd213cdc1363879efe30f

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 f267fde11de8e3195c765fb1d86d64f8
SHA1 445b1ba3dc6c364235db951712ff8f737e20d711
SHA256 feebe0e8fa107d1fd63a87ed480d2c3536b7d361c46a37f06f7250412f189a7d
SHA512 fb20c874b95b56fa422016a1680f9417a15adf45ec8ccf62c45222d0cac3ecca2d8c4f980ea6ae3008f52166a8a0ae19a566c2bc1070fc1a028dfdaffd69b9b5

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 bcb70734dea1cfe137a6d0fa6179c83d
SHA1 f924a5d997e1877076f9db1c939393eb05fb912f
SHA256 1419e12a50443717319ec78a20ab0f1475854e4f91034529604b9e2b87c6ab5e
SHA512 db83645a2bf856e624bde1e2759573cf485eb50eed0e410e3cc9629648aa208a501f6e7b9299037c98e6e206e214e6353c75a9f40d61e0d98ef9b1d54c323d6a

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 1e790a7ddd81cada98de8fb3651f7a18
SHA1 b22e68c20de50b360d1c068aa2f2392d4c29108d
SHA256 f88203b621f633e821d8f1c608907053dc5a11dd76e764240e9277d076e258a2
SHA512 26ec11c1a0983f5b140deebe8852f4de788e816e365aac208b2f92f24880aa3f8e7be8462780b895859651da84a31028fc879e9cb3a3b043433cd919c5bd7b67

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 f8a94b3ab0a95707f49ae89f39e34475
SHA1 2d46bb0400d022ffc62089da5e0d68a21e2b1bad
SHA256 3b5c9feda902853d0fc772b05731fcb5269cfe2c562373c3a81e5bec1b31773e
SHA512 c4b615a431693497ea3b444c62f8bb5b504fe4599584e7a7ae3e8ccc6ea8c521d67bdd880db42c6ecce8e56e254f8ccf6d53faadec40d45372bdcd0f85ec3a9e

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 a4b6133bf67eeab441fe79965fb3b906
SHA1 001eadc2e52332981d5f488107b1ad88a316282c
SHA256 252888699ac5b9a0cf6d44f9c79fbbba34a21158df585cc1c174c5dd66f8ecb6
SHA512 519bd928fa4ba8f6351ee463011259a213d45e414388c56d381bbebbf5c238885484e7a1d18ae0a3c6fcb7ed35cafcc93c1ba3d913950e0b07bc581f83c1fac3

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 4dcaaad0fee7e2a3f95fa4338e3aff81
SHA1 4ab59af165d370778b1f3b0c2d98e889668d7ba4
SHA256 26892beb77af04d598493dee5a3087adb9af53077cd3828c1bf2171fa71c6a2e
SHA512 68085311d000776ada2c6df1011fa93d4fe8522e39298373950112eb68742ef9a0a101081f718ee17ca66adeff1e4889d068a11e30f1147cf6889361b534d4cf

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2d7c982a02286d7114ab01f6a7b3849c
SHA1 2f1957f71fc82485b721bb498cb9c507196f42e1
SHA256 3d204e6124db065b1db4970b91031e44164ff79c0f5efba3747ccb27b58075b9
SHA512 c5e21360ce39a91941fb3aced98f668d4c02581f872b6a96e575b2bbaf3bf1b8e9c5e291ce4a2387cc491500b0e687fcb5599de5e41f24b4f97ab18df3460300

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 96e6f2a9faf6dc3c4bf55e22f41f5b4f
SHA1 0ada5b77f8c1e97bb153e48ca88631c028dac77d
SHA256 ec961f97a116eb9ea1771ad1c738fa9a45861e9c7bdf70f9831e8cac60b0d3c7
SHA512 294c2b4d19aeea6d50482d1da02291035b2a0a881ab1233fbabaaa5529731dc0dc4f8854ba24d5c27a21568ec994414c07aa7342902e864c785d7c737e7916f1

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 3344a08f8d7ff2740ec4ae52d9f8b94e
SHA1 5bbc908a764a187679bd622e330e5d68145381af
SHA256 148b3b5254133b9aa21394a22cee52ec44183ac060b7d65652caae387332a352
SHA512 98b27ea3f819b4595a0d6824a64f7661f9887efdf5045e77a987cc2198f0874b489d8e7c043b179d4e9773da055d164f6a0c7ef95e7649621285e7caba59be44

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 67c5b91396cc211a5559cd5ed453c339
SHA1 51f0ca52e6336236cd43e538801cd94f40733cee
SHA256 3e9b2e4e836f4c67ce6a7ad9d01b0bfa674dec264fb53ac845286f517cd8e916
SHA512 52bb858f583f2c2c1327bba13cd9edf3320bfcf8517677037897ce25f9654697f4c28bd34334245bf15436b01afc8cf92e845f62b2f90c66c45648ee5921bb22

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 89653409bfe937434e8f7cfde6b6317b
SHA1 6cac00886896ad01e09259f74ff86993fb0c5af7
SHA256 fe624413823a10d29f0307be305553d43887487fb00da16dda53988d2bb68515
SHA512 1fa659b0a4e58148205b85eff8c39d2d66a7991a425bb0ff60180c9e3015d3996f5185322288e540e0e5c113b2d6e9e13c7eccdefff37dcc992d8a5f47b92d29

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3d18ceaeacc68fd2b1e29cd3cc6deae5
SHA1 840a4be50134bfc9933e001e07a5fd6510975431
SHA256 9fb81d1a5f177f2755cdd77a8ed9baf74a02e4b88df6c2841aebae6da3a825dd
SHA512 c2f2b7f96addb793c835cfba6a18d0683fd103e4b8542901e36586a7bb4bc2258ec230ec87392e0e3236992a4628a718b6097d0d9cad3eaba06dce41a65d45f9

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 130ae85490dc6e890f96a6f894054626
SHA1 9e55de6d34c030c30e811c35e43cb92b2a5558e0
SHA256 6124fb910a37b85406ef29357d0eebc19d2334e2f91c2cdf16de885b7dad9b4d
SHA512 fcf0f5a0dace59379d4843927f06da486d4b422f9d63edec8628a18890c805132c5811d35d729b97d115d961699b1b19e23e9ae6e184adc49e286879f9f161de

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 470e03897aa07212b950ad17a222e083
SHA1 fd9dd72c788913238760dbc9a2719a44b8f8f601
SHA256 788f688e556175f7118da0c0f5898e30613c01ea4ac6c84a231e5725097caa01
SHA512 fe70b33e81d85740d991d2a5faffe36b84863514724cb13c67694ca40ff72eaed25f0920233bd7c6d754e7310cdcf95d1eba7ba8503272282009b5e6ce67519e

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 07906f0f2e3f0940db63c16b2df3f04b
SHA1 8f0bfe916f9d548f638bc56be56e938118d6bc2a
SHA256 2ac5ed2f9d87f9dcd1c3739909a7a6111d1c8304d7c4970174d58f84cf1ca309
SHA512 0e6c236e8f2263d29bb5e65e6d6f4206da3548d4957e823f931648994b8b3b902e31c5a83530e48a26edd463ab72713081e8306d5118827a3d1f1e0f22729fae

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 056a4632b776aa0421974824b1e2712c
SHA1 3fb9e3f2cc1d214ce3a61e554ba32fa580a596e9
SHA256 53c97bce1cf3cbd7c0828763f4b7e71e6e9aedcb3507c47506fd44a19114db0b
SHA512 bcf19430860b1e19b8cb9f165573e41cedb992155baf7d97a5b1b40b9d036fe48cd4d87492e1a902cc9585c9fa5cc6c809496e7a88ae5867321f43b7ccca23e4

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 a7b8b1761d01869e5e98f86241de78dc
SHA1 838216093cb02107da44382fdd949fa2b737f612
SHA256 e766ed8dfea996b64ad44ed4432e765176b6558647fba39884baa431bed0fe8a
SHA512 818a6d4988d7edec8b14ac4cef8ad13be809aa964e50490db0d42a706de31899818bb8dc748170afc5c4e9887a83ad9ac3c2d4421aa0acd1968078c593170c97

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 754e1f90b0a00aeaa55f45dec5c8fe34
SHA1 32d6558ea75ecf3806fdf7e1ab9d6dd1d5f84411
SHA256 a90fa25692e0269a66d056653c6b80c2a54a80bde91be2d9c4322aaf6450ffed
SHA512 e96c84184a56aea40c8036c5c5f7dc2f45870182bb2806164206aae3dcb710116c621f1f5b666e1865bf9a657709baa5f6e8963c90e6d37e1267bdc071caf3a3

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 43e47da858e7a226bcfc657389734e04
SHA1 35658d36ff10b023dac1cb7f75e7659c3d100426
SHA256 a55ed21b90446150747290c6862ca5daababf606598146e4fe012512ea6d8167
SHA512 d3289d4e965c9176593651bf9fd872c280dc80a11388c2a1bd5266bed7644c1ece15b90625b3a3b53fa8c9a9d114878742149f59c2421e23c314bdfcf679789f

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 8d528be71f07ecd15a7bcc3f6c6d26ac
SHA1 db9a7637e6c466a7de19a73ab6582bf045da633a
SHA256 8b7f0b45c42f10b5fb2e881adfd6d42e75d07f8c4e71ae1365d9cd1f9931579f
SHA512 d8d14f620895439fc91704e7fc412e3db5cfd618d19974e622e5d35cc56c7b97398e7ed09428f7fd1fac711b822d5b1543f989c28281848bb075dfa6b98cb7df

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9cf454f1c8ecb39892271f9b12c55a17
SHA1 bd416b5eed6330686fe0c2a3b3c5ff89ad0b6657
SHA256 ceeab1e282173cbcb0596196ce3db4a14d6576a90efc74d52de8bc8ef87289bd
SHA512 a39b579df861ca974617820379c17bd229691085359ecfdbc5f71f2b5525a08c84ac9fc141ca7b0cdd2d3b24b50f459d8a30e782e2e407471e235f41bd0e97fe

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 ba7cf786863d5eba862f98bfb5c5686b
SHA1 996959562cc53c582f6bd8ff7fc8bf45bd5fdc8e
SHA256 44e82e8d12e12b6bcb88dc2a5c0b60a429b010636bb974342eaef21a483ff0d3
SHA512 b287787de7a827ffd999600d59a8bcb46500c8a50e5eca44bc0b4aae2f98777c0b4faa053b53a5902e811a0c85ece813142a7f4ec29b87c67fdff5dab545c8d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 e4e2026b197ff9e0c46f12ac6ee60a77
SHA1 0a52836f4c0372628197fe836cec29603d119e79
SHA256 5c611f4e0f4b8fdc744dd16149bceaecbdb9d9b8fec6c69bc8c17bf676cd832f
SHA512 cda3ccba8af69efabdf81cb739611b815adb22033200d6449c85638ceef74f84f24e4f39c2f62c23e566e325a4cf8ceb01744c0f73297502d9a1462690702480

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 38504f473e3c4c550dbd4fe9848345bb
SHA1 3d6672f36475f5bf569d7f69134f82a0758c7f38
SHA256 a70d4f19c67319e8449fe1fd74f43ae5fa79a053740fcf36fad43284059f8f50
SHA512 65c72d73e82cf6b13c7dae8f5929bf7c993c79c17fef2adebfc37f0d8cea2960f3577a386ec7130e7b7e4b686127e5c314531bbf7b5f752e8f154ff9a088d2d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 62f8df1b6f09340450a7078782fd975b
SHA1 47626f39c3ccd6693453b541527f0fa7ec271142
SHA256 e4bc3684a11fd5a9e466547023faf9a1f55d2fbaeee1116d7176639413a2e75e
SHA512 b1eb67dd48a0e2153a9ca2d022f553e44f2d6899068b82f25dd52ad642a5174c421ee56c3ed9e8c87531c7038777c8e630bf6a38fe7fb3fce8766628d544184e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 d81d03c1d463db4cf02be1ad0c78e1c6
SHA1 0324612f21d70061be30b742d04a74a96987bdc3
SHA256 b969c4c63c696f5f8912cc29fa613cb9e4674248b0bf3258f4e393985e406acf
SHA512 6bc323633ce144da82b7f772b42bf515f314e49aebf11e41b25766e41a3770ddf45ec01da430ef8c7f6fc14e8d3e21aa0508477b1170376d6c521ec510f0a030

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e37ad3060202db8d2abd13c232ccb528
SHA1 94208158463f94e04bbd9765329870e7d9e57381
SHA256 cae75ac542b1600a1dbafb7c75c8975c249c2f10c2fea611403d0a75a7da8a25
SHA512 57d26377a611978fc54f445fdd9b08100dea7d6bf7cd6b89ecd8bbc725c493ecf7bd160f0e62e7c8b99c48368f1f088fbdc496cbd3a01929a14288990a6d9427

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 a11e03e5855f650541c2d643cce9aa12
SHA1 405cf32212710af0d51ef107c3674d1c52432f89
SHA256 ca5d70fd5a2a21a93dd105a8b5d7bb89342043c6483424f90623407317f7144a
SHA512 b65eaf282ff0efc9dd092554d0cd0df0795faaa2644ec6c00e41504d39e01549c3327dd0abd8e84df97b0bda8f8c1edb6c7dc3eaf9d3de17af9a4005258e162e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 9f0a677c28a83f0e4dfbb0980bf289d3
SHA1 0e216e72792aaf9e19e8ca6f0b00d9912da43ca8
SHA256 68b3a3543da21f3fa1b0128bb5a7eaeb8cd3029240e9e8c7c88420b40b017c55
SHA512 f8bc913018ebdf4bd8056d7946ac8bca7918d25ce5c9812ea081649b5959a86547ee3da3b3360b9c2faf0f77a2a26ef26dd486fa6ba0546245beaa8e8dfbc87d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 5faae3344f62bcb476afc5751dc4728b
SHA1 15d13a63a7ee04f889211692b7d45bcba85b70fb
SHA256 266d0c57f5314478270c42c0f805e146af51a95da32d971f4b05c1c62e97d8e9
SHA512 93910fc5fffe96b450a2effa75c0d59f94439aee1770628a30defad917e8482162cd8f7f21b7ec22660d52c5c7dd76f3da18826ae0d235f5571e10f128895eb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f7e9d692ea3aa6ba17ac9df8615a421b
SHA1 5e4eb73db5209fa373784500186334704fc5c09b
SHA256 8f540cd2187995debaeedd4f075fdd0cfd369beea56569d1a241c34976c1cba8
SHA512 30365151a3be8dae0d59f3320cb7eba87edfc20ec5df52ae7c944c775a3c51270ecb44ed7a7e471048f01569fa87802e0fa209ff95ae6e1faa11fe22b9e0552f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 0d27e0848bddff27befbe342bfe4742b
SHA1 081c1e5d2df189e359b831e42885300fef20a1af
SHA256 d0ea4f23e0fb7e3ee40124b55b2133bdd322bc45871cbb91ee5577a0a02198b2
SHA512 8cf59d36d290c0a9d65b2dd0dd1597b95631178dac04920c48e17e533eeb94b1a57630a2d14c04991e41f86eb2feaa7a2fff47025a7ecfde3606b138c059e69c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 5af75283be593ce0e0a7d0c0474637c6
SHA1 02b6a4a27bdfc57733577b7f5cef6701d3f70b2a
SHA256 5ed4cc77b25ab4de0638c69a442763b5ee6aafdf1c1b8ccc7b84eaf0aca598a9
SHA512 7d03edb0cbcbe397d533e5c59574e4e517bd6c15f4fa0e5c306299e6dc459acde627fc8185f7baac14519970d7d2dd4ad5668c6de0e67b4662eab1fbb45ad622

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 90b125018fe42f824a55784ed381f5cb
SHA1 6bfefcf05aeaaef47a6dbc8acd7a8a5126bdd9b7
SHA256 71bf67cbfaa792bcdd054588318d1bd3f64694f02721048c27a46b9c89542ba7
SHA512 4907de3c419ef90b7f05b2d9c1147dc50ed47eeb483d43c038d20ba940e2e1809eff23c0bbfa77e24bee6932c681b21a537679e24c54127fec4e7fb6434205e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8d7f922d6580dcb7bb6e40d7b9a946ef
SHA1 3e34e647806cdb5f2a8cebf74667dc5d8fff536f
SHA256 0d9a9bbb463f758f01dd9d8e288d013f6c4061adb5a709bce9b4fad317b2d96c
SHA512 193a477e31962f11bd8eb15759d7351f3a48d5f25a527471f6d5e504182b163ed304fdf0de79809ec425b407da2b1b2b62afd8b9eb80087a126fb0bc6e741d96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 9951bbd454b39c82b2a1644d1a391d9a
SHA1 3edcdb8cff7eeae1f92b1ae4728c62601e9c34fb
SHA256 15670cec2cf9dfec89230223386bb437978c7adad2b288c9f32285bd510ac15a
SHA512 f88ce574c95ab9815a9b9cef70074896ab58c4cb5c0fded7d10bd6217fa833486a2a6721aba378b97d5bca0095bc86a6cf9bdb4206bc6535b36fa80460b9a81e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 c43763a6f1e29f2de6f8e3fccbf23469
SHA1 16dd21bfbe966399680bd7499028b1e04c61d30e
SHA256 26ceca43d92349f4b833657db86910c6442d8ce6c2b09e8ad62927ecbb36648c
SHA512 aad108a8e56798a0ea72bd97e82ed6fdcc9a24903ceb51706f506741001901d05585b9b3c54cc0b2ddc8c3bdf11921ea63d76655e3e18f8a00aa607a16f97adc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 d89fc61ba339fe1f711c8206ea1af502
SHA1 487ff090d48bc33b596b3232004873d5a5ac9c24
SHA256 7339abc3aa3ccb3e1072c085d03871f1738dd4339973614b1ebb5e7e67197a99
SHA512 36c8112a940edc744dd9da4038b14559bf52be6a77b8f86031f8103ae62270ca6aa7c181d13623b7143e7b69c01a2786c38b791fad157b0f376ed96fc28349a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 8027270c9188dabdb410f27d9bd0f636
SHA1 743df664dc565b5e06b88c368887e5afe6d571a2
SHA256 ddfa32b8f658298d0a9fa74f56ec3301c0cc0ca2d63f09f37764a8501e76602e
SHA512 29419d07fdaeb39f50c95db6b2d968391a495b9ed579dfccca08454d4826a3bf76c1cb15fc10839339b8dd29b4622dd857136d82e0930774e01fe262e80deca8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 d009a8f0c1fb64463823db462e97a63f
SHA1 75c4f2a51d6d5d491bd0a7818ab24f2883fd3e3e
SHA256 da809501a7f74fbbd568968836bed23f69320c24a13f9ad3c9cbe045a9381799
SHA512 83fdc8ccc8bddac9c97831ea13d6dbefa8ae22af7ae1468aaeece1cb57735bc8323e55b7621e4078a619826f3178f87e29f8bd1874c0569d2fbe74e6af5597a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f36e6e0458dee6d12fec0a5ed744a7e6
SHA1 db2d66300fc0f538dbe31d2b6e6ab20ede74d87b
SHA256 a4edbe3de947e7f1ae27160ca7123d22b293e76d41536465a01949028087e342
SHA512 92b0833998a6611ce039fb5b60210ac7de902832458589880ea665387a7707ab395affd90742e2e91ad83747e6cea1541e59498aad74aa3422872761afed6d36

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 40915aeff1e0c68ce14e0952b6f7fdc4
SHA1 57653aee1286147c07bfbbe3a100eaddb8506d59
SHA256 fef8197bde2088f0d9106df3d199d93bb1e2ffee769f5cad86f910151cece1eb
SHA512 9b27f405a0685776cb31d0fc7153b079e4e1e362b8a5a87601b961cd3ffa1639a0a45b23d08c96354998ea362d79d6658db2cae8f3157c5c57aede792776f8b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 b09460d8d6125ee47e11a72e4e42b4f5
SHA1 e5ed409d18b2d1125a00fe940568594675f18a2f
SHA256 bfce3e94621907337d5bbca95d32d29ed96310de1c1f0b18f5fa877b62449019
SHA512 06945dcfdfffabb9ca2dceb4c37d2fe3735eca032505f7bbdd281e30722afe21f9ca88773a677b50bb97738ab5e0346ffa625508c130168eb907797b7ff53cca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 483c7af95947f76ebe085728c0f4f910
SHA1 71acb5f8a368f02f2674d580250577ff316b892c
SHA256 354f16e2b3d70a0df13224f70fcc33992d0ddb27c83cb98cecb2b276fe3d2f28
SHA512 aff34306f485fc2b6d394c12e2a8ab30a9f9b21689f488da57d3c4fbf03fcccdc0f5aca0bb07123862fa1285843cdfdc25d425a9ade6da85572dc39ce3df1f1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 00e34612e38d7c65afdfa9bd7875734d
SHA1 59b1e2861089b5b9157669a8c034cf7520d016d7
SHA256 acab7603fb730ce82c5bb6f3c1db28c338ee80a70e08571beecf382d557425d0
SHA512 b68fbdc03171c043d06d2ac74af5920f3fc4b217d8802e092195852ad996dbf6132003659fc3c14d4b99726fd3fd31c16586ec38c6aaa22e653a287dae9e93db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 0b201da34815bc7b83477ae4c5a2d004
SHA1 cb736c3bcd3c747c289f562ca69b3524c40ca40e
SHA256 4de53ed252ea163f2c833f927338b8af6245bb21e6ca38367caf89b06a6dc0c9
SHA512 a2f4b6ea8bb099190446d574f6722007075764af1dea71aab357361d73f808f6facb98791b35494aa103c3de0db2c20d4d92cea858e3d0604fc36b09c574b75b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 fe45403b4141887672f927f5e387eb0e
SHA1 a08e1e0cb8040ee9a5f3c049914c01a8d8837971
SHA256 c06ec10790a09048e78468c76504b2c6177657768acbca263398eef1faa162c5
SHA512 40596c73119053148b7641189a255366eabda8b650a4e419f852d4a9b3a43dcc1589262e0d1e3b9ed125cc8e5b708ae6efad5e5cc09e91bac3f98fd650473da4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 eb45b5595190201a24767d3740d06b24
SHA1 9cf295f7a7e2e6070defbe15863bfe918291dc66
SHA256 c38e6b5f7cb423acb045e598b2efc5114fb335833a7ce0c81cadbd98d382f2e2
SHA512 cc40b759d5a7ed53ffbaa20c7b866e483ca0a5c0a8a02d36ffb363fe48d6668fed6240ef226169e00f689d78ba2f93d0e19be6b43562b7da40b7f1c892811cd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 44af9585628bc65d6d12d93b2b62a2c9
SHA1 286bce5647e053fac785493a24ea8134f9f1c5b0
SHA256 2a72282cd3166e8f53b92707ba0bd2a3019912a26579473274ce9fd36539ee52
SHA512 b28c85d360aa3222af601e6e8448f3cc5e26e5157e2ddda5dc73cd34cdb37e1fa386a162b887aee8c89a7936d4d8a7fdaca373866ab49d9bb249a4804d3c0025

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 6eccf8c964c9c9fa468eb56a73e5064f
SHA1 fdaa6506dec4df76eed0a8f10194f13a5dea1534
SHA256 fc8d93ae5b41d6db66884f536ac2162f64493a6ddf530d58f8a2a41abc4782ec
SHA512 3838870d963e6a21823329a30163caf99917eb61682197293d4b87c7bd7f4021c05a5190d067be7878b1226f543c9e084023af6f19563b0647948eb656c1849f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 3b7e6c5d7c9774226ccf1a403e7ea618
SHA1 a4539085793de2258c8828c8a2efd42d24539200
SHA256 26c5cd985a2f4d83fe7f7b76a3a93e26bd5acecb4d9b66c7686414d2eceb7a46
SHA512 465012ec06b6d3912fe12e07fbba9581708b6c6926cace5f59985a3ab1140645367bdf84d3da60d6fdbbf5f3cccba6825fb76bebd615b17bc277d1fc92cf9de8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 24607ed9a7bf69c3f614a2fb4b71ab55
SHA1 98ddd0ef5428d748bdbaf8b94044ba6501d4c03c
SHA256 cb6b2046c24d08e0a67dbb632ccb699aecc539abcc702938cb916383743eeb18
SHA512 8dbcc795a5c65cba373adca270ab2f3fc932fe4c5c28d5479a815171ae3939ff548ede8b51e79ed4573d93e177a87c37297fef495bbb69e9fc0a400fbe4773e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 fc1610af61a7e0aee7c69cd44bad6f84
SHA1 ce08dce263c5f595a345e5d83b588eb0d5720ce7
SHA256 78683117d9b331b293cab1f967c9806d2f0165fb85f4734da241179cf154e1fe
SHA512 96abb92c0b9e86b6849b37a71ff2c333b16507a68641dde3d13cf2c72b310bd72ed87b91d710aa0c349c110707d96941bb0753e5dff8bd91179353eff617f123

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 31b27a30dc624d0e8ba05afde25dd49a
SHA1 8aa28ecc653056382c69e235fe7a00c2e8c873e4
SHA256 4d73d8e43f784d0631c95b20b562b55ab49629c71e29aaf8e2341c4c601dd95c
SHA512 41e89925306853ffaa3e42485fe50d1ce5398f821ae840f66fcf0fc4b3c90b136a8d5c780806797ec33f1d8060504a01bce1420a5e2754cdab6277cd37125353

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 be5f4422a118ad0d58a3c278d6402da0
SHA1 9bc4943edc58ddf0d16e7e3e9127e49c3f55f14b
SHA256 331054f9b031845b608e8a9606b8afd2ca9b039094ff55aac39d39b6a57d4f23
SHA512 5009c1e2cccdb5729a7beb24e80c9aee8cf7aaf6240af80b52fb3a610dc6dfdb6682e76d87bb11591422dd2e4942ac3f6fa96d0850f4072b99f84edf246647d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f218265cd490df9c299910b12ec56849
SHA1 438239c8a613a48c67e67f366307a8892974a87e
SHA256 41ac9180a5fdadeeb9a72797fc3fc596f53c74d18b45249215e962834a76ba70
SHA512 10d431e1dbaa0d3b7fcbca7d8315a6133597b90c2018c6a759ec4da0be9eaeea3decf65e32e60b9b246c8edffbfaf963a1444a38c2abdc7b30f78143cbefb7ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 8cf02cfdb188880d4a9210b5bd22a908
SHA1 7174251c11a986dcc1a56ee709b9d5f265f3f112
SHA256 eeaa6b271cb2c578080ae35c795954b00d58e4f6548242dc19226b85d8076252
SHA512 96e25799847f27b1f19758633cee397aebb5d54c5c005726ff74cc06913a9d38b05a0d40b98611275ecc49ab818701a6ea831dc689d053db9c6e50bc93d2cca6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 5cdb78cf21cae596d54204c312d7ec09
SHA1 367d2cf2d3a1cea9846ace558baf98929e8dc0fe
SHA256 a88573595c13faa143c39692d0576e17cb1ff25aee2bfd05582a8e504b505d9a
SHA512 53336bd767f10ae6b2840b22bf611e17f3e886544db2bf0fb33d8dec007d225536e0f60655a5d82a6c48f79e7867e9311fb3aea2f1c6ac1db9bc7bc86553161b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 4df5d0885d19b19c69844b98713945f0
SHA1 eed52f92e9490026043023310849be101c06f9a4
SHA256 24ab50a127665662af4382d99a2ae3fb2c4900deca3ef8d5aa8a1e941814d444
SHA512 5cb5c5271d80c6660996f36774ff9235ee87a08ac030758a3bc1a61622a62fa5d067907a63dd8fc2e45e038d7b622948c8c20a0b4f3b27975011d421869bfa05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 22eb9920e76f897b6ca42bdb64b37b93
SHA1 6fce2a3db1a9f1cfa47cf9346c0ef9dc10e422a9
SHA256 6b089e15b7002dcb42d001b1de7d2af779f6b34d3a831f33fc2b52aa409340d7
SHA512 e7a11bd68856bc64c5c5a86b1d2085b2e7f28482cd2c336220aa298bd2c42adb0418bc174192720a995079e7626357dd0f6d4a1ce41971270fef9158159503ab

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 29d37e739bcb8b02a528aa6e5a7075e6
SHA1 27429d898a90bbf891f9ae4814609ef9d242488e
SHA256 8b4e22aab4e1e9a3c248793d2263aaff3f5780f1d1ce6b9b459e8081d949a645
SHA512 967f7238b6fa54a77ba56a2cce70b7b1f2805a10beafa8fb528eee99b92374b92d6a884780cd6cc3886f4a81145f189bcae758d3b7c471b70aaff2c25016e2f2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754411894742.txt

MD5 ed4734045b3b14f460a6ae809f161759
SHA1 a9e50406ab08f02aac1d1e583b7ca1820e7f5235
SHA256 4e6ef8038e74f5e59b7700021b02d2ddf6720b5fd4b2cd92e8d522ea637f440b
SHA512 5a15219ccc1dc947e58ac3f53b7956a4393535f38a185855417b20d3604578033256c938af58d11a7d57cb2deb3974eb2a5b475e0366c28033f7bb6442ab3080

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764757873191.txt

MD5 194464f0205fd1d3ca060b5c86266012
SHA1 a6d40ae595b261c8a19303c8040acd8479cbe17e
SHA256 ac54f1af2f4ac757b90eb29e65eb9965206e44a16e6f922fd2666be8d63cb627
SHA512 44b7f871df64ede5b808e8e3289f787fbc65ebd99cf1056ebeef824f2c9e2ae22343838e60575ede1ded61c7ee009dc0187e8750bea8d42fe415a66c70ac344d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762145921862.txt

MD5 d4f00c0f9a999f6a2aa261dc5a7160a6
SHA1 941b39d81846084adca3ca0bfc428323f129a74f
SHA256 fbaa3c8f44d224312d5febe3c584881998e9f6aa0d660d5ce32ad17b67b0a68b
SHA512 7fad18fd35398ba648463ad5329a3fbc8b98ecc8ca4d0beca94ea6d8acf136b784af0cb680b309a48e6ae58a8556c5308fa333eb960dee9e743c33ce9f679c8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753875133298.txt

MD5 dab3c7c129d126418137b0456503e7fa
SHA1 b103a83f1cfa275efd613a27e6e8577a04e6f3d3
SHA256 4ba3d2983dccaa2d1aa490a527edbf5da46698403fc29dbbd99969f9c0458980
SHA512 d441097f5e40f43bf6b8082ffa5875ca7758695978e0aeb67f78d28f749a0c2dd0c89ac3adb49d358fc6c31d71ccca519a64657089353b16559695f1a5ec99c8

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 b8e76704de424c1b51ed4e531ffca8ce
SHA1 2b4d701771f1577c11bb0f799ea46bc5bb8ebf89
SHA256 a4a74f4253cb2258a76d5ed6ba7b987f8b6928a2af8cf1ae874578bb210228ac
SHA512 9115b9e09d85cf389ec13d5b8cbd879a3a30bb140206862f02dc30294e75ff56f7234f5eae340b0860fcae8b7d6fac152a63644e6468357e9451d325ebbe5d73

C:\vcredist2010_x86.log.html.EnCiPhErEd

MD5 54c55af228894076ae9a95700760ecc9
SHA1 3239b7933f318b3be779a008b29470b36fe0e03c
SHA256 896c229e5e4efdf8ec615924dcc64ceb832c4e3a20e0f3f0180a26f2891f97f9
SHA512 5421e90b292e438a8735dc0a7f24693e4bbcda35f3296cbeb9ab6448c8bb08fe62e7917f52f3bd4aab64287889695f1c117e7bae8a8f21ed7015b5538497f3dc

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 a5a992f7b3414999c1be60c59f7f9486
SHA1 1d3ce99ac047cffb3fefb1e31f69cd4e2d9c5c4a
SHA256 c8c744c9b8f6e7d68c9057cab37ff0f7819d9882531cd9b1fab5756bb2934f73
SHA512 3a18a405f9dbc94bd57d799ebbaf409523ccd16b83118e607fe95e46f9f37035102845e40e2c1a66fac4229ebf55947d385e82303ac35107e2a0301ab1ae6a0e

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 343c55e2349e709de4795c210d9c5caf
SHA1 21bb5da9e3868692285cc8981edd66c906934b5e
SHA256 7141c0cbf2ef1f344c3b3d97875b8c900c02c662b2525367b79fd7072bacf91c
SHA512 b797d8d5bc441d07aae1400f2035796e3da5f8346a4f5bd0865c29838082966f4af1efbe925f6efbc25d3d8938c990837e77a3a1668be28e7c52cd991906ed80

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 7a5574706804dac0dc7aa67166045994
SHA1 9fb18504b989c2bb339515893cf7e08ccc4dd30a
SHA256 983ed68703f66cd6ab5a5bff72d2cec5bd11be4bc28d9a00b502d8b6261819f6
SHA512 ef3393f0b1ba943ac1e8bc9b1363aa6748c204239e55fec03a6f4041ed2cc184af06851956975d9fda68eda9bc7d382e9b781700d294dee23acc0695da98b071

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4b99a877d43c2c42ddc68568d56c0b09
SHA1 3fd8a6e43a640abebffcf7682db0aa11d026dbf7
SHA256 dc49c22112b3a6db935acf53d00aae7ddbc291bea66298625fa8ef2e5b104e16
SHA512 696f7a0b332e49d92312e60c1a94f32ce0f21faf99e73e5e59f324004c8e4b8eb6ae9529a329b3d755dabd5729d4bf3da40d60aecc838413e366c3d69eb00967

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 31c667d5bf0501acfb2899e7aa2f0f70
SHA1 81e146c44b3bfbea8389d01acdcef22a8721cb3d
SHA256 afb52c4fc382b004f11532a54eb747f71988985392c5cef3f4412b6dedc7b21a
SHA512 bba842f0c926efa83a71c7542676ec55211cd78470800778dec05bcc74e315214bcee82ea8837dead4fbfe7fd018b317c1441f5f98b8bd38f0482be70d80244d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 f53f1e363bc57142a7f87c109ee99050
SHA1 67bef5b25efd27090a2e9e3eff2e81144d41cf79
SHA256 0e60d5935dd9f07550e05f6c43970cbb1d0bc8e7d6da32f6fd40518eeefa69d0
SHA512 26569f9681cb2a212873ab808884fe1554ff1b37698aa2c682a2e45d6943825ca7b1afbe08532810e8039d5cea91e921a0bae911582b37162189b5d909bc9647

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 6b3c4eb937ef757b33ea87075d2f47c2
SHA1 ff8bc3388c8f3dcc681056f48c574e9fa7cef5b6
SHA256 e8fb2104ec333b65ae6423b0f42118436f6ce583269e0fa29986c6cc08250876
SHA512 f246714ef61187ced6c84c9eae4868d544c399b8157db3f32472056c6024e579adc356945cb86e1d98306893c21ede2c5995ca6e971c56f6869a85e46421832d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 309f989aa845850dd1e99890c05704a5
SHA1 6cdcf2683518e9119bf2b6000d85f2ee1a6b8000
SHA256 1265165239ebb25fdba52ede5df7d98a174a160bbc4112ef287e8da278d1f049
SHA512 2e0133d263477ea69f2336a49e6a8fedde10d2e15a363cefa958afb26ef3e823d617ba7e368882bed8951b550e93cf459398537be1446c81a1187c3d66466674

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 caa26e00d126a0db9631abaef7abfbc5
SHA1 0f9a16da8d1efa554d038a6d578878b457201a42
SHA256 05dfa943edb20f5e1a4381845eef239d736db66d31ba92097047471ec74d7ede
SHA512 27332145d03836efb99888941b499dad50016e7cb5bcc285526970d848ad27fe7de398b53e5787b0ee70a0798d5236e13b4e217febf5d1fb328e9d9a892b0275

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0ab083ee570a828f344fcc2b5e18a6d5
SHA1 95b09c91b07ac1c648a3092d49f8815432ee99f8
SHA256 c488d43aff60dfe6a4bdfa421e34405024a8712ea4957da80818e3fea8e4f975
SHA512 4e3a5ec15f61e4462c42e4070f240119e0a0ba04cecccf7f97d640d8d403b483b321d454270adc44caa1cdc7d0bed06e975d81822f69ad9ba27c2697f3d00aa0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ed1353f8ab63188a794c39fd8d9941e3
SHA1 b2a2bf17cf19f519e80195f8ee3670284527f02f
SHA256 30e67ed8c10b253209058426266a7bdd94123ad04181102de79a224e61a48862
SHA512 32c4dea9d3cb1e7dfc5825316bb1ce1fd582838f9433200d43b08941cf562246273e529e69178440ae7efa766ab13d975f43789a3e4ddbd23c9dd415dfdc4da9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ba336e0745452747581bbf3d4a2438b3
SHA1 58c2a9a4888d8258fede8373212cd0624435b745
SHA256 b952ab91702224b1e7fa060eb26649ff808cca931aefe4b69e89fd186e125782
SHA512 377fb814a2cadb12df284e12e9cae8f159a282539fe9e5fcb30a5dbfc71037fcde32d25e9fa8feef22c9b6e7156a96bc948a24b4936bd54963980b0dd901bd66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 87272acda324b1ff670ccb939c330392
SHA1 6a7c506c22a2d79e212715e51ff8e86efb15083d
SHA256 dd556f56bd04b00388f82690f10d87e939243c0528da741d574cd7152451dfbc
SHA512 737846f9a955dbc4d4fac90300306314af7806ef8155b6ac0537ef974f012029477a9ed7a789559a03b367dc36e80355d2e9982ffa12143cdf9d1e01c46f0cd5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 817eb55e6b13ced0939d56268036706f
SHA1 d9e52c6af71ed4573af016189d7624f66db4438b
SHA256 fabda69505ec979799a646592b437779de3fb9dd6740c58351b45900291809ee
SHA512 c562aee47bb12afdf7b6bf0b84a463cb5e7c471e3613ac70f1d1036fc835c7c3c0fcc7f7c603edd88d0e83551db26a3120789313f587cc21cc7a04c6a0fec1a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7f10137d94d8c562836cd8b61edf66f5
SHA1 d7a3eabc7603c608ad6c3d212dc0f9624de1146a
SHA256 47af7b7d47458ec58c67c75f19c6a8441c4033d362869d7a8d29a69fd774813a
SHA512 ffb22a9e66381d76943bb418b311a26099d025a2167941f93c9efd74d5b9e8b8ea59cb49f16d4ec97ac7f7a9a834a62b13c9b2a22487d529d16761dd2b501f58

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 edaa4a897ed6f289af966e0b1c6e69fd
SHA1 86f001467d4febede26244b2299c74d36c6ab806
SHA256 1a6a1085d66b30991a65dcba90d69e08de6ffc4d6b89dbd54090b08949301c54
SHA512 a210ead15e51706337ff56906c26d93f4f9248514614c16fbc8ac26355ca30ebcef846933225b732f7cf232dec0c8054e50d776d9a4eb7e9ab2a7e64075caeee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1d61dcde05b2e5ee9abd4088e3acc111
SHA1 76f03a52d94f06d1438a08e260beb0e41962bf3f
SHA256 a42fb3ef14d2d2117bbb5a2a1c5c6ca0f9dd630991f160ab47827f18e4b44b31
SHA512 a386676bcf3ac65a5da459500336b1fa934bc4559848098e47712b865c0055f0cfe773467b6d05294aa78b3e155e64f56907066feefce131fd1bc909d2c37560

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3ffda4097d704187ebd10af3ba0072fb
SHA1 5bc667811f126a59a278492c743f6627916a406f
SHA256 bc816e99224a93bf1478844aef2690d86385ab4bccfc2a3363f179bbc674bb52
SHA512 b3527f94b68c50681da942bb8f258fa5c2271fab785542d533bc029db02108f04d01ec7dae1d74d18b37901a4afb8d0f00ee1a928684b07cddc5421f5d7acb32

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4ac76080c540734ae097789e91863524
SHA1 608a7f77d815264a29aaacca2d807f16910be1d0
SHA256 bcca634198485b1cf3cf8479c7237f4bd8e1dea73431a2eedd91d0f9d3942ddf
SHA512 48fc8ae167b3b1fdef016e248ce3d8051859e11f4743ba975169748f727638f0ecb133d06b029fe834080ac7086ee29db74ca944c6937a61cef325394de12aee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e4bd1ae20985bbfc106f991f16c2c353
SHA1 edef5864655819dc8bb5a0794b1abe81285c61a7
SHA256 886d38d984ed0fff3dcc5dc75ea8cd27d5c14057eb191567703f0b3c3846aad9
SHA512 f4ff850f619a16140071af969fff61fdb37e53c62516d66fb95949f5c28475aac6c9f51c7dc3a0a358b696f4a6fc34bcd63a0aab0a2171fcb77346e2c8a42e3f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e5420df1f109a138c64a5ffb2a33d9c6
SHA1 193b513de700a93947aede2f44fcfb6e0ab4a345
SHA256 8c703bff3fe31d1d970f15dee9975d8c161a27124f526b09a587fe4dffa8a903
SHA512 15110726618f1f106ced8cb49e9f08ac640f8b6e646b232675ea28ffd4545e4db8cf53964d807f2b0151081c3b7c3362bfb518ed1d198508f825b4884cc82cb6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk.EnCiPhErEd

MD5 8101be4c1f3d611eacedba631b2e75a1
SHA1 3b9c5b62a86621ccf2d6f282dcac61e04f42b910
SHA256 0584a4dedc2f8889073cd369a186abc190be191a8cdd4c3a37ac02bd958a00a1
SHA512 2983a9e239beb5d7d68a1792f9a835c003e505654b4d690fd697e65a002f84523cedde54929032637b3a683a848239932006a135fb9e309e6d89a5bcc0b96ae3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 8ff7c188fa6fe8a90ff339feb8c28735
SHA1 355d1c532a1f94a81920fc0cce7cc33706047bf2
SHA256 7ff45aec388ac4b4078b16d48554c555ea0eae9feb990ca5aa09a71ed1d15628
SHA512 084eed51937f053baa19fa54d3997c80e2cbb665896d295133bf5cb9da5a16db5e84be65381df0f8521f048982b6288c76b72790bf15ff238aa7399cefbc6d17

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 23636cba55faf90086966a95d403befa
SHA1 f98ae8d153cc49cd3a8e71418ef651622f0fb147
SHA256 65d978be0f21011d789743c98a538cd6d3bfcac95617ded17e23fd8ffd0f44ed
SHA512 571af6faaecdfa8157f1a458d0c4c5e362089da2988ac7b5a1009592de2dbfed2d6713716432217f686a665360780785b47628d77da5c89a9e8efcb71726510b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 5534313e88b535d0aa290f9bb3d075e1
SHA1 abbeb3d4fe705ac946d699030b9016e532cf127e
SHA256 f258de0f37c16aa78821ddd6ee496522a518e76dee19245c66f55bc2d0023679
SHA512 571cb69592e7490cb70e351d602b75f4d953a279228bb1719ea05e34b142202b615735f1683bb81fa86b57a4bccf337674edb34730d423a295bc7e69ac8817a8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 3b1c56f731950c2f65d993105f128fe4
SHA1 6ea231910265fc108482e368994c33d600c7be30
SHA256 f364de25433bda073339d9cf49a9c1b913f41e9e8eb99fc2f48eb0fc4d309877
SHA512 cc9f042240dad40529b5003f0ebb4f588e2cad76f4bf8a7fdc62c8184bbab22490493dcd7338c71fa0cbfa94e71e35f578116fd47277b34612c268d1a5254a0e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 ef66eb9ce01a9afbc7db3e4cca7aab6b
SHA1 7e4974d401eff7767570251576ec389fb4f32bc2
SHA256 ff581ca3e72250727aa5d77f6c51f9123257952fff6774f119371252c7dd8af3
SHA512 7b69e4837a733212316eb21b2c44d2a04a1927a41588d76e1f0838789afa49aaa3c0734ca8c363b5530865f659dadde449898acdf043dc5e5c7a2e66f9353dca

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 2ee7aff3dfd3d601f8abb0f207aa5ed7
SHA1 9f4728e876a7936c3622c77e150f9a2ca1ba6136
SHA256 4df49b91d97b88bd57ac9d83372521918c442e212627c13abf40874c6493a3b9
SHA512 dbdd1fcd51e2621454cf06a3fa9f518b95e0ad0bc2583a27123c555365df7a3e6d9481e89c0c7fb6f41e9a1d18e112d5d7e9745a4442e26be7c4ff9297e30e39

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 64be8e8e962c3ba8ed304e38ec99732c
SHA1 43eeb606a0fe717e38337c78b0dbe807cdc7e96f
SHA256 ab97529a2aa6b0170d2f3f2b013241a5eb05c0bdd63c8397358ec2b2d9f1c596
SHA512 ab3da480a879eb3800c775654a41e24f1d1bef5cfb163264eec441cc8ff0c346a02c6ea7d13cdd127658b0f9186b383a1115df58331845e4354a16a5c0d0a8f6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 bd1c026000959febec334407313d2a5e
SHA1 5e2795f1699a23959bbfd4a8066d0772bf1abf15
SHA256 aaaef1aa524ea143698f869468e6e3c9194a65a80a85d7a55c855300cfc3c037
SHA512 7fa4117d254fd4a0dbcdcffa39b88ca429fab1d00a9c35670c5ccaa9e3cf9caa52f258954f740f2be720f3b54877d444691be0ed8bd46c1688047483bf989313

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 5e1ef5a8b92d64d1d086e6833bfb590e
SHA1 47ba5cb1dcf4dfd0087a7fd0a7eae01800b5f1a8
SHA256 c36575be5e9d5110c9aca2a763d2b49bf62ac961e9fda0a44e46b8d3c08c0b78
SHA512 5474787aae75e357f63a14589721e33e04076b729c1ff3f57c78110ffb3436146f2fd8b4f8110cd4c3bbf748f75527b1aee1c198b8784eae8c7585d626910e35

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 9259d1be20b03fb6ae4e246fb14a1468
SHA1 5a9cd0c8d11a2ede4b5771464d5de6f17d15f8c5
SHA256 8a651e00a33546e8a0fb4284b2279f3d33bd8b10c77983344f95eb31569275da
SHA512 192e290d71d04070cdc6935a300376053c9a197d3ea7d65ae4feced08f6bc478dcdc3b871de1c6f51874eba4baf49d0370d3d9131cab260f7bc54603007e0de3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 51ce02c8388f07b89a8110a636633a73
SHA1 fce26d582e3756eb65f3174a79f7d94789b8e99b
SHA256 68d01fc74b599dcb016be3ebfeaa57b31dcd3cfa79edfc91a72be1cd3a0d2f45
SHA512 f9c47af34cc479354f2fdf455ce291d9a9ad32bad8d06d2946209eb7925b9fa40caae1d3d65ca51eff324268e8c5d9a91e90a4f84621437c55cc9baab7253030

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 3cf143e1bdc2fe2aa6cf5e8a164a15a8
SHA1 01875f7312d99ce32bbc80a4946556121289fde1
SHA256 89594cabd95f81f61b923468b4a9397e16b7cf9bf085d68ac1badc8e2ba681d4
SHA512 89080cbbd9dcfa30ad7be900ab5becada8598127c6b8f4c0c3ac80b19de60ba12374b106c6ceb5e6fe907dc3b558ea9c808adf89a5d8e0aa47d105cea58955a5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c9c198616ccbfd77bf5761b9f87294db
SHA1 10ca0eac6a9f6c1ec56f9b9ce49149329ed4c813
SHA256 e55b5f8ffe17e4557525549c20ad9fdaeeb4f244914e9d0d678492292a914226
SHA512 720ec0db06eaf82d99d88cdb269867a2aaffcb23a78ecf22460f4d2b44f330ea6bfbf67cb48e12a9d71e3d05d928fba78be4f51ac40d5de480f8dbf2802c5f05

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 ff40358631ef1fe09b0ecbf009a1d4f8
SHA1 f7cf7b9791b5e1b16c5fb97b1c21398c9bf2b34c
SHA256 24f01ebdcdfe081a8b561ac607e576d78a0ac21c737534768f83d650b29f3854
SHA512 13e69b96f68fe6e5cbec4caedc0610e9fbbb5547f5bddd1437ea63214c73c52f57673838e050732c3b5600be26b1db695891410e1b45b2fddc03cbe383f2acde

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 f27df0f8bf261d66224ec479c84a6822
SHA1 7153d66ba85d834b5f55d16ca6a6e8fe00896630
SHA256 0afb56946cfc5e61bdd98ab990783a45005da78f19d6213e5af4c6c2a4f1bf37
SHA512 bd74a6143a0d8a19e9c797f10ac58e32a7b68e8dc118bcfaa738bdd552eb971d57be2c626ca6f91b9d0ee4a6d01e9c4670933f6d7645a36ffb548326a6aeb65a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 4e95d5be077188a82aeb367fdde86c16
SHA1 782d87b9e2d35aa9f35e7cd1257f043a9318da38
SHA256 c21ab5538d8967695af604216b8f8b0b75649141f9355774474803354b011daf
SHA512 52a8171b2c0f5f26e58de0e663bf94b138add6829be035f184949c4aee88b5261cbca77fef6dd983d5645cef4eb9c6c8e718dbb3f47ad170fd4d1bc993f46534

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 b708c793f338145176d50251afedb52c
SHA1 25fb26b42aa4e0c40be1d7a3f9fbb8b64b4af81c
SHA256 78acec68bb7dc24704d304f9911303d0808d42a156c935fe7ec4826291b14bb5
SHA512 ab639c9a726916289623522522b654acdca98c330ef7448839273138cb2d0060055ad895005a325eb5005803601cf63fdd9416b89d48d53b63b3f6106fc33334

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 04aea53a1cc01aab2c16ba372c0abe97
SHA1 58509d85ac35aa6ebfe102d1395ad30e8252e2cf
SHA256 8741c29b907f05d9e964ebf7377cceb3203e7d712e4d1dfcff71a62825d5d8bd
SHA512 71273e386b6ea9f26d2dd01a614b9e65f90023af5d7a7210b93b0ab8565248320ff86d174ecc2157ed63d18bab40b81fdca69faf295c0923fd315caeb500c8c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 530f04c5d43b23dcc34f5c06c705dce3
SHA1 dc4d5f59729714854d5b9fb89e46f3ac030a7b38
SHA256 934cbe645596debb8a9d0b57751d55f2673826712bb38f700645c6419092b47b
SHA512 3e9416f654c91341c9ce90ad6c445a4bd65c2c14cf4abe2e5ec32a2299ebf2ff41d76ff1b07e068af80910bc00eae1373c1daf5933427f326985bfbbeaa4fc0e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 f73579f35b2efebe510e85d4dfa46a14
SHA1 9014088a2d9885ba5f13b10eec8de70a764faa69
SHA256 8c3542cee0910c0804c62b94105f25740291409c997575aa78ee491192d8084a
SHA512 2c71539c09383407c4091d00305db32110e4af7b7cbe6034e629cff25ae36691367cb34f35da48bc6149c9a2d13e3a208947a1ace3708f9add42a195a0c8034c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 f13b7bed3d6a86b8d23c2dc159e8a1db
SHA1 cb9989c2dc34dc62c30db5c44af62adbb37e2b80
SHA256 9fb478716512fe4f14b45127c4d02c781904da69a71d193cb6e4a735255ad1da
SHA512 ec074fd0bd17570f37bb8d7702ab618bf60bf576edb201933403c146f4698ae40849dfb8e22509f54c294bd7bce803a5c3a7c1b8c020f821bb659bcfc5c04369

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 3d79891df0b249a2f9916bf79a3d760b
SHA1 114c77a3e50197639c8433281636564997d80b58
SHA256 d60719274cd17da0bd2da665aafe7cc703f096a95aca5070bf245711b43ffa8a
SHA512 fc1de60f562b079c5a3e90e2206e80239cf4712a00b5504893bdc5a22ed5922e477bac37d7788e951f340924b909609f994e7893315e87e0969840a5d7838ff2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 3e9b877c883ab54ae4007b75c3b6dd24
SHA1 0278f62ae73c9a9fe5eb23601936e0b1bb554dd4
SHA256 34e2381552f28bc880ffcc929921687dc731bdb698730a3b723d26649f88708c
SHA512 526f1d2f3ed1b613f8dfb74457101a7ebf7af90b52159459cdd469e5ae0ce3775a61cf59e78000f824a83247c19227a7141f9c104b0d985456c6414f54b9f429

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 fe580919f25f6eb24bd8b99889f0e61e
SHA1 d2ea6c9dbe96d179db156376d69c946a3ef8c22a
SHA256 cb5421fecdc77044f9342a698d6daad875f0acc28f7a4b4e3e55280d3c80a40d
SHA512 a857e69ac19a79f567a551e4b6108cef23b56801e5f91b77d19aa775a5bef2820bda2f82280aa1bf90c29f1824c1def68a541b6fc5917ff3d0f91b8cd1a4b191

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 2b3254c1f12d0382cf82f6cf0cb18159
SHA1 5d8d27b3fdf4520d451ba78fbccd8843eff61884
SHA256 a5f4b59db334248881cdfa04cc19b236d247bd8896614674c6f5485991c02e95
SHA512 ce23de6beb214200d5c2aa18d8c85657224a38ec8cca77cfbfe313b5db8b91f04a1a63894a0f71583f658abd39decc54b73f2b7a48bcdb994cee7811393b4634

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 0ca278d4d055f825833d5fb7f5ac7cc7
SHA1 ec264a54f94dbde6c64fc3147c1f5c637f296c08
SHA256 17d8cd64484dd95299492bfc927aca1206e93f3af0f104db616640fb0ac744b6
SHA512 fa217dad5d2c4717b7492aceb86668a2e555788baec53f86290ee6642bc1ea568d28f89f3edf8f579deff2e6e5ef222be3df50d81659341b036d1ac1241fd3ae

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 cd6549725e2e5d25f4e433a1545a36a2
SHA1 f2c4b833313f561ef0ced801628167df2fcc6a8c
SHA256 d020ee134ad813f3d1ea1646588544b778cfe0ada7c6e2993eb72a2a25acbea3
SHA512 3922ad7a34a69c6d98088462a356b94ee3e86a8cced3de72e9d9a5e851dcac946bf6aa9b96b3a7ee55f2fed24a31a2ae6677f8b84c1c933c51e6a2a99c9ed875

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 bbcd87bf8532cf85d8f38a3d6f2c08ae
SHA1 2d0cce1080e1f8832a0bc60bb7661f5f8f17be84
SHA256 aad3d2157e0124f7adc96e2599a40c81b8e5e306d8a811b360541ee2c738ea95
SHA512 768f91918d094cd0b905239f7a9fb525ee2377487bc0690ee4e928c3d55fe4533e04a03531ca795705809af242c724a79e98c88dc098cc29d64ceaa055b3987d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 67d9e27295066cf5186091631109e093
SHA1 71764930829d58cbcadbfbd98e6a541acffb13c9
SHA256 dd04f7ef79f895983e0a827225bcb59735405f2d85b3d45d4b26c0f909d492f8
SHA512 29f010d3d6c357e34a325b6c077f08b6a1a038cc55eb1d9e9194ba5069ec3838ead9ee9ebcd5ed05330013864caa94b0796b89591f5fe72e038656434ddb70a0

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 f11ecdf18cf513dab8a39f821257c04f
SHA1 f2f1e721cb33856a72e108507218899c902cc03d
SHA256 3f20bbcbb52ff29ecab7746169e7b4eb92e77aa7f08cf688a5894821e239cd32
SHA512 a61c6457cd2e74a9ec8d7f9957ce5d2ce38382933377b64cba87e16f4502b18776c96a02841cdc71d6ab06f6d1c6c249b72de26c0b16b51d8777e3d5bac24690

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 339a16c937b15260d734593dc24e413b
SHA1 e7751a7b262a165d7fbd9831cb16417c0978757e
SHA256 df9cfa24c128537af5cc5fc5439b2e46637946baf4bd3d13f8c18c5b478f7f52
SHA512 021c43edb82aec3c97e813f2667e75015188b0ffc7d7d643a8c5e6bd8ceb4d7b68d1643d0b77a12188f23012b4a7fda0648fc8e4f1ad6e4311d0614033497f82

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2322dcf7c4d6ac79580f3c707e1a076b
SHA1 d19c218fbf0a315ee360351bb942a2e5527e7491
SHA256 f1f88f48416e0247f1e8c1af6ee11e4dcf84d15aa6fdfa746d9494dce85b41c2
SHA512 d43e58e0ec2d286ae3d2f1d6ce64fa34f0aea0be8aa470b6e8f5099fb848d5ec67c6a34a40aba4ea3ceaadbe216923a70e4a1b8583fe016ad3a972ff56869466

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 fee09cf8b606a8225e2815db2d73703d
SHA1 0184d6a244fcf03d6a1abcd7c604002d9d9f2fa4
SHA256 e89f0b961c41309758cb503387599aec78bef9a22c41c228924af1f0f6edbd84
SHA512 220c33d33ed0c460409ac4ffee38b74e172347d565da5b20e8c11c4281945bf34dcef7139d1bb00fcfa24f3e5579f3e7b1f1625b0c3012f4cdd3ef3ec5477af5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 405b04be65966192f8a1eadd5ee1dcb3
SHA1 6eb421f3026c1df1d263b138ecf007e4275ff338
SHA256 aa624e0d921509eec08765118aae9f5c4b2a15bb64410315d7e83d3d77e58093
SHA512 407d55057ced50301ce8aad503d801819d761d4aa407c9b772ec4b6d1a83284a8c376c74a07375ef9ac29adb91acfce3f6b8f4b1313ce6ea036a929c6964f8a5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 8942106879c6b35753387def312b7e9f
SHA1 90f96f3963795e3e36488a38cd7858dfab007216
SHA256 ddb27543f336281d444973c4ad16440a880058e20fd23507acda58eb04416090
SHA512 ae25c633e6a527938fe08196b4d112ffd510eb483862b6140bb91a9906e42a1e3b82a72e88166e54c6d559a99be324f0b08301bd9f4896eb106d5a5e0beb7d23