Malware Analysis Report

2024-10-19 10:43

Sample ID 241007-jx55xaydra
Target 1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118
SHA256 13a1432fdda3d32060f5247a070c1c4cd1adfa76963fb476e9ab7688a8c8e7ea
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

13a1432fdda3d32060f5247a070c1c4cd1adfa76963fb476e9ab7688a8c8e7ea

Threat Level: Known bad

The file 1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2181) files with added filename extension

Renames multiple (2198) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 08:03

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 08:03

Reported

2024-10-07 08:06

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe"

Signatures

Renames multiple (2198) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00c.inf_amd64_neutral_27f4ad26fea72eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-iis-rm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP10\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nfrd960.inf_amd64_neutral_cfc8c0013e9ede68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1B.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_de-de_7116fee1a64f413d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_42b5e45217c61c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dc4609a958e3234e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7601.17932_en-us_e07fd19d019a74a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_ecc63dcb30a95dda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2287c2f822f0e8d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\000B\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Landscape\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_uiautomationclient.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b1b24728da42253f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7cd3c1fa77f6077d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_e93415d358c6c7f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_21caf829e53758df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c3f81e0fb137f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.17514_es-es_854818d9e02f9050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..store-mof.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_2929eab78e6e97ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.1.7601.17514_none_8deb83646c57c1d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_42944333cf641a7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_es-es_ada262e79976ccde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_fbee625cd8833528\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_rdvgwddm.inf.resources_31bf3856ad364e35_6.1.7601.17514_it-it_23288fac8e1b0f8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmtron.inf_31bf3856ad364e35_6.1.7600.16385_none_1a632a9b22180b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b686dfc29243d793\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6a299e36a85d5b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5be63c830afcc60b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_87b594ec5063a1f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17514_none_e69401b1ad75f960\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shunimpl_31bf3856ad364e35_6.1.7601.17514_none_b3bc7baa4af52181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f391406018d49526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netl1c64.inf_31bf3856ad364e35_6.1.7600.16385_none_51ac6e08f7ca7715\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.management_b03f5f7f11d50a3a_6.1.7601.17514_none_f391cd7ec90fa718\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Networking\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_646a85b062f813f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_6.1.7600.16385_none_a687702cfc47837d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_24cce9561e5f6cf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85e0efab3a599612\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-adm_31bf3856ad364e35_6.1.7600.16385_none_8a1854fb218af366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7600.16385_none_455b78e8a7236294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_it-it_71b28386208303bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4e9d378fe10f62e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c830d42f42615860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_6.1.7601.17514_none_ff178cca7f9d03eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbvbda.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d6f047b42fef165d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_196567241a27aa70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmcommu.inf_31bf3856ad364e35_6.1.7600.16385_none_4d3b1a3089ccc445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a40ab2ab37f0dc92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_es-es_fe5ae984a243eda3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5de3c853fb27f8e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dff8a2b9c1615874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_71c62979c253e895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_85615a334015f906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dc160164dcd1eef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6eb6d32c0177e5d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nvraid.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_87d899cb5d5b4e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad4e8e231e3bdf21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_50803feab2c2b869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..datafactory-handler_31bf3856ad364e35_6.1.7600.16385_none_d09eac028b5768bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e604b7bd8dbd1d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-gb-component_31bf3856ad364e35_6.1.7601.17514_none_92d51a492ae12096\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_97769b281ba398b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_1c918720a3336dd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GFEGCEIRMLCYGWQ" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe,0" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 9f09b6d166a29ecede86f9ba80083cc0
SHA1 d2b76f02b88c0ff09d356741b9844ae93e754a1f
SHA256 fc3d2d62f5e54e2a841a5b604b4ff82af059196e50d4c08accbd1b721d296563
SHA512 301b5d6584ade0913b97d38462f318bf09d79bb7601fa30af3a1355170117241aa16ed852584d9285f9e52bc1b9b73e51727130e0bd77b227472a9bd6faf3796

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f37bf0498aad855494dc266e7eda0de0
SHA1 024763d50d425efd64a3847798a299747984b936
SHA256 3a7524014f1d24ddfc635c49ab22ef2470aaeff21349b163432bfe78842d5b0f
SHA512 1232daaff317e1fcaaddf474811360ca5d5088381b44712d09631059e0ea24dc7dbdee61662f6f1181a9ba41d3a029ebdf766b25289ef7148c6337e691e54237

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c5d7662459c15113c4a867939e37f415
SHA1 d89783a46aeba3815c0090cb3b4e82e1dcb289a6
SHA256 53ce44277e1e2466ae50413f511fe74f4e7711eef730e5d3b602b32160d4dc4a
SHA512 cd214ea138fd146c631f92c54e5571777d4a5ec8af0282decb5360edeb66bc38246870d50bf4e90deafc863245e27098117f3df45389d0d701a3ece5dddae57a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 d39277ce9f5a888baa849e890f2eaf21
SHA1 c6818c751d8ffd975a30f80b4836064ceb9eae61
SHA256 e99dc5e2ce98110fe1044281ed8543eb8ce3d575b171ce1a86f0fd9c1dc06ddd
SHA512 5fcede64ee105a4b71f47db11e4cafd1fa38a7baa6c9c2c9d1ecd92b718d3f74e255d16a61ac2292aa1bfe21c86b6023dbfdc67e14b2f1a124bc3a1a28f709f9

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 02cd4cd93014081aff28201e3bff2a74
SHA1 bef0dcfaf292ba46f07e3e7c6818fcd36f15ac93
SHA256 0e340b0572e48638914691aa0c5c106f09b8df75ab5d804a079af9d447d2c3cf
SHA512 8e4af120ec766a0cec23ce741f4fbfc545504fd7a6b0408ec8ff38052fce0e18be0d0d973c996df2a72b1cfd76df828e9d36a06c3f7f2534276cb1876927e390

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 b9c0867d3d6833f99f0f1ec62641ca38
SHA1 d00bb162839b91e12c1e7b089e78e20bcac2cb3b
SHA256 2965628ec47343157053ce0a69f4fb65e4882af0831edd6dffafc0ba2f90f40f
SHA512 9e394ad5d1cc21cf9cce74e8e034cdbaf733408f74e641ce22db778565ca65f218b05b8584d0765c114212667f4d2c04352c66575673b8e05a8c90a6cdf36c82

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 d73f236bf71e8a705b90aa3c11d3d8c4
SHA1 b895a9a6eb2f84c91c9234d538b46316a87b6355
SHA256 45318faaf124888cd41b3f151d29369effdc27e360ae4fa33dffd9ff4fb89d0b
SHA512 b4dccdadf2e210fad3b73b73c53eb274910a836e0e8d4ee4bc110aae44dd649e61625c3aa560f35f48a2f9721c8e15be767f31abd4d429bd1daa3cc46b33fc1b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 c4919a618832780be66f26fd50586cf5
SHA1 a968645f1165464f397f6921e87535beddff57a1
SHA256 27bd42284973026077d3a56d5f4e89999f958afef021447498ba3fd588277ee4
SHA512 e01ff24816d08f3b470579f7a8e1d86b3ef8868698ccb3c2ad51994ecddba9c8d29adf2877c026e54e7c1825fd88f0e317093902180f288d06db8aebff5fb935

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 d3d3efc2df7d76678eb5ea126ae2bcc9
SHA1 2a29ec8c166c947e9f399e5f6cbb4acd70de83ec
SHA256 74d36f55a5b7586ff85a1563e60d24c1990d2bc2766757e44d38a5f43d3bf733
SHA512 eb401cced72ffb3a70856be0f9a2483ac6b9bcdb1a08dc456a0511ee61f3d203a91fd827ad0bc7a47812d713768dfa57d17bad938ac8b7bc3904efbc8193a319

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 6fd7b52a55e6effb3d3fd4799fe7cac2
SHA1 7f0007f573ec5e87e186c4ba106f4fbd945d40bd
SHA256 2cd145329ed274d8777146de09690a4fc2566dd392e2621b2410f006b4cdccff
SHA512 5a7fbae0dc700741dc33b55bb52e085bf8646cfb7f2d993be962a50a96eaa1c3eb6fd167bb98bfa2773cd357ff6aed14c6e2cbbfd6facf62b5a23e11894995bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 b6f3e63932e4ff85d5a523c3b42fc423
SHA1 0261fe0d71c50d0aea491ffde84db3711b112016
SHA256 069b5f59f4ba2cfe5c2ad20fef885303f2d01fbf997a8756336a985d2d6388d8
SHA512 6059d5b8b0f86773378b7ef95d88a7ddc668b5a02ac1fd7094339c9f6cae7817cfc9f9bc05756d07f90aad000a4622947445d5358cb255c0558078645c145809

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 e65eea3e02ba0691a4e14185ee2c2903
SHA1 b8b0b90b01ebce08dfd35dd4f10aaf6e682d2282
SHA256 46b105c3c72fa4b632492fd8daec4dfa3dd796963ba7b79e20b49b4dfdb99c51
SHA512 f707f67378e0a91257c218214f2702a1e87b64134f2f0b4a99ebbffe2f6d95e31ab8ddf3829d820ef27e8f68241388baa59a000d6e6bd18651a26ebab1ab17cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0e421f53fa0a579718ce76943294e2aa
SHA1 2c6ae3d04e9060da8952cb2b7f7c339b4c9316cf
SHA256 886c43bcfe6a60e13067376e6e0a1c60dba2080a1421a06c11204352cb720472
SHA512 568965bdf13d9a392e6a577eb542d41a223d9a92d778fb6c662f55a4fa25062cf72638f4a4d69f84f39516ce61a3a79063db94a698db7b88140c0a8cf9f83fd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 8eeba62d6e2d7d5aa3c4d442e803aad6
SHA1 fd3f1b4326c3e09ab91b323b9ead017a4f363830
SHA256 56e2a22f92e8a3804e8b582409b73529f7bcfab1cf591f816ffb6e8fb718e840
SHA512 b014556cce8ec58646f54aaba3308611090cbbfdd9283b7364e696140091522278be2b7d0a3f525aebe6f8646d11201e3abf3fc1a9d0be763688051703b100cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 38f0861d2b726325d03ee9100e620f5c
SHA1 eb2783402a119829f5dd79f6f98898620994762c
SHA256 f72ed422d13bd34f05ba2e9278605e8e70d4273ce0009aa6402f9bccceefd098
SHA512 849c196bd3d56e2d740f7b45ec75ceffb61bd89c684df284cfa96bad8f1889e0576388e26571781972c7c02a593cab73fb3df2249629d74f88fe65cc0142131f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 c3077e6395b6ead3e786b7da6582feb3
SHA1 6936d2a5c98e5578c8b39d8fb5a346d63150488c
SHA256 2c927cb3e0aac24a78e6c8e551ca6020280d2a6bda514d5cb351d538bce18653
SHA512 82a4d9e1a613debc243be5131fc6538a01906b3f9cb46edac232dd1ca841eeb78862464911ebf433696620029e10d0f0e10cd5e77345ec8200ef5dae16283dad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 9c13c30bf41c00e00c7de740b7f04e61
SHA1 a135507f93d49d42f2d48b8e63c29cd659e3ced6
SHA256 b92fb1282f9de4607a040e2a2ec564ae3278224d38f41f7892f0f2c963a0120a
SHA512 d53287aeb4b1dd5208b86d99105e77bb0f2f59ca331b8e2fb6110a6be5ecf42cc36a804c7e8fbeafaf747b45aa051097830bd01a38d9aec54dd12b816b1a8a58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 339b8dced7aadb19f6954d5bc8442c23
SHA1 ed49426b492c5f33850b8c1baeaf5e0de129fe7c
SHA256 c7e9c0e4d68c6120989ca3919e59094722d390d99475ae0b7addb85cad173763
SHA512 88ea602ff4916bdff48b6e82297278f3bcee0cd089b7007b3e070f6e8fa9c963bfe366a0d26ad83d753c46a52831e7d52a94cb681615f48a4c031d1b4500e127

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 e35f23f2bd4523c1f01360b02089b662
SHA1 ce1e51431107d36d1870c7085d20a3f703a5ca61
SHA256 ee844917e7459fe30f6953f8668b163b98f3d79fe6150120b2164ac9c63eadc3
SHA512 56eb9b50246439d3597dcb13250a0ecbef405705621ad8ccf5a99513fb0d1da5f1d1ad605341f7a6b68c703106d32b4e45e9292c3aa7992a7efbfe7105cb7bba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d169a271ef7826b43260379ca82cd042
SHA1 608be5faf517a6a2d4e35453ee5b8c784f0054d4
SHA256 8cba13bf3c8a45744586c1fdfe5a6ac9535e5e5b16411b087fb7813d0fc5f06f
SHA512 e87be9cfe2327f5741e7e218444a84d00b782f222543e1b2f485fda6367bc48a905345750e0782ac9e965b9b67ff4707d16cd9f663be0adcb9406f3972d1e72b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 901f890fe8fe08852e5186cab3317948
SHA1 b6463400c6168dda60e4d752c215a97e0ac59ba5
SHA256 d1ea46057124c41a4630e1af81b3a98247a7fd7ae1e839fff754c387c9e4e459
SHA512 bbe48af3936269d42e55c4ee36983bd1071e7f0e6b199d2e9f0cc6a4918603e2f7c7fc89b4680c6fc904fda1ac89bb6e944a8141a3cf2e4bde272233c785f39b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 ccff2049448943e5b1963c2b1dedd0f0
SHA1 fe8653b6515dd80a750434ea7fca6125fcac7670
SHA256 3739b4214909d12705b6346f6f14fa62d72384ce67b88d95d2f3812e44ca9cde
SHA512 6adea22a25982fc262ecc1d09f9648d828bf01e2146ba2a031292786339243b0b7b6c1f2614355caa4ab1c2a59ea09e141afcf39044e4c80d5853e562c191a55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 3b99c25d53830ae65ba825fd61e53b83
SHA1 811d500ca9aaf2b968de7bc670c942ac8935ffa1
SHA256 69d5539270d67d441f51d5995a1cda2d2c095db35baa1d67cadf7a512fae6b78
SHA512 69239b0fe973d139115ddc34c23a49f884df0a4c459fc581d7ff26cb2a1bd857ae825a0172b45e92a2d4d8ede5165c7add7ffc180006dfe77a594d7b2655ea48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 2540e7a9e567b7040ffd5bb4bae75333
SHA1 3a8b85b6f197446205a5e28fa09e5cf040665557
SHA256 70a64d4a03fe749c68fde08ba751aa0827222b7cd50b5076ec35cc96e2217cb2
SHA512 77195c6a3f3d7073a8303aea5a01c84b07f27ad17ed22730ab0604f226d0ac1531714884bd0ee27a268ce13513831c6d5fff6fa8461fcf2028730ac0b045cc89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 c04dd893e1ff9100be004604ee4a5c3d
SHA1 7f4f15d898365056ee7c7e851e7abcf364b69375
SHA256 7b4869ff112632267166e063989da908977a75920751466c3f0b1a72a11213c6
SHA512 f71667b23d1a35b8f968e07fb8a2ac251c73b1a3c32879928125b301480201e7ab8de3e58b000c8f5d684f52c1784951aa38acd134d53c4d3de54ccd44be1ed8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 0e86343f9c958483c8cf18b58c502c01
SHA1 fa090cf95f299d66520960a3ee8d1213b28d4227
SHA256 360b8c8881fc293216800ec805fa5f336b023b9108e1aa8977ee79f3cfbe969b
SHA512 849218269dfa89b8c8b8341e5bdd896b919d1887bfa0282f8eb75e50368647a5161f5fe8a127d6eff04532910e196171bc0af0f83333019aede140c333d41429

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 56d0235eb9e6ea4628a2eff3109de0bc
SHA1 55ddcb6c75a3d139850a619185be389e8fb37b0c
SHA256 2dbbd4790f8428633e10852390d4c5d74c944f91c99e9cc636acf4bdb4f99f79
SHA512 6cb047104c1ba42226b5e88e1997b3b9ce08334d9984365884e88fdf974830ef5681ccb93637ee9a51463440254e1aad96813bce4272fc7393a349844fb3ec23

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 bb5e7eeea868d3db4e1fd9d7c0e34ebe
SHA1 27fb52c4e52bac182f7ba41196fe5db47ff4268b
SHA256 ea838e74fe019396f7cd880142149d880851d9355a8e5adb2808f3bf9ed0c2a2
SHA512 0334af2ea55e7ca9d5272b725f7f9dd0dbc59189c633b4f0efe562a71c2766d13ceec6708880dad623bbdc2f465e66e2a688e641dcff93cd853ca7ad7941569f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 7c0fbcbf191a442bdaec72bb1c9cf869
SHA1 75eb7ba1c0f753f4dd786d9f38040fcfe776fea4
SHA256 f93447cfa2ab9546cd4b5ac0d8547daf85301b269a737e246f04bf4866d9d3ce
SHA512 bb752333ec1f42c45e7a77446516363643616fae6846b26c96082e42a7a4291a4bf62b7a694d82294ddb0878eecc5a5210136765cbf8551b114bbbbc460625ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 bf96dfc8a542fc719ebfd63ed288365c
SHA1 8ebc59b0990c39e7ce382e9f0fc194c906197d31
SHA256 f99c8fb15415a6e8314f9e5b1d3ccf518962eabecf9fab6e305027b34cbb3d61
SHA512 022cfcab3f242421af172f7431505775f80989d48a254873159abf866e01bf2a72e2502624ab2ee500889af7ea7221fb40e86c5d37c2ae611cac2dc26b6f3161

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 b92df143d0a6116977489e2879439230
SHA1 40ad51a5a53c63f795302fe1be769fc477d3b8b3
SHA256 5bd5b15dc1a98cc89db62edd83fa9264ac2e49000bcf08aa426fa7a11ee65ae4
SHA512 f8098c33a1ff805cf0cb6505af9424b445763f090884178e461377d854659ed2a2a358b0fe9a2eb2fe7ae22c7d5ee982f7920e1946305a87d13b9b2b92bdedae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5615e66d15c61d4d0eb6cece2ea897a5
SHA1 2b2e4a29c624a55f9aa0c2272d989b1f83324443
SHA256 5fbc4840de26a2915e6555a74045d48f52099eb65bab9d18bfb9ee77098ccfa8
SHA512 a417942d835b08873036d7069681ae600f2851c963cde76e3fde85c23b3c55f641c75c87c34868d0f43c27dd52cb76d15da6e2a2c30baf6acc0a0e9e4f8518bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 ad85efff748a9a7f3712868225cf58e2
SHA1 014a2620565543141feaf7015c80913b86b5ef34
SHA256 a96f2399b8802f44d54cfb47e201b22b7bf799dca7f2a149201a3ed4cb496b63
SHA512 75738b0f68abec64d8c35bbca9b5440f3d24a8d2977898bee668696894d345ba46a0f5aead3b3ec28b38c639d8a6cae61ca762513fb244927acc2857c0537e14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 9448a89ad80d21fa4b04b01b952c7df3
SHA1 e7e9e0f62064f723ed48af9c1893eee8db0e2367
SHA256 3e3027cca4af2d2215afa8fa6eda016916dd338396a9efe97ca6a5f9d8100976
SHA512 aaf7959c4da181340140bcdadda6ef84ee92449e7bf877cc687b638c4986a635a6dff1d7ad2d9e3f1c3373fe48f6e886a023b9152a0f2c42986045d0fd1f4820

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 36c2f135b43762ccd2d266cf3a456701
SHA1 076c680cba0902f9bf78fb3ba7e134b48fafe462
SHA256 d11546468d691fac33057aa51b3b18ffb41357c4014ff42c2501152110342547
SHA512 469317e19a92d7858cc96314f5b6fa52a3d34dac656a05bf68c75070192b8627ab412b375f2ee979a0f2556ea5f9bb3ee0661b79d470e2b0c8aeeba037cc0382

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 f9481abd954fb2d394f9e0f16d628ada
SHA1 13e75eec46c12eb8e88fdffcad7337646bc17cdd
SHA256 1a2713b6335c3007502653f4b3d44ed1c384dfc4bfff12413a6bef1bca84b2d5
SHA512 0eedb29cf6f9dbbc8038ac0e49ec62dd64860471bf6c3c8d981048a6e148a1fb1acac431d2a60a5ca558e0ed0115cf0f0cfd96f280415ffbc62a002616708b9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 1392016631be4dd3ad0509ae5cc37ab8
SHA1 26c11d59f1220e190fd7f53413244ea15e3903b7
SHA256 f0697b4ad71ac103290bd013f9690b90109f4bc6aabe4f5dced4316e73193523
SHA512 35ac0f0e859c99eab06b5ecd931217232322dcc9d68a80204d4ec8605460b0f05879e5543d91499256369748348edca116bff7a45315462b6eaf9bcdeff3680f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e03dd936f4a416a446080f27c8999440
SHA1 72dd400f1ca42262c823f8beb51be8748a9bc86f
SHA256 48d84881c4e77b66ecc6a7ba867873b27e2d6bb0c992d750adfca95b8929c483
SHA512 8e232f3108b948bcb81768ff9f2692b88376702623f51048be6d7456ab065e5fb6460770ed5ea9d55a217fe37b1e2fa950bd83dcdb09dda7e7c4e9385b7d02b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 843c287285a45ee2b4255daefb4f8636
SHA1 acf5148050b7e19d1c42876fba000964fedcbffa
SHA256 3b1760adc2c6b778ff86f99dcb8d78a74db1475c89c23a2a11703d0d799a9baf
SHA512 39f6ad697efb8aed147bf59eb17fcccb408226533761c852168c588b5c2ef4542a38395f2d37cec7d52f3ec202a394616489ab4f3e757f440aea22d0395f239a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 07a2c4ee8118a9400a2d82f22ca700ee
SHA1 27ac45a83d761e2deaffab764701a99e5f12497c
SHA256 53c822d9061e3ae3be616573ccc1102402882803d031c5088040d7e2226f4a74
SHA512 977f65401500e030b48ef26a099392bb9d5fc9711b41b846715c9434e1625be2e831796039b19ad198b2504346e62a5a566aac6e063c33aad7a9a69d19c5b30a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 156ca587c7324155d18036a1b33f11ee
SHA1 b79363d3e3510c5db7a9a4026639b24a93809cfe
SHA256 011a24694f8a14c73821f4691d7ea4ed6b214167d3453074bcc8771cea42136a
SHA512 87667cf9e78ac67cd038aa0434a0f46576a9ec5516d5273bbf937d3caeff66b66a68d17d24b0be9fa5cd79df58586cf9ce0609bcb9ff5bb82acc84b6cbb5cdbd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 336a001ba89abe540bca6eeb8e3e4652
SHA1 9ad0ffeedd8071feb9b8a23f8c8357f086d5ce9d
SHA256 d83430d679afc4e5a339ba662b53484a0bdf3c50ef5815802605b8914b945731
SHA512 815cc8dd9b305160cf58947b97f1d139383b3a75fa49a7e049224e18af46bf4e59ce267374047cf95c131d16327713cc070ddaacb2f4b575011862ceb7a5bebc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 b36025635739ab3dfff8e6c70c9afd95
SHA1 eaf66a53c309745f91308764c6592b46323a2ab1
SHA256 11dc43b9fc6c209d5b7e27188c12e65752c8d2df31fbe1e8f881689a9f0196ce
SHA512 e91c851a2f265326ebf13ccdd92208f16027acc57d1dfc21a9270edcb16af23163387549084ea065f6828fbd68a5a6660628754d3fae7f1f56d59b5ed721fe81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 da6b8b6e85ee8580b61aa91232c9f07f
SHA1 38070ee8b2b12409b44cc1e24983ec0809a06afe
SHA256 15dfb758c7c0d00092de6f135d441c3a9fac9962c3007b0216e3cc78e8527530
SHA512 be733c15124025582ac28c41b8f8d02ab6e068704e0546593fd5e3926aa7a55c487a2571293c2c9a0ea144f8be66a3b8be3220f9f8027ef4c7c982a5ff24e1c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 7bb900dc804166a7cc1e851b7c23477f
SHA1 7f7fcc2e77106c528347551b9fbfbd2c82571f6a
SHA256 fef8b89ca382006a0f392a415bdb63935f2e0f0b9349998695349fba9c78f29e
SHA512 55c62eb3816122fcd57e7a23a0351cd6f8faf28a9c66a913c990624a1e265dfddeb9fbfe7cced3a82f7e1c91b27874a52b94675f530622fcb0c68f10f161aab2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 9d63c8c917781064379d55b6a5122e1e
SHA1 ad289f0937a55bf8f32a04c4111abecd2edb7118
SHA256 d98ff130492195774ca2aa0d48a3f1264cf1d11747ddff867da573683a710834
SHA512 e1385b97160395d2750c9b646fc877c71a3013d3024e6c57e26325c2c8890b2370113611f3c97e6042fc35725f40e4952af8f18d2985b67d2c927458fd4f58dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5225b6a31372426a5e4f4e3cf8f55523
SHA1 764287513595c9de863d49eba83c5ce8caf7a249
SHA256 ab38c9d39cc25eff15d0c003d9434a097740cae7c0211e444241f33511d89c61
SHA512 d4247037cabcda978ee8bb428655f6743f2b7d83f36c2777ed909aa1a41b0e2ba95d27d7c0ae3d4bedd93d1711b188a9edc22de3ded3d85ba033a36a01527e9c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 327ae26d104a4bbe218a03d11b499015
SHA1 a0c270d5e5356ee2c7b68c579588deed163fa6f0
SHA256 18053d583bffb1b0ef11be2592e802bc60aa5985d78800e1c89f767679440035
SHA512 b7c05e4c9a1a532beccfa6a5896bd56d666844dad71ad49e1483d590a33d29ed7b76b3147fe653faedc953c53a8ce8fac3e250905a9f858de647289edddc61dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 a3f8f4c43a96332fe6d5e78a116e55a8
SHA1 ea9e175d529de9eacc73ba40fc30f4d17920139c
SHA256 27d7dd44bf67925fdbda6be8c8a36d155fb457b2e9b60172b6f2afeeb6ed1c7d
SHA512 66a3fb2cf36f532526ea701f7e4c59c2b09c9f6d3fb1015e3218ebae8831d68b0466ab09892cb85dd0088e32e42d56cc6907406c241e6df6dc4e544897d32aab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 41316b8109750c9cf5c6ff54c5f262fe
SHA1 e4b29a5a3dfcf0ed81b6bcde497e3d03682b8bc6
SHA256 8f7c32ef0ce2cbe261570186719e190febb2727ba300833d78c1747c2bf13205
SHA512 b01ac8d9b378c770460b2d379dec3146e3ba61d7dce50b3711250edbda142cd972bcf6fc9ff49c46cb956134d6f61d1d3cab5ca7b76d73494fe72672fe1f37ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 cb96e00c5e2d0fce43c3fa5a0f8d45e3
SHA1 84cf00cf8d177e029247c2eff5a7cea33bdfd8bd
SHA256 2be1efbe81eff3dd8e508061615091222064fee731c9e8f51542be74c1da9ab4
SHA512 0832387061fda573fc407f2277981bbcb4a7f77f5a60b7fa2d01b95be17ede2113cafab62343d4295cbeac2daa69a2aa12fff1cd538d8765a7e9745024ee38ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5ee8b90e8bbe8075311ff531a5d2b690
SHA1 3090d4d3c6122dcdb7e14d91a804ca02790a65d1
SHA256 efc508512091156aa044c990011b1c0a187521df3a1c76bf2f7636f7da92b1e8
SHA512 120a0a4838df30a36a8257882b6ee77a14e9c0b91c010381dcdb956b34b56b4d4c881bdd19bd1e397fd83fa40087b6059ac77231e41b5a865369a9e23a2b5dc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 9116152c06185bce43f8c02a4157c85c
SHA1 5a2e20095da69392ec96493fa2186afc04c3c091
SHA256 19f7ce2e5f21f628f197435517e070359aaddb82d3e4fb9a2a5600f026584920
SHA512 5a4598156671adbe58e0a046ce145b37048edbfaeaf306a1c006054b75b8f5e6467c3a8350153272252b2abafcd4f45d02b3dc16b102251653821e23a84d4078

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 eab44ecedb228654df19b3b238bbba8d
SHA1 1425a1a6049cadea68679707a002445707e541f2
SHA256 5311ea6f5f76d08ac41f8fbd1747589db04837050a6a23488f569dcfed2e2d77
SHA512 d7c3228a280d8b1d7d4a44e00e40c5a4bbf2ae1f661c604de151fd1371254343965af13bd521d401c590b2305c4218246c7cdd0df54658b7310c0d434805473b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ee9d26e2642146c63f2f18a0c1808070
SHA1 5a1efead39542553c1119957006381e71fdc8069
SHA256 2622dbc3ad72fad08309f9a90191340946bc5ace6b1c4fa3498e0f00a0a0b369
SHA512 bcf67bf1e1123a425bc88ac6f362b8c540b4d6fb2c8802f74625328d0ebd0a212d612f1eb3608fd80b7db9bbcd5fe0feb30070c9070dfedc8c07b176204da44b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 bf4fc9d2d2a66e4936ffe07fa1b1e7e8
SHA1 46060e84ba4d5ccbe9977239020a6d000a472724
SHA256 91696903e01770182dde6882bc5cb4e1dc1d8368d219d9ce4a6783ab9f2e4a4c
SHA512 77996d1e10ec5d7652f5abfe7135e275eea30608150104e858506b2592449bed645e077baed5f18f7d998dcbca91d4d51faa250bafde15c49cc60ad8018a7ce4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3836a9be43c86ca850fbecaaa9dbd411
SHA1 f84068182e7430950e80cad64ce31e294abd2558
SHA256 9f2756ba83ea6b7121f131acc46142cd2b218a0f3d356916d1cf770cc14fa7e4
SHA512 ad38dca1d0f1c2d474f03bbfd2918ac77fd4fb8fd519d84b8a6a00145f8745531780927eb9d83297e341c358afbcc447f40f101902909811058f73400c677608

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 0b126962c96a69229b1a956e53c9fe9f
SHA1 4fbaa61e5032f986e313277cdc33a2d5a031aafb
SHA256 7b7e96d993b7648d23317f36b7a7336a3d51ab83c70515b7f0c4cccaac974613
SHA512 b88a58c150aaa1c2075ba4f66249e273c480c63b369b496daf38abf10d05c64f527c5c21d1d674ecf1af1a79c3040bb9efbc7ca8bfc4d835f5cb2039ce67facd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 633c4dca57d88503b51593c8ff1dda9f
SHA1 926ef33dd50d08cc182dbaa158137613427fc24f
SHA256 ed5bec85ab550cb189c9068a2a4ce48f93cf437c6218390a2c92406d5c170f63
SHA512 7e6c8fb24d5a8297e14809641f3a62e76bf3e0cd4b8c274a11617cbd1d00ab7c4d958bc9ac7b15a9362b58a8f2328b9d540a8afcdbf2c4a1a63c7fec4a1e513a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 88087c78c1796abfe61b7a5ab015dfb6
SHA1 f201ae4cdf776f8c918618deb1717907eeafc11f
SHA256 04c3d878bfc34ffd6dd58d5afb57eaa0d2ceb1b5a4f96cfd9020f8590399b221
SHA512 ab8ddde06bbbdf838123121f7a8e65847117f338571e757ed992994863520f4321ece3a1316a26d5a4b16304b428ab9f668413c9565527e12b7ae822b88063fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 11f02dd0b1d6dbc6a34be355f67db552
SHA1 f206ecb35abc3f200e19c53e36808f2cddd5f313
SHA256 ed1b716004ea4dad8282e1aa90fafb53af3537bc6f034ac440f6c3ef65d0a1a4
SHA512 30273ec10a7db654b13062f15f6e9a2155504f8cea02239e003de12ce30ce3d121a509df43d575adc0c59067117576ccf4f93ddb586cd91c9f50ee14f338cd47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 8acb97eb4c092d754d100eeaf7e5e343
SHA1 75ab7634cfa0bca669959529430b4c4d6749528a
SHA256 85238bf5a1778c35356e6d67c42a5220c039a007f5399cfe2ac2fe9a6461ed85
SHA512 1373d58442c6a5b8499eaf05f30736fdc1840b73c37207ed4ee85423aaf63cea892b2dca17944d0738ca7f2e7b4fdd9c05712d85bcb1cc6233a48bb06d8fa1d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 41363234aae18138f52a4dff94f82ea0
SHA1 610249a76f6451630a666f45281495ac9c6f865c
SHA256 590e05e7c32bb6c901361162e78dc7107fdf8ec8a5223ed28175cf394a9ca14b
SHA512 9a6eb50af09cc335172632697d699b2672ef8afdc3d8d7a6904b2ab0b4e401b932cbc3bbda3730b4cc39fabd5c043905d95b76a5b6a67f92a898914e33dc6760

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 1b42902b376de582a9bc730bac149949
SHA1 1ef0b42c874accf947c5ffd1bad3dbd4b67f7712
SHA256 096c6f93148ccab15f039a3c6bab0909d4d892e2960487f3d8093676b204a9b6
SHA512 f8c32de373ad40b363e57348e024b2d5c5d9cd791267a90c133b7f33d9c28302c91bd2515d514ea3a2fdb496ca8f2745309ae42d7c7507a4bbbeff197f450333

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 68267afbe3e819edc02a2830a0bd5c63
SHA1 f8de658c1dbefa0efc385cc6d52ae2ea33166e38
SHA256 dc12e6e39806f7111fd498bfe84b96db478bcd4890097e99ff53f27a6ae7330e
SHA512 1e7ffedec2f3277849093cc2d1223a39eccabc427f6a4de8e33f9ebbe1a51500e9d9ae208a22c6a97d5d2df08fcea81160377e750a1f4a94dfc16fbd943ebc9d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 acffff2fc981468736703be53ae1c00c
SHA1 f0ebbe92604986aab89e319d967a104f53638c1b
SHA256 7e7b16e583f7826b703c53e5250e33c70d86c344a229eda44767218f76f8c12a
SHA512 48e084ac10ded5dff51ab8f381dc08326456ad1bf3e10a7c1634a585e3ee981f750895a65a37087f12a31213d3316d76a99b889330794f7e914a81586054fdfc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 34587bc90464ecd08c3b6235929b88dc
SHA1 5528705c8982fc96eaf65c867708f25c9d7042b0
SHA256 ac80905f9ff5ebe4325db2ebd9c87f8e960cc490c3b700798942e06863551492
SHA512 2993ee10b94794031e4bd12ce801a10f34de3e9d365abf976881ddd49bd59afaed00265ae291fd8d420a7d8d0131e549591aaeab46fc5a2756a48db3c7ccbe7d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3f24262ca8ddee3883f81f4c4aabdeea
SHA1 9dc0b51abc16f284d502fe9ec78a59b7337bdefd
SHA256 5c84c4d45841164c872ea0aec6b1f4b48fce4f79ae24ec5234165dc6416bb862
SHA512 74a2558a4234555ba172d9f465cddaa463bda439e24aebf76ae756369e6a9a80c93d089af7e331046967b5076ecc1d5221eb06f7ebefafc15178b3251c3e69ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 227c4f134d5bbf77cee8e0d5d2444d7a
SHA1 5b9e86ad41d936bacb5ef11ae484cdc9c43756b4
SHA256 b529300a3b34f09f2d563efe1caf105abcdac9b0d810b9b9121f93973b978b6e
SHA512 7943c6a615e0a0509a10e6d5b0d8d41d58144d27d89b4a7bdeb134952d3037703c243f89977867e871bfdd03d4ad07d49504e156a7a3433b426c77af338ae0e8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4713f1e4c9e4ee9b617ba02cf4410e92
SHA1 9ab0e1239cdddbd3e44bfc8363e1900a890152bf
SHA256 897d4fe57b1586c3b425c2c8baf13bb25188f529c9deea2871ccc4b83c86068e
SHA512 7285e0a5afbec2a1e1ba7dc6727a91c9bfe063bd3d130f8856fa8212b009b8490c74f50a891ff2280260d4df096b07df9084aeb01b380fd45700e0eada1802bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 093fa11007ceb5f2f29883ac5cc02dec
SHA1 1cf1aff3e24f4ed34f60ffd9daa9fe8299b71451
SHA256 ca1d39bc42dbf20f57d630da6e3632039279b2e8de4638e57c64f3a3bc5a106a
SHA512 d0c61b1e06394bcd080c1c7542192959dda0859c72d24ba4320a1fcef0e2cb82e5b1234146349916c5f676031b45b132f669e6e78bb900c6dce0894bdd8c6235

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6fa802bfde2985901fcaba4a22b962c7
SHA1 cbf1cad6d2d29f4159aaa5695eb5f102601b5bc4
SHA256 d148c239edfae63deedd85081789104e6503bcdeeb6751c4fc6a2ff9df358555
SHA512 884e83bea426f120e3d1254a0a853f30e865cfd66c701b0a59f81ead453b6e7253c1bfee84527dd52c5abb2746fe746bbf77aef61858eb8ba1cb6f96ab82b438

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f4e7cce015586213ae252ccefa83d75a
SHA1 1a37487cb53826d65e85fe989ef2d2fdb40c8bba
SHA256 1252568a3c4166129871ff99464746252f5f2a1f2a10d12edbc88db077a07fed
SHA512 dadb624740ceb43e0c5775304b39b34803549c9f4928e3e9cda04842d099759a1318e84666fdb5150e8f07cbfe524ed0c3dde75e1aa7ea18075efa24897e5ec6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 15a1c4f08413f2965af8f19715eea8e8
SHA1 d6bc5d1fa3e14b47f4263e6415b29e9365f57e8d
SHA256 52108c1001d6efc54861c23b9899b5ff8c59574754dc42e27997172ae002a737
SHA512 2f77ea172aa53296ac1117c93f31559416b03fa38cdc9a10895a395dc3ae5d03610be6233f1148733d94bb25b77f4fa52d09cb87e098431291ac31f0a0c19318

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 e0b11c77c19000be6d39dff6f07320d5
SHA1 fb9088e7c3d868b1b890148157f1446575001031
SHA256 0f1835d8c27e3ffc97849391c0af80051189954d6003f5b8b394bd335b05cba8
SHA512 b34bda203a30664becb4581906f9f29767083e9c5943976b8006bbe119e474f0123e492b105fba555c83b19856708ffd43c04a24eabee670fe299d6506a7f327

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4e2247e8aad9799554d53d0f70a5a1e0
SHA1 6f645d9142af5a198d5f5cc039c7c7e3d2e981a1
SHA256 6e214c7297098dff7770143a985e65239173382ad055d24f9e02894fd2dba037
SHA512 36cb53dcd5d056f028b63aa1b762e97ab870576e4c51c135345c718e9aca99d440885357c0c8686fc2613087df84814507eecf6059652a5cfb2117d367279e40

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c510ec173c655cb54682dcd2cfaffc74
SHA1 605a0c1452b3eb7904befb43aa3d47579c9fcc86
SHA256 3a7dbc045a57af1d12dcae93a24a0022e61cf85139967bafc483627db3f6cd1c
SHA512 2fb3a9fd493f71b5da998f920baf0747257a211b0a87436ad682264dc870f1102d11b80c326d189e39e308b6be7b5ec62fdc371eacfdfb5f51a03f6ddeece0ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 c9d0194a676209a01f1c1704fe2341e0
SHA1 fd74738b6b79e58a57892d43e866caced6486eea
SHA256 f8d6187bfd999cfa754d9dfc4c2d605fd709eb4b73f32b167fe301fbe2bb3d10
SHA512 939edd047afea6a1ac2f9b6e5a96b0e41da6e6a25a3db188de79b5fdc6a8779dfc11c46cef00925da1e886a658b96b508059966d5eaa8a87abede8ec89aa96b7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0b24dd757dcda13d7074533330cf85cd
SHA1 939137735d3e552276273c49efddffbfb96ee9c0
SHA256 fe4bbde06891baf820409a01d81b347dc4edcee0f229cb1c07e6905fa37cf495
SHA512 5024500a865588e79970d11c170ccc911cfcb4e9991bb3c3b8dcffc1c5f0662c31c0233eea091a0d4c41dbca23220476f0dfaf6dfe4c6ede9074d874dd531d09

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1c37c1f663e83afeda86612658b8848a
SHA1 615fcafe2ce8059178351fe45c35e8eb150e7cbd
SHA256 ba2ada9168ae979657629fb5050e9e9aed2d4f35b46e423a755b1c0f45f0fb5b
SHA512 274f1c43ad0719d1e5f8d47af5cc5a82e26ab4a68a3bc3c62fba05e346d840d366acd2dd21263f6c54aea353c08365db2e0a58a8e89d9131643f01ef54803418

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c7ce26eb050bbc99c3dc21be2e4c1f5b
SHA1 ffe1979d12bdd334b743c05f4b47dd76ce056735
SHA256 29a975e146f28749a7dc28f134f242d546763be37984e63c9ffd3680b92738a0
SHA512 d586777c02b77199486116a0d797dc85c22b836c1b60000c0cf661e0e66d6ff877e98214c4df330a50db43bd40a85b1b5ab2f2730a0427e9634dc8e3eabcceea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 3a354575e757be2b9915747f7ed615de
SHA1 16372e342d7f6cdab76b9d57e322c00eb8c73683
SHA256 15b828e42ecf68571e7006a347822d76f1021b37ca83885167d8577bea5cca46
SHA512 f47131bf35b3b73154d9d4056db238bd63869a9c86766c567facc51e379879afa388f5dbf42e3a89f0b832493db45f5683544e93fa35b7201e0cfed83eff149e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 57d0efa2b19aa2f238cbce9b667ecbef
SHA1 289c92824f2f4493abd20a1faf69c7cfc2b3b5fe
SHA256 386818a374c7b1d5729ee2151d954bc9e46b9d97924b4ee66855c92c9df6c54b
SHA512 872c392bd6a756a0ed5985d9a7a2f445b7851251c47253f7ba4971be8ef4542cd70ca976a10194d370368e980e92928ec516596ce38e349fa673deed3e045134

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe96e7175b1aad45a823cf5671721cba
SHA1 8713f76d307a13571b2c8a623896963327cd57bc
SHA256 f6a02e700bba7858118d821bb205afa303dfab29e45bd1727893c27578d146a0
SHA512 e03f7c04b28ba2a4afcd7c91e31466a523ac8c1a89d647916158600eac882e65eeafdb681d428315d100267f523a746a7512722c238ab7f10ffdecaa985fa413

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 09a6ae85c2d7df71ec78c590915e32cb
SHA1 76972c8b0c88b6cbf24e72283670438ac940e1a0
SHA256 ccbb169f05cd1c29fe3b68034351afeda3a9b4ed99bdc64505ed9247e42cf8bd
SHA512 175d0cc1aa34d60f19ee715887022b52572d261034604935ee165ee39ae3372f4d1cc9a84eb8d36f15cb95dc3128997a56883fa83f375e183c7a95661d04de08

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 5797ac0a5e6a1abfba899efbc1f052ed
SHA1 bacfae6482383834b7b182e37680c00470ab2532
SHA256 cd69d4e7171917d1f26a85041d8b6e35eb42331e078d63db6751cd16cd307c02
SHA512 05bed8601e4643b37fc975c334d233c8bed7fb34ffb7c1f1dfc2f3fbbf0ba84eb54c5edc1f4ec38ba579352d164b6981965631e9ed5634fc9ae4865b89dce972

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e86e6008232457bd7610515da783385d
SHA1 c9f237ba03ae72daeaed303021ec9c77a52f35c2
SHA256 c2ac0d7a730ef56071ce8b5bd28556dcfbd23d07be78369ada2b754d1f73486a
SHA512 b9473aa5f2cea3fbcce967ef56b13f49d6f22befab0611a3b7c4dfd041ba6c265c5da349b16951a9eb5fb27d6bc4793ccfb5220926d0873ae6c8e19f97076342

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 08:03

Reported

2024-10-07 08:06

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe"

Signatures

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_46dd0342577f43cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgip.inf_amd64_90ed6b3fdc759a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\dismiss.contrast-black.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_40x40x32.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\Logo.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\3.jpg C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Medium.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Campfire.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\Microsoft.JScript.Resources\8.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_241ab48489eba60d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.19041.1266_none_520c37db64df4084\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square44x44logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_10.0.19041.1_none_431c11f7f4924730\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_45fae9563f9b4b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-default_win32manifest_b03f5f7f11d50a3a_4.0.15805.0_none_9d83d0e579e4249f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_mtd.inf_31bf3856ad364e35_10.0.19041.1_none_644a62f5014f91fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3d89e1db26aaa849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\saveicon.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_he-il_c08ace013361a989\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_kvpexchange.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1f87545f17283c29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wordbreaker7-mswb7_31bf3856ad364e35_10.0.19041.546_none_c244542508165644\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_83b794e5516730a0\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_et-ee_dc8f4db19f340e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-playtomanager_31bf3856ad364e35_10.0.19041.264_none_8ef0b74a8fcb3a59\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1240cd13c584c1c\SquareTile44x44.scale-200.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindows-undockeddevkit.appxmain_31bf3856ad364e35_10.0.19041.488_none_7201e1dc944d1765\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_windows-shield-provider_31bf3856ad364e35_10.0.19041.1266_none_1abb9653828c3f41\n\FeatureToastDlpImg.png C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.runtime.remoting.resources_b77a5c561934e089_10.0.19041.1_fr-fr_650d9f762be49878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_10.0.19041.1_none_752594de4fdae2c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\v4.0_1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_10.0.19041.1_none_a03b7086d9468b36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_es-es_0aec785529383d88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_222cf00bc80dd834\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mixedreality-broker_31bf3856ad364e35_10.0.19041.264_none_3b3536c093f7bdd9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..-tlsbrand.resources_31bf3856ad364e35_10.0.19041.1_es-es_d313d84f97daf433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..phoneutil.resources_31bf3856ad364e35_10.0.19041.1_it-it_7a1b7a481b1cf2a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\helloEnrollment.html C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1288_qps-ploc_f6c6cc73660e3177\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_en-us_1535c7020888f9ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_54a73aad2cc2f922\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_40e4df6a21c955a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_10.0.19041.1_none_d336c6d0134b4f8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..on-aad-wamextension_31bf3856ad364e35_10.0.19041.1151_none_e89716a29031b44a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-f12-f12appframe2_31bf3856ad364e35_11.0.19041.746_none_c28b19177861072f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Duplex\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\hololensWorkAccount.html C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_10.0.19041.1_en-us_71289accf8f37961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_77befd3a73b95d51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_00b33c5f3a91bfb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_10.0.19041.1_none_9163a6006c263fe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-omadmagent_31bf3856ad364e35_10.0.19041.746_none_7c2d8ca11b9eec7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.s...commands.resources_31bf3856ad364e35_10.0.19041.1_en-us_846fbf84d2e12e39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.alertsview.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a4610df6d04748ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmiccore.resources_31bf3856ad364e35_10.0.19041.1_en-us_88722442c64ecdec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_idtsec.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_455cf207163b4266\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa15f75a55497e63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ad41d78392a6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ci-wldp-dll_31bf3856ad364e35_10.0.19041.662_none_7d38bfcd1db751da\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Core.Resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\monaco-editor\min\vs\language\typescript\src\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windowsau...commands.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_eabd9ec0920584c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..euapcommonproxystub_31bf3856ad364e35_10.0.19041.1266_none_11d8442069dbdc04\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Utility.Activities.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.264_none_51891893184281d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_10.0.19041.1_it-it_e7ebc91c3e26cebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_xinputhid.inf_31bf3856ad364e35_10.0.19041.844_none_171d869d0a89fc41\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe,0" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GFEGCEIRMLCYGWQ" C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 9f09b6d166a29ecede86f9ba80083cc0
SHA1 d2b76f02b88c0ff09d356741b9844ae93e754a1f
SHA256 fc3d2d62f5e54e2a841a5b604b4ff82af059196e50d4c08accbd1b721d296563
SHA512 301b5d6584ade0913b97d38462f318bf09d79bb7601fa30af3a1355170117241aa16ed852584d9285f9e52bc1b9b73e51727130e0bd77b227472a9bd6faf3796

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 e5099b427ca7e3e68d7945a4aeaa7214
SHA1 67670a80b6e2d417051ef035f13872635249fcaf
SHA256 7e99ef5c2dd492761546b634d9052b164318ab344093a4814598a65748607c4e
SHA512 5a8eb581c0c1d4ef1011194509d70bb0ac64401a6578c9c1c3d7757cc75cbaead856916e836555e62e4a05ac5696febc4c34dfa089f7ec2714243bb77fbfc14b

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9c29db5c5d4310564c2be9142937dfc7
SHA1 bc36782b8fe6a528bc6f1cf2527c62a35670e9b0
SHA256 0333b1b5b5e8236cc6f1e2bb992fcd34002649fd3e8089f889b05e90fb9b4b54
SHA512 96912a2c7751faeb3995f48963abdc77fd838a85f1e4212444d8debe3c88281c5c02fc1e2d41bbbcd329a2a51f54518b8933273fa701870dc402c4ea9d0d453f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8318a47d31cd3d6a521bc965976ad74b
SHA1 7e86ae0710484c8058ab4b1b00f912836f088851
SHA256 fa17411e1f49ffa1521ebfaa3eab6202068fd06bb8282447aa4fac564f6aa917
SHA512 2ce71efb64978c4a831662f247940708dbc9f4299eb0bd6080c72279129b5d6f705dc6a31d2ebafa2a9b6c9f9c26341528c64f8ac8dcabfc40d88715c3194586

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 634004640d62ffc6d4e7d35faf90d2ed
SHA1 3523f379fd9bf0eb2221fb086937bf1a55a24382
SHA256 2f1816351636138acd195857a9d866ea2fb99c30393231e7f7226735324186a9
SHA512 aca2038362e69316dc934ca4a124087f3a55ac0eae13ce1baffc47ea4d8b2ad49f11df2f90e74c44fa1fb766ea8a6c84b0c6b1d67626868378088b885b8920d9

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0ae7f716659e0f0e5ea4053b60a82b85
SHA1 4f4ed47b3bbf3723f350893f50c9c99ebbd0bcc2
SHA256 35dbee574855678a4f8d22e73380d4152d5e7e047d70d73ce5f6b4c3ee073bcc
SHA512 8979907ccfe7f8cd8670c1277d622ab98d22f96091b153398cccc86ec4d3764c183dc69f3b0b04ab124c801d7f90178a338171b87784ff9e49fcd08ed371c3d3

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 36cc89c0d0077fe733a93d51903e9095
SHA1 f8e70bf1cb3ba4d678e73090bd711b62d328b2b0
SHA256 88943d811e6016a496837f941eac812afa17e433006f3356e52e10a8fb9e646e
SHA512 b1ac33bbd86d67309fb86e8d16069249567ea8df5e06bf4803dd2250f773421756a80c217a3b22a268cbddcbd0064f89d58bf4b7353a1aebcbf11fabf16022c8

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c78d042f2979cab8ec0da00ea8dbe903
SHA1 8a6c209a624801c3c4bf6f0556d5bb92fbe64890
SHA256 a811375c4233cd52bf882c44f9815be759220ca1c0f6df87e11ad301652f36e7
SHA512 22a06f54ebdd5ec899ebab1b09c2749b7a04423a06e2ea99b7df5f03585e83c421687295038c3f985b025a3a8f0e77e3c25eddd7df0cd2b9366e77d455bbd497

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 1e019427e5b7957cee078a5796e39993
SHA1 dddd1904e93555c33d3b4f0fdd3aaba512b652ae
SHA256 defc3ad996d49d65c53afb385d3c08d012a2cc5b2e1cdf0f8cbdc0cab19e37eb
SHA512 cef912078627d2282b654827c27e8ea271d70f8bfd4e65b7e3774871d591a5f190c22068eb530c666c3ad852b70aed47d6181a614fb9a570644cc5fa6eaf52b1

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 0008744af271c8a26a094c9353b74511
SHA1 09601b53df65285376afe72c83ce362dc14c253a
SHA256 9cd9b41e9a7d06dfb5a9eab34a43e26931f5491b63fbd94c28c96dbcaa0a1aaa
SHA512 26c58e962cfbcc3e626f23671342b38bc44aa73339d90d9748dbc10b759e0e32d55880f22defd31a1acad106bd1e82009f5f980bd46d94df502fcfe7d2d5914b

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 5e3b5c67ee096c49f359bd2870405a82
SHA1 841b988806b65d520cbbc65ebe7640756d1ca75e
SHA256 74dcaca3431d7acebea8b3de4773bff5970e8a72fb2c8ff1ffd61d2c783f945c
SHA512 d936a6da140876132c38c322857a08cc07b13e318d25e7e4048c296f952a2c130acb3e5aa505b721dedb7cda3246aaf5986f279d2983c70b43d615b041c99bd9

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 df57606ceae4e14495d46e36dc746e73
SHA1 3e6c774a3bc68a4131326dab8be7886455cc964f
SHA256 f3f4095c55a3a6bd28350ef4a8c59d2bf48466fbdf3e4f1231425c7f5a3b4863
SHA512 df5922115f70822c8b6c7c761e501347bd1e3f092098e0ddd3fa4b71371785d5b09b57887de37486e600272262abf6cc31469342670006832c11a31fdf439129

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 f3d154ad0310ca8ebf85bf68fa685bbc
SHA1 88ebb60ad1fe7061a951d702043805ca64e85eca
SHA256 dd5044ec69d1a6a88f6516f7b59d766afedb256245e4280044f90f899ba7a2b4
SHA512 54fbbe9a4f17b91d0bfe5cfe56a5ab60ec71740cb8bbb714dc5eecdbd6219a2a4d0082450fa87e07093e29f4a46b9cd0f78b77f63090727dca0087ac3bdc16f4

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 cbaf9b0e573559ab414a2430d1fe8ef1
SHA1 48d23a77767097df8fbf6a6df4e0cf40062db2a4
SHA256 5bcfe23ce827da707feec1aa5e329b8eddb5fdc0867d5c7db78f3838278805cf
SHA512 4a1e70b71a7290a23af0f3940bf1e37be80c2124361cad7089bc146dcf47a6618fb896aa264630386f78be25915f37bfb5bc7c7ffd371a9f77460b49d4aaa762

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 faff23ec59e3ce2536778b124b3dbdfa
SHA1 874531124ecdeb3bf88c224633afa4a1571c5252
SHA256 1d4c45a00886195a4373e2d4e274f29eae015c91dd356742c5268007f4240623
SHA512 58a7fe2229b843996407af56746dd58c8a4662f77d7e61782e370b3914375cf9f420c8b6d432959b64d7804e8fef6e813cf2308db38461016807edd85e702e4f

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 1f0f71eb1614736397325f1349087d78
SHA1 08b058431dd8ec4ee727aad855e9192c875d491c
SHA256 be0697249275da99dda27a24a797bc56558d2330c5602df85ced5c783fbed1d4
SHA512 22dca1f8eb2c82db94a96b2cd4a6ce45698e63aa0d6e53e3356fbebe559b1d466795e9a60cea9dd81d4096b0ccc83979a461d91c7fe76bdac039565f8183a38a

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 a421d86cf5f06f859fcf0ae8e3ce81f6
SHA1 b87aca55cf034aab757f516d4d7469d3eb872d95
SHA256 cfaa21cb338b3240c9e3283f9e5e58aef74d926f323ea90ab2bc2a90cd4ac9dd
SHA512 bea8a33d5b344eeaffcd6010c339c84b98dffcb2736cda7d1a28c97821f034868bd7607f215258be637313cfb2ceb3a7acf6653d38d9323fbe1a1618c1e65c37

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 92e15175dd4eee9f376ac765c4ecd789
SHA1 d875f4eabf8733ff29888fda4cfead0763079509
SHA256 fdb5832b0ef09853f627ac8cde19d15319e575d78f354444e7776f85c025930a
SHA512 c16c5e34f492aea3165313cbecd65b2e9b44524b0361b3bda4a0c8bdf58b6493cf4d231a55f690cb150a907276f6cca3536427a412e80b3f0a57feb1298a7ffc

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a86f2a56551ff80e6c9ba2d02ca48272
SHA1 f2343b9ea2d98e8ec3f07b0a6a06f5060a111671
SHA256 7f38f86e25378cbb95244f4cd7040ba37d35eb5d4c45f1d4c7497d4449137950
SHA512 283fda893449b8c6db3dc09a366ea5170f92184ce74fbecb751baf296dff9df8ee7254bb783b9a24551fa991a05d121c0f2078273ce7aae61d26a245304b3d42

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.EnCiPhErEd

MD5 7adc5f86d22e1ae9ec852c1c9c2b34b8
SHA1 aff307e1f2fceb7f28fbd42460782cf74db41136
SHA256 961c2cb8ca60708f1f1d6fad7193ee2004a9091d71a65a2f9b8abbd94ab3197c
SHA512 e3115baa1cd0b551c0a7660a827e7801181dd4a4cee16fc9af50190fab1f6be39abfe030c9c599cef8bd29b2bee4d1d038fa343fe717d832e26ce417ec8e5ae5

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 ed3629d5bb2fdac824a79b8b3ea31fe3
SHA1 a8352cbacd36d1c22daaeed44cf5209a6fa4c612
SHA256 f36a769734be97441535760628f24f734b9b4489aaaa7282f9566ecd62a74f15
SHA512 7437cf7cede8310f7c90c9e54f39823e278c62a27dd0df93364728b59aa0d0eeddb68c593e004dd35fe1782a558f7ef26c813f548dc3ed1ceb2c4c7d5a609b15

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 76b97238d2db7fbfd4e305c895e92da5
SHA1 8c5fdd34d23ae26cf6f50f6aea7382026f2cf8ab
SHA256 4f80f8a7aee8fd36059faa0c7350d93b665f6547857136206ae533e13e6bee16
SHA512 92de48b965056a13a3ac9d3fc3e7f3df46bd4efbe01d31c9f5f1b00324bcef63d919765d1afcd5519b2d7058f35be4d8613620c94dc8457035b76dce5ecbbc1c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 21245261e11f2052cb1bd9e9c89d3e94
SHA1 0e6783cc73447e41afcb4898a6d27892e44d6799
SHA256 7dd9989ee69851d9ff4d427e8bd37ad42e3277f2fbd9fc0d88e31c146bee7284
SHA512 886fcd9bcc4b1a5b77d067a848718c8cc3cd262b01546c76d8f229ec63613208724a659c3d1fa56f11cf20ff582c29d5ebad04223a3501259b54cc97cc35f96d

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2e0410d9b96998ac2b07e728dd22b049
SHA1 644d35e47e64cdf4f634dea59ffdcd8ba9aa9937
SHA256 47c503af0b94bca192ded4c24a0c8bfe327a9b4d69e1a4c5d8665d4b88ef2561
SHA512 3d57a6bcdb5a6bcbc53dfb87e406ac5d87bfb945e6ac3ef43c5258ba8d964ed3e49b82b8552ecd3fdf6364ce6f2b15c94c17711dec5ea791f52cde8711b937e1

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8393a0a4e9b479677cd867ac9d6278a4
SHA1 667e8718bb4558a4a47467b7741556dc68b4f10c
SHA256 e056450dad87fb29c5303a9915a0e0296d443930f5a39ea43e742ec0ae7f20bd
SHA512 5e5613b1c812bb1de573bb7f4e0346d8faf5bb911f5061246a4a22b1f3377301b53cf194cd3ee9199a9f5738778bdce4c1bd54207b1f1802e9d28621ab6e351c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 f73152fb5d563908370b424cbe01a154
SHA1 7416f3b92825352cfbf12af4c5ec2e183b684640
SHA256 6d8ff639d40f4e023496326da2479716791f719bcd4560b0aa51f9433c8d859f
SHA512 dcf7b879d4eae7d9515b0dfb3646c427c21934f69c55d69fd039cfb64256b85340445b4272886ff79c914544517273d26f3516cac6f3993499f24906e8aae8f0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 51eb0f85dd5384b1fb3f7ee3d49fbdba
SHA1 794bb80c85106a02199769faa19e7265daf3c02a
SHA256 6a1e730a45bfb8a5315afb103703d3ff9c41572b0fddad1812a6541b574398ca
SHA512 0565c2cdda82ee098c1a12d6c4b27bc0d9ef0ab5bf96da27f9f7eac6a0132d570d9d1e32580e5495657ac8a501f68b5f7120b281c12cc3fed93dbbe058b0ac56

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 80ae56c1c0321934b7d96e5b103a8659
SHA1 ee9863ab6ffdb179427851cccdf326ab224bb004
SHA256 ce291e21f184b9d833e56c615b73be2bbba775987b9da8f40399b3b7ad9d5287
SHA512 9045ca94d65f1511202ee02f52790b49887a6978322256507d40a2a3fb95edac57a91160b2bb0105f83eb39895b6083ebc9054fa94afad5c86c4553c22c0749a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c7e55ba2966418b261421daa363ec6a4
SHA1 6faca3cc4c37fc02587e821f9300fa79a9c411a1
SHA256 8111eb30a49b0d66c3d8797eb6efa388599133dd60ebd20e803c1831301bdd9e
SHA512 2fad1af4895527d80d45a0ea618ce6acf5e477de77b0f4df5b084670b22873d87322213b0f5859071b0a38d1c63d89a1d39f312ee80d91a87a762845acc1ee8a

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c62dd1ee73ed4a9cf67dfeef856b1665
SHA1 c64d2be3856484ea4aded7053fe240fdfb15d5ec
SHA256 f17b75e47612b3e468a35f17b71d041b027caa2fd77948e5366a332770b992fb
SHA512 7bfef2f71e33a982a869c294bddf3e10a2adea59bd5986b6f6e508ecd104b4e3893e70b87af5b1f4eabbcb5da904128113356a10fad4c3fd651cd2e47583f64a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 ea3e2b2fe073eb98d57b4c992ad1e1db
SHA1 fe1396f8a5604d51dd9bd1833c78a05aebcac3f6
SHA256 14748517a4ff9945ce821cd48b52d64ec353eba2b8df4f23b8a1a90573b19d3a
SHA512 a72a2eada39858a9dc6759b1c25256a998dcc87fa548b5fe323b3d5b4558b9dbaa863827e29e492cf1ebda30ee96929f2a32f5fd2f596f4e2fbaa33de111b7a4

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 7a9c545a0a1a264a563169c56a963825
SHA1 b457eb809a4fcd339151757979b2fab0b6cdd0c1
SHA256 1176d12d5acff97b8f936122f07af9852e325243de3ca73796daf9537b3fbbf5
SHA512 3fc3f62a1325fb2574114824955073c769b54e6a858c86db12f99bf4bf1eb8de407b6ec503cf8f627054ff1d20a453100ea22b146ac22ceb4be38f62e9c328a3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 f6deba46a6ee863c8fcef1044b41e724
SHA1 c278595d080d6a70593ace5d8d87e980e9fcc01b
SHA256 e1314dd239acdba5fecb1c6c3bbcd8a14b32f509e0fff5cb54970fc3a4997c44
SHA512 490c24283e6c64d87370d03c0a62e93814b262a1d43ae90d0a40b20b6331882be72b620a58a563f53918904d1f1e2734c6aa070a1c5b9666cd5aff81f603f0c0

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c1aab1e8b7fff650830a5864c35f1be1
SHA1 b698b585b245932a2179d5754ee365f83d1a2298
SHA256 71da16b7c84ff690e725fd7ecff73dc2fbd5c51768e791c88b9b625893bf689e
SHA512 e9413259807bc8a24ea2ad3297bd3ebaa8c001202ffc7df7d83875541c6119b4a6e8d8878d622f7b69d6f0c7be25a091ad5c7e812a772cc4ae3fd2e869704102

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 a8c95105b50829db88582163444efbe5
SHA1 8b3293e98797bc7da5669866cfb654c37c89ed78
SHA256 c98b11518d72d645d8bffe022d184861819b3465642c70d3370fe93c1119b68f
SHA512 3fcdceb052e71ccd2750eeaba058f2d7db09570312fc583624cd2a0aa0bf3a325daa618b35a618d18242cc609019f600774baa070cdaf4a2afbbeb8c128050df

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4a7ad1d4a606019816b3dd5df5e1f156
SHA1 a1a2546ddec88c3ad907285ce2400f0f3b246a36
SHA256 0c6bfb92084b5c698fe2ca34def9236aa6ca7fc8903888bd3be7f909bbbef25d
SHA512 222fd64365ce27ff45689153222e89d1b0c2c18332deb7edf07e7acdd84f4471f8c209ad9ed50b85544c5d42c6e0e3dfa6c22a4d38825de9e3af08a2ccd97708

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 693190f3b0d69fadd726907b48a49767
SHA1 3c6cdb35a3b5280b95617486d1fe42afc3dd67d7
SHA256 6f720c2e800d0aceea87782314ab1d94e2aeef40092f87e9381055f0df09f963
SHA512 0d1ec57a75871b92db7b718e14bf354b4e9049fa9010b1a9953b934c9d4d1d2038420eee186710506aaf4d8296c87ea3aa736d2537a733fcff306579c5e69f0d

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 572c0494170e68e2534cadba3ee5748b
SHA1 1f78f64a358bf16268be44cd3130510874be5d29
SHA256 557718a5fe97196e47872acbc691f71c4a04c13e3224191a07859008eec60f60
SHA512 07ec83ea060302fb893c7a15ad4d6827db640f2cef88d4ca573c03d73af2ffbf7a0fdb1495eccc6ca260312d757fcf7f711a18654b3db3df2d9af56ee414663d

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2092a723084085c3ff977bdd1671e673
SHA1 ebec70e3df76c7ac1cbf0557cb76569e451de4f0
SHA256 0b0f19ec6b89fa84b638084b4284bb4947f951f53409db9bdb62d3e7fe9a6f9f
SHA512 8954564716cecade86058de88623455a01522107ef7455ddef633fa7cf525a0d8f8ee18d48da858a951189a31df09791d2bd671c73c34519dcf5b3c7604e8efc

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ff8729ad2e53679d71e0e7e9a1df1951
SHA1 fed12bf7ec222a1ffbecf0141d4cbbe5c4eb60aa
SHA256 288875947cbebb7a1b345c0debfda084141bd1c82a56f16f65b0ca7be7d7b94a
SHA512 1f224794ce2659e979ad5705d86d84bd8a9d64ee1ce32aef3d327a45ad453488314c6b28af1301daf4fea32af620ba02c85ae2ce57a33e8cda8e663f0216cc3c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a8592de764892fecaafdb2c61d87f3d3
SHA1 fe78b773f98115625277fe2cf863c7cc34c4b38e
SHA256 92a5167c43856f70b2088cd3632f24c02df19e896c976eaba2bd8aa37461e952
SHA512 7192d0ace8d4dffb63d15c387e5d0eaeeb207dc69019f88a2ff66259e72c3c0101e4389e05d0778eb056df4387d1f4be4c727d7698fba74d17b419ac20e5c2a4

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 d34e2013c335d6c74289eec8fb0fb973
SHA1 ae8f9e31fc97737654fa45af2bb5509bbede579f
SHA256 c746d08e2d36beb827d4afa331fefcd8c4a7efa3372e9ffaff0a134d69606c12
SHA512 e97873426003fdc6a951c2833a4114ec89e1fbe898ea9405173aa39e6dff3e47cbb831037e70c0d58e0e91da378c9eef26e2bcb4a2ca89e27db414004ed97c72

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f697b858ba49adc373836dc4e623c26d
SHA1 357d41253c8604c86d46c8a2803c6c3a0d168bab
SHA256 a9fb5f073dae60af08c2d606b380760bd04f7faff70bb46b6959fca3773a9cbc
SHA512 d33a4b840ca6910c171a328086a336d083d41089887f6be6e9d02b75d79cf8b06cda0616180c2b5ba8b0a0c0f1b2b7b2132a027b6a8069d23fee030f89b839e2

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 7720b9d01daf6b86c7026b5a7efaf2b6
SHA1 91b9ae9e922e5996f27b400b1bd20b9882dae27e
SHA256 e2731dc866236d788cad98da5432a6a5c7693b359c7bc7df40a1f4b9c33fd462
SHA512 f1b2665cc914ef2fe4abef2ccc610a2e15efaa41c4d21390fb5f838db4f1a54e4ef9d6b25a9cc68688e02af42c6c7068721de8b3544b47f73058c2e7690aa995

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 4ab0b8b9cdb4fa15d4644988a8a9e92b
SHA1 3e8840ccf233fe523e5b15b94f5ede534542b552
SHA256 04e568bc2ade18653b7f1aa9bad39b288d9a7e0fc5311266a49f59ae94dba8b3
SHA512 ee79ce801c28b60577ebde5d479709385c865c4f39a6c643eb0fd6cc26f3ca0ebe0ce9515398b7bf5393bcf3c29c04a0a4510ef70ca30a8f8b13cd58ee49f193

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 aa78ec38fca0ff7c9c1ad54cc6c74283
SHA1 eeb14a98719c3368cb8314d71fa7b5d72ce14c95
SHA256 8d4045f8ad131d8a0f48c9c8c6be42eef1e8e5688dae50dff5e69ae399707f69
SHA512 fc217af2d406a8181276d5c65f28a5867b67359eaa760d56a7450ebbc6b9e9ec8bd758f196f975277b416a597ce53cd3ed43dc78ca4663d92c4c759472e316eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 35c6f00bce0684b0b1bea18df80b0aba
SHA1 c1d297a6cf79fdefaa1d60d589c4d81a3ae73c8b
SHA256 057bbecd63b7888444747e09fb38f4f623e2dc8ff15c7e7292e0e7e73f5a26ae
SHA512 411093777f076600596efd006f0a1a0cdea1af8eaa7df7efb32f9d37eb4aa6935dc17361b590aa4fdf76d30ac857c3b720aee91be16bd316adbf4e911d2b30a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a0b488874be1f6ef8200001f610ee7b5
SHA1 76f40431a148df7cb9852e2b54ce85c8a13be83c
SHA256 72bdac0e051c0c3c929f1a36d2b9895bfbc4a95fd4c9206e810831618ae79db4
SHA512 b8d5740b8eb1d19dc0e3ed9b82bc0b7920bc5a3cdbaaf350d60ef8b0828954ba567b4caa17cb4d7f7ccc040ca88b8b398c2760065108ded78c6d7fbe7fcac052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 36c1f0dcd18133a351e78539fc57d95c
SHA1 b77047f2df09d59ff51f1281869ae7ac23278498
SHA256 334e6e4e25badcdcdd1a099a2300e1bfa6d58bd0fe41692e9e6afa487949b4d9
SHA512 ba5ad16a12bd63cee51a93a8356f482e3ec06d6f22a8fa5d4b1ea7a13c526f8d65a94a78cf0072ebcd8b6fc454e88679daf27513f37e810250633f31cdab3a01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 06b8a8d6cbba73fdeff8227073fdaaac
SHA1 077ce85a4eded58a63eb62da51a06001a9839057
SHA256 00053052f87e554e2d6b79ab590a538502b1acb425b2aba57e2b1c1c6d3a8cd8
SHA512 12a9fa3887357187b1cafa4d2592decdb3c35b4e4ef80660fcdea53ddf51a2b059ef863807f5ba7fd8c8cc34dd44fef1fc5feec96f79bbc71dd74814c3fda8fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 cf0fc4cabed64ecba9bec713d7a0eb96
SHA1 97b9e43e67e3c9915424f25ec76234db04d8b4f9
SHA256 d3c37d89e0cda77c147b78e74f812cd520e33a4fe7c5ee0a9e4439341423499b
SHA512 2f639cf69c0690845dbf388071ad19c608a33b10650363bdbb262f44c27cd7effe046bd1c7bd2ec3b40c128bd805b5ee60c6a9a98cdf82104abb6e59baed6483

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 39316903f5641ca365edaf8eefad0b00
SHA1 05975cb79c941613cbecfb686ccce8bdeb543920
SHA256 9de937aaa33765152b16e02e11b848ac36b0b79545c67b8cf5543f432ae05f94
SHA512 dee97c612724b6ea29365ded940c5a2a59410c2f94e8b62b0a18a404dcfcdbdb243079921804d75e7e0caa7f34707b4f3773a23d22ed7ff765cf1aee1ad0e8f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 9024d1dbfd7ded02eea998d43a44dda3
SHA1 a42388bbff7c4ce0a5ac36e5f88c6bbce1cfd231
SHA256 1d6ef9ed9fe425fb022074fc86207dd84b64daba7c6b03ab13ecb1d806992600
SHA512 50994c216e8f14b797a380b850d3322055f1aece4f1f4e747d026f717995ca6f5ecda815f1d7d15628eed0b63e47d21369624790b522d235082fae9b4e5f3b0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 95364137ace463016cf5893c187892de
SHA1 5712d5b88820ad16ae0a408fd7e748ad4aee93c7
SHA256 c70db18fc000f199e3cc1ee842e769a3035f4f0e80ad42a397e062655633d1ba
SHA512 a1a8284ecacba613c0afe93f2fca28df8c514b45fb7161012ce7eb2156cdcf54e601118888b63beca39970da8b39d94fea9bc04e4520818de20bfb099be3e0e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 53172a1cfbce3f9f062283973f1d46c3
SHA1 00f1e753faf39d045bcf240202c502b11819cc26
SHA256 da36aa8911dbb83482ae3921e709ecf930d77bbcd9ab7fd26de3163af5cee4c7
SHA512 de58d5ffa70717e8cf5c2610ae6af8d47ba6991e974bd6bbda6ab1f0ec47026aedc7ad4f43eb60bd66dfcc320b54892764aed46699fde01c167b20216ced3123

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 e823c43eb6774ea30105b1aae967d9b8
SHA1 4935864f5e17debd1a4a5d83eeba0b73d28d4f20
SHA256 6e2954eecd12cf0fbb13b0009710d6f89f2b38be300a4f20fba00408dbed4d57
SHA512 b4e762f6b71d3bd2ed96fb50f5b43ad437947696a8aa52e0975936d24b648247ea94156d6df8a5f593f24a9c238af2d5bc56c303a9f3958ae9a80d6b1dc8c2d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 f5db54587c231984fb8a3d8ee8fac72c
SHA1 0a1b3bce043cc934fd216742f0903bc76e473c98
SHA256 003646900221c0b42e15bea0c27a536b2771e9ca00826aadd0d83ea5dfe44fea
SHA512 3291ecf03ec32d6717e635afec285086169e4277057107fbf86c4ef1cb0b79da5db3ffe8448782ee2278938b00070c673de230837d9f1594438f7729ddca222c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 70ed706060f0e6dde5ffa2683c36a2e5
SHA1 a1f0a0e0bdfe1baea2d6dda3cd7e276599d0bcbf
SHA256 4819fd119da101ee30f296bb9cf9f9061c58a2da04fa66b3fedf8547ad1db0ef
SHA512 711973db627fe9037210a162d04f104ffa14ca221387e42b40db2b5ee9b726a352a4166ac0c8650e345334bb4fc5145cf8905cc0624999305aeb469049de1e29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 3272665626516c85b3ea6076c1787a2e
SHA1 436c5505ff798eb59fa4dd8497ec0e1c9fe9ddc2
SHA256 258f06f2e0e6a9a2de5c8f10ef3376708d5a0ef8270d2574d6dd0dcb86d5bdf0
SHA512 0393e1a478e5833d19f0a0c4b0f962c3775bba03282ee7f02c118cef8ffa36ec06a7ff764af1942c3487e7f417f5621d297ede47567acb5c59b885c28b75338d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 2bc370f8904b61c1400c638312d79349
SHA1 a8f7777b2019c01a65143bcf3b7bd10b38807f7b
SHA256 f7919483f3542d63bd5f036d3c471ca47d2b171f7cb2d3e8194d707b6b9da780
SHA512 c8aa293a38c591667308cf4f6a5932730d5aa5dbf4e1e73353f3bb8cdec72a1e0fc1a424a027fb7cf753b171aa8dda127801fe5394d5bfb212d8a0eafe3e2942

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 2c740ff8fc9cdfdf74315a82871b689f
SHA1 f107a5a25486ecf401e6ddd3a1f8c4a52ce1f647
SHA256 2f8c11a4658fa1166c6026759cbffd393ccd0f26f0f519c18c4a5209d237df6c
SHA512 9657e16bba1feef7d0646205616993fe827e774bbfbbc63fddf7c7d51a469e0c1fd290ea1076b520ba4f54e29c2d469c52d6c1da6b2c9a7dcc0399d3173e3e96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 49b029b9d7ff1c23013a32ec742200cf
SHA1 3e62ad294554ca7bb244477a310f101bf68c6e97
SHA256 2e2178a249cc03fa34ecf9945b092c4c9990ca387adbe56e25601599163c9c27
SHA512 52d6bec31ab5d916cc600072c153338db075b81656f1791094e803f8c2f7999ea9a21e7f83ddcc74268d0367a7daf8f2a5dd48ac5d3c486446e73549f8f300cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a42f052a9b9f79868d9db95c9b9d8e37
SHA1 76348d8ede5fbe3c38acecaa8cb2863d3b7c394b
SHA256 4fe5c57b01da90ab7cc71876fefc0a8f973723b284ad31820365311ff836f47c
SHA512 066d251b0529766e2fd4c4991374b9dd7fc59cd8820739f3efdc6d5b1689dba60a6e7a23aa983cde4d8d0d5a99554d0486a8e74d6939ad31810a4a5f83d1f358

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 05c833a92af9b3931f813101b78e6223
SHA1 a6523ccea31709b2a0649f50362301eadac5a311
SHA256 bd323dc0697fd9127adb64b080ac3afd9a42c5c9ff473e7059a14391237344ba
SHA512 f0e6a4a8942b65732b08260c5c67ef2bb48a2470ea229e06330ece332c6660937f872b9018944b3dc38b341e153d8af301cdad36620ce62b240e5f0abaeabc1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 aaee46757c49ada88fbe92841e63d866
SHA1 694ec05b0179190f4aedd128625ecea84c871934
SHA256 3b658b8dee6650d784144f3bd2b7ff005d644e1010bd37078e5a81526c4dec5b
SHA512 4b4991a989abbbf8940c0768846fef52ab1d4b7c38a71a847ee30313f6c03a638554c775b3d66823990ca5d57005229aec303ac13b3a794c52b9ec3e9bbc8570

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 227357261a71e9aee7a0cf5d2c849103
SHA1 08281f91a9a77e0291dddbc906237e97adb29f3a
SHA256 ed547b50734302f8523af57937adbbac58408f83cc939fe6cff5f78caf730262
SHA512 dda59505f09c418bb836111d95090029a29409b2c26ba850d52793043fc80537531b4dc03b3dfeb6f766eef41acfe94742fe546daaee4f1616dfcebe941607b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 433bd88d7b6e359a265d2b29235eabdf
SHA1 8943a695fda3762820f79c4c0f08eb9a0fbcb85f
SHA256 05465c99b49aeb0730e66f1ded8355ecfa24d41e04b32b7484d8e8ac77a5a6ce
SHA512 e52320f587e1d246632da91cf25479cf8f4ba922b5721e362e58553eb88a3ee29ec6a549a7b5f12f36bd5f7e23733e0266eeea5b06f501d025ef2b1cefcba2d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 e010ba32810aa8a20cc28cc7ee1a9134
SHA1 116f45736478f6b637b5eafddf4949606c8c178e
SHA256 351c2d12854ce38f245e8cf38b47932b79a0178ca16f90f3ecbde9dad5fd23cb
SHA512 7f6258607dbf3f38c674bcb612c32be098dc6535cb81e70531cdff76f32baa55423287963e7cd9ac8665bc2f5c556909469173568c9e63cd60f3a4abd2321b47

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 9811d7ed4ba2d74a4568c27ca8e93ad1
SHA1 8ddf050b01dadb75ea261be0dc9e8204f55d341f
SHA256 0a37a4544776632eb2aebbb0d8ca6db611554faf708daf6843724d04e81b7150
SHA512 9446020975409372789aee09d0f5d207fe7e08c2d200c67939392f0638c1a16dad39551a2c22692150a663f342d241ffd703bde69569518ebff0867e213655f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 56f8dc9b6add54a93c504987c94cb457
SHA1 e05fc49a4c548e1db065146c2e3cc50ac861232b
SHA256 fac2d93576f218a676f4885633f49b7bb2eb06d44b4ab6eda22520356885d14e
SHA512 9cb58e14a41ceecd0ab25f21822adee94314dc74a1d042ba1c7bf5857ca8ebf9d7d7449fbaac606b8d3f9c6678509b743c1d1fcf7e6034746844f0b4665eed6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 9e42d2439d38f0d49fff8a27c5f0c4e9
SHA1 27664478ef45b69b76981c82071f45f39837fe30
SHA256 f1a35a1bfc34810d3391f6da90d0a2a6421cd85bc056f8be81adb6fbb252bae3
SHA512 136c881b8b73ffb8b3f426baa6d5f1386f4bbe5049d5fc5232de1f108f57589a71780aa1ef028d2d84d1f8299d6495ebcee554e9658ed41659a01efa57e98140

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 0b80843ff5b3053c665cc7f10e289d49
SHA1 f31a69a0d70f1964c8d46cdde7d501a24c289882
SHA256 9a8fac5e6925cd6265548d7f4b59c354e4698d705563ad120117ef5dccf096e5
SHA512 69b39ef17d016e85a6b9ac6436d92f449090645667d6e64007a621fff1e6efc36c0d66394f07607e2c05850353cbd2b4b929f9121c51271739c37f26d3698624

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 9aeaf275654ea6cad60d1806831851fe
SHA1 dbbbe825c5dc518daa5f94b2bd990a015e29fb50
SHA256 6e6ff047c2ecfe69664a72e1bf66fde4f9138db2af8fd6224e027ecd6292489d
SHA512 c5b8defb05011b530aaf7aa4b113cb4f7cf1f3273e5bb56ccd4e6e4bccaaaf0f3f13a6ea4a5cb6040361c0c1a575bd1b762266f43bbc7084d1861ac5da5a8ce2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 befa42a6a4e2645fc746e0d47b8492ea
SHA1 bd450af2797dc916bc668ec2cccc29b52783208c
SHA256 6b45e6669a8a9dcb855133845bcce7fe9a64fae43fe19b1bb165b6accf2a95e3
SHA512 754793a7548fd7967bf0b0a4c94784df126b09eb9e04e24bf45f656ec256ff9ae8cb48d37030c01b71a5aedf11b3fd03fc245641e9b775d54d5e4718f47a2cd4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 c8f477ff54ac6c36669ac5e6f8118f8f
SHA1 9069fcb2d94a02a567bdcbd33719aadd4d6b3342
SHA256 fcb87b19c77ce486b47b59f827360562567977f403cfd838481a21c7858ec8f6
SHA512 51f30cfbd483ac9fe5ababa7d69a1e4a61b967f9ea85494440cacd02dddd524c2a0e140f95f5945f49108f7e8bd3fcab1d270d2af8a2c48463a0f9b8b7babb11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 35043b67bf5d53d993512022badd20e3
SHA1 069952cfa07fd448a3927aec3a7de3836ef84622
SHA256 ad4bf0470b0bd950ab8fc91fcf464efa202090ae566e9c23cb99ed5a9f156b54
SHA512 25fa892f8f2ccc329f787985e60443e477c2eeb8c12f0a830a6e9f7797a85008b37e5cf9d71b73d22564b294b3894075c13202c5d75186f079db452e0eeb0ed2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a1d665724da9f5292a1b5c8bf152e57c
SHA1 bee399ce2750d34aa703f6b6f6e8730ea426f4e1
SHA256 5d80e5371d967c9df7f28ab351372441c22eb43608a0292a336b50aa59dc6f15
SHA512 b6aeefcdfdeb4df73d9c77fd343ba4774eac6a96bd88fa25e314cda926fdcb312c5a958ae47c72685582e329c79582fdd5966bd3d6811a60a84bf11d6b21c0cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 816d139d3fa57f64095be47f981cb1f1
SHA1 d4db14abff846f7f1b71c49105cae8d374da3528
SHA256 1a75e822b8fb8727f405c0212db9ccddcda54820fbb99ab41719976e859116d7
SHA512 d6aa00b6a1541daa2aabb8628a032ac76c69ff2395ddbadc246e3456b02129286c87a1e9844bb16da2bc917236e60d993dedcacf38d5bf9ab22e5f087a4fbcef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 d2bf7bd969ce1684d8b462abb46af29e
SHA1 ae7c5127b535f931d5ad8604485d8edb51fa3133
SHA256 b77af2ee7577afd9c24bb03d64c01a373b10c970007a4977c3e6c890da02ac60
SHA512 88a59ee5f79c5c32746bf7b2d861630495cff4ab21c8cf7fafb8145685aa9207ee39541bf7577a25a745569be684d7cdcd897ff11b33f30c6d5e221ccb59a0ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d5259528de15c5ba1e70eff070630878
SHA1 5f19e18e04828174e29303244b1d30a25ccbb68f
SHA256 11b6ded01439131b6d4c0e2904d52e0e5f475eca4ba815b61f6989eda11fda94
SHA512 ceeedda1e624a815a18cd5f6045c56211fd2ebada4bdb6d9d77d9900aa564ae7ad36ea3f491e9a544d1287d2a5fa9268cf04abc0c27133aa06d2486269513acf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 3474ee4973a1f5f986af50cb6716cd0a
SHA1 5e62d497a01e8f80b0e114a6ef5c344892716120
SHA256 cae3beaecf733b7c8db4203437c991c1ab7d427c0d51760c9ba0a1650c478764
SHA512 dca31ab528854713939760047be752bfb1f99ff40d61432d3e7a287a0320d93e2742e97c1bef65b375e73ba840baccdb032529837ab8b00e87db28bd3d2a6ad6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 f3e45ac225d203138bc28c3141e833fd
SHA1 f8bb6c318b25b001b5531bb900939b23ec2d04eb
SHA256 45a4eaaf06a2d944808934aa0628cc07e1ba15826b068e81cc91cd030de44046
SHA512 72660320efe8e1f12011a0a3230d46812d6a3be0c1367165749d0d1fce0da41ec9b517e9cd759f1ce687bc9807824aeae19c510cdceeb38dcd14969751f31bab

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 40f2acb22ce31fd701a55b4ac516032e
SHA1 4d6a10fe6e40cb83ba2488636feccd111c24a7cf
SHA256 396790c89f6aa30f9179bf8971b87c3c4fa472ffd9f77f72635852c73966d3e8
SHA512 c698f9503a4d2e923d0c161df484e10f6a3b4db9a04a33174189ebf45a187dc9df85cacb1bdc27c2d88ecff18ee7e1a608ef588ade69af6407942a52070fc173

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753904038769.txt

MD5 e438811bd03ab04ded12e813e6aefd48
SHA1 2230b9982dcf1754557981cc86ea97217b3096aa
SHA256 8cbb14072e26e021e9fa3980113881070118e354a1f208b76c5cdf0308cc3683
SHA512 c58a68fff1213f307b608b30e316b98c92ea30b776153a25707c5521c96fb8571d39b6e547d8d5f927e3e9b4ef2d5fcb3ac95f41af5c01761804e94736b2de42

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754799667567.txt

MD5 800d7e90c483fdeb44ddb1e6ec866762
SHA1 0fa3f808b75e2f20190b8acac5bdd8884fe50ae9
SHA256 449e31644c83f22042bdd13c933e627f93e67631feb940dc553ea4fa583053ad
SHA512 c629ed14e6b632448180b2e40d41743a010a637eb000437d715811c2c0de297aad8d8e819a09959e517e7b435998f99fc3aefbcce6e2a62bc468e025c86fb65f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761839928108.txt

MD5 079a1c60e40154449a23e5e0e3eae0f7
SHA1 596706d80c78d86e5272fbd5573527a07cfa426d
SHA256 6f112ce123afe5c507cdddafa0eebe5fd26af29b0826fcad6da26e9b09b4d694
SHA512 b04cb3f1c2ed03ce926751b84e99c9315d49bebd065e448223b34a45ae2cb95e6a61e9b572ed0dfaf02144e7d955e0f780e5800b91b3ea1a304f494051cc86ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764416908406.txt

MD5 80ab1496ecd67d32bc67c84d85000ceb
SHA1 c86a715223cc9dd8408893c27b496ceb45929755
SHA256 0df098a8af068e0719d1da7f8867b61ee3e30c4b14a5f426cf8b64a9df4fbdc2
SHA512 87c21f1b76f28a2d7f591ed3ce196bdcce8c42c7d7bbef48dd2e2434ae14a1ac01feaaa15069e211f64eb322d2f9f8c2d8d6bfd9f921184d5744ccc0308cf993

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 060f58bff657afe47b39cced1f51c782
SHA1 0fdc88843d54bc16fc83d3438dc34dd7563eb238
SHA256 9c3e825a8e9ab80d5253aff9bbb9e0cee363f5d0937f0d202f0833a3761d3cc4
SHA512 99336d36a9497b2ef68bee18626580adf79fb4c0fb3fbaac13c4f91925f7efbfeaabb418af571bf9c81e51c386c10eeff3d2a5031d20a8e531efb3ba0febd02e

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 acffff2fc981468736703be53ae1c00c
SHA1 f0ebbe92604986aab89e319d967a104f53638c1b
SHA256 7e7b16e583f7826b703c53e5250e33c70d86c344a229eda44767218f76f8c12a
SHA512 48e084ac10ded5dff51ab8f381dc08326456ad1bf3e10a7c1634a585e3ee981f750895a65a37087f12a31213d3316d76a99b889330794f7e914a81586054fdfc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 34587bc90464ecd08c3b6235929b88dc
SHA1 5528705c8982fc96eaf65c867708f25c9d7042b0
SHA256 ac80905f9ff5ebe4325db2ebd9c87f8e960cc490c3b700798942e06863551492
SHA512 2993ee10b94794031e4bd12ce801a10f34de3e9d365abf976881ddd49bd59afaed00265ae291fd8d420a7d8d0131e549591aaeab46fc5a2756a48db3c7ccbe7d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6fa802bfde2985901fcaba4a22b962c7
SHA1 cbf1cad6d2d29f4159aaa5695eb5f102601b5bc4
SHA256 d148c239edfae63deedd85081789104e6503bcdeeb6751c4fc6a2ff9df358555
SHA512 884e83bea426f120e3d1254a0a853f30e865cfd66c701b0a59f81ead453b6e7253c1bfee84527dd52c5abb2746fe746bbf77aef61858eb8ba1cb6f96ab82b438

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 e0b11c77c19000be6d39dff6f07320d5
SHA1 fb9088e7c3d868b1b890148157f1446575001031
SHA256 0f1835d8c27e3ffc97849391c0af80051189954d6003f5b8b394bd335b05cba8
SHA512 b34bda203a30664becb4581906f9f29767083e9c5943976b8006bbe119e474f0123e492b105fba555c83b19856708ffd43c04a24eabee670fe299d6506a7f327

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c510ec173c655cb54682dcd2cfaffc74
SHA1 605a0c1452b3eb7904befb43aa3d47579c9fcc86
SHA256 3a7dbc045a57af1d12dcae93a24a0022e61cf85139967bafc483627db3f6cd1c
SHA512 2fb3a9fd493f71b5da998f920baf0747257a211b0a87436ad682264dc870f1102d11b80c326d189e39e308b6be7b5ec62fdc371eacfdfb5f51a03f6ddeece0ee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 c9d0194a676209a01f1c1704fe2341e0
SHA1 fd74738b6b79e58a57892d43e866caced6486eea
SHA256 f8d6187bfd999cfa754d9dfc4c2d605fd709eb4b73f32b167fe301fbe2bb3d10
SHA512 939edd047afea6a1ac2f9b6e5a96b0e41da6e6a25a3db188de79b5fdc6a8779dfc11c46cef00925da1e886a658b96b508059966d5eaa8a87abede8ec89aa96b7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e86e6008232457bd7610515da783385d
SHA1 c9f237ba03ae72daeaed303021ec9c77a52f35c2
SHA256 c2ac0d7a730ef56071ce8b5bd28556dcfbd23d07be78369ada2b754d1f73486a
SHA512 b9473aa5f2cea3fbcce967ef56b13f49d6f22befab0611a3b7c4dfd041ba6c265c5da349b16951a9eb5fb27d6bc4793ccfb5220926d0873ae6c8e19f97076342

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 5797ac0a5e6a1abfba899efbc1f052ed
SHA1 bacfae6482383834b7b182e37680c00470ab2532
SHA256 cd69d4e7171917d1f26a85041d8b6e35eb42331e078d63db6751cd16cd307c02
SHA512 05bed8601e4643b37fc975c334d233c8bed7fb34ffb7c1f1dfc2f3fbbf0ba84eb54c5edc1f4ec38ba579352d164b6981965631e9ed5634fc9ae4865b89dce972

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 09a6ae85c2d7df71ec78c590915e32cb
SHA1 76972c8b0c88b6cbf24e72283670438ac940e1a0
SHA256 ccbb169f05cd1c29fe3b68034351afeda3a9b4ed99bdc64505ed9247e42cf8bd
SHA512 175d0cc1aa34d60f19ee715887022b52572d261034604935ee165ee39ae3372f4d1cc9a84eb8d36f15cb95dc3128997a56883fa83f375e183c7a95661d04de08

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe96e7175b1aad45a823cf5671721cba
SHA1 8713f76d307a13571b2c8a623896963327cd57bc
SHA256 f6a02e700bba7858118d821bb205afa303dfab29e45bd1727893c27578d146a0
SHA512 e03f7c04b28ba2a4afcd7c91e31466a523ac8c1a89d647916158600eac882e65eeafdb681d428315d100267f523a746a7512722c238ab7f10ffdecaa985fa413

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 57d0efa2b19aa2f238cbce9b667ecbef
SHA1 289c92824f2f4493abd20a1faf69c7cfc2b3b5fe
SHA256 386818a374c7b1d5729ee2151d954bc9e46b9d97924b4ee66855c92c9df6c54b
SHA512 872c392bd6a756a0ed5985d9a7a2f445b7851251c47253f7ba4971be8ef4542cd70ca976a10194d370368e980e92928ec516596ce38e349fa673deed3e045134

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 3a354575e757be2b9915747f7ed615de
SHA1 16372e342d7f6cdab76b9d57e322c00eb8c73683
SHA256 15b828e42ecf68571e7006a347822d76f1021b37ca83885167d8577bea5cca46
SHA512 f47131bf35b3b73154d9d4056db238bd63869a9c86766c567facc51e379879afa388f5dbf42e3a89f0b832493db45f5683544e93fa35b7201e0cfed83eff149e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c7ce26eb050bbc99c3dc21be2e4c1f5b
SHA1 ffe1979d12bdd334b743c05f4b47dd76ce056735
SHA256 29a975e146f28749a7dc28f134f242d546763be37984e63c9ffd3680b92738a0
SHA512 d586777c02b77199486116a0d797dc85c22b836c1b60000c0cf661e0e66d6ff877e98214c4df330a50db43bd40a85b1b5ab2f2730a0427e9634dc8e3eabcceea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1c37c1f663e83afeda86612658b8848a
SHA1 615fcafe2ce8059178351fe45c35e8eb150e7cbd
SHA256 ba2ada9168ae979657629fb5050e9e9aed2d4f35b46e423a755b1c0f45f0fb5b
SHA512 274f1c43ad0719d1e5f8d47af5cc5a82e26ab4a68a3bc3c62fba05e346d840d366acd2dd21263f6c54aea353c08365db2e0a58a8e89d9131643f01ef54803418

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0b24dd757dcda13d7074533330cf85cd
SHA1 939137735d3e552276273c49efddffbfb96ee9c0
SHA256 fe4bbde06891baf820409a01d81b347dc4edcee0f229cb1c07e6905fa37cf495
SHA512 5024500a865588e79970d11c170ccc911cfcb4e9991bb3c3b8dcffc1c5f0662c31c0233eea091a0d4c41dbca23220476f0dfaf6dfe4c6ede9074d874dd531d09

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 15a1c4f08413f2965af8f19715eea8e8
SHA1 d6bc5d1fa3e14b47f4263e6415b29e9365f57e8d
SHA256 52108c1001d6efc54861c23b9899b5ff8c59574754dc42e27997172ae002a737
SHA512 2f77ea172aa53296ac1117c93f31559416b03fa38cdc9a10895a395dc3ae5d03610be6233f1148733d94bb25b77f4fa52d09cb87e098431291ac31f0a0c19318

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4e2247e8aad9799554d53d0f70a5a1e0
SHA1 6f645d9142af5a198d5f5cc039c7c7e3d2e981a1
SHA256 6e214c7297098dff7770143a985e65239173382ad055d24f9e02894fd2dba037
SHA512 36cb53dcd5d056f028b63aa1b762e97ab870576e4c51c135345c718e9aca99d440885357c0c8686fc2613087df84814507eecf6059652a5cfb2117d367279e40

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f4e7cce015586213ae252ccefa83d75a
SHA1 1a37487cb53826d65e85fe989ef2d2fdb40c8bba
SHA256 1252568a3c4166129871ff99464746252f5f2a1f2a10d12edbc88db077a07fed
SHA512 dadb624740ceb43e0c5775304b39b34803549c9f4928e3e9cda04842d099759a1318e84666fdb5150e8f07cbfe524ed0c3dde75e1aa7ea18075efa24897e5ec6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 093fa11007ceb5f2f29883ac5cc02dec
SHA1 1cf1aff3e24f4ed34f60ffd9daa9fe8299b71451
SHA256 ca1d39bc42dbf20f57d630da6e3632039279b2e8de4638e57c64f3a3bc5a106a
SHA512 d0c61b1e06394bcd080c1c7542192959dda0859c72d24ba4320a1fcef0e2cb82e5b1234146349916c5f676031b45b132f669e6e78bb900c6dce0894bdd8c6235

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4713f1e4c9e4ee9b617ba02cf4410e92
SHA1 9ab0e1239cdddbd3e44bfc8363e1900a890152bf
SHA256 897d4fe57b1586c3b425c2c8baf13bb25188f529c9deea2871ccc4b83c86068e
SHA512 7285e0a5afbec2a1e1ba7dc6727a91c9bfe063bd3d130f8856fa8212b009b8490c74f50a891ff2280260d4df096b07df9084aeb01b380fd45700e0eada1802bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 227c4f134d5bbf77cee8e0d5d2444d7a
SHA1 5b9e86ad41d936bacb5ef11ae484cdc9c43756b4
SHA256 b529300a3b34f09f2d563efe1caf105abcdac9b0d810b9b9121f93973b978b6e
SHA512 7943c6a615e0a0509a10e6d5b0d8d41d58144d27d89b4a7bdeb134952d3037703c243f89977867e871bfdd03d4ad07d49504e156a7a3433b426c77af338ae0e8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 3f24262ca8ddee3883f81f4c4aabdeea
SHA1 9dc0b51abc16f284d502fe9ec78a59b7337bdefd
SHA256 5c84c4d45841164c872ea0aec6b1f4b48fce4f79ae24ec5234165dc6416bb862
SHA512 74a2558a4234555ba172d9f465cddaa463bda439e24aebf76ae756369e6a9a80c93d089af7e331046967b5076ecc1d5221eb06f7ebefafc15178b3251c3e69ac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 78dce5155e34daa874fbbc9bdcd44c69
SHA1 92cb4cf796ed5c87f5e2945d9f3e6bb4d2d772b0
SHA256 d49491bd5265dc7080ae768a012d5bd0d62ab7c6152e6d9506d4911a38d5f7bd
SHA512 da8262163e683694e881b4402848bb9f36a3d549e26961efab7f22a50f2b35f87728af31f9d7d5f6eb39dda2003519ca40c7bee0e080314ce70b2251229a068c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 db96d318c213a55c84223ad1e2ac2555
SHA1 0985e2b12fcbf8ef1505529ae88f0b2b84929885
SHA256 8d7d142b40067d123a47f99641b4725bdaadd4929c8e99f0c1bd3da8a91b3424
SHA512 a249e07f32fc6500fddd722b676b1fe67c95804ae9ad0899cc192868985038f7c7f1188cf383b6e8ca591e242aad7d7a669202e05152c212d04bb4652c66d0d1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 a3e8fc668dc71753bf0c22004bbbd66d
SHA1 717d34e951560889d914fd75a26d60650404431c
SHA256 c810e4becd6ca86a8ef60c5eeca44bba5b40d3b02efe4ddc49584deee698d889
SHA512 85473277a7eb50212a53d4f90bdc762efd7da05bf61639983c902799706f06009d57578259bdad0b75018b0c74d90519986389e4416415f30691eb5d9671dfeb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4757ff7b39eb21697234b49abd3fa378
SHA1 e13f8e611d23e107cca365cb4a73bd806e1749ef
SHA256 eb6bcd8ea35112f12adb2866eb0a9a442608cea541e2abf5a6d304086907ea98
SHA512 0cd0cfb5c951771b2500723355155d926bd2fed6c0405a121c1e7c7c70427950d035aba19e787b10046c8762716be743856c8204638a060a859da12850b511d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 601893fc412e43d0194f7a686e87aded
SHA1 220f036cee134b95bc02f1d5d024486d99156798
SHA256 095eeac285ca7e24dcd00d7128348d331d351a4b1c4b554811df1aec101ee2e4
SHA512 60f0e57bad66eb743d9eea7dc58d637501eb8d78a8b88177d90f8f5253574732679d615811b1db957c4cbd2ccdd5fd7fe56798d4cdc20dc614af8e0619c50224

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a294b5b15b1d0cb221dca2b261f53bd0
SHA1 ea4e14e0f175516e423507304fea4c7adbbc2bcd
SHA256 d64e203a06343caa5559e65bf1722ad7c77e414cdeb55702b830943ef0b851d5
SHA512 6bbba3e784f1dc4cbd25df519cd9c6ca96c629b3a677c6adb1a9c5d1e4844f232a3ab29a9fa9542fdd88fceb4633c3cd6df4869188d0d07ea32ba7bc76cc6ab3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 05b95290d4542862b7bdf9ef296a2a09
SHA1 c1257cf9ea1a6e173385b1d9a8cc8c64c4e7d7f3
SHA256 3628923d77e56379e3978098dcbc18b42e0cac43bcdf463cb2d8c01191b473f0
SHA512 a024696d15b8816d0ffea752eac9c605104dde400d5ade2720bec769e62310f9fd7804634ad0ea803b6a43aab64b67ac60499e79a19a04907c333ec85dee97af

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 c6a63a6c1d109250de4b0443d42707e8
SHA1 02154960f8cd9d7067fc6610fef865750d5263b6
SHA256 cc30f9b33d4b5d25a5c0d291b0ea8d9e6ec4e63c54a3bd4d75c029b6eb135aef
SHA512 b4d6115d04cec9632ceaadb57703fecb1c7a8a77d640eb3978816dc3988d26f8c3c0d51ab4dd8a7b5c8aa6656b6b9e30b4eabb76d0002f2148afe3e4ac2fb358

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 797dd2daade0a85640f5b12c0b786a4c
SHA1 8accfe79580c71b6ee45698adfbc1fb999f829b3
SHA256 ed75f8e9aff7b42e5f158acc4211ff923485ba89f50f5ddf0009bc0a5d9ff851
SHA512 62d7f1572325773ea0a5f19e4e06097d68014b27155bff8cd7689093c0816f9743e08818dfed4905af5401fe67bd170caa3de9a8dcaecd606aff9ec0ddeea35a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 01bc3c4bfc60e2d9bf4ef1cfed214589
SHA1 ac3135666e4cea5e659b3d19823a480f3cbac68d
SHA256 c04e3addc59703aa7ad827905a42eea1d57f64592f0780890545124d478d049e
SHA512 84081dc5bd550bbd8f20b58e0812e4d0ef81a474eea90f7df9cb52e1aea2f98c7a87d3345c8ceedc49537ed44e524962505554bc78b78975ef97501555066ac9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 81b20e399a15a09f57ac3aa575bbc4f0
SHA1 49be831e057244257bd4b4d6e150657ec8eba457
SHA256 2f7449e30e8f37788c5a76acd9ff504f2a33b21841ca8aa94169c1c90bc68ad7
SHA512 949d1d0742271c394c99a6e8163f4047298b0c31178a5633b8572e01beaacefd5afc0260809c1074c056b85b96f34a90ab9711359c058cb3f61b84900ca8c1fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 20ced8e96962f21fab5fb56273a1fc27
SHA1 d647f250fc1ac8da1b4962461c641eb2e7bea6a1
SHA256 87dd7de4ce69c925559956d7f7f0d47fac5a246ca3b4ddc9077ddb5d943f88b3
SHA512 b0e782a1a7adabbeace06fc1db7c82e08bd9c71fad5d48554a4d4372a471878c1ec69e7e1463758c7dbe68dd6fee4e431eb060b2a1c94533b5bca408c0964d8c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ec48ebb21d70abcdd0d217d65a2a6c48
SHA1 2e7f1e147fbc6d38744e4d62202e333c0ed3c72f
SHA256 a1f567124800acec574f29f6f42c6fa042489dc1f1a4b4b65e618f93d6d8fe46
SHA512 b4237e241dc3d710f9f0cf45f98f786d21e55a570dbcd39fd4464fe1213deee25e58c27ee2a5e9be9f4127fd3ae6a4dd315b08de2dd7af8b5b36c6bbe24f8e45

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 1352b4217f4803a2c776ea6ce8e6985f
SHA1 b1195adbf7e354188e399ce1657f178abe1725a6
SHA256 54ee2af28597a3fd0a89446fe4df2d376c61d922bca6c0cd41b31fc9cb3880cc
SHA512 8a42fbc3d020bf5998ab1a9f5f024b857e89606e0d979f79811efd233b1e30dda8ccb0450b323b54484149c1ce86c2f2e248e793a84a0e9fb10fae3e15863bd8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 0f8c54e0b54a7e9f6c7961ec8ffad0e3
SHA1 a2fef3b77bfd17ee20eb8c85dc9f1b605aa82b10
SHA256 f788956fdcd6da5dc04f6cda4e124ed2a9b35c3367333101fb49af0a4738df55
SHA512 e22915dbb877bec9ed630b761dfd870402fa0e5a7485aaff6aa68561fa5acbf7ea28027b8ae2aab2dac6e846281c360db33c8cf1530642731dce1b0867cdbfd4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 cf3bff33419c31a3bd1fb8c38a78b8ee
SHA1 3ffdb0bf4a172aa436138955b44a1c2beeee5137
SHA256 0176443b7343b9676b2a3b3148190cae80981f9662ab85f69a6048c617d14fda
SHA512 4f86ce54ac2270ed17478e1fa7b900982172bb19bf67297ab7dcfe177d35d69b78b0f1610fd439a2b70d52de2d83c7bf9840c8c43a89c43d133287c363aac2e0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 c5864aff57def513c088ab83dad94c0b
SHA1 99582d36add402dc1924313f24cd783f5ed1805a
SHA256 cd89d10b83a87e499f2079b86c480b7db8e825bc21c29ff7e0ff00adf38bf223
SHA512 f9ae03e66d5f419f9be34f690f70712e07f7574c26cc3a7e4825a0d60464ec9fdecd70a550013966b46a29daf4f2525979c5e616e94a1d0e5dda141c48a0b6a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 8753e3b8b2258481ed7512f1134b2f2e
SHA1 ca0b69d95b65cea2bf696659f0b061d175d2ca4a
SHA256 4f1950e53b85d14dd16c10d013122ac256dfb4f63020afdde90e8066c4a9abe2
SHA512 b03d7258de8499a01633593fdf0046703f1a2fc6912ba8ddb9a1c01a3c74b45a9bfe38fda9da37514785b927fa5b33d13f19f523bb6639fcb76b09bae415c983

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 7c577cbaecb5bbce3896eebd432ab5aa
SHA1 85bb4e13b433d44d62d0464852e2e3eb9ef242fb
SHA256 d0f5810b84871c449a0b08f0eebebbd471729aa35a67177918162200db970d7f
SHA512 b316640f0e971d5ed4ba9627f496e3f5cb05184a8f2ef02326e6e96338665bd32b8a939b4342cb26ecb4d0b273797352da3a4943993fc9c64ad03f1285e97916

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 d32e45017799932d7ad9590fc69f5f49
SHA1 2e10f6fac1e197d6591e63178835752d92f2dcf2
SHA256 d700aaf2a17c583abe87105b025aa0dd735a5cc405bb4a2036e641477db01e01
SHA512 2047e5a5200b201eec1b6b2536aac22fce10ec48b99448f737521aa7cc5caf2361a7f9292a018d60af1d22f276bada5aecb38cfa1ce9d82ce98be6fcd34d94b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 832ac72bbb3127f60857467ac6d4a263
SHA1 3237761b0fcb4b0a2cfae0b496474c8120403841
SHA256 3f347ba2505f331fa6d44630a52f1126d2f15f517531c3a47d7dd7161472fbcc
SHA512 67f9828d64b74e2548b1a3b720ea2f52cc583ff9a928862c4cc47016e591a55a6ba38ce46026bbdff59c9b8fe1523cb79467db5a44819916709999ce67d6973b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 046737d03c910f5ed546748789a0e698
SHA1 61f6b49cbb00795090554ad573aa5124596272f8
SHA256 eb9ac7ba0f1d7a4550892e0c485eef8492c5fc9f0d4455e30720fb80364a0dd4
SHA512 2798e06bcefd1abf65e363e99a77d1648124f3c7bf3f890338a507e54968fde899ac8acf3f5083e457d296b19c30e8e5ec64692216391c0a6914bcd6e1cef570

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 1ec89cd9091ec7d649b6ef93b080ffaa
SHA1 91f736e8a84eec61527e1ab942f113a539cfe8ae
SHA256 c83f9b1af5c27fb35bfc5cddb8b5d348757e54241443c8722b73f98d9739650b
SHA512 5ea5c93e798a641c0f009b15a15c9e203fdf0aa30ce1edfbe07ef5111a86c0342f179c75d8b60c680cbc9d4133867521e9944a7f6ce4ec49aa22dfd285ccbf7d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 cf70b873de290cf46cabc7327094b4bb
SHA1 9d0c7d66db8a9887a0e096b3b45c36042ad7ef88
SHA256 9dfa78d2439490e3100e1c9c2f423d731f7acdf70ecc2d1a12efb867b71ccd75
SHA512 6d6074d007a9f01ae543228ee10e879e8e27814cc507db15b9abf28aa2ec696645edb381b7eb99e618a08cc2e8534ab328346b7dec5aef25deac8412bd0db890

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 994c8a03a51b2f4de33ed429ac064f1d
SHA1 3d729da07a761de04445e5a5a7f216f6d4615670
SHA256 9af596633cd228fe99633f89d45d90fc5d87f8a7c9f972fb033a30e11701c2bb
SHA512 3771615d4740e3977e997c47d3ffcd816cda962a7e7422e180a988076bf44b287cec73bcc5a519e4a0ebe3b65083fbb5ab62266e9dcabccbbe41fa200535f120

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 7132c9ab6226d83605ebdcd4f655a747
SHA1 d63a344d931fb371dc59b273ba22789c6154af04
SHA256 38a03dcc4fc7821e76546c7bd8ee00fda09072ce27d41d96c15eb2409ca08b47
SHA512 41b7b9cc919ed8dcf052b02f906b09740ca97ad9be4b9dc7abca45e67d6a0d80c8c2249a6b0969e0b7a9f72e306d631885668ebc834842422e75757eada7ea1c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 e5ad6a7e07623766ce55214eee78c87b
SHA1 3ad58bd6c9f42d05fe45468f363f83d2ae08e99c
SHA256 520f0a323dc84913ac91644b778281beb59642fc3479e838b4a35f61654c7727
SHA512 636b1bca7c5d25c8b0ada6e4fdbea7d84efb9b3da8c2d585fc9509e49ea518cea5ebf15d49cac5853c7fec83acbd95ba2534e36ba5cc3a2f3d667108098b39cc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 93f94863f77d00358003b452940b0612
SHA1 c02bbe998e668b2e7d77973da2a82974d7e498b0
SHA256 ee4fe8924ddbed220afe4141bfbe83061f0b7d15591efffe06373156bccdcb35
SHA512 7f74a445e13168a2e0d1c246ef334684e5ffe1950bc2816bca49307f9dd3f2f4465eecca6dc186c708db47770a4192fa0fe6c6b079fb6d9a22719f16eb6b9646

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 c8cfa7b8c719d886b7b9070d41b92f4e
SHA1 c7c6b8f5afb50a12dd27e3a0bd3202b8adc52622
SHA256 a44f5f06d27e744996de9885fe93d63fa98c0773f97140a1f98172c63b6f3eb3
SHA512 2af2addb80ffafded1ee2ad934192bdc66dd4bc293f912dbde730f5f3de9bfdd4fbadbc4f0d361ae35bd8262c952763d861da979c8469e5baabaf44fba39af70

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 255cfacf86d3f934cd4e2d2a92a6131e
SHA1 205f214ce1da0272c183fcf8655185edc482d8c4
SHA256 f4ffa7081bd2649362961435813c735e60c3e502740edf8ce59feab58aabf274
SHA512 091ec752a95de35d69e925149ef2f98c082798cf22f838873ba846ad3494c34fad9ee28d20f62c52730cf9be0756ce145d330395ba56d0bcebf63439a696d62a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 3681e3db465d9d811565676ff04c894c
SHA1 34c6e5304b4c99b60c122f5e7dd73897b4cf21cb
SHA256 8774abc1c30f1086fe11d692cddefc7a483b2d4e27005f90e44363d6bcc33d5c
SHA512 1b292dd80a59bd227329ebb226e43aa2d18e48fdb9713548123d6b672f1b3c774fd78c3af352952441cb47a060eeb451647bca3f9f9a5376752e596be6c195e1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 639426d367cafb9c0351dec0ec7624b2
SHA1 8eb2d7837d4608aa6bdff6ecade9f9621189f880
SHA256 7d9ba277f8c9927edfd8c8a4b79a977905fe18ceb71e56d479e6ea0c2b82fd1e
SHA512 db91fec61314152e0dc25550d6ff72bf8cd894076e01c5eb3e9c0366aa5a4f485a1aa3735c92630a90e008300827a950f4d6e7fd8476a593628661bf375e0fac

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0bdbe9f030c7e251e5a496bc9434b54d
SHA1 a1102c10e0c1161ad4b7d1e159489d15098b713b
SHA256 55cf946c4fd975a3b9cfcaf23149700bcc9f19fd09c6a46cc8ccb2be2c1194e2
SHA512 995f0afc72d71e41b787e3ecd9d15790f2dee5fb2c40b9a76fa8494e53ab39f796d6658920f84de179d4ca824b6996e41d12ee71ba5161eba905c51b5962dcd7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 cc744de7b022394a1ee260f418fa2e27
SHA1 b8c8c4270711234b16e49beaec59809cebb11d9e
SHA256 d0fd93d78b7ddfded24d8b6e8911e0d6ad485f5b9d5610df2b68ccf247e8d4c1
SHA512 beac90c908b10cde7eb01b3b8fc2679f8b513ce48cabdb0ef7180171cbc5cfe308ce4e37e3af527c1cd8298941d853df2a0090bb6675d51efe2f2058bb5571a4

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7138e371d80783fa96deb23545d7d17f
SHA1 d50d6c039f599d6f346951913f9435453f7fd6e7
SHA256 bd1b7bd34b9e41fda80f1e6183e34d8de2e38324c298fa222338e3772225f6d9
SHA512 85ebee5b51486059934cf648e0c3e47d32c90dcde23a0cfff980735e2e1f97a4f7a4e815f538e504cfbcf98a300487c3fa805463a0bde58c0c9f54902cbb342b

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 fb94160545e68c0d6a0f01846f8aa2f7
SHA1 38bd297d39acfdcdac2dff1a2f447b9c10734f40
SHA256 a1896cef9d5e72e63cf669af22aa0c44f3bcdf11e6da3dcb06a65ec3f1cbc22b
SHA512 2e227e9c6520b74a18535d023c283d277331ade4bc19445d4cfffccdb804e4d1dea4d808fab60750b2566d0f8534efeb26b3de8a04f433471a04e5e8b9b8aeac