Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-3hw38ssfre
Target 271300dba0e4bd10d482807a9b1de572_JaffaCakes118
SHA256 080e0da4d871aa45c98c302f389c098e7947e0af4b30d2de74b1d36629d22f12
Tags
xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

080e0da4d871aa45c98c302f389c098e7947e0af4b30d2de74b1d36629d22f12

Threat Level: Known bad

The file 271300dba0e4bd10d482807a9b1de572_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2177) files with added filename extension

Renames multiple (2210) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 23:31

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 23:31

Reported

2024-10-09 06:26

Platform

win7-20240704-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe"

Signatures

Renames multiple (2210) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_neutral_2b561a02e977e2e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_neutral_d9eee378245b3b8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_neutral_15940559c66fe8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382952.JPG C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_TexturedBlue.gif C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.HTM C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ae815d1cbf3e5aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b895a755ecf9b3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4f99b8509587b6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e2504cb3efd0ebfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-desk.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-efsfull.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e3471fae22fe58c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..oundation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7748d41b9fc65848\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7e524572c62fe1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7601.17514_none_1ae611d0c8ecd885\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-storageservice_31bf3856ad364e35_6.1.7600.16385_none_0b4d49ab83f80cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_254be471dc730eba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmcxpv6.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_72f3d4cf9d3dccb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b90767b8f51495f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\es-ES\playReady_eula_oem.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e370f7cce69b34d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6b473fd996ad40a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d7bee0b8cd3291fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8279789ce7c8960b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.1.7600.16385_none_b8662df873a3a965\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0509c517051939e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\passport_mask_right.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\4a5f2a8626e8af6b6f54e42a0f59f2b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET_4.0.30319\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_fr-fr_2ec0044f0229e264\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..atibility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ad73746dfe1a5860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_8.0.7600.16385_it-it_10426d8f5e4b129e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-adm_31bf3856ad364e35_6.1.7600.16385_none_b46176ef7b537beb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67ae197822a6ba5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_982615c45099ad89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iirsp.inf_31bf3856ad364e35_6.1.7600.16385_none_02496439a3048835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc691d086f51f2b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msidle_31bf3856ad364e35_6.1.7600.16385_none_cb5832fe03fa7bbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_avc.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6fd8f321e377b09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..drecorder.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e6e374c6b07b0a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep004.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_991b6dbcb3872570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wlangpui_31bf3856ad364e35_6.1.7601.17514_none_a8f77ffc5592a42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multboot.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e593ee7f79d69741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500.htm C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cryptxml.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c38199c01616d46e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_cxfalpal_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_db4796019d20adcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_74df5c53238d6270\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_90c28d194d44f550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_networking-mpssvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c8609145475c0c59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\3905ee11acabb6d202a69b8bfa3c91a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp7dda8007#\e00e9898fbb901fe514674de702f578d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_ddores.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5c4247eed23781da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_fr-fr_9185c2e4716de87b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6cd9929c2f93d55f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_18f43c9af640b849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_c5ab15a393b79113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netvfx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c60c2c0fdd2e5ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-docprop_31bf3856ad364e35_6.1.7600.16385_none_996fd19bb76f072c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0c98a20fb49d50f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_e5849be1bd89e07e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vf2armlQ0yGe8NP.exe" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LVFSQWMQKONJWPJ" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vf2armlQ0yGe8NP.exe,0" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 909e8ba569e1e67dc9d66359f1aedd54
SHA1 8e023a452996be5c64f99e6cc99fc830839a79c8
SHA256 b0b918a9b5cae8758c441e9accfd89ed9ebaedc967e300e7361760efe5e9e7f6
SHA512 e25ab14d078fb910f59660e96b10e8f57ff3a4f35e878c7d26cfdc6d76e729f60cc80886f8bacb5a2d00b211b66de7597bbaba8f858d0d84d89dbf9dfe5ff48e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 780ebb89234abff69d92c62a0ba1f12e
SHA1 51995ecddd86d67b9a6f48111e9372872ee5eeff
SHA256 7570c994084371fddaa694b2b671f1c8b682ca67bb71783de4cc02910830bbc5
SHA512 4d69bf8c119f50ccd6dbd3e1992565ca1ce31ef97b0c5d18b3d233aa70a3e20044af39380f379a29506188a16fb5d5454a435e9b25375b55e1ffc2f61e9c149a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0754d53f03a51ec0645669a9aca51363
SHA1 8cd5679f10997754132de46ba4de42fac21bc9b3
SHA256 4d565d23944740b9e7cee2c71da4a7ee7d8048f61d88c34715f58ebbfd296fe3
SHA512 52948997d78c8e74c172db4701a00166c4369c7c72134562747df273eb5aad70b569d116717effa38661afaa837833543b4547da9079ee211a569bd8f3def8aa

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 87397db0da0245625ad26d6eabe402d4
SHA1 a0b04ce9d724fb80fbfb7665134bfadf56a2081b
SHA256 80d5be328daa7b20f0f9d8202cf163cfee8eedf54d24be69d612649ceaa1fac5
SHA512 8dd3a4e7f6dc803e2ae269dc5f677d0b23e4a96b4749586c4da2969cd1a58c015e16aa06f7374219da95d68c02c48df8bd8807284ffb8eeeba330e7b98ea8597

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 83eb89f1c160f6526220411bca02156b
SHA1 319a558e5cde28d3ffc0d111d074a9daeb0a5cee
SHA256 151f97bcc89cb53b80b70b154874e4903cb63b9275c5b36978c6f35538d8743c
SHA512 9714823f0b238afac99ddfd8a5ad8e54c0fc372241a2cd6032b047580518c2b64a0975350096331077b0d20e97bb39b11f3e060a4765c6063cac6bfce40ed61c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 38f4baf68364d18a69122f613cdec04f
SHA1 6ff3a6b33a5fb8a5f3bbda401ff06e6a78542fbb
SHA256 997a1de232bd3b20977db91f486925047472c7fdcbe46e19fe13600cb742a74c
SHA512 4772db01c26cc1261bedbc23e0ccd6268afebbde01627094177f3a96770931350d6513750bf676c4236b9de34991c2993dfdc70f54442b240a75f044aec8c788

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 fd99ced5d90bcf5b072fd40bbb45d696
SHA1 ba6fb25f2b5fd07008636001691f078843b22b07
SHA256 3d3ee048738fdb1a3addd21f418afb49b0b342302fb71cfee2a234a4f2537195
SHA512 b3a28ee6fac294134fddd0a3c8b84e25b902e05788c82f724196c30f3b7a6ebe68a2390cdc264865a5943b78eb0d2ab9805367bde3ed8ba642c49eb062954efe

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 3ff498d186716602d4746228105f760b
SHA1 6a69ce74f1806faf88670d38a4f9e0bce72f6aa1
SHA256 61ea8e1060c50e9c24ec57227ea5eace361c002afa5be583c759cad62124f82c
SHA512 ef81d732fca6aca5ba89a003404ee45e958c4e1f0ddc13b1bb18c6896bf87f0e7ed92f8ca81d6eda4b4663edcb833c6936283aa5f0d5a64a842875207475f531

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 6725a82151dd3d10d219dd875734da96
SHA1 de762493052bad973cf7ae163a9f71ce569e5c34
SHA256 e159849370012be8965ab5c6178bc576cd15d6ace0c5194261242e822331efe6
SHA512 ae55febf67a44cb93c556fab2510b26ca258f4aed1a9819fc2ce202db88a5ee30e0f2109060d505a47ac35bdd7ae1845b713a6430e2ad6b636eb6dd64e169a59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 ffcbf1d985b6788dc6d10a61f6aa44c0
SHA1 9b9a558b53ff0fb165e34a163fa86cd316af444f
SHA256 55eeb007bdd1fdc28484adbca2cf4ea56f2d0e8c5f07fa11cdb59f5cef7f9ff9
SHA512 0e641d248ad1c3a3d964b329eeef54ddf84877731f3e280144d3d1251f4484b917aedfdd0ebb855e58a1a7cdbb3f1c23f4621d0e4290c8f224aac87b88234353

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 c0e0a95badc42a7fc72ce6b3a2af70a6
SHA1 7cb9cd15f9ffa356b79972ac5c54f02e23b4393e
SHA256 5f4daab266409a077414f23efe98573935f0e97b881eb1a6110f650c058ade69
SHA512 b9862717a5ab4923901e5720cfb6d28e81ee7111ca0bbda86fe003d5f15d3ab0116df0a52593907b5473c40b5d9dae04b3ecfcafd164958f3113193fa6517d03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ed7d598e99323b2304af7bec96802687
SHA1 4b776e876399241a30ac7135331cd3c290b42f1b
SHA256 4c15287e260427dbb80b792e7561eb0498d8691aacf6d796627d32f292f3b13a
SHA512 b05f3e4ebb329ab00496268899ec167b2e1c3cbffebcd170bb5a4a01607072b1ed5a6bc174a2645959722b1385b856862e669eb2e13445de65416ef32f972400

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 63d7e382d7f762ea9bd0d87f0ee068e5
SHA1 9f4b65a889f2efa60f55ff5ca06dced46b966160
SHA256 1192c7577728d1201790e014b71e22991ad2a1620ce4734deadfea6457758be6
SHA512 63d7f9b0162d7f92cbcda28d6037ed4877ba1fbf2106152c434febd80ce18a5737b4ee47f7629c48d26df075977889a550e278473c1905e6b6b9b19a9a03e507

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 752e858fc4b76b91e9ba937eaa01fa0a
SHA1 b734ab426303c41cf8986572bda21f49b896b8cc
SHA256 488917f8053f8d00fc13305b91795607eb4061cbc8d56775a647da794295d62b
SHA512 c78a3c62b443acd567dd7bb1a65af4e008985499f805976efc7ac9b1d6540992bd88c1cdb068951d36ca9ca258bd3426f961174f9946df2f0712c94a3e088022

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 2f0e445c15cd3c0a78c7bddc332a851d
SHA1 c209c9331384be111928b547b5aa88a4c52a0645
SHA256 8fffa7c8b6f543ee67bcb3af4525d83b921caf3f82d4a50fa43f3fd623a67b1a
SHA512 8f9f65e0385fcfae567caf3009e7346d40da8ef7e1395d463857eb2fe0b3fb61caa3e78d40dbe5f5280780bde88da1cd68d901ca6e3e2aebff2883643f05a97c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 cf497b5ffe4ae22644dfa009e3a23eef
SHA1 d970ee25c81b4f207ca39f103ec3c0a6d7336d2a
SHA256 faf9e15c5c9deb2e7384b4b7474f7e53d05a229a79657af8752eac57a12b6523
SHA512 3de96c2d67e5f8845853576bef85bfb232ae7dc96753b1337a91b542144c731b72b70842728b9eb79f776fc57ea6ae68dd597faf62d2d25fe8145166cc8a2de3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 86622dcb698e908fcda1dc9bdae4937f
SHA1 9b7c6dad90cf1f75603d623d3b83e1d9cb9473aa
SHA256 8707b012a89327325798f460932b1589d5ffbd9b090aa4bb21b8516e9a470858
SHA512 b753c5aa34eea18b9d4fcba9bbceab046f41274d018561fa80534efbbd0cba82c0eb1a5fad6993d82d972ad32ebbdfa2ee7e397d52416cd032c1c663f46189b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 cb0eab44be5f09625b0c1d891e0c9632
SHA1 dd2595222f66304c557f3b444eaaa95964794481
SHA256 1ff717d2f139ba5669abe84983d1c705b302ca8edaa2d44b6602d671e06fe14c
SHA512 bebd6394575f6deb50472d5e71f724f3da5c9080c036cfa659982ae283e737227f66f3e4b29ffe46ed8cdd23d7c7880e62b690f584bdfb5d74fc0b3257ce98e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 b61bfd04ec7bc3afb9f566bdea7778dc
SHA1 7dcc3f37ad5a6fae479186c8599aa00ec4ecbab4
SHA256 4306b70e2025fcdc3144da4962f886a3422e41bdda8123212b06f09b955112fa
SHA512 47122ca781c9972448b936c9e237136f3768e51cca0a23590dee2fbf16d8a56f7ddb7072db9c6b61eb4bdff37cfab252faafe1f5e071f0f1edba5a785e2b6edd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 6ff072dd3fe8b2812f33cb2702daf2d6
SHA1 1d9ee5c7fec193afaf302b2bf38974de5e6a0276
SHA256 ca8e2cd68e734bb5880888ab3881293c81c81414c00d16a1a00640d0a06878a3
SHA512 817767ad45a41277a2245743660d7cb3f1dca5e12af04a3245951c518651f3345cc272749c141fbe38ab3fd7f3f6caf03ef210464faf96d7b5e2b32dd844417e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7979eb44ea3724b899816b327be7cd52
SHA1 e11fcf64e14bf7b921f70beb41653aff6924d6d0
SHA256 9968a4b8a51f9634411b165847eb5ee8e0add24085b3acf20e0ec252c1866e54
SHA512 23623b2af5424c06bcbf3e08ccc76891ca7d557afc0413be303f26023ea146dc759e79a4e8bee3a1363caae99c15e9fdc8bbf87c5b2009d27a98968c8f37dcb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 8e44234ec80bec756dca587082d841e4
SHA1 9371625ed05fcbea03c8411ec4ea15315ff59957
SHA256 b0623617d931dc6976c324fe58291a56b865fd6f30124fb90a4ab03dcca12297
SHA512 5dd21cb142db0704a45f2137e157c1b98ef7061050c34fb045f78663e0dd0f7f0ae842e8317766251b7cf7a23252a5c3f8c85a5983be2c2efdd2e54c5f99e906

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 7f498e7457698d239fd7c53d7a1aef24
SHA1 df921677652d5dfd62e9b95d9e5e267527ec19f6
SHA256 4d8709a911e39523864245df2c54e255ca35606841923ef889e9a8e5ed028aa1
SHA512 567bb6367a2091b26866b98556d07e2ddf614c4b1d22f7c6dd394feb0ed5ecd17aa814386daa250975e742bf3f6e4cd22c5ed0166e2dbe90d5fa2ae458df96ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 de219f48c61a8e0ab9a2bb956b5aaeb6
SHA1 c7e9cc1dca0ef65eea2adf7fc9eea9d1d3f87049
SHA256 d5d0f986b32c3e1631182409d57226590115dc7cf16b86da3c1cfb3fc684e027
SHA512 aa1301ca3cd9926b44daf2ce1f2ad6d67fb4869eb0be75e36d6563f6da8588456bde01c7543c0dfba932053e77c4a6903d537a5029bc454cdf6198213b47b497

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 2be67b787afd21b7d1e019a167722d1e
SHA1 f9de525a30f7cd46fd1dac638c5778f127ebbd36
SHA256 74ee2f2809d6fc8c714b0f37bb489f6e9d1d31f25580b35d6a6598c72d2c631b
SHA512 32395fcd49646f4861450979638151f7cabd6e83b7184003740f351f1b7ee2340e31dcce3c808221b6eb0b1f99ffcf395d2df7f797bd2af2e12c268783b91077

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 fb7bd8e861152d5ec0a6d21f1e5200ab
SHA1 b1ac88e3e064c66777520aabf53b7b5acfaa7f41
SHA256 79331c2218ac76c5549c772402c29f767c6b9af473c8146fd87ed5449e13403a
SHA512 75d6a7785bb158c22091a6a534fcce9902b2b9c6f3b16b0d942263ea2c2d5a372c8308f70ad14db199cf719b7d69a4218339a2a5abc5e5950f7d159fc13c6154

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e31b4400c44be6d007752110b2f0986a
SHA1 9fbde203d74d30128180f9cbf536ae6b6a31593a
SHA256 9780926fd36259b3bc6dee91d70015012d6413d4aafea173928b9faebcd2448a
SHA512 36192505859792e4271638ada16d4eae3d54b4ef9cd17bcd67f879d30a7e51191ea982dc7157f35501dba47a7773813f46a86cbc63de354cd691c09bc6fc8b4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 2c623e52ae0d39d7cbb4d13ad4139af0
SHA1 3d3bb5c2fa8efebfe37b0f490e091419690a3f58
SHA256 a48cef03713fe0c5cdfbf3367dae298f45be7195c33ecc275be58149988a4a93
SHA512 992db6529403b39f8e359fdc08af888f4e4840fde59437074913117adced3dbfa943b65cc20f2ac62447a994ae9e64af06707ab863d6b2beaebd0d6993135665

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 8b8f902344660190daaf1f5da304b6c5
SHA1 d239ca966f292b32ca237d7c66606a15e1a1c2a3
SHA256 aed9629d9cdb32622b161eddb1962f83140c9046bccd2280d336c4d83c1a8b2d
SHA512 2ac24a1b3abd20c96589ed0ce962720614c10587b6cc7a9de3ccc51fd2438692afa397ad022c476b64684565aa6caac24606d1b3ebf09102ba908d774029adb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 db1a24e227400110bf72e961ae0fa7a5
SHA1 2ac10ad93707e6489c7eb2c76d9c339f02d8f05c
SHA256 0764e1c7af5ec7cc7578dad636db7cdee512e670ebee59c09e6c9915deb40856
SHA512 e757184d2a6e94202ceb5e7eac87ee7ef3c16d95aa3e15390ce30a9793812d0e6aeffbd16e3c3cc6b9dd52b177ac8a3a4384ad61147ca8b19396f9cda17ced84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 34c8bf685fb93053da1c9397c75d36f8
SHA1 8adcc762e3d313cf15eb3a28f66eb4d780309612
SHA256 1e889ce947d7889cba7af1082aad0440527dc792cda6921de2e57d0d8472d779
SHA512 421356e72efa9b90e819569af4f6df57c845c122ec6b54b0db518ddcb214b0a86c3d0abc35af7234074c30dafbfd33d8824ac62b042f9688c95c2e6590f0e55f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 1046885ffdc8ae577909ad488e046e14
SHA1 c6a238d0535cdeda4198a9cfb3808f58df002725
SHA256 4b3a34cbde77f6510c534e1ce5a4eb4ab830dffbc7d2353e3e69adfeeea44170
SHA512 0b9aff1757e8a44d24fd031bc0d430172125dd32c2faa40b89bb601c97427850983acbd0d6533f44429dfcf2a29ecb5a6fb14553658397c5247e4ebfa9194022

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 1fe175a66c7f875b142db5bce48f1dae
SHA1 ae841933cc1f8fbbfdb2bf6da1c8c034f1229102
SHA256 95eaf1c3d397c612e0ba43f7dacf9fc9040d870222118b32f5be9568b007689a
SHA512 bb4454bf8480be45ea32b5b83ae14978348350d2309251b9f369606cd0304ed4299ce08fd6242288fad0152b9de5a297fb5474e21477b61bd44d30ad423be7ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 8cbfbf0992cb07474953b75cdc5f60d8
SHA1 31d2a7fbcc2e1f80642931c52386ad799c9f79b1
SHA256 64d99e81bdc9199af75ec3ea0bc962ecf85a81314a64aaf5d638e0b806b54f2d
SHA512 f1f63e59530e8e7b5d9323c73714d9d0bcad2d9e6e691c135e676f2479200fd85fb9b42c87761f9638feb849099a6783209701b5bef6cb7df5e7f25cd532f6c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 2bf549fa2417f41073e07a044b5c3475
SHA1 27c6666b52a9e4bf3b598d3a6ee8585bc8f4f00d
SHA256 16ec4f2035a0eff235a944564657b64ecad4fb68dd9246a3128009a439eaad53
SHA512 0c767f82b58d46a7d8f89031d66daa3fbf7720606d9e23def1bb662f600b20cf66b399b728db6579ba17b18c8a1242674000727f97fe948b7a24184a52d087a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 7b09ecdfbdd8cadb8a168666d79b87ce
SHA1 30aef75e2e3e4f87c6cdd42c0e14a45d821fda37
SHA256 85e1316ee0b5bfdbd1d381888e15397121ec33249c04ed37909f6a28b05a7bb6
SHA512 2cba15da8e1df9f1964d11c616a379cb1bf218ce56c206cd45209b5895a93da4638a53ad95f89be27c53de1863fedd9f9517823c7f2baa70ca49cb6ad8915f39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 3f47d66fc2fffcda6f9ab086aa21e458
SHA1 1ee5c19c55af2abfd8efe9183e53ea4c2eb67051
SHA256 148ecbf911de788c47c8c00c9a8e23f611d68c7ab3324ae1d123a17bc1b9adea
SHA512 b3fbb6906b05cc6b7b1df4786e1219004b0a4ab481f57e0c644fd608a24e652527cf1d4b15c8c02ce66eea41d8f484b9d62b09d91a84dca4ce4b209636491d44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 09c7755b76cf94becc44ed119ddabe58
SHA1 0d94ae1d87ad276e0e88d7418de9b0dfe3dde3d3
SHA256 80a24b62fbffeb75478fc3c4e4406e58531ae4f230e29ae906fd7f9005f1ea66
SHA512 8abac5ef4aa2d596a19132d8b131378ccaa0bde96fe0f43cd179bb4d75ffabb8ac7757a44c66980302ca867764733dd49aacf2e0f817362b014c2ff201671f86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 18f7b230344cdb57bf299afa1172f141
SHA1 c6be16f74c92987006127fd86de425fd3b383be5
SHA256 50cd3e915a861749934493b6ae4755fc6269582adfd23a2046652cc3fd878719
SHA512 79d989c2adb1673200d67bbdd959cb7b834371ca48a95a480755dc855cf44328a8900083c09f9fb29013513ad3e067744346484e8ac96c4d454ad05d2739157c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 9f737e0c0a2c6050b1f5e299d9edc505
SHA1 471d9ccfb54a1ce11d1973917f9532df70b2eceb
SHA256 71f19fd9dc8f75a13e8d20c9dc2ea255ca7716696f7b7d19dd1c46c8a2b36668
SHA512 15a3fc4b5ce6d078652fe03f5cda3d666e2b4fa7410ee4f7189665a85b53457332d8d0040f6bb20a3d559093dad0ae2c26615b514ae1ce87133aa7044a822772

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 9fe800702e20557c7830b7e66e92dbcb
SHA1 87719af7eb2b6fc95e340110f9c61cb05f7fa03e
SHA256 17db0cbb36dc32dd1da4a9798df95394e5a90a52ee453f3faf283d1469e3db97
SHA512 04e1f83c0dea7ed0ef1c8128c39d522f046c77048c5a0bfd775a1a7d8461b20cdc4fd07d65187b4297ec20b5f78aa08d8f70aa9abcc60879f37643c394209586

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 2b21f3382ad38a5cace6fd6bf9089e6d
SHA1 a27e6ba4769e659c3924b4a48142921553cd8de8
SHA256 b62093f5b9566fbeb2b788f92b86fdb72d3aaa3772c1fb062fdb684a1ccd53da
SHA512 43241591eff98984b9b0c5a923bf01222120158a841fd9b74ee4eec25f59c7d0feb2c90f4938db4bf48c741ef769f05a756efac4f4866bcb4b66de7463725d05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 fe782b7ced0e5e8fd72c760ab0b29fef
SHA1 d0a89bf1dc60f25809cb8a41e42413ca066c0799
SHA256 ff80bc3d9fb76a6d3f1c79d2d0a07d44788c16acf1cd7dc6011f056aa622f919
SHA512 77c6e21a3544835042c2af721fa9bfa5110151f21e95e40108b8d2f5c7feec93b8334b53733b3c82cfd3eeae695db7338042495150cac7c25685614f9cc676e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 8ad573e15bdadf062bc158aef78c2d69
SHA1 677394c60db79f053d6dc81703af23c76c09c675
SHA256 ac74d92859a566aa15004c9dae4fc270c6e863b036ebdca4aa84f4c5685c9833
SHA512 74cf055979589249c07aa1a6595fa474b0a00d7aaa6448c980e694236d8e8c92807306e55fafe7666742adbd0234042e98e2b5d72385acc4132fe414b9b289b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 825b8d3b8d976bdeaea0c8aaf5d8b466
SHA1 ed88796f1dec889f3b52b7c3c156cd5eb4fdfe87
SHA256 273d03caccfb1c104eb3eae9e56f12d2ca4521c59224108486d6f82594a1a345
SHA512 be17eb53feae873a3b2f28cf0fe36c2e4dfb5c8968e27ee33f8f7e26c8ff214da6ef3255fe0fd899691c2d9b3f953cc95c120c953dbf911e833799efa27ee5d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 e434ef822bd2a8d1620a67327957e27a
SHA1 defea2d021293defaee1a5a2d76717362834ddb7
SHA256 1bf354768cf28217e4a6efbc582431c956b0608b615ff8b107722be0abe8bd9e
SHA512 e61ff9d3082edbebadc76a3266af5f46de299f6d76d9daf90e57204b482b8e49c61d9277e7f545f9819cf7071cc5d71e178ffa8a6e6600071e883332f7e3d9e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 f5b0a07fb358122add84afbebf104919
SHA1 c0b7e5df11982927198d6ac45079f7918437d508
SHA256 af81eb29a8dc6dd4b773a325d3c3d5c922d3c124cf913757c3ca25e45c13eab3
SHA512 45b3b224b0adfe8138ea5d71688d08f57e471a9f592d321b7affcebfa97e6de42d9c8db93f15c48217004ae0e282062fde1b83961309d5453ece669c99a4173f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 0b8c3855385bd93dd009b7f6cff74cac
SHA1 3f28e016893605cfc452fa4e799db7d1935bf556
SHA256 2f2781ca0dbfda982c78414fc30f1c224d6f5358def8b765eaab6ef3998b93b1
SHA512 d490c6965a57bc5dba5d4588026488c709c7f9a377c5f6cf4ae70ea1d01fba12bfb82ab9d314760a33ca3072e82e0c0b612e8d08825fe720ba099c3f96b628ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 e05dc1f7110879dc69e3c982a7d3b5c7
SHA1 8224939c7f27f4332b58ea07849a7413411c71fd
SHA256 3a6189108ef6889099495535fdd4080b1dd33c6d63ecf5b67ef3b91227c8dcc3
SHA512 02a6d6db889cd587f1a20314bb122e49cebda660999f1c05e710edc1cddfdedf9771fa5dceb77f03b37547cbeb10d1513b3a54a3e751d376361337a8dbb57481

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 ca20cf79cea7f4f7413743f64622517d
SHA1 f38397d1968b13f4444d0d93b510f30b3a45368e
SHA256 b46672130c7c7694552d80ef60ff0c1009782c657db51b575e74980b6731939e
SHA512 81cd260331f339f1bf1553463f5ed4e1be805b983ddd1aa61efd04b399e93876a26cd6aa8f6a6b0ac7752e6f2c6b1662792e7f1b117dd884d2e36dc9de539c7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 0801b86fb94c28a85587306e0b8358f4
SHA1 4795a5a47b2e2de4710437afc0c89968b0870256
SHA256 7e2afb765df1e5156801167982235ad890f3f30d974e64f1ff4513576be7e00a
SHA512 892f3d46c46ef57129e123d69de20eab51644c1b454701a0bb7439a3d820119c02c3ab2f5cb41c1eac42c447cb2e08880f4dcf86a95ff30cbc4a4a2e318b18df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 b9f1ad5d89eed003b77b22c28ec48734
SHA1 58b04a78ef364425dc2586e545ff60171193de8e
SHA256 af230c7ec6625067ffd88f83919c841b9fa81c28d41cc5296c307f20e8240108
SHA512 bcc48e3eefe61299be3d1197afac0c0c2753fc9d52a454a00305899e88a96a1026557c0b8e5b9165d8997dde73ce6d8231234226e4de796e742a553056ec515f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 7cd043d207322f77c2607c8a7dd54b00
SHA1 81d6275f3b6a3a213703e739cf655bd91d225b9d
SHA256 56d214b0c34ab185b8d2e013fa51d0e5feb1e04b38d0c83b11ab06072dfedbd2
SHA512 8201a62a5881ad89f357516f0660437f97e1de0851c353754c85fae625231738003e0b0c21b3f056c51237add3258b0c9c58ffc9b44606f128b1cb299c1994ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 366bc0d1cea0e1357cde545eb9265928
SHA1 7dbe7f1a3960777aa5d4876cda32ceb3facf59e5
SHA256 b13a7115d1f786d98daca9e16250b20d12333f5031ce0c8ffc832dde3f441048
SHA512 baf31e085daefe9d35ddeedee4825ac5956d8c11fc73703aea0177bd8e7c56922de5166da0d49a1dae6ce4bb79bd3a6a60ee77ed38cf07bef2bc67ef0b038729

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 fac08a38598f8b5b48d4419c33b0ebea
SHA1 27e1f0ce9e892a64c1f726ed8b94128d40d51a2f
SHA256 72e687055c1e688daab3db828ffd7a63d9b858eacf96f5437a42fdf797b55db6
SHA512 091114d7095c3c70a0082305d2626394713f58e6dac9517848ff8e0e2bae5e350e71c02eb5fab91c84b8b61c7ef1f25b687c5f4529906e358fe3008a52a722f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 fe474c9b178cd70c70d02cd3cad8b82b
SHA1 4c061251a42d91bd2aa42de08f469c60ea1bc18f
SHA256 9ac2cc357a7afdde3d6177312c582cb602455fdb116d44dad56f891d2fa10559
SHA512 cf61abdd3340382b5ead1be8be3daff838eb9ba414efb211bd059124c30f2f278805fbaefa30ed8128ce7be9937605a7b46e3e8daadd54480fb228a3b14e07b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 eb32d0d11b0de39dd27bc75377620a1a
SHA1 9d0ab58a900b75aef72305acb35837151f50a838
SHA256 3b2d9a0c50a824c5f66fad6394f7b1ccc2dcb007f11c7e67555c565193d0f7cb
SHA512 4a91481e3e9512b88e6ca6d45d28a78b8dc91610ea734a0021e12e6af655a2db8eef0003dba2d7368bf8e9971907c1f149fbdb2815c7bd8a1b106e5931059f45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 e8ce61d7067668bccfbd8a9edaa45d95
SHA1 2984215ab907213cdbae2772d7b905b831963b8c
SHA256 b14af31c0126fd6227d593e3b2738fbdfa48af7c9cb18404ba9705653aa9eda4
SHA512 d62c58ac19f0ca9588a7bfd43fe72e235d71186597f87d6167e97f6fafcd32130818b5fbae11e24ae84b49f31ed0946965f57a604a0e15ba8b47692e80aed8ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 74e68b3c0e2004ac330abecbfacf4c65
SHA1 c86dfee8b045866bcb8010b6ff8734c863562ec1
SHA256 d0dd641559bb2886ec871168cf92ea4e67b526e8f6ac3bf390ec66588cfbb2dd
SHA512 9e019f8b7e81f598322bf451655efe134cba3e7b6df095b6e43033abf9e1e2e98ebf2f1919a68dc17a2b67afd6c57124c1e2d0b7d9fbc6ed40c5eaa8dbf1bf3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 935930cb0abd4ff18609e61e83efde14
SHA1 30432af160723e53c9a6c35de0fd48c399197146
SHA256 796f4a1b6d597e4b1960758dc7eb98deb73e094947fff060d3ad580bdcfe8a82
SHA512 904c8c17808684b6cf3c0f85b61489e86f0200bf9ecbbc2049b80989d8554f5fd32af07d42681a6c80bea211e67b84caa1f5b4cdb7a29c86a260ff0dadcbab99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 2a0107fc802892326b1b8f76f2c37044
SHA1 cf8c8e9cb982100968f070524331f6412aae34e9
SHA256 75eb60b9ef921d66ba4b0f36c9c4007fb7217781b81e9dda2c4ebd46ae6cb399
SHA512 c2d9a9e451313c651a453ebf0a0095d4ee21ad5429186e4aaae6b3361c7d1ffef0ac84daf5faf8cf03fe27372aa8d3ae7fc8a3c7d7210361989fa4a23d2c241c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 77ca023d5e01413eb0ff15bffd08b828
SHA1 3099980a64387180482d0d9dfede74f3b269c86b
SHA256 1718d701a7c8f43211d0ef16aca7a91803a5e82dd0413b78ac429a9c7270107a
SHA512 dc067a840fab9c27d030a4acbf793a78b3d216d5e5b97c01adee7dd12651a32751c9ff45ff55efa18e5a6e73030c21776fe754d4b924dbe843638fccb9c378be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 59d1abeb7e396225db6b0ceccca20ff0
SHA1 2b8b3d6c2bfeb9d9845e6efda7542ae08edc4fc0
SHA256 f3b3f71cdbf0284583d39f974e7787490ec33ae2594a6b3b8331fde391319e88
SHA512 7606f9ea4a5fab5539cd089666aa500f5860039e75df7ccc4961f5ca5ebb43c921541d06000eebf11700c0a780c68d9b03e7e63618f79ae20d553b4dc22b39f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 b177f8a311ec8e2da311ea160835bfc8
SHA1 5d29513cb015c9e938796c571d7714cf78156a28
SHA256 844a4cbf6a6c6cadac578963616d8f263070bdf7a5e158705002583ab56e31c2
SHA512 5af5da71ced1b58e6168450ba433ddc89819ebe56c8d5f237b6475fd4c81a5c17e4986f2fabb5f4c1a5d94a54040676fe827b8ea243a61351bafcfa64025bd68

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 82d4ece07647c3fdf25d5d6f99385ca6
SHA1 db8ca9245e3d7d7281bbe21f248566ca72edeeca
SHA256 214467d5fa50d63be890986df633bef636111239891dc863d210de60340f2e5f
SHA512 e6dbc0139b2772abc8a7e6affea55d457ce0d26335e5839ee66fc5f71a0ee700bf7d4bbca309e9144be6a93e772153e08975f4614d988e613c8f59f4c61540c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8061002ebfa98b93241dec85c19892a4
SHA1 b4839f045b0f9792dfe6d29b4d2d3827b024f2c9
SHA256 0b6103016804a37bda61ac2576d04cb31a6ebd1fcfcdef92b083b9136ff7d719
SHA512 d181b60910b4756838eabe868cd73cde3a92515a9cc2f6fcd336ad68f9db4461160894ed1f94f2b9ba0e087395366a9d6028baf0637bcd90c0241c6e181b68d0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 06b213732503cf09f464b3d93252565f
SHA1 f68701ea84b0cb35ec930924020de8064f2c4fde
SHA256 048a249213927ad13b0ce49099311b68cdf3216c24e2ddc0595df72697317914
SHA512 fd985ff2d094029e255012507b91ed737985521ef078c4bb5e6b2193a053cbba7783c74ff44db0a1f86f180894a4917e37952d2efa24112c70e5a3f4471c7192

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 032c4ee69321c35913cf6f2c80fc20e0
SHA1 68c567e190663a8ec8546a2d899539dcbd44d30b
SHA256 0afe39722d2ba94a90d65ee67607c07f623f9714b08ba6db11ccc36d1c152def
SHA512 75e685c217df59289998b54e5db8ab03fc26cf6f4904c8e5969e4abf46f30c64816500376e26536bd2f81d54653513fff0a8ac267464874e3ccab3f970a5c312

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e991ec0ae02a9e13a38d397ccecb4003
SHA1 c0bcf9968bd209c767c5690e83e63bca658c1b7f
SHA256 c57827752789559827539a951d0b90108c4b7be1fa7d8e37c084c611c38ac5a3
SHA512 a93e912ba4ce5476fbb7cad2da3485a7bbccdd9bf1654186ebe2b9705499d40e10434ee86bd244ebf99a796bb6f7a0e0fe6471f21896666b1843e7e929345de0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 929aae4e9502908a9baba0cee77b446c
SHA1 49738ac06a11a90d03fea489f32eaecf1de99fee
SHA256 426a4471d19960e4e2d75ab495093a34fefb64484f3598a7109b1e1439079a97
SHA512 5c589a329292b527d73913d8da6ccdb9fe17cba72a7811de051b55283a309fc1fe217f3e73c49ce125c6ca0df9761447926325a9a2f1e9fb8402d5222866e27b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 e3b779eabe6ef8ba2d3e663b622da698
SHA1 3b76d9c4de72cae0047f91f5d7b3517944180e0d
SHA256 6cf155655ac8330fb55fc9c1f60f097e39805df720edb4b34853fff140991b0d
SHA512 4259015e7893a92d71c2feedbbfc5a111cd93a05f7171ec35b8f9ba96c9e1129fc1b6ecc1b34bb5cc951e1a52ab2c539f5e7da5e758a764cdf8c91505f12cc33

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 46ee30b647eb5a70ac55dfea93bc2d39
SHA1 68387846ec7fa66f891f5451cd023bec2145fd29
SHA256 7fe576714d6c24bb3ae0ac0a25a6284517baa5f13e5d84e36f28716611e3add2
SHA512 0169f5fba5bdf081c803e01f9d1a2d64a18bdc48a26f129eba05d7de565bf364a2e8acd123f16fd2a4b47819c5bf048a7708cbd7d7823ca6372fe269feb5b5a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a317e1a356b508f2b1ad5c9b60a0a900
SHA1 babca3a9bbdddab9789d070d016e0400b4cafda5
SHA256 5c56022b20ad4eefd3d2705d01cd4c9b4d79d85a25e3c17c0b69d5719a10a893
SHA512 5700abf38904d291866287c0ba80bb22f1dafbb4ab3c229c9e08b7d3f2a6d442a770d5b3119ed782fee673c663152b76de245eb46fd6972fc415ca10f638d047

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4307a2d58750b4429e96a57bacd8f268
SHA1 31c7467a806ebcc273ecd3c1e5fb52694812a09a
SHA256 dc9f80deccb9b4d8e3285b42dbbbd791c98d7a17a801c6ebf6f2e8e20ed197ff
SHA512 556e96063257394697d5c3b4a42c9a569567a8a80dc77018b2152ecf862865708352091ab1dba46b42f8245a31dbf7c6e66a885d120a0893bd0b31f3fa9706f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 a1c3c8cb124a41ba2239a38aa8355800
SHA1 23f908a4e9656de2e046296f11c8cce639385549
SHA256 bc24172c6fc4299cb3c0cba51d7a5b7eb958035162b98aa87011483711706c0d
SHA512 40afd69353c95f580ca3d4416bb907a5275021c7a260df35148f61a2c00a49960b7f488391bb9dd6f9500e8f8e6dc484be7b37e7f000d7cd2257d871bd21cd05

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9c26c820ac84cbe1d80329de3e47b4db
SHA1 400d998f929aefc7d2aaa78debdddd9b181ca14b
SHA256 b26a7aef9574712a5ebe76d3c7e0dabe25a0b6e3b8fc049858a2ad4ec127b280
SHA512 6280155e9025489b5a6cdda8643e2e0140c77dd3a1f9f1e39ccadbdfcf3a0453f7898d4310ba861a49bc61089d4af13f6ed62b96adf3c3092b238252e81ae744

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0e23894f14731a2bb52be66630d1229e
SHA1 b35185907b74f35bb53ba142f61d1ebb5ad35065
SHA256 b00760d1aeea0b81c8ec55d08a4389b6c043310ca577bd5bf9bf74b4a6f911de
SHA512 bb2ba9c8f8b00d46d72784fdb41bae53921eb13162de5730d24dd39a2de6b3f9c61ee613ca81d6cf4ac7fd8790b26b4f51062c66a8bd32c9a6e31ded2204cb39

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 260894c2b9e3cb88e15274eebde32479
SHA1 f61eff12adcf75fa95ca5289b5f76abb8e954f0e
SHA256 91a8a6d4b7e3fd56a168a18d5ab9c882c684afcf590a8973c87ed6cf0a3b5e2a
SHA512 7baed9bdbeb3dd564347293c8776cea3b85e479d94738e517108f44a6ecabf85ff8ea41076d7a53b3508ab9b380dc581856002bc097c585e99a68a24baff09e2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 54a0e48fbbe84a2cc7c58210e208402c
SHA1 aa86784d6e0fe09d0cee1e8125e1da420ac4721e
SHA256 b4ec9276c71b7c5945073a6076be4930a55e77ccdd8a0e1e9792b4a0cab660c4
SHA512 ff0a6fb506a898f267da58cc91fc0f37b11252161fe90f11e48d925799aa19a72f6559cca923db6b7544e0ff48da77fc4c22cdc465751ee4a150e493ce02b23c

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 23:31

Reported

2024-10-09 06:26

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe"

Signatures

Renames multiple (2177) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_7cfab61cbab23e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vstxraid.inf_amd64_300cb04282659e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\46.jpg C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-high.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\StartScreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-150.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_CatEye.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\10.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\businessbarclose_16x16x32.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\182.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Tolerance.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_contrast-white.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-20_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..eelevated.resources_31bf3856ad364e35_10.0.19041.1_en-us_47b2ef00764d8c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..gureexpandedstorage_31bf3856ad364e35_10.0.19041.746_none_7a6de5f5d8410d5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_10.0.19041.1_none_8c345a944c987d6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_10.0.19041.1_none_56eef219e79cc448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..-configuration-data_31bf3856ad364e35_10.0.19041.1_none_c2b22947f3ad87c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\EventViewer\e7dd774251db1abf49179f2d4e109684\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netr7364.inf_31bf3856ad364e35_10.0.19041.1_none_3a1a08d4c9ee2584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_10.0.19041.1_es-es_c0514a19d8674e86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmetech.inf_31bf3856ad364e35_10.0.19041.1_none_7078ab56027910a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_1131bb871e4fd455\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_th-th_429bcf7adf7ba023\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..d-library.resources_31bf3856ad364e35_10.0.19041.1_es-es_9cc0962a57a1967e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_7aeb3150f66984d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\7.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.1_none_9fbebf8222c20a6d\ResetDriveSquare44x44Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..xecserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc7def7e14ad13f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4a450e5e1824d217\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_halextpl080.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_520ba48589e57f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ompat-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_c87bff8ffb336d7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mdmappprov-dll_31bf3856ad364e35_10.0.19041.1_none_0b3247004afee6ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-l..layserver.resources_31bf3856ad364e35_10.0.19041.1_es-es_14701a2d22bfe971\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_en-us_6a05254c1216c07c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.19041.746_none_77bd4cfbe87238a7\Snipping Tool.lnk C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-virtualcameramanager_31bf3856ad364e35_10.0.19041.1_none_acaa5950a20d0f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-events.resources_31bf3856ad364e35_10.0.19041.1_en-us_98e51453743b2af6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-launcher.resources_31bf3856ad364e35_10.0.19041.789_en-us_f5c64a436213efa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..mework-uimanagerdll_31bf3856ad364e35_10.0.19041.746_none_8f0f28c0c1cc1db3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_fdwnet_31bf3856ad364e35_10.0.19041.746_none_1921f7f1d2e0ffa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_es-es_0ab3fc25950f613e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-credwiz_31bf3856ad364e35_10.0.19041.1_none_55cbbe2f0b32a503\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bitsdiagnostic_31bf3856ad364e35_10.0.19041.1_none_023d0df5c3f06a00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rformance.resources_31bf3856ad364e35_10.0.19041.1_en-us_50fc38b2da301716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_ba2b07b5ed02761a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_10.0.19041.1_none_47429c6f4f6ba844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..tprovision-joinutil_31bf3856ad364e35_10.0.19041.1151_none_e9f3583235551cae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_df49bdfd73ff1fe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..c-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fca62a6997cfe312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsmanager.resources_31bf3856ad364e35_10.0.19041.1_es-es_b4bf1b713d506059\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square150x150logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_it-it_b84488df74bb7a40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-docking.virtualinput_31bf3856ad364e35_10.0.19041.746_none_2c0c715916f96491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_10.0.19041.207_none_69a6135860c08a45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..anager-unenrollhook_31bf3856ad364e35_10.0.19041.423_none_ac87408bccfd2ef2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_c072fc43c852c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_10.0.19041.1_none_1c0bfc40a47d8d2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\pdferrorunknownerror.html C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_umpass.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ae54359bda2091d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_es-es_3029ed8f79d12e1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-accountscontrolexp_31bf3856ad364e35_10.0.19041.746_none_d7852e961461a368\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-certutil_31bf3856ad364e35_10.0.19041.746_none_937e52b9922bd791\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_10.0.19041.1_none_4bf3621a8ebe2ee3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\wide310x150logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.xml.linq.resources_b77a5c561934e089_4.0.15805.0_es-es_75baa724eec1790d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..haringsvc-ntservice_31bf3856ad364e35_10.0.19041.84_none_c43e71af69351575\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_nb-no_e4c225e2c387ab8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\functionIcon.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_10.0.19041.1_es-es_833d1f0989b9be39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\ScreenClipping\ScreenClipping\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-ux.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a56e8fe881c9012e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LVFSQWMQKONJWPJ" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vf2armlQ0yGe8NP.exe,0" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LVFSQWMQKONJWPJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vf2armlQ0yGe8NP.exe" C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\271300dba0e4bd10d482807a9b1de572_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 909e8ba569e1e67dc9d66359f1aedd54
SHA1 8e023a452996be5c64f99e6cc99fc830839a79c8
SHA256 b0b918a9b5cae8758c441e9accfd89ed9ebaedc967e300e7361760efe5e9e7f6
SHA512 e25ab14d078fb910f59660e96b10e8f57ff3a4f35e878c7d26cfdc6d76e729f60cc80886f8bacb5a2d00b211b66de7597bbaba8f858d0d84d89dbf9dfe5ff48e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 f84682ab4966c7e36500401b44770af3
SHA1 24dd421dc34b5e003825924c6c8a885de7614053
SHA256 75eea3835bbcb52806e501f48ebf82c311c2fb3e249abc4b0003c286f309a527
SHA512 5b1be6dfe6b5e6f7f807dfa1b0ecc98914b642e5f6b13ea59b905cd151da3115a724bc2129b86839e53676a93e24fa39de8da7bff28a57ad24b9400889d1ae4e

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 ea26ff91b2d89b15028b7d5b2cde83c7
SHA1 a0daaeed06068863de356603eb24eea7b8277204
SHA256 7cfa30078e7ccca9c2351d5ff3b7312cc6b2d696ebdfd6dd53da82570f2c1167
SHA512 ae68faed16a24ed9daa89607bdd85bd28249bc291ce0312595deae639d7448ab37fa549f282c5bc9aa06088b0d2cca2a0d2378437401b96a3edf000bf0aaf607

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 d50a2c622ebe4c717f42d894ce33ee25
SHA1 f564f78915a7a8183f1e2021b6d43b74631a5fcf
SHA256 6e537e41b2c541de487229c16d9958ec8aef494423f198586532b970330eaaf9
SHA512 a898dd4803c12d1d4627b4a035705da7632aaf398e6768a4e338eee069acdda4be28b8170dd9aef9e510ab00687003e93736ce67c4f3b20e42d205f451bfba43

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 380253d174cede6cd93f85dbc40dfdc6
SHA1 29025491e40b692b106af87640550f403ebb4abc
SHA256 ee83d4b997a89e3dfe8c43625e849d1b4029ded97635a5b076525dc7255a7717
SHA512 9100699ff8494b88dd81cd91b7ccbd26fb5202827eeda1b05e57986945e264f0df95c41d23a555d3dd7f7848ad424c01c43c2ffd7843e3e88f73a82af96957cf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 42a7b4af0cd987560bc2a1b74231bdaa
SHA1 aa50fb015777b93829500ce4569b66e044a46f25
SHA256 5461bd6ba303901761a1059861d82d0916753b8e750d3b2945be9939556ac127
SHA512 74c9b19c03d6ce3c0c3f1adab70a003a241a32be7ddeddd1641a8d3e536f057d5a57bed5297d8a60b9255caf952df0cda433e3f7e723f0d869797c154554d5e4

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 7cb9007fc027872e50aa2b5d8e7fbfa5
SHA1 b40c5a347fdb08ba4b12cf37d1e08d464c704bad
SHA256 4fb6da64910353d2ab38933186ec407c344d2a6e3c44ea74c437a9f8efa9758a
SHA512 8aca068eeb3f54c62053de2d80fd6bb396676377ad12edb3d13278acc1d0c0c012a6750c7becac9df395826d331bdcf8950c243c16f647f75cd82cdbf54e2be5

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c85e3eb56ad09f583b2afb40730127b9
SHA1 68b9218842d8ef0e0188bc82fdca51e3695e59a4
SHA256 ffe92b44810e2252ba7415de1cb13386a25a2998dbf1f0fea76bf70607bd3c8e
SHA512 7c9cb89ef933e79b584b6e9293cfd3249a53729fa98f30c9902ae596b55ea6f26a04726d9da524fe74575695f8bf5953e0e55697831af856f6ccc34014bc3031

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 fa1bbfb6a57539ced6d88b7bf7cfe16d
SHA1 9d47f58ad4c400a4f8f40a31fd2b21086700c0b9
SHA256 f00022142ad7a21f838f5825fa6dd6baa8d033cffc9eea5f03f3ca1fc0b38b97
SHA512 30816bc5875492f1a4c6f23f6c37da9d1b67c219b768330776abd064f03eda0059a332d1947a5657690291cf4867c828b8a5f7d50a10c01c2554089ef4f026bf

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 a5dc4abc2c9e94ec037b2b9464a04a8c
SHA1 e8d409a496fe64d9220e9e70501a6a0db025ba7b
SHA256 f64fed1e734dece275bc6324fb1f7cfab01fa9a50b89598a66092815b672984d
SHA512 8e922aa65ac4479bdcc435bdf0b4e0f9e02c4a3a3270da6df461b0fae849f3a4c553e6aca387ffcd7215808a25a93abd597e02a6001a4a2d6e9ef36d5ae89bda

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 3fcd879adf17f66fce2357706225cd9a
SHA1 f53669bd670b348fb527507d9823885f392e3895
SHA256 c4e47ddfdceb99eaebd836c5507b022b71ca28439abda84ce2168b173ad1914a
SHA512 5b390ffca395fea89c2728a8fbd7e484a0fd15765870ecf1a2ee3cc204c43a8470df8ad11c3824c406f66a3febfa6d5989d2798f74f22c0647aae4e86eaaff60

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 2ddb6da0de5c4d96662aaec6f7010612
SHA1 115051e2bd99ef34d993986df3e92e7027021277
SHA256 9b2b4af304fbb4ae06ed29117327dba2ef12c58656b98300784a4c2689392b51
SHA512 9ce4c97dfbb52870c7cf6d2b01e5cba26f2a0c7b41fcb9f311a5e55152e06999e5c26f0c1f03e4bc0fd239f25e5fb6d262c3f9510064cd78fd9edd5550dcf0a6

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 9da5e51bca4edf9f4636755fac07d04f
SHA1 8052a8871729b18351b9859ff51b0acee133f44e
SHA256 74aae4d671b1370800dc2ec75f0f965579cad13ea44eb13efdb13c14e0f16f87
SHA512 850b574554f27500775f5a9847afb6556db0cb58f8a48724c52da3b8a2f25cf83890003b82e17411c1af51a9d7d80e3dd3694a823a230c66d82262bee4987fc6

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 72da4e07be117c2dc10166e7ade72b29
SHA1 a295bfc01d92debc9586b2a9cd080eeda73a491a
SHA256 6488721adab66d081b93d86d23ec53121b77716edc21a1231ab2adfab4d898ca
SHA512 37ee65fdf031b2554fff3afd3f680dc2ac977b208cf68e6359f53096b837b550b838238b446a16ac994ab7e1f859380b49e9a05dd65648a7ef89cb46cf4747c6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 91cc11eb5ca035492a9e0d42196d6db2
SHA1 00038e8ff91686b57b8d26c431f6f3b4ef58cea9
SHA256 55875d194c13cf117554ce0583bca42e49c20dc6a33cac92da59e8e858d7b1d4
SHA512 0ba46d50dca6ab15a0091cc6a47ff9dc2f08f198029aada6fea060acd4cb329837964c247eeab74b17e0dbd043225f6712d93113982fbe325719595503120ba5

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 165382763b4043d39c6a26f8d346299b
SHA1 b0eecedf18d0785b611ac37602111836215dc78e
SHA256 0d8d0484395ae9d23351c92f2ea814b26f480654092dbd0218fe717870086fb5
SHA512 7cf19f1697eb3cb603876690f189a293e69e3c25476f4b4ab7e1ad7387bd5b674b564359ca8998252ec841d8f2b38322fb2bf7857cc54ad19a8c34fb311b5b8f

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 212c6158835694d606357e417f77e695
SHA1 e961c6f600db53ca52c1b0e07486881d5cfed441
SHA256 a3c3820e89a0cbad9a2658fa9ecff790d145af3571ec31f89e5a3b219463bfcf
SHA512 eb23af11c557c299a97386807ec969a72e601e60ced6f56ebcf0b3c0c76c8203a8290d701e22295f3dc03788569d32ef5f0b8e45693ef888b84d2361e80ea4a7

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 fbb8138be7cf07a18094a6fd80177e98
SHA1 97334945608a36e7b1b9a4c6c0ce9afe64dbfebe
SHA256 41ebc98c0faccf4a010679d96d7d82a12b68cc47a272373388a657ffdff50011
SHA512 1a2bd18ae26e9d37acba030cb3c3024fb43868b457ba85095cc74ce096c072d85a5c4a06039cd65b7ab234d3b421dbd9c3683780fe4d1658ceb9d12c0ffc4c00

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 0a4635e138ea24fc0b12787252681f2d
SHA1 f63079ac7d052c941a0afe8ec522b020573ff9cc
SHA256 2fbd4c38ba9ce056df8d4f405bd9a40d8bdb0403812ea4b726f4b2357d862d48
SHA512 5f25214b78770b74a26c77dbc9c1e57262488798c3763660e822d83673c46bb7844c85239d928164930f2701daac197eee63bcfa6532bb0fc0466ff9b6de9c68

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 54d3fe2e4867b1e8602f2591158e0d3e
SHA1 0eab11ca6f0b7970c88772e28255c080e4076506
SHA256 99ceff8bc16aae01ae15393e2a28b2340c4c5466e14321dbf526ace6556b9959
SHA512 6ce48552309a62b9aab1856dc2fcbc68fad5ed6c538639c41e88439c7949efb0e52a5ec3886e5efabed7b6c7859914e43dc245f9f21545768ba21e176f55c954

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f06e25c2775528ee235a6b25dd358093
SHA1 1cbddcf9cdfbb68bc59cca6359f2de273321a390
SHA256 3715f8d3395cee723dd2114ef564d4c834401eea2f790c8270763968d68208fc
SHA512 02b45b0772adf8000e2d5505786e08aad9fcef9bb6c263ce6aaa8249a9ba3e19012e2766b7b56f0dfadbb2e5a5efd9624eb2971ca58ffbafb86ffc8310d28691

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 8b818ef421affda40df02bd57e9f8ba2
SHA1 97a140fbc264aeabce0952562d3548a870da5f5f
SHA256 e794a2289faf65cf03125ba0e0a55550c2316ee107ad419bde541eeb807d30c2
SHA512 f5c7776218585f3c7a9537b1ded8ddeb786db4b70da5fec24852c91b22ccbed5653c0a698e7f36b6042459c1af121207110bafbe4947251b3233587fd81a1084

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 061be7b64ed829ef5232a1db5e757eee
SHA1 cc2a86ba08b50478aa427ae78b357974e90bd10b
SHA256 9961bca9358722d0881637af6ffd895b626a8271191698ab1787d9b1851519f6
SHA512 b2e7c874854a628f99f7eed2573da110f5f06ee14da09913466f8cb5e9588c70602d111937b6216f1e9215c87b64d235016d74ff4326b87e6884e7d205e7eb64

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 402b944ea3d1286a778d3b498f90adc8
SHA1 e7d73e72ce049b84a52215aca43717643c10a73a
SHA256 bacfab47b102b0817ce8bc98345f6d6f8ffe3b2f9435fc6ea707a0383ad7abc8
SHA512 db29dc63714c68d1244016ddec4431f171fc72c49f7ef29e6323a4bd97b000b7c1366961f4535b5057be028af284d2fbc2ca139f65f1b35b25f93f3e9786bcf8

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.EnCiPhErEd

MD5 4c2215f30978bb08aca39f3a192509fa
SHA1 99b93f552936ecef302deec079c7beaac2c69948
SHA256 5c77c64d08653dafa2560d22530a493fb54dea79d9711790eebf9eacc878245a
SHA512 5be98e984e2985604d7140bdb542aa5ba4007f162dea2d66725f15e2b49f51116cc980f1dfd18218e0b8f35402900272dbf2ed9dffa2fd0134ce8e2dd51a5ccc

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 d526ee854bd5dde0d632bcd847a235db
SHA1 a1663bb494e741112d2dc0598797253a67a204f2
SHA256 e9e23a8e6e3a0ae5799bfc2b1461808176e6f755ae0d8e34183556d83a33ede4
SHA512 aa6285700a7e4ff04bf8200576c2d42c3968837585a6770f74f313bfce690fa5c185de2ecf15c249e879e7b6ade46944997dcabc3e12cdfe4da755f88f761a7a

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 1c6b159cdbe37ee16b160099ad62b13b
SHA1 3ab3b9237ddc1ec9816d49abbcc5677c0cf8c560
SHA256 8bbf4abf1e20e0d6f48600c82cae9fd6e8effc68d363e056eb0b2e609d3df275
SHA512 94a92d220fd52173793d037a4fdda2c80465ee70613c4592b0da73f5a1768d24840dcb7bb68908e70c5a74fa7ddb550defaaf3aa67103eea695832ea17b8e661

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 f896f68edcaa75de08e11cd9b5447b1d
SHA1 d6c030740c71353e6d5c067be2dbf45e943bf1a1
SHA256 b5c02f104212707394b1ba8cbec6ac8ba53c81ae550741deb7caf3d67867d9c8
SHA512 7860915c0795afee7a6f2996fbcb5cd33fbed302178fcfc9da7dfacabede2feebb2e525a145089fb857510e7eaaeec9723fd93cea32e9d95f41a829d8c2a8d92

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 eeba17c2075aa1f5d0869c457fa34c95
SHA1 2130a1a1d79f501229f622a5ef286789559e9f88
SHA256 3f9c2bbe1753211521580c9c4e22cc992cdc89ee0ff011b3358d4fdd238d415f
SHA512 a2351a053a8d98681aeece73c8ef4c6579b3acae851a6fef99736ab47d43d6d14ba7115406923fe31295b3e0ba72976fd69a8b72bcc998bbbea21046ca800cc3

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0854d9655caba5a11811a056b95d0243
SHA1 f69bbeb809b919d24882fdf43a7a5074113136e6
SHA256 5ab317180a4fa9d4151b8759656ec0bb10f1d210e26acfc4bbc72b994fccb268
SHA512 b94755147f65a1c8a311f2e8244cde340863a5d38872b2c3ae69e736d7c42a255bf6361ef0cfb24abd5d49c29938a72481cb48e2c714708c9f428add605efaca

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e4187ca31440d02692fed4c74ff970b0
SHA1 50d7836c94b4d921a18c3be0d9ed4986917b5165
SHA256 b4b81ce8625526e65861da7a557ed02fcd2b297c24a740e89a10dc32dc59fc73
SHA512 0bc8615810dfddef52452d1614b540fe6cf21d5b263f61cafee11e058a27842272954ca879114625bcf686e6abb7ad0c936fa75fb0438f6e8a9f2d5867e52702

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 510994d0c2656832d84946768bdee8ab
SHA1 fe93b91d77beab6d881ea37a0dabec0f42aa0679
SHA256 6ce573b6e8fbaf1c65c888ddd111bd1e34bbc210d92c3d94c741e72389063671
SHA512 e76325b3e56d0523cfd86c6899e5f8ab3c4ec49430c74dad214f207ecb4c8a9d2ad747e2d6fee3b1fe764ba2d22c84b46d29c91d81db257988eabf9defdbdce1

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 83a8996a2e6177c7c76f6241649c4b93
SHA1 eebd42d2c913c97cc2a0157b857aaf2eaecad96c
SHA256 438f3c27c18d8eab2a9763f7e728cc198d885a61aa49d3d0187f1239c8e159eb
SHA512 072e58a9ad391ebaff4300e9a31fee10e8c9d6610cd8da0fea5ea3648148604535857d661b7938de3019dce8505eeb43cc2edc9e42dacad1f8f95532090be082

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 00f3c02acf4dde18562133dc25643433
SHA1 c0ac60b837fc15af5237c08a428d889f213153c2
SHA256 53336df593ede7197e2af35cd923cf53223189703a40a0501ae7ffa9f36f5c26
SHA512 ceb53246cca809a5fbde7d6f9021f28cbdae8d82094b173daf9c6c1e50b9d3e02d85bd58360a4d3329c354217224ca5c33d00fdea86f76c078cdb18afc754aee

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 8de0064041bf6df7ce7776131790e85d
SHA1 969d540eec8c25332e5c1b2483ab77be3cd98c8b
SHA256 40df242266d32096a098ef681a4db34361a4d21ee78205b6f4e5b45ca5fe8921
SHA512 9a35582768822c7d73c7bfb54de32e1b0448ac83d1a54cde5b448abcc3e27e21936308c34d217f60cf59f8a622274bdfc9308e1bef24292944d18e171cdc7638

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 18c8e686971dfdef263c16fb7d7c8bbd
SHA1 3c5ac5fef569565dd78d00b8f845015c31de20c7
SHA256 074b0f66aaae4434f4626305bb32324da10da55b2ad6a7fd3373a0a548af62bc
SHA512 2ce9b7da6c8388a3048495ba49917559a8debf821049fc955eb1e270f9c1cd336cd80725d6e2f7a7e8d735d499f940404309278ef7c996b391e975c9ca500624

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 521cc77f8ebd880d5813dd77dbf0bbb9
SHA1 afbca97e60b4878a136f08dca7802cc2046c2cf3
SHA256 852f9fb85b8e0f23e4857020a9fa1cdf70c347477c5f4e357bcdc729da5b5b6e
SHA512 0ba2f8a87b06ca383c893b32d5c604f6d13ad288ef2cf49314596adb64b913abddd7d1c2a3533b5cc16ad9b37025605c990118785a031cf5337a3b25a03a9aba

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 574cae8dc52b9c64ba94a7566c34658f
SHA1 93621196198ce9c3fa245116e8fb0f620d7e22ee
SHA256 67732d1b3cac694b5bb6561b465522906cd60c2be6ed317cc3436480d5e5a217
SHA512 7dcabeb98e9d087540937e887c842b504363ad97acf1d08fa706dad4649da69105490de0610dc6d205c9873c3b41426ee740f2351453903b8bd484f1e88f6b23

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 2b9dceba8ac2bd7cd8013ca068d8347a
SHA1 1132cc0a9df4b8cbe60628ed5e27f02a9490a0e7
SHA256 183cff016861c556208e4c3a20f75922386a36b412932b573123d0119d87ed1f
SHA512 51c177fa5c3dc9b353655603507e033ef3154a8544914462bb8f269fceb448283e6ddd6e9b9ab509350a888fced66ec4bbc49a17bdb1fa2b5b139e7a3a437a78

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 f0620d99f178c5171635f259aa33f8da
SHA1 c0c73977091651537914315c4bfa4d04f51b18d4
SHA256 92aa29a5a8b8157764e3e06911ffbd3b7b7f9a37a89b420bc60b7df780d7c376
SHA512 af77a55d7f8d53e1bc1672939571105c7abcd0c58ad1f5b6725797121a7dff4d88767ebe75592f99297c6746c0ad64e4ab1826cc411d8f58b9fae82024213792

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 ea39aca6d13f0b7fa5951582ca5cde5d
SHA1 38ac10a3f00b6a3e636c21ebac5f99777f2399bd
SHA256 4156f5b507c203adc5b8ade7132217c13ed442d023285b55ed6647b0e6333e79
SHA512 72e114fbe5235c4c2b8578990874f02431df29bc0110e35d76a6661c7ac2855738aa3d3e90d78afe1324fef36a8c8abc6d4e897e483256a0c27324f179a412a8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5d14ea45a2a5fb1e0c2ba5bb48fc93b8
SHA1 0bf606b534839d250a4f37d33feac56da5bbbf80
SHA256 e8b0a98c51a426588f075f6bc38387679e456f33cdb69873c00013eda38f59e8
SHA512 c68630511903de8794d6fb2438d2c0eaa1133c8df37262e2ef51bbb174548c4d46f4c0b7d50b488336881eccdd57409a8021153d020b1bd7d3e06aae772aaa53

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 935d2b3cf5d9ea9f91fcafbe78f631e6
SHA1 b7baa5e2e7db4acdc67321c4c54b43cf28bbd0e4
SHA256 b6c304dca4428239bfe403fc8d0bd6dbaa62690f969898c7bc9a7b68bf63e7e4
SHA512 f33b1e8d1b3b24cf087466160814082da3cca9122a34533d277cb29a541ab28bd1380dc200dbb06ed34430244eb9ec58af29b93d3f2177f2835bbc11c1ce207f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 92df00d3e851631d6f58a7e24f97632c
SHA1 93041026d6908d3e9e0dd91a5dfb233b58f79bda
SHA256 738a170b603781f24ca8c6639668a22f64c8d1d935a710a469d107a6b29fbdda
SHA512 b672f06cd0ff0517910fca0a114a96b247a95709de2e188e4eaa76e3bc2f1620b54c7d79f5901b5ce9efd208b4c8de3772563ee977874e05a87cc02e2af672d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 124e42b7c50f09defcbf550678ac395d
SHA1 8402b4ed532998483b8209e6f6e9f8a443802db9
SHA256 0b0b1ffdadd57e9a3670ca450e4a926e6cf846f716a1847fcbd8c2c547d69f7e
SHA512 b8f364270e89b5acaf3e4c4b756953407b082162c0c30fd193a7a052993c23303a03724b659ce0975b97dbe37b2bed76e8884e72620ed3acefc02fcf76dd3bd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 74bdd02a91c77509891bd76cdf55fe78
SHA1 043e8e4b05f123015cd2804f1f6c28ec4674a650
SHA256 398d8b2ccf4e84a8006496d942d988cf64c3bf4a9a7e4478fe3cc4999f642f35
SHA512 c0d158b655971485aba2cf9437f13b93b2f8ec489f4ec7f5c39f26b722efc3300b3f59491d38467014e69a699fb1d1d4e64f7ded3fd714dd65228acd63dea7fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 ef90267a80eebd5c8c74384d8b9d45eb
SHA1 d55e9c57209f2742dad9f938b218ea23b50db2dd
SHA256 81d36e5a18861fb562225c5222d228606498a747bf0477b1ba30b5b689334494
SHA512 98dde5a0062af809d529e4fb6530bf76baaea62fdaafd04d596b2cb9e2c09cf1d5d5c2b02674dc7cb7a09791c55b805b15b8a1a0f9333ee540361f35e99a2ab2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 03273ea3847b1cc1aa9acff21cf29311
SHA1 20c6c62b82940394b8ad58ad544069c85305a670
SHA256 c00f392bfd9f2ced96fb60d9a6f10d7da78aa194a494e3e652bb30756fd34082
SHA512 01bae18c08a34b185ebf5824aac32940bb341d5cf3670deb4c52c3031ac59d1ba1b803e79dd2758facb7695c58435fbf2c81ce69c61918546051b6e75b87376e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 58ab8bde69ebe5d98af1689054bbbf7f
SHA1 9d60f2bdc28144ee6192145b80c6c6fdc68dd1cf
SHA256 438a65f123363e8f635e0bde4ab06a8c25a02db03e3acaf696699b6e7cd39c67
SHA512 f1a3b8ff45306666989c1ccd7fbeabe6671ed1f33d83800abce940460c1992dc5ef38b0c65f9353e6e875c7a39066118362ebbbb92a11fdf6ad0199e49362952

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 1be5c70fe2b4c3b98e30cf4ca7ffeff4
SHA1 cd95cac94330d56e0868f212485fe9594b3072af
SHA256 a7f5503a95e41996154c6c18d3bb7a677d27f55c5c34a6b7a358e35a6742c66a
SHA512 fbc0976370434a201592b35f24179a7e60a8395df027c4520ab86e74e7f265678845cafa5ea65009cf7bdde8f05ccd3c1de686bbbc948d173a1d0cc7766f4d28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 4625fcd0f7a680619da5d3b66a9a0e81
SHA1 9d509f644eb888299878d18550f07267875781b8
SHA256 0fc11209d040448efbb5c56f08c7cfba495dd706d7d62f401178b74bb081afc0
SHA512 8caa26863e5b84aa53d02665c369c0088cc987ae9b99fd0f031d3f94796fedd2fe70365a357090d8d029bed9e8866f01b2693bfe792a4d0dfa8d213e68debbeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 43131afd36cf222a0f35ee26a533bec3
SHA1 b4fd977d66fadf68ed3cfe1dfea49e5209919bae
SHA256 e86b3f93b9ecda67e8f144dd189c3eefde0034024420c1f83f5568c5d595853e
SHA512 f695f139e2442f863cab4dfa4aba5cb1d2cceadeb2b479f5870325706a5d85301328e1ad151d612fd795f988ab83f33f775da5e2568ee76f45e1e38a7a05d21d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 1c1ac31359dd73276f6830f46a0b2161
SHA1 c16410d8142fc229817b45825637bf215a372551
SHA256 8389632bfd2d99025b76156a7d12c2d0651c5a4ae32e2140b6c17366a8182f0e
SHA512 ffc358d614767d1b7654600e697e5b7a62d69b2b60920c697289566618edb80ebee42a0dce43d62477e2811d993de10bb4a4915e246843d5226d1b5b1acf8b15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d2ce7e1b75fd6e8d4b16948eca96627b
SHA1 5d2a068092cd8893063346b25e59b2290af17136
SHA256 7fa5c79b9b7c6035feef524fdbcbdd4023152c9e6ad10be9b3ad74c1f37bb3db
SHA512 b4549d016f21b86af7195317c7a0d393ecf729096b562ba3a3dcb95a934c4577ed3c5345b054cdab72474b9eb3b1b10b08c72b9150ac68a750c130c26cf83333

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 1fa8c57d39e25b880a6ff0318daef804
SHA1 d2fdf324ffee3f0910e247e5b378e2cb482ebb0e
SHA256 9e7eb7edb3b1c6fbd4d91530118e63a4d5c41480b819f6a18a9333c5da32bf8f
SHA512 91b5e5978737ed5b30f92ed8fb42476a15ad99c4b49671ecad5a17eac3ae3a4520be457f8ae76ac2757bf4ce8e5beb136197a9e6608a4f31ee39e94b6c3497cb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 13329d6e0f419db23662a36c89906ee9
SHA1 6e2ad5cf808f3239d2d24207a01829f6b31efd5a
SHA256 6f46a620cf40b4bf8f0ea2bd2592a363094d309bd82ea89f419171139a2615d7
SHA512 cb2867f3dd65b40f17e31dd6349d12c27225248be8469244b7b9fc017045c784b2971dd44abbc5303ce79d385e4cffa787731e5559c721a0b53d48724b8fc290

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1d01c29abe82b4b09a4ee59c212f4d49
SHA1 5370c08b90ff1f783d34e0c3274a384cd61735d4
SHA256 d10d54594367f4ab4a57d3c9025981877ef8682da86f428ad28d015aa5959160
SHA512 c398255e58166eb918371aa45f02386e2008247f9790be7527529bc0a4f6ad16ad201902198e2c56627e9bd65aa1c7916fa8593add646b5b963c0d89a20ca563

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 20331d86c3c3c2ee93cc02a815195f1b
SHA1 7ed11b0ea1fa62ccfca4f21882a49b91f51a2d19
SHA256 8df3ca354acead417eb9cf4c86f1b06a8381fcd5e71f4cb67d9f1d24ba8cdfe5
SHA512 ae81a14e70521d26ae75d4f7e479e14fef92c4460e09d51027e5f71daefb91743f3850f7546004498be87871b61e42896c8576e4ffac510d5b0a34b19e901a76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a7b459eeb80b95491e4b7c4d65bb4def
SHA1 46c769894864930e4438b7f309d78492952ea1cf
SHA256 42b4f2b683cb35aeb9f02f3cb5f35779f115f2d9e1f664002d1770fbe4cce271
SHA512 edb8d5a279928eea853ad8c4bb118d3513e3412687490511b4327fcff2be261f490fe506335ec46ecd974c25d5f937603b4f0196c09f99ced707400ecf9c3ed7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 02683c15e2c610148f4e7dae72894f87
SHA1 6b54b92fe460cdfc7881fb74aa423fdcced8fe8c
SHA256 1a51e441cc12ff3cd178cac92507d4deea0b2cb749a9b50cca7d254b97884835
SHA512 50a3045c1b425663f55bd38c66a4240d11ada2503db607b4c64001ed4af5ed16c3abebb0bf57008334de6258d43663f1c9898547e54fc48345f760825ed5be67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 630c4b39dd4b2763142b96c5ef008eee
SHA1 e93b919c62598d96bf78244373cd1a14dd32d037
SHA256 e0d43fea98442a12f180d0f322b45a59872ad176f04821a3e8a5fb6e94318674
SHA512 58c8645c56d699aae94e753fd7d693ff7d9693bc3857f524b6b95fcb60168fba2ec3db279263dd424ff919b7bb2b2e6a67fec59ca647bb2d8be28be2d6fd4b38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8ef1e2783937fb2781d4de66bd064f78
SHA1 81dc532e82f3c03513602ad31f4d9970cc6c1d09
SHA256 1b0c8565b0bd302129bf2fe10d447745538535a50f67f603576c9f7ea9ccbdc5
SHA512 20d0ceb46d9cc215c05549c0afe543be0e1d35d74ecade6841293208ea0e62e6dd3b9e72adc7b81fb043b0535a2b9151efa7f1f6561801c81461f27342978e85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 53be130d09591509b4b3ad3392cc80a3
SHA1 ab46f4b7e3f3775803e1b9a2fee5d9223e2a29f9
SHA256 5f9845faf53be7160bde9f6db5468d73f029b83e3a8f781bcc38aca7ae073bc2
SHA512 673b23d81856381bab39459456b1219e7103a047bd1cb3dd2acc198a8b54ea61b8efa324068e0d2e5ac45fbdceecd9788a8a88172a8d69400df87f5deecab46a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f6f6e0b061e8fea96f421bdff0044fa9
SHA1 f473cef88ff8dba69c110343764dbc329a40cc63
SHA256 75c03dc11b192ae6e17e867765062812214b3ddfa3a1118652fd2d748e062884
SHA512 4714a5b42cbc81c7805b196d7b77cebc71c42c9c4aff196e5026fd2e8a1a2e1efeae8db92f9c92cb8c2461d669c5dcd45ce5481e614d1da2b080b304c348d84f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 d36e6ffe1d0480eb99a7436f31166120
SHA1 fad00a8e78cf2dd322d689df44d56fb4f8b210fe
SHA256 c5d931760e98c91e9d9071b15ceadfb06f61b796d25faf0c03b10e96527eb714
SHA512 852bdbbb72e4037d56fe48779bfda85960c25841c74fbcd7357c35c0961f81ce102359bb3cc4542f0db36e40bee62aa4d885338dd75f2281c6200fbb39f970a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 4e622b9cf997f9b68a0d270f63a0b400
SHA1 765195619e117838369e2a5f732cc29c485bc00a
SHA256 30bdd08b84963ef7df46453d6a671c5ed91744c3ac891b752bcee66ce97e4ec0
SHA512 4ba58fb28e232f2735212ec881d943861967b95fb87270b7b01885a0f6b5449b0215c6f23cd04cac4756ef461ba21e8b90a89531b8a7cc562d2ddb6dd33d12a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 d94e87aca5478cd902cea285390ee683
SHA1 64f9dc4b82c67f869677f4c948ec3e8f9c1ff0cc
SHA256 af4a48e9c005ecc2479b2a5c4706407e6c207db952fc59f3971405fe03d58e7f
SHA512 e6e6d8ed3b89f6dcf19ec38194835c3477fecc8ec743a5086a3d334bb10b66b272cb7bf2329dc75fde3abd0c1511509ed18f9ae8c90c839168046e63b1016312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7d8b4172f71f206bab324b7e4b54487f
SHA1 41e3ef97d51eca1d1cc68afb04904be53b13ef77
SHA256 775577091e3e09ccd3115816939cbc97523f5e2a613e9e62a87b7a17a023e459
SHA512 550cabb444abf81e4a6b11dd71ad66d12c5fddb698ab880a98c9b36655bbe8afa2eee797c11831a76bae2123fbf735f283d6472104e7787085959669271431fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 8527aee891ddfbfb19a9fca7d9fa76d0
SHA1 10206a470a8d42dcd7898fc596143d089f18e639
SHA256 87a3328e407267e058fc8ab8bcc543cfddac94aa11c2e2b3d1c55d596b4598ad
SHA512 fd6404216fab718209968770bd6c5859fd06ac70d67c7dae8ac9151c6123f4423ac032ecb14626d5f952342eef0a7644e16996ef6f6a7fb1130300c09ab305e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 13cd4f9d4b2e4782762a191490b66003
SHA1 f200d378a69d640fc5e1a6f995257e0502e068ed
SHA256 43e09e7de4e403a1e5cca0879f13fdec563f15fcb5b517e242c268fa533cad3e
SHA512 6bef419fe2fb2602ab6409c3d9c74c66114ba37dca6625d67ab24053fa78f4d2c234879bbdfac522a299bf52b45ca822bebde7d0462430dd313228ff70d32583

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 fa79333155f9e3de3079bb4bfed57559
SHA1 3339359be743d60059318a2348157c10d1fcc2b6
SHA256 06ff56ef89aa6d17b607d09ddfd92e08c3de2f5c3c70d6fe926e50a73790e252
SHA512 dedfc463acae23dd09ab06208dc0510957e14783bf030e9e62d077803b9aaf42cc209b0c435aad47fc41c82677e1e7fea450b7894f184643496c5529fab25337

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 6249ea908694c7a0449f4a392cea5446
SHA1 7eab7ee518e04338a65d6970765585d07fcc6dbd
SHA256 002096e858397e4e7e1f6e4813fe0bcb2f4daa18649d204c30cbb128d29473eb
SHA512 bbc535bd3097788ed858e8691bcec86d4c34f9bd7e66ef8fe8a7973aa2abf61b24decc0848f352de864ed396829ceea24d304b4c408dd0ed89acac49ecba4c34

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 83aec3552f9d2daf35eb15bb2361652e
SHA1 d154b01e546c25c76aaa76a76443899a889c1063
SHA256 59d550d5d4efad8e001daf7dd992fb3083faf36e4155679e33436ae765a7090f
SHA512 33816f79b4781258090a889722c7739af1162cd0a53b30c1f098c2224c33ae868c5111c585ce3ed9c252267d1e506d63023df03950535b6df7886272adf22ec1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 208771e3d7e249e768f5ea9fd2b258f8
SHA1 40e366fec7e16ca697dea5f4ba502a3a142c2b08
SHA256 fc1f56a5db469cc0bd732eaf0bf6bdf6415a1930c0579dee1fbd47e41b4cfde9
SHA512 e9ee174f16a4773b384880dc84148562e95a26c90f21031dfcfa25549e303fb78f34bdae362d3248d713c2075869af750859d6e8b0171245f0cfa5125900bd6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 32dd436a5fde0323b1aac30816204eaa
SHA1 88560d2453eec34b96ed1e84f9028fdcbe2e13db
SHA256 e6b889a40fe37d2d1679bc60de945cae03fb0408673f78aba9099003a3023466
SHA512 97faefbacf8251c9437ca0a8ea6d08a26e6dcc3c58fb0102ed23011f6b23de6ea64a98c71e6d6d9bb16447c756c86056edc7f359ce752a54fe257a8757bbb271

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1848152ec2c3d1b18d2fe706e83a7323
SHA1 195c0deb67f8e1992de740df7a8a80e0db4e57fb
SHA256 f7c8126c135e765ddbe188c0053174e727bb9ae9a69835f518bd0661f1e8bdbe
SHA512 1c19f3d9845eef7039c7bb4e10f3806bf34ebf1b856798cec59223b0617d297e9766c27807a391e50f522d47759fee18fee047d069b5a7ce6192dc5134153950

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 5e641de1f9e0e296f5599d15fde58a2b
SHA1 df0c41498823fd1e4d6fbe45d64a7cf58286f0e7
SHA256 71976b1d9a83256328140000613ae4129e632785652928a09f3e779932c585fb
SHA512 8efcf8b5f12c3e48cee4c7958ce8069a1009c05faf277a36c8a7bc4322ab4e8b0babd45c4ecdf28ccf8df02620da5a904fea91aa9f8c697025503035ad067479

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 1574a1438396e3e39145696aafe82e38
SHA1 faa0086cae3466b2c2a7635db5cbeef235324131
SHA256 294f175bb3030bdcbc0cf1872012b1546a7c5c793f47c6dc8730cfb72512e2b8
SHA512 f465ba807ae406cc5f14c41bb37bc6ac2a32419c20e7e2c7992c798f45d2343da95405fdd43de9e640f39582f19d76a650330eed59760c9be2e4d1323e2b77da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 065be0399e33ea930ec9a04dbad98081
SHA1 ae27631623451d4a88c488fde7a6496d245017bf
SHA256 3edd96b0eba0e2fe8e13d532de9008ba786bd4d85e004c5a85b431712ac0d831
SHA512 ca3b51135d2590f5e8a9fc6fe1fafa19f0e75108ab6b73dc7c8341c28a8eea3309290f547077e35b20d5b939cbd44ba5b079d72eb779625a21ce1fda10c21778

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 4bc369172f2f0c3ce29d43da83dd3d39
SHA1 e6e4b13b82674c65f88a6070949db0a0ee1420e9
SHA256 d777f953cd4ccb80725350415e9ca4693811a94b03e55c5368e54beddb08681c
SHA512 80bf92de5b66e043dc5d6377f9bca87274848abd131ab819763ddb49beae4f7554e8e742d0937d532929e7f117c264fcd2fa6bb8beab4c3b08e192e1cc32adc5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 52c3d4c4a009638eaa863ee899558f06
SHA1 4043dafe8269de8def8e7b277ff48559908bc526
SHA256 c8112994ca567b0f332c95a6490a76122162ebc883d267ad4152041dd73a70f1
SHA512 3b056d7522c120adda72f7bd0f61112327099218f34777f0c962b7dd540bcacc7897a08e017a7e6178d66f7a3ca05537ad2c1a554ab664515d32580f9da6cfe0

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 01aaf1c2eaedb5646a9f86cbea673379
SHA1 9639da184825a154bc8d6a3b57206c3d1d5b14ee
SHA256 f9b82e6f352b04e2fc688db406edd56ec86ec3c4d40c25d983ad7a222de8fec5
SHA512 14cd9ea61c81d42d344e1645b2d83037f352264f9285b2a55bcea58ac63631331099507b56e530e5a75eb091692c4cf43bed60458c358319825acf8ea630d436

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 15fd7638ddadf8f40f7153a85503738d
SHA1 8911e807146215035849748b424a6605d691799b
SHA256 0b327f198f441ccdb8b58640c2aaaecc4115fe9a09d622c08c5c3db8f9945cea
SHA512 67828feca80a1e1e5a4a4e63e645a67e2c8d403e5d655b77d298f7e509166345a76316a763f207d37a798fb07064e018d17968945cb5ce2875197ebf4db293b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt.EnCiPhErEd

MD5 b2ea9c17a04733ff48122d37c5a48bd3
SHA1 d8d688a1de1af71736b135b3bd096afde8949041
SHA256 4d2989aa98316f25e648b62b08159509384d55314fd7a97cea3d5089a7419a26
SHA512 c1ac150056592cfe878887c77c2310af7a0279c7e91261f5878d0c9103f0b9b2b40b30bb61ecdad6be11e132d38abd714bf0c40950b89e484a1ad1e4653c4035

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 b7041dcdf45eb9f4ea553e6c320d131d
SHA1 af1cd158414b3cbf823136972bbfb3fabc23caac
SHA256 6d09e26b1348799ca0c0dcbbf9dbe2f1f8be3a23b700ed61e1c8bd5533e3c78e
SHA512 3e2674af8c170126b64e4727e006e1286fab629033023c1f89f9737eb8e7bfcfc6dd080148385162adf64e8212655d839d2f1c37776770d59960ca52ed60de03

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 41bf2ca1a47d796c92277809a2cae8ff
SHA1 a96d0e58734f957d22af09386dcff30196063930
SHA256 e53309d30f63a0f868439948a853748506cefd772747b43b6d33c9be3478e625
SHA512 821dfc918a99921d086a9fa120293182c97d1a21e4de1de522c5d46a2eda51b4a1deeda81569a38a2499d75f582f5f40563f6fb4b6c98c718facd6a8cc435e5f

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 1486c9b0be87762a1bd526bf133e2e97
SHA1 d56fe03830df27d9d473e7d99561ab58c88cabed
SHA256 f6ccbf669e106c6a53af7398beec4efd278099094bca26513c746bc38e8e0303
SHA512 a525de337680fc2f7f274dc85508c9d328770c1532b195bd207436cbd4601f819882bf4fbb607c1d162ae107bf7b5c06e6a939239a20316213af34234df84552

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8061002ebfa98b93241dec85c19892a4
SHA1 b4839f045b0f9792dfe6d29b4d2d3827b024f2c9
SHA256 0b6103016804a37bda61ac2576d04cb31a6ebd1fcfcdef92b083b9136ff7d719
SHA512 d181b60910b4756838eabe868cd73cde3a92515a9cc2f6fcd336ad68f9db4461160894ed1f94f2b9ba0e087395366a9d6028baf0637bcd90c0241c6e181b68d0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 06b213732503cf09f464b3d93252565f
SHA1 f68701ea84b0cb35ec930924020de8064f2c4fde
SHA256 048a249213927ad13b0ce49099311b68cdf3216c24e2ddc0595df72697317914
SHA512 fd985ff2d094029e255012507b91ed737985521ef078c4bb5e6b2193a053cbba7783c74ff44db0a1f86f180894a4917e37952d2efa24112c70e5a3f4471c7192

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 032c4ee69321c35913cf6f2c80fc20e0
SHA1 68c567e190663a8ec8546a2d899539dcbd44d30b
SHA256 0afe39722d2ba94a90d65ee67607c07f623f9714b08ba6db11ccc36d1c152def
SHA512 75e685c217df59289998b54e5db8ab03fc26cf6f4904c8e5969e4abf46f30c64816500376e26536bd2f81d54653513fff0a8ac267464874e3ccab3f970a5c312

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e991ec0ae02a9e13a38d397ccecb4003
SHA1 c0bcf9968bd209c767c5690e83e63bca658c1b7f
SHA256 c57827752789559827539a951d0b90108c4b7be1fa7d8e37c084c611c38ac5a3
SHA512 a93e912ba4ce5476fbb7cad2da3485a7bbccdd9bf1654186ebe2b9705499d40e10434ee86bd244ebf99a796bb6f7a0e0fe6471f21896666b1843e7e929345de0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 929aae4e9502908a9baba0cee77b446c
SHA1 49738ac06a11a90d03fea489f32eaecf1de99fee
SHA256 426a4471d19960e4e2d75ab495093a34fefb64484f3598a7109b1e1439079a97
SHA512 5c589a329292b527d73913d8da6ccdb9fe17cba72a7811de051b55283a309fc1fe217f3e73c49ce125c6ca0df9761447926325a9a2f1e9fb8402d5222866e27b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 e3b779eabe6ef8ba2d3e663b622da698
SHA1 3b76d9c4de72cae0047f91f5d7b3517944180e0d
SHA256 6cf155655ac8330fb55fc9c1f60f097e39805df720edb4b34853fff140991b0d
SHA512 4259015e7893a92d71c2feedbbfc5a111cd93a05f7171ec35b8f9ba96c9e1129fc1b6ecc1b34bb5cc951e1a52ab2c539f5e7da5e758a764cdf8c91505f12cc33

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 46ee30b647eb5a70ac55dfea93bc2d39
SHA1 68387846ec7fa66f891f5451cd023bec2145fd29
SHA256 7fe576714d6c24bb3ae0ac0a25a6284517baa5f13e5d84e36f28716611e3add2
SHA512 0169f5fba5bdf081c803e01f9d1a2d64a18bdc48a26f129eba05d7de565bf364a2e8acd123f16fd2a4b47819c5bf048a7708cbd7d7823ca6372fe269feb5b5a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a317e1a356b508f2b1ad5c9b60a0a900
SHA1 babca3a9bbdddab9789d070d016e0400b4cafda5
SHA256 5c56022b20ad4eefd3d2705d01cd4c9b4d79d85a25e3c17c0b69d5719a10a893
SHA512 5700abf38904d291866287c0ba80bb22f1dafbb4ab3c229c9e08b7d3f2a6d442a770d5b3119ed782fee673c663152b76de245eb46fd6972fc415ca10f638d047

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4307a2d58750b4429e96a57bacd8f268
SHA1 31c7467a806ebcc273ecd3c1e5fb52694812a09a
SHA256 dc9f80deccb9b4d8e3285b42dbbbd791c98d7a17a801c6ebf6f2e8e20ed197ff
SHA512 556e96063257394697d5c3b4a42c9a569567a8a80dc77018b2152ecf862865708352091ab1dba46b42f8245a31dbf7c6e66a885d120a0893bd0b31f3fa9706f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 a1c3c8cb124a41ba2239a38aa8355800
SHA1 23f908a4e9656de2e046296f11c8cce639385549
SHA256 bc24172c6fc4299cb3c0cba51d7a5b7eb958035162b98aa87011483711706c0d
SHA512 40afd69353c95f580ca3d4416bb907a5275021c7a260df35148f61a2c00a49960b7f488391bb9dd6f9500e8f8e6dc484be7b37e7f000d7cd2257d871bd21cd05

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9c26c820ac84cbe1d80329de3e47b4db
SHA1 400d998f929aefc7d2aaa78debdddd9b181ca14b
SHA256 b26a7aef9574712a5ebe76d3c7e0dabe25a0b6e3b8fc049858a2ad4ec127b280
SHA512 6280155e9025489b5a6cdda8643e2e0140c77dd3a1f9f1e39ccadbdfcf3a0453f7898d4310ba861a49bc61089d4af13f6ed62b96adf3c3092b238252e81ae744

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0e23894f14731a2bb52be66630d1229e
SHA1 b35185907b74f35bb53ba142f61d1ebb5ad35065
SHA256 b00760d1aeea0b81c8ec55d08a4389b6c043310ca577bd5bf9bf74b4a6f911de
SHA512 bb2ba9c8f8b00d46d72784fdb41bae53921eb13162de5730d24dd39a2de6b3f9c61ee613ca81d6cf4ac7fd8790b26b4f51062c66a8bd32c9a6e31ded2204cb39

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 54a0e48fbbe84a2cc7c58210e208402c
SHA1 aa86784d6e0fe09d0cee1e8125e1da420ac4721e
SHA256 b4ec9276c71b7c5945073a6076be4930a55e77ccdd8a0e1e9792b4a0cab660c4
SHA512 ff0a6fb506a898f267da58cc91fc0f37b11252161fe90f11e48d925799aa19a72f6559cca923db6b7544e0ff48da77fc4c22cdc465751ee4a150e493ce02b23c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 260894c2b9e3cb88e15274eebde32479
SHA1 f61eff12adcf75fa95ca5289b5f76abb8e954f0e
SHA256 91a8a6d4b7e3fd56a168a18d5ab9c882c684afcf590a8973c87ed6cf0a3b5e2a
SHA512 7baed9bdbeb3dd564347293c8776cea3b85e479d94738e517108f44a6ecabf85ff8ea41076d7a53b3508ab9b380dc581856002bc097c585e99a68a24baff09e2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 94469b5abcb3994fc9c871e35bd7f8fc
SHA1 ae27d2eeceb3d4aa3118ccc27d8fa0c58b538aba
SHA256 f6bdeb5b64255c04af8d121474b34777fa444794bcec104b8a9ab8b6d50b53cc
SHA512 6d494919dd42c011226bb67624971e35dedf1b388930a9f741fca0805c1dd3ffb203bb85087018c5d414034da267ac813c981db8a589d122d9dfb0ed54374106

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2fe801a7145ac85508ce525c790fa62e
SHA1 1eeb46a6f593b29e116945aa5618730c15728ada
SHA256 544a4acde2750f01fd9830e0f87c6d34fbdf7887c4ef75fd6e87aaa71b88749d
SHA512 3cbafa9d378ae33d9fbda8428fdaeb14e32d1dd350e280424196d9bd363f30ffd5c6b90ec65aced9e0614227066dab04183983283ec54e6b3e4983b53f308ba7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 5e3de016faf8803ff2e9947bd8d28e66
SHA1 95c4bb078929c45145c954d489495144c9d1c089
SHA256 58767aee6a0fd555fb7571e112b0fcf52653eff3f1e334c1d6de52989a27b772
SHA512 82eb3d7f975b3b619bd632bd50de0d293873ef054c17f3c450b112cbae0f458657f97cf14e85e1de67005f025539c1b993a1809fbde4960ab2ff45abcf1b05e4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ba7faeaa8bc3e8426d386366c164ccef
SHA1 c1c7595427e8bfa35c1ac7cfff31499803ae6b12
SHA256 d6b8cc2cfb4f0638d71bdfd3b1d71e1ca880f2a022ed67bbd8baa88f1263eca1
SHA512 cab06c4edfd17c6f598ea8f4c2e5db4772bbbbc5a858f2f6a269c3efe3cae40cd677fc82ff0ec0b88144f54e8e5856893126acc8b7ee01861458676fff5ca0a5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 590e683bcba8bbb45268c60cccc0a6fa
SHA1 d7256e6d3c7ed793036e71f136798b07a63deb9a
SHA256 81470172feecef20cf8217b717f13782130d5d66470e800db42f54be7b5f744c
SHA512 c043177d316ec872369643ce4454ce73280f7eaec95708f02cec117392449ba6522c7dc8938cc98083b2a1199d7d4a339daa9462f0938b0682d9b72fd01a8e2c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 4305ff4330662293230209ba18c9959e
SHA1 762174b77793ef60bceed499351a35f41d9a4502
SHA256 15c198b255f159a20382cd775c3fe67b70f407953da5d289499a00e750a35827
SHA512 f9fe3b9d8d91cec87a2b1b695219998257df65605f0242df7a27945fdac4ca0e3b0b138b2834ed125f7b3c55292339558e7f6bafc8021f65069f9323961cc774

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 1d74f4325ad1a5950336a43b9fe5df9c
SHA1 a9a4972648c0432aa98f3567096b78d7a398d342
SHA256 8d926dff202d9899636c85bbeb36530dfc4d9e28eaed8dff3e332dc24de0012e
SHA512 02fd0087e907bc612dc765c17718cb428f322beb266ac40d81500944d2726ad4dbbe277ad51e9b89f4f0a8899077b72e6387595fb14d02edbd3f1a5a232488e6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 1ecc63eb8e8506961cdbace709736e32
SHA1 17e22e01a36878d31c718c10391bb12cdb422fc0
SHA256 c8697a8ef1876e4502ce374236acda0eec4b26c81f2024ffb3aea05b75037154
SHA512 ea21d0964052adf4601f082453b2426439f6b7b7e3e22e5b54dcfb96e3206195b77d88fcc427790d6b3403bb43d2348e8e69ea221c5ae2db8b08f4d7c924b675

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 b1584469155c2535516f0a42dde2ba5c
SHA1 cf28f0c33ca969c059cb8c69c4d711fe1d983389
SHA256 0f23d37b16d33df998aa9c34bb401479fc7884bec601fd73fb3faabeed0dfa69
SHA512 8d14b170c174749be51fed17aa22de3213cd47d0dbd8d88b922d650a673e9381bd9e5d653c45c08bcf3afef36a513995e421564f41bbf6cc7913d8c2e11f50b1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 5341dcc1f58122b658dd00613dca03c7
SHA1 83a5618ddbe6313d5ea6b78ea8b8b711fea988cb
SHA256 55b40f7ef260890091f40790881052a5a325ceacd3788a7e89b733510f90f712
SHA512 cbf4c39bc8edb4514d198e2afc164d059967233c717e695336476561f45bbc9fac9b981ead4a7192d93679a44d4ca12f38e3ead410e538f48d3a59c110505eda

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 7000fcfb7a4b88709e82dde679ce41a7
SHA1 e88a0ac403afe9f08933a77318bf94a013657a43
SHA256 6870c8efdbf6d77046ed804348f65cc015ac4407c5047d171e6fd1d89f4900ef
SHA512 b12bbd61150ed010f7bb8c9dd1176c02dc0d181889c6b6aa6b16c9496fc97a2da18705771c79a5a39c1784b96893b47eda45e3f73e5338ad5a9e38e11cb1e8f7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 9542ef0bbd64fbc75efce588512ee735
SHA1 ba56ab04b7842f1465e5c3b7ef384047e9c456e0
SHA256 572719b390f469e6e1a3e8f414f5798a5c96aaae142ec1d5c3ddcf6617095840
SHA512 33edec46c381a95aebe3c4a9f3c870856bfd0d1431373a9e340370ddad1b430d95c371cf13f961683979367a36eeb64927ff8f33c9dce4e6992f7d9fe67737ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 177176a73270eada87f11e5a9720ee6d
SHA1 423d80948fe05f8bd12d7b0d71a068277bd30c2b
SHA256 73210058aa535380090e59f543110959cd9efc40f586f6fe906f7d3e86ceda66
SHA512 fff488fa0eca7ca8d55f2ed283f518ac3697e9c77ea2f01e3e2b48c058a279a96f2ec5790cb4314d5d397f4d641a969fc6ea2c317cf70176fc4128ba4a173dc0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 27000fcf99bfd54dc4bfcf6c0e32e307
SHA1 6b7b0a226bd18e4e39a8f1ae4ada4b3ade63de12
SHA256 f280bbff23af41acd6e6fe112685e6f1a4297d97f550e9afec736dce36b48ed9
SHA512 438ffc60a42307cc96770416788cca7be80728a83cefd794c533de59d1bdee64cca18f0b56b10ab551c9bd0f015c8a262065b14b279b5a0124206df3f77965d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 89e8181c085f59199f3565fbd8334fde
SHA1 b8aa6eb2f9b3b52891eeb04774fd21ad8b98ab9f
SHA256 4052503b3fab8a016f8f4815498660d7a729292dde53c088cc7b96a13066c540
SHA512 fbc1a16e291c11620d3c2a95d8d09404e77e1cd8d5077b9ac06779bc1550488f620fd6a16177b74b5e1f483d9e6ecc0d51f6c91d58d12ec39ee38d037f52a084

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e7fa3ea02d8f19f00a07b32543e2ac75
SHA1 ea5c90ac97ca087169e30c5c911b0c6019531586
SHA256 096c9520bcca601cd327d00f3da2c968103646f9a5700f3bae33a9d924a746c8
SHA512 7189bed553d647c670e4e5e66c41dc4ff86be0486e8f25093c7cc96b805ec6231d531ab2bd305de73b5d5d7476852887135160b8bf88e8d256249d8e04895d8c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 cfdd1cec771718ab6e6f32841c240dda
SHA1 1019ae44ae5ca1747ce5999b08401f6247b095e0
SHA256 6c40516bf107585b1a1534e31c4040332421282dff9398bb822f940f27309fc4
SHA512 746429de31dc382d77fd2301bf0bac8e0ec517af1f6a7b9a646b4121f05fc615b3657300f0990e1470196d434d33ee8977ad572dd822be7af62bd5c129417999

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 e087a6ef7b6034e33269da44b6bc1869
SHA1 c4d1a55ae181b20334cdc530d72aabebf17f81df
SHA256 58a53ed2573c437fd51264dfef479e5ff18f3b1c83d7e6d25f480b8ad6867faf
SHA512 a752d92983517a47dbcfa222f3c5b6bb10b41f021b73609e171647977fd65514211e9e7d08a0a720e2740a02dbe5871706af742a101e7d7b99498b8695bee0f2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 eb5cf9bab87c36308de934d7fd2b40ef
SHA1 6f4019fe7f876d2e572fe26725347eaca8fb392b
SHA256 6b354b3886d3b1d7ada053c6e34e494ca2880c71f0c4896b116ff2a40d393db0
SHA512 2bf7bcf42382bf060fa8dfb031e4c98b907e87b9b9e37b6fa5f3238c6923cb81f6ea08caf183ca1ce5741d73a42a4a6705a411752ff12771866af81d33341919

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 1f55db5cd2efe7a463f5663a4f6bb7b3
SHA1 0ceaf825a750406ae8aa3952aba070e8bab4ccd9
SHA256 16ca7056a78d5a9e5170ea2c21935316061e39b2d6ccb2483785a27572d335db
SHA512 6bf855f56c6ee315207ed94341eea2c9f0cb0add63d534d402d57a3881462de57140ed49f7456c0299cbe9c9f8b2f16ae35daf5e29478611dbe957c799a46c0f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 04bb9222be8cfdaf8373ccbd58f6b847
SHA1 2e1547e2f8641997f915de7eb4a7cb630d49d659
SHA256 fd44a04d8f7b87a37369b790eaff361b74337b90143cfc70feff0bed0d7c22fe
SHA512 4a536f0792b843e8ed07ed601dd61335fdadc8ee6e910ed8b410c114b31da0bae9ee87abab14e353875109ff9e89b75f1ac32e975b759b1fc894eacd511e2875

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 9b1b039e11ddb372f1ad1cd6937e35ac
SHA1 88553c9bedf6514cab6ed2ab176e2ed2318f684e
SHA256 5f1c6444fab63d7357a97ab00e30b79e5b2b3cf6756cfe714038b17839d88c94
SHA512 36d051b5200a7340389f4dacc61c820701afbf6585e9dc0fbc1249e271246a72ad5cc8e6cd97ee45aff5a99b8197f8cfce919a033b70c8eb578eeac79f9a8a6f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 f41004f6d48e4999b9782551a5e6c072
SHA1 e8ab4a9fd72ac3fdeca3b4eeb808c89c731622fd
SHA256 2553e88211ee606c78aeba4d3450bf04c18a6189170bf53ce319372828e5bf04
SHA512 980163797090e02e861e1fbd81c8cf726a5d5b3fb464c7edc6f0c631c77a2eeeacf10430a6ced31bdd06eeb832571ff29ff01853d7b4ef3064273a2e44f893e7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 75b9cc0d9be4bead6764585254690768
SHA1 aa4c220d461413df0a5581051064fae4b5b56a92
SHA256 26d2d163afdf191beef09c408bdf41499516f4ef037b8d2b4b0a5760a1393e25
SHA512 390d344db48db856b2a0fad1c027b8e4fc01e13d1f2f9946dc494ce8fbba3ea65780dc0ee04611ca68c0aac0236aee1e9f5dee3b2265bb2751f7f97e876b7116

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 880eb04ed4ca33b32a30c0c283b51e9d
SHA1 9aa9d0b06ac1ada9190ddc61db9200b2bfa63593
SHA256 41c7f57bd838fc38e9a0cb31ca6b9faed1577740b2afa43408905864a57d8f70
SHA512 05b0ffcdf78600148a9074945d7dc0d88d1e7475f9dc6a2fb96eca271f5fb3f85c77e72b614699e4a4fee11c2562a05ba8a59f21f42a36af4dbce8d8abb47ea7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 03f893e59c5183f888ef89067499b6e2
SHA1 811f247977d3dd34bd86e7b4d496ed3e20a2e0fd
SHA256 07abcb96d2ee8d4a053b21f6d76696a06332e199eca69ccf5b7902ae15687f27
SHA512 cc150023fa61656b55f52fcd92684b92d42b05bdc606a451d6e74a662c98011a038d2b605c722d79443c3a3ccb93e9643aa8d23e897ea0a24cf5fb2d7a30f537

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 22c3c8f47285b110a0741b8eb4b91077
SHA1 bc87753abba0c1bde71f453471869fba67ff6156
SHA256 32d957e999957c8fa705aef83e7c0106f5989b557cf0cfbff9e084cbcc690155
SHA512 3daa25232e87da3448bd8655b6a3c12336a88eec73ac184ec202165e0f68bd66501f9756dc7fc5a4e86a6890095693d573d944119de5907264c965b850b27cb1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 a67d6fcb09c682d15e8425a3e448d57f
SHA1 833596762711a80d5157982372ea18b1c8b0b082
SHA256 cd333440118507e9168130a4b4da1d0db6e35dca8f382c130f6764573787a103
SHA512 ed8d92609fc5addcdacb78804d3b49fb0d7aa9973dfed95d1d4dec5878a162114cf184070d201ceeeece43ed1fccb4fd5a060a5b48e9203758b2c2de23fbf895

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 cd242cdf609fb96c633ff3fafbf3c8d8
SHA1 3c910d692d83d4e36ff4633ae47c15c8bcdcbe42
SHA256 e1c13c30d2bb0a52c14a65305776ab1e03b02a19f7e9ce9826c3ec6947a4c755
SHA512 3df0cf09c40d84f3a451b858b28bd0fa840ef2f932a7687da6843320f23a864a22de9797d6d6684f725b5e92b49c5221b6696cff4ae2b235d1571232571a96df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 0a872b493c6aaf3cbe6e1158692eacee
SHA1 d8cb5df1a89217c82c06e684e8ab0198fe2dfc44
SHA256 54278062fce1b14eb1e5088c58a2ccec6b002393f6d0e1018b529246969d2c8b
SHA512 931bed784cc83a6cbb13fa9111343dc43a1c62c15b7a20c6556090a824e98a02e233582b8b6de216a7dd94e6949f08130eb2d10fa4f19995426f967d1cd7bf42

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 967f273ad446d49f8ddac3e8c4b0534b
SHA1 ae1bb9310bdd57be427403f81e16ebd3af923285
SHA256 f908dbaede67df299ab9ceb5f0a338498877bab2ea1fd70593b6809b676cc2be
SHA512 da278d7177534fac2fb9181e490593c005ed79bf587216f53321e1edfea0940141ac38ebcb12f5821acecc28bce8d9bdcec6de69b42520b20403623557ebeb44

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 4dacb1863db0904920bcf6a2e2e48fa9
SHA1 81f9775255e4e27957fd8ea2867e0649c7bdea56
SHA256 b829b7488c29bd406a471554938a64b5e65e316cfc3e45b0e21c29fee7b484af
SHA512 bd9e030a19d6dd5c7d2e112aab0f8fd2da6fe890edb9b9ea7df55aaece5e543d65d3336af52e27ab153c9084e9fc09cca89ab9f8d6122bd49e4a42f51e38e4bd

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 016459ca357970c5b3ff69335cc29f37
SHA1 5764aee6adc66522d969d776ca20c7c5aa4b2754
SHA256 ee1d73c109aa4ab70b20b6948a6c0fdc6a95a7381a9093c3bd090da7280a7524
SHA512 fd8b71a0bc9863a6465b4824fcb930d39ecbd7ce4cd295fe353fdb2b6fdf4934ee9300ff1994b29eda49ad8d2b3eb5a4a21203e1c368e524a50ec63140381afb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e06778febf1dda8629a55a331a365b4b
SHA1 df7bdfd40e791d07738b48b5754b070d48890c51
SHA256 f177bc1ddae6aca007a67062b7f3fd2effb72b927c433ed2d0d3f8fc9e900aeb
SHA512 5de7905e13873e75b3c430708799b7e9134958cbd5f248e1f9858277fe96c8047ab7ffacf515874762f0517a2014ec55f7773437d8d69b7d0f8040378b3f5307

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 96b94702a988b1919067e245edfc9fe8
SHA1 378f178beee93696e7cca9ab2b46f65aae4d41b7
SHA256 4930f5f1848dab7193839f6a8dfcfe29db05c0cee4a81bc421cca554b940f60c
SHA512 7cf8a337cc766d286a7524cb36fa0845a7ab8ff0ed5d1dd7c29524233c5d48cca0bceafddb6ad561aca8f08a1df5a4fd3167f68b9a6592c54286517527b4b084

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 71344c61cb724db2f5fa1a613ab02f86
SHA1 3919749647939967bf87a8b08ecbd8c572549010
SHA256 119a368ce021ccaea4ddc580d6f1af153d323a8b7227d9432a7c5c4dc9a3e79e
SHA512 d9ef7baea570fde17d327066bd9cf3672eb34aec73839b172875a528cf049b8a2cab1218dc18f49342f9a8930c088973595b24a52479303a85d37d6945f441f8