Malware Analysis Report

2024-10-19 10:43

Sample ID 241010-stnwwssejh
Target 3092c202df19f79307196091b81c323e_JaffaCakes118
SHA256 ebd1ed6e81cbea1c8f6622d44b41b29f410ffde344110fe8e7c47930f0575326
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ebd1ed6e81cbea1c8f6622d44b41b29f410ffde344110fe8e7c47930f0575326

Threat Level: Known bad

The file 3092c202df19f79307196091b81c323e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Xorist family

Detected Xorist Ransomware

Renames multiple (2179) files with added filename extension

Renames multiple (2201) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-10 15:25

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-10 15:25

Reported

2024-10-10 15:27

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe"

Signatures

Renames multiple (2201) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netb57va.inf_amd64_neutral_6264e97d4fc12211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\channels\OCUR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115855.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.7601.17514_none_e453ef7731ff4c4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cf07afe341c4a9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_6.1.7600.16385_none_fa057619380ff901\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f7b7ceae81f05fe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.5.7601.17514_de-de_dd0fb24899b6ac48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_786caddbc35d7721\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2a3dda7028cf9576\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_81c4e1814b4d0ecd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mcupdate_31bf3856ad364e35_6.1.7601.17514_none_26c2d72ec26de8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..putername.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e500acde02077df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62b47e898b8361ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17514_none_b995c74af473511b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\chapters-static.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0886014c8555ca3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-msbuild_core_schema__v35_31bf3856ad364e35_6.1.7600.16385_none_1e23f9238ceb7d16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_281669809605b913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_990fb5253ef5803e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_it-it_773b34faa2eaa0b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_efed75e2fbac9517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1aa649193cd3e61f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_090da00f290af8e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbvbda.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7915c6c1230a2838\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9f40991d752411ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\passport_mask_left.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6fb966f8e8095070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_636e7f4e5d7982ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_6.1.7600.16385_es-es_514d4f51067afe9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..edirector.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1869870264573d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_16502cbeaad3ab39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_64a7d743c904b676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6bc50399dd624909\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptplugininstaller_1122334455667788_6.1.7600.16385_none_38472e7cf4db637f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_s.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-http.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6eb5a750f01d8eff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e1e40f6aeb670b0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_658ad4c6e1804870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e31f54b591910e62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_07fbb9023f7f0b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ece4d61a9737335\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\ef31f92d5ee5c2a437add4506830d025\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06e8222b977ee0d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c845ffae4cd831b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Printing\8a2376658a24628765d359a0fafb3339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4a0c63eca6ff1aea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e3d21ff3a370cdab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..inter-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f44cd56b4857f2d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.1.7601.17514_none_2dd00d963fe4475e\welcome.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-speechengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1877cd4137aea61d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4805cc28fe38c456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4c9c9294fb161c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_68d7339533b16ed1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f6476e6004f29ee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7e0a31f5b1cdade5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\inf\aspnet_state\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_compositebus.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_839d865fb9ffd64c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe,0" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HMGPJEUOUYBGJAM" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 5e53ad1ea6f1c6f8aed776f4bf09b8be
SHA1 395f19bb695e34a402d457b6a6077d242864c7c9
SHA256 c19ac6a621d65d1cb6dbfea18cec718191dd5dd06958b775c345c6ce08284bb0
SHA512 8b685dc9f58bd37a67ed9333711093ec2013a856014f70e7fb1fe7e7a8424b624045564f5b2a9bf4e2f6b5b04dc2a87ab1fbd7b195508ce08b79e3ddda534bae

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6d7fc0a320b3e124a67b8e30a370af67
SHA1 495aef024b6350b3ad91934b39752ca82b079d26
SHA256 8c39d217ba0f6f3306aad51df98bdd0010c118f4124af16c711a9efd66002a74
SHA512 5e0e18926edf2addeecae6ab9b57952c63d760b6edc6591276c340f50ecf9da4f0dc753114aa72b13680f31c3a050cc9e3d057f71139b22b49a22b1f085dafe9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 6f3d33d01ed86454456dbd7311bc9c31
SHA1 f0126b2494b382dc58f4cb6b5e441c5c0afd7a12
SHA256 fb4ecd971e5ba2773d3586b8b7bd1f1ac99ce774494acc84c148178272e5534d
SHA512 40484d860d811680677e58e9ea50c69e399d8a7e0981cd13a17a78f77df2acb15a2c68df2b238c7e40b31f179538e70540c068936a454c9fc96bb8871f43b199

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c8fae1bd3b7243f282ba2a5b7e7e4db5
SHA1 10ab86411c7cb2ed54522d439b1731bfcac78f17
SHA256 7522e2845974d4142e4e6b60d3d6bcd350d53a643af31b78590fac5cf5061af9
SHA512 8d0a34091f48a2b531c9a10ac3f6f717659e25f474afeded460f82f1944db6b76c22b7f4aef57ee0258a88e513707490e1e3cae980b90025489ae4e298e56fe6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e8af76a3919552d137e7612d59c92b33
SHA1 17a67df70ff30138e4ed9f4ca52e735f45ca2c85
SHA256 f42f93e2d7bc3494cf83f4a0e6a8bd663b9ab5937ca1aded9e30d0606a14e9b6
SHA512 f8bcf84a64e2a910bf3209a9a095d306a2d12ff58b4f9356c6151aac575bf66e1add1e47b0177507b9a6dfff9a16a03d24f44464f48dbe9034264472af1861a0

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a5e06c40b3d491a7f0f561dd67eaeb0b
SHA1 08cc0e8a893e674404a81207456e5f15b11744d0
SHA256 c33273037878401a9fe1c3183c2601d6f5c14b20e743b40180e0b370f7498fc7
SHA512 b51b851c84693ca3e2ed3a74e4138f0a159ca7af97310e6b6b090e44d368ed630383b8d08140c6f69f69eea906c2740470742c57a1233782f61cb6d23c489ffc

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a38234ff321adfa6df601f807ae0d5c5
SHA1 6cd05fd8a4c6c1c16408b90d885689bcc765cc75
SHA256 c3be318195fad4f932c4c1a74afee6c6fa0c9e049e69f434d84d339e7bce6730
SHA512 9a6a999cd30d7788b2105b460fdf3406fdc26912f4a293e62e834cea30a8cb9634ede434d754e2a8c5f65bdbbf82955a39ea85c92318deb1bdb473dfb00d82c2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 d9ea80f982a50cc79b02417120f1a2f3
SHA1 f336c85c6c00e7ac6e0f4dc47b6a65d97961f7df
SHA256 4ca53ecde3650ac43c41496aa2d9ccaf480464e82ff0ff4f6a5f15370f716a41
SHA512 73b5e067fb191d8d6d24f809adbd8d3f954d5a294c7cdb5afb558e04cef12ec608e8d845dea2dcb63fcc659c3b998397646cdcb2691ef18e5a4e8bc2facb7857

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 74f89a99fde9394142b611ca713ab764
SHA1 c705160e40da42bcae8a6c8ffae14b85873e61b5
SHA256 39dfa28d7fa7eaf32f37d435ea5cab9a6672e379d0f1a2ee0292b6797832ac20
SHA512 6b1aa36e9a2f1167c69b9948cd5075dd2dc51143fcdd76deea28b9f4b232423b995c72dd00b810f622b2db0eaf109f3931d5afa48402e1f7031903ef6eb428a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 94c8d93b7a6b9de5af2dabf31ced614d
SHA1 bdb08457e7fb793983e490658d2483b019d7c642
SHA256 00a2a8cefee75ff4cc89d0cb3ade23753d8d62aeb2cc657acc14af441b37dd2b
SHA512 97bab5768085b08f8fa3a4fff7c2bf91b74490488308e5e1a7ada1266be703e165e4fa5fa9c2e3a2857d57e802ca33e2dee8edf79e08e49090f37fcd26a26d48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 9241d6a2266346bf504a0d0c581ae096
SHA1 f51f3b290f3a58097f6ba75d6816c0a2c525f08f
SHA256 e420f4741cc81d60b08aeb9d8d4eb74bff4006fe4aa44fccc303e69b55fec475
SHA512 0c99735fc4b075acc3367b11bb15f8fe186caa0466f3a4d5d39ce9fc1c6a9857b91db4273800748388d7a924ecd8f37ffff7415f6010e338f064e0586d4be0a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 8d23c9f5731cb5d771cc235b228fa134
SHA1 4a389f21abeee5d09d46cea3efe2a89ed7a2a466
SHA256 4a37cac127a334a1b5a562c6dab6f8346b6ad16d82270a4d6c6e526c8eb7dc20
SHA512 66e06bf92f3811d1ea361ff5c3d11c7ac7843f5f1e4dac7a7732d8518f6e7fc12e8e9d56f39c77cf5946af00f76b8e1af29b195de97d8db284a43b4e989b2b8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8a9f94415c4e5a25e77ea7fa113f5770
SHA1 3813b5d224c75eaa13c7479213456d78e15f9eac
SHA256 d44c96d5e3d4c74a8cd159223f7bd8c0fda046bcbebbfd8224216f907c3fafc4
SHA512 17113d192b3da1d72ebceefbf08d8266dcca3b7284eacc47054d3c93e46388cbe13e1d4313fc9d00296d8e7af30c2f17c5cd4152d552e251cdd7548af5a48382

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 c3c6f7284211d9fb22af3c15a069d5ca
SHA1 8fd37f5c21b3731f03a63249f7b3590308d01fb1
SHA256 5918546d6ac45d09b99c64db0b92e15badfb066afb3e0843694e118e2ec074e2
SHA512 3ca24e86b855c3cb252bf59b977ec8ce94519108b0a0fca51eedfb5ca597c4ff1df59e1115de8c1240cf34da2da8284fd35cf44ff43f4da0b0630ad614731b5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 70419add2f90dc225aaafa3d84d42ab1
SHA1 3d73c3b3a133c19d8e1db8e9c43e37973c3ec5fa
SHA256 5431c8eb205152f4a51858d6f31779b4c64cd334f1f2fe579655a50f67e24a92
SHA512 d40158663f3bc64f45bbf5c8f477a00b654cd384a1fb33f22b4a7e2e27e1305fce037e1f3d2c34945ee5ce6933253b326bb5d063f1c6b2bebdaab83712089767

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 47400c963562f769faf7bfc4a574d37e
SHA1 dbe3f781608bbec1580762655769f797b83a7dc9
SHA256 81704675ef39635b8b97f17cae03778b7c54fbb9517e037a69aebc5710bdf893
SHA512 011635c0ba886e630800de4a1aa4f49a3d0ff6d648c690179c95b5f87a79d33d98ff62c6d064a214dc6511381cdc1e01adcffe05fe826a5c6ee3c32674f2136f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 2307d5674197217ca605db78374b8a89
SHA1 fdbca3e1d5728ea6d19177c30d4e6b4e2a2a8355
SHA256 06a2826416e449028bef0eafd57d5597a8c386439eb2aceb093ef6302feef054
SHA512 c83516d72d05ae6bf6ae047868d08063342612fe2ae910dda5a9f0d93fac1f4799f4f9215eebcc2f7a03c603783e85b2f68096c464c91f50521160c27c67224d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2197b5c4adcecdd5da213ff6d2cfc91c
SHA1 7baa7ba1187f4e6e4ca3bcb24efcc437c2d41abf
SHA256 091c3eecfc81961075a02a03b764e5d0e6b9387bf2ba5c1306000fbb6f8025de
SHA512 9518691c19149f80adf351a7622607d0c1c797f86806ae521bc1f9ff7ee89ba6666fe8ca742230f6a178721f5070cc4ac8ddb72c3eb3042c14332d844b7ab277

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 bbd0d92d65d16db509a5519b72a8b5cf
SHA1 03a949c3494ff7e91f82c7e09a72ff0e307180f5
SHA256 b770566645a0f9c2ce26c6ff96eec0d333894b09d48c9e0c55906bb96a2c5990
SHA512 c701cd8dcd663e1b74ec258db587b6589e55319e18615f0a433b413705e2b0e6be939156577e699fc3a8d13f3a7e1cfcc5b8ba5e2c3338a6862d25ce3897e3b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 c5426279bf70f34aa474d89052dbc123
SHA1 9175b7b84665c7a07079d20d12a8624e2a51cbe4
SHA256 5de0467c42146aae640fc150661f8c05d0d6ff3020b46122ef8f21011e56f061
SHA512 6cb39b3aabcce6c7f76cd93d28d163d083bd99ef0785a90eb088278aed86fb3f44152dd0277a1ac85f175774e125cfb4d0f53557998899d4204ab4f8944c8f32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 bf2dfcd86fa83e3ec366a73d36ea5dbd
SHA1 cb64ed7849926761ec650d8a0a1f3855b2045a64
SHA256 166157e355f8f86d72950579f46ac1f8f6c6889b6698326cc0b4e7d00b7f395e
SHA512 715310183a16669b8e8a3c0f943ec0a64b8865aca7597ccd8a91e2074560f0e6527d1f63b74188d0d0da6c9470751d942dfe8f5b20265e45d50a5f296ad6294c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 61787af2ad995ce440922ac5ce5855e6
SHA1 3c8e6d2a8b7e52c5607fe62cca2119706db693af
SHA256 2f4bdbf348111ae8e8e8a4af784d4c8b5c28a92b68e4bbac6f1ae2763b08376d
SHA512 1219f131f58c18ef45f318846880b63f8a148007957ba9edd4f786913e4371c885cebcaa0aaf11730b813fb5228af6a04d350dba3a12b87b7bc1e46738e80053

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 b2177a5156ab200eb72e408bc5ff54f0
SHA1 6373926d670f2d5b6fb9b91c3da5efa6823142b7
SHA256 d2b8241f00de1687042cf66391e1d4e6b8b96aeb625967b1bfb8efff6db922cf
SHA512 baadb4d5b546bbae3b65ea83f61760a719a994ef4bf723f7d9ec6115abaa2025af7a74cc6d268ed543eb841f537aa7c6a2e5aeafe4f99c2680abab6d0aeb3ca4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 2f328d835fb701c6886e550b8cd23f06
SHA1 808f51b79948e40afb092592829b97a8ace85808
SHA256 c8f4856e339958c9e66137fec941dd8b638423a5b9a7ef4b341275bc90e0bdbb
SHA512 bb6fb4c90e2fed894624177bd6408b1ba2196c7cfbcfc2af47b41bc9ea8f6f103b8778e523abeabe5ecf12422f90e59715c35042add3e510a78e60bde864c196

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 3ae8beba3da1e208d503d68969c4528d
SHA1 4a1c5f7fa631e32b6b01220f4ea9bd49161c7c79
SHA256 a533baaa506c06074b4466f510a0e9147fbc4f0ffb395edd7da943e42bc608f0
SHA512 35790fe69e38a5775b6a5f4451177bafa81b9268f0277dddddfcf2e63c43b4d7c4b52bcfc046142312d996801412ec728266c88caec3ec2bd114423f15bbebd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 b73d889cb849941cac034aff05c02d1a
SHA1 d003b7c494d7c3348da6f779d9127c904cb63815
SHA256 fbd30e4c0dc785855c5b243d012fd4472e13eca311727dfb6d5fcff07d7130ba
SHA512 69febe18881a27f044bebf3831085ffb42a2434248f3315e97b8b94cf0497ebda3df4b57f8be7bcc3a4f9fea3684f7df871b19071c05c6b5c4fd863c9121611e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 5e2c96c806048b2c392b3dfb36a15f3d
SHA1 685ae56dfdbee52cc47322f4a76a5905d94caaa7
SHA256 75aaab6b3ae604253048f5a1a382c02bd0a4d5983ac70e1cc6bc600eae95d66c
SHA512 5ddee9578a8d07b6e3a247dc8e1142b53c73e328aad0a2972f35f6d15fe7af0dc65e5c0d9dd44da20890b98b635ff448c2e09479e8e14335246539c32c3da732

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e527b931ed4409edf1a11e4bb3164cd1
SHA1 3305c8763dd567698e5e6b35cde8eddd664f62f4
SHA256 e58ed9ae6e53d4af8bfbd1d4977a0bf876a60d513f4aadab10242b7499b287c7
SHA512 00778fe83995a3da0127b8cad14ab4c21b526347788236769593384ad0dea9ac79e322a99312310fccbaa8cb5a31514486f1fb661a869cfc8a0b3e8c0f3eef7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 d08f314e71d1089a6aaf746c60424f3b
SHA1 f080b4b7b04b90be88125aa438503d3fac76588b
SHA256 a490be10a7c239fa4a266fd7d55512e2408edfbc7f39a82b6c8baae84e67cbe2
SHA512 6265fd06441227e4eb5d9e10561c5586b75d7878233064a6aa192e49c6f937f89f1947774be9d91734255d5cdcf60c544c3e301ba21b098b9cc0050ff8058057

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 933e562ef56e3101b0c785d4edce2a63
SHA1 341c0d19467cfd47344f3c37ec06ae96d905a8e4
SHA256 5c20de0281ce9c86032a240d5096ff1c452e19c2abf8563d74c14eb15cc4f377
SHA512 d3288008fd6ae281a7b08a3542200f6d54a17fb32e78ebb1aa45522c7711922e664b650828c917b5562cebf50bee58b7d6c9338714a8c52b2d45b1fb1b0fe08f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ac240e06ae8b5e9df060f4988a67ca51
SHA1 41bd5c3a6cefd464c68a74fe2129e16af8c82292
SHA256 d509dd9d880ceb606f9aa08e75742828123af32a72fafb4184eab63fa404ad26
SHA512 1cd8e1af290a1914f51f3fff97429538f11cc5cc09fb51412a79fc9ff25821b365cdb179a70fc64f90d4a0c6cf894a683f8e53cbdc15989868ca90ffafd04e87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1e3dcfcab30ad8bb9879846099dc61bc
SHA1 3d0978b665846ed342ef92d8ecfd6c306b079b2b
SHA256 d4470b698122c0e31b0ac328181baca3ec2efd68302346ce6f00b2eb24474401
SHA512 8177c91d021c37a5bf35b853798ac069e5a1b1c1e8b8fe26a2e3b2ae21b6660796084da1db8061c3bbfc59696a65ff7773dd98dd67cdba71616195b30b09d5a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 bc28c55eb4495337e3471bfcc661f4a9
SHA1 8929685c4b4df9bcdb78592da9fbb4ffc43deb71
SHA256 4a3952eeec0afeb4cbee85871258a8762f48289cd2bd0e14bd40bdb59c04228f
SHA512 482a7c96db2c61aed1bd29a28ef70839b98be8ef35aa926e41936c0fb386b47598672b3a0583de169d651a1622ccaf2df55a92852ef7f30ffc313ec8609b3045

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 97684962eda2f96ad63091bf1c07a63d
SHA1 b769745684c0d5bc29596d6ab0cfd911012301fd
SHA256 a698294e13b082c34b494142c6537487425ecbf2528dcf860238da767db43846
SHA512 9565caa6a950ebbbd53ccf95dd720556828e9163228c0c5212d68bfa3efa785023f6e83a3aeecfdd04a9607a7ecf7a44afa8df6ca0ef1248d856fe91c98a30aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 3f7d203ec25e34324ed2a4ca057cf2a5
SHA1 43c3de40c58d6fd0a7d9194ec7abc66b69a8f879
SHA256 62aad6cb30edb7fb287b936ba41b691970563f2486987569d51a706a49f152b0
SHA512 4efa5e0f3594b5c48026f712b96614253784943799dbca1401da544239a94531bbfdaaa672e7761e2dec785445780f10b234cb349b491d972368febaf1be82cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 1fa0fee45970374fcfdc310c959fe670
SHA1 bb11a14c1831209d022bb20812687d620f418165
SHA256 08f0062aeb531d8e0b80167ee016044af6c06e0c8320dab0f2776b018cf81531
SHA512 5fc946ec69d1095784b372d750d3a6191e760e9962aa42e2c45458497a9929754d2f628fd1d8950bc0c39acafffd5b7c8cc5a7fff26cae25f3643838c393b5f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 69186cbcfd6314596e75aa56cab1d297
SHA1 393655ac1de130377461abc85f67ce80c4cfbe84
SHA256 93848159453d28dfc143c328206575d578470a0d923f13ddaa2969e26a2d91f8
SHA512 3c93f6128c0873e9e3ff2a22fd6463c7ac9fad8c52385ed67b22a8cd2e518ebd85e52df42ea508816c3b3c374eb3c85ecb559f136db7a84b14b33ed32c56702e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 7989c8db85e134bd87394fdb1ef1ba07
SHA1 1654d63951fb3c2c1b7c6e184a8cfd31a22821fe
SHA256 00ceadc37630c44e243c055afb990e510d9c9c8f76f26210a668048eff660e5f
SHA512 8f40f7cd3636959625ddaabfcade3c534044ac7a885538249e89833fd91ba3b016d270551d96e50188739ca3a7e93cddadfacc09b093e086113e2478eac9d4de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e9c4d729bd702813d7b69f262479274c
SHA1 e616cdf18531ac82ecaad414c6df504ec94e00c5
SHA256 24a539032c6eb0cfca039ee2ee55145deac85647c2bc6cabb6ca37a27480f067
SHA512 0866ef09bfaed8e4f4fcc8ce31040b284b46ac713ee1cd7a5518fd6875279fd76e7fce1d02eb10c544826eebea850adeac0824a4a4a085ab6bb11cb0fabb1caa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 927decf076995c2cfd5c2e5b5dee84b8
SHA1 ed016454d18486167d4d2cb7207f5a5b70203a87
SHA256 45fc1ca29017de2b15ebe1d167ea859c82c0ee33833dcbe0536be04d448c3977
SHA512 5c4d70ee4898d1a918a66fe63648595acf7f90ecc234ea8d3fa3e2f4529b6b1973e60e61c2af2b52de134dfb8876b37706998fc2aa71efe0d1cbadc48afedb24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6f822a00c36044527b5871c27d53a43b
SHA1 074e2c727b1adf3f5be6c980af2484366d8e11f4
SHA256 1a8ee0404dd9f2eb7141beeee62752cc080bc94f6fc98a9b5ecc8dfdab252825
SHA512 65cbb61b4a79975238ff5c8ebcda0bda1b9cde5e3b4c0cb105d19c3411a9e41ce68b56e3c815be1f0847a8b6d9c28a568b0521c5ebb0f2724799749c31e42198

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 691d7ee28a2489c5bc75e68c326412e6
SHA1 0e3918eb1d515e711370af6e676d56651a27a410
SHA256 ef30eb1a2c768fec8d6b49f14cf9d38b6a5a1b26d2b936d159b8352b3c0aedb8
SHA512 ef4b2b1f1b0490f9b58f0cd690d72e6aeef35c07048261156c2275c73dbb4f76ca8cd10b9ce1b5cd7cb18edd3f722d34dfab43ee22cf6b7578169850d4e8e16a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 45f86f302b5cb0a9760486c7dcb87256
SHA1 7e79bf037c147e1cbc3b990f6d66f8e20201783a
SHA256 ccd4e55dd2f888f9fdd6631e0ebc2fc341ff3fe7494e2a2ff53a90ec14e719e3
SHA512 e2e2020e86159a3e5c8ca267b0b01312f1dcf2588cbb0bb2738925517cea0acf2c61d051cfea712de57e9d59c5450ee7d6f04f57228234d6d3d3981694d46426

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c1d6ed3a1f47b370f22bfa2665ba4682
SHA1 b13ed977c6b279726ddfcbb0285457347ed1e522
SHA256 1642dc0931d318004c324063b0f88dd1822da7368dff84518e3da342967f6c04
SHA512 3ccd5009c71a057bc7c2a7fd30e076e302fd9a8cb325710388d12fb14af8387194a465f1bd87e079cbebae210b5b5d9264c46b276fd5780f79fa40ed6825be0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 8f3d837e0695394d4510223b1994c611
SHA1 365de5e3a88bfe7420552ce8f41e5fcc30952b1f
SHA256 fbebf6e0d3477a7bb8c26d89134959b89803d2eb0b6c5cf1b2793ab937d105ca
SHA512 d3ea40d4cec82286d7634d4a74cd30a1776bec611448976587c453e0214868b69abb0368171ab1afd96308091321e2d7b011826b4e14d5953f587c6479876cd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ee8e65a93e621f851fe6992e77f8343b
SHA1 881f6dfe06e348f554a16ec25269551c588c3f4a
SHA256 43f9d246fcf26b5e89dd9d5bd38c5fee7624216ce74fcca697222e0d234e7224
SHA512 90b75c21a48b6dee32c8ffefae83bbbd3bcdae187b222d126c3a71474d0de79cca359ded19399f344eba4b8748c645be7f7c9eadf428bfe7fc77637f851d0a0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 f3086b941956368dc60fa1c0c6bc17d3
SHA1 68a36792d45ba77af49ed05867cd7dabe3e79a9b
SHA256 39c9509616f704697adf39471edfad2d89d7926f77c7b5da1624468d4347bd90
SHA512 8a1b75396d6c0b1c0a9231bcbae39551c79112e8d4c5824bca3a8720c956a97b18a60b92b822b5f274caf8232a44bf68d648b190a5d2f3399b6381ac0a2ce27d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 93e6c9531666951bd9cd18e15ead0ee4
SHA1 cff97220f6b7ab260099ca67ca28b6b3f86d1a8a
SHA256 2f15f8f20a455c60c74d3bdd3eaab3645ebed0621bc0bf7ffad3238817f3369c
SHA512 4e3ca8cdeebad94400026469fde17f2e3295e9838a20ea66b4a8098fdb22d94fe54aba8489e919bde9e5d05b8f9a108d5c7fb608fb4ff8267ef776d31e187a3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 c9a8c7e4b75fda305bcf89b469ebda54
SHA1 8d60135ebd1d67b848653029d1ed9a2e7ab7e032
SHA256 3b92da8ba4a5fe9c6966723e39dd1e304f2adcfdf7e7cd86f2558661fb4bd3bb
SHA512 a9234295ca270402e273202ef35e45bf10af495ce7af20af0c0c20138d53756045fdb2b4f1a963dee5f2c958cfe5c645507d0e00332dfbd8a245cb442f42ede9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 27aac48e459b4d434e5c8bb31113c946
SHA1 257d463e0f43832d62a429b465a2dce23b700e23
SHA256 6c066fce2216e94bc139faf7c9ad1bbe8d08b47221efb99260d72cf625570582
SHA512 040162e1d5837327478742c13dcf49f794da83f196633db150ba2ff127e36f9958e8e284d5348f20afec138caea67b9f3bc0d312ce44f7f65eb8bdd3d56f42ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 c81df888794b013e77b3867adda0aca2
SHA1 95882d13b365bca5c9f390a912dd7f96869c0f00
SHA256 16fec549a0dda78df277dc510a038f914dbbf4d22ddbefc08e4de3c4c74a26c4
SHA512 410ebb83b572521755addfdb8dddf1fa9feba5d154eb92c704fe5277879480c79fac0ea1255f983d2a3737a9a412ce770915483d531598a3181f4da4d11e280f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 f10f66fca2048624e273d64104f298bf
SHA1 f93db5b745fb52774997af35fc9d5e9f073e56a9
SHA256 dbe0e8934c2d9e8979a6bccf1d5da5c0a49c533266e6a06a440376960bb0f764
SHA512 77e1419b50036452e054a545abb27264f943ebb10fe53c1243424d7136d6125071493ed06de09a68f1f2c16de0bd86efbc96c62e21e1de605d45c81662dbc41c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e4677c0c47a92e8799116480cc87f761
SHA1 2c258e5c762cf33e917407d49c027f5c647e80d5
SHA256 00a436ac7a682e9067ecc16d921135f019461f37f97d76049331995a37fa1138
SHA512 090511b28a235d63c496e407add91ae8df2df8dc171b32895236e6bfbdcd0915259bf9def31dbd6b0f14c75d38cf2cc4050ed8595c90581f00c49fa4bf9e03b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 a904bce9adfd66d5bb26191e3ba02572
SHA1 a05664c1379c1d592833f0252c6ee45b2a0c31a6
SHA256 33fe7dceaec39db8fb0f64f78f942ab0bdad8e9a1f8101b5c1c3defca3e8d54c
SHA512 0fb47e47bee6b93b210f848e304212834c70d7445f638b4f077a046563efa1b2045e4b969d18d6687c5eec57076b65dce10dee1a88a86e71aee95f9afa25cddf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 028fc565605d92633931a14be7fb733e
SHA1 7344c710492bce18f63e23ecb06dfb86077f4ba7
SHA256 d6452b7228c63736252df44777070d0dd547d9bad65f75d82852f034007efbd3
SHA512 ad3ae554f1b05e0ffb620768a941cfa7336ce3b164de15aba6a1333e2b28315cf5f6486b125f2f24868be677ec2091db339685c3ef134bf24de82a2bb4e667eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 52eeb8f31e884ecba301e8451d290095
SHA1 ebf63da589cc4388406f3911ec2a1bc2d6882449
SHA256 0c542709a0c78e2d85c74dbcbec4e46483adf63940bca913abccc83bd712a932
SHA512 bcf6866b955db28c8359735264ce330ab73297eaf6bbdb0914b950da72d6c1d61cd2f3ed676fdf29103e9829c821a114d422436f6972b80d60b044ed65c76740

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 24576131deaa63d50ea6b181ee05c4bf
SHA1 ec240c4cf604eb901bc3f50a3a241a785505c632
SHA256 3c33fc73659bbd610fe8a6a6650bd546eb4d8b5a3462141cf03880a7a139a790
SHA512 f853399ef239c59cb539916c2100f0e68cec48b27bbabd87d09bd917ee17feb92ba45d9e8eebdd625e99d87b6a4acfc35fb6011bd6a1e27bfed016bcf1458e9f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 ee0cad7f9a3cffd9051522282f71f61f
SHA1 775fc578dbfb49f2e469d742a0c510b5251e129f
SHA256 05c560fad2bd389740b4f0f42d1499ceb818d9c87d401a6469cdd77914af4838
SHA512 9b0224cbac425a4fdcb6714a82c5c7a9aae53cfe1555da2689847c872c9f351945a52ce92b96e48f63ce877d60e9e17d95af9e3479e3a28b8352801936da0389

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 2d57e7a559d2f2e04300733099de014c
SHA1 0c9d296ed7ae8c23ddd3b964feccfdc52c5cc103
SHA256 da736938e66d9e0b117754a5c1dcab98fea770b87180f071c684a2fe8651d970
SHA512 685b2690dfaddcb66d728302713b7bf55353e170ebde14cc818b3027aaa872fbe74fc72be1230732d7eb5f140cc1233affeb93ea33ad6c37a2a938fac11b93b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 70d6282fb091b950a7db8ca754ba9b85
SHA1 321597c93461a585edc1e923d7f6addec501f5a4
SHA256 9e625cb195bad3ea326b7a65b317ccc2a487a120d8d6f803e304d1e4444f53df
SHA512 bd3baa254467abb64810fb3bacfc577aceb49e56b7816f4a880fa46ac811d0fb715a702f43c245874818a37ad093ea0be2153a47349e52648d38bbb8b011acda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 891ad633f1d23e18b49aedf1848d6dc5
SHA1 13f0728b2fab44e2df68dcc463bbdad5332fdf47
SHA256 827d07ecaeedbb5d064a8abca93417d449010bd49c27a019410e2bd9833b59c3
SHA512 d0b5fb8af38bf476d57318ecc09e4079244b4945575c9b97986cb4d53d55759779d71a54116a84f59bf7b6ad249fa76c779b5d17fd3cfd1a734979a97152c38b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 463a97bb7223d00c74e4b29cc28ed91d
SHA1 4e15e02c7c0d83fbf139992da2f1113bc653cbf1
SHA256 cc78a0797a7e2f22d247ed7b8363bac6e285dd8d128f038badb634ee8d84a963
SHA512 02adce8b0bf8a9d794f511cb4f5c61df7c5bfd3c684cd7a1144666187e267e78c9a9fb538158df3144cd6825323dbbff9c0805e75224f4518e4b43de37461f28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 8484d84772ea875477cfca9fbe7ff1c3
SHA1 ac0f053e7b9369320736502560b167a7ccba4950
SHA256 78891f721844b94043ca1234265cef0a1c17d592c3475887fc71a8ba040106d1
SHA512 38f6845bb27188075e0125e54570d87281568f014304fa72560ddc1507144f9811f43942c365a6de9504529a85bb13953710a872e5087fef5572248c04dbde5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 152c8331e9f18162bccaa60120f8635c
SHA1 85a8df8d71954011a950709edc375756ebe1106e
SHA256 ff3f90a9aeb553633e0f4b28932b084f723f90feec0f71367ec0c147bc8f6c2b
SHA512 d695eaa23c74053e2f2a8bfd19a7c55862ba0c70537e505dfe549ac48095873b6404e6db2162780739a80cbb39c7af79046d8d7f13d65d3d030568ba541539ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 ade158c1c752f0165a5e8a1a14b8ef10
SHA1 074edf54d4a9b4e5da80a760e4bc7e1062ca142a
SHA256 6dc33204f36a4430b53ac3a985fddef89666abd14a79ab12f9f2c2af0b376ea8
SHA512 f28c2ffde7e616d6cba487a0691adae607c262c1e2e2c02350a0b2539a93eebd21f032dfbd8c22e1d0d39e534234213ae8c9a26277d54a7e03eac96cf1b64e35

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 f47fcac2ec1b9eb73e5b7adef8d0c966
SHA1 34d6c52fd0de4028c5f63f6e82e141a770710eb5
SHA256 690666c654b40645b94dde0ab783ee9358f0578a0ae2f1a147a5d3ed3b27cfd1
SHA512 037cc754cafe6c0eec1ff2a498c7fbe2b55c60400ea0d8c7d6f07ecfb7de2099f49b61b747d248b1db561af060e9cebf2604735d3909807c0f69ff825364fb18

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 40124aee464e01a84ddb73ed8a151796
SHA1 bdcd48451ac208842420110dd3cff431983f1c39
SHA256 d6e22527edc821ffd4b2e7b719bcd642447dde4e5ae573f1094a921691aeec00
SHA512 62d09dba01493e63047da44ee436da15d1ce8e008c9e232bdcc72f25deb4b8269a98f4cc9e7ab541a3d32810e6a2d915f0e711f81eda7c76c731cdbc0cce21a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 35924118b5b4c58cecc1b1a2bcd6bc31
SHA1 11a4a78b111ce44839a6384d6b68a4d361036368
SHA256 4a4c522ad24852ed03c9e6c2d915b783a3fb732bf66766a9854c1293db59fd47
SHA512 d54b7b903550e20c7f8c66acbf2f9f42d0a707e74b62eb4b129f29b7624db227a479214eb63145c884c6fd5fa3fdc276799c86c02205212889abae9048bd6975

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a7a7b5a8f490449e6226741346381c0d
SHA1 422a50cd22265207fca4193e93d3c8e4354102cd
SHA256 90edcdb703080f54fd250781a552ca87ddcfa3f33200877726616774aadf16b5
SHA512 30c17848543e6079c2bda2c2a0bbb86ab50ee2d79a45a949f4f918d142a066d91ae335d8d912853dfe87158a18adea12f8b4b767a1d13333ebd04fda60bc7a8a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 18c42bfd8185add401b105eba68f51d9
SHA1 6292d3c085410bda377da0fb8e025c69f6931178
SHA256 21bcdf4b86c297fc291b18e801466fc2d1c0a707e1e5f5a6c2f72cf2b9fe304e
SHA512 5d151a005e949b441e9dc763036c9e38f22eb90c32fd6f33fd943bfb05f781cfbb00dfb41bd3218ae0dc608fbe659fb4595b5c6f15d4643a012ae04fcf2f7edd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 7a7bccabeb1f04301ffe213e5b073dc5
SHA1 195a85a50c2abecf83882ef0822a56c5f9537698
SHA256 04a897746066741c77fe8a6e901f390a5d1e41a1b3c9b1f11727f450983f7787
SHA512 a4ace3e6c717e251f6bd8094f5b2d736e98d50e385a94a691b9e20d5870aa83e9633c0dc7d917e1dca5a6adad81d7692b4216588103e148d93550f13d1608f78

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 2bc72cdb9c5ebeffed0eb458bae38352
SHA1 e9c45ddeb8c9c33d5ec26e97bf458387e5d1e2fb
SHA256 356ae95952e1382fb0d5b5ce1ca4fde92dc3e224c861bb6fb152ed0b5129f818
SHA512 8aac91116451a7d34c080b4840399b22684a8159a678f2018b5d06b0b600f3204c61cbab20ae9d35ef7a091ffa203d391946088a819249944c067d157671452b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6b0793ac67b0f41dbafa1f6492b000a6
SHA1 bfaad91bbd3ebcabdd7f586811afdacb7398dbd1
SHA256 5ed45ad2f6d4444874b90349079e38caa6c5500e9bd4f1d65556df93ea7bb795
SHA512 f720285c5608c1acb143dcb0f5aa6bb212e852aedfd5ec39b1f757bac3a63b925ca6043fc723f1be8e461d63bdbf3d7dded35525dbf20a7bb1aa815b7aa338c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 ea1d848481ea576ef5f987ac332f41f2
SHA1 bf4a0bdc8671cd7f1fff754da6882a3bb03cef5d
SHA256 1d72c1130a5526f2b93d3719327fad54889287cca5a26ebc719f30a7da8d2887
SHA512 26fb07f10efb5761a44f64f7e920aed676e399ddd01a09fdda6a0773e0d8b7823f43c08c2eba5a093af24ccd4ed5c263d790af9d10922d5c13a8381bd4ad359a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3c07623a7b2d7a92d590221f71e5b9f1
SHA1 8c13944c6038806b67525fee7122768aa6dd720f
SHA256 21cc4b2743bd646de3228b7a92485d0351315266a5481e9b27e1c76ebd80e3ff
SHA512 274cbccb7871d3895eb2cc3777fb78c268f2fdaee216769e0db71d83e95c008ed091195ab78042e33ffa57b9bd08473ca90f63b993fdf986003b63d20c57ad5f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 f670abebf8e3dcd27909b2ed8b852fd7
SHA1 2a2f6383e62d0fef6aa81f122c365eebc32f6b8c
SHA256 37a306bc8a1a6a9fa09aa36ffe9f03ed7485c620903bb56b4a7773356435f8d3
SHA512 0b5e54d0a756c2dbe71149a144059ed921af623b28f76638004c5ea00846f64118d31af022f62a5f4b461af7b2b52adb2632ed3ae51ad36990529a6b8278bb3f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2d3d980855c20dec1d7ab67230359ff8
SHA1 c57299f5be65db3c051831c8937a02896fb2d932
SHA256 d54911c10f1ff9fe9ac450600d7ca1ba118ba118e782e235aac729ab0731020c
SHA512 0e9757df0f4eddd1c2fd9ef848f011802fc740ecfb96249adba121cd843f45ac171f2635cc914dabf11402cf5da38160e0ad875d4f6c598554120db315acf5f3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6c5221ccf5f9bcafa4c6029770276d8e
SHA1 a81d0b5515ef1c6fa60ab1dda27936a8eb1ba492
SHA256 4075dba8034ee6ed83c502436c06b66a75f885e81b7df663bdc507eda9fb0e07
SHA512 a2e5297a740e061d4d02d8ad6f3c1120d3d955469cab6f08c3bc3c1fce7e250fbf7ec2f67cbd9e96323d2e0bea0086b627b081751c72ac5f9a9c8414c3f7ba41

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 032317d43638d66c8ac7109454298bc5
SHA1 3db688059c61a3151f120a1cbd49565ce9547566
SHA256 161b03c5535ef6164ce31002f4362d0cf545898909c141d91cf0b748453bcc0b
SHA512 39f90d58db78dc7baac0f8a11b0346d68e3d14fa7ab35c04e9cad88790730fd42413f92254f2925961c810c257e9cfba3cd5b5422716d2d8a6d4cc3aa92253a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5791498c09fef71fee683bcd2764578e
SHA1 09962e9c3548ffd3909757716c45ea4f330b40bb
SHA256 e755c6cf391dbf6e5e7cf4e274b97f4fd48d9dadfe9a8d1a02450e0a898661dc
SHA512 be439caeb03ddc4bff27945b4213c45599e32f3d66f2d3fb348724cb76ad59da5e1a5734ddf6e5ede604f41e366123502f5407f5457e5f2194d96b28a04ac74e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 5217703e86860e4fb2acf21ce3390c13
SHA1 56350d3e80d269551ba14e82f65f4c3a33940a01
SHA256 4a862f2e60374d3d179156ec867511e8588beb56d696f772469c27e10cba3ae9
SHA512 fcef4a82c37d9dcf6a4a30b78b6caf0d0f7e79dbc151b84680b415e2a2b41e043e748d54fb5e79808d18b32b16b9610f886a850559d7dc99f39fae59968dbad3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0fadc0dac9e0f101c7ad8a4265029835
SHA1 a235728403c15f61771a5993f804251220726f4b
SHA256 32cb863b088f4202115b53b44fae0a31a5a7792150419a6b664a11790ac8fea8
SHA512 8d95aba942971a90e6ca13399b7866c74569d9e477aeacecfcf3c6c93ddc037245b483f180b9cd90f0746a6522aee8be0b15ce0d9b14c7a1a9643b7f076049fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 78efc593c20f42dab73ebb74be3aa8fa
SHA1 101e7ebe08ebd65e1dc70aa79a5f5ed50f5c219d
SHA256 5187348174ef1cef04e1a0079b83ddf24e7461f801a5f1fd0f18c52b3f71fc88
SHA512 532aef0bf3a2f77061e5b4255287c2bfc6f57bb6e2eb51fbe6a5a4ba0bb5e80ff5a06e3728639ba9cf4e408b80eb016d12d219012bec227b0b05f450ca25ba00

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 8e6c22c6a2df4ff5592aed6c62955065
SHA1 73779757fd880328eb21a2708c9a404e0981468d
SHA256 2fddba9ea860a4b1fc7aa22faa3e1e4248b9e27c76f643d3a314ef1ea512854a
SHA512 757e0589d48b2a87b32e42efa4f6aecb8483b60b24862d9f31689c149e4d43919f25d233e9198513818a8354951ace59f002e5d03235409f3233d6cadfbbbfc6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 73146a5fefb0cee57df379c41b42fc78
SHA1 58d56cc1a4fea394b7d774f45399da2610d96a1f
SHA256 481ec55bf5b5125af2845bbb3628bb2d51f3373e31cbd69db6904b0be2316a53
SHA512 62972601076204553991444968ffe6f1cdb91f170f3b2048c8e1056c26c6dd4d95c89b2a13cd15ece49b52d62e7340de2a4ede15efd3bc684c451ec0fcada209

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 4b3e99d3d8bf7ce2c90160b3ddb5d601
SHA1 1a9286c33ff1a6fe32a887ab7fd05ae76f549899
SHA256 b5790a75bb9346dca68c2ee5477077a7bb68a550887320690f5ce1e38b518245
SHA512 fce3a67d9f70194c697b03ca1bb5544760ef4cee48502d7a79bb9539f4f7d933657e06f2a2ce2a7f0d25e74030ada1d7d74123f4c5edc2850fdc1d166ebfe5b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 214471646000ab2f0d8875703f75790e
SHA1 c1d6b6e67ba91c8dcbbde0aa0a73b1779af501bf
SHA256 e84cb87d5b9603f0855263ecea8335efc9a4e2cc9df0e774c382fe8cd62fe943
SHA512 7839f339ba8b4eef8d8390e6e2af35fd47d51ea26795da985cb7dbf6687222ebc106f5b19884e0407829e9e52b2448ee3fe40d27bf19c11197af2e03f3d9a878

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 277159690676dfe4cc55e30fb220e5a9
SHA1 d1ad5ac15635388340ebc2e6421361008d6b75f8
SHA256 e1674c83493e99cc615c8150f8a5f5d6e3de11ef960a97c553d48b9354cd8cd2
SHA512 df0465edd644c6c3135f48bb6ee1ba57dbff423b1707229d41d25a5af2a1c7941a92869ae2366436913755f9a956eb32de6f7dd0ed3ccf6920ed75482642a11d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-10 15:25

Reported

2024-10-10 15:27

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe"

Signatures

Renames multiple (2179) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\caller-id-illustration.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-black\Settings.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\182.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsSplashLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\video.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\28.jpg C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\FileAssociation.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg6.jpg C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-100.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1850_24x24x32.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-200.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\BlankImage.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\VisualProfiler\VisualProfiler.html C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-naturallanguage6-0010_31bf3856ad364e35_10.0.19041.1_none_fe12c185353e0e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_48cfae7285d424e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..-appcontracts-winrt_31bf3856ad364e35_10.0.19041.1081_none_fffc804232d65210\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpf-presentationui_31bf3856ad364e35_10.0.19041.1_none_20167608031e41c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_halextpl080.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafc7a7e78c38aec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\404-3.htm C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_en-us_870ec821d56378ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\1973483750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_hidinterrupt.inf_31bf3856ad364e35_10.0.19041.1_none_0c7db1f3157e6f65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_swenum.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_b5ab3af6f8ee2f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.compression.resources_b77a5c561934e089_4.0.15805.0_ja-jp_20c1a744dfb57817\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Exchange.Theme-Light_Scale-125.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-management-v1_31bf3856ad364e35_10.0.19041.746_none_f89edd426718e367\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvms_vsft.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7baaca56ace4cd1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-aspbinaries_31bf3856ad364e35_10.0.19041.906_none_74fd86e1fa845977\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Design.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-xaml-phone_31bf3856ad364e35_10.0.19041.153_none_ae91d3770ee04a43\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-legacy_web_m..rust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_6c53299823234348\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_hu-hu_11a814b6853ad606\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_fusionv2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fea138b121d1e308\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..tooth-hfp.resources_31bf3856ad364e35_10.0.19041.1_de-de_43b65f75296c774a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngshandlers-display_31bf3856ad364e35_10.0.19041.153_none_c114ae7ca97df3cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tryspecific-license_31bf3856ad364e35_10.0.19041.1266_none_caff3ce2871d8077\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-mscoreei_dll_b03f5f7f11d50a3a_4.0.15805.0_none_3783c8806fd02863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..ation-net.resources_31bf3856ad364e35_10.0.19041.1_es-es_533cb50c59d480bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wordpad.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d4f61ee330466c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-japanese-lmprofile_31bf3856ad364e35_10.0.19041.1_none_fe513ad5f6336f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.1_none_f59d207965b1bbc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..truetype-arialblack_31bf3856ad364e35_10.0.19041.1_none_9f3cd8e706512166\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\500-13.htm C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SplashScreen.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmc-adm_31bf3856ad364e35_10.0.19041.1_none_83672e31a304544f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_it-it_1fa0a76227c8afe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.264_none_7a40d01e6ba302b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..plication.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a9de3bc6c130df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.caching.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_fc123edd4439b50d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-complus-ui-comuid_31bf3856ad364e35_10.0.19041.746_none_c12c98cec427c065\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..tauth-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_1765181c4479cd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-storage-search-library_31bf3856ad364e35_10.0.19041.746_none_4d8c029be1cffc5b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ement-configuration_31bf3856ad364e35_10.0.19041.746_none_4c68752067960280\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-launcher.resources_31bf3856ad364e35_10.0.19041.1_de-de_24f575d3b3a669ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_10.0.19041.546_none_b626b8cdac730080\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8f0e97bb0443ff6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e366bf8eae3c1371\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediapolicy_31bf3856ad364e35_10.0.19041.746_none_2b52281297de22ce\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..l-service.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_298b94664da6eb13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\ClockFlyoutExperience\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e2a23743c5d368b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-fido-credprov_31bf3856ad364e35_10.0.19041.844_none_cc526fceb91cb7c2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_67b96311c2ff8caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_8aafd08a55bfa356\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rdcameradriver.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_96a8ce01dec7d808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.data.services.design.resources_b77a5c561934e089_10.0.19041.1_fr-fr_8e4aa5107c00e56a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..euapcommonproxystub_31bf3856ad364e35_10.0.19041.1266_none_11d8442069dbdc04\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.546_none_6734c593021dd8ae\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-game..eamingext-component_31bf3856ad364e35_10.0.19041.1_none_e03d741a7d7c0a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_b569cff30529aead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ddodiag_31bf3856ad364e35_10.0.19041.1_none_f69c49e870acf520\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe,0" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HMGPJEUOUYBGJAM" C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3092c202df19f79307196091b81c323e_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 5e53ad1ea6f1c6f8aed776f4bf09b8be
SHA1 395f19bb695e34a402d457b6a6077d242864c7c9
SHA256 c19ac6a621d65d1cb6dbfea18cec718191dd5dd06958b775c345c6ce08284bb0
SHA512 8b685dc9f58bd37a67ed9333711093ec2013a856014f70e7fb1fe7e7a8424b624045564f5b2a9bf4e2f6b5b04dc2a87ab1fbd7b195508ce08b79e3ddda534bae

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6d7fc0a320b3e124a67b8e30a370af67
SHA1 495aef024b6350b3ad91934b39752ca82b079d26
SHA256 8c39d217ba0f6f3306aad51df98bdd0010c118f4124af16c711a9efd66002a74
SHA512 5e0e18926edf2addeecae6ab9b57952c63d760b6edc6591276c340f50ecf9da4f0dc753114aa72b13680f31c3a050cc9e3d057f71139b22b49a22b1f085dafe9

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1af9e327f61f20d85654102d37e844fc
SHA1 5404c9b3a0097ec01dc844f3372d3d0fec402248
SHA256 801b075b6ea467a28e3bfc2e34126f3a5306a8f2a11510f22200ec017c4424b0
SHA512 6f6405cc3c538b8b957d26fde09474c6b41a21f5f2b955224699e762dea95e1666678d56eabcafaaae651f0ff8d1eac39045aa8fab754d10d2aecf8d79805af2

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 6d603ffbae4299b2ceb7c7aed3507a12
SHA1 ccd5fa65446426ff7e4ae5b9f271ae9e6b03f1ba
SHA256 5b5e0e3eadc4fec8c5520b0d6ed2056410bb927bae6eeb4d4aa2d406a711fed3
SHA512 e5c030f7241a59c707ff6721a668b7fa475b40be6116c1c170d23e61f291b5a9221e8aa9b79b7084dd4c3d851e95741155a7cf4998e8189b72e7ddfd77c9632c

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 6b7602118cc9bc9dcad313c51869ec63
SHA1 e2ccdfe37f685db1b29a3c7a139919647399fe0a
SHA256 5e0472b6fb51933b9eee240dea3376a0247e67a637535c5e4715fb38264c9d42
SHA512 f5f3e3b89ae0ee42c628db54bc4cd297d018791140a3f6c0a38f2e393d3bc0c544ddef9cc3aca5a0832ab81afa4895d4bde1a6c6876e23529132047e96a866bb

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 5c834911164b908b168623cb3076a42a
SHA1 7e2e4bded4d1c0af02c4c6167c0bc3c607105b3b
SHA256 154c64668c2bb6e6d0daf9213fd68222336d9ccf21086a8129ebd7ac6d6247c3
SHA512 d5af8fba3d6da9a1e4536f7996b553c03ad51450389576b969ef128761b1b4ffa063bcef3dc93cdc5662b2e9d7414fcdbe7ed1e1d5ba34b29b0758c73609c29f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0a26407532c3ce3c2dff65f2414d7131
SHA1 7f60873260451d3f23f16d72a6665c087a30cea2
SHA256 5316d6ddf15d7617aa4e627615ea649bc3e3c4451348b674f710c4f08cae0ef0
SHA512 b34439b105a7759f0251113ba922b2664bb036aded8c0e4c9718be5ba817844e5cf63ff5ade67275207ab207e75194fb2b848a755f0a19a7f7b0106b75ba0675

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 b852a74f51c7bbe9c2a1feb9bf5b817e
SHA1 8d870c8d79ab3b79f686d0290fdb2c3a5a45d290
SHA256 677a4cebf0ec4ae4e2b14a318272a649fcc899b01889f790d5f090fabcf0e693
SHA512 c1da52e7d7a69665cd328513b50b6cc2be9d41649d42cf874d5420c40a6071aae91e6de625767c1d68078e8d2a426f6dec4fcbc467ae3d4d6a5fc06b83821f9f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 f31c7727d30a2a6687ebd23dca3b3d89
SHA1 7c16045cfa4d854bb6efd8cd12a12d3f90f89b98
SHA256 5ea381715200f0d8397033d2b9725b973b8d54b8db4b20cc5841f607bd9265cf
SHA512 594ae97d5bd33b3b4a0b48e7ccf544a649e2da48025510c4f9f155bcaef6eb7d9ed3867fae5ec2f80f2a794bedbcf9406587994c7f1c3b68091a61dbf9cf23f8

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 4f826313f3546212282cc2f29565e519
SHA1 baece1dbc1383f3c7818c61679d9f93f6337c525
SHA256 cb19c70e071c7e311af5783f6432cd7043a6eda0f07fef79081ee1b2d06d2a0c
SHA512 fe5ed3764073864f7d3cf760510e4f6061dd909a70fa1b89659d7d43d3975c10e45b211dfd858e4920cd1e25102bee77fb06dd6e3d01db266bc265ed973977ea

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6f79833922905a6b664e6264163b8a3f
SHA1 a7dac3fc3e829701d16b4c4801be18bb188aa598
SHA256 4298c650a0f5fea0269393e33fdea2c18b125b76ec2374ac6f0ee14bf5da17cd
SHA512 88dc97e7f42e4c08a58a33b5f8ddb1b32f3fc7508dee29afc44a528402f6ab370c236130bf98a26ebdb72e389e89b795f346b970f2f7d3c6de36ecb822979cd5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 4004e4c50183c1b2094c5f424a62e4b5
SHA1 d928a7aef92b6fb6e2ff993aba484bbabc6b3a4d
SHA256 a4f66e1b07aa17a6813556fa25688e2122fee89af4aff92dba23db61c06f2cad
SHA512 9714b851c5ca577a15f3ababfa46ceaae84f59b05bd76ab7e4ab657881a085e3152b233b549afd806973d454f48a295289d37a995361e18f49b8579c5604b314

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 9c29ebb889b32e1af2ff17cac85cc74e
SHA1 a4b8523dbf0aef12c7d2de602c97a887a0a34b3a
SHA256 9c1b45e8640cc8c3a218ec85dcf21fc81156f088e1d6fb15dabaaed97f04e368
SHA512 457c8e8106e10ab962f5f43bad229e234bf005ba03e3805e2f12de4f64ef370bd9301c0a421a1db56606d8a0aab22836e17f436a18106d5de1b636fde4a0281c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 a587e2112ffe6df49354bc789eef751f
SHA1 1ff8b85665079977f4e66ee060f1555d4ba5ebb1
SHA256 10d55cbcaa8c5d3944fea74ada6512b716a4e4aaba0a0aa3489ce06a32c1e295
SHA512 a794139badedfd2eeedc9aa1e7476adf62cd60c259b2c3a546e521c3e53b11b9ad68bce5337ee46fefc4d297b053105c1089881dd7ca49de7c623db63370b6be

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 ae9823b07c3bcce20cf44a79216745ce
SHA1 a6893528dcc5e826aed1293b6bbd187cc936777a
SHA256 efe587c7d676dcaef1db10145235816e6cc6e3b42a4988641177d42e347ddbba
SHA512 3743a1a9ce0977feb48946cb8b579813b2f0a10b83b555e1a72edce27e848fa2fce3e8de23a8c7b92edbcf27141e344b93631b30a7df8a25ff7336d88a281da0

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 bca549395ad70603fbbe07dac81491d4
SHA1 05e2666c9d51a091243302e9fd875ba998dc722d
SHA256 bd427060074de5c7e0f33eb77ca280be6eb38f833adb9f5d16bbc62e6b1b19c5
SHA512 3ef89f1d64099a9ef086496c596f427149cb49f7f4fd2b4556281b223390316b8143e87f5633c35c78b57de9adddfa73f719dd46c98579d2b0ada0c34f2bab9c

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 858000d351909b14e3a159ff55202943
SHA1 02239ec47ba75c354f9c7939732a3ae9257bd3df
SHA256 3b36ddfa7bcb5364f7678a07f334ccdc605f4fa354f6ec92ef1e50efc057c8af
SHA512 717988c18b8afb8c01b4cd08669d0b39f8d8bbe0514a9e4dd216e96aaa8dd92efb6562f59388e17fbb4b96c7ce14e3c2adb83b60a9ea7c5bad90a82b62e91564

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 45325bdfe83ff0b139c74e2f24f2d2cc
SHA1 c889017ed35b533ec1d1f70a12914682e9068aa9
SHA256 cdd24ecd5aa956f44295e34b2d87b4dc475ca219db9e12a86477cd1be06e13a5
SHA512 20f2187a560282f1083c7e2ff8be6ce5269cef2e05c123cc499131d895cc96bfc081dab0708009548956142410ec03678f36f8957e5fb12d192f912fef5c054c

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 74cd6e7d074ffcf7eb737f2df4782b62
SHA1 cb9ef289310863b4e6f76ed9c297b5bf9b367bb2
SHA256 c2799010794e7ec2f37cb08e5346316b164f95d0174855cac1f080a12fd8f13c
SHA512 f6791f3453fb04e2e59171c519562239f1a45b5c8b91325d6ac94cdbdf774fbc9a6374f5a5b3f939be21765de34445afb2f27f56eacbd030511683d2df942b0e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e72cdd3d5824d7577d77aa2a17986ffc
SHA1 02e4926fe2fd112f907a6531d64e5ca0da87e5df
SHA256 05cae92cfa3cbc488255c904ad163d4b962873c205b132ee5344785315e8d9f3
SHA512 9433c1d758a1ba99f8b9bf7ed85c9a36142b1d2e24fe2ace7ea14c33f88159ff4f9b178da1687f06bec15d7a0ca823b281673af697cf8b3f699d9f3963c23c4d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 ae04c4ab9089c9d300ee58a6d5a441a5
SHA1 86ba390a3042b635a0dac44864ff3ab61233388d
SHA256 f64a99b996d0b5a934c9ad25d59850cf6fcfa5187f83036335721d24d8bc96f4
SHA512 b32b68eab8029b34a7674a303fa450c9eb512ae6d1eaa024898bd8ba26420fdf02b646768d5c672ecf28c61d9667c171e113dcb92448eebd625eb9967470f4e4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 9528c3df5408e479489e242f1e8892f2
SHA1 cd713007fc47e3b44df7371f56d52706d87d4a2d
SHA256 84c9f2319374f4224ff5af1db8e428cc86c8fcae06ee04263680f2be0d709ded
SHA512 62e11a2802dbc24def18a28910875adba9ca4317131c0a4d003eb1777b396f639d2531d9bba849d21cfede29048bd2ed2d508fa64179841eea853d9fc81e6fb2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 303492f6aa3a566ec474be0d00de7584
SHA1 7e95f749a3a65aad60746330747c918e3ad9a8d0
SHA256 6ee2338c2561543b73d66158b971c51dca736a2c45dafec250b047a53ac5be92
SHA512 6be87ad4066a61e8dc4e95deff7458c0cf1915650898a0165ee03b74526da49c4e697c2be81d7f8d4e0ab00bbde41989ee4906bdecb0b986be6225b3bb7b2653

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 45dac00ac5f367278b49b365f9c9842a
SHA1 1efe1d55acc94109abdb69583c9df62bc155ecfe
SHA256 a7ac211b3cc3879a672f81946fb452cd9a5bcffd4d303ea6f9de05135b7a1ddf
SHA512 0af6b618f2b15d5ca908b0992c65ceac9a5f61689af89a1b03e671a64435526f018729922e2568bad3a3a2b38a6c8f4d71afd198bd6e556ac4bd2edc6811c43e

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e7fc46caadff09e4c07ecaf73467e1e2
SHA1 3a749d6ad95e38a45539b43a6c6e33db2a52ede4
SHA256 20aafcab474775ddbfcb29b42506b798de81e7d48fdbafc330b5d4136f29bbc2
SHA512 ce725752e88594e3b504a55c8cdd0cb24168bec6708405537b09d7f1a5243a345ac29cade4d734002bb9b73dd2e7adb0c79a1c4165c8ba8af409eb45f0364278

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 6ce9f580ed8c6ce860c1460527cc8b9c
SHA1 a5d1dd5b162192f85809d6c02202eb50f0f14d5f
SHA256 dc9bc1d2609b78f7fa422c445de5d7d1414d29b9ac35dedf10e43b566c158033
SHA512 3c188c4e0148e6d300623ad9f9f78745637f32a7cf41b6905b6f9e550ab072183fa7e7e2e1ee1ff3670d103db8f4e9218e5da1fad211bba300e03ac1c9016ff7

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5cc6245cdd5f6ad1d7e954a60e0c4d90
SHA1 98efd5f3eb78764ae8e76c048fc1c360b6d1e772
SHA256 c35e1bf4344a43c5a65062292f5af49017b83244457f439513cbfb31d73b9b05
SHA512 f9c72db9fea55625563da2c8574cbdfc9e2ea5714b711949b15debab5aef5afc5408403a987202cf5c13cbb569a8d242eada1732d2585711ed4e1f8c88d5af62

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 5960be9bc005742a9ab0a49da151efac
SHA1 f8686b8f37beb15d00581a23e28bb89abcdb1144
SHA256 0a2195b71d464c55295527106fa56aee3a5ff15bb0e4e6fa7591992e6569cf39
SHA512 b0c1f0154b5ecb10d145e54695d9e5021460393019953bcbf312cc7cb65927ca5e0ef1a5810b561b7f7a250684a9d795e3a844722f9784a7e40dc99ab70df996

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 37e6081e3a6d4cb75ddd254d9649e1d6
SHA1 3a59dafef20587a79230fb1e4dddfcfa77d7febc
SHA256 ca0263990a4fa9016e9efb02f323519ffbdb5a7a10f4480c98162212e12995da
SHA512 3b29da9a9e35d4708898b2ce4661cae03e8f8e315fd8e4234c1b4d60a0de271f3fa12bc9395f1ad51c96252308a4a1b99c345ba64c1d403fef23d65644c375a3

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 72870b9a2bc84a62dcc44f1ce95ffd01
SHA1 5fbaf29c7c6e73cb139045aa47773353a8e1cbf5
SHA256 5ffdacea6d6d95a9adeb29137b094f450b387fc1bd261936165cdd947026d3ba
SHA512 c66de6983c4fc31594f0f73bc05fae7f6035b6dac63ff02480203b59173190d7ce6dcd9d0d6b2b5e217df35a6b15f034d8a85818b10b90c099a235764ce74dcf

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 bd17583fab94445cc25c8971fcce1218
SHA1 38c3266de0d55e61a20b36bbd24e7b260d7d41be
SHA256 cb1865a0b859fcc2fc36d0b0f365eca807f4566aff0a464493acd000156721eb
SHA512 1f946c40e95ce08427816cd9b385f056fefa8adb969455d6882a7613a33285f90762e695446c14503f8a9df3baddcbb3a10302b0996a4c37f3fa02e076ed4c15

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 bd2510bfa000315ebd6554e51400af1f
SHA1 0ad399dde4506ec681881f6fbb0b86dfbd8882ce
SHA256 ae014448aa6fa4c79148ca67136e4bebf79f3000979133d68b35a25492e41793
SHA512 593c5e471fb0aed55e924dccd58202faf90565435248828cb00483570d66ffc1cbef086ff3cdb338efe7ad4b3771ea5acaebc932704885e12d0963ffe8d1c4b3

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9269e57b3214faaa30bbd88484703522
SHA1 618977ed6d36407888c8b141408aec98540a0a71
SHA256 0e5662fd95a056f73063cda600d3824a5dc723bb9d8de9593228932c7f0d0563
SHA512 56fd775a3b669e093f707af2e700344179f468d8c5f27ca038de4ca271f4721eb4c4cff3019a00361b4ec24bcb72c5e341cabfbfab917e1f198c58ebdf930d7c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 0ccbf1452f5119ef922224575ccb5052
SHA1 8b66218454a535e0ced6be5eb432be0e674f451a
SHA256 d2fd40ba8ecb748a5761fd88d8e0102ed4cd6b5f050754c9d8a0232053b00f9f
SHA512 28ff4d895c1e0c4f9d74b3e523b55bd66de334bdb04d6a2a7ef875a25468654fd607f6c3e7577eb9d3a876c5542541404399516612b2a8c83b689b196c78abe6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3b6290ee49ecefd05efc2973760ce053
SHA1 024658b99048ec753dd9533f2b1fd8dc880c16b1
SHA256 60fb959d781e2dfd31bd7a5dc78f76410a8a3483762afb9123bf9a1d25732e44
SHA512 3beaba308d75ec59e06606156d7536143979d1a6f454c280a44e7b5377e0eed74029baa3835576dbf3ca74c976e1092fed69d87410aa81f853f85ee600ca8efc

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 b567da4c390d1150cb680e5a2416a522
SHA1 27641fb068b922ef67ca45c5289515117a5947ce
SHA256 e646b36809da1c64c7f97186683e4e98cfd186860f66f1603a69a8d396fc6890
SHA512 40975f4e776623cc3a0ca0953e244b67ba1461cf4b5d848e951014fa938e0193a717ddc1fccbe75adc717a92389a7489afd62ad59dbc5e10e519d96004df3641

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 d2a7166452e1006d722271c73312c5cf
SHA1 e9dfa26e5dedfaa626235d67d33900b5ec48b76a
SHA256 6f464fb51392b8a29f86043bb557e25a2e562b439efb9b76f1b2ff57a289f4d5
SHA512 389a2fc8700b8491c181820e7364e4a353eff99acfb29440b0af6f83422707f98c8d89c6e3e953f071a96013856cae5a6f71113031edd21b3d1b5e86b5397d5b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7c7101c4567e72659c6c707018e08dc5
SHA1 6c68d6fb5e4ee5bcf6e332f2f157dd897eeef793
SHA256 e7028a5e521075e11c67c5add33ca9cdc38860655f0c832c748de319601f560d
SHA512 d6adb0aca74359b49e53a9c677bcb10a8969cb5ae4eda148762b696df8134a5032397bc63a8dad57874bfa61f592f43fe3bbc438190109c75b91593dfd918551

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 aa8463120d676035e7c54347df1f7ff4
SHA1 8162479adba91676ffacf89c0b7652edeb34bf98
SHA256 91b01bc61d9f594f13e462c38fd4bf5912b895f232194b23b3d9a5bb70279e44
SHA512 05ab550fc7cd28d9a6db69fb4be6ac4dd2430e4e89bb426e1585a4201af2eb7b077d0cb429db4b68e8177236a0fbd313aca89cc2d597680cfec9a597b9068baa

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 d879339f622981a38b4ed8f8dfc31637
SHA1 a7afdce0cd94a41152dfa2e631111180d0feea31
SHA256 4b01d035bead30b2cd69e2269aa2158dd609337130faee90f4f305a506fcc99d
SHA512 9f9bfb7306ed682d39770bc1916a4509169bf8ea53c5148cb1c51354a9c264d5691e1139f91d0f5f844f16b2a0d66d0f0e7e8500b3c86a2e39537d5d0244476d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 6917d02be3739881dcab3905fdc91190
SHA1 cd91ace3f7aba60f4f0a78d5ddb16f38257b9da6
SHA256 b6a0a4a622d9d3eee44f5dec89a81cb6ae5a4cba3ea217b8e06f221999c27a35
SHA512 98e4424ccee80a08daf4c9ddbbb92c58a24f33e2aef8767d5c545854bb879dcfe4985d8d6b73ae168bd6881bd925fdd0ebeb43bc052b5d96892b17e427967f91

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 1c3cd6fcc9029aae215e445f6fea9f0b
SHA1 1f162da9ed408fe0bb23ff36ebdd91f6a3992dd8
SHA256 0990bb9f7f7eefc658a6dc3816ecefc66c3643213f9aa0b152a6ba3c26158c82
SHA512 3591308ded49a77d2329dfaa8f3f61d1b0b1da2e5ad7c440cea5852a7652fba86f0fd2c1f96024576f5bb50dc33ce2e236b9dc9d719c9776a806c8d0d376be3b

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 52a8ada9aa6b256232da5d487a5584ec
SHA1 9d366313f735bbc4babeed38e1f000277f5859d8
SHA256 de488589bf0f72d0dba91e1cd11daabeb72b1da7c9b9f948b2d794dc2df19f3a
SHA512 c1f990e1f6d9914fe3d8e7b24d8db9cb27e3ddda548865baa9282d6fbffedb6c8db161f19a773a559bf6d13fa9c7750316dd6ca6994c5d10ad3550a051b22a9a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a6e933c54fe473d169c0723ba305a40e
SHA1 3fbfdc9e0da3f0d24d6ade2376196f08bc4073c3
SHA256 aca4f567783b81b9ed9d3243840f40bfc6e8b7edc39f8d11f77777981dcfdd96
SHA512 f0112010afd8770cd6ffb8dc82224f97408c24ac5efec6c4e55ab1d8bf4703ea77b45599b85f069780b759bca9d849e8c5521baa426287cd2153afea2f06a17b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 e6067d747defdf3c8aea052116324302
SHA1 47dea831ae16611ba4f5aa3041d8df8608c7d1c4
SHA256 069d3f38b715c6544810559be4cc9990fe6c6ced5e97a47a389ae78d0838f9a8
SHA512 bb0c903b9e7ab4a599622dd3aed894db415f9bafb4edd5dcc92634c6ba13edf96bd2f105c22ebc5c3d77797885239bec51a1df1297aff5656b9ccb04ebc83921

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 57c2e7058d0deab1fe0e0bcd3397a943
SHA1 6f46ed6eee86cc2fb7f648c9f28acde238f94539
SHA256 ca5c128604dede8a601be8c87f8e3f506c3cc7d3c25c952073aa261806f6d1fb
SHA512 902b78e4392c8495513ab0332eb3d518b2d081a5a91e0fd9c3c4f60435b5e531c09ed05fc4a66f9811700854fe42c7d21ba05d5978a72fa08d2f96406a2d6b1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 8cce18efd1b28a8ff4e3b095e87acc1d
SHA1 798dea3033673ffa5a04cd40f9e924af5a4074f4
SHA256 a4d279afe87da3f21d5095c2c9fde422d46edc56589aaa9021f5dec3b2da0c07
SHA512 93aad4f96fc629de2dbd825980d42b1685007193571e3d9c150188e7b93267262f28655b6bbb12fd3d270b901a6786a403a3aa8dd7d8d5d4a82ce12058a0f68c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 bf7986f9cb850d90e880ee9ea77bc355
SHA1 a667fce88d72475c93915f217aad9b1555265c86
SHA256 513b6ae7a1fe88006e050811a4c5c1528b1ce17ba36a205dba5a0d34f6032513
SHA512 792ccc47ad3b35c66b96b4b17e675ac24dea8e00a9011ebff44ded0524fb2b100ebc8e040e55767f28f0661f68c60b40e90504f783afb2679c0a6153e61c6c06

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 65f329b0285a25dac1e0a199ec541470
SHA1 6c1ce4af3b878fa8b0234c22a11a7ee2f944154b
SHA256 10c3ea9417d257a46feae50ff68be6cd687f4d9b17ac3ddf021880800fa8c161
SHA512 2c35c257cb7f087738668be543bf4392ac6c02282f4d0b46bc7b8e52039befb5443a2393a4d887a89d3cec6ce09c2b2b2641d0ab0f8cb2df2c43949038124635

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8727f723d73aeaf1cf2e140a51f33e60
SHA1 91ce6203462976e6558af097f4a49e5c8bf3e66e
SHA256 2f9e1214d769e2a329e12bc23dfba2934248087194e12ceced826a1383d46b57
SHA512 98a22265b56be61ab5b69cc3f15de1a7014f9263a7deb81de4da0e515b693ccfa57a8101491bac6fc7fe839f9ed292d1704df0bc96707ac36098225065b6d708

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 8ce577c9a3e7f65beda148a8a0f0e109
SHA1 4142ee22a4fb66ce65eecc927bcbb825c77c1833
SHA256 6eb368fa9402339296efec2947fa8c775fe2c90f23bcf783db4ff3e427a4e9ac
SHA512 045ae294fac6c8131ca28046ec5960cf04cfefc6cfc64d375d56c9257c3cb515496bc2e16b349b8ce9dd32d5fc1d87bd8859c96b96a7a5efa87d60ffb919eefc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 5bee46aaddf48f54fcf63b1270e35ada
SHA1 52819113038ebe1e698d0b1f767415cd73fb6ef1
SHA256 2efe89d56db8871e3ba2a5fb8a1e4820e700a67c8ca444819fa99b831bf1222f
SHA512 851c1c64d4c8b68e192d34ac2d1b9025d677658678202537f9603eca007627b7279be47ab9bb975b4d56c11b7bdaa71d6558b447121328c704fd77a94fe2d880

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f2ac8a1f181f5a4ff851e26ef2eca77a
SHA1 f99581615187c336d3a83519af284fc051e1f646
SHA256 3cd407ddb01b8d373d6cccb53ae64533014c5f0f59cfc065377fa196c2a5f903
SHA512 6b5e2edaeec0efff4612db605f78e1d0f2d882eb1fef1626416d5d86eecfa0418124b4967c4e02fbba132987e54ac3377cff5d68b37ba587182b4a300682821e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 6c7f88697efe627057ae8faa44cdb684
SHA1 764b80b521d2b1d674de6d0ee84447af1879c0b3
SHA256 4ca5ee835c912c9289ef87fb4bf5429a1a9177ec23c6f5ea278be53e1a157421
SHA512 73595834357e4cfcf9b9c4226767b1de40b24911c7f98003738e1236c7e5897a9efd4a11a2eecf1b8c295d9e6d440df482ebac376c2082d1a1398610485fc122

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 c40c4e767abd4ca87da9873834f47786
SHA1 697c18780b12930bea577e6f036ae4da5b6d6c48
SHA256 db190b9f1ae9db01a888505ad0fdd26cf2c513957f5d1b5f162d86f6f1f8c262
SHA512 9970ffe6429ad914f29a864f390ae2a741857ee9d518be17e0c3bdf1ae13c8fee232cf7f81577ef1b2e4ef7f0e44d251810353a9c3511c73d8102bf930cb46ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 96582f2e6ecc551457414fd48bef2ce3
SHA1 213941da8fb89fd6a6a0561f5d3f4cad25cca43d
SHA256 1242494a4841c71abaea2232bb05fe16396dfd4720dc557e698d6e50e4a7c12d
SHA512 303811da582e8dabe706e6f5cee0d7b7e13388b7adcb8e3ae15c4ff5f60563c1660f930798e48f71974b12ee12f5cfcb3f027c0cc9542a8edd48fb9c69f2f577

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 1415ddcfa84c96b1c30f373b7eb745b9
SHA1 98a0ab99bc94294d803fa6ad0b98d7ec3c18267d
SHA256 8042878cfbb3d9607189864021f550f00edaf23505a04181b5a458a9a2958e8d
SHA512 e14b83a23aa83b0006ccae5679f0c8b1c369f5e1cc5a7fda18d985fbd4e01d7ba9333facb08e669e36007ed8eaf85583ba039c1910e796441ef2b385bd91874b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 1a69f04718a693dbbb20d4476b1e9565
SHA1 88a10f2e8dc55cfe8aa915e896b761c5cd4f125c
SHA256 b809a6ef176eab90eb4c13d6c590cc43115f3e0654118dd3e3700ba20447b7b0
SHA512 0b0425219e57c70a6e5a91fd55f3dc7e52ecb8d30e2421469b660e72ec3b79127c68e637a2d69ddf3270a6bf5222eb2355dd9bf73d9283939e0408f52c718e48

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d35296694f5827cfefc44202dd27d31d
SHA1 b2ee80376bfb4e3aa86b24427afa5d48d6dc870e
SHA256 f6587dbba2ac8a7129f173b66a67e7e370df8a4396fd785b9172a8f341e5397e
SHA512 cd8fad88f76391ec0b4cf3839c427d93f65a2f725e6809d8e441d23c6b122a058838c03f67d379aa924b0a0950bd9b047f622f521c7d180e223443c30a006566

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ef6f9e5cd1878b12e9fc684f3e826d1b
SHA1 f8b6d929cb71c67487b75f2c16bc7fb2227305c6
SHA256 a88a5a24176cbb0fdef981435725ed05e02b213ba774c02a0ab2067ceb889101
SHA512 f2ec3683e9fa447720b3800d256bb09f27bf2fee17b97d53ef14d3863b3290ea6f606523bc9eae685df1fe52e665da6c2d6d17f8d4e00c3205ea97f4bebaa5eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5d477b7ba7cb8ce15a76d5a38690ce5d
SHA1 f6d06f5dd62013b11b9281d69e1f66e299ee0ca0
SHA256 45a714b3af7960a70eae8f62fd36370f3eff578a622d0db50305c38e5c9b1804
SHA512 cbe83b997db580ee809b1026b3f094916d8e84d2cfab66f0ae31eaf9ccbb4db175a785baff2d2fc39d6c48daed65ed329282998745f29e3806a09d35465e1894

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3b341b071d6802472d6a579e65fb48b5
SHA1 2df6ddf7247543bf0f1eb8b0fd66977732599c87
SHA256 e566ffcc354d18eccfacd972b839628e12822a7dc46db68eccb1bc1cf5e9a447
SHA512 8153d7b71ccf6fc8b6b75ce04ef497b3d9cb9314ee36cda57aae7bb09a8e62c8ff67bb0073d15705c45dfa9d9b3476e9ef9be5e462495a862e46df62bc6e64d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 838b0a99d633f040743c4cf94625db21
SHA1 1ac7f35a303f342b214565eea8bf3e6c0e7b5d02
SHA256 9caed57c93ce205c27cbdbcb5245aa2812bac4fcee92a9135831f59b3540e568
SHA512 dcd6061771d1027cbb1e725b71a0725dc881ac4791e06b7f8a37296d29ee902ead71d8aa3494feb596ab6be98ff87deb351d3d13c192c34b84c9974f3dc1f8da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0e51b8dae9ae465bba85be0782d94853
SHA1 782ad3e0c3cfcedaae32c86ba6d8cd81fcb79bf2
SHA256 f558319f9b093f8a98f84bd9e7af36b1d8287791fb441b582414c6ceb3e213fe
SHA512 534fc198638d2a084420ed5413ec1298fd505f3cb384b88efff3aa6b24fd859abfd32b483b96c180bcbd2a8a96709829ff49079b7b7904789b4539670abdb47c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 b063ee078b573426de7b2e489697a641
SHA1 b611fe240e27f6fa671a5d1e9b6be8a8d5444122
SHA256 e6ff0bf2899ddd997f3b6637af21d1deda519f721ccb93455d9082ec12e449ec
SHA512 a06a45a42b30a3ab9f6e553b9d3011b66e5d9f7267467881536cafb37ffe8b2c8fff9d4755e16a43e761133b2437c1c84128bc74b7166d2744f127be8fab9e65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 e66d0e9e2cf6b3a1e18b14ecbf59cf46
SHA1 e91062dd0a0f2f5f9c14dd82a6292286d3a08e5e
SHA256 5f12b3871c416321c8583dcc09132d577abd7997d065fba212b87ecd91d62358
SHA512 46b279b2c9c105e147c38e145f37446f52e19b8ad71424e402c33eaecdf12b062e7dd6482bcd0690c4149e8d89b5ce716f97f66e82d9394acbdfd1ee95bc1db7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 af5a0bec2285a42957b756856bdac1f6
SHA1 a7e78b249b1da7f50b170d4857312ea0380fb755
SHA256 e8f3bd163e5d19f374d11be0188a832480a3d53d572c7e0e4be5ab168360fe00
SHA512 9d6ac112dc5337e6d6c19d0c6ea338154cb2cf24b1eeb39590c3e01fda114db378e14d54de95c498c5c1ab4bd82aea6043c0fbac139cf3b611dd9499641fd204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e85f8bb08a6d84179014d956c0d01cdd
SHA1 33519627c30f70ccf609cafea10165fc8bb5e304
SHA256 9d493da4d997aa8dc7976607c54a13e682ef35a33d8c504b13c272bfc8d40c50
SHA512 98031897526c05a3caf506dddf352b453e14a07b2fb22d36bc4e3ce490d917c08a501bf5088a479d73456d30a3fcf3727f2eacfa107539deb7c9be9ea38945a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a00bf2d83dc99616984abc526c3321ce
SHA1 a72eb576e25df29cf686604893a12130db5ee358
SHA256 68bfaaa9794cd7db7226218d8f55908d493796b6a5414d184ddf5cbfba91fcbe
SHA512 aa9d1f4be88dc53f66cb395af8d961a6a02cbec752e0212e41adafd497edfc4fdc1398392ebb77affa5ac846e50453a1c790374ee5ec2ca702949af4b696e2bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 822fc489a39b91f9841d1404b847a95b
SHA1 57b178eff11472636444fe4250e93b01f1792fd2
SHA256 a9730b30cea46fa8b83a76941234ffae08a0f59f18d295b29a7a38013c4ada46
SHA512 378f20e140bd874a4c4f266510ff359269ec60e0a13f6e6f9638ef7f8176aaac383c57bd765bf7e65c0b5a226c478bfc70a04c75f435ddbb4885615545c30a71

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 7b255ed8b1d274ae32bc8050d09da620
SHA1 bc577ae8261396d1f79814529930995e629dbfcc
SHA256 8865bdb85691e22b758588041a54fc739c33a950152087b819ea8513c973a38a
SHA512 90402c2afd6fc1abb4d3bbaa129f92744c048f2b49a0b56390fa8e4c26b499420d77e9edfbdad6501d96c4bb619161a6ae92d563aead07695cc1762399e14e4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 b4385b62a1961db26e58237fd0a597ae
SHA1 95a313ebf2a9d1009dd6414c477f68b735aa3989
SHA256 c08b6c922238d82530218ce71d40b79ff68fb98987d2659dc4c45d4ac2c774b2
SHA512 d071c253f884150e8b9dd6466f0b6e353c109e15db221f13ad6f39ff32664a4fd97daf48ca28281dca36b848d09898ef3e5ff8c9cfde5607b19fc1172ba967ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 05eeb0cb0efd7f4a144d44f695f6f64e
SHA1 45ec39973f6656aef29401f1dcccf5535af65406
SHA256 96bfb5090354ebd47af7699fc564103f4d884999d137f5ae79ed14aeda9be7c7
SHA512 e27b6f81451c354e12a67412769aa72c9f6b0cb20956898db194167694179f82e90b0410873d24f03fc2c74ac15efb15c66084b887799fe6deacf8c3ac825296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 8b87613db8b09854c3d8170c14741cf0
SHA1 759bb6f3c99865624b8d53d556702e79e98d7bbb
SHA256 cd536d7e7147d883a4deda46873ad02c7f67b2c5a82981c7c169d78dbff83cef
SHA512 e6be422fa157ab18f2dd1f0f1721f061aebb9b1d35b1eb10e17a5b69a6b47535d78613d24e95c30b6f70f112ddd1285c314aaeeedcc86e0a176eacc4f1656f20

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 5c686077115869350c79032e8cd1f35d
SHA1 8ce3a7dbce93369faa641f43cbd1dfcc815651db
SHA256 a86e6363d8657dcce753022b69956ccef586d447472d06df83a9821269658757
SHA512 f028dfaba2997196da2814360bd519b0fb00e2c4e0fc70a0ae0ae99bedf242c4c7c7327157baef86ca55b1543f051ad1ca8d2073fd309a9a26d64c6b9bd15900

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 c66309aeca1dd941a1fcaf8c5364c3ea
SHA1 78d462faa9d66cade8eb6601f09d7fbf05e06f70
SHA256 d00bccfa8fa6d71d58dfefe5f79fa274d267bc3c43a1dd186bb9cb67e2fb5d56
SHA512 6f3d88f82ae2c031e1117aa5e877925938d929f8a7c3bbde15009bd0e6b183acfc5a46af539fb28f65c1f22fc6438993f8c21b34b5b2d6a46e82604548fcf59d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 afc08499260ad28eba30d86c1b315960
SHA1 caf72abdf5d69e5f2abfbb842a162c83a20e45a5
SHA256 5b6bc194f64e9a1da6e10a9b92800202abc14536f680054195260a72e21973d6
SHA512 0d14a56ecf30a5e23d1c68ffe6e3a181d9f6cca48fa3004370fe8b233006df20e19f0952ff1bd952e718eda464d679bcac9ab8981c1a5d2ba75b29b641c9e3cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 536ac59c7df18704226b4129134c66dd
SHA1 7c430c6ceea8809b45934b4b5ff0bb599759ea28
SHA256 891921808de93038fc955ab23616e064ed2369f6f15341ea8b7acd2fa16099a2
SHA512 371f2e4cdb051f2fe32935d186dde4da97350eefc26063821cd9ed9e3c6104fcab2fd25d616eda89df2b72cc08d1b1ddca98ff5d7373bb441a6e2bd062832995

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 c89591ca771c22a252719c1086be6191
SHA1 52ce26bf3515f531bf1ed79bbf901cd1d9b322be
SHA256 c68cc2116a03b55afacd657173427e82f581313359fec6717398aed7e1813b11
SHA512 c551270311907b301630b8ec01b9f61405ed4b27576bc9ee66d48c5ca753c1451e6ec6a5984f6f2f966ccb1a6f198f1027f2c629b1ace9827df384b670807207

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 a0e1b8bed2a1a1e5baf45c80ead5ad13
SHA1 580aba3effd081a0429105287b035a2be70ee734
SHA256 afc3fc99630d09199313f5dc5117cb32bd74dcc114fbfcb5b8c9982e97b314b7
SHA512 c03a18ea581c1e500d58a1b849dd12027810334eda98e8acb6bbf2ef69137d5863ece26d77287bc274e16a8ea4927b318d37072951fd4dfde4ec2a9302e68697

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 5ceaf1b614e504460fd5289067960c4f
SHA1 fa3cd31eb6f1aa8b360f24207d6551188008139f
SHA256 47e9ff82964477a1474a2b6e4ecda8f02270e95d0da67d586ec14c5a2488583f
SHA512 e65cd526c0e41ca3f2eb5694feb7a509ad4e30a1c107e76a436914b91d443f8a9c51327372cbd74cf146c4ac12a5bf3e794b783161cbbde372424b9c2540971e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 33cc1c718ac2717fa2967e5c625f4afa
SHA1 d7f448917c44c36a1de91adc81b63b2187b5f579
SHA256 907c0adc8d3fa4abbfa7b161b0d59f417b69cc38c151d94c5a4808a1901a0fa7
SHA512 7123b19f68a96aec42740af952db6a488e0ff7173d996bd60310a3034f1a0aeff62d7b00ad6b3882043ab11cc0610c27e4425f384fe10afcec8bfcb6a38d0dab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 fb493c5096a5af2f6f18acb567327c3e
SHA1 3360f0c4f7f43a3f8a3b2ce853935984e1b49e2c
SHA256 1daedb1e0916830b5d0ed1189aa859a0a23c50b5dbf4ed3eac3b56f80f59f64e
SHA512 aacef952d60c9c11e68eb975c79a6df94b75dfccf40ae44727a36af7bfcb228118a54cb3de27bbadf809803b025a2515a46b1109e13591523d0947ee19750162

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 352542e4dcc1d065946425cd1f0b80bd
SHA1 35d5c9795644ae855377648e39c45fb0d9af7a01
SHA256 de20c96ae9b23710a2a1b1c6ff3a978421fdc47dfea7475852c67e8519e1c8d2
SHA512 2264650519a78195260f78307960e1e404b1c5d6eaff0fed13db3b80f8ad7036dabc9232ffcacdc5ebf20024781d39c555abcfb8a3918df4d264114719a4012d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 9e28cd71c17ec71daae6dd9c8513a65f
SHA1 c9674b6999cf8df5bdcabfd97bf1295c108d5d41
SHA256 0af32388a7b1908f73eaf82ff271351133325bf97c09e767f62e5f6bf12b957f
SHA512 353e310b2ad6f402bf28473d7a870b1db07a2b20dc43b325d5ddc4349fb96c7d1e7f460c895a2a2989eab4bdf35b2559b16fd2f87b462da76aa0da4de4d43c29

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 bb53479f205a99792bc35b2500714080
SHA1 867cc1cb87c7a5a45685e5bb92d58eb8f51a5455
SHA256 be4fd603e3a186db96b9043e5121979af0996d2a1c5ad46d8c42e03b1fcaf1c6
SHA512 e61611ee8346a0e00a6d462a4c4be5f6894095003474f62260b5073701227e5e128b7e6ec48ce58bc032af607dc9595275bd2a729b9418180b84cac69b5de2cf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 2677728249f2caa64158d0c495e4773f
SHA1 a10182d27321e80f0a94442e3891e281a4f36a96
SHA256 d15b44ae0d9cb1464caccc4a62d99e46f0dd023f0ca37f3188c64766b9095c0e
SHA512 cb2523c5e75891304f31550e320d25bb21693a04fdc72beb7534dc2025a57b1f43af011ff82c70b195fb91856221d6c02f424d4295cf20be89fc2da2b9ab50aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 451e9eb5cca5e26d8279929c03b51e9e
SHA1 252c780706cf860bb6acdff5ae534f22c16ad2d3
SHA256 e904bf9843e45685f29d078c2985af60ec3775b61468b1d2f55db2c99cf87f4f
SHA512 85937127d4897182357960d2e060b9018ee3bb27a60bb11d2df99791d0cac627ef2663e6c997b4b77aaadf950602ff0e1519db49c4284d34df04fcf483acb25c

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 8e6328de2fd0c294afabd47cf553edbb
SHA1 b26b408a3a1f07544bf5dbf99c5cfa86cdc009e3
SHA256 103fadf75025f71786fc3fcbd932d38c97e8652a41741a287959bd1f5221b96f
SHA512 29159c75dfb1f1d80a7b56a7546a39ba95c5b916d3efb3e7fa47ffa6d32f6b8b6ba4d69aae19dd7a1da924e79a15a8c5548af567a6c33846e90f018553f92b97

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 40124aee464e01a84ddb73ed8a151796
SHA1 bdcd48451ac208842420110dd3cff431983f1c39
SHA256 d6e22527edc821ffd4b2e7b719bcd642447dde4e5ae573f1094a921691aeec00
SHA512 62d09dba01493e63047da44ee436da15d1ce8e008c9e232bdcc72f25deb4b8269a98f4cc9e7ab541a3d32810e6a2d915f0e711f81eda7c76c731cdbc0cce21a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 35924118b5b4c58cecc1b1a2bcd6bc31
SHA1 11a4a78b111ce44839a6384d6b68a4d361036368
SHA256 4a4c522ad24852ed03c9e6c2d915b783a3fb732bf66766a9854c1293db59fd47
SHA512 d54b7b903550e20c7f8c66acbf2f9f42d0a707e74b62eb4b129f29b7624db227a479214eb63145c884c6fd5fa3fdc276799c86c02205212889abae9048bd6975

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a7a7b5a8f490449e6226741346381c0d
SHA1 422a50cd22265207fca4193e93d3c8e4354102cd
SHA256 90edcdb703080f54fd250781a552ca87ddcfa3f33200877726616774aadf16b5
SHA512 30c17848543e6079c2bda2c2a0bbb86ab50ee2d79a45a949f4f918d142a066d91ae335d8d912853dfe87158a18adea12f8b4b767a1d13333ebd04fda60bc7a8a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 7a7bccabeb1f04301ffe213e5b073dc5
SHA1 195a85a50c2abecf83882ef0822a56c5f9537698
SHA256 04a897746066741c77fe8a6e901f390a5d1e41a1b3c9b1f11727f450983f7787
SHA512 a4ace3e6c717e251f6bd8094f5b2d736e98d50e385a94a691b9e20d5870aa83e9633c0dc7d917e1dca5a6adad81d7692b4216588103e148d93550f13d1608f78

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 ea1d848481ea576ef5f987ac332f41f2
SHA1 bf4a0bdc8671cd7f1fff754da6882a3bb03cef5d
SHA256 1d72c1130a5526f2b93d3719327fad54889287cca5a26ebc719f30a7da8d2887
SHA512 26fb07f10efb5761a44f64f7e920aed676e399ddd01a09fdda6a0773e0d8b7823f43c08c2eba5a093af24ccd4ed5c263d790af9d10922d5c13a8381bd4ad359a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0fadc0dac9e0f101c7ad8a4265029835
SHA1 a235728403c15f61771a5993f804251220726f4b
SHA256 32cb863b088f4202115b53b44fae0a31a5a7792150419a6b664a11790ac8fea8
SHA512 8d95aba942971a90e6ca13399b7866c74569d9e477aeacecfcf3c6c93ddc037245b483f180b9cd90f0746a6522aee8be0b15ce0d9b14c7a1a9643b7f076049fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 5217703e86860e4fb2acf21ce3390c13
SHA1 56350d3e80d269551ba14e82f65f4c3a33940a01
SHA256 4a862f2e60374d3d179156ec867511e8588beb56d696f772469c27e10cba3ae9
SHA512 fcef4a82c37d9dcf6a4a30b78b6caf0d0f7e79dbc151b84680b415e2a2b41e043e748d54fb5e79808d18b32b16b9610f886a850559d7dc99f39fae59968dbad3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5791498c09fef71fee683bcd2764578e
SHA1 09962e9c3548ffd3909757716c45ea4f330b40bb
SHA256 e755c6cf391dbf6e5e7cf4e274b97f4fd48d9dadfe9a8d1a02450e0a898661dc
SHA512 be439caeb03ddc4bff27945b4213c45599e32f3d66f2d3fb348724cb76ad59da5e1a5734ddf6e5ede604f41e366123502f5407f5457e5f2194d96b28a04ac74e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 032317d43638d66c8ac7109454298bc5
SHA1 3db688059c61a3151f120a1cbd49565ce9547566
SHA256 161b03c5535ef6164ce31002f4362d0cf545898909c141d91cf0b748453bcc0b
SHA512 39f90d58db78dc7baac0f8a11b0346d68e3d14fa7ab35c04e9cad88790730fd42413f92254f2925961c810c257e9cfba3cd5b5422716d2d8a6d4cc3aa92253a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6c5221ccf5f9bcafa4c6029770276d8e
SHA1 a81d0b5515ef1c6fa60ab1dda27936a8eb1ba492
SHA256 4075dba8034ee6ed83c502436c06b66a75f885e81b7df663bdc507eda9fb0e07
SHA512 a2e5297a740e061d4d02d8ad6f3c1120d3d955469cab6f08c3bc3c1fce7e250fbf7ec2f67cbd9e96323d2e0bea0086b627b081751c72ac5f9a9c8414c3f7ba41

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 78efc593c20f42dab73ebb74be3aa8fa
SHA1 101e7ebe08ebd65e1dc70aa79a5f5ed50f5c219d
SHA256 5187348174ef1cef04e1a0079b83ddf24e7461f801a5f1fd0f18c52b3f71fc88
SHA512 532aef0bf3a2f77061e5b4255287c2bfc6f57bb6e2eb51fbe6a5a4ba0bb5e80ff5a06e3728639ba9cf4e408b80eb016d12d219012bec227b0b05f450ca25ba00

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 8e6c22c6a2df4ff5592aed6c62955065
SHA1 73779757fd880328eb21a2708c9a404e0981468d
SHA256 2fddba9ea860a4b1fc7aa22faa3e1e4248b9e27c76f643d3a314ef1ea512854a
SHA512 757e0589d48b2a87b32e42efa4f6aecb8483b60b24862d9f31689c149e4d43919f25d233e9198513818a8354951ace59f002e5d03235409f3233d6cadfbbbfc6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2d3d980855c20dec1d7ab67230359ff8
SHA1 c57299f5be65db3c051831c8937a02896fb2d932
SHA256 d54911c10f1ff9fe9ac450600d7ca1ba118ba118e782e235aac729ab0731020c
SHA512 0e9757df0f4eddd1c2fd9ef848f011802fc740ecfb96249adba121cd843f45ac171f2635cc914dabf11402cf5da38160e0ad875d4f6c598554120db315acf5f3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 f670abebf8e3dcd27909b2ed8b852fd7
SHA1 2a2f6383e62d0fef6aa81f122c365eebc32f6b8c
SHA256 37a306bc8a1a6a9fa09aa36ffe9f03ed7485c620903bb56b4a7773356435f8d3
SHA512 0b5e54d0a756c2dbe71149a144059ed921af623b28f76638004c5ea00846f64118d31af022f62a5f4b461af7b2b52adb2632ed3ae51ad36990529a6b8278bb3f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3c07623a7b2d7a92d590221f71e5b9f1
SHA1 8c13944c6038806b67525fee7122768aa6dd720f
SHA256 21cc4b2743bd646de3228b7a92485d0351315266a5481e9b27e1c76ebd80e3ff
SHA512 274cbccb7871d3895eb2cc3777fb78c268f2fdaee216769e0db71d83e95c008ed091195ab78042e33ffa57b9bd08473ca90f63b993fdf986003b63d20c57ad5f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6b0793ac67b0f41dbafa1f6492b000a6
SHA1 bfaad91bbd3ebcabdd7f586811afdacb7398dbd1
SHA256 5ed45ad2f6d4444874b90349079e38caa6c5500e9bd4f1d65556df93ea7bb795
SHA512 f720285c5608c1acb143dcb0f5aa6bb212e852aedfd5ec39b1f757bac3a63b925ca6043fc723f1be8e461d63bdbf3d7dded35525dbf20a7bb1aa815b7aa338c7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 2bc72cdb9c5ebeffed0eb458bae38352
SHA1 e9c45ddeb8c9c33d5ec26e97bf458387e5d1e2fb
SHA256 356ae95952e1382fb0d5b5ce1ca4fde92dc3e224c861bb6fb152ed0b5129f818
SHA512 8aac91116451a7d34c080b4840399b22684a8159a678f2018b5d06b0b600f3204c61cbab20ae9d35ef7a091ffa203d391946088a819249944c067d157671452b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 18c42bfd8185add401b105eba68f51d9
SHA1 6292d3c085410bda377da0fb8e025c69f6931178
SHA256 21bcdf4b86c297fc291b18e801466fc2d1c0a707e1e5f5a6c2f72cf2b9fe304e
SHA512 5d151a005e949b441e9dc763036c9e38f22eb90c32fd6f33fd943bfb05f781cfbb00dfb41bd3218ae0dc608fbe659fb4595b5c6f15d4643a012ae04fcf2f7edd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.EnCiPhErEd

MD5 73146a5fefb0cee57df379c41b42fc78
SHA1 58d56cc1a4fea394b7d774f45399da2610d96a1f
SHA256 481ec55bf5b5125af2845bbb3628bb2d51f3373e31cbd69db6904b0be2316a53
SHA512 62972601076204553991444968ffe6f1cdb91f170f3b2048c8e1056c26c6dd4d95c89b2a13cd15ece49b52d62e7340de2a4ede15efd3bc684c451ec0fcada209

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 4b3e99d3d8bf7ce2c90160b3ddb5d601
SHA1 1a9286c33ff1a6fe32a887ab7fd05ae76f549899
SHA256 b5790a75bb9346dca68c2ee5477077a7bb68a550887320690f5ce1e38b518245
SHA512 fce3a67d9f70194c697b03ca1bb5544760ef4cee48502d7a79bb9539f4f7d933657e06f2a2ce2a7f0d25e74030ada1d7d74123f4c5edc2850fdc1d166ebfe5b3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 277159690676dfe4cc55e30fb220e5a9
SHA1 d1ad5ac15635388340ebc2e6421361008d6b75f8
SHA256 e1674c83493e99cc615c8150f8a5f5d6e3de11ef960a97c553d48b9354cd8cd2
SHA512 df0465edd644c6c3135f48bb6ee1ba57dbff423b1707229d41d25a5af2a1c7941a92869ae2366436913755f9a956eb32de6f7dd0ed3ccf6920ed75482642a11d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 214471646000ab2f0d8875703f75790e
SHA1 c1d6b6e67ba91c8dcbbde0aa0a73b1779af501bf
SHA256 e84cb87d5b9603f0855263ecea8335efc9a4e2cc9df0e774c382fe8cd62fe943
SHA512 7839f339ba8b4eef8d8390e6e2af35fd47d51ea26795da985cb7dbf6687222ebc106f5b19884e0407829e9e52b2448ee3fe40d27bf19c11197af2e03f3d9a878

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 d37f9389f15461ac5597a1ed1c1cfb99
SHA1 77a61a381d7649cd7f1b2b0769ed0a887cae551e
SHA256 660c772ef321d8d7ff922a2c028ccb6a9705229fd8c1fd72507ac248989eaab6
SHA512 90ff18ef85552c17052f6521edf047bb6c9a6e0245a271281c26ddd38869f49311bfeadfa3cc318f8cf37f33624998db82e3703d293f7da973b2e70f85d33046

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 cfacc27d22f5ab345a86e268c5566200
SHA1 b6286144ba179c753d0c6985476de7e9b29ff593
SHA256 9cb2af90625dc9d2fe8e2055a3b5eb59c494531b61fee34b7eedf7ca4313a580
SHA512 e0ab52c5629b5940a64c00e0e1de6de4c388c3388ed1d0216567cb685046cf7a13470d70ae6aa3116d96baedc15c48b5327caec2e3c4a25287faa7ed579fdc81

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 3c070b18270f1e69e65a767fdb02505b
SHA1 108902764c75ce8b89bd73d720306b20dda24c75
SHA256 4597d94c8a75bfc8bbe1961e07975a5d0f7b880a42ad778cf92d6a6794692690
SHA512 31e70d75398b578b9e1d74e012e20f864e1f334de99d4fc43f49a424e415c08dbefa364460a85a70ddacc19dbf38132ea497b86f32df9d8f7d16e2f2b16dacaa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 073bae20bacf3b794ba580ec7d76d828
SHA1 56f1894a40b0afa817601ca16941741a1b9b8069
SHA256 ddf4220bbf385d850a5fc42d65aa3455b595f685939aa71835869794caf773a8
SHA512 62a6a70a4b32409f173645474b9f7888eb1ede16b3ad9b09c3b968541bda593cd8960ca9aa1bcb6695d2c009cfd791b89321bbe8eb4cdc9a45a78fa65f6ec2be

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 8972d1d568a06027bea434d65159967b
SHA1 f4d571cffe2872fd069e07bd37ff1b203551f297
SHA256 f02cb3146ceaa8084166e8934ed0c52e9fc11154388c82f1dd65568433bcb13a
SHA512 b91bb97c975b47e8b4bb4705901cc57a613af696b680a857c02a605da988b9ecd9790b98e8c2587439ad13e9345365df265d5225865c41f9f0a3e68dda183801

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk.EnCiPhErEd

MD5 fcdb8fd993f0a8e90ba38abc911836d1
SHA1 eb22adfddd37d5bd5c550dc8315a06e52306b82a
SHA256 6877b29ac310b9ef983eefa0b6d5f348639a27660bc419c319413f5ac03b59b9
SHA512 6299fc465daaa9fd77e9326964dfa7fdb25861872662e9892a4451159b273e57eabbf5b3d320c8d3a2db7e286dd4f18fb2427504dd167099fd8175f2a7b35a36

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 7f82baa12016ea8593b9be31c706db17
SHA1 c343b1e09e4e16f0e168d658d4e34e9d82d4705e
SHA256 bc3cb7421b2e64fdec7d53c0db3dfcd9a9b35d15dba31b916774319d888e0e14
SHA512 38d6c1c1413b03f7ab27d529ded2d6b8b2259e9a0e6d2a62f4ef5d63cbbfa1cd9d65f7f45739c263490b959f4574ffb17b7107c8d990935aaf29e31dcfc1d964

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 9ffaa40026507e0a99117e2dbbb2cc80
SHA1 1f58e4c0c59b1b1cf8c8c3af61a24e1e35538bcc
SHA256 7ed7cb24358f20e799f76935cb8a888990c9e5eaf5d900cad95c326db0340168
SHA512 fdff3717d5d1267420f2bbb939682131e6b2e28807ef5d4e869b4900ccbda72e26c9f370dabcd9fd69661570682c62f93a19883cd6f5d077eeb5c4b00c96eddb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 19762847549cf0807848f278ee0ff330
SHA1 15a513754feceb9da62b61836d91ca97e387a701
SHA256 60c76c2d65b492a439485525f100982443d2ed0484f2af4a809b973e18eef9d2
SHA512 dc5bfe8ba15583acc2269336cd1580eae329ffbadd7439e1d669e50579dcbd13e22adfb03e756a7a2844e91fe68373d519a130c77895215029d0229e7d73aab4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 0fbf684afec71e45852cd5beebb94af9
SHA1 bfbe46d5f0ed88c9cab0a1423d3c1b6c13cf5299
SHA256 0e6c1759278b8672376bb1e57adc39143516e796a34d8174e3f1f1e74bfe1d68
SHA512 65b59fa664f5d07f3222e9e0d41d20e1dd4ea08efb4dc1c77faae10a470dad249814217697b52349a06f0ff453dc97af031735e515d26909f877b4aaf9c4c6b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 5179616dc3c15b4210cdc069e34fe81f
SHA1 5cfeb917f50e5619d97ff178a64ee1c2237021a6
SHA256 186f4a12eeaf642d4b161d61f423d15dc4d4c149e8dc4630b1517ae06bbc5b26
SHA512 f19061f69629a80f0a4df1ca06fdc510c240fbc20a0f5fa661d234a8f7448259c4ce2af33da22edce533c3b1ad022f127623249a958a3b3848a9a5af81022552

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 4bc743924bfc740b63188aabefc7d6a2
SHA1 2d3bbadda8ca4ba6827872fa3f7cff5fabfb5a46
SHA256 3a4b9dea8fcad6641c1f2dc541b4a4039e0257d88a09f92078237b3ec47c5c30
SHA512 6f7da06825608726dab7cf2cf829256b91c82706b4ad84948085e35b00935717f5dd9d9e9ec95415084a05e9e94519b0a3685565b221d9b58d8a0a5f5fd149c0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 2c032610a226fe2bb916a29d2a0a8bb6
SHA1 9b7f0708e182868d17fa2cfcd459cfa27b2021e1
SHA256 71c1c04ccf3fb9de6bc987a183a046c8ff068f707d8c6526f96db095a11fbf5c
SHA512 9e3c66d978278981cc7dcaf4d9bbed62c11e2d542eeb767ebf38be2a22f4ccc491c95131810d15c14b817ad280f0d99f8d3bf70c113b73f1485779d61a5e3d1b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 00c3de463e3af24fda9e4f4ef6055be6
SHA1 930446f2ac73509485893347f12a22860d25e21b
SHA256 60039cbb416b15d80e49ed3ca114859c08446184e0ffd91d1cded10bb5f63a66
SHA512 7d50b72dabaa67535195a9155c52700e934f3a7c89cb55c787e48173b14dadd7b6d1551370be9529e232cd08b06c578f1a19b01cc7c42fa97ec97490f9084a21

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 359274b73d37f83ee8e21d6d3e114e36
SHA1 f179ae64fa6dca7db3dea6882bfa36ac7960362e
SHA256 20ba399f73656e2bd46081c1921f3eb5197c9c607650fe11580d8e7487e6d5f3
SHA512 bc37f81bc0a43c9535e52ad07431817620103f4ce71e255d46139cd8b13b30213c321d6492b1bd82cf2f1199925275c071eac1c48effc7714ca8f9b0887462a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 c465bdaebec6ddef80855632fb68222e
SHA1 f06e67e9ae01e1d126b75cb11f8b653f1a5011f4
SHA256 3e05c5c5f25c1a75014604f6f214d25d26390fabdacbed70cc1be17aab1a1a7e
SHA512 b21a372b37339efc26c2fd26bc6e12e2279aea9b56f731c5e1fd536aa6325acba5cf2135a11f9768d3e53db0bf90cb25b1c782e13c4b3e3ae11a752ad374952a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 6f4e3d38ba085f25d0bd3cf9e21b2b32
SHA1 60191f49eadce72cada71a0581862f3626324c5a
SHA256 9a4cfe3a4244e023737f705c05e069f652b8f33ef2475f03e9107de857899314
SHA512 ac26fe36e1b6764002165b9e18253c56bbca625920ec255caf8e8195bd8e55bf78b7081ea5156abfce03de8a56c90b226ce993fb5647bbf9eb921c22d54a65d3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 79a941539602906b860844be6647d54b
SHA1 a1fc5229d8a5b7a9ab515d09e290faf4c9847ceb
SHA256 da5b71cb898a3ad8f8630c11bdb99f384c7cf7de7c8b1a72aa0a86ea286710f6
SHA512 27dc7469cc99c702ba33ace61e80b26916c2b723cba11baa337877932fd3f65b6fe2bd0fbd3c16ff610bad3b849bbb4ad37c6cfaf31292f3e9d423779c14be57

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 eebeb180fd9cb35351d84d0ae9781c22
SHA1 e6a4db3c06ebe0cd75f9d55b569cb201af691d95
SHA256 d6f11e66428bc48be4e655908007bd779068160a4ccb13f41490ca4b77df1085
SHA512 2b26c2493a1190033ea5148b88f9e823b356137302d60dfd8f654d2a5740a0536a6b8066021c461d86e6c055e01bcab16a152106c0f3558abfa1df8a43d4a0d6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 2a90faed2820ba3caca23eb7ddc176f4
SHA1 afeec710490ca39ac56476964dda3da71f0dcb8b
SHA256 d7b3a9cb3212b141e5bb71f2f6d7c6ab761073c891b8f52a2dc8d669e42f4246
SHA512 9d55af7d0c1a4008318faf215a1618e3eb55606bbc00d5e90ba88992f04da1569af41eade28b1473ee4e28f7d4859ff484eedec2a9e5328fff6186133d03dd30

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 3d2381c01271fc8f7d4d1df242ca8191
SHA1 e65c1ac8bcf811214cdace323c7362b0dc33c293
SHA256 ff78c74bb011354f8fc831b552842c4e1af4e23bc6d6d15db10836c8ea16fe4c
SHA512 12d85d4e6f6cbec19ba05c7392f167504354773311ec64794d9b16b195fbd892bea23885c8196f2771a97db9eb1f89557d9203667e2847ac48ecb7ef75d2ec72

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d43fc931f47533ebfb142b48ab48a0e4
SHA1 627e1f65da4d5ab444313e6b53810b3f428013d9
SHA256 cdb42cb1370120e78a2ffd25b46f2541460a691c660a2ad2114cf47a04efdfad
SHA512 d2a5f69d6044dedbdb5804b528e2719f492f42a1b67a13511908e7b1511e0d19df317d3c1514c51bc4a00a86d297d77c7eb531ebb4197591f95334b173f4ad5e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 56afb96d8778ce250416e1b15495faf9
SHA1 a16750096232f7f5f10a5c396794a1a88e5c8834
SHA256 1254f71e3ce45bdaa67c14cfbae197cfa1c57a29acd1942a3275fbc9c17ad8d4
SHA512 57b8bd7ef3f38b0308ff3cdd28ea4aa2e69e95c1dc3b59a26feda8841b50337ede1214ed6817bc722b58298ff87f03fdd8084122d371eece197ef6aea69731e9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 816f8f2a2a292540f94e999910dff675
SHA1 0715b82a4368563008b27605d4ec5f26841b030b
SHA256 2eb60cc868880d6a6830a550cc6bb2dbf687b80d872d1c5ac45438130c637d9b
SHA512 02f48660569b1aa8cae20bcda95227714515b03e9e9aed5c3af038395c8f7c22c97905d9ef4384760ce2a38b937264d9838ff4df840469effef32f7b5fb7368f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 5e414c8c5e3347d70bbc6dce548881c9
SHA1 9f0bec716cb87d4df614123699d3b3fe50a7cfc6
SHA256 00f166f856c5bbcfb652b41f8b8db231adecdd89683a6b7685d05b7491ec68cc
SHA512 09313bbf7931bc17b3b550e463f5413ee6b9fd9c6c1ae6bf3a71cb947875a966311ce29d57965e0b1ebf86c3c94d54ea28a28b023b566b47989dae165f3c2a1b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 dae1f7bef6d04dfd148db99d3e1895b4
SHA1 4c63eaf4a0c96a4790e61f7fbf5db5105deeed29
SHA256 75f7145bbfcde6395708b440328711fa1454a196ad5f5c8f3bc541820c591e50
SHA512 8bcb73e0b27ee4ccf0d3a486a19e7f7e7079ce7b795dd7181caedd04cef8490e5cbcc3476f1ef5cef6bc590e40574827bfb7d80cb55f0f7bd101de094742da00

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 5508615058596744bc97ea30ad9d6246
SHA1 b82adfcb466d668462b1073ace1b71a672927f9a
SHA256 149058471e92d326916b040c3fdce42d7f68b206873aecdd80f175f4f1cacb88
SHA512 3c7b5af8f83604fa446f323d224dd5a08c8c6249e80205fd2f3ff6db0a9e17f9cac06e1c3e640137fc5724b13eac62cc60625be62a9a05a4f246e3f04c5a543b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 5b578729425228304fc0fbddc72f9d3a
SHA1 8beb908085012484c6c95f851bfe4f124b60f141
SHA256 d5132d04458a8c9017ea2f76969ad50d8f8c0bd39a0746c10c3157e7468af107
SHA512 32496b541186f38fc8137a63dc35af04e32d652df46df14a2a0fef053c773daabea9c8ec857459e18fc406f16f73d045fcaee32010fa1f70d7baf2b13a7efa1d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 c37ce70bf41c90ce86d510b94cc52cbc
SHA1 22c7b78844eca3c89dd4c0d7abcc13c17c260076
SHA256 32239ade7b634f5b071f803e26411be1ab13497754f5cebeab24ab8e1d6298ed
SHA512 45853a8c2d298fbcfc916d9e1976b5df771fb4004e3dde37c8ed444eff07bda27e9f5218db0297e9a739fdc709171c12b769a278dbf509f10dab3bbde21cb0c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 2c08187c871bfafce8894322309fa4cb
SHA1 acbc28a3a24a7323e3cc0dd3424361f9ba0e88fd
SHA256 dd89b3f7e5059df4b49e7468d9bf0853f8badfb79e1ed5b415d07852cbbd7152
SHA512 88a171a89683ff22ad11cd729c913a3b3e0a0ca94aeff79a1f5d6dde5b260f149c79ec7c6965259774c3f92d4eaf44a3ab533291204e597edd182169f688584d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 ac15bb9354a014ece7e6faab05f6beb3
SHA1 728dd58c0b4916ff1e49fd8ac3c639a9a7dea419
SHA256 0215c34d38684cbc62e4244857b4526a8329f4c96fd0ea36febbca1341f1aec3
SHA512 b5020de7740c28b6183999ebb90b7118c2d976cf82afbbbecca60c58aa0e3d44583150a16989e80aeeef238a6e553eb4a2065a35550ebd436e9ce0f20550b440

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ff6c9981df922803ea498f2a51d211f0
SHA1 083b4f7177fca39bfe68d86558fd13bef0dc7b4c
SHA256 0066c0c4c442650f1d0f26d1e0ef85b1a680edc883763f2223e77ff51ea0cb6c
SHA512 1155879868f43dc674862de2afa4acc4307010ca2ff9094588958ed0e5d39e63f4bde5f636b35e7d03c024d72e928d5121c4a772d9a5192b894e1b7ce24fad76

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0bd8177bff064426ebde4e7820922090
SHA1 7a58fc5dc532ebe2249ddd8f6b741712c777fee8
SHA256 4b9d2fcc268189a743454bc464c5d3f1b5d01a11a6967fd6afa3d5420aaaff21
SHA512 789e0a3220fb9c9868f554162611cc40b39fbd3c158d2cc231d1154a18c1947ac6c859d34406319c7de8f2e246aad045e3c980904b63abbf1532a035415e0e63

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2660a4be9a7704d98232481466629966
SHA1 0d57ee5a2b6162b6b6b0e42a8a0422fa93988c83
SHA256 f66f162573b276efc7e60825078f0c5485a5cf4c5795a3a8f6bf63e16089db85
SHA512 36d30537da10ea76ae83ae8d05d139c6274fe161ce07f6a10b76e536c7de5089177795ee59f1989af995ef67365493f3e9adb1126168a283dc7ab2fef4b0b1a3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 9fa96203a8f0e8af2d2a1da1d2d2df56
SHA1 7b540e0bc87829d520cd5d71efdf69dd8bb86117
SHA256 bb7a578e0b32bc2c0a743c9883b65e7a0abf9dc6793fc76aa6621a4d697dbb08
SHA512 bab3120265655d670b48b575e9bd13d37373ef77d44384b34615630682e47a7f91df5a16e18846816e55080ab26ecc1be7b99a740600f2e5919c63a28cf7f968

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 03962140c71f8f44f6474baf5e34e3c6
SHA1 a3f091e75607da2e6fbd8889c83ef00c69616021
SHA256 c6b71e16ca7e8879182ac6f9330505526af21bf6aec673d2c459567c30d61b98
SHA512 119d537224ab30c4a48c1ace858bc250b561b033b960d05b3a4c93b274d3ae0e2f43793f6e01986e6ff568a2e12d7c85fe90bb664d70ee189e635e6115624759