Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-yykypa1fpf
Target 369b0daed0dd96a6ea47597e210df93c_JaffaCakes118
SHA256 f966672fc495a145195d1e9b5f62987a25013916754029cad7167f24b1467cc3
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f966672fc495a145195d1e9b5f62987a25013916754029cad7167f24b1467cc3

Threat Level: Known bad

The file 369b0daed0dd96a6ea47597e210df93c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2492) files with added filename extension

Renames multiple (2537) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 20:11

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 20:11

Reported

2024-10-11 20:14

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe"

Signatures

Renames multiple (2537) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mspaint.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wusa.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmvsc.inf_amd64_neutral_a2cf745000e2ea92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\calc.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wuapp.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\logman.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\svchost.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\autochk.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\diskperf.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ftp.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\upnpcont.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dialer.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\winrshost.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Response.gif C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\Hearts.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14581_.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR24F.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR18F.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_6.1.7600.16385_none_e81b1b936f56560a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_de-de_08afeee290367fa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..tlocation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3ccb862dd6878a3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_2afaa0f3ee15f952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ementscriptingtools_31bf3856ad364e35_6.1.7600.16385_none_68b74811bbef6f3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f4d9a515e0249086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5073632e4ef0764d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlanpref.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f4a2440848c3d8bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wusa.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6acb7e475216f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_0757259831e20223\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b99551da8bc8bfb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..providers.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5bc53cb726a056dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7497a71c57e547ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmtdkj7.inf_31bf3856ad364e35_6.1.7600.16385_none_0cd09f551c1e4fca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7bef78d9f4a6a8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-taskmanager-events_31bf3856ad364e35_6.1.7600.16385_none_e0ac3efe41cead57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_296c045475b2b94b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_58d3222974a9d5e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..xtender-driverclass_31bf3856ad364e35_6.1.7600.16385_none_e6d40a62cc068a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d78791929a81cdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d31291564a61cee7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmnttme.inf_31bf3856ad364e35_6.1.7600.16385_none_c33749118dbb2f7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_816fd1e173061582\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_s.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7aebc463b72ab697\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_cs-cz_bb6810d0ea0d9d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_b8d26fe3a7b3fbfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9baef6d76d42119d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-com-dtc-setup_31bf3856ad364e35_6.1.7600.16385_none_8da1fd210f4e6422\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Title_Trans_Notes_PAL.wmv C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-9.htm C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_de-de_92688006fc394ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8bddfe09846c6f83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c6369a6589afc29d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.1.7600.16385_none_9f85a871aa07355f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0e9466a3fa8ee860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_66552e3d52baceb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5594ba6667bef397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b56f2557dcc636c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-segoescript_31bf3856ad364e35_6.1.7601.17514_none_32eade0d03ae2a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..personalization-adm_31bf3856ad364e35_6.1.7600.16385_none_b641570ee85bac92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-windowsexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_4c5bc898cf89bb26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_36116b6b901641ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\inf\.NET Memory Cache 4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\MOF\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_6.1.7601.17514_de-de_cf322446919401a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\500-17.htm C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ricoh.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79ea42e05da38b24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d234a7ae309c4199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-k..-plug-ins.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_606b66b01ec579b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_windowssearchcomponent_31bf3856ad364e35_6.1.7600.16385_none_d9945dfe949d9e00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\triangle.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\Media\Calligraphy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-restore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_706db3f8d7bceae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..framework.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fad5abf8e9242090\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sensors-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_83ca5b5c78961c4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ITRMMXILISAOBTR" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe,0" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 edf3d4399582c7a1e8e1db50eb8f63ae
SHA1 2b7d5a0b8c2f0c6a1e233f0068046b0fd801b968
SHA256 9c5ee7821cfe0279ee6f64936c361a251b9f1f36dd2603051063230712017ec5
SHA512 16433b80fca0ede9110f2315ab0689a04ec2e490858fb19650986b7f46da7d317c0dd0519813f2ae67c4bae7bf00930ef4b6fb231ce6921b0e8f2ebfde114ddf

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b2c878016f854f614eae23054c96467e
SHA1 8ce5f8f8c30b1e03dc405235a9194767a1008466
SHA256 d3980f752d066125e74dc259902022a3538a4ab1d91287aab8c2a39379e60474
SHA512 e3620dd338b6b31dbe092317b7c22b4e1944f719c99438d4c01265a20a47579be5f6caecab889522fec321d37c51c41571836e0a7700174c8e90480c78459715

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 eadfc89880df1f5495b7d7b4d0047a8a
SHA1 9c1979bba318788c90f0c7200fc9f86a2d6cf560
SHA256 8038fa52303133bf365ab30655b2f02867ee717f5bafbe28d2c5aa087b29b899
SHA512 0ba80adbcc353de3d789b360a9ec87a77a5b93c9ead2c5e2a3ff7ad08bdcc1a4f4481e7b907deb19e987ef31bf4bed1002a5508334563cb6dbb6c7f215077000

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 749088b4ebb5187c801739d539e34875
SHA1 6b8345fa6d87231eb6c4324ef1b6595800cd8faa
SHA256 858b706e091f5250bc13b79c93ecd93be271e69e9cea94fe27d2e9c1a0ffa902
SHA512 749f52ba6144ad4f959ec765ed85a26aac1b876ee1babc21e2ddf334512eac80f9687a468faed350c5aa287c7a9160e0f9b40f2877b7125e121999548448e5ac

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 9c6cefd1f98f979fe84c2d2884d4eb8e
SHA1 f49903632c35197a26330b16b64798cfdb330511
SHA256 8e621ebf5c5b713d6c55ffba09a6dd1a958930ae60c13401cc1444118cd991f7
SHA512 8d286256b254beacc98fb7c55c2675aecc007c3613d7b061ca5c60f79fe546a62819d5c6a6953ebc38369c7f7d8be8856f35e1d3d0f88320c15dfe9e349cc3a2

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0dfb052b7a4e60d3a3b4c8dbf5ebe19a
SHA1 ecbb31a1a8f34151e86f85b6105341bb2f9cadc3
SHA256 c4470d9c09d7d5b8da63b64780a3c639e0f25df97e63c015bba55d290991de09
SHA512 d2c1d29de3b71d8b05f2f286bd2acb551a8f0e951ec611bf1a3671bb9615b470b5c8a649c72d1bcfe3bc26ea8574f46f7cfca4232781e4fd665e9fede65e9a72

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 bfacf8e7caff2fcbe157afa7b6c3ab98
SHA1 d8d12a5d7968c812b69a7d47b590d7ecbf9aa8ce
SHA256 fad6c44829d5b8ff07dceb6b0571dd661383ee047f8447fccfb807d02961ea5d
SHA512 b972b07d2d179ee3a3886fb91a4f3030e92f0f3dfb358043b039cb98b4ef0c5fa2db949e0c05bbc67c4835a77495c380f93c6967d97ee3bf5f9067b956cd1350

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b9e4b53213fbf0768465c14afabae500
SHA1 a5a6e1d28dd77821d22cc6ca8b59c443334d8c13
SHA256 111dba847b35705da806e49ef3188e06c880c499bcb249ead1837c18cb99805e
SHA512 0400384a5fc9759258c7c983a7694aaf5f509898f34946c0da703d6f85ad60dbf9cf873e7c0675e0bf5cd8b40e82e2e75331eee9aa74d2029b0e732dad5455e2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 381fa34facb18afbf011d4a89e75d495
SHA1 7b581bea1acf3e4fe285d4a5ad1419eda3ca0e07
SHA256 f32b7524f825fa0575d80a4228332021516c2bd7b68af4b83e363aa1ba196e69
SHA512 ce95541bf19bbb45039eae201fbdceff6f679b40f34d45f363bbbe080fe561cc6e5b9edf9318ddb6ecd6ce8b6278036b0956256b0102f844b0d500c36bcc45dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 b4da51d40aa783ea643025b8bb4d740e
SHA1 235dd420154c5b44a4121dbf840b8d070cf41e6f
SHA256 67e3db022810d1b191d5c7e34eabe122108afa870176c7b03831703f010fa608
SHA512 61f82fb8debd265303f744ad5290ba3dc1da313b436d11652f950c8ac085a1cc8d4576266bb5033bf3d3f21d4a75886838ac8b7d4bbbf85a57c1dabfbd968841

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 d1e609640ba6e836ca1c07fde6c3ffab
SHA1 9a6457c45b4591bb27e25eefc8909eae19521e6c
SHA256 5d7e28cf6b71235606a250b8f81719ea60953fe1ca0acaab9f583830a3b885a1
SHA512 9b51dd2d2af4f3053f30ec3fdae56131c23529a332de4dc2b00bcd9875bf3d38c80adbd1c0d76a1c52818b55bf21175eb17acd0bf14e10e03d55ca753c5a337e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 ec15db8eaf9406e1818239c06b9e0a57
SHA1 85d6bcde12413cfdede79e2e8c126f523a4bea9f
SHA256 cd8d1a7975bba1fa770dcd965408fbeb9980f4e9e7fb5174aa51ae245b12e4bc
SHA512 69cbcc91e4bbae5fc05788b94a48ce5c7f5270e1de18320588d1f0a2e92f2cad063a8cf2ff14032ea1e0c240774776b8470f14d33a83108445a668e5249c36f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ce0e23dce1709d6a5576800c13aaf7f8
SHA1 280e4d5e0bfacd7e216a4ea4aa0c73dcedf2cd82
SHA256 da115f750e4fd8b44e80e30d7dae9d6e97ac3867f95fb938796b701b057be19f
SHA512 820d05e2b5ce36da51846530fe382281c74ef9401b817147392099a09b05d4c8ab772c9a09f9cb02d48dac4b0217bc89ccb2762b0f6973b922dd38b2cb5bbe72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 c1264e48c813db5167a3850492e156c5
SHA1 0fba979099f8c238cc18721e3747e6a4cd2b69cf
SHA256 0ded0c78de7329d1c5a83fb38affa5a681de0835fa11c3dec647094250aed68f
SHA512 76748103d4c9ebe668e81adea75dcec1dea2996e8496a237a051d2b60b978750c8df3b49b617607be091a1e05473c8394ff24be75f2c3dd70c18f419819e0483

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2f57abf47a7c00cf52fcb337f622075b
SHA1 4235e7caa93f60eea4836d13999c9519c7a88261
SHA256 79c35b0602aa631c9918019556b8690ea4b74052f10d4fae1c63849c082cd805
SHA512 4d023957619e6bd91d03d4093565b7770be799c4e9df688d40bcc1f061dd3225ad6b13bba08525521f1e25563a3157b5562e1e938e0a7a73b2f13fa49d2509f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 59d1a0fe032b2546d5852cef15a8c2ca
SHA1 97725b0183d0f8ab2362881656679941f84547d6
SHA256 8ad0658fadd38e6dccb68d332bc6764af9c29048cb694365f45cba5df9013d71
SHA512 6c5706cd796bfdb1c8d8e0d3290833ee0168f3d0d4bbdbc8595d1615c4ccf3dbe301fad281ec2b749b3c0b0bdefa03ebb321b1eb01a8153d80970646ad0c86de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 b33bb8ea9e21b2dc3f2bb40e82eb1d59
SHA1 9e2b8f1a3bd0712f92da29444df77bcfe92b6949
SHA256 ebf0db6be652f63af34fd484059c71fd1ff4ac4110145e011549df4eb57c484f
SHA512 669056a842017565ffb11fd837981671a011abc1eb019a7a155621a5e85a52591c81cc624d52436efdde994283b0042192a54cff0c76c6fff9ec6e3eb61d9574

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 0ad2d0043a89930656da0307bafcced4
SHA1 c73f91c4e6c2bc4706576cc8d06b5b4834487964
SHA256 1ca46660793c14e1c05ba770a177539a93932d1ad8ea84952c6a0144154f3d43
SHA512 c50a4343c6f955b14e48c0ef7cf71d833068c6b0554f1feb1caff527fcb3d0dec5bfbf77b9ea765fcced29f2e8eeeeed02856c26f06141d9e5b01dfa5e4052e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 d8bed96e6c042168af288d09e8fd8406
SHA1 367131e9cb43e08b77d6c3567231a3d23eae8143
SHA256 d6635877c26e7c3f82ab7f44bffc61351ca972b4bb9c495367ffb4882f197570
SHA512 b2dfc400ddcfe0a2511f88a0533c42ff482dcca3dd3b36aaf80cb6ff24ea710701618353b62687729e94fffa2f7779d7c5de82974a517c276647574f86eca924

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 38473dde4e6cb9e1c200c9a10038df53
SHA1 def5b73bd54b675f441a2e372393dacf096d7104
SHA256 b36317b616286b1424c746078093b768943fd4197f5b204fbb9166766f0a6171
SHA512 9d8607d87e9ec9d7f2cb8cdab782832fdbee2ba1110788566829efc25f77a36efa7f15e082f501621c6f1762d65f78aa48b9018b5f520f549b7d7e10d7a47f0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 dd2f227c372cc75558d6bc4eb45a8f8e
SHA1 4f0f6ae1910c50835b567eaccce2b9d7c25df25d
SHA256 ac97ca380993e0eac76cf6f0cd44c987893b4ab55bc0cf55cb2690adfa8d8007
SHA512 cc6ada4ed40ea033e3533917737151a2424969d29814a9b88050a3acc0d94e4e9cc67bc8f98d8c97dcaf63c1be16760e2bec1be9355555d18a9e9818379fc192

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 b4056aa8bd5d145fc7121fd455318d87
SHA1 079378f3b592883db47e6aaca8c99c9e1dc29b3b
SHA256 d9b8de4f7b29b52675f03ffbbb6741362dc6d5620d2ce4f719eff7cadae22479
SHA512 6b2736eb3ad9ca6f09c7f7586fce218338c9d2be8024311cdcc9bb3ab4d4e095f41dad31f37c7365af980a6b7e73eeb2054e6f62a91d463e0afedf03458d3043

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 7d2e9ce6d163caccc16c16c78441c6a3
SHA1 314291a552d94bdbf63c1a48c8a03ce2e6dc733b
SHA256 e2c98b9c72786aca1ef69f4fb3f695131b6d61c994a2924c75b4382f3cc5211e
SHA512 6322ac589ab35fd4ad90b3a395654d4f0deb53fed9aaf28a509e3e73bb76baeca13dc2f9dd3919c720955de5eecbcc40ddecceb1d3ef1bc81823ebdedbf31cb7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 bdd432f6c47fdca9af75a0b5f55501a0
SHA1 bf4b63c28ac1342e16918e89404b4befa9e55535
SHA256 a2ef54f126203bc5046cd6bfcd1064fee5f6be4a0bae0d4a1b52193603cb3975
SHA512 8edee3255a47095f0dcb54ed38f69f222a5177805f3786f5bfc0a6aaaa84bdf0abefecb581dac68c7d36bc25d5b46e93d385094b655396665babd2f7503d795b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 a38d63843851215100a0b3726d5b3746
SHA1 7104215d5ebaeb9719266a7047dc71e644422d9b
SHA256 a4e46364a7e5f7185d0f3799c6b46fbd6336f93aabdb66403f6423ac2b5eddbd
SHA512 64f33a91b87015837afe93c9677cbd0fb7eb1e3be2e23828cd026c98162355b628d3e58e6b34c5d83a72e0ffff987c59dfe8be4e2442e59ef4ffa5557d17cd13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 4b4bc4059f0415d022659d9a43118253
SHA1 dcd76dc55aa2a163d81674671e6ee0628520ee1d
SHA256 5c165393b29012dae580db6537a142fce21abb45cc422654ddbbad836cd3e0e2
SHA512 662ab95c8ccaf64b2acb861a4b259ddfa49be8c129b01fd38728bb835c141fa6f5952b61a657a38ecafce0a74ecd6ff45b78586128e9976a9be350660aaaddda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 04e9ece717fcc90ea99d2c1402d473fe
SHA1 7d14530d27492a7d67c9b1b9799596a502822bfe
SHA256 ba3ee121bcb558ee48e8e7e71f063b6e698b61c5e13d79b0c4940ec36b8e7669
SHA512 12d70a7158e4b61ddc9576f1ab0fcc385945b660de0afad6b353de4661993ef07622d679388c9ef0eb0bdf2dcd8c6dd184cadd90d3d5926363998997f0269dc4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 34cfcf8d380a69dff95a6997fe3cb3a4
SHA1 14a0f1a4c41af5d7c47398e80a58c7be53e0ab9f
SHA256 b09d56b00367c31f8a4443f3b56d24eb67b5de71e93d818595586264f45dcfe2
SHA512 b0536aab562365f203977b594599e431995c01c36bdaafa239ec51dad415d9fe9b147811b761b8887297d94a67dabf5cbed8b17634ded4bcab3479bd356c5176

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 231a1d89691989eafff64085c0db7a7f
SHA1 c91d536dad694d2b887f51ba6c791b70a8e11494
SHA256 8a2c1b686bc6e8c33e9b35d18c0a65b58c91c23102503c82c7346cb1c527786e
SHA512 c8f52dc690a9caff403aa0d7daeef98886cd447de7a421234de8dba4826869109f9a5142bb0dc80367153b929053845b3d1dbff945f469cb20b90c86154bdf0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 886be17066c6505e2abc5b9f1606d9b8
SHA1 7f2757a4cfc86b23456a910bf9fea2233b73f686
SHA256 6276e7d0c9b537a342b4febdd76b5760a0c5852974786bbc2d2efeeaa2550430
SHA512 2bee22e54d997e02dc326409665f5b6b8957dd446aa554c31fd4ed1b19fe98cc11093dcde11e6d020a00e97f7ba79a738d971418372fde9a78ca8788ee347631

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 8e9229d4381e06d70337112331b60ae1
SHA1 3812d8fa68447406968b0aa3efa6cf076af7b8d5
SHA256 66ea9f93d96f936367fe1bde074c6d295ebca8c33f034134dab4b59291ae31be
SHA512 fa09186bf7956e93f86cc85cbdbabbef3730fc910f57c94387a278b2fd8303554b0f514ff5a8b4d737e1b32629effa3175c4bd0e4d3055edee335cb34119e7e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 6d638e34aeb221aed4ecc608faa5d3e4
SHA1 bba880498df3c999788f5c56d301032ea74569e7
SHA256 36ba71026b6c261c7401c298d79517023fa11e980cb64607f38b1991dd0ee8af
SHA512 d909154b65447d15b5a0facbbf0625791c3c50190f5f243b0c69c6c2ead3f713b4cca2b38230bdfa91e3dee53bb11bfa3e2889ab64d336256a795607489a4214

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8ed5d6c8b437b396161034663585b202
SHA1 7535a33c96f96818907cba1c362d7a4c798a13e8
SHA256 1082b5d75d9d67c01a957fad00f32fd88c320fbda2a0a41de351a901cd2ef342
SHA512 268e3b497b2ae77e936b7f0c943a0f3803e5bef8696d01aa62ee7cd81806dd3b82419a541dee047c69217c8cf7673da90d672ef707075f69a27eafa03f5a07ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 679df2f31dd275569686b76bb6699293
SHA1 13be297205234ea39154dba471a9b6696ae05866
SHA256 cedab0c2cfee6e0204d4da0131c1a9b23b0fdba61ec70abdf57b7fde137c872f
SHA512 e3f8399cb247b812e3036ae4792fd22b1a56d8a4b586445945ae22fbb0af619b555377715dea5ea662b5860b578d84e0b11c19fc4c87c6e85e51c752e3860892

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 98329fffe05716a26bcce8fb9998d63c
SHA1 cc9e0a65cdfbe5a0873cbc014c3c5c4c333397ef
SHA256 2a4ca4c6f70d9c388724a944f1c988008aeafb4399fc12c4395f13918a780c6e
SHA512 c78e3fc2f4c49b810a2c272591b2d0aa2cd915aaae9fd9bf3c8590cf7794abf6f4482df60c7953c253811d4b96d54f5d82f554ab2a1fb2ada1f8bbec187e2cca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 78f3ba8e2ba8bbbfbc1c017a0e0580cf
SHA1 228db7f26a483de9cdc22c68053cb9c73fc52c4b
SHA256 14118a603ae9c441402dd552112577726194e9107b5b45eb1a3da1a935ae6dd8
SHA512 fa26a78aba44ff514780394027de4589d263e78b57bd51eb6a67d91c5091c9ea800ed8eee67bcdeb01f2f94807fe68ec85c31fe1666551bedf3c2fa8fb2e4c1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b209b3a271ac4e6241323104858dd131
SHA1 6947bad37b2ccff9fdb59b7e3a0ddfa8ae2f9898
SHA256 201ef76427687ff7e5d3f356c5462b7679ba5dbdc77f9fddf89d34f629ea90a3
SHA512 0351e941440d06d27be82eaeb34bcebc13a3b56b119da7dca2d27ae45009ce97abac1e410ccec69b02afca0bb1de2b7a5df2ae7fa82208bb2a7ea966d3c25c06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 5a5bd2c0115e08adf6ef447601422b52
SHA1 0117e14c650e26e1f41c7c6f479bf23e191ebf0a
SHA256 0fc39024922a16b6c54e3b9e1ea17ea160dc7ce46b8d81336239153bc3619941
SHA512 2a6963d9d5a2cb2424afb0fd14e732de95bfd483ad3066898aeb337a53d591639f3a46b7e5dbea7494c28ac10f6aafddf29d4b720ec06a88fdd796c97dce2c6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 c4d113ab8fbbc237e2fd0a2bcb2ccb9a
SHA1 c6c0e97061e47a681483437a08f5a42b5bbd900a
SHA256 f51b30627f58aef8ddcc5a945ef3b63619811583a08413b00511f1df67070104
SHA512 c70440c5be957d5b4135b5548533eae529ba19276e8208c424fee06ca8fa29be273da1b1b4ed10a247e580b5908f57d95d207a3bd3cc249f7617c9d98eeb42ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 4551171bb2e02dbeb408766aadb37c41
SHA1 314af2b9d5f482a6c28cbdfd5ea46f6cfef9f4b5
SHA256 49f2d91a89dcc87e2ab01de9f061c7e44bd28ab6b68d45ed9343fe9a4e7bd0f1
SHA512 fd4c3b237933c6f7289246effb59063d6dc5e1ae7010e6852126c2f52f265d6ef39bca5116b74f48c3527da78984b72a817c804135295bf6e81182828553a815

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 cfbdffa417e0fd8efd65f472f4d5ca4e
SHA1 3142b553a0181ed3d822bd7131f1608f388418e2
SHA256 9d288d57494d9f5ef68b42a1969acae164cf908dcf7dc9c23a746bf1532c3324
SHA512 d526b023b6fedf91a932b8dfe486a6acf0defe39c7d49455adca7e04b3647418bb657d2faea1a84df119c1ab034fcce400ce1191d5d74f78f0eb24dcce3025eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d7f3b78cd468f767b3ccf1c3d95c72a0
SHA1 139c62aeeab0fb3d7a1c84f982df5f267332e647
SHA256 6ad1bb497b1ea51dd0ebc888bd0f11b4b1a49819c9ee34ef87e2caad245bd5ef
SHA512 a42004bc4faae5984c0e004f5f9b576a39ae6d4233374199a1fb9d246ddc7a6ca819d707190a6d093b75e3ea9956457557bc4808f39b9db42230a4b947981114

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 5c9cdd79b08aafb0cb484942a86cd88d
SHA1 61a7f4cdc461558d458f3258274a5fea3af7e8d9
SHA256 117e33fb83d924e74c52e777b12398798af68c06fc969d866f620eda82ed0844
SHA512 b7a0964cb4d936a8ee1ba2db2ed76b2d8ce374f209008a472a7133ee4e6984595b9fd111abc405eb3dbfd7fa82339a0810d3b400c82ad6cf1b5a4dd11807829b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 3cd74c6dd154feb888a6cccb62b2c2e2
SHA1 742625ffd7f49a3ddcc64604896522db3b80720a
SHA256 4d065afadaa0940d90413d438efd6dd2f5c794e206e69a18f5edcf0c9efb2870
SHA512 dffb18622c5cfa7a91f0fdbb7953df52de35b934d29e38444eea4e2b164dbb74c4d37845ad0960a3a9f223c77c379f89cdfafdc34855105451624479ea9c0e49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 09146668e0408d10c44f01966a4bffaa
SHA1 3541b2d52bc6d511adb3153cb7c28365f1ca073a
SHA256 fd33bec0cdec1df56b459a9c7fb462ab093d250606f4a8fe0d8eab08c295735a
SHA512 c5f119df91aca573c1a78742f0037e1e68464f2f89f181b6d3558cf54a17bedfabad5d7566b4956816d8460ddb357368bb5c786a2e98733355234ab13f869dd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 295020d7df3713a692a3a9847a4d895b
SHA1 37b7dc999591d0087b55c1bd0a843eebfd284400
SHA256 639689f4480a61bb34a5507eb0088ec11132e25b9dcc83d4e7a098e741a3f3da
SHA512 675dee528d96fb78b6ebd7c3d2f0fc55cae6c530214367a8641a994cb96465ee83df92785db1897f1144864284f5deefb3aab69071344208f8d33d74c022f7e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 cc42aebfc507985dcb5103d6c898bb14
SHA1 eff73d81f04361012619064ecf941b73963a413c
SHA256 d5090062eb6d6cc7f58358b022a5b62f99d16fb722173cd3b7157be782c8495f
SHA512 e047edaa545c611d77894fd5f4552d824d6ad4ead118343a0fd03ce2e6883846b51d12ddb73228b1d1d6f0f7b183b9cb332e95f6f7bff7aaba44562529cc4185

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5ecdaaef9565c1710c2f5662c2f99791
SHA1 5f6412526ca7bef984b9c7aae901284cddcd5218
SHA256 a4ee891f992b2fba3382a25f8cebe26480d4bdd21b00009387784ef294f4b8a3
SHA512 a6dfedccc63b5b2215eddf02081d7d7f3ddb7c11e9034d28a3137f1058a94f67fca75be99dbafb2e140dff5c2ae2085abf30652db7eaee1662c866f2edeb88e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 9f7bac31d9911e03c7537816c106a179
SHA1 3393d50d7c5d2faca4d8d3db5f2f93ff5670f522
SHA256 df232b3c90ec64b58b7b94a8af9ddab63502836704bfa3b6d6d7dac892d5acc5
SHA512 e1a623ec46f807410e5d4946134d7ab4d7cd1f34fee566d2ad7fc6ffa7f9e95cc1bc67db0adfde10f1d9e1a2f00eb26503576c42825ab12d94d41725181fcb0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 75b29f2bd34bdd762ea5c459b20ac0b0
SHA1 e0fd340147a38026c30d0efc83ec239afd431aa6
SHA256 6609623b399b0cb1b7456b18b4481f2bbf909dcb22aba80f1b5187299153a9c4
SHA512 a68a12055f63f48b574d05dcaef93c7e664c8feddc3d27637898635c0c4a3c5e21d6c079d7fc39e6946f3233097b72a6c1c6a6752fcfe7c42332ee055245780b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 adda3f289e04693ff48073ea77c609b6
SHA1 4bb06a1e3adfaad94263b4a130f454cffdd9cbc5
SHA256 be1234dd8bc92e67121610d9af715b5d131b3f56621676fb4c1ee5e51cfdcd8b
SHA512 4016c21eb06cac19212dd54323c84b5d0f1c050275a10e4f14c2e9814764487dedeadb90d11fe8b90cbb025818ca165adfbd81a71274650615b5f8f0f2b848c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 7ba65380ed1b35c7ad7ef58ecaa778db
SHA1 e2321d218fccb259c3942a0bb9399e1468f0cb6d
SHA256 545b3602b582b772a520c533080cfcad95c9b997b74a7754ac58d019b6e744f0
SHA512 c289e8faa0befc11b9fce1889fe9e9d863fff90759f74b9aa3386555c0de506db0ca74b00e3965a8649f0cfd2f60b25f9019a815e663ee36e95af61446e7aa0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 0d8069485fcda84df04165399fc08012
SHA1 19fa3d5bf68a57701f024376c1dd7474d14b3609
SHA256 835e3fdf281469682193b4f9218bbaa5ab8d1bd0968fd9db899bf69840452909
SHA512 aaf6906258be1b0a7c520751e7cf61bff0459297a4164995db1063c21dab4f6459f5cb03ea7b4d07ec857992dbabdc9003fae243a766e37894d69912c69ddd55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 70f6551b1faab8335f03bb64bd73f3e6
SHA1 68e0e71ff764bbed4d91c7531f50ed4137f1d403
SHA256 17cb765940a0f5b8f5396d6d080320f6ec05f0b8cdcfbdcd11a94fe1c2857e64
SHA512 e8f2128c3762cdf774f3af4e2f38e0296f32a955553306fe21790f495971a7ad09a50f75818746d822a692fe3d71e8fd917412ca036eba25386a4035a142410b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 812ef0aacb246fd2f9530b226caa350e
SHA1 5d383f6b66f1eb08fe240d43551acfa5edbe99d3
SHA256 c20eabb7d774bc28466fec5d708f60e5765339ecbbeb04a64623c8a672e56c77
SHA512 4b45cdedeeb749681835ee2a256c717aaa563fb129d915c800bc58a13d56118ad7932c7a87bc9d1f2e7698a483e91c38c6075422f2646d351b111046fd1fea5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 01c6fb640d4fa9db9dfa0783d19968de
SHA1 cac865a9df53ad38121568ad44902573a7f29202
SHA256 3e754c4c7935f62bfbaa95c947dd9a3caa483bfc1f6cca243c58ef84d95db36c
SHA512 66387eae968004d282acf695f4dd7bd1e65e940409cf7ea10ec0fac8cfe693914d0035d089b7befb36997eced4a2c2bd6ae173b7ae06f4ec51447e17575e0352

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 d3dccf9b8c8fdcff8778b7c31e75e4ee
SHA1 05d0c315782f0550f0b00cf9e2a1b6deb06da237
SHA256 888718e1db3412308e4d96059c180d9dbb520647cb9576fce7bb8e53d02b030d
SHA512 a48b79f05766804b6a9e3971bcc1e68a360b6bae4e40a2bb0768742f55efd290e35dab7bc5999d4d47d5f17efd4bfc2bd52666eb22172761eb54ebef53c001c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 8a9792f3630eb7eca062b40fc624f5e8
SHA1 09d3c8650c923b17cab371147859e33791e9bb64
SHA256 4feeb072a352256e37851c19ff06347e93da019794f10e4f969d9dfa9b0045c0
SHA512 88b4684c4858db95d6b3c1b9cd1e4cf67f099d1cff83b484d4ef86cbd21f1abb787c951da1c2c6c96abf5c7d01aba88c49a81a90ebea775e931f44a86e05e593

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 6867656d3689873a659131e317e644ab
SHA1 7a16b1d07611e3a16f64e41322e7b7d8f1ae24e6
SHA256 c7ec3f458db1394196db7292d4794eb6ee766ce0f627554fdb774fbe563b905e
SHA512 829201433b614258755cb2726f5f8ef9cae4c755e2207987f2d58d959c1cd622870a90553e4e38a6ee8e631bbb7531ab450bdbab960e6f7563d0bdd44455f29a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 56b6883cc0ca936f107ef4a2950d97f7
SHA1 bc13f3f49be9cc91232efcb5a14d0a10c7308af9
SHA256 0e6b99f51de4bc8006c7cd4fbdd71f91660da8019285a2f5608196b79696f75d
SHA512 98acc04a7ee1963e168e7fe42eec0be53872857293e74a8a90c9632c808875d628341131b2561281a5678175397bdd5d4b5bee032f766f5256fc427794ae3481

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 7fd243c1abc56f71bedd46a5a85e7885
SHA1 0115e5adc77df54360f41ea68e0afe233a152422
SHA256 faf73dad994c35e07364c7632de9b94db7ad2ea8e43995c872e9af7d036109f2
SHA512 cb8ce79b3def001443688963ba92dca11ee3f3fe641fc8fea59501394bb6aa6e3d00075f96f3174132798b95929b14f63d4ecb59a8aefadf08b94d5a7f5ccf92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 2328b1a684f62eb5787f360bc7b873cb
SHA1 ce08b4691689d802ca884766274d9b3cdfdb8553
SHA256 9bb457b0669ef0cb1338d2b084135245f58a94d74df5c6474811181e8ae0628a
SHA512 8424d17ed8e74014362205510db0032f345847564597b22a8f9b800b72f4b563f47f513961dcd8b069df2c70e85632a8ab0f613dd9ad4c1aa9cb20ddd99a455d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 0aef98a3178205e4feffa5f9cefc50ec
SHA1 9af4b84fb6f51fc39f83097d119aa51b988e01de
SHA256 3550f85c08b4078ad297ef93d8f882d4a109c1da30b465f3d58b1ad501eab8ad
SHA512 ec1c66e6622499107a3546f20744973174cdb3d3b992198cbe39e5f6a9b09e3a7c714f2f4d21dce4896f7737fafe42e9931b24817e36167070421144d1d8014f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 57d114bc34bdc26bcbb719ed348c291b
SHA1 c5b4013742082ca193e2ceeb33a677bfa501182c
SHA256 bb4f612edc66cd87506d7c048077fe7858b303be66067f1b43f6fadcb201e4e4
SHA512 1aa774e4ffcd9ed556fd254e9ea98392a403de1645aa550a87d25e586157bbf88283ff2c7b43d5613abcb7d341a4495ff845a8ab8e3ee41b26f9fb6436331efa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 80640b22f4504802cc3dafdbc34648e7
SHA1 5cd499c74190dae0755ff3690ab12ad912f53618
SHA256 96df4d6a13c18e7e414a790630945b92323a6e1183932ec42f085a76d3266a0e
SHA512 e9fc7ea002697584fa0a41f79d23c8be260cc40cf931429db2bb020f81684e98ab15641937deead9885be3ed4b50d086373823c2ac66d2254f16ad2905ab90e1

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 2e8e6ebf5cc359f461fc2308d8fdc601
SHA1 7749515d7ae56f65003f46cfdcaaaa0c5273b362
SHA256 bdc95f9200d035ad71701a8109f60994767ab126dcfb9dd22dc1cea5b6c1c29d
SHA512 2024d3e4904dd43381b3a68de6efa13bbe3e718f317f6180f7be822e4b9b0f372ce4772c131247d8fd8fe8947c2eddae167b57c36368c81a6e5a5e9762ade8be

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 64a6a28010dfcefb70e322d964b2429c
SHA1 6d4e730eb27ec7583ec7838e8299edaea7c5a67e
SHA256 8bb51432779b211f141a44696688bda9a4b3c93ca807ae38afd81ded6fdf471b
SHA512 35d802b218b724438b1c730ff5126a661ac24dc96feb25959375f6c9603f529c0da0a204afb11faf81c8bcfc2d746e346e52a1f6e0786a814f09e6f670324a57

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 37ae686587eaae24e532fe5160a3f845
SHA1 4957c177ae29c7dad8133f071ab88aa9a4b6df33
SHA256 691cde514dbc60b4571c6c65aeb101372a236bd17d4ac45ba88fed55434dbe01
SHA512 838d8b6aac7f61e14d968058aa82ddff26cc1790568fedbfd41027a305fa44fa4e253fb1b625c40bebe70931b5f6d43c1e95ef8ead924370618d8867c032a6e0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d98239746b9e6e4a4f77ef6cb7b69f5b
SHA1 113a01385c3428a1bc95673e0701e9cb399aec6c
SHA256 f269be75d765ac024a5ef1b52d0909cab313a10554875befa04d598c5681cfaa
SHA512 8ada09f4c4c24ce18a9a7161bcda4150500ab9dfdc6f4078b2258cbbb61753de3427df11dc617084e312b7121f684e472f04d8fc83655664057650aad239e878

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1d3325cc916e9d1d52a894345b1680cb
SHA1 702097874d63f72e031f9f0b06815213e52c23b6
SHA256 07c930ffc212d47a874b453e5bede5204fea0e61db01fd3f8b23d2b7ec31b4e8
SHA512 5744503015c3cd0a06b6365102af54ee4f8c07fa74280eca60554fa3d518964fea8b8d9ffd396d93f1984b042c5ff772fd288a58df90816e37e6af1e33c1d570

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bec64a2f6ac55c7835d193be3c3ee9c6
SHA1 d77334e9329b5e3e7546be71f7a7e776b939e2e7
SHA256 4166d40220c459c03afb2f083c99278c75485bce0200c0ed18d33a04be78c450
SHA512 e4a5d87b4d1af90402678e5e393cd60619292190f03697d2bb1d98d05c5167feb5594da48a5f95db43b6590116ceeb220a49f4f989a4fe4137f1d027b8395edf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 1a1d381e1d130f957a227e3402cdbc60
SHA1 3e5976991b97bdd481dd36957c54e41aa9dcd9dd
SHA256 79c82725ad7202fde2a12fd6ba414601cf211049cffa0215daecb68fb55b2f14
SHA512 585be953fb0f06dbd07d2a95253fa829dc1ca8611caa90d30c89d9f2ebdd21bdf146de1bc4fa6a05b519e5cca5265b9389068e148ae95b63baa78b785e8862a1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 91a0a7b8c2d9a111fc7c10acd975ab93
SHA1 fcb8cb2dbac67e2922dcb1de9d37741180ac2200
SHA256 c8b22def06ecab1bffb7c4bcb09b7150676c0707b135aa6362b3e32e9f30db73
SHA512 3bcdcef51c83925548c5179cdf52a2512ec8947560da85702d3b46fb9ed343b88371e2e8788e1b2326041081467e7636c7de1f01f0e782c77da0ff2288e21703

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 c3abe78fd5837bf035798c7b816af5fb
SHA1 7f50450cc109d00fc8ba7fe490128afe466de0f7
SHA256 974fe6ba7a2e611e2befa57a2366c44c20520f7085a7ac00a64e535e8978ee59
SHA512 9b5c6d6ba0b91dd249e5a4c40027257595a4e79cde4bf2bafb1db0b3b1b4239ecff6c4757b9a5bea4b7d6a4880fb231efbc3d6bea97df5d5a91b82f0bd1ad8c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3fb15dafa06586e7dc33b6296bb0d888
SHA1 f15d1795db2c010970405f677003ebb65395b5d7
SHA256 4033aebe6bebbbdfe94beee155925c461165e51382ba75cdd93eb35732c213ef
SHA512 c91a4cae2fd45a0290a0ea7432fe8d2d4d605039b90a7f54368ffbeb5fdbd7aabf5ebe8d6a3042686e23d626890bb052224ad9d26fdc9c071c910f1de5bb08bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 fcb6ba66484314910d3db6cfe8eeca36
SHA1 7c0e4c4bd445b6e73144a272cd36e1324487f04f
SHA256 92dd7183705135e292170b9f3f5286b1a5e93f9ba80ebbef4f0847097a18534d
SHA512 bd0ec42fd544c68adb60919385df54a9dc008fbad22de3473458610f3ff1d9b80cbd472680dc133940e631c351f59a3ad0bdd6a18d6b1dea9efccb6115407bd5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 dcc8edabdf54ea28859dbf2b2a7044b2
SHA1 872031d1222df3925d65dee0073646ad706eed0a
SHA256 318f1541522bf21e82183ed64f739ea1bba2b0cee4ab071a4eed0e1e7e5e01be
SHA512 d93743ba14ef2f688ef70334cb79dec4ceb609f1f8d9e40962b04e2fe3c4e363225e5f055e8cb9db915bb05a7501ba38fa31da69c093e20336b6c16808bdcd37

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5f3cb496aa9c4143b46d5b93990e2ea8
SHA1 6e757737cd0afdb78c43a582e6f7e3359c186e64
SHA256 989c57f1151285b622fef9429d8ba0437814a09fae56aab0d4cd11205e60f942
SHA512 fd3a0fe8d04771ff83f173de0a2ffe548bc33323f22b02a811a62dd2687fa3cf25f239ba3a9a6477f8f19aeb195b9042df67735b120d03fb3d8b7748e71c3dd9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 09e52e14cb4a7973628716800e4e14dc
SHA1 72eb0175c693955567c30b0d13dee45a5a49a5a9
SHA256 a4a20488be846ded77db824977e113a106e589452c54ef6c707070f9ac2a901e
SHA512 6767e9816b56bad32aea174894d9d65f86016f7bd1fce2356bbd9c7b611df29d06e24e98d9fbb9f6381030cacdb5e007b6ee91dbfede5389fd366e02087fd7fc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 99883e4ff825f96937d5ce41c63e4cb6
SHA1 447b5a9a39d0539acb038a62ba3a87af864ca8e4
SHA256 afc76e72295f02347e422bb6905e709ba37d651b70c65f83b865fa576a9cf654
SHA512 0d85a8b08d8a7b886549b5fa5b8d01e22ff55f2f5950b1952024771d4f4a6ae7a2ab5654636620d4a98373473eb6318cb721f864e2d38a9805ee36cf06080ae4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d6f0f6fc1ba217da1b0ffbf198e5ae72
SHA1 f1047aa675d7710f222d2f671157940e3b9923ea
SHA256 c11278970c8edee49cb821e26a8c161778ad07643e58ebad7b7b7074eae101f7
SHA512 840f102731258bbf12e931d9a15eea70b0f11a0d05de79eef56fe545febba495f2caf71427655b12038cd9f0cba51ccfc237935a1ff90a1a5a3dc2c43a9214bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c0cd80923a2a087599b7afc2f575332c
SHA1 473c3b183c393fb75d26bb7768d5e9f326313146
SHA256 d5ab7240b560e1e761a2473a115b14dedc6dcaff466c4dc1ac95364c85776bb5
SHA512 0d90cffa3d2b6e3ff41a3fe86f039f30343418825c2d83eb19e0d8a0d7da8a7b1d325b78ac66ece4fb1d68b83a4f4ee01c19a29e769bddf13a6850e76ffaf839

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e32d9bf7adb2047bf292fa3aa0072c24
SHA1 2f24b2c5e9456c7b0b457bc32e84f77f8f88edcb
SHA256 68225918a62b508ad11c616be14cb888d39480a8bff0ab8c72e322ce10339ed7
SHA512 489cdc8a4f084c75c2883cf30ef74af6531e5552dddd3f5170ea07d967043aac120ab7687a635d92434a3646261d6c3d2fb9eee82da16306a9e33108b5798944

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0d718c0def2f2163475f0759b14d0484
SHA1 7c76908169780975a392548550b7e1b87aa44b78
SHA256 57acdb07130122056b09da925b254e12b80ca640e08460ff40de19d04bdff9a5
SHA512 eae4741d3660a3c7485326aa39da593945507fc9b7e7ce5fc2b4d71417edadd316611bc7e57216c3668ecef87285362c806c092659404c8bab2c4a0e0b853b15

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 a9a7602a94b1289896d5976ac77afc72
SHA1 af9aecb7d399722a0735760f9ab2d3ea1ed38933
SHA256 7c68407f107bcf206b4e2101f86f04b34e0c14df8319c771e6d3a08fe66e20d4
SHA512 cffede1e9727912035db5c66f90c010c717ff93a50dbc4230b88f660db906a5e0016c1a990bcdafb47be0b28f8e2787aa7aeab5efadce4bac0372c3871de850d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 428a2d59b920bf12563ffa39c58b6a98
SHA1 7d2dbf8487c7b04c2afddfa4af0f0f7a7e1d9daa
SHA256 8566f6e66975382ff313ca82bb83f52623a5de52b6c42f2fc078ae99aae3d0b0
SHA512 09f7b178f6793248a9597ca3831a530721aaac9e9681b5358fe31af7c277b03fa6e71771551927e36b993bc0ef06dd87d9cbceb2d63f9270098fa0b14966d072

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 fb1fc16fb6691647e700d16cc25a64a5
SHA1 9bb8bfc1bc8202175c9679ef17cb3b915d7779da
SHA256 bc8a225f9bad69badc1db203912d9819b1a4d334b3295d588c3739113e2768c0
SHA512 0875e17df74878aec20076c0455ed507dbcf25ca39932e74265d15840ac6fb9933bfba1893486127bdd91663c7277bb0edfb4b1e80b2e42de226befc1fb56aff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 2736df30bd3d3c1b11a8319f2b83ab8a
SHA1 7202b5e5623fd5c6b09177ba9d66dfdf6b30b7d5
SHA256 482b79f30778134526f88f61a2b76f63bac4919278acc7990e6e27bbff989aaa
SHA512 e14eb86bc0a1c3917671df47e9b1e7f8f223187d21c236298970bc801f841175dbc1fd6b3ced76816a532064662aeb24f3d5b7b5ca66c7ad38d3171508f89047

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 20:11

Reported

2024-10-11 20:14

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe"

Signatures

Renames multiple (2492) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\setupugc.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_d2feb24c2d3b69d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\quickassist.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesHardware.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mountvol.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_bfabc750039f8ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\write.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fontview.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\grpconv.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\poqexec.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wlanext.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\sdiagnhost.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\taskkill.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Movie-TVStoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\0.jpg C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-300.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MediumTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-400.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-200_contrast-high.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\155.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xeccf.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\refresh_16x16x32.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..inproviders-sysprep_31bf3856ad364e35_10.0.19041.746_none_bea59e0931f7c640\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_th-th_cc0984942d02f7eb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_2dba726627cb85f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncutil_31bf3856ad364e35_10.0.19041.746_none_aed5253f365b5b9c\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b54f84171be7cdbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..redexperiences-rome_31bf3856ad364e35_10.0.19041.746_none_d7f324039a2aaa61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpf-xamlviewerapplicationmanifest_31bf3856ad364e35_10.0.19041.1_none_1e764532703a0333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1202_none_687eafd94efb2680\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-docking.virtualinput_31bf3856ad364e35_10.0.19041.746_none_2c0c715916f96491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..-brightnessoverride_31bf3856ad364e35_10.0.19041.746_none_6efacde02c8ff6d7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..anifests-multimedia_31bf3856ad364e35_10.0.19041.1_none_95b06575d95c865c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..vice-core.resources_31bf3856ad364e35_10.0.19041.1_es-es_eb31f8fea2dfe0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_10.0.19041.746_none_cc5cbb9556301da3\f\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_1.0.0.0_es-es_255ec101005b0aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Search\Images\logo.contrast-white.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_it-it_6faeee6765322d55\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_a98fa7a55b7254d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-system-prof..ndusagedatasettings_31bf3856ad364e35_10.0.19041.1081_none_2b3c7a2036e50df6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-spectrum.resources_31bf3856ad364e35_10.0.19041.1_it-it_8bd6166c11d2696c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-c..ility-authorization_31bf3856ad364e35_10.0.19041.546_none_0358b624269da8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_hdaudio.inf_31bf3856ad364e35_10.0.19041.264_none_85b11fb141389a24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-embeddedmodeclient_31bf3856ad364e35_10.0.19041.746_none_4fb34254813d8ad0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..randsleep.resources_31bf3856ad364e35_10.0.19041.1_it-it_f5b981a11104223c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_it-it_078030222d07dadb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup.resources_31bf3856ad364e35_10.0.19041.1_it-it_2ef59f197ceaa938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.84_none_623e60e66ae26fa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-editions-professional_31bf3856ad364e35_10.0.19041.264_none_ba5e4a287945a683\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netmlx5.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_72ce0a3052a34df4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlanu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1c5dded6aa4dfc46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.1110_none_cab79e1fdc701903\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f70e304c2189961c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ninetcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93d9a22b0b887089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_10.0.19041.1_de-de_d9921e87d94a4697\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..g-xpsdocumentwriter_31bf3856ad364e35_10.0.19041.1_none_d8c9ac6e0263d02c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Placeholder_buddy.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_10.0.19041.1_it-it_bc6dc6e0de71a48c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..licationframe-frame_31bf3856ad364e35_10.0.19041.844_none_9b0aad7020eb38fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_es-es_cd98d0d5d4d6e6d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_10.0.19041.546_none_8a1687c8ee003137\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-microsoft_wo..compiler_exe_config_b03f5f7f11d50a3a_4.0.15805.0_none_68f953a8b97b9b59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-adamsync_31bf3856ad364e35_10.0.19041.1081_none_6700b2d2d3c0055f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..2platform.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_cd47e95d95b0a88c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasmontr.resources_31bf3856ad364e35_10.0.19041.1_de-de_2ce217fbfc9490f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.19041.1_none_a8893249a6634a0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..g-fdprint.resources_31bf3856ad364e35_10.0.19041.1_it-it_b1e93b97f39c4d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.844_none_97ef5f6f3319407d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-energy-winrt_31bf3856ad364e35_10.0.19041.746_none_f6023431579920d9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz...settings.resources_31bf3856ad364e35_10.0.19041.1_it-it_440cfdc121329734\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\StoreLogo.Theme-Dark_Scale-100.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-containers-library_31bf3856ad364e35_10.0.19041.964_none_2383002bcbcd8080\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0d9fe2d210cd94c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-data-pdf_31bf3856ad364e35_10.0.19041.1023_none_758123c77d34120c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directmanipulation_31bf3856ad364e35_10.0.19041.1202_none_cc30ef1d8b2537d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f71cc30c4094ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.iis.power...commands.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_10ae445875acb7ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_c05026eaafcf5a72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..sql-netlibs-winsock_31bf3856ad364e35_10.0.19041.1_none_59b60282102898c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-userexperienceinfo_31bf3856ad364e35_10.0.19041.746_none_98ba67b06bf4cfc8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-windowmanagement_31bf3856ad364e35_10.0.19041.746_none_312012852f12d5c0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..xperfcore.resources_31bf3856ad364e35_10.0.19041.1_de-de_537654a56e0fc662\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ITRMMXILISAOBTR" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe,0" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\369b0daed0dd96a6ea47597e210df93c_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 edf3d4399582c7a1e8e1db50eb8f63ae
SHA1 2b7d5a0b8c2f0c6a1e233f0068046b0fd801b968
SHA256 9c5ee7821cfe0279ee6f64936c361a251b9f1f36dd2603051063230712017ec5
SHA512 16433b80fca0ede9110f2315ab0689a04ec2e490858fb19650986b7f46da7d317c0dd0519813f2ae67c4bae7bf00930ef4b6fb231ce6921b0e8f2ebfde114ddf

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b2c878016f854f614eae23054c96467e
SHA1 8ce5f8f8c30b1e03dc405235a9194767a1008466
SHA256 d3980f752d066125e74dc259902022a3538a4ab1d91287aab8c2a39379e60474
SHA512 e3620dd338b6b31dbe092317b7c22b4e1944f719c99438d4c01265a20a47579be5f6caecab889522fec321d37c51c41571836e0a7700174c8e90480c78459715

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 bbca51f47703ec28549e7985c01ede2b
SHA1 4ae3d65739e6fbadb17f531adc789340bde8cffb
SHA256 df3604ae4bc281f58f928601d2d8031c7853b859f71fcdb4bdc80eab7a911bad
SHA512 c51cb131bd20e51d28aad59210bf90bfd11f54fc8df60afb65f3d3ec3d4829e116a79d01aa91947b1d778a572c5a663be5754df6f16a61887c8c36601d4f39db

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 92d4d0610ae82b3b81127bcf2152c45e
SHA1 c450c9fd1b49af056d4779f0af2652f2a0c60603
SHA256 feccdaf29ae4e5d203f4c70d2fec72367afc0e33be023821eb480dd85e135319
SHA512 55c96e2990979fa78e22d30ae6992d220df9e7d5ebec078a5e79e0f77cc85b323f6294d5374284baf2c957b7f09f3e21159149f7784506a08fd220142ce95ca4

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 fc3588afe9d72e2f2486525f460120d9
SHA1 b7cfd82083d0967c35418e11b05a0c900f6fca4b
SHA256 f7acea10972fc604994452e083fc63b7ad08d62556c998848d935cab791a573c
SHA512 f8cb9d8f78e1cadf1627f1439054569d78bc2d36219ac6cef856b2add8f38ff6c8f59b411834b4b452bb294b773fe79886e1c1128bb58ed1e946710c4b7ddf70

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 8c3444286e03a23648690cdca1ef4093
SHA1 83fa048c02048ba335320f549fac2042a2a774dd
SHA256 9ca00227fc5519cd0ac176469649b3b6111faac19a5c33645e89875467efc207
SHA512 3992b29a8425b3fcb5f628f68ad40742ea761e67e6b3ca7f8f3030620dd5864dd30e3cedfd5fc4342b4b1733ac62ef1455bf36ef37036a1ee0c598bb056cc577

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6deae20cebff26e8eba882ef3299344c
SHA1 6de8acd27fbef2d7b77c1df08781c6611345b1a0
SHA256 63f887d85b10e871237aa417f4192247f27e793ee88a45f7bdac0dc96f8e803c
SHA512 ec33bc9a4380c52d30bc29e1f340bfc6948a5aa8781e822965df4f5ef6e5006fb589b35f38f229eb37250fbcb5206d8b0c0f513eb04a2faef4d0a26e048a29e9

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 9baf4f29f8a6137b613362d56e3cb44b
SHA1 86f548c7a7ef4b1418e1cd085bb1d94654aeabe6
SHA256 47dec8e024cd6253f3a6e95da5de2d51fe9cff4c58828d062dd15153b05c6dfd
SHA512 abbe088f21773531303fa4458c547cddb7f1727964b199a553c02e14fcf2b5e8d1f6dbd472105f9f2839cde1628c6e2e12439b5306504b9b7e615008fc366a76

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 165a0d24d1e3df93ee1707fac99423a1
SHA1 0c49c22d29d08c649e7422176f0699ddd917e696
SHA256 4fd37c528a47c248549e1caf4f534a2ff047e57a84f52defc6b5c4bb4eff56d8
SHA512 fa6950ef1060611dda9c4218f2de5c64932484eaa15bf42158c50bbf9daf907bd09ba4286dd83d5ddc2265bea570f018b31bcdbd69851a030171e7a0f46e8bb7

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 79f1d8bb5b51db801e4b5b64ecf8cce4
SHA1 2516666eeddc61ef94a0f14335683901f7a923e4
SHA256 b175f17f91599e2cb0d08da0f8f2cc5b3ea61ca5d2aafef79472ed08aa9eceaf
SHA512 a6bde376dd555d286617bec38be087625127e94f8c69647f161c974798ec420002fe5ecff70b3281d461fe1f5aaac6419fff9f0c6cf1f4f0a3a9f410df48c36e

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 3c489b18f1d24f9d1e9cef6fbd40ae1e
SHA1 3031ad044e1a48e1c83eb3d4709c42975da5ec82
SHA256 0b5e4e5a5257a21ecaae428f712781ab68aa3d5a1aedf1959c4fcb5df5b35331
SHA512 64fbad15e99a1320d0f3d9d4afb3e23f9d2d6e7132a58d1a6184191045ac1335b3a100fad349cf4c488a3b782a363c06e7aa2dccdfe13416268a5a308721555e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 db54085d27da534215a17be1d87d4cf7
SHA1 2669fae1df62d1fd7836816952f7cc03193f8a70
SHA256 41d76dca989fa907862a37d84a6df2ae15c41198ebde60c0547659982eb5a956
SHA512 c2d7b96f7fd7458238df1797df00617f9340f99371d62e0611677910c1ba4a74a2a3887c44bfb726ac39e0c60b448143691ee57a695cdabdf3cb417bdaf3beed

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 40c57697c49b77dd09db14f84c3555b5
SHA1 77c4d1949757233c4a938a3de384c167fe20e9df
SHA256 6b9fe75d9590b15d4c51725f7924d4b7f0d2a0fa655c0f44a790fc90405afa2e
SHA512 9ae34f05a66fde7cf3852d6d61ffe853b0e147c5660677737ef7cb9b8e40a8dc96b4cff61eb81f57c4d9d595d4220ef7326ec4ed1d3e9f10c96ff1021ad5d4c1

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 af487592501a908b0d32d6fa00540a1d
SHA1 1dacfee84f4a5e0857efe8ca93dbf3f50afb5529
SHA256 62d2a9e7ffb4b01193f32800e8c514e325833ae5213c3d7c4d1c378ee60dd020
SHA512 a2b76cb64a20979d0ae348bb2b9b3f998d439c24c8393b3aa7b34ad618e577296f768f09aae415ac2b975d5b9c611ac1438bdd6ed9b054fa1534ad24cdfd83ac

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 10db9286be80ab0e23ab290d34cd72ad
SHA1 c481a60e2f4395cfda45c2cfa2f96caf3fdba5a0
SHA256 9794a9153882f7281a5f2429db64a8b85b838356d5db69304ad0ff0442bc6876
SHA512 064887eb0614cf1d29fa22802f70ee13af84e2c33863d8175f08db1c3b777ee542147c62716a5daa50b211c254f81a596fad887861b3702cc8c0d78bbb75ecd9

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 66565b559ae6479abc4d8a483388e22e
SHA1 0f267482ad5e115056ad11dfc316e51bb06cb839
SHA256 ee1c40dd9ba42324f500955d446f46ea5137914bbd77a42b3181cffcfde51104
SHA512 619e089c7ae0e233fcea394010edee3c7a9f091eb0269768ddc9a7255501e90bcefa0756aa4177e872a236e4cf559d32ca8ef116cf3db8f355bfd68225775282

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 47e50b05c42be021c0955be14b5a36e4
SHA1 f3b14b668d2b90e1a7f97559e3a6e42e0c277e3f
SHA256 24cc4033c2dd3435f5ba36c290cad68a34c20927362e948a93dc265e553cdf32
SHA512 6937a8e9cf3ce26af579aa997398c1d27f64217a315a286e860ab0701150ed21a9a3976fecdbef428918fd793400527fea166d8c2b3bb7379cafe212d0a4b77f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 9b9d1ca49412ad8d681324bfc22d2186
SHA1 5d337fd671873e879a359816a5a52a8dfee6590f
SHA256 649d6b13cabbe67d20ef5125cdcbe96c38795041ef24d10b8b74ee755db4bc1a
SHA512 d7a4698bffcfbe8da16f4b86a7e7eec98e205251bb3ac769c6eb7ef2618845289af491fbc7009cd8ad5c58e252669aa47da52c79949e603354761d39a4fff30f

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 315f9a433f778a115ff253560973fece
SHA1 88b6dca73953e1888212661bb8b6d533825878ab
SHA256 a54b77781044fb0728afeeabc8fb370eb9b0b5b55a0d2ea50e868c27344cb635
SHA512 47cec53f9d10baf4eea9c3c95cdf90a6de757fe7e14fab77287019a68b888fa297da456d386a48317a9b7d064d808966df717384b7c4f35f58d99008a8d8d33c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 18c6fc1e3ab2cae4a142170dbe4e68e6
SHA1 7e9cedd34b0069dd990a7d83ad08b56fade083a6
SHA256 f4fe81ff0ce3afa5a7bd4a6ed03e7a149da7b0e28278a869c3e18a2afb266d18
SHA512 09112b7f98ebb0b8cd835a8fcd87d2e864901bdc59776710341b0b1bfae87b7743f6bc1a742bb81854ebe19dca7fa196c89cbd60ee6c893ee8c574ec6125069f

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 ebee9cc7b54b1b125f04f85a72401a72
SHA1 6d67ff1ce06a4a57d5190e4dc68d5d3358ced890
SHA256 64cecfc0e78d6003ec20ac9124e9c1290b826a3655620c2fc78e395bc8566423
SHA512 c54f858eddd213bb07254d4190e94864962282abf00991f618cbeb30ecf390b818c30f28cd4b74fb1933025167277b53a8ffb4505a5091ef91e9b724d585787a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e644b3b2e5a92291aa130d3d5f41698f
SHA1 9ab066ce0f795b1d776f93425323be4a74bce2b1
SHA256 03d7ffa1725579b7ed806d3673952a6abd8c82bb97101e5da3309fcb341f211d
SHA512 83fa4a7027f6f464c161fd9730eab144368034905763e2dc0d8bc76b91f71b543e03ec8ec8cae7e13387714decab21d599b005e5bea4c247e81616b3e6218372

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 12c74fac9c4c9cb42d1fc78bc49216ef
SHA1 c03b2187b0b6ae5cf4a62b5f52b9f37134b811c4
SHA256 e42941116c42838746408e94fbacc2dde1e7ad61f475519e989deffa1297de47
SHA512 862dfbfa47b6ec20cb8022446b4aa52bf73e37e0184088abac25ade90c101ec7609bba4bfe55b437be7af9b2fd6fca09eb1d979944572532801863e41c21d36c

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 92eb6bd3d4eceabbc27e395cf4aa8c92
SHA1 16d4d4783679cd2fddf04bbacae421927025fba9
SHA256 2fd29abbbcb38d434e7e333a726b3ad865c19c5da4b1abf2031dd252dfdd498f
SHA512 fede42e4ade12b88f23c09c577e4e24e63dbf20895ea3f25cc8f41f5dd213f4a35b1cc0813d093a5f301a069e6506662b761fed0e5df43d7eeeaced712142b1d

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 c38cf88df655fd834c4cf06faed4acc3
SHA1 ccb263d3fac82848602396bb111d2ece54338aad
SHA256 403d40814574f73dd4781da28bd70fa9885823c621b2c100d7deddc5e82cad38
SHA512 af2dbce1255dd7ceaa6302970e24edb5ba3837ab4d19a2eb88d63e32efe4865b0170442e4c90691c65ab81adada00ad9d22a4174e278538cc58ed8558e48b354

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 cfe3f0bc5fb8eacf2ced179d33521836
SHA1 c613c26b92c71956bea9c4061c3e025280111d4e
SHA256 7112e53707f4406dbc8b1eb24f61354020b6900e8a206e7277b880337380190d
SHA512 3b7914dcabf91b35eefe9a08cd70950a88a0b67b76ccca45c1374c9f86614fe7e375ae698f00fc6fcb6b7c09961106c4933f5549b0a575295918e45cb5b587e0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1911b57cdbce8b89d514bf8a523c1bd1
SHA1 6cc832f91689e82ebcc851aeb090ea0b2a8eb8be
SHA256 c90443a58d6a93e726255b68d9b43740e935d2538867853cbec9e6a74ac055df
SHA512 4ce963047896d091c098f842b919bb125ddd9a31e58c9f1c9db76e1fe9b27f58792e2c95ee802027a91a8daf4583707e8b5516056484d75f877290198b76250d

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 805bae2316c7dadb2cb16f19b8c16e2f
SHA1 e2218674c0b9e189afcaf149a16b0cbd13d40861
SHA256 7b95e814a5ec4c1d7472c94100202c43eb18b01d158d14a03d539d3c0ecc1220
SHA512 1d56d529b08b1007eb18bc1879f136318f1ffbf8cf353b0091316a2dddc5bea059373e2b82e34196d25b28a612789bac531075374d773afb28780f1aa7ce3d67

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d4a190fad3633162334068a7a09c8c4b
SHA1 33dcb292b7d7d10f744cc91a6367cb5e872987ad
SHA256 98127765063b5f687089588c30f7083ff48b1f9afb540841b706450c22f1ecb7
SHA512 d8f5ccacb175b4879d4589c7df812a73a1dcce026847f289c90c9274451071e4f16076296dba44707add86e34de8df0e57e9e7b09714129eab97a976f6017f0f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 b86c6b25a054eb34afe24b6652777472
SHA1 3fc6d74149920a556000279eb0562abddfec3993
SHA256 dfc869ba0983da27e4d0b24bd8fabfe75fe92c05852764e08d16aad0f1ffd87f
SHA512 28f66e420482aad7cbbf8346f4c451a583dd69bb42a8c6f3aef7b329dd6fa9d12a5769eceb618dbe9d2dfd7e5089fd1a2f3720c6752790a1d38c80d1002711e7

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 86a909163cfd2f6fe496da33a9256c3c
SHA1 676915551ab05017c4c602e7cd36a21a88cc6eca
SHA256 91ba0e212a21d877210e1ef9d22b52564a72b97211f73fdcde258842af592493
SHA512 1c0e1151cce037cefa98755ea63a4b971a33f581552548e6e5b0d36d79128ba5fbf76c9ca6cce7d4fca1d13ab03c2fa82e424b569692e83b151dfcf8de2b1fd9

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 ad2fcfbdb1790154cf1e93648b1b4edd
SHA1 93cdfc24388d3ff88fcbf2cc2e621ee17d043e63
SHA256 02d18f491f02f3f562278895b2abc795fa110bfb503ef81727fa37db43560edd
SHA512 62f3baf2fecfb41ed1480a00bce622ee692763299c4c652b1e0a83a48e30b7bb30a9b75d683a98a82c92a8fb673fedf96ebe54ae1cf53c3c076994a9629855a2

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 b2562887759cac5398ecd719c77bd1ca
SHA1 293001f80ecd45e93971a96ae77968d25e1183d8
SHA256 4903e95af0744573d16607e16120c48decd3efcdc1915d0265aed374b26fe64b
SHA512 d7dd3cf8891a10a67572b6e6ae84c7430e086dcf480cc0387184fa8a8501ec1ce07f17f0d3a1f126b3fae28fc5399d90764a24cbf904b33218db7478e6e36495

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e1947ad72a4872c0e2165d3b4315b155
SHA1 7f36a97a582d6db4ea7d5f747e5a0045d5cab7d6
SHA256 b3471d12d51c8117b5230f26f2735de3238cecdda769077bc48cfe0b0d50be2b
SHA512 04f7009580bf6faa52f590d9ee1367605e6c5377fd47b3b73558d8e72df7a1869155286778794275092e6bc69b7cf3be93df87c3b7ae7242b497b6409a16f94b

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 1c35c1a05a500f9b613da53b7fef651c
SHA1 66d6546a77609e8236fd7302c2e02478b6e4dae9
SHA256 3dca10939dd199f467d6d3abee41a2c02ac51aae4fe11de84cd72baa071eaa36
SHA512 00dcb9171ca7790605dae5a96799b39cb8fad76bb92325ce64051ada587e6eba71a21b39edce7e1deaef026bb177cb091de26cc8e238075be4535907e6ba3f96

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 e31ec8906266177bbcf7704d16103458
SHA1 b94ee617f084ebedaa1c69543fb5a6b23da0b3d9
SHA256 65e34c4f893c3916f7137b94cf90c5d5e7cc222a48ed56ac983fba17d9e84285
SHA512 679e34ee4bfffd5e96a0d9279dca34a1a97031c0ead5806e24216e478d6076c77c98d1cb44f3893475d1977fb7b41d6573a8b942ae94c8232e4150986402fb49

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 0e7186e1fc8ee919fb9aa41263b3f74a
SHA1 089feb40bd45f5cca22078459c9520ce97fed035
SHA256 fb1296b13242192bd0e48a3b054ec925f625eaac6b4df4454e9dea57994e0e64
SHA512 ac98c73a435f65c51269dadeee80a1c2c027539bc8ea678fd36ea09265060ef83e6208762fe28341783ca46a4fcd325ba843917cebed14fddff8cd92c265385f

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 42aea989d7b8130e91846670414c9d96
SHA1 2ae6a55a35ed262940f3d56ac4b1f7bb6f053e37
SHA256 1d225537e0330cd7393b571e4fdd46f3a6f866b95af095bfdd03bae59a0b159e
SHA512 f5767dedac22db6779e89f36099a68ad1806b6905d03ba9f19d02a4add44b2003033d6e5dac294729e6487dcee52cb42a49c77d826c208b9e4f842d28b66492c

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 53ce4c79c91214ed4b9f8cf0e368ee6a
SHA1 201b2e681c244ca68c231d75525c6ba230286a40
SHA256 31c985f1c1edc7447e657c945c5d412242b395e72d9514ef74abb6058bd3bff1
SHA512 802cec0c36cea1bf60d3dc32328f0a1288e5c88a99583ec73252adbbef8c1d1d559a5d27fe983be453ec5b56a7a6ab009ed6ec18182086d9e6b77add70aa573c

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 999e26cd2860cfda0fa11edce5fd951f
SHA1 11a6768f12dc73b1ce1889d1ce64d0fd4cddb19d
SHA256 4d411cff86cd2c19877948d240c9de4ef3172f6f74aec1cf36c2c1aa12f884af
SHA512 835b8c45df69b39d94a4d1c10cda295cb6fd87a169ee4e06985aa1553c4d1130210340562ac36db0fd74220b2e18307973a847da0dc7fcd017b0b2e847f5d2cc

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 a93a33ff864ec46a54209d406ded6433
SHA1 8453c9b108ed44dce72932b5038df43978ea31b0
SHA256 2bf6a9efeb9a59f1233e831d237bef76d694a5600e8e4ab986d7cb3a2d3a68e4
SHA512 1a494f982dfbe101632541a9e82c106c1bbdc5074be644f9ad6df4ee510f989f85de0cdd806cd7813a1e640add018be21d50c1a1672651c4cf251c09f6eabbb7

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 fcee319e39d472ed6d760281a7e71053
SHA1 c940cceecfea239c9895be0f10367559488cabca
SHA256 d2f3a43fd7da30485c7a9b1a2dc55c9ce981e7f6b6dc09d95a62a2e04a62cb7b
SHA512 b11fbe7da6da07a2652986996783eafaa6ae04a2637a52243b3b494cac0bf60de2d7864198751f5dcfaca1d9847ea9b102cc9b67b83b19c3b09593de56306761

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 d18aa4d5feb1abcbabb59a3cace1d9ec
SHA1 94f48d35223468b7b8841fabcee9b79d24cfe6d0
SHA256 b05a21ad8893117841c8959bf15955141418d9e6330951fbe7efbb40e8914ddb
SHA512 691232e1aa2bbaa9170f5503cde1417de6f3ab71a70673cc58838e11245312a8218acf61fa45fce0c17d340970cbeb61cbf7f2cdcc076dcf3871be6d4f5dc0d1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 48bb1ce2dacd7aae4926032388a89863
SHA1 0fc952a7f460e08165ade79d1651bd5d196b51eb
SHA256 238d5f49d02c8ebefbc2e1a0f2ec228160641ded468e698ea6d38913623deade
SHA512 7bc5434a50ad99fbe1d6399136f9feadbec524e518a5ffc9de7b95c9b6e4d80f95bde6411d2a041a503638bf9057e2f617349aab7ea164b0605e42f978bfade8

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 6e34fa929319ebd30ded0e2aaf64c03f
SHA1 87807bbd34a5333b490f47454652e7e5a5148603
SHA256 6402460c440a874862ab9755536e422256629276212ae1d97100666c7afc12cb
SHA512 0ebffea1a9d57e18d45f5206d20b0a104471b63f04d0af5de0e138e460d5fe4b6d0916738968178e1308e75dc9e09f43ed3854a7149936b18ca245caeaba19e5

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 70549947c6030fb5f84e829741ae54f4
SHA1 6d5bef8a540f90adaf213f786b2c788cf0513a4c
SHA256 7178f1126db1274bf6988c488a684129ddb6a30f36d893846eb182207b6b8343
SHA512 007141d44791b78cbca5101bb34aed6f217e96c6275ca3d611a530863af705d131cbfe808fd6d3e1c6156e283aea4cc2c9086318c5d5488daf6b3bbe9f968500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0dd635d973a0a167a37d48919d07f3de
SHA1 a3d7f75bafbaf939113e37e2533b71a7ee72d21e
SHA256 f6aeb62098ff5686a0ff4fcd57448197e39afdcaabf9f1d72d8d4cd275949012
SHA512 4ec8d011403b9bbd325b97610ef23021f4bd4ba574fbf99f999e35648d2740bd943833f10a1c9a0c8293930555893dc355115687d905f83667097f04bc56ac4d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 567399de4b73c3e7ca5ca1b1cd77b3ff
SHA1 b6300cbd78ce700ac05b6e22a23688d31cc5b7c0
SHA256 fa61df231f07c50c17f9e7583cba932ae80909745ecb3b92b617f170e3da4479
SHA512 45fa338227553021116a5af4ce17e0d5af886356bb45afecab8daa17a6c20db16b082f3c0f60adcb1ae76fc7cfdb0b8d929b70f509a36525d3641cb5303d7b5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 3b5f6ac77abceebed94701c52cbfbbe4
SHA1 b81ce758596a2a82f9ded0fa74f8366f31e9a873
SHA256 586f419944a9785e71e62a8082ad8e23441ab9e7c8abdf481e703b903bbb4b3b
SHA512 01689bc2c06d2fbc77fc0151659ff95a601fb731762a7d62ac544396a5dc924c192938a08857056699b67de80c16109d29931fc8817d17bf5a7baaf69661abee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 257f964f27236b826e6acf6957488d2a
SHA1 9d677c76edd21e6b9630b4f6827f7c7648601534
SHA256 60d12c6b500c9163bb573c39a1489baf548d2e4219ec704bb6d84cfc5a695f6d
SHA512 86d479902b2c9cf436dc89322c7f674907dbc5bf98904b0b13346b3939286ba09a37fbc9dcb8d77f0f67765965d87c74e436508981890d604f5ccaed299c3df8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 f240b16ca1ccbb0c610335c1fb3e2ad9
SHA1 5698b6ad4448fa1077d31104e6546fa1b337a1d0
SHA256 1918e8ee02424475b21f1b30b403b2fde3c8ec56d589c46099f33d536c019053
SHA512 b616c921251ebd6cec73b56d387d77682ae04e5de916abb06a6e86fe10bfdb2ad5eaf8d52cd4fb296883e679f8a793201ef786454901dae841272f9cc856eb4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1a4c6ccc76bb6fef95164f836c5d089a
SHA1 55a409703a32f745f1ea01f196f7f8206757586a
SHA256 7597c60f96bd6a6e9ad2012820df8de24fc547f0e74fb408e63490811a92c34b
SHA512 275aa24bb9734a2d89deec25737d818131b2aa5a659b0b0450ca06f6d136da78f554bdffecb20cd40181228f0276f775cb45a5521b368b426656f6d7ddfee5ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 7db7154cbb364bb8ede6f8ec773e5de1
SHA1 776a93364f9a3ecefc2afda05521c3ff2c17a80e
SHA256 e4493e94bb9dd79f8dd2c1cc7920292ee481e15d97e60e54c988e8f8d4c56bda
SHA512 58fb1e3cd6d816a9133d05c2544a73198ca4feaffafbbfee81435a0ad19f93a882b0950b3c294b4089582213527619324b2416a8ea1a250129180849117885e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1e5a748422de290d433fe0a31b9c0525
SHA1 087396f779897c3fdbfd6321c6cf936136fb8c9b
SHA256 5a22d88cc096c3c31c41d4f9c2dd1081305b6def220511424c6029c8bec884ac
SHA512 2c3022c15d1183459b998de1c365884dc79d5cb055d72d7e2db76a526271c225ed9273e58fa3532eace54035409c938ad759542db41356347f72a0b583651a8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 78af19e53dbc6015792c5986848c6424
SHA1 140cb03c59950dfcb0d71808bc30b29eb56b169b
SHA256 84b10e5f4aad9ce2f22e680cb41952a56945be6ca4c1938b4607dafc4225a03e
SHA512 5e5ed9a62400a6c0e517c4583fbe07a4ac9159eeb56d98cb708f55cc48bccefc994b506d115de7e91e133126773a7d349755a2130da6f3df31ee5cd65257f23f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 6b0e7755c9af762145778600734a4790
SHA1 e00d9b34cc5858eb777c9bba627ef0c1e2c477d1
SHA256 0237e7c068fdff90ec6e383fc9125d428b395887b1b4b567638c11a4b4ae865c
SHA512 dec83c69086170f744a9094d8ecf7bce89b9c06a9b62d2dd948f10afdd9b3039424c74fb6d57ebaddf92d0a805e8ccf92e4eca06325612dd96615341dd52d092

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 76044cfa7e03b3f7cb4d33722b7653d7
SHA1 7c6bb26e6e86d35a54d9c9682838335a9d65af7a
SHA256 abaf9308d967b958305f85cbd3738b6326b78a2f4a569a277cd1d03f05bd98cc
SHA512 9312ba6c08cca4e0c1826d99c96c4330ac63c3d00caadeb86bfdeac194b98607df735a7ce2b674df2be435755f9c5a790b5a6421fc9ca6b6b867be73566aab8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c8805a51b3381c74af4b98f99783bd8e
SHA1 0161658b8bcbec93e050697f03d3454b4572f524
SHA256 a8bcce8177e20dfaa2be513e70c0d419fcae0998aedf0271f9dd4282d95abd10
SHA512 ca9f0e07f6e1e1b715d1194746ee90f719947f6a3b22fdcc3ff7304f3b79fe7bd45842c2652a5c730202565ef576065e6bd25d04b5c69a7bc6b3f0c5095ca518

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 e44ac70b92f28f678e0aa68ecf392356
SHA1 2077fbd53b70a7ed4480fee3734aa3f855d43fa7
SHA256 7925a00325365b35ec56661803d4f35272b1a4e862b1181b91bfd450e00799a0
SHA512 26c542af8f78053229a780d424868435fb11d794688fb6cae98ead617da1f0594d6607228cb86ecaa4cb7443d9fd054d57fd40ad46438e14a676d91b0d11a1e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 6ed6c49ad73273f4462bf1482d144c6b
SHA1 2b2cc3bb1e2b95a940f1e7c83e1c386ec4d27dad
SHA256 8abee5bb42afd5f6f7442bde38a85ff854e41c77f32b8cf95d9b58bc55ad0876
SHA512 3117efaff0318b67f55ea3a55123360fc0226ec96c69dd59be536deafc8e0142b41435b43413a2e2962c2e973a3190fc8313f53d0c773b92504012fbc341268e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 64ec854209ba3161206fde039e2502d2
SHA1 3d9067ca2ec8d0b4bbc239855273488fe4dd3fed
SHA256 42acd05aed6b19ab97e3580b87b823655e5ad1cd2c20430a23fb2adacfb864b5
SHA512 a0db166504cc3eeef58e81b7bf1aeef3c14457cd9985fe772297de0f39f09a37f1265b15add31fbcf3b34d7c7877aef7ab880c0b3e90f53e7b0310692783d951

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 431b518f4f8d23028ff95f34feec3def
SHA1 c7bcb7b169551e037c4b3dd91dca70561f6bf557
SHA256 285412f47218835d1d2f4215763197ba93a5aa6ecaac06f8d7b985df1e79baae
SHA512 816bb45d936491e5befb036ffbe11103b5501e31c681934d8881b48b1dbee7c94c4b44282a8f10b602b944d7c627f93b1b5880e62a9cf96bc3e927076e43cad9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 bb5ba163faf74e027ce796a243efd936
SHA1 47b8435f5e551f93319c6f9a1a4141698895980a
SHA256 27db85f2cbd14d9be12facc55028ec23b74e849ba726e337bcd595912ab52ce4
SHA512 5a887a398a7978fbe309dbd1dde2f10d8ddb1e2dd16760dd6de6861f68f913e8c79e770e43fc8cae4121911078c2a1ce1b1db7f20885cea8ab52b24cfeddbc03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 1d1a8784b84c72c57957f6289b418c64
SHA1 69f0ecd6684d22806d37ce3d46f779ecee7ae537
SHA256 b0e39d94337483fa0005b84d24aa54842859b7a21113b55f22f0ac02907f6008
SHA512 c6aa84c00bb5a09b53d03b27bee930aa4346ce51dd26885cde26c34049ac68c3fafae210e03fa4dffab032af98dee49cd6a71308d8caf1f9197e5120a4c775e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 59ecaaf74dc6c0a2ee62ef074109c54a
SHA1 0bfd87f3edf3c9d8f9893b320e72136e0bef508f
SHA256 53132245c0f39684a452714c63d9bfab13f21cf049ec03cd7e84d2da42a150c6
SHA512 d02ae9e8ef61b0a67afead442af0ed1661a016320eea57d2445d73cabbee2195a4092c32e797867efc7ff75c96ff195dd2d519026cc595c51648a3d1a3526aee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 0df7d4c495397e3a0001a3e8f0d441cd
SHA1 1729a8e8d969308c456e07e1740c6f850ebd0beb
SHA256 5bc15b1355b8fe0904f91924d23995ec2bcaf870f51b6d8fa6eed88a39cfc8ed
SHA512 3789eccd6653337122902e16b91adc15667d6f8ccdd36301a0572cc96df00e3bc8ffe18d916691334ba4e42f7c0e38c1cf6e0c797fc21a3cbb2913645aa02ed6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 fb32f2cb726155a0c959500597b73fe5
SHA1 425e441f7eeb2f2e490f8fb5d4ac22e1d8e073c5
SHA256 89a783fd35db2f1ea05e7c7ba18c70918e16f0c1158e02697bc1028e4c00aa8b
SHA512 7278f2277a1cbd6ab3157c8d09b900c4b3fd128abf349cdbc6207c732ebc0ec4ba26b573437a8a6894bc6279499c9010ebe6269c77c64ac3475248247f931b9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 93d2b3960087b8b557f2d4593c18dfce
SHA1 0183dd9a4bf9f48bad8a280f561302a262a92724
SHA256 6ef3b6568faa919cc11ecd086337cb341db826df6a05f2d748e5477a0f3ab79b
SHA512 b21bf168de414ccbc6292b92ae082ca49278ef17089e05b95c590b93ed3dc73c87249897a6c9e5e921bbd6c1285e6bee0050a4fec9f13ef3157662ec17ff2e01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 59049f167d87902727f113c71867b858
SHA1 3da3f9c1593795fdda94839c97e08da5985cad4e
SHA256 53daad85fe0cf21429155797cad140ce980bb07656a37e698a92602cbd847b7f
SHA512 4a8982c991138b9fc709b350663ad7e794b86362b524c03b27bf9e422f6582af81e75ce0bb192617be1d4c058d29b453bd6a7aa264e42734211fdbfab0b38366

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7843ef0d53cdf6c8f49f9c6a86caa7a3
SHA1 789b2a95afe01b53267944b9b3d487094aa0c4f4
SHA256 252a45cf7d02df93069e9903653c3ceb2ffdd36627fdb53c21629ff3398d16a5
SHA512 283d98c573f48f4e97e90ca6a42e690ef008429ea52cdba93d1c301bf7e437669975c9f90b7a96c78bf0f429ef0701de68144b9f925f0f435a1a1160e2e664d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 1232f5c2360e127491aba6a29552b671
SHA1 ffd31a0b2f5d85359f97a303e4659894db0a1bc9
SHA256 e3fea51a2cb5fa4600f2dba4fcdb23cde42241b146f72812b18d1de372d314a1
SHA512 1d6fa3872a14397937413855e074472cd421d7f5b23df31791d43d3c8fafdff1b4d05faead1ce692e505bd782105b2e80113da9de172e09ca7bc764e62cdad5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 79ab355f99dea9b031ad9483a22cda5b
SHA1 6aad3d1788bdaee75ee6979adcca29901571f9c8
SHA256 e8c66170d41e9913def70f5e206ad4db1738e8c95d6dbc6211dee445245d62d9
SHA512 85bdf63a7e805470c1a8aff33c040b0a17163115ac29b689c5391c647465279937e0d37bceb625a435b9fcee2327b959043346ded96ce649a2a9b547541cc654

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 12311d0495e06e68724b690dbf6fa573
SHA1 a50d861d972099643183eb58a33b8a16b6cf7764
SHA256 4f2267ab753aff724be2a4a68258c066f41ab388227f05f280849a6640f740b4
SHA512 138e76b5cb6bf09c607a6dbc64632e12e3e19926d72fecefb2d4d02fd75ae5a4fc0786f9afe8aacc0c886c53b8faabd3e5c0094f9459c44c8266471e9905b324

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 5e5bda2f695ae9cfbce8d268fc37b6de
SHA1 ba1303eb6b205438a4ddd79d6148819f3839c0e1
SHA256 57591495a4d75e8a6865bbe0f4a466a544452de17b54b97c11608d77b84cb22d
SHA512 5e4c81b2d97df594e15ff1cfde5968eac55ab80ab7b2bd1cde9d30b43df8623fcde357aaf9be8093b1524580c385e6a1f963169bf4e91da3847683a83b5fa300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 555391543e80c6c14ac5bef3ed3aadc3
SHA1 e303e7b5b7f7ac0ad169efd1e38eedf94c44d8e0
SHA256 ae760afbf0c6bb4e19c3aef431673137095793747c71c61c7392d44f63c8cd23
SHA512 d3a88b331d70a637fc501d975829e7c232021f48d27b96a8d8990848303cd187d44292d1175aaa9b4b3fdc3a4aeb5db87a77a1dfd7092a39e11399130e96f7d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 e71b2e08a3e69e600051fd7ea59bb800
SHA1 9963179276996316857f06f8ea7f768b82b9b626
SHA256 9090f08d7bfb49401283df9187eae2bd5bdd788f6d1dc211650ede6d13201871
SHA512 3305d73dad9ef7e9db126b386e6796ed97a460562adc2f5f01675e8e3b6fb3d9e38302eca2aa5d6e646b2a6d378bc2e75f324603d776541803d2d930eb6d954f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 5a1a407b4221d9e8c1dd1fdcb9ea7aa6
SHA1 1a6a2303460e98514a40a28bf840f1b5ae6a3bf0
SHA256 c9d700b0c29b3731c875412b401719da89897982bc22b0d53ec78bc06bee1ecd
SHA512 836691a0bf06cac330f2a69c103ad10759df901f896b6e62abe528c4decc28e1bd806e9bdb1a7e73c2e3a324f09e11082e73d67b979446e616f95b8dd5ff8be7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 20729950722d4a397dd80139b188cd12
SHA1 66cbded5f29c6d762cd192cfaa5970f104c73472
SHA256 6addcf73e9d7e5e28d7f5e76393e480d775f282c49f7836f3c5e2fa4840c8842
SHA512 4091cc78f2de968ec960228bde07f90eb27249f48d3ebd6c23d0c2421243b44066c06da9752042f265afd1f50fd5d433948d40a3e1e762a0369b91a233b8ff0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 c6b8943e5c0a83e219ea01a90bb71eb0
SHA1 d61bf149b196c0cbb4b449b867a3a58aebfd767d
SHA256 33f13aaa21c35fde035749fba59b507241b81df6fd6ef6598266420119ee0ad2
SHA512 fd73c4b8477e37d4a5285361ce8a11186c5431d3d02f14dbfe7c7d2eef78ea6dd1980a6b11e8c71cf2602601605d562023b43e5bf9c21c6f678c6af1a235efcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 39bc9e52c9f19f27e4578798db360e6a
SHA1 a810d390cd235e2b0ffa60a50eb7533d0d3ada50
SHA256 90cf45fa54b5553044d67263ea1616e23fed394a9aefd6271c22e7051a3c5c97
SHA512 970ff16c6c967f1b14d9ac69d1287c14fb889c9825f164d530e50122130c0ac6bfb080804fc048d8e4e903d460387f39b66d121546810c9cd07da8205513f085

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 f3e2bcfa231e87e22dd994a89d36f68f
SHA1 18bc72004acfcc843af8ac41ab6ef2e22d3408b6
SHA256 b5119c560c8691f6c2946ceef87db5453ed7bba927555609b010345a92ae0027
SHA512 d032dc9e526a6891f3395de75e5f184ec602136fab5f13957de664856b606818e1c5ac3ac93ad8d3d2d274308aac7a9370ff7f77fe820aed268e37958be0efcd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 f9ab5d65a122cb10ea35dd73ac903540
SHA1 e34b1907f0f1e4915a7e7626dd13317657ed862e
SHA256 89135dbf7d60895b56fc85404a7ced1324205c7fb9cddb8c999e48afee502c8b
SHA512 039cfec1792ca8235bfe1ffbcbfdd599db8b6a60ffc115e4f89fa2d40daf498f523490d1061a3a966f94255d73454d0efe9dff0888278171ce4af9a4aba8fa69

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 35b6e3c50418e5cf441890b07904fd61
SHA1 12fab69aa803dac482e48a8649a5a03ea7cdea70
SHA256 5a3d706861787b358cb06b8c661e53076f522cb1fed06d076eead826921d396f
SHA512 7b3b1f456a321c3ec696662b8d8f45b5a9c3222810c487b90e9a2f4a7b850a395c8cd2daa1b7c5bf892b1a08e5741656beb1f0cbfd3fa5032c722b68674e283f

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c90d840310aa3a7ad2396f1d7e904d19
SHA1 dedaeed41276126433c7520f62d58045fc94b147
SHA256 6a3a5a3411858daf25455623e0c31919764c875d20c0e94a7fb78e03a0ba2bb8
SHA512 7bc7280d09f3f8529dce476216072d474e4ae432748a798fbdabde6aa4b8346d41b6dfbd42fb56df4997e046283d265c07fd6bb3dab78d10bbe8d6b0bf19243f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 d6dfb5f93b59c82a87f4e54bffa802bf
SHA1 bddd6cf046863846738f176e27fdd5654bc814d1
SHA256 e047b6c86a6033c0496f757a7ba0d21df3241d9eab023d8209f130f268c9263a
SHA512 bf3c273886ea4c5f8614fbf472e9e60a1885363ebac79b6ac9ed7a1608f2d4717b7af35fce03fdf2b6346d239f7e6ac19201c807ed3f93be71fc453d52d27fbf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 b85b4b85ee7f6972ab9774ea68d3d789
SHA1 ea245897a5408b31afd02e106406bf74eee8e79c
SHA256 8a8f75cdd15c223b035dbd1d6f6c6b5709dc794b0ac0d449da045ce1001b356d
SHA512 a8271e84d99f54ebc3c7ab184410dea350345777a2b93181263a051e71c56eb26656983832b30a675c5a27bc9738b8a6049eb137958b39b2e4ccb7df4adf7a10

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 de0d0f34568cb3031de7561099e7c697
SHA1 674036b9b3c46cde0501a09c253ab5a66b258e9e
SHA256 2579dcfd4c87e92c166593992a62776d590f93f7799eadbdc54a5c731d34c7b4
SHA512 95bfa58f3360da74ff22b0078084866562dc4f8cf827e0fc4c0c383b5c3674734e5b47758c53dd2e3df7c3a6eb80d7fb3148ea458400e6059b5ac618ed3c068c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 73e105f0517c547fea2f883f9d67b814
SHA1 1bb1925cb1c28932a491bb553e456c0f1e5ebc94
SHA256 d7accb31c64a3a35f019dde17545046752452a7d7b82682caed9355eec8927ee
SHA512 309a9ac86bc3a1705b5d0afbb2787847bcca6eb1d3d15eebeb2ff8fe79071e744c814f0114ce73181d666bd6523a212dd940045352b225e49ddd3f408d91e3b7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 97eadcd1e36cc5dc548fbae71c175b46
SHA1 4fa6c9e183fc227db94b5eb6ed554b1171cdff08
SHA256 71d8ae1bde88bbd0e2b9e139d5eb3eea0d4ba2d766cc89a7fa8a2c6131cd7555
SHA512 62b27d583488a292b9d7888ab87ad48faf7d15e8007460018a97e2ca300927d205f1270acbbaa5f72320c10a5543149d3122ae682b0612220d87f1af9387ff58

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 64a6a28010dfcefb70e322d964b2429c
SHA1 6d4e730eb27ec7583ec7838e8299edaea7c5a67e
SHA256 8bb51432779b211f141a44696688bda9a4b3c93ca807ae38afd81ded6fdf471b
SHA512 35d802b218b724438b1c730ff5126a661ac24dc96feb25959375f6c9603f529c0da0a204afb11faf81c8bcfc2d746e346e52a1f6e0786a814f09e6f670324a57

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1d3325cc916e9d1d52a894345b1680cb
SHA1 702097874d63f72e031f9f0b06815213e52c23b6
SHA256 07c930ffc212d47a874b453e5bede5204fea0e61db01fd3f8b23d2b7ec31b4e8
SHA512 5744503015c3cd0a06b6365102af54ee4f8c07fa74280eca60554fa3d518964fea8b8d9ffd396d93f1984b042c5ff772fd288a58df90816e37e6af1e33c1d570

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d98239746b9e6e4a4f77ef6cb7b69f5b
SHA1 113a01385c3428a1bc95673e0701e9cb399aec6c
SHA256 f269be75d765ac024a5ef1b52d0909cab313a10554875befa04d598c5681cfaa
SHA512 8ada09f4c4c24ce18a9a7161bcda4150500ab9dfdc6f4078b2258cbbb61753de3427df11dc617084e312b7121f684e472f04d8fc83655664057650aad239e878

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 37ae686587eaae24e532fe5160a3f845
SHA1 4957c177ae29c7dad8133f071ab88aa9a4b6df33
SHA256 691cde514dbc60b4571c6c65aeb101372a236bd17d4ac45ba88fed55434dbe01
SHA512 838d8b6aac7f61e14d968058aa82ddff26cc1790568fedbfd41027a305fa44fa4e253fb1b625c40bebe70931b5f6d43c1e95ef8ead924370618d8867c032a6e0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 dcc8edabdf54ea28859dbf2b2a7044b2
SHA1 872031d1222df3925d65dee0073646ad706eed0a
SHA256 318f1541522bf21e82183ed64f739ea1bba2b0cee4ab071a4eed0e1e7e5e01be
SHA512 d93743ba14ef2f688ef70334cb79dec4ceb609f1f8d9e40962b04e2fe3c4e363225e5f055e8cb9db915bb05a7501ba38fa31da69c093e20336b6c16808bdcd37

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 fcb6ba66484314910d3db6cfe8eeca36
SHA1 7c0e4c4bd445b6e73144a272cd36e1324487f04f
SHA256 92dd7183705135e292170b9f3f5286b1a5e93f9ba80ebbef4f0847097a18534d
SHA512 bd0ec42fd544c68adb60919385df54a9dc008fbad22de3473458610f3ff1d9b80cbd472680dc133940e631c351f59a3ad0bdd6a18d6b1dea9efccb6115407bd5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3fb15dafa06586e7dc33b6296bb0d888
SHA1 f15d1795db2c010970405f677003ebb65395b5d7
SHA256 4033aebe6bebbbdfe94beee155925c461165e51382ba75cdd93eb35732c213ef
SHA512 c91a4cae2fd45a0290a0ea7432fe8d2d4d605039b90a7f54368ffbeb5fdbd7aabf5ebe8d6a3042686e23d626890bb052224ad9d26fdc9c071c910f1de5bb08bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 c3abe78fd5837bf035798c7b816af5fb
SHA1 7f50450cc109d00fc8ba7fe490128afe466de0f7
SHA256 974fe6ba7a2e611e2befa57a2366c44c20520f7085a7ac00a64e535e8978ee59
SHA512 9b5c6d6ba0b91dd249e5a4c40027257595a4e79cde4bf2bafb1db0b3b1b4239ecff6c4757b9a5bea4b7d6a4880fb231efbc3d6bea97df5d5a91b82f0bd1ad8c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 91a0a7b8c2d9a111fc7c10acd975ab93
SHA1 fcb8cb2dbac67e2922dcb1de9d37741180ac2200
SHA256 c8b22def06ecab1bffb7c4bcb09b7150676c0707b135aa6362b3e32e9f30db73
SHA512 3bcdcef51c83925548c5179cdf52a2512ec8947560da85702d3b46fb9ed343b88371e2e8788e1b2326041081467e7636c7de1f01f0e782c77da0ff2288e21703

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 1a1d381e1d130f957a227e3402cdbc60
SHA1 3e5976991b97bdd481dd36957c54e41aa9dcd9dd
SHA256 79c82725ad7202fde2a12fd6ba414601cf211049cffa0215daecb68fb55b2f14
SHA512 585be953fb0f06dbd07d2a95253fa829dc1ca8611caa90d30c89d9f2ebdd21bdf146de1bc4fa6a05b519e5cca5265b9389068e148ae95b63baa78b785e8862a1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 bec64a2f6ac55c7835d193be3c3ee9c6
SHA1 d77334e9329b5e3e7546be71f7a7e776b939e2e7
SHA256 4166d40220c459c03afb2f083c99278c75485bce0200c0ed18d33a04be78c450
SHA512 e4a5d87b4d1af90402678e5e393cd60619292190f03697d2bb1d98d05c5167feb5594da48a5f95db43b6590116ceeb220a49f4f989a4fe4137f1d027b8395edf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 09e52e14cb4a7973628716800e4e14dc
SHA1 72eb0175c693955567c30b0d13dee45a5a49a5a9
SHA256 a4a20488be846ded77db824977e113a106e589452c54ef6c707070f9ac2a901e
SHA512 6767e9816b56bad32aea174894d9d65f86016f7bd1fce2356bbd9c7b611df29d06e24e98d9fbb9f6381030cacdb5e007b6ee91dbfede5389fd366e02087fd7fc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5f3cb496aa9c4143b46d5b93990e2ea8
SHA1 6e757737cd0afdb78c43a582e6f7e3359c186e64
SHA256 989c57f1151285b622fef9429d8ba0437814a09fae56aab0d4cd11205e60f942
SHA512 fd3a0fe8d04771ff83f173de0a2ffe548bc33323f22b02a811a62dd2687fa3cf25f239ba3a9a6477f8f19aeb195b9042df67735b120d03fb3d8b7748e71c3dd9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e32d9bf7adb2047bf292fa3aa0072c24
SHA1 2f24b2c5e9456c7b0b457bc32e84f77f8f88edcb
SHA256 68225918a62b508ad11c616be14cb888d39480a8bff0ab8c72e322ce10339ed7
SHA512 489cdc8a4f084c75c2883cf30ef74af6531e5552dddd3f5170ea07d967043aac120ab7687a635d92434a3646261d6c3d2fb9eee82da16306a9e33108b5798944

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c0cd80923a2a087599b7afc2f575332c
SHA1 473c3b183c393fb75d26bb7768d5e9f326313146
SHA256 d5ab7240b560e1e761a2473a115b14dedc6dcaff466c4dc1ac95364c85776bb5
SHA512 0d90cffa3d2b6e3ff41a3fe86f039f30343418825c2d83eb19e0d8a0d7da8a7b1d325b78ac66ece4fb1d68b83a4f4ee01c19a29e769bddf13a6850e76ffaf839

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d6f0f6fc1ba217da1b0ffbf198e5ae72
SHA1 f1047aa675d7710f222d2f671157940e3b9923ea
SHA256 c11278970c8edee49cb821e26a8c161778ad07643e58ebad7b7b7074eae101f7
SHA512 840f102731258bbf12e931d9a15eea70b0f11a0d05de79eef56fe545febba495f2caf71427655b12038cd9f0cba51ccfc237935a1ff90a1a5a3dc2c43a9214bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 99883e4ff825f96937d5ce41c63e4cb6
SHA1 447b5a9a39d0539acb038a62ba3a87af864ca8e4
SHA256 afc76e72295f02347e422bb6905e709ba37d651b70c65f83b865fa576a9cf654
SHA512 0d85a8b08d8a7b886549b5fa5b8d01e22ff55f2f5950b1952024771d4f4a6ae7a2ab5654636620d4a98373473eb6318cb721f864e2d38a9805ee36cf06080ae4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 428a2d59b920bf12563ffa39c58b6a98
SHA1 7d2dbf8487c7b04c2afddfa4af0f0f7a7e1d9daa
SHA256 8566f6e66975382ff313ca82bb83f52623a5de52b6c42f2fc078ae99aae3d0b0
SHA512 09f7b178f6793248a9597ca3831a530721aaac9e9681b5358fe31af7c277b03fa6e71771551927e36b993bc0ef06dd87d9cbceb2d63f9270098fa0b14966d072

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 a9a7602a94b1289896d5976ac77afc72
SHA1 af9aecb7d399722a0735760f9ab2d3ea1ed38933
SHA256 7c68407f107bcf206b4e2101f86f04b34e0c14df8319c771e6d3a08fe66e20d4
SHA512 cffede1e9727912035db5c66f90c010c717ff93a50dbc4230b88f660db906a5e0016c1a990bcdafb47be0b28f8e2787aa7aeab5efadce4bac0372c3871de850d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0d718c0def2f2163475f0759b14d0484
SHA1 7c76908169780975a392548550b7e1b87aa44b78
SHA256 57acdb07130122056b09da925b254e12b80ca640e08460ff40de19d04bdff9a5
SHA512 eae4741d3660a3c7485326aa39da593945507fc9b7e7ce5fc2b4d71417edadd316611bc7e57216c3668ecef87285362c806c092659404c8bab2c4a0e0b853b15

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 fb1fc16fb6691647e700d16cc25a64a5
SHA1 9bb8bfc1bc8202175c9679ef17cb3b915d7779da
SHA256 bc8a225f9bad69badc1db203912d9819b1a4d334b3295d588c3739113e2768c0
SHA512 0875e17df74878aec20076c0455ed507dbcf25ca39932e74265d15840ac6fb9933bfba1893486127bdd91663c7277bb0edfb4b1e80b2e42de226befc1fb56aff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 d806c4bd489a6134442dc7cfa1a10be7
SHA1 9aed0ac6b4241b715bc6ef50fec11e39d99ecb86
SHA256 6b01e332413532629d5b8309f206e68d95577a3c62c9a1c315e59995774f6844
SHA512 b1c12aef356abcdde68e0ce2decd467e36b956e2e5dbf4aabd232c720d58e9a1ae21bc47ca6bcca54134b9631e2f9980bbfcff61d4d10af0d576e020c7670f31

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 5312d5a9b75fdee0ebe1b943748865e1
SHA1 40afcb14310e0fc2538a9c80accf43f98cc4a4e9
SHA256 e8835900198bae348cbcbea4cdf4bb37081230097d920c6423f654f38b2a5694
SHA512 bc268ab4c360cd130b835890b59b818ffc655ae3a91bbe43d5e8549ef1141dfa01848e0796f81c25f3b35a0d89caf4ef714580ba45d5e2137a6198ead45eb91f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 370cd7f115345416ccf2df3ada6f0053
SHA1 6321eecf98f71ed5d048828b2973014dcf72b731
SHA256 2f54f63c407c3db4139fff4ed0010702849f7d6bc3ca01745b73c1c6ec6978d6
SHA512 2cf841b55e23deaaee13267694c4e0b77e77046c50403911d6ed0d88e567d428ada0f24e9318ab8a2c3948673d9c52dcd2dbb5fcb8763333fc93520eed22b5d2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 2d50d097a7fdaeea9c4d332f49ab9b74
SHA1 6f74f3d145919530c07ac171c768302506cf94b3
SHA256 54d9dc3cb5c419bcba12f5ef1a8bde05fa2ca63c0ff9d68a962b18a9aba999e3
SHA512 1cad44062b19533fbf826b046829595de186ec69ca2d1a65824e1d5023cbd812f8eed73aaeaed7469cb0f212235d7af7def1109509a51ed3987e1253ad06e832

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 a999474d3fbd76e11b38cebd2ba9ef91
SHA1 c200d20a1be885a681e73f1ebfa8fa181e9123a1
SHA256 eac3d7c8611dfa3c69df8c9503be4e6f3e60544df9f335b1a922454135bfb317
SHA512 5e0297d32b01f82820a43cc3f7744c649c80ada438fe556fc8a8c3b92a2d6e4c585639ce07d1b5db68310d1e68a340594b1a6f52077ef40fc03925981d81be96

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 08f03b3a45fa50969a9e0311912d0c2c
SHA1 d055c134ad7b59ad3fd88205f1e500a1f5a12b18
SHA256 2cc574cfed2b479ce1e20896108e0be0aee0aeba3ccc0cd9b195d706d28c9ab5
SHA512 56d4c36e0d23df7b2abda7c128ad3acbc2b0416d9f1bef05d8709405bf0a5874b55ef7f62243c177538b33cd60fcb65d5f93f66452bc72c1470d7d818a352b5b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 1be8cde32f194f5cd79fcc7a755d5fce
SHA1 cc8ee1b0d69c51357e61d1b4480b625cf49e63dc
SHA256 712ef61699b810c8ef039fc61855ee13733441855b3c5469fbeae323e6df2372
SHA512 f7d18cdd4965c5d5e115974683eb795ab0e8d164c94969e182ef50b627bcf414dbfe51af7b25cb153a508e521c737964b987eb2ab02454d44e1d5dfd611fe758

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 231de9ce388d70a420c96b29e0878934
SHA1 62d342a5f87a387ac0caf9e98408361872bbb4ef
SHA256 844d721495300a49fe819b7188a77d918c9e367215ae8af6dd419f066c1ce869
SHA512 d8ad2ec05589e58f1c7707973ecd40b3aa31d77594311aba9cbf533a4daaa14692b5b49adeaedd72d1afd1c7b3be512db28fd3f2726efceede728ad1d1cdbcc1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 7ccdeedaaf93729406ffb225d61ca585
SHA1 00c3787e9c5d37878f21b2538c4bfb515e13531c
SHA256 cbb974156bb83163db908b065cd5f9385a9bcf9599738667e8aa92a50f3f8d95
SHA512 aea292c3fd3a6c739114cf45b7223953b7d64667e8a23331c3ab0c850297f6964365e163238c488042a95119d897c2b1d41672be7f9b982d07fd14b10f678f80

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 127d77f5ee1f558be53811d94f5c89cf
SHA1 9adcafd1e573dd4e5b0890cd424511a90d681a14
SHA256 bcdfc660495db299984e66a22e236bed20b45c932d89f4daea2eda7c8d2f2d1d
SHA512 6ea5bafc6b6e55a6b328d140956fc3f287cca2a4d8de79a26904ddd8cfaf9553f2c4a5d9bf9680f1795dc358d81583d982c938ecaf6457aad93f5d2fc28d4a90

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 1d36e9802bb5c96a8e4ab59ddc684726
SHA1 0f4ce42040378f3f126d02996326817dc2a61d3d
SHA256 4f2baad327ac126cec983d1b7985661ceae3afdeb4e29f4f1637b63a2257ac98
SHA512 263f1bf791fcd0a7db710a81920b96d804281cfb2df4952f9e5d56218a250b546961f0097605dfbc17ed51b91bda1d085d7bbe451f4c68043f52fa4cd92b6920

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 95b497041d72e10d7a315f96ae8978d8
SHA1 371b52c6a2f15ffd72a6a6e72d1d83f8e4410c38
SHA256 cc992d5a9cd39626684969588568c99242f2efc40d7149e9396213acd6941f7b
SHA512 bfecf34175008eafe58039474fa1166409d74bb87cbcea5b6a85320858d68ab7ef9b97d7e69a8b4a3f269cf9a2b10db97e63b0d66f6bdc926d5bc63bcd300db5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 a05336880a286f1ac2a8d54aeb9112b7
SHA1 c594342ad103953a8879469159f7be8d4ef7e7dd
SHA256 056dbee8e06e2225f3e4587ef923364f790e9c07ecced5c78e1d9f84f18f9e54
SHA512 af67694961e141d67d7361e3e3c5b1cb86e5cafa05a96369ac72d2351324c49480d54697b534bf118b2e63a716b54144cdd4efe0f1b361f8bf6adbb3e8362c2e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 d5e53faad5f9de9ba1c0c1f63546b471
SHA1 021ffbe7e2fc7b5640bc3dde3af8477baa11a9cf
SHA256 2d4fb9664ec99fd1ecdf7840d3493651e6e03332f568e74a4c8904bcf5544e60
SHA512 df1092a62896d3b7f7c7232d051c6e6f944c2ec09673190768c161299f2cc7b828a82e53140a2c3a7ac64f7b74cf5df3dd88b2a9c7ac63d7ae50fd0f7890e4e4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 212ffa57d1470ed520d2363f30017579
SHA1 0bd067d85d7ea7d425730d0d8ec1acc0772ebf07
SHA256 32d50704607520f699965f4db1495037ff4b120d3f024c78b0536f9d6d9a3e7c
SHA512 ea38996cd22cb6360e1de23a17c6f16f496cce28e52c85b16f66efdc3cbcacf0f0599821b32d4c4cc091eca8a837f84196f68e40c9214f5012c0e452aa974e3e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 121611460814111c3daa62be1ac18f7d
SHA1 6fe4c98ea3abf3a8c3cb380cdd0801927de34277
SHA256 5694359e96a460b7736325a3a55e318d5a895e68657e640d3e745c9fc1765a50
SHA512 9ea1d646b061c18c75d4eb65ac87bb0838ce403bfa5321b38786c768320778cc27ca7ee1f80b48339b3bfcca36a49fede34478165559a6e41b5f5a3c19a4eb89

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 6e2357df64f862bd881b7a461d979ae3
SHA1 745222254e026e6497d8b7b51db478847b3757d8
SHA256 a08d3fa447d6accf1752977a472255c0ba8ad72ed8d8fee5839c0d49b2df0037
SHA512 082d21d9720544d5a4e13c165acaccb42d6194590a790f6b9e38f8c5de3686b862ecbd5f04576fc9bc63024d8ce44f27c41411d85b8cd03dd2d9c79a3f2db2f6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 268b9561b1babf36fbd9604947c8d4bb
SHA1 f2aaf2f0849d514913d3baa10c33106bc7e6cc72
SHA256 e5a457f11ad61598e69dd859fd71b477f18912fefe62545ec1afea8f1a0ea958
SHA512 e3c120408d8e5c3b359eae7f6ffbfb6769ae8446b8c05f7cb5c6d14ab2e12dc7c174a1c907beb6cadc41d83485220d8f1e60f9d67b2fa8f529d910d4e86e6c86

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 217a43d71f5751afc4fe38ae13b3c68d
SHA1 f2571a76e8236770119ca60f4c511282a995af5c
SHA256 c7d62d3dc02d51d56ee94eaf4c6022cfbf9915f6238c60bbb4ad03783972d5be
SHA512 583d9ac1a161c99cb3e69d13d3b66080745e39d6fef105cc94632de8d4171ddf04530fddeb77a6a550ff55dace93c768ff6a27b93a9b68d81d980d6ed6cfc83e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c0395b706280f03d9b38dee348bb570f
SHA1 762132cd43da56e345a7fb53134c84ff3eb1ac98
SHA256 be485f1354d754391ba0079024d9acb525ac8bd0a12a2d3a356a6295f4332219
SHA512 b18dbd8072d6eafb6d29c70f114eacd119373f18be538a998afc0f3e727ca4e83ceefbe2d613035ca68267558cc827969d6723eed555c73b7022fa459f451fbc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 39cd7b2153a22cae96235cccf65d7742
SHA1 52bea99ff6f44d8f7f56791eefd92b7ccc325a21
SHA256 34abca21b334f09a3eb332f0bd36bd5a5a4a5591a88b4cb7661620127f27c63b
SHA512 0b5d05059a4aa44554874fb969e1e1d4fcfe01deb80273f089bc7028027b6f8aaea0d158ec0634d7c4c27f67714f73370961535995ac00a4feafb343dca949ef

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 8854ea7ffda186ac8b9f738e90b5b079
SHA1 dce7255f1e9b11d7a7001abd776ffcab507a603a
SHA256 2846abdabd58b92857132ec02705e1809ce286406633b93373bada0a5cb0354e
SHA512 96c7c5343f1815f89056e653ce0a70fadb4c6a3c153fdf8a13ef7d549f978151e5abe714b0b6d2e398b1f909d40642cb57025580472603648b1e89c0db70d283

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 2f7474a3e286825264e8dca9ecd94639
SHA1 3481cf7d21a698b4ab2e425db7b723b8baa793d2
SHA256 ed0a70d5d547aad13d913629cd3276f97b4a8922f3454edb322f147953ea78cf
SHA512 e09862c0006b87e166f71db24f760d564d4771429ae8adcd071b1cacb8fd96aa5bed709ab17ff96993e2b7cdb0b75aa5c6b196797cdd2162f6d6bf1965468dc6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 29426bcccec9e6d6b08136b7599c5ba8
SHA1 c8e622606dc50450bed6b953615ada7c3547ffac
SHA256 8e99f48b4ced51cdda6609e09b7e42bd17f78f97257d905fe16e84e61aaab849
SHA512 e7544d1b3de6a0e31bd1e2559cbc62ef29b3435af677339c00c8c119fd446666e790f58ddfa8c6d3780cfbe5d2d0e6180e0688881498921e5deb262dd792b6cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 ba49ec3238f17a1f3b08d07ac8688dc0
SHA1 533e2a527b16171379016b005bedce4343f7d304
SHA256 2b2c515578f7a1574f9f5d4ee157345931dce9cd778f2a88404dfb58bb15c985
SHA512 8154515678034e308f0e614083fe93bfbccbd22ed31321d7cc0585dcc782ea8cb6c2af7e30ee3a2b784bece71dd8dab6423b68b0589f6af96b7ecd32586666dc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 443600dd6d775b1c808923a89b84876f
SHA1 9889bc897cb6642a79ef6a2da610b3a03aa4e5fa
SHA256 4049a57580ccfa5b55027a737dc5c16e2f7cc24e702a1b9c61f47278d4a4640e
SHA512 d570f061597f3dc9c946015028530efe4658700d071db53be3e8845038b265f3485c9a80cc3c188ca6882805160122fae347806a0f7c68fd7aa2863317babdbc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 aaf852f172ec565ce89dbeab1d30bd0e
SHA1 00d947cd08fd07a60845699338c8c73c0f7f1a22
SHA256 edd00583401aed41c14fa58fccf6ebc287f6e25cfb4f88efc434c6b6f49ed6a4
SHA512 a4fdffff4a6b9523d1731a3d1f6228b90031356a38e56da2e2f2404eed384aef0d3db90c0c2495769e3baaec6207e9b09ef902c7043c901e31330dd7dea2abfb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 a571d2edbca1a0c02e31d4645eda81ca
SHA1 730218ddfb76c06462838d34f9f72ea4c3cc605d
SHA256 0027490c3bdbb8d4957d00d7b408efdaa840dc2d129646dbaa8452c0251c3bf2
SHA512 d04ff487eb30a6e621fb1e3a3258fcc10a7cc02175cb3aea77bc4ac8833126f861aba765a0160a94e682c1e01996a1025e6189cd81bfd260de7be23c87f57621

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 ac4afbdb2961684c0027bf46c2160d80
SHA1 820221286591b960a3976d480e6c199e4243eb96
SHA256 98e7539f596d088c9d7cd0b940c1185a15215ff875e6a985d12b9fad2f349bd4
SHA512 88e54f8c375a122a2b6ca0d9eec7f652d0dc83d275763db9b7dd6282aa416fdb758d2526c43d3d9ce5c45b85a3c531eb6f3f6aeea1d01d3dfae92603bb9197c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 de2ceec9c01a6fd69d80ea271d6fb296
SHA1 e1c7a74bb3f97423b76355da85e58f7e14d20212
SHA256 fc972baa9ff0c539f46a956ca0049006c982c79950bfdc225de09df575f7fe11
SHA512 02d6c084196a27479fb7ebbf471d28593e4e53f34336a38b2ab207b07d9a55e2f5435f747c27875bc5ac543a3f0ac643362a444651736742436a524d57f5f623

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 641dc1935144fca3f27f0a6dc7f4ef98
SHA1 8eeba0ba954d88fe47ad567c728dfd4c16697d23
SHA256 cb3c71b8bd51b338c609ec435aaaa42e775ddd3231f64613a679318981ea53e2
SHA512 7d3977edee0b30a5db378283f6cbe777052865c76a1d2ad22032d1fbbe9e72b1476af5e440e60dc0b891525413c5a23b2766c5d8db40b1d7eb5e3d32824d1584

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e2d9fb3d750b1267d85d08d957f46274
SHA1 43ee1387d1a7055ea9a3d0a428c606493de637a8
SHA256 1c00483a06202d25e1f996504937a6741391d0e0db8d62cfa9d805200fdac8f7
SHA512 32e0f4beca3b2319337e69a7fe650662812e8f6596d59f797ef8f098f6d7e9283a359df713e10bea706a0b3412bbd3d617b067565e8816eaf81b390676d2b200

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 48aaf9d58c0f4b76507d8341c55413f8
SHA1 8ac4862a9b772216e5464941f40c0017d1d13654
SHA256 0c6eef2f467ec116ddebadde6a9e985748f4c9f6e9294af19d1e3b5d79cb1496
SHA512 ac148a56672c46f5b37547ae80ae3e78f33a97479a5e4bfe1b600c92a666c36d0371faa6dc6074959bb6715e87e5cc651f1265a454b823ef1be29374f7c62a05

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 cc9eb59193afee210af4576bad014631
SHA1 424a8a896f8d2d3e13836ce208c1d0f0b9bebd8d
SHA256 96cec40559cbe97f8e0ed3b4bae7c16bea1534b8ed0fac402f38071f864f4280
SHA512 127f8738cf69e6ad98f2b22b249ef172afe439adcfe3428c66b200e1b75cfb591140bf9617a18deddd59ab84ccd0d15443f88bf407e323e4165c96c11117bf13

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 db322dc41476f13e7598140892953edd
SHA1 b26e5f9e8e76e5f218deb6ae2e98da4d7223ccad
SHA256 f65eef7aa6366ad4bec6f327f0e5fd60df02432cef7559fd6e4950629509785d
SHA512 ca19ec57c2f9bfc075537617ddf7be174bdffffcac9182e3e83111c04ce9fd57dd9cb5e3b6fcb7eeb39572b83c84b4ca041a5deb939fe0412ee3071155dd1534

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 d40ba79398b1baf71e018c6df46c9c38
SHA1 304f442510d04d20b1f30a7fb9953c20de294154
SHA256 68602815a25c3009d5dbb7c486881c990ad75e2436d12637d0d5534261e3df3d
SHA512 1f29cebe4bcf2dd4dd5d0db9c58bbc1a8b68b5ae1bd855715602c7e5051d4c9671a37a7a118a4b96e442520656958c232ef14406cb332518f8a30be179afcdfa