Malware Analysis Report

2025-01-18 20:57

Sample ID 241125-a4qt5ayncw
Target 98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118
SHA256 9f90a24dfd52a202461f7eb429f2d33cc92434d43867b4cb9181ffe71af0ee3a
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f90a24dfd52a202461f7eb429f2d33cc92434d43867b4cb9181ffe71af0ee3a

Threat Level: Known bad

The file 98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2186) files with added filename extension

Renames multiple (2208) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 00:46

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 00:46

Reported

2024-11-25 00:48

Platform

win7-20240903-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe"

Signatures

Renames multiple (2186) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5F.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05cb8c6bb7a54af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\16-on-black.gif C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cc15e7c725d93018\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rascmdial.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b9b89a4dcc1ee7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7e3784ce31e2718d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..atahelper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_36468e58c6917072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_442a6a72371b4eac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_ff888263d4b04ea4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c0e2d3ef42cb2ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a7cc0feedc7d665\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2e0574e8036faaa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcad898b90aee666da2f81b0a87a91ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a4107a07ff725651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_6.1.7600.16385_none_6626671e52bbc0ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e69f2956bc7d0099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.administration.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb2daa1e54dd7286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_33867737402be86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_36103d0b2d48ef9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\XsdBuildTask\90ef7c8e607fe9d71e83d747b02b64c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11b1a08795dae83f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5e391147391d2f55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_be87f950dba0b189\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b3b76db02fdcaeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0ed961bcb5d8d2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5913ecb0e9673c8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netvwifi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_092802985125319e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_57ffb773bb4e758b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.abstractions.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7e14431b1d10f187\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shimgvw.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cbbd46a7b6cb994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.17514_en-us_76a51ea2cc60773a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_ecf6913dd55d9022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ba3b6ec962a2d3b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbc557144037871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b0b9e5b0eda9fa3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b81f5f38f99a256b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48268639435a097a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_11.2.9600.16428_none_56a77f876c8b6453\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_585df4a7092d7807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4a30ef6a5d99e869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5f1b3f7409eadc77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2d42a6783ff36048\currency.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_en-us_5153ffae540bad76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4aa8294d8861237f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netrtx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e21f49fcb87d674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_search_over.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..et-server.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39303c68d0c12de2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wsdprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2ad7f522aaf6dbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e8e4d27156d257c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Nature\img6.jpg C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZCLMZNJFALTDUHQ" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe,0" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 f00ab224a1158a7e3decde3559fb8d60
SHA1 aa121d80877301362612dac27065dbfec307fe10
SHA256 9e05c50cadc1bebe79d80b6a0ee2530157e1cc8b20c6e470e09974087128651c
SHA512 1ab15e40ba2d24977972995db6944af5fbc11a9a9c89112764a6bcec036480f4285419aac7d22c3175c58f7aa6d5c97b6bc1611e9fced6a8b2325c741bcc0326

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 a19c0052b89d7b47c4a45c45cd7f5b3f
SHA1 0e2eaaeab208810f7307b6bbb3170657eaf83cd4
SHA256 fc2ffcf45b058ae2b0749e996d8f43680362308096fb0e7a51e7460e5e592e27
SHA512 644ccd6c2f61ae898de6401a8e4a76b47fe5fff1ba5da1ac8a5f57f14fb49f1fb36c170fe70bf33b572a27b2b21ace7c3557d075baedaa8a5d4601b6f92c215f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 d5c89d8fa83378be67dcb9426c1bd919
SHA1 c591a3f9cdcebda5b8115f7f64d5aaf0752dea90
SHA256 fc0531d8146604c7749a6d1b0d0c744e3c19dd9b068fadca135e4055cf05445a
SHA512 7dfbf38dd7fda5e1b6f8dca3a9dd174a3dc8a54cfe77ce6d8324854356db153954c5e2fe7c65bd0750a147afd3f2a8ffe69e05b1eae0695391c2228bc2149edb

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 78137336a183def38c8d07365f606302
SHA1 182e2ce28c42cfc265904e9303d32be10a3e540e
SHA256 3176db39a28472a48ad769d3cbc3d771a806a3afc4c2fda4eef41c61a3bef9fa
SHA512 fba348753e732f8013269cde3e08136dc469c5f3664ad6a82e4f770c4d8ee4ed9251e0b2cc65f029952c17d0bd69ff15b5d97008ae262ed6b3481c95b3b119e9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 618d20ead8e6c6ab4959b13bfc9e1ef6
SHA1 c52918e1d3f40f461cc2cea862213fd7bac013d7
SHA256 bd9aa9d54772dd375df07132e047d999b00469104f63b6e76413244a9df72d84
SHA512 993ce79b8bad3561b4781ae69b783622f4da1cb6c6bb044606a618c0b3b4c643e292a9e0c005186049be67f6e6dcd0a9c52c8508e5973c42c3f58f4a79a17d46

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5b53fc093b1f2291dfbf830c77805cf0
SHA1 2c11438cbf89c261748622171632c1c6c78c0314
SHA256 fa30ba7fd62d707cd7068f8d48bddebe470aa8fe22b0a7effea468b570f306cc
SHA512 38d0414c6c3777e17b1bb46b6e9dbe743acf200061715096cc89f07cca78922474165994a7e50ae85a310c4dafc2668d8b3f572600029ca0251eae7af7a19e05

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 f145f0ab9902d859f44fc9c77fad3b87
SHA1 282ab1e69a3acb1d0a8e3dc9742a356782f56ed4
SHA256 fe7ee0f5b4f62a138e0a6d8326f9c15ba09b1ed0ac92dffb44babff3f106f619
SHA512 79d42dde0c38df8fbc98614233c0cee2681db64bd8d5edd181e3f5f111b4febee531384617bf45fdabd0c33c3798edf927d9472ad6d4ec7d254b334beeec5960

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 13719a45fafc677d5017e1d62f4c167c
SHA1 fbdb12d26b3a27765971329ca7a71aca6b460dbd
SHA256 00b2ca7b4800d029cec0d9f120dcecfe20977a11965bc25d511d6e224a58f1eb
SHA512 387358ff7b8a6dc49c9bbee14ffb956fdcc0c11266b7d42e52dc0ba34abdc906874ca66457239bb6654bef56e2e917c6fb75b0d40bcc673fb827fed6745c9656

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 9d60f8b0b398d77e512567c501e6b3f4
SHA1 db5503298b39e81b2601e8359845c06ed1a0c19f
SHA256 336c94f4843377ed6b4aff2ba163f5eae33e452bf97a804a3d7663d9b5efea9c
SHA512 cfea650787b398d6a2a4e88aa6c64b83269779a9d1ad2f501ddcb4db4a9fd330d0d2852e1216284e7b1bf0044b583dd9ee71ee399c6ae42e0ccb29bda621dd4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 5fc14a103e54ee181b53e696e0670b69
SHA1 a38cac83a5631e7eaf98f81b96ead4c48a8360dc
SHA256 d6f745933baea97513f063754dd7519a297578fde3532284cf1c9a3198388ee0
SHA512 27feb4b3bf510aa123f714d2a75e03755458af7401f34d9b36809f5f956afb9dbe9d3ed2747e480ee5ed43641983a2b3b36fabeb1ef7472102b0ca17a73d1f0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 8676155293d234a4fe396c7e7875ddfd
SHA1 c105abec735a4f7ba666b1b912a4b423d87cdac8
SHA256 e8b97e5a6ed75c3e76c502b274529df94bb3cbaed91ec9b16bd59e1ab418695a
SHA512 0e0cad81cec92e7e27a650f5d48ed7a6a11a2fb94ecac42820107dffabcb4968f57da30c8bb1de01998527ec29a141e5e518f11ea61280a19b75b475c41de1fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 38dadc64af66ce44866f75cb626f95a2
SHA1 dc62f7935d41bee70d9327305f9a6316c54dcc9f
SHA256 87434a59654df82c3e150348d5b652a21096012e25ad60bc56faa480d6822813
SHA512 9aee17df94007d717e6f98f4834c3827dc6d6bc42846400b36f9eae75bd528e35560245a683ed80fa94ebecf90ab12f9449277f5e76b7aa838d3d06b3ff9b138

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b3518ad711eb059e1c38be10d6bf741f
SHA1 bf8e9a50579eee07151ec6f1b58da1a9dfdf2cbc
SHA256 74d8c5b33ba180076cf952b8d59e8939250be5eda68d34549b531936020579af
SHA512 6fd2c32d5ab6a5d07f8a92243d0ba34742d5d5bf17ab7e282d5d57b9464a71cb4489eb015d95a2cf7b917deec7946669da4932f6f1ecdf0f6b21bd8b7126bd90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 255be27e833aaad5e7365980b5693bbf
SHA1 812b807c42813b8ed8da45b4d364f84ba590d023
SHA256 e061447b65c2f8a05aa3beb7cc4d71f9d4e0a2e86029fccb86e78a05d790d6da
SHA512 682e5d3e84f46786f864fdad5d6017c4f23b7765802e08bb0ad970094acfee3887025ee2d689f0381514ac817621659655033372a9b120ed005a605f2184d882

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2b022cf446e0e969c7f04cb9d0aa5627
SHA1 a8a33fcfa1da44efd52b7bf85cad3a51411fa1b6
SHA256 33d656a5c8d2e1ce26974132e1736017cf25c9d314e88e6cac71c12c74e38175
SHA512 db2346e64f57b1608c4c09694bbb41a76036c3b01cafef702e261773d23b9b67ba01137a53d186a5925993d33ff9b9c57ab98777ce7d1578dffa4e435ffe5c98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 9745472df1392e95cd4c118413c8af60
SHA1 fe7444d1a1e1387388d4d93207cb01b2a618a752
SHA256 bb9e291f2436540ca84d870feca677ccf62856d3186299858e2d467590bb6530
SHA512 a5fdab99260358f113d6a1212b1ba2c88001edeec7288b9f71465519867288399428d4e6f383403385a22d2350cdca6aa45b291aec4942450ca1d0933ed8c83c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7565d12e4627646a92412a67a3120116
SHA1 b1db005ab1932b2bd1d76aaaca9ad8ee2d80de31
SHA256 357c0ff7b18e39eac3c5c0dbdd36125fc6eb0853c7b59406ab073f1e420955b4
SHA512 29707b750757882d9baad25c9dbc2bb0b159329895200d3a561cc425c1e4ee2f9e98156e2a89b64dd1b94f46d931bad6a47ae186efb90658a41c58eb6fc3aeb0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 34e157a55a2ef3311da1c1e703a11da6
SHA1 3c56ac26f4d816dcd38a42a0e5a22ed03d7ea179
SHA256 4e317efd3ba8b0d37164dcf7dbe9b76c2ee237d7aa785edbf0824006b5471b5b
SHA512 e7c82df386442ddc87de6dcaa4fab90e5ef330988146eef5edb80ea91b04c69904710b9737685b694f890a60d28a49ed5b448e05df5157f35f85e17fa2fcaf8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 ebef7f63f46cfd1e91a38755d860a7a9
SHA1 af6db170067e8deae10aae8cac24cd9dc267fbda
SHA256 fdff2539ccf2ab336ed6f95697900621f68b4f6cd7a440ecc66e21e47ec5e6f4
SHA512 fc7b71c2c8f00403ea564ecb152050dfa3a03b9d8d40baa314945a0aa749734588dd84d3467940275af0ed6163e1cda30b893a3cf53101f934bb189773c27185

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5958ad0b8266348ec46b1cffdf2b5446
SHA1 320627008a01cce65485e84e3ed933fe391b9124
SHA256 bd09ff5fc4ec36fc78c986499894aa0a4d0b827d7174547a26b723efe1cb70a8
SHA512 5dc30f01fbb5e1099ea50880344b8f604cb4915c97a600d555ff0b1418db2e6c5912316ad4f8843de88742cd3f9ecb8a1df50373bd8d199096edd77ea0e50800

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 9f468574fd8877dae11e51373769fd67
SHA1 51606610937149aed1ebffd22721bbe3750a2eee
SHA256 f299b43eace54e8c10f62b28ee73fbbec1efebb9d71b6d5e036e433ffd9bfed2
SHA512 5dc82c8a9f25e4590d0f48e0c77d9228c9fa0a1bf6823195ef74918ad98004aa2ae7b3c60d9e3c0891b16fd299ee0323493352cd49fb80a1e39b4fcaa4f67769

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 602cfc47ef7e0ec63878831b3de26fa3
SHA1 dfb08a9fff60b9a5def3d5a61b6dfe6347115cf1
SHA256 92ef029d2b44cd58f68489e952e8daabef1246f016fd7f32f4443f57f7a58933
SHA512 35a2dca68466508f049b1e6a8b7730e99c193a191c5d9e55a50eec983118f9a185264ff32d43902b619fa6964cfdb5f1cb240f96df91f0c90b9110271a16e311

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 7d3d3a7ae6cebe9761aaa2e3906ec4c3
SHA1 97818d697baab9c28318acaa732cac050dacf75f
SHA256 6e081f82201115509cc85e107e349e93efbdcaf9fbcfbd0395f86ad1337d9d82
SHA512 34c3f0b4a66729507f95e73b73d606bc7f935adf8ea1697958a95ef9581214935ab8634b4f622cdd69940759ae766756c2f13c221cb1bb2c0fb917bdcde4f2b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 60ed92551afa9444c2121f9141bd0345
SHA1 c647b3d526238b23a20366b994426a3544f3ea21
SHA256 1b7f3693119dfc1d2149b5677c1fc3eafbe6b9acc7f1541064abfc664a42159d
SHA512 426be7c4664a803f211246d54ca4af1a4a70e526c34a185a6d1d095c6af2411a890faa705cd83cfdcabc4e097e1e15e2154b50c32bb8723ea4f79ef4c07786ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1973680a2d463daffe836d05dd231820
SHA1 f6dc9deb458c560189ec06cc75efeb0cfcc843ee
SHA256 ff753bda290df3e09c1ddcf71854ed74d5f35e1046e899aafbe66328be3badc4
SHA512 9bc4ff875ff01e3d6e65b3a348ef994dc0da7c27f155debf328115e428855184fc1f4f5a3ed906013666a16d29d16e76aa1b3a09cb831950030287075fd99a9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 c2b01b22fc34608542dc2ec70e1f1445
SHA1 b21834c5dcede2d02b204d85b2023d90fad1e275
SHA256 cfdeed08bf8fd3cd5ca30e114aced3ec65ddefd2eacc9db02819680e653caf60
SHA512 11d9b9b69831ef7f99028290dbc2a018a8ed1201c7a0798dd774fbb53f491e15e90f1384de74e7bea7b50ae2815c50e579b2038748080f7a21623f59e6e52731

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 18beb54eb2534d1d1143c3712685c767
SHA1 82f1a8232703fb61ff794c4c386667d4484af059
SHA256 62185538142376fc858b853bfb13862e2624d68ffe58f3c18804a430d90f8b19
SHA512 6321cd59813e038f0bfe3864ac033505232afece422d0c37f77866cefa8ed27702524b5e5fecefaa034915682e32ee5374bc717ac99b3b11f96c8296a0988a60

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 df685b9f9746cb179002530471a8833a
SHA1 22ad68fc73ed85701488c714d5166e7f29c7d534
SHA256 eac80feb9fc84c9a00bb6ac7192209c05b5395ea403a19680567239110e110d0
SHA512 c2ccdb6d37d9f806e54cbcc040181e62a11c5c854c5af978e4353f17ea49946e17fe818207b9f44f8c32d60af38230f2a18aab381fdb7c33e617d92d7670ad1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 dbb5030074ecd830451ab33c52e11bdd
SHA1 b8af3fec57ed670c80074523dcfd1b199e648aa6
SHA256 43255b31bebbd86df59b9d56cab055c04821c5fafc49eeaa9e417cdd42013acf
SHA512 17963722709b192d663ada264256c9fd59f0e94268de72ffeb08f6e6b7bb0bb1ce1c19d70fca5b345f9a00305102a4aa242c267974cf6eaa857cfb288fa28444

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 27e7fc3b89c45793399245b3875ecc40
SHA1 d87a27b21979c1f5d935ffc76ce107b7b2a936f5
SHA256 539a468e8cc5056914d56e340d478f01d11099a64149b25ba395e6ab5f12634c
SHA512 2694425116f0764e48383baa54947e5667197d65dc62eec5338cce814aad60c497f9664212e21a970537f293e670cd29f9d6450ab974b0b05686d9ecf316fef3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 1b025a712cee2dd76b954c58b8d5b4eb
SHA1 36862d971710f165faebb7ac5e2b5dd9e4424c9d
SHA256 04fc0577286149749b94d7a0184fa27b6aad23f20730ba547ad1948a35b7a8a0
SHA512 8844f9a11d8b217bcb19bacdda6544b628f938e503b19ce06c2b3ded7058f19020293497171400e9595c01162eb8be6e764bb422861fd5c8abb60cf4beb89e5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 cdb93d47d274a0781b4f8686a688f91c
SHA1 cbe50b1dcdaaeced0e0d7c44e1d0c667f129db63
SHA256 590bfd0ace73bc1b1818474643cdfbac33395326f71cfdc3b55ceabb35db85ca
SHA512 438d0436512260b8221dce57c1a69f5c2f9cbb1067ecce675a725c628c6724f9bd9236254e2c94d9d2cc474baccdbfacae6ebc9c637b3ec9714dc15d3f7caeee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 a60f350362ed117a523ffc9a150f77b9
SHA1 2205fbc641c8d46f869df6bf8ba2d563d10dc6f5
SHA256 4970e4787f5d3b99cd58d20028ad98b115ec4e176072e3cd5adb1131357f2a3b
SHA512 8abec740bf34b22c86eccabd3539e9f34ff8d0bd4cfb181073ffdd6acb82ca03cd4fc27779684517b7a3b9f1a989f2f070b33108b643fc4991260b87a79e9439

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 6a2e96bdaa645d373998f054056c7a59
SHA1 310b320911004e3ce3cf601f9c6cd4a7c5b65e5b
SHA256 88f7e59c3fd9e0048b684233ea46e323d20d4a83425c60584c68dd2b38f439dd
SHA512 537d61722929bdadc7a7519d3c1ea3429573db125e451bbbd3660764a0d913d1899d3755e540c6a04c6f4270bfbd61c0cca9fabb48c126e16b8735b41d5872bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 344a01f9f2d487c23a4164b3235507df
SHA1 946247fe6e720bb3f39ca9999710aef55614284f
SHA256 8cb6820ebd1e6e8b0bc100fdc06f5a307ee489d2ae7d683f8e58a11bda346e58
SHA512 640248bf1d0e41e6ef1dce8c213df74f77d27c54f8b63982665a53f30652a51af20094b68ded01f546d5b9c151f42dbcd15843ddf0b43e31b44144cae880f023

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 a0f12c451f9e5862599ee6c94356b939
SHA1 add2073c706219900ad024ac1654c7a89f46e864
SHA256 3ac1929441258ad510abfd25bbc4907cd06db684e5b1042600654536e452d973
SHA512 fdf86029295224973f54b0b3f8621c0e2748364d837957434bce3ae5f78d1998eba05e3ad1d4fa88ad6812a85ab196b2616564b5860735f6425df6871d444d33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 075e01eea0b7060c1b1c48c087c96653
SHA1 f73441b6d2c87d85ed774786793c94cb1965076c
SHA256 d431fcf95fb0410d2500c0a4db04e067ce8155a00fedcd5a1d43f4f107d60e40
SHA512 c9d883b4c05aa4bdef62fec3a10691c816eb5360a5f903889aafef20dd8cd9579d5e6369ab692e242dc7039db05073d860c014adde9586a4afcb1adeab675586

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 3c1825faf6243c8980436d75cc0a54f7
SHA1 d27b9920fbcbecf496a2acf2f18f08a34b6c6b1c
SHA256 e9d000e9008825badee8aa3f3e963731e1fc63cfe78e6ae2619c7bc27b0b3977
SHA512 03f6455035b717e35a327ed02edcc5cb2c6657aa8de867b638fba2ab8c9e1bb0366d772fa05e5737a97aca98cd62602240652261501c6ceaf15c07618856e216

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 5e0a480e33514ae7ae207f6f8a4e35ad
SHA1 712821cb52fd3638e65048328d745b25a5ddac41
SHA256 e79bc06e55e6f58089239de14113a0ac93a08a234aa173730f3b581833f65425
SHA512 312010f6b2a421bd4f4e36b3867421b760e1ad045f7896b3c6064ee94d9c862cddfac769ef820d36746b6ad1e4861e06ed9951e7b942bdce496f76722e2d937d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 425c4e456bf2749d2edab744b3c5404b
SHA1 db6127446b71cee753fef3597c4dbcfec6276e54
SHA256 bb94d49cf9d15f23ccc4e14bcff854a8a36c3e6b2b04ff879ff8afb03584c60f
SHA512 c6aa65214b041bcc11388c0176acb3551cffd707984b010749422515cbba38c9d330b61cec5820ecc993328b05e092fbf3569a0059cc356df4815878ab5d7674

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 fbe20e598503545e0e409b7bda2c4dfb
SHA1 85fed67d04b13479743d9366632ee95c8ea54c32
SHA256 7cedb4323ecf418e23ab336190f13d46b4e51c7d34e7387836e9976ec141e440
SHA512 7d5ff94dedbcfd7642613b4441bc151bea1bd671252f9f4e4430a7dac6d500b8de916967f894fe458a3e90c5d7be3d1a3c7ca3ab05edb42b3e7fd884aa3e4316

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 f642e740a4d40b078514813ca4b6af02
SHA1 f8cd5a6273a534db3db68cbc31bc2f93bc1bd73e
SHA256 62379eeb0dd0c60decc16211de6f23bd99843afb402a2bc5f4c7fbb796210a62
SHA512 e6af885fd45528d660bc23bfb8114ddc4deb1ec269f744a01f50776651565d7369bd4e659c43165f284b9060537d46faccd460e15e64c73c38a6576d5b264e38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 29e8b17ec1070a677dba7dc9deda28f0
SHA1 290b3240534a0dcdd6fc733256338aa05ce00cdc
SHA256 e81df256404cdbae38f6e61b9d68e4bbcd6f30ba484d8f40e74dcf58081fa3bb
SHA512 ef2bafa987e7ac9a312abca74c5614cce79fcae4c2b4f27d3f36c9a2d22e531e9950abe5146280a2d5e85c7e4d4cfcfc2a5b953994e7ffe9593b49ccfa883222

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 78b3f6a97d157d44276e7a52c8b4d3a5
SHA1 01dca0a835b6cc563ad4cd7f38744035962c1298
SHA256 6e14a968e636203812ff21c3cbc4c3be50260a9d2e174b31cdede67500e31ffc
SHA512 9024c5d33e2cec91f00d1bdb700435719361a40489823d84c37d3e1da9e96ee12c14c6665fb01edb82a61f8178bfaa51126264028cd434e19d39c634f2cdfdde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 b193541e545012af6364514f4bc6a53e
SHA1 1d271ec7ddfcf5d8c5f8c228b145cf68991fc656
SHA256 3a2238dbd092ae88e905d88e889ada57e84270f38f4b514cb6f9e8cccfc7f7cd
SHA512 b10b16312b9b2321c388ba181c76e5770a6803deacc464ee271e19ee51f7a1e3b3dd064b47a7f684e01719d774156d1eff2af5241c882583f40ab0d8203243f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 bf26e6a1c52f84f1ab968597ec3cf0da
SHA1 81edffd5e468deab71ed21e697bffb8401455652
SHA256 5b4bdddbd4c52481cf34280d3a2ebb098f6f322c0fcb0005e96036ee3c1db44e
SHA512 f60b22ce3c61d1241ee0b4401a114379a7f9532cdc1fed9d2a189537198a21e17f7bd04195bd3b6cb74c8c97f9a4b8f90e6a5805b8fd319b88841c1b27d4820b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 66c17b236babdf4039aa2db66fb17efd
SHA1 04195176f869b632c4c4784efcac3033fdef12f0
SHA256 6841cfb4b6272b6c6e1d06992cecd18ce1a03f3047e0410bf19887243b37305d
SHA512 898d821b79bb6d7b92244ea5fd32ac5e7afac5cbc24ddaa409d6f140d8396b81d9a282f1ddaa301491266a111f2556cca7cb9fc0ef218036a5d6ebd40fc2dc66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 440b6e08cc22c133c94013f62b180ee8
SHA1 addff78f6bf3e675dfa647c2c43d563eac196c68
SHA256 f365d917d04201f1a5729b3359db138bc0ae960fc8ccb1f95bd1f2e480afae9e
SHA512 44ff7dd463bc7c151ccd027398f0fffa5508b27489a37fcb15173526fa1d566a1902bb64607b03f92467781ad77bd7b4cdf43e2b75c24dae0f19ee9d97b3c56e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c04d3dd9706053a747a4065be48adfe3
SHA1 c6068fcc833e9627a291c63e64162dcb414bcf10
SHA256 998dbb3f12cbedecb4787416d2f117339ab234e908fc262174d8e6e9ff6c9cc7
SHA512 c480f0d3b06aa8af85c15aaaeeadd70c0971864a69af51866efdfbaef4eefe9914d6b20491f683a90c953785409e75c1e64c84054210e3c958fe33c378b5ec7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 b7f13cd4522e9ca2c1c0c97a9414f88c
SHA1 ef15669aa39ec71fbe51ab2bf37445ef6709830d
SHA256 4daca4be7b38a402b3de7f648f5edb95e6a10dddf313df3cbf02f6240eecd0a7
SHA512 1e83a9b0690d22d18a8c43a3fa6a50f4866a71766d86f5fcd8fe2b08e7668245dde7e77f13367703129fc5db4a1c2343eaf4757514331415f1b77417c42fadce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 484fe5bf6d2077b4677de35919460a9b
SHA1 afb65308ff5d0091595126996fda7362001a7856
SHA256 cbc05d4abf45441810a6232a4428717693f07cce488549a027d8dfdbec048cc5
SHA512 dd766e66b601379aa4f56491dc888471f1f3d7b2fa7b62108e1e74fd45f1bb343d36f7149be9c2776bc3434eab09a1a35a4d55169db93d1a10e074d693bfb173

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 bc308ebb3c8af2669e7407b9139a49d7
SHA1 247accb4599af4fe7e7e05e065c741583061ff5c
SHA256 7ffb46787fd262d8db2e740f6cc6f59813aa847363cde1f1cc113ddf96295e10
SHA512 658881859fa79563efb44de254c0fd5adf8c5df15ea93813d300e66ed80a10b9637f31dc5d3d3c10ddcb3b6d65bad432ac284cd134aa00c54a7d3d84c5ab1acc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2a64307f7d6f120afed48cee6e6c355c
SHA1 7abd7adbf02735503dec804eb3c1300ae21b4c7b
SHA256 ec2d0f0156ef2cb4ad9b9743a249c1600cf5c2d6a0a9a4a2af4df10561f2e5c8
SHA512 1feb5f8b8a735e63af7e2fdd5f57af6de1b1a96106a720d2082e4c597cf0768ce9940f40f67e62cc9c5464abb67a1cb59e619d81a467a94baf9d79f8cb1e0e52

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 4233df9e7b55970c1cb667b512816f1e
SHA1 c6f7a9261c79a51f59d1e68cc213e6f911e0e54b
SHA256 33093dd5099d369adf7b897a4065ba722c35d5e5fa16461fe3ccd285ff8680ec
SHA512 8c0d22672d0ce2e785b4b1710d5b72994ff60c3624a4e08672cc77362507aae7f02acfc3e3528b39c8d0ff2c0152c2eba793bfae4fc8303efbfb2582b49efb9c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 7cd1e13abb3586778ec88b8e57b2c3e0
SHA1 7d4eb4dd4e55e611da80f3bcdb37d79ad4c4b9f4
SHA256 8be9cc275182ea445fea0f5fcbd539ccce56764458ae0a7f8ba5a63b1b8d9531
SHA512 9c2cceebb97e7792800b99e3d25506c7222381915389b44c25e6cd7543ca7150febfd9a177331e5a67ac552b14020629ed2666dcb65823a7211e0f164c67397a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 bbeb7dffc4a0388a7d15ffc762675b58
SHA1 fdd0d2e5b3ff78802653bc501bff72e9f55b0eb0
SHA256 40a28e94d4b81797717dfa02c015348bbabec2db21bb289f71cd022753ce797b
SHA512 0885ba632393082ffe1e0a9a5b2e70d864e3f68ba12e3ca0d050d35f7ad86fc70daeebcb530f9ae71fc7ae95116d43b13b64e21f15b897bd58e2ad6ae64ac6f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 7eab2222227d329a05492e02563b95ab
SHA1 fb8c0af8ab7bc684ef3268f88f3d44bc888dca0d
SHA256 fa88fe77625cc1808bfba69f0a137ea3aad4f96f1c41560733a998460b1c8fce
SHA512 4385390c7580bd534920150095cdadd9b957a0ba522223bfdac8279f48fdcf885781e0ddbb85ba3ce9b92a8310ec228a867ce427d3f21aebed3f90f2350cd422

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6410905a62a81a89cdec5d19a5e1e23f
SHA1 62ea2c0cad56148aa8d100589b9edd2d74b9e254
SHA256 eb0dde1c0948d01eb2816bc454fe43fc4bddb106e31762b01b1a65c5b67b8d52
SHA512 d48aa0a1768a78d54f6fcefbba4aa1c7b8af18eabed45614a6dba09a268b3baff0288fce94c6b75381302665998224872cf7113e0611fb5c14f91594bbeb4ddd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 18b94c7252b9e5d23f10c6588f4184cc
SHA1 4019da952e6ccbecdc625556583185abf8d35efe
SHA256 42ee66eeee90370979f3d25f52995a148023f54b9cabe5d23fc4caa70edfc763
SHA512 3a609439d52b6980c014b9b3c75dbbbbe0a79e10c98ffe93e6c9f8f76563b9568e3bdd7a40a5b2e758fe6584d8e1e0f889777dda050584ab33aa52d5c34d01cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 e1d73d18e104e79400b11e4e0af3a7d4
SHA1 86ce17c50f9d0e04505ec523fd580faf28c80c7e
SHA256 103aec8bfca1695b2c4da2e3854c8c93731b013ec152a6901efb1ffc6e5f1546
SHA512 fc21bcbedc2e805f6042d5fe65e2f1d6d49d291433194d572a61f3d6339a0825076fc5f27c40b3bc0b9d95369d64def7e26d98e2bad7e6c5c83ba6b6bed700c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 28b3d726babc628fd0c5818a56b4b80a
SHA1 75847aa1eaed6808b251b0a3fdb7c7adb258bbd0
SHA256 57bd0b938c99553819685e334fdbaa5b56942bf1662f1006a6570e85abedff4c
SHA512 589d2498e354843402d93f8c5b1f3f03068126f473fcec4715e8e2f96f8c674bfe646b71e126d66bd1615f82a23bfaf3d81be9803db3b7879f64bce6fa3c5f37

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 108b0f87473490ec11d1a65f67742a46
SHA1 e518de2790cc4dfb89245c39094d894b616a04fd
SHA256 3c2f08aa4003828bad3d6436c19c5023b9bb2dfd16b1033bd5d560ba4a22250c
SHA512 1b64d591c7e1f84b36e27912bf1e2ecaf936a92d0979631271b288cd20c79bc8b13cac09bdcb64da29700ee74ed00190e6fa3ee0ee061e039e36065610e8f67c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0bc73c8759445075b22cd285388179ac
SHA1 d260b01eb70bcf351f4678feb7c80c23ac234a36
SHA256 950a3e36449329027fcac4aae3ef98e7539d12bca03be9a65b71dd6249ff74d1
SHA512 3a11dfb65bfc897b75c8ec7d520cf845ef720fcacc09fdb28575d2f6312a7d029bf67f21ec334b085578ea2b1b11ed459618abc3d67dc08024c9f9db54b3764d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 97ba6a03ebbe9169244dec4c44055c0e
SHA1 1c36b3a2feaa2d7be6473164b4421ff2ac621e07
SHA256 687f8a5f5fdbe511349749117fa9c201719521e8c1aa8f1fb331432b04eafd3d
SHA512 85430590091605e3478b037483e8b6691b737d58ff0c517fcfe9749e5351eaaa5adeedbd1f150d60212dbd88da62946c4fb81f1530634b618d79e9ee2bd91785

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 cb74e226794fc01c9b07a494b8ac011c
SHA1 95797adc1360f0703a4d396798b28807f90a9075
SHA256 778bccb137f057e08f37dca636c2e160273b5d5773e26c60b19a6b39846d7631
SHA512 0c8387d5a617cb558d65670b50895fdcd942c1b66a89be64622621299d4bef1f060b4eebd400f53e04363e3f025e6824bbd822c5f65c3053b3329ec1720520e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a96d9b700851da868a038c4ea96e4b7c
SHA1 701225ddc627ea27d095fe4efdc5fd61c4b1c341
SHA256 56f0280934425b44802c75de294d81d79c725b867f706f65f5d57c0efb29e86b
SHA512 2e80b85b09c6548137a721b6438c565800609d1469eb4b672b6c781228bf7cd92075039aad88c349f69da3f9097e28772ebed795b38b902bae69555a6765f45d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 cac6de561b5e847b48ee66da95dd06d0
SHA1 5e520d0e52b726ff1b7aebe6467d4976037b147c
SHA256 125470539c4b409f0b852b431cb29f84171d846f8efeccb42474712b17dab881
SHA512 89447c51a1e8861b1c574e1b9ad880f72c1db1f992a53c4c0b274750d24abf8423099498b996b6897c8b1033145c3829e72734cc15449ecddd4cda9d772c5427

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 1522060ac1463fca4cc2d25fc64d2130
SHA1 1d4af0f9b304689fbf1e43fcd546181b586e4513
SHA256 8e618eec1f53fa66da6bdc60ba0aac083196cd8c15cba7d6aba3f6041aaa52e7
SHA512 d6d085b7b27d900b9868edb1fcef8f69e22d09b2ae4a04fcf5ad175d9c16cd34a56f4da5af61fec84e182ae13bbeb0d7479c2d2767fda1e7daf5581f3662b25e

C:\vcredist2010_x86.log.html

MD5 3d1fabbd9e3072794d130c1ee4236ed6
SHA1 67f67af47c2fbf8ee02729de3d2d0f28b84f6295
SHA256 3deb3c9974e61e6eac77141fcc7c751c5464037d804b603cd56c1f7cc491d279
SHA512 2f19d10a379091cdc95b140e27a5f1404f4cfd7fa4e872ff9795e566f8df2060b9cf7ddea89c04194a5b21aae56225257308484eb4ff065aa4c05e4b7ed994fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 d722fe6a4b7a0bef9d4f491fc7768724
SHA1 a315571199ced6a2cab9d206d0ca021990fd3f65
SHA256 c5d80de25288bfdf5af13d299a0d981ebb524e46b7d0384d18a828fd326bca25
SHA512 4bb269cb28d988953e140ff61cb1050cfa3ee0eeb286ca1f22a969be1167a3ed104aabbab29c1ae91d15998b105e22cc68fece7d92e8177e6573687e52bf8aa1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 be7d81f2442a9d7a594a060f6654f0b4
SHA1 3aec9154d8d78bce2f06dc22495cafe39e9db307
SHA256 0e28789ccbb00ea23dd202a59c6eb5133d9b8d2a31b62c3bbd5f4c5e7fd32328
SHA512 5585734f5b316c97d42d0e24ea94289fd5b07125420b3c9cb39f62562ccb7603388ea77730851e8036389c2fe5a704cd390d1b9ce2e0192145e96946e086c784

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 498a4c0720d9f82fe8f541486b9a3998
SHA1 6bdb555b977d9eeaa59c698444586834d69b7a3c
SHA256 3e574ab5665a86f2eaf7cbad30f16485f45a0a9a95ec9e2f943e2263ea73c51a
SHA512 b39b27cebbbb659e6a0ea50b69465d48463452f88faca668a59d3b4d16a4c49023b1e7f5927486f0419c413c5b3b891fb785ce028b140e4e68a771062d96fbb7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 66bf6620ea398bb79b4f045dc6376f0e
SHA1 224413ac361c1149f26d100893369cfb8bfb8613
SHA256 30cc95e6e583cca670689c1faaf998f87ae69e31308b324ebbd2732b10141c82
SHA512 ec39d4496f2a31bd681ea91c4f0f3c7f2f829949f15e75149366b64377a48734d2329ab7a8f7048d81105cfb606a5e36283e711dd1801240c59a0cc559c6ec3a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 261e9fc6bfdb41fe38f482951cf3ff31
SHA1 dddc5299f2a081e93864ecb97f494d1539f73841
SHA256 cd275e62ec2db57d3f4b43bf0d374b503327dcd6153401a0d609039b5713e604
SHA512 846afe3d7b2c5d227d6432ebf6d87c4b2e68584a5c9d22f70aa3a0b1c6cf9b1f6b6fb680c255dd744b01543150944038b8097a255823f2ac1cd91f7c51390860

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2821893a946af44474ddd8d586655ad2
SHA1 bc3ead5a3a01d89012023e83d7b6e4d518c8015f
SHA256 b27bb4802cfa92330fee8f9d6293554ceb7203ea9b79b4834ced2e7ffda604d9
SHA512 2a45f6165a730b6d791b58f7937f7effd0ed8342eb8176bf029f353b7ba05fd89fa8d01fa61183d1484c1e3a84ca61bfb0c2b0f507384b8c1bb278bb4b6b1c97

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 59284dc055d28c151d617f9a98479385
SHA1 5799dc0fa25a4f5c4e301fdfcd547c86d146ab61
SHA256 7e3f850ee0c90cf26a4428802f3acb59f0ce9ee8b1227b187da774544b4786be
SHA512 14f6177e230a71afa7191f512157ebcf75c8e1853005841df68f35d92a9e12937b965392d148aef8f7718dfff2905bd47fcf4bc1edba2381df42ad617ac7dc50

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 302f3cb2973bef4f7af5d1748e51271a
SHA1 8772197792d3349d08e489bdf9f0ad71b9fd9cad
SHA256 a5714fc8470c0f3745d787c6d7c4da346bd9b30d43a5e3153721fcd4b7eb1e82
SHA512 64e02cda4e3e83dac785cf4f0be59697524247a26c96d593240824f8326d7437e1f4898f60fde12f0cd840fc83ba05c93108cb40faf0a630e14606ffe6b4717a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 010fe3bcbf23c4728664c10b7eae8137
SHA1 061ece08b7975fd91f29b1493bce6c3582d039d7
SHA256 dcf472bba3a65a945b46e7d7d621e58729b6c22b9d957a3eb37991c6064063b4
SHA512 0522867ed8524277d15d979aaeed40183982d05e78e86f02b6adc2213508e710f121241cecb17a832d837aaac20b709e56db833486a0d3f39533ecc03547cacd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ccb153763043376c79cf0ee4bd0d9746
SHA1 4fcef2841a4a147d5ce12b5f986276a7eed9e0b5
SHA256 0fcae41d61dcb510b8bb4736a22fee6c323131fec1222f6f03852f4ddf5000f0
SHA512 79574cc6df331edfc9b244da0f538bbd619de11fe0503537cce3cc4936a663c0e535720c2c285357fa194e5eedce3efc9bc9345687b212158b6486c1f5704bd6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 735dd252487ed682e01a855df9d989fd
SHA1 30ba8619fccbf59762d7d58051122b0da4686a74
SHA256 d86ec28cd8672fd9be4e7a393de4dc87ee3778b73027644829e469fa205dc032
SHA512 097f87c76fd96015a4b840b5b0a16aaaa1671c1ce51ae5630e0c2972f52a71e25d3f63e28187c26976a81f3c10255826d9f4767db4e2716c4575fa60d36fa51b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 bb0ed8a4199660af4cd051d5d61bf992
SHA1 39c4a6f4d2dbf363f799c26c0b682e5e812f3fd5
SHA256 c41a23eb872b826b955801520ea384621a6e39ab15eb3c8c2b918519afdbaa72
SHA512 036f05fb58fc19637bd9b16c9a3a607183ad69c42c2112c4c993b794eb3c75939043e91986c5ee2986c975f9c2b320bb8df4bcb5b5a817e05cf98c08392f253a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 34e3fc1a7e06025a2d5842e0eadb8e83
SHA1 3f6032c967d2e53dad3f3dc682899c2494509870
SHA256 a87d48cd8832ef6fd740e9dada0b18e9f3336b86487c2ca71cc29eab6e18bcc7
SHA512 60d55b2fe1484f07a3e8954008ff237f236259ebf3ed8e7c5163dfc42336158fec1069ac72874d74b5eb61194f6bb4c71e313f6fe65652c93a86a344ed4190da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3349f7d0c24f857778c61b5a5ffe7227
SHA1 70f40c8c4aafaf5a67883a88f3cc23723c286dd5
SHA256 4d199152f07336d1d4b7db8124acd6ceaff2091bb8f24f99702be415b665a60e
SHA512 c841934ed6f27ee95313e63d77583e3728d050b4b77d3783e00cef22977519832fd6664e5f29e36d7877d18db4f67f9b2527f5b2dda563239c8dd2d9bd056434

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 e09493ddb19d0ed5600f44ff7f2f8699
SHA1 4cc271e3812e2ba9eaf6dd023bcfaaf683e3cfe4
SHA256 c2c924deec3677318892635f116f5fcdc7c4f5c813c854377fff72afb9e545c0
SHA512 386d80d8a8c0524606e9c4edd16285fc19df1a03333a0dd7c8a42e4ead66d7aa1665a6917956e5dacb67bae6e23dd2b2d9d88e8eb49ff0db337737732dcb0ed6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b9147ba1f65d607ffb379a8003fd2aea
SHA1 c73891ded54cd93874cdd127b20ab0f5e94575f7
SHA256 1aeb0aaf1d778c03a503ca615a795e684a8d2017db697dc46048a5703c05558f
SHA512 47f67fcaf56a078f5a43852cdf66878d91148926ea9991907c719fe865df326d26858901e0cd9bbf78d236f62cab894ff37fdcf104f63e50bbfe8787cfeef4d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 83dcbae8c88bafaf8286fee27ac7be9e
SHA1 ed441730b2425c09a54796623c1c3f49d7c3b92e
SHA256 fbd76669a602e5867c44a6b6e274c53c31bedd7e1b2ae7764da1b8f111044f7c
SHA512 9337311764361600a0a54b450f7c225624b984503187ea603e9b1cd4bdd8ff89413194ecb39be409d0ba7a9cb0269510482d76b45d88475b66bb2476bfae9021

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 1da36ea563466915be0cc70f7d9d3fca
SHA1 ee739b98447c087e0cd676135698a3b05df3f2f8
SHA256 2fda0286caa93ba199ecfed6d932915aa7858966dbceeddacbbf2c169a789108
SHA512 61eda1bce5495c32f429d022addac1fbaa7d0903d0d9148cc8eaf22816a944cd7c3040cf98c387787856fff20b65e2b1cc0ad4aa00192245ad1e254a29b60368

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 302e385157549af9da6fa68fb72a8f0e
SHA1 e31b60cd1123755d764ee24052973d611cc8282b
SHA256 8f55af3f741180f86e7c69af455603cc3259ff35a5f3d57e8d318f9218dc38fb
SHA512 c29b292eceae5bb40fb3c31a5d971decae780f0cf6b9198b7cf63cd1229fc3f71dd6e735437103ef2db48f6f99e1e88b1ff2592cc5e07eb332df8ab57520c264

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 87a0d9b453415425694ab5f776d767ad
SHA1 9ba39febcf7374f40dd962c87ee5bf4ca4e23b9a
SHA256 98c8af2f31f69d35b627ad885e472f627f940e102679d98599e8ab6edd0a0650
SHA512 6066c638b25365911575974c2ae5362dcc89db329cdd7d1f657b927b5102286e729aa6f036bd80776223bd2a1b220f92903a6b8aeefa04b729112a68cc2ee7c6

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 00:46

Reported

2024-11-25 00:48

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe"

Signatures

Renames multiple (2208) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidtelephonydriver.inf_amd64_43fa6b1db642df7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_9658f2eb83f061c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scunknown.inf_amd64_90993a57907d9959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_b401376fd0a39c95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-140.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-24.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WebviewOffline.html C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\taster_post_call_illustration.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Dismiss.scale-64.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\6.jpg C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySplashScreen.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\2px.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalSplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-300.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-200.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\System.Web.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.0.19041.1_es-es_01fe90456407884c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..gprogress.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a044f287e626b70a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wab-core_31bf3856ad364e35_10.0.19041.1110_none_d4444277335707aa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.Resources\3.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\PCW\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_it-it_4284d5feb91933b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-isoburn.resources_31bf3856ad364e35_10.0.19041.1_de-de_ddee61ebe5bbcc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mup.resources_31bf3856ad364e35_10.0.19041.1_it-it_22f02320409b54f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wave.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e89f3a127f7f0e67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_6b0e328273416a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.collapsiblecontrol_31bf3856ad364e35_10.0.19041.1_none_a242363405ae404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_10.0.19041.746_none_d6fe3f7e16490f90\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-alljoyn-runtime_31bf3856ad364e35_10.0.19041.746_none_d0cd7b5e76e4d57b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..iguration.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a01730220ad2c651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ienttools.resources_31bf3856ad364e35_10.0.19041.1_de-de_0ed1e9a472920479\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..holographicruntimes_31bf3856ad364e35_10.0.19041.153_none_d3b31db7b7c73bc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\INF\LSM\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvsystem_31bf3856ad364e35_10.0.19041.84_none_40bd4149a6d52edb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_10.0.19041.1_none_d8796aa5b7739615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_10.0.19041.1_it-it_0651e2fcbde94d45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..oth-avctp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_290e7986b0b6564c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_de-de_f38a90bc4c1d767d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shwebsvc_31bf3856ad364e35_10.0.19041.746_none_e40dbc2e68e03bc6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_es-es_8531c7565c7a1349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-lcphrase-tbl_31bf3856ad364e35_10.0.19041.1_none_94d42c181031aaf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.264_none_fb8b672a9dd51800\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_megasas.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50e90c0ff0d31e47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.19041.1_none_3626754ec37c229b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.746_none_6fd85971debf998b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dns-clientextension_31bf3856ad364e35_10.0.19041.1_none_2636f533cd47430b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ilenotify.resources_31bf3856ad364e35_7.0.19041.1_ja-jp_9cfd62710672767f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_10.0.19041.1_es-es_47e41768fba0d9bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..stion-detector-core_31bf3856ad364e35_10.0.19041.1_none_b92e1100e3d66a66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vpci-rootporterr.resources_31bf3856ad364e35_10.0.19041.1_en-us_015e8b68b469eb3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..os-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_0bf40dc511913ae2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.1_none_1391a44117cab095\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_10.0.19041.546_none_896440d157f48467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..eduler-ciminterface_31bf3856ad364e35_10.0.19041.1202_none_000e3037d7cf3d70\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..tscontrol.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_bcf0807cccfa0873\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-lockscreendata_31bf3856ad364e35_10.0.19041.746_none_17d3b6c9a66ace77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.19041.789_none_2dbefc6b526e20cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\v4.0_3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ctorybrowsebinaries_31bf3856ad364e35_10.0.19041.1_none_f0b475b524db3d11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_67aa543198440973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shlwapi_31bf3856ad364e35_10.0.19041.1023_none_790612e48e34194d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_471d3c5a58a769e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..vices-bpa.resources_31bf3856ad364e35_10.0.19041.1_it-it_80e35be1a9758905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_10.0.19041.1_none_3cb34e0d65889b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_10.0.19041.1288_none_65f32e079a5e0e0c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ttiledata.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_dce938ad035c6aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_product-onecore__mi..r-v-socket-provider_31bf3856ad364e35_10.0.19041.906_none_5f81d6a3c14ba91f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_de-de_94bbe2514defe005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-coremessaging_31bf3856ad364e35_10.0.19041.264_none_2fb91ebc76ca0906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3f393cba5cfc07e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZCLMZNJFALTDUHQ" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe,0" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 f00ab224a1158a7e3decde3559fb8d60
SHA1 aa121d80877301362612dac27065dbfec307fe10
SHA256 9e05c50cadc1bebe79d80b6a0ee2530157e1cc8b20c6e470e09974087128651c
SHA512 1ab15e40ba2d24977972995db6944af5fbc11a9a9c89112764a6bcec036480f4285419aac7d22c3175c58f7aa6d5c97b6bc1611e9fced6a8b2325c741bcc0326

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 a19c0052b89d7b47c4a45c45cd7f5b3f
SHA1 0e2eaaeab208810f7307b6bbb3170657eaf83cd4
SHA256 fc2ffcf45b058ae2b0749e996d8f43680362308096fb0e7a51e7460e5e592e27
SHA512 644ccd6c2f61ae898de6401a8e4a76b47fe5fff1ba5da1ac8a5f57f14fb49f1fb36c170fe70bf33b572a27b2b21ace7c3557d075baedaa8a5d4601b6f92c215f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 7a6a695ee24e5f138a6deb00121f71f0
SHA1 73c618d48603156f21e72d6b9b1b64c5cb1d18ed
SHA256 8afbee6341e7790accf3cd68cbd0f9e05d05a41bd0383734ab42e1b9b2577232
SHA512 05e0ea2abc2526f66b4d6559b82cb645356670cee7d54cfb0cd3a0efe5d86728088a3e49a0ac8a11b79cd0ead33c541a08495e7eff098106aba4b01062d7d210

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 886a17f24cd6182e82a7ec24094a8ccb
SHA1 9b340e143a1739e0a89b10276fe74aec7a8c8931
SHA256 fdc38733598dd91fa112a9f2eb1ee597a292260040b570fe8a876e8ce06957a2
SHA512 d9589f59da100a90942dcc33f017dbb9164bf603e5d97dc3f7cd939fb4d7ad6beb719534910664f95ce1cefcb27f1c70b32bf87eb5addcf630838e69510cdc57

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 9119850502a1e7d251b86609f4083bd9
SHA1 2c211b82b80416d7cbdce7cbeeaa2d6b24bfbef8
SHA256 4e11a0c8c860f1458d48c951fb8181eb447822403da2af81dedac73257cf2781
SHA512 1016a9440bfe19f063da983e53b51b78c1a6c6a41ba9a57bb8f26fa214c9e23934909bb32df633b88bdc6f60c7825dc35ff8097528b33fcb3d0c128bfd47c11b

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 0cc2f6fa7f161acbd93b0f6af0c9142f
SHA1 f70d3b15eebdcbe055790d0ce91125e20fa5727a
SHA256 83933c265c4fefd7bfffc0f572f1a3a24300c7bf45a76c87914126eb801989f4
SHA512 02078cdc7e2248ef8318b79bc1971cd4eec0fe4c257545071ba441fd2a81e558c8c444f19f3937ceb77a56cb5d51267631941eea4bfd68c774d834d2b84527db

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 abeb7fc36b8fac6522a47da6c1cbc1d1
SHA1 c48d489b82479261959e9b5dbc7e648362bf279e
SHA256 c640f25897cd59fa1e1330cd3385015060b9e3ab5fb0543ba65139d1370115e8
SHA512 62a80021a316bdceb83012549d88415259b9d952d734e58303755b2239f69997c0e0e44ec56ea124324fdc3901b373f2096ea25b0d2c3c347ab791dbd650c3e2

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 e7a67eaf2339564e9bf5345e4f0651ce
SHA1 cb4dde6cf0d66eb4298435895cbb565228e95108
SHA256 0c2899b35e06282b02e0a51f3bf3ee950c8425f847b1f837fbdfae20e88a9c94
SHA512 76d02da41ddd4ca0e856f1dafc8bf165e56b4b0ae9db063dd109903fe0f080c6962b38c19756a8dbe1df74d8e739bbbc4013231c8e03ed25e578bef8c30e12e8

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 7b450e6e7e3f6f65f92ad6e5c9f5ee30
SHA1 7704020545716d135367fa39ff6a92741a6c0741
SHA256 e46aad40a1972c8817b1880a49d62340a198623d5e1012f54e1a82a8fcd9421d
SHA512 21839ab0eb2b4914768caad14ef1f3d65961458e38c9f86d4afe27eb7cee0b53b4619fd312737fa040c59377beceb4f6569a009758e341505e85c1fb12c20429

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 4d7ff330a9e335cc667e94905bbf91aa
SHA1 9155d8049a06e4363efb96595314a21ebd2d6b94
SHA256 ce4502d742848aa8afd0aa7d59e0dc8a043aae0d2767f1f75f2b4b4d4efc9e3c
SHA512 389f8f80f5e5e010db7d22a3f52505f7ebc276efe4d12637e9d8ea0506ae57526feb43600b5eeea453774e62c655d2226dfd20d6243a5ec28e2c446c1f990596

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 1233595301fef09fd7b6ce0797291382
SHA1 674d7aa3cc7d3970ac36336f1cd4561cc37e2813
SHA256 59ba16ae1f65169d2f455eecf810bd55a8b0ac181e71fc34ae8bb86354792173
SHA512 209fac3389aba58336cdb343fd9fa5a07ad2d294106b68622687839631e22666c9059a197d560669ef045fb136d355916d49e431d14cd5095506a6692e0500e7

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b0cd68f4259b7ee729806e52aca7c30f
SHA1 ed1f6a66aa40be76adf6ae4cf0b85f58b669af4f
SHA256 1680d2c278e30ff0ec278d65aaf9df30698426e631d919df28d23fbac5d5ffa9
SHA512 b7112d15eb1f6d6408014923500ad4b02fe61aa023c64815d387e4a35c511e2ca8caaf2b144770dd13a0b12fca2555cbf111bf159f05dcd2606020a87814d7bb

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 325d772658aa992776043f6f2399ede6
SHA1 b082437e2d23abb10b88d3558e849d926fbf593e
SHA256 bd1809fb088ad9839e953dabf6a6d5e4678a69cf4bea5f50d3c0e91e714caa5d
SHA512 ea46074e46e11745cd6f6a30fa7685a28f27916523fd862da666a6791868b0bde9b5a9864f2f8425f89e2b5f53279fc1a8c5fc8b899ed394800eca12817264af

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 50a3bdfbc498e3720184df3f69e61b68
SHA1 09018d12c34c0bb170c8b0b58f9243d39f94cd19
SHA256 f1469b692bbc786a32fa52192c147c8017685a73de8757c8b60fdca0a12086e8
SHA512 6e261f374c048c83bfc0bace73dfa7866149c032bc72eeb1567e28757e391b37b819557a8b0f9cb3e1c032d07ee19f803b9743db1c8c07d421b7223a8940eee3

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 9967854bce06c9dd0fa69ac6c54dfdbf
SHA1 4305f4577536abda0595aa3504885fe9a7ade634
SHA256 363ab70199c42a211c02235ffd078e3de1c3061b7c2453433df044db5ced5f6b
SHA512 973f1b5f7c8eb92a42c2d34438c6d04493fa43a1afe18381986f06e464064e0fe8ab24cd1135306ece93730017e9dd14a1bc6df32059563f6807e7b52fc1816b

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 86d274ba5abfb239a7415d686b457590
SHA1 dd93ba0bf4cbfb0b0d4dfcbdaa1f004643791692
SHA256 b8ca6e756e22fcbd91c0aca616c7f7bf1428315542768f055be1d04c2dde87c4
SHA512 ed462f334ce42d6a9eef0ca85a04f2ee97effc58662021bb63b9f86df057f4ca5f9b75a87593a5230450cdf6a19853941c74c1b2e62bea9bd8413473c82e7510

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 028afe0f59a778be7568cec1a0c3f33b
SHA1 848b858ae4a62de237a621dc735a18ca59ef2662
SHA256 9f8886927b3fbd71a679d55608e728bba87cb07962f91823300339f0f225c132
SHA512 ea12641036151f64f035c200f4c8c6cbc698c15f088870e88222ab46b6f5f83d5fbb058228331298863d714284f90deb9a1bd1187fce5e44a967d742e9dc76e4

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4ea46e550510e0bf0a39297e62dea977
SHA1 2d5c0669191f06fcc3122f638abf153afda36f29
SHA256 7da59378f9e018d333262ce144f82890cedf85c8c5f47fadcbdba8ff36f08593
SHA512 2785852097451d3bfa9f3d8fe2d016d3b978e4ed82ea0e596d4419740533b817de6d08c98d9197a04a2a465f0fb0c6351f92e15ca7a4a53781a214ef908983b4

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 cf63783d72293a0b248f5613502e9993
SHA1 513ca56e7b70ffc919276c6d565862f62bebb684
SHA256 84365db474ef5ed61a421cfe2060d0218845ae3c1739b2623a11005eced4db92
SHA512 1063f57f11d970c29a35be1ecfff3a74a8cb65c2f4e9dd3f2871dd918091ffdf19afac27ebce51fda33aa1e80832f00c5ac753af899f6edd298015cd0ad2e80e

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 0cb95a854c948d57642d86ef47620ef9
SHA1 6d71ef67ed9b7d0f3728c09d328cfead631c7462
SHA256 37350917ef59c533cf9b5892b31b327d2960e4421115cb10643cec6304e3cdbe
SHA512 ca4c692129c3b9d0eb52854bb03b7f95b05ac47a76b66ce197b0b78a353cf2ecbee336fdfc1e800de50af02af0f22572e7e57f0af5beb9473876431f66430c15

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 11e83f240a79e343a36ce9e375963780
SHA1 64ea1536758cbf38054ddca01ff19688d42e9a20
SHA256 7833515b97fc00ad81c8475cec714a8b162efbfa3931495d854421eac297a4b7
SHA512 23cad699f16558d2150b86b020d8f973b2448e5f88199ebcc2baf3107c8b4ae7bea7ed77dc14ba6ff5f6cc0da63de167544b6bbc321fc012f896b0686bc7a6e2

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 863b17523be60790a47bbcc623189022
SHA1 310ea2158a791ec021fd30feb5e94088d9f87fc9
SHA256 ec3a9627f3d30293e8737d1d811402939ee678e4c4c50cd9c93ebb12d359b133
SHA512 ce6e3e1231ce7ebe153a0565282f2c22a5b97bcad4e79c7e234a1a04202af2c7453735c3ff33af487e4f9873f5185d5b2f9f64e0ff1348807d5482742abe9342

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 24be392bc4c2a40c3d5997e27e8af179
SHA1 e0ac6e788dd56cc7a4d41a8abc59ceb72213da14
SHA256 62481ed863a7469ed4e8d8b35b2bec2c3723d17b6993b33d29632be5838fd1e9
SHA512 a93f642a87d1fde33f0057e40dd842f78180618d18b7d9c2f02ca8d907b952bd7c76a42d8d59662a7b70e9e633938e71de2ec57f9f99b45d41927531ace076e1

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 38a296e6af048b79fd3ecba205540bb3
SHA1 10dd750ead4a7c2c77625fc2a3092ca1a439dcdc
SHA256 ab36e31fd17cbe177e1dc87ebcc5808b2939ca9dfaa641156c774daa3ce2d92d
SHA512 c2e72687bf74a5f959ca42a77589c1972ac9b1a949f9958315dd4eccf2c3db9d2b933dd30eca310f44452f53186bdeb65799380d45b77d79f6c4b844383aa291

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 1b392214519240c934660d4e7080f078
SHA1 2c6d58a7523871fcdbf8e46790b926b7684909da
SHA256 3ef446b1619973ab336a91b505b4bc117e1561546d80d38533d236e662acc4fa
SHA512 54a43c81039849db0606e59181e13af8398c1726b393243cd907bf153f6edb4e8b56583a13d15d7af58baf01a92de5a75c5da739b3f70563ca78762d47853d4e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c4092f67c3b55083d167b7a75cb4ce2a
SHA1 d1f2a788a9bab9d94dae5cc2e31f808a30ed133e
SHA256 730ebd4d766f20912685cb79dc94ae893930d0ae18d01973a13576ea6716e9f4
SHA512 966e8c503238603bb1154aa073570dace7cd785f5fca7fe9aca2bd97be16dffbf30e9017f768876d78c24cfab1f20eff6f26dc468d88092b581db673689a7f90

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e87cbb4c3b5d83480b914b4f117a682e
SHA1 299a6520b814bc948f310eb11226aaf6765de6f1
SHA256 ed4968ee24dbf80f44658173a4f792bbdf6039578e9a0e0648e69e1c43bf76db
SHA512 ea1dee9804b0f0423ba7806fe3a2f51fe2964b5b777f633c37087cdc50c73fd86706daa10da94e42f239e2e48bef8a3807fa6c571f064be6bba7f85725275ce8

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 4767c93c49db27938062441c2c008b17
SHA1 16e10905d1d812440c142e6f4feee40a02f50bfc
SHA256 d3f44eb06e1e1190c83da0dd2129aa46fc09315815359452ae7de02e9b8e5e66
SHA512 fe388bcad637bfef2585d6cd5468ad64dfbde5167b4adc530a058f38b1f8def9b3dee85739f113a4eb72391e2a3ac274552b2a18b101e85fc5d85c529541406c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 af0499f31553d7338d084526dab44337
SHA1 ff3c08e17dbf19af6c08cdb58c646f2d120454c5
SHA256 4ebeaa15435f24ece350b1e7d965d0ba29aeba2217b5ab77b037ddd7406e3c3a
SHA512 3481934363e35d4a3aa62dca0f380ed99ec1ba37d84e9ee8327a1987b798296988f91e70f1c357570a2d54c3aca137c4f4c9c2dbe5571cac5512893dea5b0627

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 829b8aaf512ceec0ec26e80e9be5b833
SHA1 22e7779584ec431b70fa3d2548bf8ece991845b6
SHA256 03ad09d7320e59ee11ecbdc7d3e5f66ff3bab771b58fe428c3b20c8bd1fe4b48
SHA512 06948b5ad11d1264c162a42268861dae3b11abbc9fa22b90d4b9a0c751d5f70f8f5634b54972dc2f0b5dd7c914409fc1bd5f52ea4cdcd307d92c6567b97300b7

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 a39d720a0d726a471a83c2af77ec3b71
SHA1 2a4f2530a856d7d643ea21476979e6bb9f516d04
SHA256 45f0d02862a09b8dad11c8a2f68716af8e5264d7bd38a0e943775f32d45a9fbc
SHA512 a7d2a7bf37f99a05faae165abf8aad514070e295872d7094942c8a59b274c6b91aeca6659a3880c694615a1b579b81cf84d8ade867b0a3e8122242fb0a72e2ff

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 827bec088093746209fca1156948eabf
SHA1 e9e3d20f67ee46c30d444e7f4f54b11dea9f7171
SHA256 f91648920e49353dd417f25991a8aca81ce4727d55ce0e0366deddd022bc3684
SHA512 2fecf91be63f73fd1575a4706368f583c054c8c167054099bb42c6f214be13ec4be1e79e35faed37668e46a9bc356497a0abf8e4313bc97b952add8bf7313668

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 5b307131f53693d7b916a408f1fc101a
SHA1 0c526bcba62f5b0ac0a427b257ffd591060cd83b
SHA256 5c5c9a07b93853e76bff41b0fae66dc4b582d009b0562527df98ee3b805c60c4
SHA512 8de57f6d86cf9849fab1438610bbc46b7229eb0f6638c31c6081c3ff4be00718c08be7850c1e5a6478efce3fccfb0b6efee588ed83f9f87b002763b58e4ce866

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4cc6d50d87a39780a08b25d509e514f9
SHA1 a9784bcb730625317c4e09a66135519e6a4576fa
SHA256 97b1829277bc43a9c9566750c53b18675dcd52f6e44408fc01544b383a330c36
SHA512 e815716ea9081636c54ffdecfaf65a0cada17cbbbebd7883e81485f4d6a3a8d830684354fc7a6f637d8823a66f7ed9a84662e7b18b882a0dd0ad9fd964b4cb6d

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 8cd5d4a31ce29288b682132bf8d2e5b6
SHA1 5625115dc6fe2ae68450ce41ae3fded27c8c84e9
SHA256 33205d52c9491ea6ece9aebfa51c238dd51ff32004898f0a8df9c3b2a203dff5
SHA512 b60528a9cbf10a51b2791f4b8b000766845d2e4e4614072e4a37d27c1ed213f564ccd25c08801ea261b37c45b809111b71813443bf1b8f5df52f81a43d1f9373

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 efc80932c1f78150355a927a97cf1257
SHA1 74dd3027cf38d976b066916e08a089d116fca00e
SHA256 0c1dbc062d78fc987ae912501ab367e2fd210811910effa6fb40e8c8ed94231e
SHA512 0dca5b3e9b3bd97a57bdb2baa8e0846056303bd2e9593ccbb5b81e7b0e76d32cae273644715a78fb29818bc912772fc88c6e5106ffc2dd4c360957c70ad737d4

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 c56a5a4b087c74057e616bb7f855bb00
SHA1 66d355039aa1c143a29215635a2859032822c10b
SHA256 a7ab4f4ed2040b9732e8e940993dd5672b766e23559f2c8489f47a4548b4525e
SHA512 8b5a08115d31116eb3bc5d8dc91ac0db4692daa0c1e2f62a91b979f15343f330ef4f5b1a6e1b313db5215f39ae36dea3adf2ca38daa1b45730c06c6e20694f1f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a0b8a2f8ddb7ed19397b2a4a6fb7b2fa
SHA1 519e218bccc246b19025a9e13f1ba55b2e88902b
SHA256 adb40ac1b96a9c320c2d88a8349a64dd28c1114f92172842e497a2ec04ffb80c
SHA512 a1d0781ffc517fa8fd639b4f52c6eda9e06467f6069cf108c01073b726a019d6ae7ef57f07e4504304246e5d7cecfd9953e153951c07283c460d52e961f68257

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 0465294a28c3704c9d7609194cb05f11
SHA1 5f6b76185cf0b18fb7914b232528b886ca3a81e9
SHA256 d5f95513f6efce0358bbf30cb076449a4a770f5262458376f0cd26909659ca86
SHA512 491351a27e1aec607a944c09b781939f0cc93472448c3c51790fa8a81e67ee6bbb1083b50341e8b13050c20b3a4c5e52200ca858a658a14d7166173f5dc21403

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 930bfad36bc6c7eb5f610560fa33a384
SHA1 d4890b8b56ca08c89592e05f3b488bd43751edca
SHA256 ce63fcfa46bbe9a81434096b891768a98285ae380e2d9ae0360ca5c6c8135def
SHA512 104d1bf0a7343c05d1d88c0749f078dae4b3d504b39007a760ed8b00a287909b47b8d4cd8e20a6af382f74eecf70f5e5c0a174b5fb72c487e4cf1edae97865fb

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 6e2eb99bfa105421b02ec7777a782393
SHA1 d5850f09072051f3a5d69f4fbd1576f965d5318a
SHA256 4c2b3e336dd1e8b29447addf2d6b5e5d9f3accf7fdc17615544b4b6f55e81cf0
SHA512 b9e4601836a7801f94d0ea24c66a0a67d6dd3139c5e250f6802086b33967418b2d7bf1be379f6cfb1d28518ea7f796bed7c21cc93dd2aa4a5a443b5c545f78d3

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 dfd93d35ada3eef2dd250c124df07444
SHA1 f94b27670a6f9927b15ec65dd818cf54c0bf9fee
SHA256 3cf9b2e5928332e3c6cf350d2ee961777d82d2ae54e87006ee4df944f46041be
SHA512 abc8b3ad24d556de98bb1de25158303076656817aa4fefb792f115c32e77358e8dc2ce35695db8953a9447adf8ce4e43fb57104b086cba3c2a6122899a9e3641

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 64a142586347fc171c1858329bb34597
SHA1 1af0c3221c989daecbc33c41778507f1b10ccf95
SHA256 b9b3da14d658f33be0430d1fc89a9bbed1e467ad09cb72f984aff567693ee318
SHA512 b3d0ee58ca615c69b85911f41414c9fdb27d7b726f2f2622aad7b01d25672d2c0e780d482e5df18117abbcc220d1c28cdad486639005e7aac658aeafea27a1aa

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ff8666c8da6f87ee402e900b91250d16
SHA1 bac28e6b7a9629c6d3245944bb9420652736b4dd
SHA256 a8444766b648afb14cec0216c63de2756b94ff379b9df4e045577daad6fccd1d
SHA512 09c65c0b0624e8ee3b4434bf86465293e5747114e4f9ab0b28447d0ff6704c868ffb96bdbb8e4cc7c9f2dcc3b82181de06d6063af763c11e7e15ca16b174df6c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 36bb0926f201eedf1282d82d3d5ca93b
SHA1 59d076f46935a3642b09e6ed30883675ffbdf985
SHA256 b9beec6de2a52a305a3ff02d143b6471d516739e24b3516182642aca0f64b4e9
SHA512 18f95979b34539ee24a8ec29dc33ad740772ca745f05f3f73843ec1a66ad829cdcf57ec196987154da6d4bfa866340df147f5f8a6a1c3960cb51b753b6113e87

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 7ee3a921c0a70865bf1f1233daea37fb
SHA1 fd0d881862e3d552bbba717e6055acdd134d03cb
SHA256 a006b757662acd871e9221bca267a93ac112a3cea70790ffbcbfe06fe83b8fe3
SHA512 e11adc1f7c0deae070b967a02c56af2c53be562db4d8de268604983e7a9ab170afaafca7f2e9a6b3239d84f5e33381b625aef037e4f6cee591e85f4ce04b19da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 6ace2be8f116d40813f3649f93ee6dc3
SHA1 0bbc839c7e1e2c683aa613246a1e1a29c8502055
SHA256 829c731e3b233d97df59e1ad4a0ab44a3339a4fcdf5155e4b39ad78a4bb4ae9d
SHA512 e303749de9c889fe9925ed9f9382f54b1f6eff30d07361bde77f8158c50682295adaaeb331cacdfce5da24a05f3fe837c21fe9b42d69ea2ea85fbd379068ac1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 dd6c6d3c3fe385cde97b494c3c2e20b2
SHA1 27f1fe8b0b6cd4b0e738af0bd18f8dcf780bda5a
SHA256 a39c1d481f3aa7a850cc529b4d4fff3de776bbaa6c5b5ecfd1c23d1253413b55
SHA512 299f3f00fed97e9a52195bf72eae59edc8700178e7b90a837ca94d6080e73cea359f64908d4076f05454cc3ff90a7d1db707b28f63994d4fe34671ce91c84841

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 7e810ed0743f1bf617350b8a17eeccc7
SHA1 cd48397c7cd352404f641a3917f8ffdbe55b7e71
SHA256 fdb1516aa9a13e27f379f1f07f9a5e1c3d4cd0ec1b1e8c7dd6665c0bb0f950b6
SHA512 6fee6d4a97e1b27acc0af26919c32373359eb8a45b3f1e5faed824ca0cce4586c96d782ba3c949473cc8ad94bdf3f4d29edb30e53cce7ceeacf24095c45ef30e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 e58bf9732091cfb26b87435a4dfc5c5f
SHA1 ee2986b163dd23622d0af05c605b27ffccb56681
SHA256 73354ae130746c5316a6be341529c2b0147df6796f6a8e825e7f2da5e8d62dad
SHA512 166efe8c2e93c00752345f863fb487f6bb3deb690261fcb81358c69839d00bc9a48f5177e2869e2b2fa729a7d63a5d749f29a0c5801e183a21b7e238221acd00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 2abc87c3ef6dfbec485011d64da7d838
SHA1 b667e6040de326ecdc1ead431e5459600b229b02
SHA256 094a3ad4ed4f1cb1a0763ce1d0e7a9f3cad20cb305931cdb65d43b86776d2fc7
SHA512 8e65eebf8da48c3a665f9e183410261300b776cfb5ea6759a769a40834f9c81a01ba127bb5816d5b0e8761c847974c46ba3860d289d88289f7532491dc835282

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 28fb8300663337637988baedf4e6f463
SHA1 cb814a1633accd8885fbf326e55ba35ffd9cc69a
SHA256 8bb4989ef9c3c4690817ba752a2e7da9bb133f778607f720656ece4cd27c8ae5
SHA512 06a9c40e59a06fb9e696e0c704b25ab31654be5f7bab94b10abc020bd84f58f122af152a8b59c0f7a1cfb22e9d432afa009083b01be6b751294c63ee337b59e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 851976db4074d2f85a7893cddbcf3d32
SHA1 030eb280c1e74bb9a974f384170739fba250cd66
SHA256 ab4983facb9d28335668895c05cee164197e2262841d25f36368127591a26348
SHA512 2a4d88eef47de317c8a3776cf91014869e138b56d338fb4ebbb05c586467354b094ee38b8d36ba360bbb1f33274ca3bf90b2039b5a29d8a5ce01788caeaf0e0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 6a64e29b0015a2271de22d0fcfb9a9ea
SHA1 c325f67399f6c66dd549738de860226750727901
SHA256 8046225c0647f3c33ddfd6a7bae12ddf93e7712e0df03247b1fc549cef370752
SHA512 25b154391729f2cb7c75e3480675e0c95e1bbaa8d13bc611359c72403431d7cea2824f2646f2f2d5f7d065e0a4663f134d6cea127fba689a70421f7d4a848bb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 c9ae030faa71ec55b176317566e5fa77
SHA1 9b70ed02754461add5dd84e01eb97149be18cec3
SHA256 fc9958f98f3db5866683953257225f3690900c03a075581861e432e716159c85
SHA512 7f6bd7be4a7d520639efc064a30ea01102e71572420822314979753abbf7002f486b4df9d2752f1c74c871c95a928ae318d4eb5cc3fb3c99264643fa8545f4df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 ce4403cb0cf12c0b76f8f4824d372640
SHA1 571abe18e67c6f4bf6822a00127a1e3bddd5cecb
SHA256 7f9b02302c6252eb4261c0134c084121e1484ab31d7dee114927f4c42acb6f24
SHA512 4bff35ae50504f4a3033f026d284e5706a6a886d09e9a33bcbe2ac664459f5270b3f3a958ea286616db7babd3c139c23a19b6cd0bf4936622ef352ba7eec6055

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 5896b2f714e99ea5bbf46f3d4ef665ee
SHA1 2ce4624b0c8404be4aa00a7ae36dd87878092d81
SHA256 f77faf95d5f9d2bbb9ba4ebec39a33e0eecc7beca214fd319d1ce14038066c8e
SHA512 d737e70c4fc01638e1b79295f65e203af50b6f56ed32a42979ee2cd0f0b38764036871646feb49bba3e8c233e17cee61b9656d1605f11fe6be1219fa169dbf4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 ba67b56c7edc267dfd7e53a3085ef62d
SHA1 32f560593cda965d0e4203e883296182bea01abc
SHA256 0b0f1e8693bd68c1cb79462943675bf61d72f187ae331be7d5188e802fed2812
SHA512 0e4da30b2f89012e5c942307780456786a855bea6caf3045a08aff7d86ac64ac08d56c510339659438305943e7ff990f20a5bbc3ecae07e047ff448dbf3abcb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 93c3e5e8d10b4e7a179e0817e0114e1c
SHA1 7fa43c0cd6f96f309c2b5effbd0558f20715b276
SHA256 4660a5fb773792124192d75e349f05bf31226e5dcaf8c241568bc52b1905ebfa
SHA512 2c818a47437fb4d2ee524cc979ff1cffdd232a80da4a0b414aed5871b5002d755494c9573397069bed4f0215d2cc1a2183760135b289b807ac67d876fc1f2dc2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 6df11223975a5a8c2fe67b54528aa9f1
SHA1 0835d40d3cfe023e3b23de1f7fd37dfbcd0aa09d
SHA256 9e537d38f544e571feb3c7ffcfb9265ca0c7cb3b8be5ac411746e2029c620c7a
SHA512 b7d14eaf722d36c334c79e00bf4972474a1ef00746cfc75303215f6c453b18eae73e4416c941b50ee15082d3fd2be593ffa2623c835c53575dc86313d7f41c2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 f9b5d0be154e4436ded96287037dea5a
SHA1 9d9cc84b9a83245475d2528764a70760d053a7f1
SHA256 3ed4d065e51c74d6a44ed7d1711609612fd87c0d68fd02ff82692dba06590793
SHA512 e9188e4117d3f7edeb459002ddce2211aa55274a8bc6f4ecbf849fd18dd98d8b0e40ef51ecdc8ba4692226834a1344cdc5421578ca4c6cd51dedf2c6b6347e2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 7abf1dcb3e1a410cd7f2e326968265b0
SHA1 227b86cdcb5edf014d6e359d821a3d43ad0ad884
SHA256 6f7cf8554dce2323d0c53c41a9dd19367ec734b236003086d992671f46c93c9b
SHA512 ab713edc91f9893668c902b287abfea66ebfe096c2b66aa5d5e07f9d386095498f315d3b494c8d682dbda5fb9a51a88baac9cfcaca83e546d5b3419a2d94f953

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 dc6a7d1314f8818bec49b1052aeb865b
SHA1 ca8c9fe5c9d9a0c96146fd75b0295f3c531380ea
SHA256 49be6a4dd5709806bb952c75dd28b87e586fd7afc586c2ba6b5841b4da5319e8
SHA512 4c8677d99eafdcf4bb207f84d81e4387403022ad32b1cbeeedf6713ca91f396c9d433ac4e96411abe27be03a43afc4d0ffd75312a9f68c4c4dfe19e0d305b573

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png.EnCiPhErEd

MD5 bcb4ee591660619a87b65ac58c3d8605
SHA1 482a39343d19b434312bc0a418e806b7730f3b96
SHA256 84993cced32287c92d25b095ca7b3d125727e6863fb65a04e09442230789480f
SHA512 d888b7850999e87768110834a3791337d38e552e01e8b1c66034bdb13f4648030c994a212a4682fb32babb4307da750923170a76d6a490e9308f52083720f6a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 4fcaf5ee061955158fa52bb423834a3c
SHA1 321d90b20814774358c915c9bb436b75109f52f4
SHA256 807590040050786687a10d5be74f004317fc76c500ab44b45263f723cdce69ac
SHA512 be834534db8fe379cba33e2c404fb629f875b340d2bacf3c586a13ee7259503e33ced7c9b45f6990a3eebe833d76afb68668127995b510756a9871734fad29de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 2741d02d3b8e655403aff931b969d820
SHA1 50b725e94ff1ec354e31011b91ccd5db3517fc9e
SHA256 a305f790d2e1b82313f16c8146d3de429a0c435aa1d77ee649d59b91fd74b9d7
SHA512 277634cd726314f78de12d31c83e32bb22a87147583fc9c11d9b51b6e3dc5bedb886957b700d22fc72ffa515066922d47f9afc4eabebd58238292fb300e01c02

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 a0ff4233de59d38cfd7b926e81ab8d57
SHA1 bdb38bb56512f65cf30e9bd3bfddeddcc167e8d8
SHA256 e1ffd6c76bf2cb75a75a1e616e81fa5b6f8b0225b219ea5914d5e960669dfc2a
SHA512 302634659eded560367b6801c24da2ee0628cb4789f10ac4dbf856930d1c0775bf79fc46b43a7eb307f08bb57a9c0314269ed724f3e898740eea8030ba867155

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 cce0ad3c1c68c8d910545ae89b7fcf6d
SHA1 aed4af9668e5c6f994e9a6690eb43943c5d79319
SHA256 1dcc723775ebc2fe54e46ce170aedcc284521361232c817c1623fc12b2f242e1
SHA512 b540294bcd74f9faa0f1db6f89e92e41381dba03dc1106c669db4f682778d26e72b03b5c6c3e39d17f63d92bd2aa822925fd6e25af6ae14e3a6548397ea62402

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 25e2d1dd584ee6303ee0b89273e5b329
SHA1 5b70ca09ae259a47dbe7f92f008915e75db65520
SHA256 a1244c52f30da9dc967750612e8b14f170e762e62ac491ccde90e01dc8be1f53
SHA512 8ddd506b400bcc509bf05d184b612be3503f22073b35945038433977889a140d6422a0d624a4c0bb68168a911ed1ac1d2af841cd9a14208fb77e45241f90a10a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c2481e4df63ba9b6f86326d3ef07f94e
SHA1 fdc077ea55bab220d8d787eca840dbd6d8f7bf40
SHA256 14bd629609a1f1b02a316fdfe11c66b10b0bf7e090013295e891cf8e52c4267c
SHA512 4198bc75784925da384f9370a40db21eaa442d920b0a6494616e3d9da284751d2d558f7e536b4f5428bdb34875f92e09377bd23f6eed96597878612b8aec8fcd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 1eae7f9bbdfa1d706640d132c9c28a79
SHA1 81645b8c63e1bc9fb740ef0ff1b8b10ad210f3ca
SHA256 1e01a79efc2c3daca52e5ab436cb09b39062ae6d3fb976911971c7c0f8596381
SHA512 e8820ed14ca434986cb2e1a662dad4a4f8cb261587f647a6324a8c009411848a8de109e6c783e28a26a6c989a240b11ebe3f29e68b593882ffbb935bc9a021a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 f723f6206bd131a2c67eba0881c282ce
SHA1 1a82fee4a2f53c19fd2adb8911757362efa1506a
SHA256 139673dab2b63d5b948f9c7bf3f7186afcdcebbf37b32dd38bdb4f37746f8e7c
SHA512 13de90070168358f617ef437197999746938a5e350341409df8430f2ac09daae5bb69d6e36caf3f34e52b0faf74a320dca02d876b8c7cb0d59aebaeaaa9686f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1afbad3221de5faffbc4f24103150fa9
SHA1 f55fe9aa1fb1bf4ac5ac0f6a423c7a5715ff4dac
SHA256 9b614967f5d88644d6f0e8423d468ec2cc6c3f72092f8b508207457227cf8451
SHA512 afef1a15a262ebb882efdf48e7a1760a9fa10f9c06fae3fd0f718b38bace94a661bf0f81eb978e43d032fd48aa73e762ecf07848b8467a38b13f1a6d35490104

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 710df9263a3b74d8012ada504d38335c
SHA1 71e39c6fa3f94281784a87d695de02aae2f04b19
SHA256 28943f337effe1078df60ceee72eeb70738776737dcc11468f9f114cb8b038a1
SHA512 e18bff0de386e78b700abcea2a1445aa9a54dda9b5fdd0719d0e9c2d9c05d49b0d5c2d2b766c3c1099a4a4ac174027e55d3eeb29e02e79457d1c578cf9b22837

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 8d4599d8967b1f6d364d050acc01bc29
SHA1 79bb94a496dfe84b025677cf6032604d8e74d889
SHA256 51948c6a60890b3046849b5022cb7af4dad824f72833b81ba9ef73274543f557
SHA512 90482347c809498681fdc2a998ba49ef1968de01880b790b0a85b1007cca15b724f4f71c9a838dfd08c16ee9eee91618c740b6ae5925336b5cecae837143c7e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 096c19eee8e700de91ff303895928368
SHA1 7d0b34ccc115095bbbccd2e96a8702fbffba1b66
SHA256 1b390097209f5482f361c9828b5e4b38a71ee08b71175c8cdbfd3fdefa9b0f32
SHA512 d8878d9becfd1f45ea0bed219123ec7596eaf02900e406cc95b8b19ea73ca1524748b9ab38773f03af79dba10487329b0ed4eba5b98dddf7fdd511eaa725d625

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 4f8015c67e900da92de014af52dad82c
SHA1 8cecfc618e86dccc3c5f1059e525f4669ace971d
SHA256 d0a7dbcc76a7b68f0174385693a1eee3014ba43e1c0921aa6864d58663fac906
SHA512 839e90c5f5906bd4a324f8eba76adbb9a90f4fd0f378dcebba02d5c58f6374514bcddfd1b51b90a352e112cd8b45803dec1285c55a894add2ab09a729cfadc48

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a070706f8e674bbdd0338a0e4f5ddf5b
SHA1 b6ebb1a7f13c6bab1eb87cf11552ee9784af73d6
SHA256 51ac882a337596c08b85f991ea4a0041ce3057c3c933f55f64153b350b5a2ffa
SHA512 3fe8a5920a23ec3c533941de5aae144c543bce37b30aef59348332a851a20d1397465225be9ffd4687e41f985843db5aa251f325e63a10fa6470a5167b295d4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2642c5b9f6160173a6547766e64eec80
SHA1 ae223476807316c9c6bb01c8aafc7d04757c9bb8
SHA256 fb46d069911bdeeac1ba2c0e8108c57094d861df966e2f8380f49894dfe61a40
SHA512 5a1a331d4202999f54cc3b603f47bab4b03d8630872b2704591a9a3589125142d8cc1dc918522247195e03879584ff22fb090c0e5abfdf47610c3cc3d3250f5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 1a7b09cbdbcc027e5736687943d22aec
SHA1 7cecbc1098d5aee47f78f45a6055113d3af4d6f0
SHA256 c24dff7f7684f3123b77cc6f9344bda2d5561359039d3d38dbf9c32689fef2a0
SHA512 5cf3daf73ce14e2f543fce0ab52a4a202c7fdca684a51505491bd6055c5402b8d78073e061683520e51cad24246aaa2dccb273bfe72af9c63ca86fc496c73bb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 b0af9a8792d3731d28c234d4d6dddbb6
SHA1 b28b33399c0aefaf47d959083ea8115775d9314a
SHA256 cf21ff85a07ee3505bc47ce44b09aec1b6028683a8be04b7b08d6bea6a398a67
SHA512 38798e60628863d97f81340dcd46b65d992db49041bf3a2dfab77b07bb657ff18fd864ce008eaf8df84a8b8f18934208b91018ce6065495e13775daace950c8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 0c52d843bcfc9f8d4c2a391002eda8a5
SHA1 0736fb489f5c7db9520750dd77cf42ba365304fa
SHA256 abc13cf389762b874ab7fffe3645061cb3ec1efe407bf05d786004610d15932a
SHA512 0e628a91362bdbf6ac5295c511e6ccd7e22d09ab46f8d71c8911f047c5f5841ede0882aa0bb3ac93fcd05e3f542fe5c8eaa5227a0401cec678e40bc4cf052053

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 159a32a9495f36e2429a44df87b1fb1b
SHA1 e3df125ed8d3d2023234cad26649c51c300a8fd6
SHA256 21bdb7c05b6b6c27a93e82ee6f6edd26a154dd076fd21de096e6d971004b9d15
SHA512 161ae2ec7ce91215eb2e5fddd0112db27e4dbae60193ba717212b244ba5af21625d313e9c660029543b67d4d4a8152d10ebd595e53b076cb5a5944ec4f754b9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 8aba8591e9deea178a050c008d4b1bbf
SHA1 7adaf2c369227bb00f9b4725248569f0192fd841
SHA256 5758a695eb1381787d92366c5ca7b0dd811d05eb9cba61ad43fe21274a0a320d
SHA512 a042f02f75fc29fd0502abba1ad07b7e6b1f97e6f40226d5da6cebb385ba5f34e7f8668b36496f2b733640bbea0050d4842e9b6a8118216f3e519552fe96aebf

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c73db0bf7b35345181be01691437b6ba
SHA1 5cf0c5a624bcca9c86bc72c4b206fd123cc7e69f
SHA256 e84fa3bc76b43a353833f560e7865b5126f73d09bb5ecbb015b7066f2e1c6159
SHA512 48062d3ddffe80738ae0ca35b837f487406a6bfd0429797ae869a0e2336760cfaa84cc35bc878f3ef1f12f4e1962fe5599af59f80171de9aeb1c7696547a7b74

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

MD5 13350dd5df1a98d96f2e04bd179d5fe6
SHA1 a25b0bf39f0281d5d2b97a5dbd36f8ef9ad1c2de
SHA256 408fc6f1130646815c166cebd8fe61bdb370cce3646535431d95153a663910b4
SHA512 8408506d3ab3bbf7b20272a6b74b3fa80a0977aa5fb72798c86dd989f479798c0e5de3e50ac29a8953203f7724f811af7df65cfc6d85a3837198a800c5909dc4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

MD5 8e9abd8565ec6415cfee0812f76ede59
SHA1 04801a0a4b2a0c3e164cd3dacc96e13bfd2fa139
SHA256 5e52d44e92d63dea3624185add5ef68582181aa4c7c59fd8274fef2e77cc3399
SHA512 682d3310086b1743a359500d08df0c4ab3143c39bfc265121e334f63f4a8ffdff91a34f46bd61a7c58c48e989b7d6aa9d66fe52ab39fe9722ec978891f3f0e11

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

MD5 f0e0abc9081a53ec2308cb39086f372e
SHA1 84b28aa8a83c0a8157175c858b71a5b902820f3a
SHA256 d440ac51cc91445848bf7da8a96d188107888a0e30b2896035588929a886f9d3
SHA512 512a9f0d171462c39d47fb302164b70b98066f8e1149c3c0f973c2a8dafd9324dfbfd62d67dd7ce65c19c39721ef1557cac1290b630de5d2f352e0c1f8e3aab8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

MD5 9524a7793b008406c3c201efb83e8c58
SHA1 3a732fa1f9c20ecae5c262d71d5df2f1bcaa6684
SHA256 819c699cf8b5d64401766cc325c874523cc4cec9f1f148381936bfdb3e8e4984
SHA512 275325b9b77a213d8b95e432ad9e63b1d220ba3a1f47bb0c89e480e616668afa918532e31e4743063056b371276ccdb2707303637ca4a6bb81ecc0475af11da2

C:\vcredist2010_x86.log.html

MD5 975ddcb3ceab2978760ff9dbcc2a80c1
SHA1 58c0c77e263d8f7d48861891c8c70903aef953c9
SHA256 584ebce6f77f6647d3bcee993f615e2fac4fc2161becc1465fe055b4bff2b893
SHA512 8915852a4646635569994d18bd37b046e13f6dcec372042ed7dace2703ea1bdf831f40b5e48381faea18736f7ff95541f46c12c20972619e96f3d8f0f1966a87

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 5f2e10477fcf0c502d89a99760988cf8
SHA1 82ff7f1769336816c56a145b291f6f351a8dc9de
SHA256 b6974925eafed3b426d645b3ba38ca71f10eb3f91b2cb3aa55d08e84755e3e2b
SHA512 22bcd2860c50b7b4dd326f63e6a22883575c3395a3b3b7baeb6b877941c515d8b40f6b210dfeb5eba973a9dfb6e73c889a5f334a5f7f6bf1fb55dc1a873685c9

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 be7d81f2442a9d7a594a060f6654f0b4
SHA1 3aec9154d8d78bce2f06dc22495cafe39e9db307
SHA256 0e28789ccbb00ea23dd202a59c6eb5133d9b8d2a31b62c3bbd5f4c5e7fd32328
SHA512 5585734f5b316c97d42d0e24ea94289fd5b07125420b3c9cb39f62562ccb7603388ea77730851e8036389c2fe5a704cd390d1b9ce2e0192145e96946e086c784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 498a4c0720d9f82fe8f541486b9a3998
SHA1 6bdb555b977d9eeaa59c698444586834d69b7a3c
SHA256 3e574ab5665a86f2eaf7cbad30f16485f45a0a9a95ec9e2f943e2263ea73c51a
SHA512 b39b27cebbbb659e6a0ea50b69465d48463452f88faca668a59d3b4d16a4c49023b1e7f5927486f0419c413c5b3b891fb785ce028b140e4e68a771062d96fbb7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 d722fe6a4b7a0bef9d4f491fc7768724
SHA1 a315571199ced6a2cab9d206d0ca021990fd3f65
SHA256 c5d80de25288bfdf5af13d299a0d981ebb524e46b7d0384d18a828fd326bca25
SHA512 4bb269cb28d988953e140ff61cb1050cfa3ee0eeb286ca1f22a969be1167a3ed104aabbab29c1ae91d15998b105e22cc68fece7d92e8177e6573687e52bf8aa1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 66bf6620ea398bb79b4f045dc6376f0e
SHA1 224413ac361c1149f26d100893369cfb8bfb8613
SHA256 30cc95e6e583cca670689c1faaf998f87ae69e31308b324ebbd2732b10141c82
SHA512 ec39d4496f2a31bd681ea91c4f0f3c7f2f829949f15e75149366b64377a48734d2329ab7a8f7048d81105cfb606a5e36283e711dd1801240c59a0cc559c6ec3a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2821893a946af44474ddd8d586655ad2
SHA1 bc3ead5a3a01d89012023e83d7b6e4d518c8015f
SHA256 b27bb4802cfa92330fee8f9d6293554ceb7203ea9b79b4834ced2e7ffda604d9
SHA512 2a45f6165a730b6d791b58f7937f7effd0ed8342eb8176bf029f353b7ba05fd89fa8d01fa61183d1484c1e3a84ca61bfb0c2b0f507384b8c1bb278bb4b6b1c97

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 261e9fc6bfdb41fe38f482951cf3ff31
SHA1 dddc5299f2a081e93864ecb97f494d1539f73841
SHA256 cd275e62ec2db57d3f4b43bf0d374b503327dcd6153401a0d609039b5713e604
SHA512 846afe3d7b2c5d227d6432ebf6d87c4b2e68584a5c9d22f70aa3a0b1c6cf9b1f6b6fb680c255dd744b01543150944038b8097a255823f2ac1cd91f7c51390860

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 010fe3bcbf23c4728664c10b7eae8137
SHA1 061ece08b7975fd91f29b1493bce6c3582d039d7
SHA256 dcf472bba3a65a945b46e7d7d621e58729b6c22b9d957a3eb37991c6064063b4
SHA512 0522867ed8524277d15d979aaeed40183982d05e78e86f02b6adc2213508e710f121241cecb17a832d837aaac20b709e56db833486a0d3f39533ecc03547cacd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 302e385157549af9da6fa68fb72a8f0e
SHA1 e31b60cd1123755d764ee24052973d611cc8282b
SHA256 8f55af3f741180f86e7c69af455603cc3259ff35a5f3d57e8d318f9218dc38fb
SHA512 c29b292eceae5bb40fb3c31a5d971decae780f0cf6b9198b7cf63cd1229fc3f71dd6e735437103ef2db48f6f99e1e88b1ff2592cc5e07eb332df8ab57520c264

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 bb0ed8a4199660af4cd051d5d61bf992
SHA1 39c4a6f4d2dbf363f799c26c0b682e5e812f3fd5
SHA256 c41a23eb872b826b955801520ea384621a6e39ab15eb3c8c2b918519afdbaa72
SHA512 036f05fb58fc19637bd9b16c9a3a607183ad69c42c2112c4c993b794eb3c75939043e91986c5ee2986c975f9c2b320bb8df4bcb5b5a817e05cf98c08392f253a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 e09493ddb19d0ed5600f44ff7f2f8699
SHA1 4cc271e3812e2ba9eaf6dd023bcfaaf683e3cfe4
SHA256 c2c924deec3677318892635f116f5fcdc7c4f5c813c854377fff72afb9e545c0
SHA512 386d80d8a8c0524606e9c4edd16285fc19df1a03333a0dd7c8a42e4ead66d7aa1665a6917956e5dacb67bae6e23dd2b2d9d88e8eb49ff0db337737732dcb0ed6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b9147ba1f65d607ffb379a8003fd2aea
SHA1 c73891ded54cd93874cdd127b20ab0f5e94575f7
SHA256 1aeb0aaf1d778c03a503ca615a795e684a8d2017db697dc46048a5703c05558f
SHA512 47f67fcaf56a078f5a43852cdf66878d91148926ea9991907c719fe865df326d26858901e0cd9bbf78d236f62cab894ff37fdcf104f63e50bbfe8787cfeef4d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 735dd252487ed682e01a855df9d989fd
SHA1 30ba8619fccbf59762d7d58051122b0da4686a74
SHA256 d86ec28cd8672fd9be4e7a393de4dc87ee3778b73027644829e469fa205dc032
SHA512 097f87c76fd96015a4b840b5b0a16aaaa1671c1ce51ae5630e0c2972f52a71e25d3f63e28187c26976a81f3c10255826d9f4767db4e2716c4575fa60d36fa51b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 83dcbae8c88bafaf8286fee27ac7be9e
SHA1 ed441730b2425c09a54796623c1c3f49d7c3b92e
SHA256 fbd76669a602e5867c44a6b6e274c53c31bedd7e1b2ae7764da1b8f111044f7c
SHA512 9337311764361600a0a54b450f7c225624b984503187ea603e9b1cd4bdd8ff89413194ecb39be409d0ba7a9cb0269510482d76b45d88475b66bb2476bfae9021

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 1da36ea563466915be0cc70f7d9d3fca
SHA1 ee739b98447c087e0cd676135698a3b05df3f2f8
SHA256 2fda0286caa93ba199ecfed6d932915aa7858966dbceeddacbbf2c169a789108
SHA512 61eda1bce5495c32f429d022addac1fbaa7d0903d0d9148cc8eaf22816a944cd7c3040cf98c387787856fff20b65e2b1cc0ad4aa00192245ad1e254a29b60368

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 87a0d9b453415425694ab5f776d767ad
SHA1 9ba39febcf7374f40dd962c87ee5bf4ca4e23b9a
SHA256 98c8af2f31f69d35b627ad885e472f627f940e102679d98599e8ab6edd0a0650
SHA512 6066c638b25365911575974c2ae5362dcc89db329cdd7d1f657b927b5102286e729aa6f036bd80776223bd2a1b220f92903a6b8aeefa04b729112a68cc2ee7c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 59284dc055d28c151d617f9a98479385
SHA1 5799dc0fa25a4f5c4e301fdfcd547c86d146ab61
SHA256 7e3f850ee0c90cf26a4428802f3acb59f0ce9ee8b1227b187da774544b4786be
SHA512 14f6177e230a71afa7191f512157ebcf75c8e1853005841df68f35d92a9e12937b965392d148aef8f7718dfff2905bd47fcf4bc1edba2381df42ad617ac7dc50

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 302f3cb2973bef4f7af5d1748e51271a
SHA1 8772197792d3349d08e489bdf9f0ad71b9fd9cad
SHA256 a5714fc8470c0f3745d787c6d7c4da346bd9b30d43a5e3153721fcd4b7eb1e82
SHA512 64e02cda4e3e83dac785cf4f0be59697524247a26c96d593240824f8326d7437e1f4898f60fde12f0cd840fc83ba05c93108cb40faf0a630e14606ffe6b4717a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ccb153763043376c79cf0ee4bd0d9746
SHA1 4fcef2841a4a147d5ce12b5f986276a7eed9e0b5
SHA256 0fcae41d61dcb510b8bb4736a22fee6c323131fec1222f6f03852f4ddf5000f0
SHA512 79574cc6df331edfc9b244da0f538bbd619de11fe0503537cce3cc4936a663c0e535720c2c285357fa194e5eedce3efc9bc9345687b212158b6486c1f5704bd6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3349f7d0c24f857778c61b5a5ffe7227
SHA1 70f40c8c4aafaf5a67883a88f3cc23723c286dd5
SHA256 4d199152f07336d1d4b7db8124acd6ceaff2091bb8f24f99702be415b665a60e
SHA512 c841934ed6f27ee95313e63d77583e3728d050b4b77d3783e00cef22977519832fd6664e5f29e36d7877d18db4f67f9b2527f5b2dda563239c8dd2d9bd056434

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 34e3fc1a7e06025a2d5842e0eadb8e83
SHA1 3f6032c967d2e53dad3f3dc682899c2494509870
SHA256 a87d48cd8832ef6fd740e9dada0b18e9f3336b86487c2ca71cc29eab6e18bcc7
SHA512 60d55b2fe1484f07a3e8954008ff237f236259ebf3ed8e7c5163dfc42336158fec1069ac72874d74b5eb61194f6bb4c71e313f6fe65652c93a86a344ed4190da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 942b7b655bf9bbd0d6629f1c2e742f5a
SHA1 8af157837a1c0287c3c880a7947fb52474f51625
SHA256 01c1b962f588d672730939610923f9989c80cf24af2bf7b6408308b89e79388c
SHA512 30ef69a2b9b970d519d6e347e8634e8c5c7978b09066f0e277058cd2559c51893b8e0a036fca19aab74998596e343f6e18dfd779ad5451b7083fde7475dbdbbc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 f32e090915ff3a0082003637837e18f5
SHA1 df4b0439a58f6bc17fb898596d3720968bddd0e8
SHA256 717c537be92feecab4bfc5b5748b2e0b2c37107138b3ef72e1f6b721b42c46c2
SHA512 25301902b9ad491f43115ae04865e6f60b0c1707de5fb65a0f8018ba2235af48f74a0f03b6e2826a100c2910a266e37fe4adac41e78653379a135e71216e5f32

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 fe21158048a5c5aab62aee5cd05b2e74
SHA1 237304ae9b9e78f533f8f8f7747c04da09dcebeb
SHA256 04b547aca02070ed62f9245257758aedbec9d830c191df676b5232938903070d
SHA512 1ba6cf1c1226687cf2e648c2a77c2233097097d7222d0a65f6fcd29afce9a69a8ba4f8516da559285ac934c9e2a67ddeedeb7c24cbe05af56cb88fe1e6443613

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 33ae49640d9dac4b05c29c91e3d7e493
SHA1 4a77042d84d3dd29f4ce8f93dc7ac6dc73bf63eb
SHA256 279baac2b7403e840465fa3d3b3f3aaa7fdc8112146f41b17092e6196e1ff0fd
SHA512 a748084de51abf7dce19932d7182f318fff4e425908b49cf3f323f451d360a5ae3d8a843e1eaceb74682e4dd0c6f91a6632098b5563d385f7caddd2858d6cea2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 d5ae4441d24b66f269c105c93f947704
SHA1 902bc67315231e03eda6d792862a275ff071b3ef
SHA256 7badc33b93018f6b34a6803a05d1f538b43a1386adcc07beaa6c0c53e49ee655
SHA512 16b2c674a122ed6d68298d046ee5ee637fb0c53a6b04d9d3506bc2d574725a80d21ffa6de09088be7693f02151e843f2a552e223b013ec901cabe82216059eb0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 598264f5db3c3dff1e8538026dd29ea7
SHA1 ff32d57fe3a44fc5060986e87b35a1eea22c36dc
SHA256 803a39396cdb5851357799a3ac95713c98c5e2b129e22f507b257d75211e1907
SHA512 d1849022bb8007bbe5840e49e2ca21c590ab023b423e3be8461ecd9dbcb06940fb429a39f99587ecf749a31f47e15f3c3bee310977d2946417fec7aa99a565f6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 d8ae595c79247d62e0dbea03c05eb0a3
SHA1 5fe86404034fccdf68eccb3b5a5751fca488d556
SHA256 d0022722906af3bf5bb9a8dd1f3da85e3fb755f5e160e0c7aa998c3b99211832
SHA512 e8e84d8707d443f8e693232e2dec0124a2a0f35d32f73d3b41d696c6c6e72d56c8ac6f1c677298622c7a84a274c50041ffc2d9dc99c5429407e640edca750788

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 1d82b0dccac02de35a590e1240cf0cfb
SHA1 4af6fc735535231eb04de979b652af9b9dd70120
SHA256 57e1b40f96b341c3c6ff96aa588639f3bf9edfce44805233b88c5973ce19206b
SHA512 d631fc84ac01911bc0efdf81bdd8cbf4c2de97d43dc957d128053053b6cc2e3f5469979e35780cc7cd6dc9d0ef2a1ca425ab3cd0615e296866e33e024fac96a4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 2cb0cff0961cd4d325ddcbf171546f5e
SHA1 a2fb108dcd96c2dc81b78da8ccd485becd8f4048
SHA256 054cda786a192e2e33ae607bd7dc6a9cb8c0add1a208a0d5ed337a672132ef53
SHA512 76616ca4e907c616dad4f09fd419183650f4562d554b5d67128d10702b0848bf761e702083bce2a9462afc43f7d0a3e4a44f273f6df06cdc3b3e6751ee200547

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 7cc9710502ce59bd3d51c8ec596f2d15
SHA1 b6da829b3ccf2019bc867d9c0c7b5a9af104dbbe
SHA256 37412a765db9a657794ee07025708162dabaa0797e8961c28ebf25d444320b13
SHA512 739fc0b7094d883cec19531223ccd1bdf6845a2d155b3869dbdf7afb9528d0edebf18dabf5586002d4aa74fb62d65a5c94f5a55c2f587959b5d1e9720b9a2159

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 412074484ea66bfc544ce0519ffb51ba
SHA1 031b4faed680c258717f95c1a45f87165d70bae0
SHA256 0d62577e8f527e66570dd496d7232dec423f43b44d5fdf862ec6681e8aa0fa01
SHA512 8d4cb1bc6650df9c8e6a5010340b3d50d15aacad1506b880d3c9f6a1c37977be1398defe2bd202f749b80b8e2b27c7da03c95ace4a4d4f4781fd1c9ee2928fc7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 989c44d1b01f4339b524c9cc8f5a228b
SHA1 74f674e925e01891f9e6a9d40b90233d196b6afd
SHA256 524e7709da62f1ec44f93d7a70c94128504c4ca3a8c9f7c51f94ab3aba8fa137
SHA512 5f362b9685478793fb6fa78f6898ec3e303c207aaaa793897500dc69017c5da8e68bb68d4335676048a4464378590b206432b4ff11c8e3d7c98a88c5f34a5d2e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 99ec32fa6c5f0fb72938b63acd492e70
SHA1 d4b68e07e03c5fa43f1101c36eb3f1c1ff5b3df0
SHA256 a67c03a5a2e0190fb3b18660ce07151edceae66b4eda5a62800f3da34c229a4c
SHA512 3b5a8579ea885b11ec09a37d4f9bc3a045375d358ee0f151d586eb40f18032e58f46d91ed0ba58f6be3c4773f2d0176bc37bc875eb847e3ae1c42b665c850912

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 50643edd8385db01d2dae539eb76bf5f
SHA1 db1b07719644d5034e23727d097c7e387d47b622
SHA256 06952595b7fc77ef7df0b4f4ff6697fd8ae438917e3c4b241a2587d64ea4ba99
SHA512 0aeb04d01c65226078cf0ba2f9de3eaf66077f4c2861c5820350a42c60e8516717e96ead969f9a4f51cdc00387de1d6a268e1a7baca5ee34da908c9b54abd398

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 79da3d73f38b4ed4bfaa7b56b1c6c6fe
SHA1 93b3192a77145e67e453cb7a0681202b2be41d9f
SHA256 f982f9f931c8bc7ec4a27f25b7aabf5b87f05e6e812b7bceb67e737526899b8d
SHA512 28a61913d8a454429ce4373129aef45dc275c174c307766b88edbf2583a49120f56604fd36ae68477b37864da9f4bd985601c3ea76acd7b7f8aaf044316ba131

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f31241b48f04e4fd06753da6dab873d7
SHA1 b6aff6e602400dee298d2fc7c851d745e40cd4ab
SHA256 1c141d16170463150fcbf95387753e720f5f8d8d18d79017b36cc4d1d3b46d13
SHA512 d8e9ed0977cb73df26b22a51274b49dafaec27ac067fd5a335982e35a5fdd108838c2a25cdd832fb3527cc9e16aa97f7d2fa347dbd43595ccac1780323476cc6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 2c44048c3183c85128f1b00f010e920f
SHA1 f39abcde4bf35db4b827707522c7473194a2803c
SHA256 539109d0afa3f3af568b32bf981a8588afcb45ffc40a374bf08edaf823628bc5
SHA512 e30a3adaf98bcf22bb5f7e9de7df4b2b35bfc9b620a3a9a17a52b65a9890800ee018818554c900a30bc62b624b017e5600cc168cfed57742f38ea848b8b01ca4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 de260b90fddfc54581b48cccb5e56bfa
SHA1 8e7fb4362b38e25e7512f93ded2a0f3ce2845a61
SHA256 8f11d5478af30c5abde59ce2e14bea04fc19d02d096b0cef49c877f447d707a9
SHA512 6143cc55508ec8c5aae6f943fa8ee30804b33fa9de10bf55f034626abeb0960ab630626f6952cea57d1d5bd57957888064dcfa57ba34275fcc9c648fd60a9499

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 50f1722a886120115fde0392f5b593d7
SHA1 1c33ba2de4f51eff350fec6e075ad942bde54c5a
SHA256 54ed2deb059c108601229e5559ab20436324203f46684d6c13e8c54b1a24d7f4
SHA512 477b8a276bf14cabb4c4f3561a0ee6c6ee3bb0e468b3a7133f88efc400590b61e1b5323a6f1cca0489976e812898319f999ffb39d309ef9a5dee34fec6121d48

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 578d2e5f3d7ab9c318469e6f07266761
SHA1 65ba3dd835373a0a91bf694a8423c1e32340db3f
SHA256 318d3bf838608a960eb8eb2ddc0e9e8c251341677cb36471a6d90020749f1c07
SHA512 ecb6f21b1d0041cfe8bb6abdd24b0c1954f31e1344383680c3c908330e217e61e290172dc4ea5a2fa446d11128e2a15f623444f24188567745b4b7edc6aa5349

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 aeda47e7ffcb0fb3d644de90a411db5b
SHA1 457504a14959f8b0f2e609fd10e50e8cf998070d
SHA256 27c1c6626037f65a2ffd3e52af0eaefd024c7003d85b0e4b149acf67064cd21c
SHA512 b91880290fe5dd45e2b83e7f4ef141837d5319ad4644eb2c47cda213725b7c293a61d206feb726bdac2790042ca0a72a5de2588e350b06bbd9b005e736194ed1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 79677f6761981b0ea5e7a2f35795e674
SHA1 c14687328d429205c80d178dceaea7d6589c4d25
SHA256 a940486539ff1897363115fa0b33802233bf89661b039af6b3aaf2de080e16a5
SHA512 58774a51d398f1c926a5ae486b54526d9af61a9bdff6f28f2927c43e71f871a1f8c496c1873f78199fc5b960790373664df8cf8a1ef6b5e2556ce5db41b8a5f3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 a459e1d9ec84492fe6cb785b8f505e77
SHA1 07ade73f9eb17f30cbd515e22e588ecb36879bb5
SHA256 48a669f50ce5eddf5bac75f0430233dbe73734aed662366ef75550a79a4c56da
SHA512 25bb4495cded21087549d862796f9a0f07d8d0b37bbf40528753c72b63cc1b8cb31d26b5f1e717792f7cb134daa95baeb15271d3768e0184f1ba1c2bacbe2b1c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 fde87a11f6a742aab0574cbb25ebe91f
SHA1 deac86b83a92c0b922f4d8229b30efe28d2d6811
SHA256 bd6178a7522308be2a124b30d284455efaead804555e866783ae62b28fad3acb
SHA512 bc1dba59916e08959eddb5ef8b93d4a791510859518b845929ad96c85f88f5c8cb02bc8debd03a29a4e5ae05291d4cf806a5033e3190761ef5f459754128d059

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 b45a01095297bd1716ff577ef8fe584e
SHA1 642b93a2857cdfaee4142532b48b98c41d299bbd
SHA256 79d829dfe3270cd5aa8587fadb6e597067795e6d77567262d8640526ff6b14e6
SHA512 6d609cd2be7957583d060ad7417d46d3e73918f6e51155976adfee59b8e6700541e52a93d8a77d2b410314f340afe87e150686fce2373bbcdce0740c57c77ca2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 2379de228b14fb2ef39194f384129485
SHA1 4a0ee1a0192fb9e50d51f52bd50524410b837688
SHA256 69dd2a9bf2a1989e44695fcf0c80ac657f3be10dabd0a458c398455bdbb16b45
SHA512 fa07ab350ecfade0f2eef903c4a6e46a5c8397f3a240581797eecc49fee327e3743f0c416114b1b99cee475d76438e1fba1d449e5c9e0d119b9cc2c7d7691082

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 93538cc4cb9b6aa69ab309a7c5efd923
SHA1 8469f93bb988b90a551a510e39af7d678f631055
SHA256 c3039d708284d2d5d4e99c849faa0921cab1e8ced2e2c65d0be9d9be29a0fac7
SHA512 d179b5b179419959841fc58ff8bd9742ef22770373dc617e971c05c7629147e77b163a1405c40ed9241d2842f2bed6ccfe04e66c79a6fef355cde8e228d340c7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 261efc79fc3b36f16d6e9c7ffbc4a6ff
SHA1 a2167f66a62c386a6e7a123a08c8a6b282250e23
SHA256 51a436e109cbed11e4614fa2533476e3741ae980d0fef834e469c37e0973461b
SHA512 e45bb931c291c3e1f1dfabcda3bcde3cc1f8c3ba3f8fcb4d431b0c02ec77c68bc1347c04195f7a81b17eaf04e8813ad262701bf533498ca5ae49ab06521c0484

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 b0369dd7386676dc6745dd7deb2875cb
SHA1 0c7ab71b01dcb6f30f356f2934e1b4e7aa00cb14
SHA256 d1850b6f27621971797bae0aa71bbaa7e0e0d69f81254ec86a5d94824f5b987a
SHA512 c467c4ddbb6358b8be8349e996f0b622280f39a4ca3c898546fa5a7a186fa323347e8231602a210834b2300baac33665633f80f96d840a575b5d16866245f4fb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 2aafd963e1712e0c0e9d8770cb3319ad
SHA1 3a83b0806adcbec2364168f4a0f9b30c779c1ce5
SHA256 15a58a05060d930b3c51f70e46d0f6e66e4b4365e5153984f32bf5e480b66a0c
SHA512 0c5e9362d7a951a15bc7289d487f291cbab7f042bed2eedba3ab94f005231b481616588aedae077b013995b2bdd344ca75ecb5bd03a8cd022ca4ad8f2ecdff94

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.EnCiPhErEd

MD5 e71168a4fa080525e76e16c5c7db558d
SHA1 bd8cda37a66722aec17f3d4787c2408f147f7fa6
SHA256 22624138da34d4600362514de243c55d17ffc17bd5a9a25517b5a078a46a5228
SHA512 9a44ae6195dba1a0cbb4f37fdbccdc778ebf0710074d9ad6f670c6357bf0492998a6bc1fc4ffb8aabf5a2d828f4327a47a1b6431d514f946e92187c8b2c28aa9

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 f61a54d2d93fcc3c773664b569a1c185
SHA1 733cd136ca6be90cfb21be9c0ce5f0d885bc9044
SHA256 c30715ef6d09755ea9056952aa58b7f6922a751ce0a2595965a20d23ac40fe8d
SHA512 4542ad7898cdbb2d163031ec3c3fa72ad2cbc92b6d9d578dea46995538be1367dd0ffba77956083362614806dad994fa2f5608ceaea724479549ddfe425d2697

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 77f3770fe0c06d0d0216effc3030606b
SHA1 8e5c40a33e795f9b50bc61a1e5d2c3bbc3b510c1
SHA256 49791b2628e6978c91a70edd374cfee1c60c1b849f0aaf0a02acefd1c0c9a401
SHA512 31ec582f6b20c5f93168a9802a669b8d1bf9e6fe57259bf624545bc278c0babeffed0ae787e2a3363e84af60b3d113c527dee5a469b1047ef2e22afa09b6feb1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 c53a9fafad6ac6512da02c444998fdf6
SHA1 adb10cc8a451e3451a7c74be42cd9fc8f3b5912f
SHA256 b4b51c1afd32431f716dae1d996d14197d02d49b1a0ca00426def26400e25eef
SHA512 bfeedeb37879a4b7d9f57c9952ca2bb97b39cc641c472835ff2ddfb5a3057f3b2e58a4e55f0ac79d5c1e12e25a9ab1da00312272bf95ab1f404a1dbc69326b93

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e8df70202a29874e718981991ad96886
SHA1 d2abb9c0c38511190740a515c6d28560999e0891
SHA256 13764d14368d92a2534be2140ba878e2baa0558b08c222edc1d0fe2567b5b08c
SHA512 c72b2187bebb7a25d441843e8de2b63ba16a85b16548126b9bb0dc83ce5381409b675911f9c6d14c4e9cc50a4d766425eacfe031dba6cd7691f6a704f4e91b2e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 d7526bb0a1d53bcf15bac96f30ae3aad
SHA1 25087f0d6750fed7bf081d01e654043f1b3537b9
SHA256 df5c5186936d43837cffae29738cea5b26d7525ff613d1e4d8b839c55abf99e9
SHA512 d1e5b71f24e59c6ce88c4ba58bea4766026ee1dc9d45a6158bca8caaa281127fc74d4867e2a210057b35a4b7db08fda23f0970b943d2c2a7ba52e87d03d67eaa

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 241708dbcef858b6c572ea42c56416a2
SHA1 96c0351d3244db38237aed6fdd7bec286a30d5fe
SHA256 2412a1c6f74ef337b0e847dade1721f4426999c30357b65ffdf3715640274e50
SHA512 f092839afb20750c627986ffeb8d70cd37ce6703243afbde95d03f36d0459fe8f6978607f558a2ec836af23c6810918841baf17b22c42b594eb1e6d809295839