Malware Analysis Report

2025-01-18 20:38

Sample ID 241127-f3j8vawmbn
Target a62334b80eeebe5073f3dab446f27870_JaffaCakes118
SHA256 370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef

Threat Level: Known bad

The file a62334b80eeebe5073f3dab446f27870_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2189) files with added filename extension

Renames multiple (2187) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-27 05:23

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-27 05:23

Reported

2024-11-27 05:26

Platform

win7-20241010-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"

Signatures

Renames multiple (2189) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Media\Heritage\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4f0c503fb479c314\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..enger-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_794c4f1a057375c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\en-US\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mmc-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1ebbcdb2b4f4f3ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1460e068d1d3299c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_30501f1893540c3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a5e97cb3ea38802\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_85ead099a8942341\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\reveal_down.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_386c00971060a77c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..iondriver.resources_31bf3856ad364e35_6.1.7601.17514_de-de_898c87f3d6b3e4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_stexstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_77de2215ffcc00fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f5f9d5f8c8d6c6f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-com-oleui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5490893f0b7c0bf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e513e4f107f4beb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp5.jpg C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.2.9600.16428_none_00b2e64ae9989845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ncdprop_31bf3856ad364e35_6.1.7600.16385_none_538c12567156d10b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-vector_31bf3856ad364e35_6.1.7600.16385_none_91899a68016a48be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d26138806a24a1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05323992bca82e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_184c82eb42fa8cf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_400430896ebc6956\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50fda44b796d5bc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_de-de_496dbcc8326b2c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hidserv.inf_31bf3856ad364e35_6.1.7600.16385_none_a5cbab96e62548af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile41.bmp C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ea0765d13cc3f170\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbf3efde2dcc956a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad16d8361ba89373\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cfe7796da2c1c516\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_avmx64c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84e4d7e8642d499b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_815af4f63a8d8f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_b43babf4e5786588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_78fa9a5307f2b9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_28376affe6d50544\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_873c5978bf12ab15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-h1s.secstart.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c919a1d4a105d19f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-system.web.dynamicdata_31bf3856ad364e35_6.1.7601.17514_none_0ddf9afd5455510c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Power\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_e802953b7bce56ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7c853394c0bca3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea5bc8b4d8e6a4d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-printing-reach_31bf3856ad364e35_6.1.7600.16385_none_82616c052be308de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eddbf779f124944b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d96dfd792e0ce13c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Datab086ae17#\5e254288fc3948c5c80d1cda69d5ffea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_net1kx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_822c58fff2102f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_pcmcia.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2704f2b7c177fbfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5cb089decb7f0d0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-bpa.resources_31bf3856ad364e35_6.1.7601.17514_it-it_82f1c7a381ae2f38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be2723b43266a7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b3202466bf232c13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_6.1.7600.16385_de-de_623e7d8e534d3a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_6.1.7600.16385_none_61674587dd8f679e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaxx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8770a4eca4bac0fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artcon6.resources_31bf3856ad364e35_6.1.7600.16385_it-it_99a1e036b6716c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted\ = "GJVLRFLRZEUFSIX" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe,0" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 7cd50824a8231d955318607388a0c3c7
SHA1 436bd8eeeae6f3e568152ed9636bef8b5675a0d5
SHA256 d5a79d781f6c0289024ac21c314942a6d4a543cacb02a9840074bf0577811361
SHA512 68df3e776f5a41ffa81b11d817cf10e932903ea57ac3f74a5202984c6675a78297e18b3162e5dc5ceb22f7b7481ba70d916780dfd903f4a7c4161fc16716a436

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6e3cad08bac022872618a3c4fe5872e7
SHA1 59777f8943343f886bcaf879b089484c9cb87e9f
SHA256 6fd5cc7769e635b1f192d5a233be40b75fdae6b9c831a78d5c42c8326f99b9fd
SHA512 3acc544941cc1ec732b034e8e4e10ed402731bb1b41189152daacf41b590701cc0b87a7e260b3c59ef145c8e385dec612487954a204b8c68a21066071f60e925

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 a16402b0aa99dcddbd44fb27997f68aa
SHA1 ecef37f183116b1a4531cdb76dacc15af8c8f9d6
SHA256 d945419550532153d1e91b29fbb5979eff74179b5608686573b9fa420246dcd7
SHA512 bd0337de92921a83974e1c2aa2030ecfe9393e911e477dadb4edc4ed252239fda74df731f80e82fbc4bbc92609db1075e20290da3b5a7802b39b235e4f04ecf4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c94e573e97dc972131655aab2e90ad6c
SHA1 c135b36eb8511acec406d1ea1d24819c2fa1e704
SHA256 29fc063316ebbb657b9f625e56b62dda429d52ec6ebf71f292ea7c0dc9266c54
SHA512 f50a53a777f668d7da3bef4f84c4289905b41c96733a22d3556f3592aa6394c77aad057ab4b6b2e9d319829b634913886f02812823fa7094fd5e27f44ce84183

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e4c3658770caeb38827543f0d3c04605
SHA1 8ace55b248648914c3c49c4a52cac6b17e4c8b2a
SHA256 7600d7cf13f1520dce3d36a3938f35e53afb4091b72f66df6dbd6d943ae6868c
SHA512 ed65bb28d025208691fbc65054afff462fa30e8becf327866fcaebeda8b55b0dcdb36b0ed4c8243b1d88b3fff44bb4abc5cc8ccde210f7bb71e731c529aea8e8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e0522b8968eb140dd1742a3a7da61025
SHA1 16728363337bbda84e1ee9d906bed2c0bd14e5e5
SHA256 3503e37f55ad16dcbc05cdecda904f64f5ff521ae8694668935819ac4cc354d9
SHA512 82d90310bb5cd2974dae2fd24ee099cb81df8db5dc96ab21eebcbeaafabcf7ae08bab21ddcf9f73e0365cb5e2bec0edea2b83f65a070e8c3761f12fd1ae529b6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 b091f51e6a58a982d4af0f3af85ecac4
SHA1 8bcae2203af66e4443be71ba55b8ec25e09d3249
SHA256 32ce43899d91dd502fb307b57ba235fb7fc2c83270c8cf68e8df0e6f2933394c
SHA512 71826b62a34fbd894d47d27ed79b9d0ad1b5fcf9e9500a2564682e5fbf40ab43e0a0ffff904a3fbf8759704bb6bd81c8c3bd13c302aeeb4c6f8409f3d9b0b664

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 14e559abf7a69aea914979f4bea8355c
SHA1 5af9ed33d654400a088a9d50969ef9a98070e0c6
SHA256 f5a4c71efae247f7f5a170c42df419ea264045db280cdec68b15e2c7c09dfeae
SHA512 24f21089f7fa654c2dfafdc53cdd4b95932ef81ff7da37479b2264392ce20b4a97a3a232e52ba6aa7b15ce5ba03f8ba26f79b9601d65103b07eacdf5ddc4a847

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 aaa78c3734059c184894cc0be65c879e
SHA1 dcce28caea4e7d5d40471076c2924c3d7da5e22b
SHA256 fd8492a78dee7113fc1f2622c71509bace35ab4a2e3ee6bcdb579b12694f6cd6
SHA512 3bd291d498b1f57c40603cd80021feadbbb0f07a5c26c627b8abf7665918dc340d7796b6e14cf3a12a2a939afdfca6a118601ba959db2c20974fafa5d9e5de0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 387a33c838264215d0b574009f70c6b1
SHA1 096323b82cabe25f653525c61ae495866ae30857
SHA256 b2e56d9b02d4f1d634c2cbfa1bd4ed4441ddc05873ea9e35db907667383cb356
SHA512 4b1da74d934b8919eea16528f7e89fe95b7dba718789c1884b5e1578e96b1ede615f1aa2dbff806b0da48d4f1e143337e6ca033e45a7fd9427caaf0d65176ad9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 f51aa1d2ec4d78904e45b8c5ad3749e1
SHA1 7c27afb0b0ed2770a0aaeff966681be276e87e3b
SHA256 f19fae0742811b0db748fd3a69849b2fedda3482218095921708be302ba29a7e
SHA512 336fd8f2b2128d4489892818b70098252885d063b0c12b1c633d57ac5fe977828fcea4400ea7c47155f5cf880b355665a52f75a9a917db1be8638150cca1532c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 caede80a4fd78b2394bf4f1672861a05
SHA1 042898e4a436e6c8fd74e0cef74c564e95f9a765
SHA256 0758535b27edfc9086bd37be6126c30c004da6aeac29e25739d64c2867524fc4
SHA512 4d83509f47531b3c0c9dc5cec085efb164f7791baca941b3a34ff64172ae6b28800468a68741eded585fee8aff2f275914e1cb289c768803eee9009a280d7428

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 c58235daa706fb5d83c4c0f9998a4523
SHA1 ba974d8ae9a68435ae50dbac2bd86967b1dd5877
SHA256 910556aeaf53c0ee53e438fd8e1dad97a517b49c78dd9e51e3e778d4accbb42b
SHA512 4691b35fac4ba5100d7d8826ae56b8e19337efa632d18e7b411ac036d695642ffa8fb830b29e9966d2b386e01424b2b6eb7c4165d3830809415bb20baf69006d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 82b905bab915ae3c7931d23f5ee6a237
SHA1 81238bf3ee0b8e4810f5caa3acdd2bac73144a17
SHA256 8e46724e787039f6de3ba7cf60bb42c26647c34f706f5bc24ab4412a555c93e2
SHA512 adbed310afab2705f04ccb7edb565ce4e85d364b7c8aedb86353d5bc5419f4412f369488d7f42c2af1ba9244ee236f1883742ca8470dfca6eb4fb36e82aac43c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 d05d31b37fb140f77e4d944514d5748c
SHA1 9280c750b9cab8ffbf6be9f958562046740da4ef
SHA256 d477aaf7bb6832f4d6c0c6222357c8f36d876f746addc66be3b5bcd4048ce3a1
SHA512 4fc54898362aab271a84faea1dbbe5a80ae932925524ab672cc8801e4e8371587cc588c576450ded69709223c50788fd4b0b530824d9cce3826d4377d5eb7b25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 5cc4334db288f264dc9fa4155f6e5bfb
SHA1 69dc148c7cf5fbe7e44c7cb631140413a3ed224c
SHA256 7a340e486b2f9acb2cd53a101528a881dfaa39ca629b324f8ea77d4b676676ce
SHA512 12892932b5753da5a51b8ecc5584353074c84bb7be6cb00c4ef143c17400f93d756c2d76a53b7709a5346bce119ef3eb2b493fce20edd983775241168bb394a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7f9cdae4e3233c3f6032fd78b4935d27
SHA1 f17b1bf0cd529fa3ecadb800dcf8922f8734c2e8
SHA256 688e53970bc14fbaac9013fa2fa6031eb192e5389aa7b7d703d707e6ef669ee0
SHA512 8fd75b1b3c92a628d274a458746b420b3eacfcd31a4efc369e3ab59faffc3a50d2606f67234f12ede94a8361a6511ae59806c93309076cb940cdb055dcc081b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 9c8ae440c69eefe3977a6fd3bd6001da
SHA1 a57edc67dc7101ab0bdcbde449d912bcc7a04d57
SHA256 09ded82dd138160dec30e19c7e3af59600029e98751280a4fef53cdb157762d4
SHA512 2aacbade45e6602088d7b7e9366ae253e98390d58cd8e8d687fb97ee5d9aa19fc0c114a1a728bb26415e6266f9c0fd7459f4a760c9133c0acd9a1a96d737f8a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 51b315dcb1ce4e5b6b422b4301ac4686
SHA1 ee807b80dd269c9f72a5948a2054170462f04ce1
SHA256 efbe8c804f1fb5fc98e7672b5ecb268e263074811b2bcb49baa8acb3e3251587
SHA512 0c2c2ab35b3a1b50274ae634937160c5716ad3ac0127e34fee8bfc94d4c338386cb570936af33ea410aa33ef24007bfdbd66fdc118017359e27baa13546fc723

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 9f27f9713b31852a860b9750d1dc84e1
SHA1 f66c65e95ff8e24d4249f2dd5096b1c089b62b10
SHA256 2688551bb5bd270f058a0838abaa7de37b397babf4f3a936adcd201c7799f81a
SHA512 b5c52b54af519502f8fcae515992b99af30f3f9ccf19b910f549ce15ed9a44fdc67294aa304c6b82e1690bd02a8020583b181a7c7851fec075cec2ce78d0b0ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 e8816d64917d49ded472ffbed12298fb
SHA1 6156e47add9b1c6f5f193d403a8d375e18d5f545
SHA256 61bbad68f50453974f07647cf5e6ed1914ebc72d078fd320a80dd637e4b2508a
SHA512 c6c60b7704045975a9962f4c7d146637cbc30c73ab9d8ba2a989997c0f49ef235c5f532eff7ae6b3a36369a5e34b7a2c4d11dbad987d6b8b3a320dcdc6be91f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 39e9dc33d62ddbc8d4273d18f4f6ef52
SHA1 18a7c7f834adb0b1e63236b6ba30a22e57e770b3
SHA256 4a6aef9c935af898be44cec773042c96d0140d9f0a42ca0c66ac09840e1b8cd9
SHA512 5853ff0adaaef660ffbcb07edef74e950849911c87b89f0bb55f8b98d7057f3758752404f82e1b46d398f068f96d30b282bff8ea1e6053b0102c214a9ee8ce2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 0d42a15fed1150e60d6578dd4e7bf58d
SHA1 c246f63fa0b8612201422b90fa1dce278dea6023
SHA256 9b2fdfafb16c43f3e6117fe5c0728f495654ce8c119b1151bde2840624326168
SHA512 63043b801692b02a88a2721592d7a48619002c1d9520659cc9bd00d2cfd0acbf8293de00ea45570148876b684fa4c0f7e117ecbbd2cb919cc0c759fecfe4acbf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 8628e754531cfad72c5950d96df51ddb
SHA1 a907115981f8061b4d60296deccb4e2479440ecf
SHA256 666d8586f1d07524a31ef84af3a2929d1be6ea7fd9a779016dbb21946b79cd73
SHA512 3ebe23975fdb951af73d79844bf20f725e1e2bffdcd4ba8714859fb720267d76c7aea9d5defb992bd2f6fd4cc41bc72d1343ebe354c1140f4656a5379d9a34ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 dd4fed6fbb0a27603c9949cfbf31350f
SHA1 e607a561b36e5e948ea5340980b9dcb4b3e4223a
SHA256 aa27c59f4c88ae3a18c1b19290be798d6e335074ef8c85cbd53231a436057a3e
SHA512 c56c8d791727aed04baeff474138184c837680c57e95250ddf8c8e7f067b88343e8a387b518d7fba3b98e5d404f2c9ce4a6dc76b4ca0f8a3a334870306d23ded

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 bca0bcbfd968522f752f8cad463e26e2
SHA1 ad94fc84ca80eea3c1fe52018a33421d59b89311
SHA256 5142504cc65420bb0e2c662c85cf00e569b0344ddaf94e2eb9e921cc5f734b13
SHA512 1701d4dd51197b17f7d340b98d8cedb606351a4c1a2b47ce3a0a090a92e58d1b62e7bbc5ac1ce9c9dffc5846ce5d3a917127c38534e8c5a75bf3c837a4ff78c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4cd27fe753e61658aca48d60af20aed8
SHA1 921d20829cd30f416f9dcdf4e197640672eacdb3
SHA256 a18a2be61016160ef28da8e0e25aa95b592bc69774c970d7a4e8cfd7ef714551
SHA512 6fdddd9391be19979bbdc0a3db8ac6da14ae0082c32dcd2e5903224325493c31d089cb4a3e1ac60cb83adaae1da28feba3a36ef37d54a70fb1414ddd5864feae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 a40847a6483f2f5110d113dd0cc00068
SHA1 a6b34720e15598aab271615447e49d3c6c3ec5e3
SHA256 41a73d42d7253cdc75c05f3a2ea542c5be4e92fc30633ac305bd092e5f09f6c2
SHA512 0dc6ac36867c4ec99d684e4377adab0567ef511ff971b3745839bdc82eb83635ab4bb2c5b5bb953a7c42def512a3c84736019a89a9316d199db30484c1f68875

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 6409e5f4603660794552838a4b9233f8
SHA1 bfd5a37aaea59ed11cee15ad24ef09cff637241e
SHA256 66b1f2dac957cb2f637983e739d3fa20b441cbe03f8ec8f931afc2ac356ae403
SHA512 8b01349beb2e1293c67f6488ed2ba6dd7e1e8fdb54d263ce1301f8f40c6e01e1fe2cd103c226075af798569d5ea71e4afa9615faaf1a1854b5d1733ce8a7835f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 818c1e80664883b6317ea7fac8e124c1
SHA1 13e21eb7b4f787df7755dae2f1e5e51a5dbc86bb
SHA256 bdf3ca281329f4ff31cc69d198a714e4da85ae599ace0cad3a0e8fd2ed3ac48e
SHA512 6b79cd141bd6ff6f9008c6364a33c6c9b1a838df52d1185f6d8b43aa1c5ac66e4c603bc75444578e7e957a0e9d3ad923e5566cd2467d3f53f56f57c0301d9711

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ea996477aa480b1d1351ae13cf547760
SHA1 354346f9ee5e314914ba978e4ac3caf0cd0520d9
SHA256 ff1cea9cf47e19c2d2916afef44cf6c15053aabe23db6b4ed207036008a0bba9
SHA512 c994973609e8fff7fe2210537a0e67cdd7f5db66a995441f09e9d90166c4f6bf1dbf55d5e45438b89070a6fef9d8f0090af3e1c13826abd23a145e098637f689

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 26b050e333f85c6c785e8d44f82fbe94
SHA1 3dd0e0110d2cd625dd617b880cdf1e2a6f9a0181
SHA256 1a0398305fc5718e63aabefb83d38c844eabc887a704222eab86abe82da3c997
SHA512 1e4c155787539cb575edd318fd6fab9813b8026894212571a3372927e1c30017e7ababf3a1b58a86c84f2df16a3547f05e83f621123afc485fa150b4a4ad91ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 837922bbb3acbde9ab8f67cdd8c21de7
SHA1 01e9b1781fec8acc055f4eada612b73f5514a005
SHA256 c1184e1f6f87d23998287e02456f2f2a8fe50d65001a35b41aa63344e626a4d4
SHA512 3113bd37a1b917ba03d691711243f3a459abfe6af3fb9866a1fd54f520d38e2f00d698a7b4e57a4e0103e166117004500cd10d8fbb7ff41ef446eb7fab52c215

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 d3e05adc41533ee19e5c644ceecfd2e1
SHA1 8fb16ed80980f196c920a2a669681abc875cdfa0
SHA256 b35e39c14b305dc2632d0daeeecbdae9fa9e01811986f2dbf3a81be39e89d010
SHA512 e55d6dcebb0cea00dea33c60a92c0e4eeff85bc193e1a7c70cbca23f3d5e6ab1e83495457a21dfbb562e8cdd5fc6ea44c158437bbe6ad43b4cd0eaad71bb7012

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 9b436dfd35bbc87ab7cf54619f501e3f
SHA1 b39ae3be98c17d187f105671ab391aa4a7a56e42
SHA256 19a51cf57e19fdf8392019e12e5bcf1dbe23e01ae2e9ea45a9dcd7c34e0ef935
SHA512 82fb62d18214d0f07ff18c9885bf5383a702bb689bd0eb1db89821ea5f785cd0889fc5d9507c51f0ddcc675dbe2b6694678f55434a6a3c1ed819ca3e1f0006ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 3fe64e3abf7d583e5439fbd0e935cca2
SHA1 ee354d4da956d90e3a817bd1e971cd291f498215
SHA256 b9d5941dbfd00362ac6de8d7707703ac2e795bae2d5865041d3b0ff3b8df99f7
SHA512 4e36f8ca14b358e121a811d0b1d864a14e4159a32a5933d0eb11f31acbcb852e19ff01c08b351e2fad8d40b8abd12ed4c506048155798c1fd14e03fd31221cf3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 0b1a4aa8a6d65bd47405fac3f8cd34c4
SHA1 e4c57c1b42665880b84070291d36030509d226af
SHA256 69183b39f065809c8afe9149cb0f3ab3dc1a3defccd7966ca9e41821beb4a121
SHA512 5a626ec5181a4b7e9977f68cc3e9697156dc37a15138d0bf031bb09e04d5b31697373f2f73fab1283c0e8d6df8d27567ab532bb8f82d8abefe15ceb3fff51fc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 b9c8024519c7010d5067f0d200a169de
SHA1 137070df311cb2eb739dda8dc52836a406793088
SHA256 446f77c25aed3801f831e08896660ff17fa411fd797a609d04c04f1ef17341f2
SHA512 3700c41416c248de4d2f03026e1d96a7f4169d2609aad24a423ea039da9c6b59a82f174a71f88401381c766d486cc2bf256ce7367205d70179b3ca1fb3faa4a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 8b0ec28495546785f23ccfdcc39f06e7
SHA1 aec7d6795761f958e53b32cf33332a6f5e1e520b
SHA256 a591ce3c660b949b054e23b53524d7cd1231fef858084c9816e8dc7e26b2f889
SHA512 553fce0d3a9ca15a183e553c6322a3794be44467dce755f25a7e1607e134fc803ee1b241176fee2986cddb0b9054f403c6b921420078e422e1b30d9f863c5c8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 42238f2785e496b6d835a09dbd2684a6
SHA1 3004937cfa8902193b393d001dd1da9c741b4918
SHA256 8f43e18f92642e90b741d8421704a96497c7882fc0349b22551499a439c83776
SHA512 775bcab8b4dad50e71f17975c804826c17f53d6c6e87818b24b095889b8f0c6c3c71ca742fe5dad9e8acbd35dac0a64b6e148575cfb504efbe651f3822c17936

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 bd143e4a3a11ec8229b6e9728eecc465
SHA1 9d31ac860ed1e84f6c677ac50b2a45ed7cd688d0
SHA256 7257b8f8870618e3fdf16c57d0ef0c033cf56660bd617eae9afce927b0e933fd
SHA512 158a84cdd45a4bf60338422237308be8ce88b2b3b2a735011b174020608e7b93131d15440d4c0348e6c7afe57c28bf650e803c7b1139a88f95bbecaf66dd706b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 376da338632377deafdd39f19ca46192
SHA1 4256e2764f631c121f2e95a6b7d1223955c764c7
SHA256 bf90bfdedd4143074f32b4e5014fae99577721c24e5e91396958786020abd79b
SHA512 2bdfb88e8a5985eef2515b0bfb06ea423b752e7e8416a9aa32a59e5f4607514f0635b94cbd8cfbfe69ef9c36b69fd31a9104a1342d2e114d12c12032f40b8c2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 555c3e59ad4c36e9a75482e42263a479
SHA1 bc8e2bf8e406ea0fe6ff440458fba36e6a9b8d0d
SHA256 06d85cdcb5bd9e7ee1eee0c660718e384f8096db2084e5e4d6a6b662ae4cd99c
SHA512 088ad9e0f7cbe0751d4a0cb5e583ee3dd6cbcda39aa5a69b50a63c979380516cb14552c78521aecde1270e8e88a69eb787c8f3756b94b63e90e10ca61b3ba494

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 b587a2f4377edfd88cea1bea83922fba
SHA1 98475f76b51e569aba1455b7e9e4c7f0c2de80ce
SHA256 25596ba571126f0e790f6be90e20a5f120769d018496143c4c10fda3e36f94c2
SHA512 445816375ca6ca6567722dee6488cc416d17b2e104622b23f14888a490441da4799a6223f89b2aa3e48e96cce8c7046cd4f4dc70914120f62c82fb776b61644c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 426f363bedabecbb1c36e619fc1aa859
SHA1 4408e0814ea8bb7ce8a4e3469efab22849944f95
SHA256 5630c33b1467c6427f213ff7e3804b278388c1c27ff218ae927b54722e2caafa
SHA512 68958a9156bdc6115872cbed76b57890eefeb9d39eb701fd73a2aad4f92ce9c3dd0e76a0dcddac88dcdef3b66ca96110bc8b3c3419fa2b1ed923cae1f4f89e8a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e82a137bc97f47146d94947ac04bc567
SHA1 f15b6a92c391f04fa8f26485401559ffe0e991d8
SHA256 f9c17a71c7de05312818fc3559e34f2adac15c5993bc60e20bc92b6077fb64f8
SHA512 1b579c923a09bd512cc1b8b134e1e34522a7e84bfbf5496d3386b731730bb2b7310bee35fbcc75b4b6903d0f7be9145807a05d49847ac68c62b05f0fc1fa4d1a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 36edd524b701feae6b582a6eb2f42f9e
SHA1 7b0ca37e35c1b4327faaf782e613248fe970eac6
SHA256 a6fd947e7919af39edd61e45ff50afa21f53e6326f5a819b3d894f030ff53590
SHA512 cad64ae826bb15897ea4fa28e4c2ac71a19d15959939042c0130d4565b54bb71137b35ec0e18401452ebae8169b2b7bf545a3f2b1ff346809e287b33962615f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 e3c556dae82a7181fa895fb492c95774
SHA1 5739819488c7594a2f6c998645240c138a9bd713
SHA256 8f833ae83ba02b7961316805193930889d18c65c2c87aa8fe03b9204eecd5eef
SHA512 5d83d0c2fd8883822765baf25f3d886284cdfdb236ed9990e8534e3083082497c4fb8b3b638dc562c9d710a33ddc0d0a9bfb7072fec009ca8adfa4b6fad2c2df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 55b45eba72bf027e526286e1cec0573f
SHA1 5cf744345e0491d190ccd24fcaa255162495d11a
SHA256 18de8ba19ed18ded83c78a0b30b665a3ceb79614039724a00e9e942c667a34c2
SHA512 4aa4c67dce432dda6eab6fb9bf93d6e75d55517072847eb853518ea2cc018371b2d00a092bf6817f2d1586784a67c446496d0d528d9099fe7f1102de240a1530

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 8a94491afefdf441921b31ca7ebf00df
SHA1 ee34cc326c814f276033b9f411b20fb196705832
SHA256 c0c86f31fe6394dfc0269e33e3dc5b9c274c1ea9aaccc3d5aa9e74fa497693ed
SHA512 d9d4e92c0f93fa1e497018d30ee1615fd501bcdde1b93dd1225bdaedac3c84302ae03d1834f6d116be3c763344a3e9c23e34325ff3962179f2f4e5b417f79213

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 c0ace679a292acc213a0f5b7fc1def8b
SHA1 fa7d9834568874a2250275e8bb7fb27ba6b19b25
SHA256 573fc3e9ada75b81e8413d825d4f51a88f769307252f0c0b6cd1eef32ca13f72
SHA512 743ccae0425ae3a6fa76ff59aabd42c8efbcbde31b3a5d452d01994185b5ef66e69c03697d38cf8a3b8f442cbf1b93c89f65848a9f3c6c5b6551b84368140dce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 3897ad8a325da5f16da49de30859c8ec
SHA1 05c689ec01f67966bda76a515f4f36746a001876
SHA256 37bc176ce545aa00b7b5890e350faeaf0c525ac82dc0f67faecb6f5d37ed55e4
SHA512 6ba9b980cb255c8dadf29e18d2e98907819ada9eeefbcdaca15526e196e19bc3ff16bdd022a5d220e0a82a82e9f7481c365161427ef0f769b1ef032b1e447133

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 0cc757a6b471df81e320b45ed1f71326
SHA1 6b60089c2cc9520e958cb3af965b61fcb1e222b3
SHA256 2f4a7bd5e0caac37d79bf89692ed1d497e39e636d52b37686b1d0267cb2ef193
SHA512 4a7c7b9217db8455839c98341044e489580d5b17a4d32dd674f03d89d3ea89abba6f6bda785a9b0a32d57ab8c1284da593823bcc14e596c66543019dea651918

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c5af2efd9eafc84c63e29550840e0fc3
SHA1 6f58e97482207657a29fb9da077425561b7c294d
SHA256 968e869f1a61f0f611220450c42674449ae651a28407b32d5842b18cdb5a9f43
SHA512 4f783396edcc8cf89a57f8e679dde1b6b51fee00cc7676583a4d8f2868423877e1ee642c5db7def4588d2f3073e9704de35265522b01b8a1017465f0fb183232

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 32e17b94572787a1f39d2a7063e445d9
SHA1 446d85a3e4fa82013ed94b162d98ef7645c6be46
SHA256 84e7bbebd37fc17fab3f3e4d861b8f1dd9b57eeeb9b4e598c7a5e4c0c4edd2f3
SHA512 765163c3f89f7c2b92dadf77769aa3754b03c789ccafb56b92b1d72e0eac8196efec633b89c3818baba52f196668510d3cca38bdceaf40f132aa548d74ece882

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 adcda35ecab3f15e15875a9a28c23c69
SHA1 35179df0349fd8ae0addbc86bbd27656d0c384ae
SHA256 4c4611e260fc26471df5799be8dbc5e0e23d637fcd221f82244c52db44c8ea94
SHA512 ad5cc6a95a81f907df0929d2225cccfaae2efabbbf8bdf8e86e25cae34350734b1e48606b0b8567dd601299d6a634c17739230749937c4841fc829506fad6127

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 76df04610df88f86c692979c030b7e18
SHA1 5ade945556408e2356ab2b6d0493d9751630fd1f
SHA256 834fafdd96281e45cfa44f748027e99b32a6fbdb17566cc1a81cac244eb8b17a
SHA512 145aba109b8c4cdbef90f97da594d9b0a0ae08db14c6ae78f8e1c7fd6b9ee8ad6b7a7928911e68a409d02bbb3aa28f820bad27c147f2543ef870e0f4f4a18525

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 e61c3f6877bc77974eead90f75e41e22
SHA1 c88a32bbb2645d5b79be2160b5354832f1e38b06
SHA256 5f7d98a69014e7cce261622b3bbf97c0f6f66647a8f0af51eb565729e0d79655
SHA512 fa2512f59c94d7dc9677d18107a1b00a6cd7403a947ac84ecf40bd8d977c89085ef62f1bb3bf0197e8e09e51a526e6a7edd2ad700a7d4746db8b6164db867063

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 b02d814f09413436371402c78986dee7
SHA1 281936c51d32b98c45802fd3117e4d5d25857ba7
SHA256 3f8e097f24c21eeb126b5834ba048bf6474bfb1df06c13b6078ebdfa4c82514b
SHA512 4845338e47fdbe718a5df3b489354f49e2e3676b8e51c27d1762f978f59ab467c4a65243f7687153ad5b58067f636f38771a9a58b164abb9c624935092cb3f0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 ca69845aae0b597f713e0ddb79807a13
SHA1 c600c68e214dd9a65f31c877c1780e9d9b053afe
SHA256 57986a58b09a90f7b19ccba53e9776e5b5b2104ad9d050d9b6d68ece17b0daec
SHA512 df8e412118146ca7e7c935ee3019b79b5f014bbb864ed582d1707e475f25eb9406dcb1211d34a2c92148811a02e89c86b80bcdf6dd417e222dc4e5fe31bf3b21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 3898282c56391bc2de7cc7ecea5b0a09
SHA1 d34fcecbf8050e4199352cd214e34b8ce0ede347
SHA256 6e60f3c41c0567b7e71b28100deb944c3556c788e495fef923b491039d61fc84
SHA512 5d847bb23701ba7860dbf6423a7d04a2b3c664141bcc191bc60a36ce593d082e26c670be5bcd01295b4af27c64a9dd2e14d1c91fcf01f6ad434eb4deb80d4cdf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 af789eb05d758786177c43a0e325e8ff
SHA1 849b95c60566b46598af3fa558049feed657f5a4
SHA256 04839e3338cd8545ed52d557df398e267252b08313ea2e481e6427dead8d597b
SHA512 0a7506c64012ecc0bbf297faffd442b2fb56cf365bade5f55ec1f8b70e83f32f6204e17d6f751fe6cd8183411f8388138342567faef6062dc9518bdc5343877e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 eadf6588348e958ed9de99df2537c5b6
SHA1 3b06a48a22c649756498513da04d846898282142
SHA256 f99e211f1f3b07e64b6bd683fa0e40faa98b6b7ef364b5f73bdefa8f9ae57e7b
SHA512 ecff5a823e0c5f60bc21bc9366882626ed87c085208e742b62b4fc92cd61ce6d495d79f11e586c729b7a4e267ecbb29ecb03dd325534e8dbb4d1c997ac38fd31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 33e994efdbf0c78e1d04c72f0e431167
SHA1 e7faf485a53d0e8713f7bd1bab660656cb0a5750
SHA256 ab284b2cf26198072e639c0de3245cbfcd81adb20f0af31e6a93eee9f044f897
SHA512 22339bcef4788c894d5d95bc93704df7eaf7176d74af566f1775e4b67dbf7a5b6b1006cd8ff3b9007e327d026ea80b5d67ef0562b3a529f7b90d9245ef756a83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 cfae3cde273b16947d647e2902221a99
SHA1 5758dbb233664a0a8d26278acff687559841d8ae
SHA256 9417d608cff41af438f7a0e7ef5cbed1df215d899a992c6f25574307e347a078
SHA512 d53d8cd994c9ed81cfb5bd36b7b6941d63ac0475cd1e6f789630324def955c68c6075a71eba4ebf88dd76ced6af619bd757274ae0b39ae827e53a0d935c220db

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 ddf5112760d6b319bd3c682e1c362264
SHA1 12df88c3593901aa116cbe18adbee184e18acc16
SHA256 e7f061d9fe4a895dba76f998d9b25651be1d5f00e9fcf1a24910d13a4308a416
SHA512 de0ecb9d0b1f78f7501b06682a441196005e4e81fa70d9ff6442561619d73f71e1f7cb6b4eb320471f3b4a1dc83f0bdbfd19874578b72a36f3bc1c3ecff76240

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5605dfdab0c1f0e760544da59a294338
SHA1 6ef9ac208f76c43921289f0c4699c7d85cc652db
SHA256 244f602b98689073d967c1fa65ef35477aa5ba83b61ad2ae682ed1ac060516fc
SHA512 793802bfea1f94f3ee83047680fd25a8eae5139ab9feee6ad6e9fef194086cf8b307d32d6df5c6d491bcbb7df7aca414ea79fc30e465179fc9024ccf44a5f889

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a4e8722e6833cb2998cf4096cd748f81
SHA1 53c8a3e879ebe3be80657de19a06c9fbf1812f2a
SHA256 39fad2dd411a6f293c85ea1504623c42c381935cf884793136da6bdbc4767b32
SHA512 2da6a2995939510ff64cceb5dff5c5ec2ddd71e1745ed3f635bddfc04b56e7dc255de8c2c5684b8a4d7b1bb575c2e55225a8ef9d44e2d5a13fd5227975b20846

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 50352b8876ff03d7a5515bc49090ee08
SHA1 a2063986f48c7e75d21c595879b14228876f318c
SHA256 f7e3bf9e249b30027b8ddd7cdcbec3f9fd45fcc8800493bf3e221b6a1f9ac15f
SHA512 472df02a424fdfbc530830f8f7682cd32d09287a77a8ec22ff16c26a26d4c7846176a407f009cf7561c7fe726924c8915c669cb27b81077472d74135f5b575c8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4328030c5e2f5ba3c97a5d378548e7cf
SHA1 03febec79c4ca77702dbb8e4269add62f5257b57
SHA256 d54f2f927039d394f05db2de4da9cf676dd00c7351df14316a9545f95c02528d
SHA512 9286e15b719223aff75cc3c49e0f774c846f127f031ef41144036b2caacecf1db95bec6b114bf29ac7ca8816c60f30692bb3101465f7347f45c0cca0170a777d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 94f3e8abbad4924ca9bd23736cda8c68
SHA1 cf400ab186beac039d2e26ed753287c4b4dada9b
SHA256 495cf591492f2fe099cfeaa4c0906ca89e7921055fd924f053c0d9f44d9b46aa
SHA512 5ad7c97dcd310aa79185c1b44de17f1a63f75802c47f31f339a0be3c8cfacf3167f4bc762198456d668e118b284087de4bcf26053523492520a7ba2733a9e409

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 641acc3f1fd32fe91672ff8df6eb25b7
SHA1 dbb4682dca7f294a5618e89a35486e713e51685a
SHA256 52a1b88b738e336815e663b6d8538f56d260b8e913ee5faf5d2d9b9eaf5f4d1e
SHA512 e638495122aa801067cb2a312c0e34c06f31632af8ce48e998694dd4a202a470a16c58d6a397cf98e47354db7dc0f2460e694b589039fcc4751b574f0adbb5f3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 a3458ba856d9c89dafd57abd048dd8c0
SHA1 7c5022ae99a3d5b35dbfb32b805c64e743858ffc
SHA256 47f804378ae1c0eb1a84fa2a1616971004183110e934167ef0e8ffaba7f73938
SHA512 99908b4b47664c62e72eb56aea6852e678ba07fcccdf8382d9164d8660a1933e79765fa1bbcc041e619eee000133f798b6a7b0eb800e36704f72cfa87b50012e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c92fbb2aef7cbf08add47ad4762289c9
SHA1 10f657e1d3efd17181fc05e247ff51a88dac115f
SHA256 24968f539f03e49c2f53ba2805a0dbd7986c32020b26e55ae15e47a709769e30
SHA512 b50dbf44aa88064492c271379384d58fed74ec5e527be6554dad614f4ccfa533d06f9139c95506782757a0f63ded2bca761cb3bfadce6d785566deaac7a831fd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 55faafbfce36f6272b50814e946cc6fe
SHA1 b625ee0b2793e41024d6be17e7169bbc84fd19c6
SHA256 b48cf797867ca91c42f238c0ef279c89eeeada705b30cd3427a69c238b424de4
SHA512 1b98242a2d32a10f5212867253193999d3b456055bb278ad289a4118b19ede8e3564fe95c230717cff5e19f02bba21b8c64f8cb3922ea3ae2a9ee2e6eea40324

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a714695aeb95547f973735b1a23e8a4a
SHA1 4cc57d36a370bd2218de9157036a208aa0fcfc8a
SHA256 29c509be437bb79e13f9f48403f95c6a9cd51680b63ea9d60a5a19aa496a9a7d
SHA512 9e89d9bb94ea86a084640a1648e24ad0af3172823de2b4b0150a15f6eb18f56201ac899ff3b9c2c07471e3d092f7d5c508cd3c0f0fc5884e0c9a5206efed83c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 436901edb1e32c3cb0c6bc42514a2f8a
SHA1 07b8d55844aef54632d5464451fac6036e09802f
SHA256 4822ccb59d36277cefed0cdd14e9c258e8cf07c2b3858dd399be7deb0871ed49
SHA512 b33e5cde319a6b5ff46ea0e98e6ad751e82adb4746e30d99b0412e4b280d7a711c22e1debdf268c4132928b751544aa987724ed513785f22ff540c881c8d4ba6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0aaf86a3a02df17767c6bf0e82503a34
SHA1 3cacedfeeba46495f901f07f39692612ee8e4b6a
SHA256 6b4bae3f8953288f0c8c29d4b026b25a5901674200349738aa906c4e177e151b
SHA512 59cbf761678d187d9f5fdfeda95954f177d5fe62b96e74fade634140bb2a96e489cb57feb6c052cdb1559d1db704c6ee300d672dd77e40e1dd8c7fc1d36ccc5f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 15af0028c28b8ecb88b263d578033beb
SHA1 3af80907e8854fceb1a8607decac199349ded052
SHA256 e472308e08ab5e2f881ea21201f8568e65521df9121a9422fc03bbe251efa20d
SHA512 443210307fdf19716fbe2f077457dfd3c8b87b310b8f7ba4beed4ce933dd3381c59eab4119b8df19e76e0feb7497401a3d069f4e0b1922e6176119c874ecf1f6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7dcd227a5633751baf6db52048983497
SHA1 4416b614f4b48d19a35185378ae0db2b3a126acd
SHA256 3032d5395e4bb6572fb497923f50d7c9e1b83b4116926f7fc930245ae0fa7db4
SHA512 bf946373ae0d42b1a180eb147f1c6ee4144a36c3b33c2ea9b6eef76a1a2485f4c1716b8af60807aba03f6e7980a66f4286731e62442bc0338c760b50b778cc22

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3dc120c7f2ea67c0c3c299d75d39dca2
SHA1 a0226eae6815a3c1668f05cfabc0767a427032ed
SHA256 0328e4e5c7e1e320164fc44fddf1a6b169b9a6f0c0a99e8e6ef533577a420496
SHA512 eab66bc51415859c4f7c3f0df77e6ab79be156403c9c2b0200cd2d5ccafefacd7de833cb63a72d639ac835c44b132c3294874ca016904184530d6046bdd5dda9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c9e8f85692a6b0e3d33e76d3f00dddd2
SHA1 69994f7d63eadcb759441fc744f47f0a377ac7ac
SHA256 88ea587d43fea5b6e461cca659f187054d50c2a7fbadc280a7b1525eb4707a75
SHA512 3350cf375c8b5a6fd8c52b30f36563a2609991a80e5d4dc12b279d527f9485f5834fe8c709c44e62164ca1e4580c6973bfa0efaf8444ff33fabf3affb5bb07b6

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-27 05:23

Reported

2024-11-27 05:26

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"

Signatures

Renames multiple (2187) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_3e3f05a8a446e75f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mlx4_bus.inf_amd64_4c426f3bebc68844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\170.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker32.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-150.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\logo.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\music_offline_demo_page1.jpg C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-150.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vreg\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlInnerCircle.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tasks.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_56b9c81520f855f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net8185.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2f44da07307faaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-msc_31bf3856ad364e35_10.0.19041.1_none_e5e2af57be7da553\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a2b1dc0d433b380\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.1151_none_7f3073a2e8d33842\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-winrt.resources_31bf3856ad364e35_10.0.19041.1_de-de_e5f7db65ea946710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..levance-queryclient_31bf3856ad364e35_10.0.19041.1_none_6ca9c19f281f40e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_6eef9270869f539d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..vices-dsrole-server_31bf3856ad364e35_10.0.19041.1151_none_9d662f191fa1248b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationCore.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\INF\MSDTC\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershell.isecommon.resources_31bf3856ad364e35_10.0.19041.1_es-es_b2055aea1fc7a6c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_517fba6041b2f716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_fsencryption.inf_31bf3856ad364e35_10.0.19041.1_none_9386dc7cee51e04f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_6d8093807c1fda3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_10.0.19041.1_es-es_f2081f188b33554f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_644333f2ee8db8e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4a25d532171ba14d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_gen.htm C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_10.0.19041.746_none_f529c07d28ecf28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\DropAccept.scale-100.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tree-classextension_31bf3856ad364e35_10.0.19041.1_none_9b50abf379e00821\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.264_none_f62481abb9c79874\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.19041.1_none_0603843f76f45ec1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_es-es_0f2982f466a2581f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-packagestateroaming_31bf3856ad364e35_10.0.19041.746_none_f54f3e2f30856475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_10.0.19041.1_none_d0ae8d599de7f858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\f12host.html C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_06e805eeefb0ed01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_4714a8b784b340e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.jscript.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_7aea1d97c71ca2e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-webauthui_31bf3856ad364e35_10.0.19041.1_none_b00cf2a030ce503f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmserial_31bf3856ad364e35_10.0.19041.928_none_78249a563018069c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nese-core-essential_31bf3856ad364e35_10.0.19041.1_none_5fb83c6969e4c59f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicesetupui_31bf3856ad364e35_10.0.19041.746_none_5dc0902efdb43877\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8335c7a6cac9c2a3a77da9f4a1817282\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_xboxgipsynthetic.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9a2171d279b6ba57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3652aa0ab88f8917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-edp-task_31bf3856ad364e35_10.0.19041.1023_none_67d9ae9ccb89c9b7\@bitlockertoastimage.png C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..r-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_161dddb99aa1cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_es-es_9ee5461cc22d6dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_de-de_8e98f02cd3feecbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_de-de_763add5a14af095e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-platform_31bf3856ad364e35_10.0.19041.1_none_5ea144b16134be06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_af9995d1577b1d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1202_none_b918e36ffc7a6ffe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_d0560aa6c0f64b1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sysprep-spwinsat_31bf3856ad364e35_10.0.19041.1_none_09258e851ce03cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-desktop_31bf3856ad364e35_10.0.19041.906_none_b28f9b85117c14ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc_31bf3856ad364e35_10.0.19041.746_none_4fa3449a65de1c39\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1288_none_82b5dd00dbb53a5c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_0e10cf5e5c993166\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_urschipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_de4d5278d0b2ddaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.0.19041.1_it-it_4c775ab7a368ad07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_10.0.19041.1_none_bcb77cf92a5ac777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ces-targetedcontent_31bf3856ad364e35_10.0.19041.264_none_57086cfb3caa2cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.964_lt-lt_15f508d8d9b8a291\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_1394.inf_31bf3856ad364e35_10.0.19041.1_none_6118cd98bdc15ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mdmvv.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_78073d4d410a0cf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted\ = "GJVLRFLRZEUFSIX" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe,0" C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 7cd50824a8231d955318607388a0c3c7
SHA1 436bd8eeeae6f3e568152ed9636bef8b5675a0d5
SHA256 d5a79d781f6c0289024ac21c314942a6d4a543cacb02a9840074bf0577811361
SHA512 68df3e776f5a41ffa81b11d817cf10e932903ea57ac3f74a5202984c6675a78297e18b3162e5dc5ceb22f7b7481ba70d916780dfd903f4a7c4161fc16716a436

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6e3cad08bac022872618a3c4fe5872e7
SHA1 59777f8943343f886bcaf879b089484c9cb87e9f
SHA256 6fd5cc7769e635b1f192d5a233be40b75fdae6b9c831a78d5c42c8326f99b9fd
SHA512 3acc544941cc1ec732b034e8e4e10ed402731bb1b41189152daacf41b590701cc0b87a7e260b3c59ef145c8e385dec612487954a204b8c68a21066071f60e925

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 6db08e3763c96dd93360e22272b102aa
SHA1 d47caaccad3598a235620a7d67aaf983029333c7
SHA256 a72cb9702915dc100523d3145580b6212c02c43e5c68a11f7caeca2c4e7ed1cb
SHA512 0637978d346900b0b79bbfe6011acec1fd6e43a79692755758767a9815645ac5bea99b9a909456ab7319f9b61807741e981816cb4412aee55985d8eb2aa17fb3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5f1dbd9dff4f65afacf3d660a8d52e6d
SHA1 3c8f4b5576dab0785905085f96ba146b44255853
SHA256 266e36dd16d38df8e0846a25d071aaf798581604975ff1c6434f87900378fdf3
SHA512 d50f334e2d10c971eea59d28b3e4f04d564ca13577df6a7de592037849ac33f0bd915e4412bcbd175d7381fb942ca97d638ca7663e64bd45d340851bc14c640f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8bcdefba522930679d71acacbd498e4a
SHA1 8057ddec4cb7cc848bdf765ed616b17adb92234e
SHA256 f87959fc9c11c12453f0ef1f8d540ab249eaa5fab4b129c8471cf5c61b4bae2c
SHA512 bcf9ff773872c7524910a1dd4a37b35a7db277534bd25e748d86d747b172d2d522943f577d477e7cbf624ac0a9690aaf848e5fe52d4605b1e1a3a86e56a23a75

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 81aa6e297edcc807ecd561160aba2761
SHA1 bcbf4e86d76b6c4a555b9d5b370c8f913f29eb56
SHA256 2a126522ec12152544fb74dc8219eebb2ca6e321e5fec23eadacc2d9eb249838
SHA512 139372674fba9668676188a956b54b418051718acd0b132a247e5088998fc997d1d61d2bcd3af7852a4dba30b0ceefbcd36a5f2f697f0335845831cd499cf2b8

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 e6f826f98b2fa69a91d365dea84666a8
SHA1 c55d476adac05ebeb5b3738cee38082c985d77e2
SHA256 f54334d379b14585ed05943f1376f0cadded5064d41ebd609fdbfebbe2352624
SHA512 90ccc23ba802b9aa9cfbedc2c876a659b66c1c8c82294b0f1363e9195782200e0a3b27d1c7467405c5c8d58389626b20333032be06dd8522a2e1c140fa53e72a

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 557a03acc5cb1d4eb2e79f6bb110f58f
SHA1 5e52510904e631348bf4d10ddc0102f5bd150c22
SHA256 09bfd517663717ac453894e695f58e5f33a4a6af65c676b40d18f34d65734130
SHA512 dfd5f0d022c038188a0cde9c002441b2b1317aaf3b0de8f7e378fa44cafb05a40c7381b95e46842876cd1b275a08d8a5b5ae85fccb3c3ad94e0f0f90cbaf8d6d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 f3d8d5e65f0262658c1f010b5c5d667c
SHA1 ae346f5f17b4baf69c22a440da8629cb56aa5251
SHA256 488ddd5efcf4b3ad8b0b5c41c9fc95751eb4e60e7c51bb5346776042ed01b60a
SHA512 0a249d398b257eac38fa2365311e9901d5aa3d4419769d22b87d501d8db872a7f114f699987a41a570ecdef0347eadcc8b38c890267ff7faea700fb03d9a628e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 cad761a157874c696184a9fd7ab05dfc
SHA1 427bec10b139dd2fee35373ef3297e0e9f4ddf24
SHA256 6e21327aba22f3c88527ae8e391dc7d0ac47496fe92e038e1f8673decbb8327a
SHA512 faff7b1e011419ef8b79910ba1df2e37aed15276d36671b3f359749da634034ff7e979c227329eff5b4a631638b9d5500e148d72b456df5e0761f4ceaa4f8273

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 578df480f87e1c38c3b2801b10e74293
SHA1 14ea7b88051d23db8b07b41314e8148e1a0b90ba
SHA256 4eaaf530cb52937f62a0959d0838b20771702ecf30cd76e38debac8f78523efd
SHA512 406c5b78b58e94431bd3201a64c91bf86740aa8d2c2559453cd5495dd28f846e377a7f39765511e82cd500527d46044fbff6a4dab25f76790e2d6b046fb3b564

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b8acbc2c4934a23762fef2a5d8c11550
SHA1 a04fa8ff275523bc14817d27cbd625e0a82f33cd
SHA256 3e20c70d053b4d34c266005f4a1b7abcbd6caedfe979125306dfb4e2d80099fc
SHA512 f10ded6e1e51ff4d66da6b6cca05fd40223682ebdc4b500511f3b1664fb1f98df6b78ec3ad079900242c58d4e268c5a58057ce8ff68785334214fa9182d31159

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 ab31df4380ef52297dcb07188e28d3f1
SHA1 3b4237e3021b9100884fa6d8ad0fbe1dee62b216
SHA256 5198c7b139181e7ba6551e89f05f76c5f456486320de65c01dc3769a31c33558
SHA512 e97583bf7af690ecadef999dabdab4447597308ebbc02909bf45844699d1d0e5ab855e8732870d90d19da6268a710b2086ef78d31242344c7ed7f4fca807d91e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 11edcf6ead6950a38bdc273ce1f283d7
SHA1 d05dfeada11e2a9dccdedcb4d548869b4d7796e7
SHA256 5ce4e6d5bc8bcad684a647a7da9baedae52298047f05175eebc81e27e7f1db68
SHA512 1a98870a5c42f555fa06b2da8ab2cd9cef1fab10b5e1fe8379235bb3d06e52040ceb0058b7bc25d36d594910d6be3441b0912fdd31e3f3fc673153789978bd88

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f4bec2059a9f8e6643dba750155db766
SHA1 66b7dbef5c7ba62eeed0f4614944a0077dc2f23b
SHA256 ef130ce0a72e682c590ebeaa270925548cdae30bd6d7daa9ecb176cbc18b4058
SHA512 02c8af4dfcfbcb30d23b4705c1c447865c9c0ce6b3efd425d4c05d1def5cc6ecbada6f1207761ca8c2ed8831ddf6ad9d512385c082babf584e808b281e265930

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 ce57df5c2764e248a13a6f7c904a91c2
SHA1 f17e66d269199d85c668fb1af1943fcdaf970fc3
SHA256 cb1efe6d58cf085639b133143462f904bb05dcb5f73744c34f554d41033e321d
SHA512 a53f0c1d467cb0fcb86ebffda7cc0c76450b958611f6e86d969fd4a8ba635825fe0ea21494aa15ce11e01e1f38a659c17a4bb036733a846a8e372fd60c3f7cc8

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 1ff13241ee95aa07da24f8a29c6a62d9
SHA1 9bff24daf81954c395bd761db525c02e2645eea6
SHA256 02a8a0bdd985192a7e7587b4607100dd4135f5d8a51078bfa6c63ef77bd5339b
SHA512 161cda5dacbe9522d2e561c003b2fe1254f76c48e6bacca1134bbfecf154ba2bcccc19a91631fd01ce3b5cca34fcbf3d92839a24b209892edb162a316ed6a28e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 9a53ad23afe13edb8af85d9f5cda78ca
SHA1 e7b22cbfa6ecbb2466e4696d9d26e6cfcad375e8
SHA256 0f1eb409c25a6e7248547655c6130382f5c6e740b1dda6125b668918f84620f2
SHA512 ac10322dbd71109effe367149b53d44a82d402c0e9bf20c1a43826c8501322d011571d4ecba96ed385429d47d146ef262eabe8368104822c61d8ee95e0814676

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 2dbc1f5488551c7a39c6a93dad111ab6
SHA1 5703162854595d0b29c20d2b3b7a422defb1572f
SHA256 39cb07d64e1c7bf821c798e1b04e546848908b590140227e66428ef56d6f46da
SHA512 c6f5e2dcf3ce450c76a5817b43abca69cd6612161ef9eb5d9a8b4aa3c7b2bd9a328caa1a3c8a4f0f9d964adda6a0d08334dadf03a029e620f1d537861fd06815

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 bf117df746f7ac1b889c97f203a015c2
SHA1 0c92373daab636c3940412ecbc3dde9a3e521835
SHA256 50070bdce985880b3a85bd4de265949ec2244f62e84128c688eeb34b52bcdf7d
SHA512 bfecc7b5994792d12be34a2f6f7af31459fcf4a13bc81f049762fce8b80fc9ece810a73ee9aa61c96983f5be9387afa5604ee0b4b4f3c08334f244702a603fff

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 0efb69007c9e0f82c704dc6f1ca9b926
SHA1 de498e81ca057de06bda67b01bebb65c2392fb69
SHA256 8ff09b6ae151489e63bd9d41d51e5de88554cd6d8f3a16c3855cf1b299b311b4
SHA512 5609afcf0c29eeb213b5ca1f83bbe72c8d817992684b703943b1cdf20fdaf8e2de760ea88b237740a8245dd58e9f0762dad08a3ffe3d67b156926da23841c0a0

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 6378f0e90fe15f04e8e3761acdbbbf2c
SHA1 6077b2df752276b358e5e8bed164fd23f372d675
SHA256 52e560e0dbdae5704310d250eccb7c94729801052a46e3cc2b05afb87ee1d79d
SHA512 30df33c9c962b267095ffcecd861362299b7004becb802eac80f4ac895f1df013956325bf7e4fd782cf30f031f29a70d0f9332bdaa43848ddeed53ed1d950bba

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 54fc8d4b615231f31f8cd7ef80074053
SHA1 5c7d96f197c6aa416e9f7a1fe20a9d354d2a4080
SHA256 01783e067af2848ce014e38ef0532113bce9e4a322c3e9f8d7be07f0b443fae8
SHA512 50ad85f23208662b8c4ee8bdf82467f9cf4cf0e4bda2b7ac94e9c296c917eb0cabbaea01a5d703f15930e84dd9c2489172bf0c559fc4c960c7b0d59134e685b9

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 63cd4ea51c3a0c9e07f3572bae47a4ae
SHA1 8fb96576a196bb4961f5965a2e399dee9cf2d058
SHA256 5fd6e13f57dcdfb29f2472e832dc8dcdc178aaa581634240661857d7ca4d532d
SHA512 2ace549d348bbcc7ff54dca61658ea59badb75907f0963ddf2a46d797c8550dd9dd1b197f1cc145ac36ae4f176ea074b216548acb4fc68f27c934c700173af83

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e539e7bbef6275d1c472b1f057f53e63
SHA1 b10494b087b3137f8823bd2a49b1b718fcf2bda0
SHA256 0ada10a13e6d19fb9e408e129cae46cd2453767b293ef1ce521c4b7d648606fd
SHA512 0b03b5e5196ece6e41eb87929e937b88e18288ee11839d472170df527d55e098f10f40317eee248bcd947c603816ca689cbed3c0d953475dd0e74985a28c52c9

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 4db59d9fbe6ae1581070779f05828c41
SHA1 58e2431dcba6ddac0e9ad29e26148ca79442cf16
SHA256 36dae96c349545ba7a5213fc46e9ab5a4a539c3480850cd583912019d9828cf0
SHA512 56c662d3c8170121aa3239fea677077cf1f688060d15357810a484fc856b36713b402a145111437750eff18f699e17439415170f0e4658cf57b8754a60ac088d

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2155f113cf5c13a82a7b71013159ba68
SHA1 b9ed290efe3029140c0acdedf0d54cd80b657973
SHA256 1e62320d662020cb8952463291f24617c2db3aa1a1fdda1d57aecd2784db8e5d
SHA512 d5e05aadd6ae67ff2c21fae87366d8d82ac04e9c4c960980ae1936e6a587202f4da9e8856ae2812c72099c9c13f4f7d3cab87d058156c252bc8900a0663e0026

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 ce1fb387cc0cb991903b64bb88dea24b
SHA1 d389c88bb78bd6f1e810f85e79ae5c85da942742
SHA256 caa5075847de63edd6e3b4d0baab326623d6cb2785a74158a4c436b8ca77a3d9
SHA512 cc415aaf0a2f3ba31e9816047fdddfd6e05f73d2c3935ea796b1503346a6dfa84fc253fa1273b642dbf8fdbd1fb6e9674eecbe55428cdcce247f9c1dbfaadca6

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 7ffa4807a0fce05d600dfb4729a181f9
SHA1 20cb9a40da4428e9889f47ba988e9c81dcb2c616
SHA256 7557ea2782581796e9b19574555538fffdab9e928641cc7063b53f75a48b54ca
SHA512 3f9cf6ed958a0653568e202159d7729ecc7395e5cf66ba40192be2b848614c65283ee70c6e4254edae786c2badcc97770181263a88816c06640eff8c04a010f5

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 b7d76abbc7b96d55c16daa254c0ad83a
SHA1 aa34ece326ecf75fb97b6efbc50d06b389f4c209
SHA256 cccdf31147ecdef0c7aaf3920ba79985d73ba4b8f8de6708bf09c0814810db2e
SHA512 c4e1494046bd3550dea3b386a50494ac1941cbe452d62dcbbf493b86a64f9235fdac7e15c5221334f98d91953c8b708ea1cd29ab065fc6595a99bfc10e5268c9

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 319419b3d5295e314ca8c9c655e87346
SHA1 d9d130bb5d65535451a13427630775280311223a
SHA256 6d615c84f6c905af232b9d31b34b66d9748bf817b829eb73f0c8f915b537a763
SHA512 54c753f70fb6b73f465f514f89baf49c01693b558083197a15efde06d0d3d1376b8a7f448ff0a376cd1c28c92143158aa22567a3dd223c65d23e5449e001e1c9

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 c696267fedd7c29cecbea879f680c6af
SHA1 4754c02cd55656db3adf6f953e02456465ca09d1
SHA256 0e5c46d7468d6f99fda70dbcff9e7d5b9e6eeb3e81ef636d52ba3c26912297ea
SHA512 ff9073d6793fb4ed86cc4bb4164d1f7977e2d8d04ec991d5a6917765969498723b735e86f3a4ea8f7920ab5038bbb1a1da10683565730512c3303a60638e8e5f

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 fac08980addfda6d9b384e47bb30972e
SHA1 e86fdfc603bb5e0c084540017a1989c897054ce5
SHA256 08aba7869551a85452643f2d50cdf449bcb356705461b75a37811c2ec6bfc000
SHA512 cdfa303973f21c03ecf6521a2be3e462a82ae8869160d225bf5a6c99bc7006af159b7cc715c5a3326c98a0f544abeeb78a6bed4528d6007223b36d6d034d9850

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b6278bf458795580a6bc404b2ae3f277
SHA1 12af3499702eca35077b82c5f5a247f99f0c2d7f
SHA256 7df6d3d1d37dde193a318fc87e964c284dc76670d7358fb1bc7caca8e9fc38c9
SHA512 18b143af53215ffee961f3130deb5e38062aa24503fa5caa9f8d5a94bbc1534add058b6b8b23866547f1b87b97ae17cd3bd7aedb1ca1b1de0252e29968fad611

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 417ed8ddcd73e6fa006dccf8f5874f6a
SHA1 1516e891a847db6aaca28a34a224fe5941ac955a
SHA256 cfb357420a64b796c2ea797933cb59d82037707b29e7efb2dffb39e35596b809
SHA512 1fd629e331f022ce45109907cc7859537f8f63acff2e8b13c40ccb35a3295dc79a2ef301c3c37aa6d5c6689eace30dc5c004707d7f966dfe000a08d581743872

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 8533385633b3d65788540b6090812847
SHA1 98195e835cc1162dc8b1aeb4ee34b490bc617241
SHA256 197c7bf72a60f4bfdaec2e21da8ce313fd103e26db58fb21ed38b2eef5ddaacd
SHA512 e9e527572a0261392c6cce64374eba71ffddc3f06fe6546a4d7ae34eebaa386b8e7dd85c3036c7a12125fcae7e4c221af89a107587af5d3cd7e8d3301624e402

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 e865691912ad46ef5f828d9bd249817e
SHA1 c8ffc3d9b41cc3b6e0541e1d49308651e6c2725c
SHA256 bc6dfeb79675ac6c18fb553a076c502332f6894c9090f1d217eb17d980586cba
SHA512 3d94f967f6cc1dcb4167dc7768852e20a28f3afe315aa32a90fe8884787d1add7ee199c51a4d30071c310db87d78a42cbd326a457d7fb5ed2780ee697cf5c096

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 379589a026f586bfa50fa40862b48f76
SHA1 e337865ec67462984db91d755dbd4f45a30a8006
SHA256 efd63757f89ecd306fe8f2c76adb0175750bb614885f1ee1f883c0defa786e5a
SHA512 b6e278496ff67ab85a7fbc2960b7504d1b69e3e3f569da5f2809888c81e21f29bd262177b85c2db89b0ddcf5573a2289ca394baa634eab2f497e3c9bdfe5eb0c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b49ac179df1dce5a93b6d250d492265f
SHA1 ea74f2a7093a3df73634b3b7d37d3d9ccfaed891
SHA256 de2c2d2aef7c2207f59a4abe6e793f27d19d1adffff5bea425eeaaa75d064a2b
SHA512 ef8a064ef63fdacffcab9d5bd763c47b7fba8be8d57c9fb50cd05b1c2d44e6bb095df119dc94951ab8df898e452e243d77d945070a3807289e9351adf2d7af49

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 6afb61402f95d40fd90886de08427879
SHA1 a7702f7c78955c24e15414e3f1decda373b0b02f
SHA256 f0c99f54da161f825d6df29167dedd39fe0c49d61cc01f9b4f1a527367476cb2
SHA512 f5f04721611728fc4bdf80ca3c7474ae06029609f17c51fd8567640122bca731abe3aa7f913fc0b295fe20434c067971f5c4ba605f4b0cc7e41c78754d91788e

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ad7ba379076e26c6adcbdb4117998104
SHA1 e7378b6e7ddcaac1abfad2313315fdba6bbe7ce5
SHA256 3ea6fb87a43b9f91afd32bdf079639f827eb9b98e628873b0366e27b37fdb103
SHA512 418badfc71b93f3222b8005d9dc95a1a06bb0a5c56e15943df9c07166011998ef0a3972403b1f349e9d59f0052c36734f0e851453a47680969bc2b68ea4e1c1e

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 666868acbc693fc5ae66bd06400f80d4
SHA1 221bad098b66c9f5723947476c0e9b8ffb95f71f
SHA256 f6bde4686e75e694425292b6f55f84bb7c0d3f984a7cbc0d16813185baf19396
SHA512 be76a732e3df906c10df170092200eedcda9f77acf3a15872495ee8d155a9f15ad3269e49757d411e70b9ef402aa4c31084c5741232d1805f2fdcdb1ff14680e

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 ee365b6bdc1825b1f448860f65ef8eaf
SHA1 ef9151b481ff1bac02699037d10522dbdccaa0fd
SHA256 9cb030556e5d9c33d74fca720855d9718338ba57914ec174c3a4d8f4bbd9692c
SHA512 c648d3562d697968c9472cab427c9e1830fe605f49ed316f9d22d2e79faaa7607fff297491a583fb7a47958f208fe9f1d5c82bb87fdbfce43d5e095d68206af7

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ffc99087c9ddad7361ea2edcc14f559b
SHA1 9ff641d3eea65f978e2caf1b385c6f9694016bfe
SHA256 f82fe8625805f5062252453596c14c1f38fe5697dcb4967aff49c778236b392c
SHA512 a410629d5e9e23744d2895ca114951f51df6cc4a84155e90e91b7c217f5f8e3c5c867b58dc00d95bb699098d952b21605b5d252568feaded45f38ed8017b10bb

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 f3c4f687e8e786e837a9440923ef57a1
SHA1 fb349c9cc795ddecea730867a51dedc214b2ab14
SHA256 84899cb5260c4db7ae98916fa8ad78aa6916df1f9007f52a8605a18cd9e04dbc
SHA512 e1907441350ee2469b0d4c1c0dd8e09bc087c7922a819ecb731fb7a0ad23c6d09a1287583f641ac5299b995d5325f2092132300452dee9cd39ab21b81d50816b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4a337021db9f3f18a85171095a86a216
SHA1 7e097ab6dfa189e3035cdfce446855d8b55897f2
SHA256 4b6d51ba442e1d031d6336beb0a91200323327c8b980d547105d3421b48f9d71
SHA512 e15b37ae36b4cd2927ef66ba3d363dce68e37775f0d5854aec5adf963c2136e88823d1c19242be07cae5c1603b747eb0c4ede151352437e2234cf8ddddce0faf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 c3266a99993b01c5288acef9e29f255b
SHA1 caf5298869ef9c7b9e94afa4cd65112348507f52
SHA256 37adb540e81577b681fe8cc5fa0cf87624e45e3e2058c885e4c3b77a28c003e6
SHA512 3b3fea25fdc633a4558e3716590a658f6ca0fb6f9abefb587083bb02ff98e19b13158109991426ec9e094c240ecd306b5b4b17efdfe58fca3cabedaf9c04c8b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 8ce7d9faed34c10553d84d97a5c72017
SHA1 fd45f65710febf7cf2599216f8c61a79138b7ee3
SHA256 e140904fb2e74564d98c882ff77655b966da86823a4233516ec417514f24afbd
SHA512 ded38791b73d42cf0a6e69cfa3187efcecd08d73a9cfda014a645fe418c6ef1214cbef531e16951be974a376fea55d5d47db307e0d742c5a0e4aba0d0c0c3fb2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 605a4acd96fc40977e06bce7e591c68f
SHA1 4af04d9c98e07af758f461b7b95503c34c22af6e
SHA256 0d863288c8ee7073a1a4df8a996f5ce0b4c45f839f6b82e26588b7b27dc72377
SHA512 c97d04e03e39598bcc52d84b077042eb8b3e097fe275708424503c06c6f5d99ef570957ccc97673946944c74dc017fc3278529a0e2b71c049b22b874ef1234f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 edec33c39a54f41f4d2f9e05e0644616
SHA1 98b0abe3b83c6b834d2f821dee8dc4e201a06ea1
SHA256 9b0b1a0e6e08b24c674c9831ef243818e19ab1bee786e47e1b924624d7efc6fc
SHA512 546bfb886d68b979ef5c49ec0b4cbbf2881d294d6ff066c329d8be56df73853588e464e8fae2a9858db8fc303b6e18158d1faeebdf6a7ec7d4506e5f1801a4b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 68a63563b648d442f97cb3baa945491b
SHA1 af8dd6a50157ed8f872471365e9de18aac05cb4b
SHA256 a69568ad266d2c0a04bd109905886952939cfdb420a69fe5c39117d97ff65147
SHA512 130ca76371da73b7c32063560f28b7d69727580e806b1415c01e51b35ac6008e697f9ce8627da4363c2539e975369bc4f92c735e506586aa0dd7958de6b2b4fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 16ff2e6f61f31b8754b88dbb604690db
SHA1 d7d20290dc70022dd5c264e7aa2237cae7c93089
SHA256 b9bfa265a3a61b736fba79db2603399ade83d0521f5875f8d2cfb4412c3f1fcd
SHA512 28e10c6657bab54fc244b8b3ae838495dc7e57650c76a5712026461a5ea9d4580ca009343e8aaeee4e529368783cf41ad79b808ad82e290ad06e5041f6253dbd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 9a5d13a7c13df35f919e9ff4fec5aa95
SHA1 e521441b83df549f1bdfc5800af81bf72401e64a
SHA256 12230e477fb14efd5b0329a3da2a6d7f3ad104c6751c6a8ce01f424decaa6a2e
SHA512 18d34ebfd48dbbe38c91ba712a44d61ee58fa1c42c2f7cd08b1d0baba66b0f937bc08c6e7b06e6c2b1ba758fb9604ba96554d1abcad14aa9e7c66568e31995d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 6854fddad99a69feb571f63ee7e759d3
SHA1 3d02fd1560ed920374f1b698f8c8f54e63f2f281
SHA256 764be99d8ba8e34efbe1a7da8b5c939938ad003a5ba198b2e39fb3862c533060
SHA512 2b05b1898e75a55e9e660517571b16b90e9feaaa7c3806c584b7de07d0b727e42d5b16bd07a529402c46cf2de745fa7d5463b8a8a1d0c61c6154f5b516b9b7ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 171e89c2655595e5d8a96f093b32f3a1
SHA1 71b23741b488b3961529f19177f95d81532d9d04
SHA256 b3d4584f45590be70deedcc8f08a0c8b23badb0d184f487f68055021b7e455d7
SHA512 bb54d7fa9740634fadaa079b6997c55875907dfe257a4a99d31021e1e8916b6a928cbb242ad532e38b901c80c109bfa24af2729aeda6e556a70202e3c4516043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 2ce9e581483649a5d7afc01b24a92459
SHA1 e83d360361a19cb19428e0e0aefaf4183ce2c764
SHA256 30933b5ea8982c2da1901589eb2e43d24cceee0bdcdbd62e2703f3053d586544
SHA512 b133f639faec0851c15b04ffaa74b467b79b04fa7fd421442330315a3b700060b2ca5326dd792880164c5542d3b06c91637f8dd317ab64cdbb77b4f7228c8bce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 5d5a72c980428a33eb4adcf6ffaa59f4
SHA1 7de4bf8256177e726989bf3856ba3ad166ea6cad
SHA256 505b7b99ad74e23f522550aa3160cd378b049c9adcc56a57ea3809f72717c169
SHA512 382cff41605c4238992be3789feab68e8ade784c36dab85e8f48bb977b56f56cdf35c700b8679048ef98155d263afa231f94138b04455a597c58c2b02a5592bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1e26d586dc4f8ac26a8bfe3889bd7035
SHA1 03556dc8e20ab06a7e4507933708285f4a5824a5
SHA256 9e6c26825c4f5a45c5650b21f1f47b4df41ad0322acc39680b76d057e17c7613
SHA512 15ccdbb5fb93911a5138d236c55127f2c2d316e0090fa5bc6f523fddfb1e4094beb7bf6752720960475cd699300644d2ea1062a35c926167ad6c9b9a20dd08e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 7177d4bf34ff41b0d49c68a116d233ca
SHA1 f7ce980f33b38650bf7f4e18c4297fefc267d2bd
SHA256 7c6eee7ed60f28ac180cba64244a74ce70a00f042279451e3c287aaa94c56baa
SHA512 4458d72fb6af49608a045519d12f3cfc15d8933195817b7cabcb5c5fa252f6539311fcf15fcd9d49f0c455157170b0e0d6ef4b0d2af8cbde1144480f28ce3d5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 2c982d2ec50e11cf50c2d36d497645b6
SHA1 b907824e43508b901c0979a349e397fef27439c7
SHA256 650fe0cdc9dea62dab16a9d50432bd7cf86a0cdb3d450b21546d4a3364ce7343
SHA512 1dffaa0259d937280a6fbcacbdcde76ff87b81900c55c674f84156e85f61d9fe8b4be783e7527a1442fccf285e76c75e7488107a8d0ff37568a91aeb42ccdb50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 affe88b47a952b2c8c48b6316a2b3214
SHA1 51b92e88449946f68e35cc2c00cbbe0c1703b08b
SHA256 2f1fa50c3248ee204022ae407ec1e67853969e840053e01620ef1656fe317732
SHA512 e98e6475f7fc2fb2a8616e390aa188ae9b78cd0f85265581ef81f94e17d6619f0248877d664efa8decff6a2b777344f7bbc75f9675d2bf327bf44817ee6046a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8c5a63520ebd09dc7898cc5eabad16d5
SHA1 63f578745f34155afbe54ecfb488b68d42108647
SHA256 18ae756264d87260e14a137afe5eb762e6ea282e779dde6816d20b6c4709b60f
SHA512 1547fc93bbee7a64ba5c8deb56cf61adf7c875bf91f45b923208679f923ba321f9bd37eac9068df98aa5222c92a086920989323523c1c0c4f7816acac0128416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 95f3b07afaf54a031b2bb1a6f9169278
SHA1 74937e288520d0201fcd5b399d60ebd93067ce01
SHA256 994f2abe9fb35568588b269d8f06d9f01e53676a9b8b05181547a0f1f4625276
SHA512 2c71124b4080206b52a6ae1d087c42d2195708dc8c72e1b43303703fd0cbf93a807a3ab7a691810c19b83a3683f66b9fd1a5f53d1a1f205fc3853e269c0261c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 ac25ae6fcf6b98062a73423d3c369da4
SHA1 e6cbe115c6c41f38aa3d8d326b51bf52fc8018c8
SHA256 74a84cf435848559c42272a01beffeafd16c35c8f57ff7956358c7e1476f689a
SHA512 dce0043f595ca9f285bce5609e520be17d31f2835c75a69b242adf55264a4118c8c957236e24cb65eeafb489dacdaec2db81056e2974cf824cd2611964af5180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4f869b0ae2e07f0e2ddec68adbf66a50
SHA1 86ef11fd8a170720304c65933c3b1d3616b2b55f
SHA256 1d2a41928c6a1533d7d419f70d9c8fc85286bb04a7e29f80b2a38d92e00534aa
SHA512 b07d85b8cbde930761f24896ba7721deb7701876f32b4d04ef18ab7cb1ff2658374f709c20aa403c66bada0423a58b7e5b249b4dbe64527a6b18084a5e04041c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 d0840367d0d52e6d5dffbd69d8866e24
SHA1 b56c637f5c94fdfcc7d950d3432b3795f8a494f8
SHA256 48e212d224d1db4695d9334f437258998defb7be0005d832541bb4aadaae0f13
SHA512 5c3f021dd69f637b97bdf38e47d4f6e90a8eea9029c0e500210f1fcf37e78722e5c4454bc61505f8dd7db3ea4ccf205737f0242e5ea9aeca1993568215ab4eca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 2045666f7d8287e6d12a7d2ef9ca4691
SHA1 1ec3c1dc76958dfe135699d39301ba4798111986
SHA256 021274613001abd02e216fa0a00a54a2fe7d03a8ad8ad8bbaeadcd4eb7f73a46
SHA512 8fc91be8e0d1765fd1767d3ec7a69c0b87eaa20fa883d6978b87f62172afc2ae3358d0df33f683f0d3c2473430fa47f1bf0a66dc2ef0dd2547bf70cf35fa3480

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 112f9babeb34a81bf4c2c26d23f24b33
SHA1 dffd7fe72c437d9d0775fd712c1f6edc1ab39b2f
SHA256 2c017792805917de60a6609c47022a0833495e2e13c270eded9fffdceb8b8bc2
SHA512 8041e14c4f2f4046e6c4d131bff8c113eace361ee2cdafcf1a22b2540493c265dbef9613a40ca6e69f918b061f05a1ed85d967586b63c3201868ed47bd4a696e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 d6d6bad4fe945300865104e15e4e88a8
SHA1 7b9b6858fab2c7cbadd3b68e0812fb135fe887e7
SHA256 39ca5c60d9d0e80de7cfc54ea8d86835f882c3bee9e8a071ece658884eb83657
SHA512 02e1d760c1ef5f9c7108bd51a1dd21667ecb0032595d81886f2e78fad55df8883f84af41859a1edb8d9a05d3deb711a99cf4abaa2f4f86f6bd335d59a50edeed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 cf307ba502245432721ac0ee16d7c7d4
SHA1 a0d3f8d034866890aca943879ee3577269c04107
SHA256 e11988696f7101f583cf0d0e4725969eaa63542476ce0db6d60aafff5f077af7
SHA512 6b9b9c8c31f77fdfd0c9ed79e3a479b2a68086c73fde0def54fca0406726a2b94fe8e8cf450a50bd3957657bf4c270aa21765ddd39ab540e8271dfda4d11f66e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 522c926e50cb1dc81acbf5b46ad95633
SHA1 525f48048179f1efa2261f66d0941a95f16eaeae
SHA256 ec317e509a003e2af56b78694a8c2987bdd2f880c9388d6ce872ae6157316c7f
SHA512 17e6402d6408f9358ded5b2650611ae6141da438fa33807f459f6a3ac34deb64740c5bf654e052f0296dbd376c1f4e9379f92d798aa477e602f5bcdceb865ca3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 910f777027fb28dc10911c0eb77d3f29
SHA1 d80f3f589a86ba0d7d739c8f76e04c84528bb177
SHA256 78e63b91c25efaf652dc719842a03f14e4c381c599f56f9e6a88e361789a4097
SHA512 8c3d497ca6a4d558cfb0855d180c0438e1be5a07fe0b89afd7f21b2088fce8b69b13d53a1d90d8df53501d36e68ad3fc31a6b056d0ed5652410be2fc44a89d29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 7b4b837a5dcd38180c775911e933991a
SHA1 b5c08b0fa76697153e4231d58f8178475b241421
SHA256 08f9a6b59886c79a97466987427513dc98c9caffcbe2d8a9924aacbf5b3ab91e
SHA512 b75a310372778a5f560e72a795a72d3af4722f0c6b71a1bfe44928309a74b7c6bd60f36d4fc8028fde603a7a6d237117e37f346b675aecff05c65b50e083a428

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e2e47e0b70e232604438bda660e57381
SHA1 1492431fd4b31b99b69f08a2dc4bfa5a91d70b8e
SHA256 4e49bb1230a2e17b89055f5a86db86d0f699df48b4904d871db48d4392903dc3
SHA512 90fae09130f2e1d3477ce5c9c4b915de7470e4af90b0913f2c56bd33d61521ea16092d0cb09c237c5284d362f430ecb2926b8435fc37be6dfdbdbabf5d4ebaf0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d82bf07c40cd6baaf0957196cc1a713e
SHA1 3e5e5eebc8e8b03e062cfcde3558e3047cd66e1a
SHA256 91f0a296b64987187551fef1e1aff496bcf0b103c2f18912040a14a8d890ff20
SHA512 2b390dd907937ff8531a34f78771d04032c949156b94ec897bf28ecfaba443bfb867c669a1fd566cb6ddb49c1ab64094edb62437a3cb95792bda06639e7d6d63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c6d2d62869c8e8241062094e86b104d7
SHA1 7365fa124efbf5430d9bcc0aee4dad1c1ca22ccc
SHA256 9656e7c5bede7150d97ac3af19fe592329d33dc0a0df0439ea45e38230edbdde
SHA512 7b4d64edd7d29552fc7a28145b7304df0de891929a07180919c6553dd691804386de90f49a22d86606a4dd756b64082113e8bf149738dd838a7f832fd367ce3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2911e54713b05320e541ecec010f88fc
SHA1 a951c83137cccaefcd515d21661b10a005c6871f
SHA256 175274ff43c0b6b9ef34fd3983ae2c6c67274500a0a3c748fd961d8c4ba2403e
SHA512 4f96ae1a530b61fd71263562ba70a90a5ca94a7ba6743fbdd3eb28a6286b930cc4e490cbbeb04266a7695263fa5647b6abe67f9549bdd04b7abc5eccfe25dc83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 c13fb31f56d4736d4d775af3721a1edd
SHA1 ab94620b8a13f1b1a76db936666f71feeebdb8a9
SHA256 83405b8e2b409624469dc99ee4821ae49fb0648cf1c066548a055bb9466d9baa
SHA512 710b4cd85639a6960aa991d741465b763c6b598d17f4b54e0453f26c09ab8731b3f681362b2350dfe40aedb077f0a04808a0fcd185b8b7dc8b7831c8228cad47

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 358e43a0b238f40a0dd07c9553bae3b0
SHA1 aeb3c3afef3d2746a9b17b6318e6f874ab002de3
SHA256 2a056518dd8cdb91312dd53d66ddad753ea6c8ea9b3de4f95f44621d8e1e2ea9
SHA512 de72315a1696ebc86222acd879296dfbf7376ccf291fb9ae05848a1ee5fd852d16d82fe138dcd96d264e5d6d805958c6d67b7e017cca05de222622b6b5a8e3d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 bee344a8c374dbaa8db36da971e27b56
SHA1 1979b2b9f6e811ef43558cd3f28ca2874ffb2cb4
SHA256 fd2b25b87a48b736dd45e710725026c8d6d977f50bc7778c4b9f912111dc4cea
SHA512 4b8538034826166d87a040bcb4afe97e5a619eee33ef858df2d4ca4a8e4d9a18263c18ce25af4bff10934fc6049b75419f37929f9e5c4f90b1fd78fa9080a8fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 237eb3d56a88fdd82b29362f44b984ca
SHA1 b8fae891419d44a487a358fd768d4ed3be6f9501
SHA256 a805b22f3f19a062f890ee426dd69e3b277a9e1433b86f3677fe96e055d0cb47
SHA512 657d7bb17a7639f2c13a66a5c061266b9dc9878cb0e4b6d197131318df3b7cd945c5c708c45412c0e5095d252101a119e80967fae020b9789de23b33ef2a57a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7992232f848714f0dbae3e9a87beadc4
SHA1 98ca3e0946ee3cbad97579bf5fc4d30fa2fda9b8
SHA256 b58e427413dee83ac614e3d47577657f29b6eb2b463cddd0a7ad26397522effd
SHA512 97030cbd1b35de464f72ff99cfd4e0781a699477754d82f1b095b9b16a5f2de10f4c2bb5e427868a084e0c0b745c581f627f2105414f889560d62fb858f3df1a

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f567b23d441ad68d02754f7432d4d613
SHA1 e7970176ba4de4383a1e6fd18c7bbfd5bcb596cc
SHA256 bad5cb61a9e4e3aba9b07a895a2ec747b05e2647e9590510071c2fddf3f3053b
SHA512 978f1841c8e08f01517fdc276d22fdf0055fb2919d08fce451b3037858117db3b34cf93198cc86c9b648fb5ca1fd9fc4b189be972d6bb65097d4a8695fa063b3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 ce9aa530371cc74804777137d0e8c027
SHA1 7ecefd8dcde7d4140ef345c4b2d01e9668fe2492
SHA256 7bfefd5f6bcc65f283abd65f788c8ced79b3600bcd17b3b98258a5d1fa636214
SHA512 54131f93c9604c975372b4144ee02c2ddfcb10749a4e1c76c40e3c199a7807454aa805986a32df766a12b5b2e16115db9018441cf4b2ff5028155ed78969550d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt.crypted

MD5 6f5c075ce958e2d4bc6a13b8a719f011
SHA1 069bcd6bd8c7bbfff1176e3216a555a4e85df58c
SHA256 60fc83774f230911036b215e1eb046034cfd542d8e676cae453e1ba38d278aa0
SHA512 e26c63156ab202b23a8a251c67b7bceacf30d58630e63425be92d28a51d9d7ef2f633d59bf335ceba9b8c24a73f6d4fbf01165e2f3c2b401839f3464aae036d9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 43aaea3f7ea6eef6e854d10a4f283d82
SHA1 f6bc3a68a4c73d06e4fe1621843baa3032ec0519
SHA256 7fdd8bc8748fcfa5cdb9f91f4b5a40d3104232414896e5164fe573873561355b
SHA512 6c8eafd1ce11342060b6474ed345eb7dfe00e46bcbdaa0c76d91e95f089bcaebf448673350d15a6fa4ac0f65ee2dd36714540d26db56467f606b95456d4562ad

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 f748a686fe5c9f088b08757f7dfad2ff
SHA1 6fc783dfa2d1a7729cf54963ff17ef00af6239bd
SHA256 edca16b9e0ec7480a9f3976b0fe79895e2afc86a4bf80fde2632208bc8fcb217
SHA512 23e73190f0cde32419d2b5396bbc5e8259b4237718e529b0a9006ce399928b1c265b1d262b285cf9f642459eeec4bc8fe453d42b5aed6b89a48befec795ace77

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 dec1f176fdf15c95e7fc590d3b265485
SHA1 3870436ac50d84cc9ceebd8ac883f15ce062f887
SHA256 6431f84fe25835ecbaee886f876db5cfa87b458538e0ba0499bce4fd4f1c90fc
SHA512 ec3ca6464708e820b67828656a322541ec88de1d65c47ec195f519de922d5ca9f9b4fa62ad1a6f7fc24f7386f496537ef415f3bff01e8a7f90911beea37de210

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5605dfdab0c1f0e760544da59a294338
SHA1 6ef9ac208f76c43921289f0c4699c7d85cc652db
SHA256 244f602b98689073d967c1fa65ef35477aa5ba83b61ad2ae682ed1ac060516fc
SHA512 793802bfea1f94f3ee83047680fd25a8eae5139ab9feee6ad6e9fef194086cf8b307d32d6df5c6d491bcbb7df7aca414ea79fc30e465179fc9024ccf44a5f889

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a4e8722e6833cb2998cf4096cd748f81
SHA1 53c8a3e879ebe3be80657de19a06c9fbf1812f2a
SHA256 39fad2dd411a6f293c85ea1504623c42c381935cf884793136da6bdbc4767b32
SHA512 2da6a2995939510ff64cceb5dff5c5ec2ddd71e1745ed3f635bddfc04b56e7dc255de8c2c5684b8a4d7b1bb575c2e55225a8ef9d44e2d5a13fd5227975b20846

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 50352b8876ff03d7a5515bc49090ee08
SHA1 a2063986f48c7e75d21c595879b14228876f318c
SHA256 f7e3bf9e249b30027b8ddd7cdcbec3f9fd45fcc8800493bf3e221b6a1f9ac15f
SHA512 472df02a424fdfbc530830f8f7682cd32d09287a77a8ec22ff16c26a26d4c7846176a407f009cf7561c7fe726924c8915c669cb27b81077472d74135f5b575c8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 4328030c5e2f5ba3c97a5d378548e7cf
SHA1 03febec79c4ca77702dbb8e4269add62f5257b57
SHA256 d54f2f927039d394f05db2de4da9cf676dd00c7351df14316a9545f95c02528d
SHA512 9286e15b719223aff75cc3c49e0f774c846f127f031ef41144036b2caacecf1db95bec6b114bf29ac7ca8816c60f30692bb3101465f7347f45c0cca0170a777d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 94f3e8abbad4924ca9bd23736cda8c68
SHA1 cf400ab186beac039d2e26ed753287c4b4dada9b
SHA256 495cf591492f2fe099cfeaa4c0906ca89e7921055fd924f053c0d9f44d9b46aa
SHA512 5ad7c97dcd310aa79185c1b44de17f1a63f75802c47f31f339a0be3c8cfacf3167f4bc762198456d668e118b284087de4bcf26053523492520a7ba2733a9e409

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 641acc3f1fd32fe91672ff8df6eb25b7
SHA1 dbb4682dca7f294a5618e89a35486e713e51685a
SHA256 52a1b88b738e336815e663b6d8538f56d260b8e913ee5faf5d2d9b9eaf5f4d1e
SHA512 e638495122aa801067cb2a312c0e34c06f31632af8ce48e998694dd4a202a470a16c58d6a397cf98e47354db7dc0f2460e694b589039fcc4751b574f0adbb5f3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 a3458ba856d9c89dafd57abd048dd8c0
SHA1 7c5022ae99a3d5b35dbfb32b805c64e743858ffc
SHA256 47f804378ae1c0eb1a84fa2a1616971004183110e934167ef0e8ffaba7f73938
SHA512 99908b4b47664c62e72eb56aea6852e678ba07fcccdf8382d9164d8660a1933e79765fa1bbcc041e619eee000133f798b6a7b0eb800e36704f72cfa87b50012e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c92fbb2aef7cbf08add47ad4762289c9
SHA1 10f657e1d3efd17181fc05e247ff51a88dac115f
SHA256 24968f539f03e49c2f53ba2805a0dbd7986c32020b26e55ae15e47a709769e30
SHA512 b50dbf44aa88064492c271379384d58fed74ec5e527be6554dad614f4ccfa533d06f9139c95506782757a0f63ded2bca761cb3bfadce6d785566deaac7a831fd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 55faafbfce36f6272b50814e946cc6fe
SHA1 b625ee0b2793e41024d6be17e7169bbc84fd19c6
SHA256 b48cf797867ca91c42f238c0ef279c89eeeada705b30cd3427a69c238b424de4
SHA512 1b98242a2d32a10f5212867253193999d3b456055bb278ad289a4118b19ede8e3564fe95c230717cff5e19f02bba21b8c64f8cb3922ea3ae2a9ee2e6eea40324

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a714695aeb95547f973735b1a23e8a4a
SHA1 4cc57d36a370bd2218de9157036a208aa0fcfc8a
SHA256 29c509be437bb79e13f9f48403f95c6a9cd51680b63ea9d60a5a19aa496a9a7d
SHA512 9e89d9bb94ea86a084640a1648e24ad0af3172823de2b4b0150a15f6eb18f56201ac899ff3b9c2c07471e3d092f7d5c508cd3c0f0fc5884e0c9a5206efed83c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7dcd227a5633751baf6db52048983497
SHA1 4416b614f4b48d19a35185378ae0db2b3a126acd
SHA256 3032d5395e4bb6572fb497923f50d7c9e1b83b4116926f7fc930245ae0fa7db4
SHA512 bf946373ae0d42b1a180eb147f1c6ee4144a36c3b33c2ea9b6eef76a1a2485f4c1716b8af60807aba03f6e7980a66f4286731e62442bc0338c760b50b778cc22

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 15af0028c28b8ecb88b263d578033beb
SHA1 3af80907e8854fceb1a8607decac199349ded052
SHA256 e472308e08ab5e2f881ea21201f8568e65521df9121a9422fc03bbe251efa20d
SHA512 443210307fdf19716fbe2f077457dfd3c8b87b310b8f7ba4beed4ce933dd3381c59eab4119b8df19e76e0feb7497401a3d069f4e0b1922e6176119c874ecf1f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0aaf86a3a02df17767c6bf0e82503a34
SHA1 3cacedfeeba46495f901f07f39692612ee8e4b6a
SHA256 6b4bae3f8953288f0c8c29d4b026b25a5901674200349738aa906c4e177e151b
SHA512 59cbf761678d187d9f5fdfeda95954f177d5fe62b96e74fade634140bb2a96e489cb57feb6c052cdb1559d1db704c6ee300d672dd77e40e1dd8c7fc1d36ccc5f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 436901edb1e32c3cb0c6bc42514a2f8a
SHA1 07b8d55844aef54632d5464451fac6036e09802f
SHA256 4822ccb59d36277cefed0cdd14e9c258e8cf07c2b3858dd399be7deb0871ed49
SHA512 b33e5cde319a6b5ff46ea0e98e6ad751e82adb4746e30d99b0412e4b280d7a711c22e1debdf268c4132928b751544aa987724ed513785f22ff540c881c8d4ba6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 3dc120c7f2ea67c0c3c299d75d39dca2
SHA1 a0226eae6815a3c1668f05cfabc0767a427032ed
SHA256 0328e4e5c7e1e320164fc44fddf1a6b169b9a6f0c0a99e8e6ef533577a420496
SHA512 eab66bc51415859c4f7c3f0df77e6ab79be156403c9c2b0200cd2d5ccafefacd7de833cb63a72d639ac835c44b132c3294874ca016904184530d6046bdd5dda9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c9e8f85692a6b0e3d33e76d3f00dddd2
SHA1 69994f7d63eadcb759441fc744f47f0a377ac7ac
SHA256 88ea587d43fea5b6e461cca659f187054d50c2a7fbadc280a7b1525eb4707a75
SHA512 3350cf375c8b5a6fd8c52b30f36563a2609991a80e5d4dc12b279d527f9485f5834fe8c709c44e62164ca1e4580c6973bfa0efaf8444ff33fabf3affb5bb07b6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 21d1fbd9aaa0caf77f3d7528b9c8e4bd
SHA1 d62dfeb2a95f28a5cf9219265f6db715e7b23a3e
SHA256 c0b7e3a83744098bd8a886ee9508f15fb8827a006312a31d948fc8f23d362e01
SHA512 ce7f03c52f173dda130942e15b6ac53bdab4e9d6c1479f0368c9d096bc5aa8d992cf761dc54c4ffd78646b6256acc7a994769a5a733b768758fff24045f32449

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 df12cf686e94d6dd11623eccd5d67f0e
SHA1 6889953b4d013eb4a61fd45ac1391d9ed2ba6319
SHA256 d6cbf75b4ebe34473fc4dd40f8253ab7ed625cbb42dffdcaaaee92da330ad70a
SHA512 87eb70b64cc9840ff15b586bdebd037a99b8171aa893a563cc0a03527506d2f76f351a6f79509c89f800cfa43de34554101818524c77a7840b58edebf883e525

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c0b3b235f59f996a6f886d49cf1fdb3c
SHA1 2f5ff81322b00a00c5fd28c6e44d7200a8f7981d
SHA256 b4967b9fef18badf2617ef0ba64057552fd761cb299fe38842455d7b9b5cbd80
SHA512 ad946c972e7dfb7aa540c57cfa69eba765dc03cfaf1921bec5bde18386737cb15fcca7863ab097b70defb35f4519f063ef313618ef24c025948e24f91e414b46

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 097b935bdeadd0a0c6a3c48333fdd820
SHA1 a920e52a8d0671b0633ee87a4fb6a493cb6d4c86
SHA256 9214c7248186194e5049e348cff77a665278e562f091499704e9e1fc30c7b4fb
SHA512 dd1d359ac50af4fc99e19593a529c001e3f5cee865b7828faa22d81c6e36331aaad0a5df9fbe0983c69f190ef013fa00a29595abee348f4118a571ab86d9f40f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 0024aacba8f0dc53fe7f6584f8cca994
SHA1 ac8cea7287cf6fec1499b0ec79c451a3ce4010d0
SHA256 e6ce1d2b24f758adfc098cfa17533ebd8af9eee6d179798090e16ed87e4da928
SHA512 265ca743904300c526a6aa70dfdb22fa572426c150ab880dd837f6347ff68414474addcde13626c531636b91cd3e90b1fa292b46b425d7f2f2bf3a1342e96728

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 7dea09dd6e054526592cad3dbf9dc614
SHA1 e76922160235b2ad2b16f4de1019ba1791bb7af4
SHA256 e6c31f3a90d72cda0f6e6ec53263220f9d3f607b7cd662918e51bf6f25345949
SHA512 c5a4e6e260ae6703352918290289fd4e7797b0acfd3b726cb2ea7074313501267c55625972116a705007099889b66a40d33bd67da2ba606fed5799f87939996c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 74318496a31e684457e6cc472d05ba1a
SHA1 36b27817f0c53d8dc66e4ccc03d7587b494a3137
SHA256 556732feb535b1f7497d9620960160d11fe8460cfd5e947a013cabaf3c72488c
SHA512 58b6bc67f64216129d30c01eaf327fb4d580e2555ea5ba4763b1245057ab85bd21a15ae8ecf7fed0da25dd2c2118b75898c6512fc4eb7f7de044a76f09884804

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 53a24ba3d3680165aa265e9cd2d6c12a
SHA1 5e858ed89df81657589189d3a32701ca498d10f5
SHA256 97afaa2c9d11b6ba51cfafc0a6b34cc2b7a2a45d531fbfef55775f285c9b1027
SHA512 91e52e38d2e363b5e8d47d93b041e099de81ab07de846ac5f8240e79c8f8bf6c193bf80b190addadeed122c9f34a4726352dae992e923563e834348199bd35f7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 db23fffc9f300b19239c7fa95d7d2f90
SHA1 ca71df39ab683fee92229337670ccff8f7926e55
SHA256 fa169f02433a3048fec26a642bf2de5ac9b935b0462a5424c37304e10e920989
SHA512 30a9871cf166c444503681e6ccea6807890ef45e4d95d06114b7530abf4652b717fa00dbf37ad17339f18b2597cbe93a857db5bd0580b866db6662754ef02f82

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 63b630ee641dbfdf5793ac0578e8aabd
SHA1 c6593bafb4765e02e59c2d04b8c51a3fe4e67ed9
SHA256 594354f0b21b740f31eddb84f87d4a2696d6dd3beb732a5130a15de9abd6592b
SHA512 cd01e59b79ae4fbae90c99c716c4d5e156f09452f3cada2d3992ad70a5ac4ca2315570014910bcb6fc13aa9fa183b77226e1aca2d2e68b0a88289a69ab01ca3f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 f7a0a0ec3652152db1bb7016f50bc999
SHA1 3c9a031a51299728e93c44b0dcc3ceb73f95d791
SHA256 f1006808bc1cea00e08970108a382bd4e6806795ba6dec3877ef62aa2ef27aa7
SHA512 0481054a573b6ba55e291072f1982280d45289347c0f9ad4a193808608b8f6e0e17c5a95730105f72ac298c836b812088259ede99729c0eee1f5eb7d8cb6662a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 9f439aacf30d3bb2d6dee52fdc2e71ac
SHA1 5d9cf1e5d5c03986d7bda178defe6ac7acec9e8b
SHA256 ca478f9a62b62406c54d80a0688fcff3b9ae7e3b1e0bc4ad1e7fe3dce2ea2094
SHA512 7282174c6174344987079015e803ad13a552544412ea372c52a8722dac2e36289707018fa9b31cc2b3ecdb0f2867cb716b1b2bb795cc30e7b74c8ec571d928da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 361e2f57b515ef2c4c6705b5ca4dee8d
SHA1 47d1ddb73d8733736175926922bd281c138527d7
SHA256 c760825f37b01916f553e9265a3d6d4884f0f4fef71dad5aae3d8c4090062a27
SHA512 6ba299f22027f6fb7e8e236e048b301b79a638a88b57dce610181c6c6106261e7e7f6af8a2415fe1b4363afa926897a0066a7441455854cc167fa95c7c911083

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 efcaac31466835b083ab776c42fbb862
SHA1 b2105da298a6f6e7cad618126a86eba5e9e96bfb
SHA256 5e31e45e356aeb34e88acbe81bf200e10ed5ea768eaac4d42e1c87bb20047d1e
SHA512 441969c80d34e9dff02cc6cdfe198c368678b5d2f7ab247921ade41211fb8d791f00ec59b68cbedf2a189ed5982364aa5fd5788173491b8449b984c16c962f37

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9a42f1d8a4fb6d05b0a1180ddee48ed5
SHA1 d357b137a6f91f7114027c27bd8ceb87299b5936
SHA256 6aad885701cfb5e67bc0701c78e23088ed78731bf01022a018eb2fe4c4c2c82c
SHA512 7ff588c968e108d5b54f1350aa94258b5746a440497d95c5b109bd90694e1120f0695c9fdb4c6b67c428a901beaa743ca41d53e66b764e266527e066a7924423

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 29aabb185367deb477542f0fb14ab6b4
SHA1 75ecdf81751625bd18da1d4ca21e65437e421c92
SHA256 45134ed2dacc96e500fc6921bb4b7385fa19b7f6ebc580df0c049c005ca70d7d
SHA512 5671b165a21010a0bd3469270c4e18d4565520bc01a0e957175bacd428a515647989ba50a133e3204f61ed9b2def393c38dce09e6bde434c7acef374205a7b73

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 95abf7caa3aa8e428ffd5438c9583477
SHA1 f36dafa97c37d20fbaffa6898bf8020847c1d839
SHA256 51788a22b1c23dddf5aa9cc4af2c482815663fd37a888ed28a605752cb7f8bff
SHA512 8010f2c9e976efe5d0bca91dbc0eee271afd0e7a8529b86975939bf56ba90c606b34ac25e666f6ef645701e68a43722c15978566e432f2c305a86ae29b3097a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 7b700bf9c01081b7f0d468fff67e5db5
SHA1 878441499af882d3ca28e9af51165c52ffee32e2
SHA256 c4b8aaa4996135322921f4af389533b1fb1d923dc1ffb70384fe8fa4871131e5
SHA512 65039c65e8832976295d34e99db89d80e90727b4528b9920983e009a6defef49b5890c28abc493552a8b360d89baac9d24169b3ce25423542a69b5f51a0e948e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 a9bfe25ec2f07f7d8c688a0758e4c77a
SHA1 aae855252f1ec27ed168b909179fb84cc2d78ae2
SHA256 ed9efecda27e0cd594909de51719287db8e85a3edb53991ad1524c985351a162
SHA512 81fa550b74b57ebc938f73ae60f1a7a5e62f28ff5c155085adfe727eb6f06ab5a8db3588da7385f623a34d9e2210899fcb77f73866e9d327d99c524dd7f24d61

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 0d745c03cdc1fc811fe0b889b11ad693
SHA1 6e815c3c02a4f3b736078d2cdaf655ab25ed2062
SHA256 889babe32ee3602499a95c1fb0c0a6570e5597c4e096a6864c9c326c4e068fe7
SHA512 16446267ac60d024bca951d328b2ec03be1eca946e23b2cd86d5d9988e1923898ddf8e383e24ed8b355e91228e81c051e203f3fbc0c98c79962f0cc5a8d67aa7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c4e4ab9f3ec3f9313ee147649045b8fd
SHA1 c7bf9e683a84f1d0ba8ee2965bbae33c34006a17
SHA256 01d3c636162f15745fde1002f45b4ec497701dc2fe0533f95f2f2e86dcb347ab
SHA512 b5aa58566eab4cec72fe5e9e3c6438f99b490580c2e417c868062149623498c3c34b8f8b14463bffbf035e50b8b41fd9cf6962453a24c297408a291941ea68cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 05b5d0dfda13c99da2201bb866ba24c7
SHA1 0f42c675614608187f00816871024e4acd0ecb1c
SHA256 d318e0b1c868fc0d304ebbbcc45b5f0a7a0ef2b2aa86918b61ef0dc89215b9c5
SHA512 ae3e648e0d11f3027dd99fdc3fe9f2a5908edc170cbd11590be07a848613cfb1f3fdfa321f71d6be06884ef5980885d2b32577518e3843942e05d41abc9b5997

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 f7f01b0f634fd346011e5757d540d2b4
SHA1 49f6070d991318299c0600732fb3068793150c10
SHA256 bc55623e077c36339fe1e3757065be1a396222150990bf206bb9669815e42ddd
SHA512 6f9eb9d03358592585cc82dad6814b464de92b35fe5d70db630be4bab505c026bba2ae844cf7124c47391235d61c4c30d5ac04b9851b895e7b4fb35370a2a96b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 af3374be777c1ee1ff0c67f782965ef4
SHA1 21d4d74f379346a6b0525b3033c7ab6ca8ea30d7
SHA256 85f6c5c91e985985b59546b286a9709ac6db7c3b7ff28a461a68723a585c7e29
SHA512 2eddc5db9ed1bd65d1856f60ecf74a882086c425a4fb7b79f4c10fc39a6021e3f1280792d0bdd30a3bb10360aa6b142b1498508d68553cd4eb6ea3295702e1aa

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 97f62ebb67929d72c27e24508ea98c7c
SHA1 9cb0ed4ab777907c98caa60a6b99a320ebcae3c2
SHA256 393a60e05824b73d48b8bd16fdd6be7736df3c1ec315a3807e239ca79b4bd4c6
SHA512 8c9ccae25c2aa34598fcffc55227aa19448c22084097b7aad6593634dd88ef090e576819c0085eabdf94adc250de139f94bdef281cd7762ca7c120f62356fca4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 4c70f2c60bb0ae2ee4153b0ea12c12e5
SHA1 733eeb10531a21ef230df3230d4901cb6d464c01
SHA256 94bd2a17aef8b3344c90f94d76dff8d1520b30a6ad38262113a7a43b39bfc167
SHA512 46f9eadd22731717e33e6c29b00e820300c7f3e5b8d8f4b4d0ba97d49263eaf31e54da86a1838a9383248d905aa1c3fabf92260cd9e54709011eb189b038dcfc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 66b71abd1c97d102983667251dd8e55a
SHA1 df47b46014758f5ae0ef4ed604b427331375ae03
SHA256 127693685c3ee1e646bc88d3370d4f5e1dc68c2935608828f9fbdb8c959130cf
SHA512 f10e938285b02fb166e1352be02eefe63ca40571092d7211721d1d66f5c03e166f06ace1f1d38bc835110575d0ce1c138c4f965abdedbdbbe22cb42aaddcdc6e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 720fd331c61a35194e93bdf3eb7020d0
SHA1 9bc7d17b67b76c40b772d711c694a17575e96626
SHA256 2d2e5818e121d40691a481ab791af97c9e317675a77e87051988e6096794fe5b
SHA512 62824dc89d122f629a549081baf7d4a2ecba63cf29811467d2e7c56098ea45b47e4acdd2d7840f0da05f73c4d74efaca9527b81516ca84f525852a40bb5787e0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 f54c119c7f2317caf1668c72104689ca
SHA1 94f3fcd94beeaa898096bb701436853f64e285c5
SHA256 13e2b2a01a4fbd12f4c9b04e051b0eb0f9858e2494c6ffed880416d6cfabe79b
SHA512 fb28906628d01c294bbcbad474be5592ac6779829f4024798fb43b3b03f02d071bba330c0587da488437bea1b2fa834827aeb513c1dfdf6f4b163bfc3c00fed2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 e0edfce75fcb910a0e2e13c3977d52a2
SHA1 29f42879837fbf5e2854a5c79253d4277b51e42d
SHA256 c6377f99e29925d8544ed64b13147050499df6154d46edd86da409302fc11ab1
SHA512 2609e8ab365541c9d161b8f95b8f738ff930bab4fea03b8aaed66a36f6b4f53496df95a5f807deaecb2090ccf1ed4b9d6656baa8397dedf0129ce6f11d8c9712

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 9c307fdd9cfe283c1fa3257888a3c4f1
SHA1 2105e03a977abe900d3dadf3805c5f08a0699d41
SHA256 8da104a424588f550ca39d2cf1aa3febb03266365bd9ffa30a118fe3925db643
SHA512 a2ae01ff16fdd8f00abc1dac318763bf561e47fdb5f08e398e98cc8b9ae674fb226bffb730f145645f6c30c0647b865db95dd0d1798c96d4fc52408d0012558a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 cf374e72bd0fa35df967f3b76d0419e7
SHA1 f7a68c4c84eb50214a5ef7dd140251cdb37d6476
SHA256 5db1c5eff59ab77cd7b6c172dbb7cd3b05b86ddf5c87aab01e8ea154a7b5f2fc
SHA512 17049bd6c6b98ad1f64ea80b3dba2f370d82ad781ea62ee047f620101b2753d9f22664b277e8c18f2b8851d7f79295c8e3d19df80194a3143def3643b61bf48d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 ae425c35d1fdf804a1c9e673b2200c59
SHA1 fe246d7f6b2603e38c2903aae73c761145bc488e
SHA256 cddfe6e61e31c52f777c428924bb27283d4cc72d768bb1c83a83651ad292b9f5
SHA512 d46d3b2275e41a58c0109e1fc8b76b4589820b4f28abd0e759b2fc61c77aea9422a0958b5f43a6c6a4ceac537d116d73caca63cacb3081dcfaed38055be8b54a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 051320d7831f8e6c3b0d2fe30479847e
SHA1 9a3e996c92376df5de61cba8702cead8610c15ba
SHA256 cadc7744bdf0aa89b9b23aae4528ad659b9a539d313882fbee714bcd2755d3e7
SHA512 64c38268602c8811c61818cee234116e3345bc11ade87f328fe0f35e9aff1db01dfede5a221b6c56e6b886d0172ed6764f6a8b6d4248d175e09d6ac46f3b943c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ea72c29581e486e11eba4d26a726338a
SHA1 eab54fa5353431472b6f5560139368ed5a620faa
SHA256 759211338081b2784fa49d5fe5837884d95d3c68eb0b1080ae5ce35896a7b778
SHA512 83ca98c600c6128cf0683bb7ec93bce4d66fb0537540d0c91ac5b7fb04d244f2c2a9beedce9f4bab55be4296417bdbc3319f288dc3bde5cfa752dba334302366

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 9b29f29226d9d5c755b6b6427b2c9388
SHA1 bdfa0db5ed35a1221601be09cf4f4771378d4014
SHA256 2bb0d040cd28416c2f8b34f16a0ca86c054d2f418f41a7176f40d0e46d633d30
SHA512 01feb7688818155d74ee901bb75db1122478fe64f170eea1e99d328a0f347b832f2296b3e39f748734e6dc846fb29ef16d8bc44b5b58acbcb4848747721a7bc0