Malware Analysis Report

2025-01-18 20:38

Sample ID 241129-jebhksymdj
Target afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118
SHA256 788c03c4abc923b1066279426d10a9d41ea3f819d9725a9102eb83670f10efe5
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

788c03c4abc923b1066279426d10a9d41ea3f819d9725a9102eb83670f10efe5

Threat Level: Known bad

The file afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2219) files with added filename extension

Renames multiple (2192) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 07:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 07:34

Reported

2024-11-29 07:37

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"

Signatures

Renames multiple (2219) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_neutral_2ec26aaad7a9d419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_neutral_814744dd97ccf09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pcfhkmpccmpbbehj.bmp" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR15F.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DissolveAnother.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1ad1c6efae966f2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.tpm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eeb4801fdde41c02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2eec70254a9ba88a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Delta\Windows Hardware Remove.wav C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_de-de_00ed22fd11859552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\3cf3740de20740208d614d330aa4416c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_615fc86e7747fffd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a826689a6ddadfd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e068b2615c885113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_78142c772a77958d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1694a053d1e77535\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_6.1.7600.16385_none_0d7e44ffcdcf5676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_233cc12f51b871ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_aecfd3efa4364f4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8ad97aa2496902f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_he-il_48f4af5bf99a2b04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_25a5e1bc99f6892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_de0838fde8c16c11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_6.1.7600.16385_none_4dfd19e2b200b9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_057fccea3f497960\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sonic-rtstreamsink_31bf3856ad364e35_6.1.7601.17514_none_647657ee9ac95ff1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc4b94f4bb5022b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_97d520d2da4ae377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_49c8dd7148879deb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bdcac3537e3a78e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_3a5350f1e9bfcf28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c2d203abdf1ce530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..us-runtime-stclient_31bf3856ad364e35_6.1.7600.16385_none_a9649d04c661942c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_de-de_bb31595d11a5d311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_813b0e7ff4172114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sysprep-aecache_31bf3856ad364e35_6.1.7600.16385_none_f4906b14fa5f4e62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_aff1d401a29e535b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netimm.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4388258dd5f9cb2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\flower_trans_MATTE_PAL.wmv C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5992b6ff2e9403f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_it-it_88185b6335b4839b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cc339a048a4552f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.1.7601.17514_none_8dd65e6eac60c5fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4de8220dfc038640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6ecb9474884d886d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83af6cfe9dc7084e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8a46fdfa76644e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b711a0ce8e97618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a2242c264b9eb000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_tape.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ea3370d5b31a93b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6633d985781b5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.abstractions_31bf3856ad364e35_6.1.7601.17514_none_070192411bec34df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5649904d1cb822e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_8f1f350c233f36bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DGSSOLFHECPPTKT" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe,0" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 07f4907502245876a12a787726b39b58
SHA1 f962a9780137a022a30b222b0ea5a1e076cce079
SHA256 0d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095
SHA512 3c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 07797ab242184d32942911f516782812
SHA1 f3418bf90cc256924b5a97c74cd2266016ebec6c
SHA256 1ce25e9a5391e5aba36ac47e72b961177f679fbfef29a341820e5c91ee356dd6
SHA512 26c23dad3d357797aab6769e75880b06854bf808da1549cf6bf7b21f1d85354d356b72e9c20f76299d9f31a40b2c418bc1df1defe40c80ef4583871b804487ba

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 37636915a1de8b5e93013ff3274a0462
SHA1 a2ef782a773070f98f7c8a527f2c13149edec8c6
SHA256 faa6293d321f17cfcd439cb71158d9c51a12ddcca61c0325ada8c6e008c546a8
SHA512 e3cffcd1607ab7e141334728049febaf5f35e41d2b3a89f4c788fa9d98bbf69b21f16a5c7d4344858335aac20866a3177d0b425c98c713783a5edf7a4928bce9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b4f9cdaae85169116b3a7a6a22f629a7
SHA1 1eec17041c6743d38c069554d45c71acc111940d
SHA256 226a9d1c4257b2e10702272ca6d7ba55ab06318db87728899f720e99acda98ff
SHA512 77f649b00b770ffd9321ab895b9d7c48db03da921dd46b05aa7ff2125ab2526390551e9915f583809084475da98be0ab85c47f1c3ab6a4015e2132ef529bba68

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 0aeea9e5e8385b5be7466d4e98b7157b
SHA1 8a82dd423f0c09b736788761c1399bebcd3caeff
SHA256 95abf44ca1bbfdd5cf377063b721345e2dfd33d9fb40263d4f2344fb33d1bb08
SHA512 b6551d3abd408c345a5acdbb57753e8597a5896b08c323f85095ba8d94b1350ac4114be246fd600916699249c29a68a4aa85575550cf12d3fc71255d934ba92c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 81ac17bad12c670038a041e9e7f4828f
SHA1 6119decbaddf83546923c7e085d569f4e711fd61
SHA256 25efd3048bebbeb4cc7a77488f985af080b637c908324ca7492959776c50ee03
SHA512 bb58ef635b5166175f528a7b3bc97426ecfc029d4b66b7878ceae7e53f6e93899b0185d7fd73f4ba8950e6e70e429914610b370e8512c19ea26f803b3e75ba99

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 2e5c4ae73b752a6efdcfd780d957e9bd
SHA1 c2463e0ac6235c9114ec7c969be46bafabfada24
SHA256 bed9dcaa0962c4364b6e7db977651a2d6bab8c33eaa8fb361b42b1b188c5cd63
SHA512 406d8b41330f1b72328a43c333c107ca3d32a5636c3ba5693d43e416b5c704c2a42b67f15bb974e3b18b1bb5376b0f25b31b4d58459aaf58c4f0a7d562ede77b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b92dc4628808e0343ae2e37cda87cf1b
SHA1 5dc794d5efb4daeafaf2e718afeafe13d49958c1
SHA256 93e78b70b84f94050eafe4ab67c7e0cb400846948343a776c454734b131780a8
SHA512 59c3de885977202579cddb17ef2ca2ecb28a067b93118b22c54615dddc4cbb6f433aa25c4a8352d448d6820fa1a4b0cbd1812930c021864fdb9ed4c21732396e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 1e926a3cea3007b4c8aefe2bc0dacee2
SHA1 66bd08e6a771dfba04d9c9dd0c6cb174e7342872
SHA256 22a7006502739bb2ab2f8277e291201afadbec9a6f287ee3c3fd733702f55511
SHA512 9bbb661380c777e2d6bcf3761291ba69e41bfb419a8d3bda03e722a0a944a8f9af23ef8e36859bfc83946e6802c7859b761369dbba66e8290c19c46bd5f6456a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 568c12acfaf0f99b881f0bf9bb7a5f10
SHA1 12eed62b583cdaadcd64ecc9c41a7046c07a8977
SHA256 93c1c63e34c2d174b15e48346ccece060c6518f12256efdcf6b86c293609096b
SHA512 0ec738852ea237dadb95eab12a51645a51afb0abb2520dbb123c46bc5058336104f415b5ed33e0f66626ee0b317dfd41a9508eee5f84d92a2aafe9512e0e1cab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 2d10e4b5effae2a873ac8a59154816d8
SHA1 ae769d6cd51e2a5955d3fda06c7a9365cb19188f
SHA256 a4e4e0508c1fa8a806ebacb3ba9093036f77d7c948729966725ccea5b361204d
SHA512 32b723e215d98c426c2da878d8dd7415514fcffe3e82f3e14bac91c2d20adfd725fd55c33abe4a3d8538d1217b7903ba6ba72856018907bba202e25edae1d4cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 48edd6b58914c2fe42386e0dde886a2b
SHA1 44199b121e9982c16d036ddc01284dc7d9a9daab
SHA256 5e2b94ddeffd3beef82955f4500216aaa7a7d711a9d5be9e4431c7f671131b24
SHA512 ab2ba40fe2847b8ff4236221c8dcc6da7c56e7bde8ecdb137820e794605dc1bc3d382fe14272d2ede72d2e2fc77cb1620363ef6ca723b8ace952fabbbc45f9e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 6debaa6235d2558a17ff8dd656b6195a
SHA1 c949804df1db44d0ce007e64c913b161bcd4c49c
SHA256 c7776b9632bce9ffcf90946524d447131029fd9424e37f18485e76926161b26e
SHA512 bf73d0df47c9d562f115a5366302aaf4f587924c6ce52de990572f02da4990704916b148b53c976d0cb57d3bb363bf5a813ce1604dc50060fa66ab3d07cc73d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 6cb2c3a7de12c85b9df6c4b53c78cc9a
SHA1 cd15feaebfe1b4a3d2cae624b7c6a78a9b28ab24
SHA256 6e9703b3452c21d9557b28ce7e307e8cf5b25c2cc8fe85703b777b5ac1859bf0
SHA512 a0b550b4beec4aeb62bd8dd6c1064e8a002e90703e1b7eb223fef2074bb6d731b6a8ca2bdae6caa213f1e797c67434e34a53a954828d100949a4b58e838999c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 5d43881a51ba07af2769f7c7fbe52fb8
SHA1 010b10233e456133ab2ff8ec675fd6d4936a8fae
SHA256 4ceec9c60c268d1b92698de11409bee7bbb0e2ca3c614b5d8041ee39a14a69ca
SHA512 351515d6c5431f5a37b43291e66400dee0bfd1cbdc5da272d49ec3160b8bfab21463993e1b84e8b9fa7fec69b41824771fb808dc6a607713b2ccf6258ad4fa17

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b1171e2ad5f10704bd57eb8c03a6f83f
SHA1 837fa26f098adbd9695c3f85b325275d35830362
SHA256 9fe4492fa8647afe54f418414d7db513317481949bf3c4b4939b5a2fc1ba2e8b
SHA512 f6f5d578cda008f65558bf437cf4c5490a41a6d3a35b50e4ce0bb03efdafc6f5f8881f91fc87249bda55132143b98bf67f2275638fa882c2a39899ce61dab44c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 c58a71945d6c9129080608d2435bbb4b
SHA1 5edd7df803e79f2445c898986ea7076e32e9225c
SHA256 0a7cfdbe532cac2e6e9de5cf4177da07d0ba60c658becea9958d123f78b8edbf
SHA512 eca8f5746bd31cc0fcd75ca6824bbaf764858302e4a316fa29ae46198b8f55607a091f94e1dcc25173567bc47230d7898d261dd5c9224229eacae394bc841984

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 af142e7b4632ecf6f3c36832433e8be6
SHA1 1a2a68d9abe8b65fb35a26b3ddedbd092c47f384
SHA256 b566014d94def9c3acab609930e32ba8991b57b6ba47eb5fdfa6160e20dfc822
SHA512 48fcacc879f7b49155f55bbeaeac3787df50a9e5e20ded1c87781c6dc0c0f59c165b14c1de6b53eb3e5dcd0dcbc709a65830529ef28cfe78cc5a45dc2a4ccabf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 bd5ab428a2f5fd3b5726dd6a2b0d06e9
SHA1 25b5b82f6005976238aceece52dbd944f81a1723
SHA256 90b25412a9a563f2dcdeb80fd8a1dfb9d5b4488ca6f77c0d3a73514f8cfd9b68
SHA512 fec5877d489c668a3ab847de9be3f7a656a38beb883e849b92df8886fdfab5389c8625b34f1e2385dada42ccca5b879dd530a6e31e77008efd242d369a983bc4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 47a195b45f14049c15ae67c15c17ea7e
SHA1 80644a09f0db29d234a9b9e3749f2107f0de555c
SHA256 bbbc1c199e7d71ddb942e9c932ec497a41914841be5e3b50a3c582636a052180
SHA512 003bf5eda56dd6b78b51c313d00b2a3fce7de0f2e08b226a42d5d1639ce2db02595181db8731e7b5db5ee95b27063244be62e1b3bd2b910d1f773ff7e83a30e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 6d5cd4c1bba93e03826d7c43e8f711ae
SHA1 b6f364564e09bfa277376764c3c5ab82f8e18cc8
SHA256 4b0a7f853714787e8996f0f21ba1f95ad618e19519f94697d338876e262fabb0
SHA512 e746e08abceb76bc59b34fa479deebb7fd0e7b9a78350585d7a604e83d7e44049efdfc8f75a00559bfeaa7195cab3eebbca10360ee943742b0ba18259c2b25c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 65d8495d66bc060aafd1b2402b64776d
SHA1 e88ab1b8fbc409f7102df57f8ae4a5f9c7a9a438
SHA256 0ff7766775495ef7eeb770ac0a5f0ca92e4711b4020de7e70d385373934c6933
SHA512 06f4c7a3490efc42a3797c1f25f8892cd36e6520674b222636b97e601f0a58057b27dc9e0eabe81233dbcace6da83088d50a4e269ed3c826038adae0e18da3b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 05803db8ef37353679dc23187d90c122
SHA1 96466bfbabce3ef412f306bcaac417177ed022f3
SHA256 d22f8ec51593ae9d6f419ebb0de4d6e09c4143942fe9305e7b13400a9c5ff1ce
SHA512 f22cec470e205072fdd4607bbd0884a4fdb886603bb9ab80700d0e5b83f44ddc4752ec315622c8d9ea22bb1018d7ac412af5f6d5e17c57b0d25a44a4d8c612b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 add609376d8ca985da1df56c96a2978b
SHA1 ac6754bd8619585b0af1454bba6324034f062aa7
SHA256 6f149d48c9b41edad05ca24ffa99639cb34239eb9a23f1893a35af6e013f7e13
SHA512 e6edd5cb0d1e5972e33fa6e67f0b16c6ff168888dc3b1de00973f721e7982cc52afa348f6ab7041768a30d17ca1d2cd5287665c270fad79b9224c7b82fed9212

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f64bb9409a910f8be0fd6c28d4382dbe
SHA1 cac002566a8dadd7c871a23d663c9ce103654c7e
SHA256 6e96669c1cacce37e996c47e00cf48867e56cef95643c82ab9e83044cf2c5a65
SHA512 5f945c8834e34b2d4a9fa4d446f69c70b022498d2c8cdd4a1aa6f6e273b231eb0c467cab491906fb1b6e122a024ef9674bc0f5f20bd2bc0a259f52f97c7b2b81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 fd9f6122ffeb28c4c5319cced3411781
SHA1 f1046390b8330097da632480869b799f00cb4d02
SHA256 d81ae20dbd6bd7cb87f23ea1bf43fcf7bd21b8b6bf241ce46d1ca1604cc341c3
SHA512 5665268f959bd9964d47a9920a1cc2c92f7a109b1614ded74075d0180e63f6a852e5d3b7f557aa1660852267c2704a2d55b7bfad58f6327647510f1e952a508c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 dff5fc89c8f910b548595b3e6e932be1
SHA1 85b832457a7ee6d4f22bd504153abbe823367f68
SHA256 2d5bea0881249e5c58bde2fd094ac0863cac7417d25f8fb7eb255155c11b5aba
SHA512 2518421c42f73d1700d7cd769135526389b5c59459f80a2c0a8806ffcbbb98154500d169124f0d9031ca589104e7fb3a3ce151bc1c81e7ed5715a76160aedebb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9157f8341d1cfd4b353720f3dca135bb
SHA1 afc91410165f93ab4870c886786a586cabf772a8
SHA256 7ae297a8c60bd6c0b66ca213693427241b67a3294c418e7428b12f38d366816c
SHA512 4509c719d8cf472aecc238965aaa150900da7abf00a5a14c533fd86edc90d3bc540ff56c7c2970250a9caec42e34244ea5a5a247573b77c934bc3ca126572dc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 116104271a2f78a9b1191fddfe3ee67f
SHA1 47d06dcc23585f02537faaf3e1e22e02fe99dd95
SHA256 04744628207e029010dfdd64c3930d8615e3a54701a20b81bea22cd4d7e580e9
SHA512 5dcb22090718a903b1953bde8812d0ca83a2a4f78956c9ffa56fb9c92c6a7e1517ddfbd05015740159d96de8d2c4b716e6fef9967824e96843d789c84a47ab1b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 a6195c5a3b13d8930154ac74a4cf3833
SHA1 3f1fab3ccb9d38a19cb230727c14cce9130082f8
SHA256 e63d2f7e13ac64f7cac9e190265bcec8b7e3dbb9500a9ea65d5ce789f09ab7d2
SHA512 e0212ea5465e77dc0cba3f7f3d973dce08a747b45c3db9c5e3c9cbe31f4b9f02133e9b61754e7f7ff0f4167ae83165ff754ffad28be9f0438618a62d46f44129

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 82a9e6f96b807aa94cce2bc7646a6e64
SHA1 e6ba141c81203caf100c8ba87d31af202371e45e
SHA256 0ee8b3ad2afa94c0646387f5dbe12d5ba2b818ff0ce783109fb4439e052ea362
SHA512 d39b7665b75c92ea75e285ac60e259c1f14997105ba74141f1c076220a595ee54a5f84e89f52cf009bfc5f2c583f7e432c496746e07593502b25bd46dae48afe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 0021880eec5069d9b84b7991628d2fb0
SHA1 b7939286e8dfa36c9709828c5729346628b96bc2
SHA256 8c8ed289ed872a60bae815313ccd7bb6928248a31dadd64fcdb12ed7dbf184de
SHA512 69a16a1f4c48f57e9fe692ee6a13726f173659cb9dcd4ef4a0fc6cc910ac318cb4b4689da7b8adcd9a659114386c79ef499ef4d955b154a3eaee7fad3dd354b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 63131865972668911334e8306357f2ca
SHA1 d9d6a7aa5e655493bda842d4def2e3836869feb3
SHA256 1fe089e94405750d8b7d7263e71aabcf22357ee3ce160a98eb81e9bf2ca13e76
SHA512 7a96ab0117e113284cacc1612036ef0ece736d8fdff2bac02a2ec700ef226ba2758b462bea05efa3fb5b1938c60a1c67eb82a3beb8249db7b6abe38116b41330

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 2b57114c2404ce8291065887460206de
SHA1 e0046f8f51f1fdfd527ac0d52ec112e4b690cc22
SHA256 c3798b99014d2b22180f2098255f52b8c8a1737f7950f93dde5e7fd6b77f6f9c
SHA512 008efda25aa51cb24dd5a3a640017ae35c8fffc63988d40fec5f403aaa22b725649f51c1e6dba6c62176b358a3a0b91e5fa4fa3b49af0fb97a5db74374a275e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 40d7861ea01e4fe1707a822c3a60410f
SHA1 42b36f134943c4ed970a3277edd790ae5ea9de08
SHA256 357f55a43e6280c7d4df0041e19c1180e455663449c7eefb7f706b780b9a08a9
SHA512 171fada748e15d003aec117d6aef5c6ff0019dd3028a79adc0cbb1e748448b8d0410178babf8a555581d6a4c2bbcc7feae11e1f4f44bd5df389b5a6388ff59c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 7ee17480a88f216ed12ccbbd82ed9524
SHA1 df09366b5c95b196b64bd7d0f96e94df13d6a7af
SHA256 c0a7b7a4822a0cf31d945509461ab83222ca8270e9a9b77f94653a7db9f3eaec
SHA512 25fcf62d91d9eb333914252b77c4eac4043f97f3dd406a001330aab55a913d23daa38e03a135d29a13e83b2549eec3d246d598b213682f79e82b1ab8a267531b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 b9ce778bb7d4c7e14a80a114c7870a7a
SHA1 c0973c65b34227b86cc678476704372bcae75cf9
SHA256 8fce67a8633fca4ec11f3a6787ce11c045564a6324bccd7a9b655b2699b4bbb4
SHA512 c1bbd95579ff9a8ae4a8a7679fa1d80e583428d48e7844c80fc5c7f6e14ac786729131307e35495512c38ab2d49a28baac19cde41bc9dde86646b7679a5374ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 9b032a57e9af7ec27321599b093a1f3d
SHA1 b1288af4143ea518fc1f58fe608ae4d14e13cdf2
SHA256 466416065d8ff5d3727d8c6da9c1caf4a8e3a2be55a56707335ba1d1617cf0a3
SHA512 76837d9eae004ff3636648b8be53f111459d172484393325e753a6af3e9439e13c294ade008516efb23b7900173ff7d05d98d6cf7984f436465ab1ba3ddaf951

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 18bcbc4926d7f54600dc509331e49498
SHA1 ebc22631947fcc68c33f30b5d2f72462c1713d92
SHA256 a57736a41507cfc7445c3acf5d44dbba82b8ead3c4e7d7f5dc1acd21a524be62
SHA512 0e89118f2115024911987229e305ec7096eaa68a55b030adfbbeef11e7071a551ba1b5e7c472012c52adf50607fcac9355352cc76d46748fa2052d8ea4c6316c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 3c1817b2b3fbb1062d7128daf8186515
SHA1 9a6023f90ee8f6c3ca47665b4e11600647ae0044
SHA256 337a6a78f9df84e38cb7d42bfae147eddc724a15f30866806842b802ac8e5745
SHA512 980da720d21262c5e82585d85c19819a06c91edf3412d5584ffd150acd67030043758356d86036eaf09147b283108b9e4cc46a8a0ce2c80ceda1a130001b5f3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 3398153b7aefaae82ae97cca7cd0b439
SHA1 bae2aacf5861f56ebfce9857d62c8a758db1d777
SHA256 cd3c8e5e9fc353802d070eeb1bb3c1b5124257e4800bac017a7af8e8375c753d
SHA512 8712aedefc4c4944697c275d7cc5d08b8f676889dfa3247a89eda04be6e889ab19d78ddf6634546971c7e3786836e8fe645806921e2145c51809bfddb2f47032

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 71293a3f435ad790129db63a8ed3e0f0
SHA1 a08edf325dbaea67e4d77bed0da86abd03936d77
SHA256 4562243d3231086183eb94dc9ec18747072baf38b3dddf2da8d81bb5a3d46dc7
SHA512 f12218a77ab211b5f3ad894a505e5c80609432fb64beab0d89770c209e4557df66352c1895d247fa514531beaa1387b877da910ba633ce89d8707d2c140e9ac5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 3a4a87b7f133c24d6f329a956d82fde3
SHA1 9033fa36c10365b3a30f5f374d4ad63d425a0bc4
SHA256 6ade774aac552f5783239c6530d73e02c1c2bab77377fa9bdfaf2e562529182f
SHA512 e0d346354828c98fe8da3a8501a46bbcc8677919c17816da5cdc2ea5102cb010bf4d812473685f164fade17288418b449d7eeb809a35ce15c6366674fc11cb51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 99bb9cc2eec4fc864c2a067b6dd34c41
SHA1 888090195ad60c52fb5179c193b4e41e9137112c
SHA256 4667cd8363e8fd9444ad067aa6b10b9f35189c6b9b0c859753a4c3e10e47942b
SHA512 fdf63d7741c4233e1e8d7bf58c28d8b1c3244ff4f7bea7d9fe5b1682b911c3a06d824024d9b3100bcc7ac64e244a774dc9e8c761b0b7cf901a11dafc8e9a7020

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9820b9f01b306e394a8178161ce81f47
SHA1 b86630ec7fe8ed4878a364a54bcfa65401a06084
SHA256 eb61ec77c2f2971c0656ea0e06daa99565a92a7ea720c10d294b4483967cbcf4
SHA512 16a89ccc13e849aba769b32b9c5bbf107ac6f444cf2db6661314bc575e6fecac3c52b55a45a906ae7b7ae59d6652d9cd7dc4556a12fad809d152c5a98afbfd43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 84e3e38577a1b62ee8291e8d2fd0339d
SHA1 1c2d12eff71b260fd144c447f4c0bf8bcf90e746
SHA256 c3c9e48b17026008bb5cb4cfa95027ca543facc059268080e2553452c9f4e414
SHA512 8d7cd5eed594843e89a1130f6fff54a908c36bdfa3b3798f29ccea3601cc31567fb3c6db9754b5cb3440c1ca1b09b7d0fd189778909c00ebfa4a26c1ba3db4cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 fc901261ded3345acdeccb8fdb304794
SHA1 751f24a2506719eec9382a5e47084ce429e7dab9
SHA256 c38369ba5c46669ba50011b63590b08948e08e6569d55580ac9e22c4f49c67bf
SHA512 743ada2963ea1ef444bb46f99741c0c0b0945b972972a54f822816d6d423f53fc9ee5baacde7ebb07b30736b9bad45314c0a6192ca546b9dfeb7b18575d1c383

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 dc9d3fe7338c9552b6d4f2ce976d08cf
SHA1 0d6ba3fa36b2df24c1ab9fba2c42bbd6fe589b39
SHA256 1ed19d34d6e0126d6ad714d5a3e0370652ce304f44de3985b45f466e5ef2f946
SHA512 57236bd588c57d41ef40d3669d0e84bd4dc559a6655dcb526ec6d7fad36c28eef2843e63d7034ecac6a7952a0c3477568615ad912ba82c16553090e25b43c1c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 d19052c0c10770b1cf81b3a3e2bb2a48
SHA1 dd94d876ed1e654b539020d8f035cba5cc05f41f
SHA256 caa55842865b7d02aa5112d6396927c5fd26c53e783c04ba614addfcf8652d75
SHA512 2b1eed75f8e6f256f941f00dab7a6517277af138743278dbe6a450d259a3588bf7ad814a063e9d3314ff851d6a7a0b4a7e08a3d46efefcb8bfe9dc271dc6c4c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 f1bf9eafb833a17d69dbe0219e0445c7
SHA1 868f063e5db21c9f8b0c629c0a6a94707794b236
SHA256 7e9666055e954dae0aa24fe7a074c1d859207626f8f2c17b4a0e69f37d48a62b
SHA512 d599fb2154e0f8cbce477d7944bc4b039ffa056496023183b5d636354b847fc5adc5064553636063938d1496bf3ce3468fe960c4211db14ce41a2d136f2a6120

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 fc512a89bfb635f3583647a43c22b307
SHA1 34d2e80bb825d60e25e96c4330ac02d472fa836b
SHA256 08ea29dbf4c40435da72276377aae33a712c65ba6570af823930cdeda4a053e8
SHA512 5e5d21c33332efa9bb92b4a98638ffd37821a884cb407b976c0cb6e512c973b71c0342d0f09e837b3ebb2061017d701fcdf54ec2da3e65e80e12a7ebd2ba0327

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2b619392cb3fc4e95d626621bebffd6d
SHA1 52531f8556e262cda75947cacdd9b2f0a2b4b402
SHA256 e99b65edd6bbe49c80952bb8f4b57f83c35cf5d58221132cc09f07757ad5bf98
SHA512 7790ba0781d0f319866f1fb627a13726d14352d87f319ceee54ce98333cd6596967a6f12df98a427eb1fd4557c36c6110724ce76530411d08556fa07d4ddef1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 0089403d629c3157f560ba695750f07f
SHA1 8e96595629aae43236cfe52b63693fa02ce401fe
SHA256 7f86f43cc87a2870e5ffc01cfeb8f965b0c056ba3806d42a9c1f847fc334a60e
SHA512 d477b5b7e58f436c258b5747101c33be53f34cd58113b1e2038d215a5f8f4619b6b7f92715a718e17ff89f4e00c5d7762cdd7803b5297f0bdd6898028fdc7331

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 730a6e071c6f99203255bcf0bdfb38ae
SHA1 86c8f98e5769507910608333e2abef050b7bea53
SHA256 797d66c2db362f99a6fe2c2018bf1179e60fdf325135408d1229fc75bee9ce09
SHA512 7b332f7e0fbbe5e2f8b741b2c6bad82f8b2c3852bb7aa7a2ee93f863fab31328af42e8f868bddd17887dd40b89e7b64a71fba9980f9e4ebbd9c4319da6774760

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 caefb2e28f527a3876d3a9043badaa28
SHA1 cadc1cd599dc546418e97dc051f5fbe2335b32b5
SHA256 22c51d2212eb7ff37e7cd8fe08b0274f36d4bea96f8436f66eeeef7c0d088b45
SHA512 650af14b51c5a4dc486451db618ed36692c2f33e9f66f91893c337175c4f8e5382fc20e9adb3b6489d44765069e78f8f23a792476a30b0c300814b66e45f2fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 e8b9a642b90cc1aae3677cd767c9091b
SHA1 d16e0499f1c237af8a0838dfb6c471449414434b
SHA256 f1980fd2033dbb44c6b13a07b2506995cc14bd9312280e82a4677e661f11c0c2
SHA512 40a8d3731a592f2bceaa56594bf6be52ff2fbabdd2e18b6532129e3f965e3158395332510d561686c083ff7fbce41408f211af7eab3b2a9b85293a3ca0881578

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4677b42e50b16568b8f38558e4e421d2
SHA1 c9337b9e6085e2f0b6147954db55cfc330a5e187
SHA256 f4572cdf0b02ef3309b27458fb61c2894414a037bf36897cbc77abf95198fb9c
SHA512 434992290d7e99b10796bff01ebd20b8dc61a3368782644aad43e999f7e94acfd82935f40b1c468648cd5b8275b10bf60f87591c8f564af2fa328cda5173cd20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 0f8df282d1b568b5b4357208a1b50a5a
SHA1 da8bd4d3353dc618e31df4cbcfd469a9d3b00b98
SHA256 af72a69b83d997f90f7f5df351e5331426d1527d49a21aa797c8e92704465f51
SHA512 ed3bb501a8a1e374e5669edd930906bbad48da08e5e638b9a076096721a2325342730f2cf7eacaa7dd311164b5cbbb46b211213cb2b5a552ce67990001e4086e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 ef8a4734c36c92a85252fbeaf087781d
SHA1 446729351beb1c912ce2f75119c778683ffee7ab
SHA256 6c59142bf4b581561a87f038d4d6d8263e15e53f8b0aeb0cc7c53ed4a763029c
SHA512 bf32e05d5119d2b02e80796c467962b981e640907857878c7405ef1df9877ab70e8b7b7d74d6cf7ebb821711ef00c5b4ef80098bb55180f3cf3ef991d62ee45d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 27c8171ce8c5403c52dfe690f7c38f11
SHA1 2634165778b364f7cc34402894301e29a1cd4987
SHA256 285e86d8b2b40e6760ecdf0d7c55d9b3c93a41d87c15c124cdf7be7995717f57
SHA512 41fa2a72bcdd95c3b8ad900f5f46274c49022cefbd7e5fe498b83f48fb6356b15ab568ae2cec9c524b7769f1264d8f52928ecc45f70f9c4ec3e8f45c6b448167

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 eae1365c616d7234343f547f62b146bf
SHA1 39d16005bc5a1d49d612057f706459bd60d82e41
SHA256 b2a793bd87bdfcaed5894010e240c6f53729a4222f33ae782acea20608631a55
SHA512 72990ede91b7c5616a8fc83a5d2ca182da94e7868e12f6cca815a29a3177695718513361ba6b08b3ec8ce8ff1fbf9ef3e84ca4b40906361a9661f33ae79ae53d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 a228ff442dba2a398cb4071105c2198c
SHA1 20fd91cf6e8ea8eb1f57806c245ed18e4b0d11e2
SHA256 081c7b10a1ab3079089ebc846d3ff1b18ff47f90b22fdf5b59678cefaded61e1
SHA512 844c464069131c164e0daecefc70aa12a1f405e734bbe221915cd9682c79b8121ebfe01d21f04090b4848eb4ad4d575076d06c6d6c82e2dd53a7b3cfb796be4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 cf238c4ff8f1dfea226f3964eb0a36cd
SHA1 d0fe0b5570e80c100ba54dc7774d29c740f82d0f
SHA256 34013bed61811a7377b0ebdf090f1eea33f4716f3dd6a259237da54b29b8a2da
SHA512 c543811d26bb1ed4d37b761f2316fa49b492d9e22b99ff49e805c12347c07b1a673b948b8234233342138bcf9baf2e7d78bbc4fd7d7db369bec209c5ad4459aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 c8b42d28c2e2fd3c7f7ad03ba41af003
SHA1 78db8049e82f7627b74b6e2a712cd4af58da2176
SHA256 3ac8ab61e35a0f15cb90b5193a61a9c9767a8e909e6e897fd35508ff5bde6a6c
SHA512 6eaffd0e5deedc92502dd4a0b9f383ed41ff684ab6b53206a5c02b8a3c0ea0d43dc9d9632b9bc5df3353d00f74ecf5694f2c635b2515502ed857fad1ae68a37d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 3b121b2d5620e11f1abaf2c3feac32ba
SHA1 1caaa7d51cc6b76c5c382b77f5fa15767d0ba12b
SHA256 f456a6b1ff7e9a4e4b3964a15e98adb1a9722a5c6fce5e952d1886aea92bb4a5
SHA512 3fb4fd2d802b9369b53ae4c3ef9b995b4290d36dc97d4a88837062903b1afa398a1b90f7f2b64d6373dc14361a858d089f3b57578324ee3e69924b126c9a55e4

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 7583627c75f7f76d6cd03e73ec82a0db
SHA1 696a873d519faa01b308515d60624360c51ad565
SHA256 682b51fa74c2df216069c6fb05457c43e0064e53bbf736b1a1ac6c5409b73609
SHA512 a9ad14d1e285086bf0370ffebb5336d0a781cd276b9442733296634e4567145897fa31821c3203e5f3e48dc91dbaae7d9d3ee38c41895506ee76baf6347f5e49

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 15f925a1051497b44115d44f2d8ec63c
SHA1 65b03d9d384193802d85becaa07a6545e828ea12
SHA256 7973e36158c2e4ecefabc2545924fd997d304a618e7fa2e16d131b990fbe8a4c
SHA512 eeb9ad52a1e90e31544fa53dda0bf5f49f0ae10370ebbc119f1c8343862bb0d72b389aba2d5f8ad7963c383ac1b089a98e7902146c9e92d1136f2bbc6914e08e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ad3da2485e4a15843bba9cb677e973dc
SHA1 4151b9ffd2aeb40c4d55c5175797343a4a0679a5
SHA256 a05037fc701177ad7ccb3285a752021d8b115e5e4fced14ed67fad19153539e0
SHA512 0c76103064b602e836052708b5346419db5ddd7f52aa2db8c3c23c74d84b81c1464b77d956d5b084411cf0273a82d853211c0bb7bca2cbfa72f8283175b79d19

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ef8c4659c47467ac184e2feb850d661e
SHA1 ed83f64e5acfe241dc3c987a6f714473fe3f9b4f
SHA256 9fff7e0e49b531069c3373df3d9c19161f0486afff520242aaea47de703ef198
SHA512 59dcfe0e39623436a503c25245c71bb5a4be084d106ebb6596e9fb9bc445bd747197f894879e1af61fa6c33c50a5be47fac42180c35b9fa8454cee175db8eb9d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e8c606ec48165ef4d26c8b89950c5956
SHA1 a68e8b367073b71f53ddda7d256f5662927eeb1a
SHA256 229fae19f8c45904844f2583fcc886e979b42d55dded0e348379b390dddd6b9a
SHA512 f472b6754a760bb41dee6f25e95ac6f15d14c9feb9c3ab2db7427032600bd81f4e021c5d21b472ea1d249c53b6a0289370276954c7dbbd3f759349ef168e53f6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 ada540f194c21c506926f81a1c861443
SHA1 b3346583d5a553a40bf25c7837aaf673720a6d02
SHA256 564962b63a09b331f80d8dd5c5fcf0b642d4a3854f4030ea6aec4417f8f82d99
SHA512 164605bc650432d833f3bf36003cbb562adf5c2dbf470b06d99e0df0689484d35e61991a05eb239a9fabdea237bd7920166902bec3b200120ae9f54393612ab0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e9bf2fb41bde55458b83adbb98da1c16
SHA1 91ab4d7c5a369a6874640ba6f725bfe8f9648cc7
SHA256 fdd76377d6ab5aaf06f9034f7d707773c9a9113a775dc4ed7d2e5486d5e8c216
SHA512 3e92d06b416c7d1807097bcf5a32fdfc20afb51160d098d8472725ba6ee66f722e34144de5649a6ee67108b653be7c00af97f6f54ec7f1e9f8268f36f80fc46b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 d16374cd2f631338d2098aff4a025907
SHA1 c0e62f804cd1d5337a48593ef8685e315cdfdb48
SHA256 8f8fc03aa1a9d3394cfa08b0c52d772ff524726ec32b117cd946cda9f099e601
SHA512 411338157019d9f55ce0ab1d29db0bc66ede023b42b5aaefff159d42ec1a79cff179de19af98a281dd0651342b0b076976d7c4134dc068b984612fa2b182be3d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 7cac430bdd468b107b42232954b2f1f5
SHA1 878a819814a66745f27f73cb5842002b5d5c5399
SHA256 a6b83d17d595f8e63bb90a5623759d237272554bfba970659d58a5b6416e11d4
SHA512 0298f40525528a27cd2ba7abf1526d81a6000cc66f1cc9c3007226921a0ebf9f6eb146f454371ac5659098602a418e2526780b5e364b25a8c87b489dca997a1c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c85fff50f841c31085a7d403678c425d
SHA1 12583b9ac3554bd4d7d394a8e3e8f803b2d4ee6d
SHA256 4682f6d971e971ebed329e361b5fe2b74822cbd17cae648523dc39e226378a4a
SHA512 fce06d8bf96ca12088ad865061878df204818fb17b40e82205bb3ec50e5527781bba29a9300c372287dfb0b8160bd2964cb2c958397315372c7a42973e2a9a91

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e318788f85cb9164b2499e22c4b0c1be
SHA1 4ca6ece87a7eecb2c65cd83dc3b2e8e95b2014c9
SHA256 69f7e31bbe6ffb1b5e3ed2950658adf65f78920ad92db2e4bf5cdaca29e99ae1
SHA512 bd7519b03fc31de82854578e88116368da0de20a36420cbb50cc1a1cc87251de7b66d6a43223c8eb6c6af67e634fc9c1e7e58678d829f92c33dd31f7eca35c68

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f318eb11789398f8fb0e73057d237af3
SHA1 fdcd2a7277c1e56cc321334698c2b033f7ace214
SHA256 20e587bc2744c21c74c081883c75838889dc9d5d532dd37996f43a799653d545
SHA512 cae8b0b9483fdfd462bb64fbba8af75c44c583cf2f80a1cd50d79b374dcaf977fa7b5540679ed613834cdf7c1a4edc9a810b251c033fd6fe2ccbb78ce372ebaf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2d6ccb3835e498ccf2423f9a9ed3027b
SHA1 7c16988d2d467ac91c44103e2f7f96f38bf54d33
SHA256 db9f1542f8f9e97daaf2831ca7391fac15562ecd94fd2c576547df51b6e35b4b
SHA512 d895d524d0cc45eac1ea71dc1fa7e730b15b2fa85fce787df592fc635ec023fca8317fda413da6e3e42efcc62bb5add6a086949c07122120a9eaa106316fe129

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 f318e9d816b2af90ebf0511e667e9f11
SHA1 cb6c088503891765123a7ce2dcdef3e5760f51be
SHA256 e8f364653ba7fb0378e125acafd98e315fb54906a1f3a5d3cceb87819e14bce4
SHA512 712096eaa57cb2254c3a0e04458c9c7ef6e631d0ed25da6d3e5e8de05c5db12b2b79d0486d3d6ca034aa039c0fb52e658182adddfdf1015a7671bde1a6c09e40

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 e4572e2ab034d69e4da72fd7dc5fee99
SHA1 d251d83caaea882b3600f742d06f55c9e86aeb0e
SHA256 76224f342de32cb680ccf302d5622684e5ee720b17029512eb55c8a75dc1a350
SHA512 c5a5bad5699ee95e73b38263b9c97930edef5eee9ef78c225636902ea591bf1b070dac6d7c559bee4f845c1031fee1147e29c24e816a7bbcb6c102b491335bad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f051106165779ce291097b5b0ed30cb2
SHA1 d2a3714d7e25d498ef151ed506f95a37bf90fc66
SHA256 380f94ebe5c38d6973ab89912e4304f7d89ba756f76aea1ea9efae67d53ddc2f
SHA512 ed2c7ba83104af5756392b0570cd244e3b2b7f2ce263a152977bb9c2339ac20d3bce6f092317a75d914aebcde2f224dcce7b934e47c481e7315d98095730bbf6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9720d66dca4a5ab0541e5ed60590aa8a
SHA1 60341b1cbbba6c84305766eed22852d889682737
SHA256 3cbdee50c5bac9b5cd819622d596ee5d4fcbe90e5e960d9e88017a25db498188
SHA512 0bdbbd0cdc1735fbad073d23e4da838ad06a4237a3d040353da5bda62be8039336f2f5bf1283d3e99b8d7fba16c67a4a85d3946cb59f68a64ab9afff8d453cd2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 68ddee75809d72e414461587227dea47
SHA1 07105bbc8146555a847a99110bad1b8b0dbbd8ae
SHA256 ee89527ac0c1476e515c9308ff0d8789b286a0d6001359a5a0b4cab34d244502
SHA512 aff073c3c9b4732e824e094349ea1028a43c54f56e855153a4b3c1c7dea88a1d6ef384551cf95c9e72e2bc5fead6f4676310d00334f2377f02a02ab251c9fa1b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 370285afe59736fa5e7f9bcf4e898a34
SHA1 7dc706b94fa55d539b1f90c402a24ce8fbdf2e37
SHA256 42c7b2698d9bd065e1d94b359c131c4fa6474115bf965b7e4cb0ec0f7230f9f4
SHA512 3e8dadb2de4d79dadbab0d0e017f8ff17824424d57cd51485aeb5327076c6775b1d0fe6b0322ed661eb0de3ea7607f6d3a0a446f6abdf9f4413017cc49830f9d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0b0d68ad8601a20761b81e4eeced038f
SHA1 761ac91e1a6d4e1b177bd0c38462c9e38013ef33
SHA256 ae568ebad7e76297027be0bf292482129d0821b3d38a462bff3f225f69c15a1e
SHA512 3e13e23966e207a643ef255d2341e2960f04f05f47dab7b12bb4079f5572e789f6fe1a0f0519ccd684b4b203cff1908193e660d13a0f4bbb7a16a3b5426ffb96

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 66f58f41664bba9a8c69c701e8f0455e
SHA1 6e899128c0f76eaf6ec7b53e0540a5cddbfc9b8c
SHA256 b457a090f5ad7cfede7fcab21582a7417a753ed9e0adedba634ace6ac3b79f98
SHA512 552362e659c895272eabb7997c88d87e95190674d8fcbeb19bf57f8efaec18e9f50a8bc17c7181dc87ead5f05d02d1406d68346178bf8e8946589ab811da8624

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a8ad83d2c5bb02aa1fc2a72644d4796
SHA1 32d34b30cf6bb18e45e66e934306733d0f83e8e3
SHA256 30fadc62587e07545661256cf7168d65a6dc4da4a98fca59ddd4072e9df19fb0
SHA512 fda8b60034ede605502d1c2ee56cd05ee1b4c8e1d617a7dc15ed8eb26c44280d0b49b26494edc879c088d8765be3bdbd066866c5ac3970b4e7bb9d694650738b

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 07:34

Reported

2024-11-29 07:37

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"

Signatures

Renames multiple (2192) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_tapedrive.inf_amd64_a3a36e8f2c921ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cehjmmpbbehhjmjm.bmp" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-125.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\AppIcon.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\Icons_Icon_PoP_sm.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Custom_Sticker_Checkerboard.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer10Sec.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutArchiveImage.layoutdir-RTL.gif C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-256_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_WorriedEye.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-datacollection-adm_31bf3856ad364e35_10.0.19041.1_none_71b301733c1026f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvms_mp_windows.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b39386baa5ca3dde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmvxencd_31bf3856ad364e35_10.0.19041.867_none_31c92e1acdb9e150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a954dce26dd8d4d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\chord.wav C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15805.110_none_ce8a518275a58ecc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_vca.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50d4ed1e393de22a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_10.0.19041.1_de-de_f929398a7e8a1674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\InlineLoadingDark.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winnat.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b217a6514d7055b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-msmpeg2enc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e8424fd3ab1f4f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000085f_31bf3856ad364e35_10.0.19041.1_none_bf0c67e728d6d774\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square44x44logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-18.htm C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_4714a8b784b340e2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-prof..ndusagedatasettings_31bf3856ad364e35_10.0.19041.1081_none_20e7cfce02844bfb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_28bf230408b421f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tprov-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_968f278a3f1a4193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_0522e2dce5b91fe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_2e31e8eed4b770c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindows-undockeddevkit.appxmain_31bf3856ad364e35_10.0.19041.488_none_7201e1dc944d1765\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-deviceux.resources_31bf3856ad364e35_10.0.19041.1_en-us_2fc1cb6980e47484\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-powershellcommands_31bf3856ad364e35_10.0.19041.1_none_52fb0112591dde29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\DefaultSystemNotification.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_processor.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_46f21da272a5c3b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_10.0.19041.1_es-es_53c339fa60537c35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_uiautomationtypes.resources_31bf3856ad364e35_10.0.19041.1_es-es_5b29b61590850247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_de-de_f1e5ecf3c650dbb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_10.0.19041.264_none_a199d25200715d07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.746_none_991516c2e89f97c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ructureconsumercore_31bf3856ad364e35_10.0.19041.1202_none_b8600b6973f71d56\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..rm-libraries-minwin_31bf3856ad364e35_10.0.19041.546_none_8800dc0a042d8fdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_10.0.19041.1_none_ea451cb311feb420\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfasfsrcsnk_31bf3856ad364e35_10.0.19041.84_none_b8210e8d6ab3ed97\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_ee614da092435ac4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_bth.inf_31bf3856ad364e35_10.0.19041.1202_none_cefdd1e9348cdbd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8af3e1de93055105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.configci.commands.resources_31bf3856ad364e35_10.0.19041.1_it-it_d6931972e876cd8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_de-de_85f70741f42e894f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.19041.1_none_7422467504305553\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\schemas\Provisioning\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_10.0.19041.1_de-de_9ec164787b249b90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-alacdecoder_31bf3856ad364e35_10.0.19041.746_none_c5d6bcaad5e1c6c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile150x150.scale-200.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_10.0.19041.153_none_564f8e2b127775c8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_93adcfb5ace23a89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_tsgenericusbdriver.inf_31bf3856ad364e35_10.0.19041.1_none_9a98efca709efbf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_10.0.19041.1_en-us_d3e4f947735d7390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_10.0.19041.1_de-de_6f02ec22140336ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Resources\2.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\MouseSystemToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_59457f4ced03fe9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1_none_7862ca1f7379fdcf\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1237_none_7578510aa0f564fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shmig.resources_31bf3856ad364e35_10.0.19041.1_de-de_8cdcb9f3b800bc9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Search\Images\logo.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ompat-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_716cd588ea117942\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rvice-wmi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bc5e0a23b1342ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netv1x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9c7a63d76e47866\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-id-connecte..t-provider-wlidprov_31bf3856ad364e35_10.0.19041.746_none_27cfe93015f60c72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-assignedaccess-guard_31bf3856ad364e35_10.0.19041.844_none_10a0a60f1ec9cc10\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DGSSOLFHECPPTKT" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe,0" C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 07f4907502245876a12a787726b39b58
SHA1 f962a9780137a022a30b222b0ea5a1e076cce079
SHA256 0d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095
SHA512 3c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 07797ab242184d32942911f516782812
SHA1 f3418bf90cc256924b5a97c74cd2266016ebec6c
SHA256 1ce25e9a5391e5aba36ac47e72b961177f679fbfef29a341820e5c91ee356dd6
SHA512 26c23dad3d357797aab6769e75880b06854bf808da1549cf6bf7b21f1d85354d356b72e9c20f76299d9f31a40b2c418bc1df1defe40c80ef4583871b804487ba

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1558dd3609034bffeaf0a9632882728a
SHA1 34dbb09760888e838365a3c4c98bb2c7edc430bc
SHA256 bc45834f713cd11fc4bbb2479255af068f88fe001200d402551abe75241b4801
SHA512 a60db0be115b7786988662f810f119ab5b1a1b2718e3fb37534448af3fdb2c692976c5bf154320d9bf9f507c31238ed2f9f4e496f68944a004d1d0ab507cc73a

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 2b1dfbe39a19843b8643fa67fade51e1
SHA1 168ef8984f8aebdf5bf74f655de55a3e13193ba3
SHA256 e720180525b16197bac2127dc44d49a1f7d3556a419c0249b8bac7afad4a22dd
SHA512 936932eb9f79f4208d8158ddc2ca91c975f20bb20e8f9425b5386a5f7e5710d964e54b3c9040ea5f22fd3b264a4b424b57cd214ee324ab39609c2bce54c64926

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 a11748621fb223b3f6c0863b5c77e64d
SHA1 aa0ac985ce432218fd4b78b8e4094d3b9723ef16
SHA256 d9295e293e7890eecd39c7a210918e4fb0bd85e4978cb9b898eaaa89481dab83
SHA512 f3a464c195cee1274437c63d2aaab4618eaf688f898a85016ce3f3d61f7406344fc178e53fb6ceb87576bf1663dea6fa22bd13d8cfaa90d98ff6d965c7e294d0

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 9e4f299bcfd169d8a7e1d65654485f43
SHA1 35e34652c61724bac6937ebcdb86b3c4904efe52
SHA256 eef0ab904d4339bf4566dc056d52a7ad09d7cc1a34a2fb20858aee05cb20292c
SHA512 df05a1093fe9b239aec77cec183a43f8efaa2029b206ed21bd25786a13ef8379de36d4551846cb521c58b493002e1c1e6b13d93eb211706565c547891fa06ad8

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 abfc0db58b0686b0cb899b9114c784c9
SHA1 4ae991480f09719d870f596016f5c4fee36e727c
SHA256 9e54ec811dc9199e0784c02f55af4034b3d70cb5b17d7761384a70f963c8806f
SHA512 4aa9d91cfd3ac85ce624f651935c401ab32ec54b89dfac272cff426dab0bf4038e173ea3af985698f53cc49b7193e068cf1497d21f75a8c8bd814c0793ab2aef

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 88e78785eaaebd9c03505d4edc13e876
SHA1 30be8dfd0cb8cf39dc75f8bc50ab516db6da58af
SHA256 3c7f5c7d6410fc8ba712e7a785021ef1b836dc29dbe7f4cf1c900b50b796473b
SHA512 605a2795df9f0976aaff3c15f62f6702dff2d6d5deb175d345bf2ba97f87eb36289ad5ee0eba4607a4f561037606c85e559a09e1a8ee7e0febe3323b679aa551

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 9704845742939ba6dae9ab63a3a3b6c1
SHA1 86160248236c01f8069fda6d43fc42b8e870e832
SHA256 b69f36cd2061e8aa020f4127e298a7ff5425399508e6efd5252f0d0ff43a3f27
SHA512 56c794482b9604c7326783401510199df1c145ea2155ffc7e3d3a8e576c54e88815c0142aab1bb3330bdec5b4eadce0cf695fd1e8675d57b4e2ace42db6a4d73

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 fe35ada9867b6a8a8bd6e04e52285c30
SHA1 6bfa629206978bf18a30c84906d7465b7c44725e
SHA256 c5a8ca0051f59b1aaf5903c51276a116d7e8635b5e447a8fb539523b2cd18e52
SHA512 eb7ce8eb69e1825fafd51c9d2cf28855506e8a4830be009537ee4df4543cdfa12d1bc5094d2ae3e9ba9bde829b7742bb951f9245ac0138266c14278ad905d87e

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 3592cfc8a868cc65bf450abc8ebd8a14
SHA1 25566e1ac45eafb94b2c06d6f833a1881c9d05d9
SHA256 98a22c8a33626f1df49fd057a9d81a2cc2c84a7477494a966e57eb950b84d448
SHA512 ecc04f95232a9f7e52ee68f24f698a60b2bef8266e9bd5c6796de1ebdcff98acdee2ea4638e429214f350010ddaf69f4a56812df550fdf53c6f7eb5a4f4fdf7a

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 aa2432662ffcb54eb627ad37ee426d12
SHA1 53f66ff6f7c6c6cd468d4dd98d1dac51fc6ed7a7
SHA256 053f2e3232b44388d6b5afa7d35de1e0dbdfab675c5930b8f35a0456677484b5
SHA512 fead668d544e54070d32f6f9510fd3504910da68546be6ccb5b0c2cb2e1188737d0d53f367c9e679606b410181e750e8fbee5c0193c17a1b4c2dda929037dd7d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 15a72633d084a3b54d067ae084e0b521
SHA1 37a215013b353a8ac62df7c34575b92243fa5566
SHA256 711c7871d83e9a67907690cefb52f2446124c5747d90c6511ae76d099324fb75
SHA512 ffd5f16259e9ecbaf98690aeb1eafd6c7f40fdd7852e998be630ac308d6488245fa949e95a2ec08950d2259705e23bdad22845ef5bbcedab185d76ed5f17a3d4

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 61e454f044b11c136bf7cb4b014fa788
SHA1 3bc770f90ca18be0cc39f8ab92b3e104859cdf41
SHA256 20db143308f06f48ab413a9d59e3ad49fcfdecf3a6caa5f656260fadebf8ebfa
SHA512 af412f24dbddb7ffecb1d535c4ad47ad516668cd0cf0deab0f1e3d93535ae14d0023c3c182744fcf278386ecabc99ac059ead22d12a13e8101c910d9bd1a32c6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 461cc6132167c5125d6cb3abf61458d1
SHA1 0b1ba8c9b4bb06f035bbd1dd2f6db262949dc182
SHA256 5e1ba7a2b624742f5dd7917d5d7b55d15057b107c732c4353e9440baf4578dad
SHA512 95b3350056a13e14e1bdd6b288fa8d4b7b9cf5dc18a4491e727ef602810ee510ddb9b36a16d17e77d32cbec5ab1034baaace63c8d1e04738c25e3eb2cdbe71d2

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 fc8878504e92b55182d37c46667d5bc9
SHA1 f94fd5a8bdb903f2d77d93032aa2f0ab886d7c71
SHA256 524118bc53f5b0fc9b4e67fc8bec63c6d8dd0e5f01c1d12b5c32347c795c89b1
SHA512 e333533167fc6738627087c4568efcd03ac5532e39be2d543e37219c35dd3ab09b4acb07aeab4dcd1dc77d4680881bf2e8f9eb36575eb7a44576b66cc636df42

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 0865e3af2ead71095125cfb96081c3df
SHA1 9d2cbb32b5ff96fde18dfe0f96980b46b57a8147
SHA256 18dcf49868b2a856eea2a3b72e3e53cc9c4efac3a8015b4687c33a4c26a3324c
SHA512 5ba6707e338050a3595aa42a8f00ea8cccd5823c9720be9b5b0b11328776920d1c1f9bb4c96c108a04260a21498442c990e3878684000a3e05821774b58e3c39

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 d72321bd23f05ef88bf3d14986312b81
SHA1 e338ecbf94c243b5fde22bd0b82fe4d9431756a9
SHA256 ee539dfb139fc6a6006c2097722a38114e2287e96bc82f0714a8b55b0c5269a1
SHA512 ae3100620d5e498be800ef91509225379291f9822c2ebb7fd3af2b77b5cdaa432b62a038c73e4b75bd429d39a532046950b1db0dee92553875e0890cfae9e673

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 fe282078f01bb226b6a2175a2554675d
SHA1 68549053068adcca8ba0a482ef7bcd9c54202748
SHA256 f05a69024ba13af475df92f02963a4786dca9e34173a00588f447a98d7b9c99a
SHA512 afba24a821ec3e0d9839d56fc3cbed6d81b4abe36adbd429337b2a25a940dc74e39c8e3623e6a88d84b7f97cab40a7a3532838fc597c2811200afd5f21d7b158

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 b75e4312cb7e2c53e98324ea0a3fe8f7
SHA1 a48799058b05da7c5a5b4eeea7d6cc27e02a6d19
SHA256 75d51f0edebeb353b405261d80b0301ca283f43412cd89828f1866594954d193
SHA512 a53b12b5598c9a686ed6bff88a161757bb202b063708925168063ba61c4c24576c3eb31f3303beadd097f4a4d86126d2db547fb13d562fa5614a58676996fabb

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a690191fabdcb08da16f652599e26ea2
SHA1 dc181ab4638a9371b5ef2602919d36ade3064976
SHA256 ed6875255d22f4a9148e53c47c5d625bba13098efa03b20ff74913d959995273
SHA512 dc2d697c2a76efcbb4bcbdccc0b2df16741c72e667865289e5e40e05f594acaf0cddf459205f038d9e3904347d14bea2bcf509de07900cb840674808b5c8a060

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 2071c66fddb6648ca77c8d3f803d8e85
SHA1 3e32ba2c9b973c168561fb05986e6d60038aa72b
SHA256 966ac0da0b4d0cd994d2a4dc33443f343a36af6f24e1f94d0bd662617e48020c
SHA512 53640c071b615b5fca87237dae4f95e89a56058c70e22885f64824cd4c1dd9896f0cf03e5fd58df5d29acebacde545fcd43ff8901481770ea4a58ac6bb4ba0a3

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.EnCiPhErEd

MD5 834bccfcc0d500dc9a701495161df0e2
SHA1 5fc00a2e11f9634e3d395aac02763ce10d95dd7b
SHA256 efb1d6779b1629b58fee361430a8f9013e6c4eb40e34f9a58e179ad851b45295
SHA512 5f84d3e73454b722d213ad395080a0ac7b5ddf286286d05ad584aa51c1eb7dab1f707006548f80095140fd1bebd31e83a22ea5cb214cad20edb8f8c459f42c2a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 ac8d874c5819a068428fd0658510295d
SHA1 ddc7674e793d5de905d092b4a729ae8b67219d72
SHA256 01b2536f58eefd80d006e7bea6fdb9ecae85039d635b808e2484cf72d734527a
SHA512 b081d087489e04afe1e2c9c274e7a5ce37cfa5f12c0677bff6c31f3f072513d1f0532f48661d02d9fc867d067b4b0e100dba3ca824a3fd1610894b63c67eeb2a

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 fe0b527d142362ff9249be4c5ce51723
SHA1 d79daaedaa00e67def7045fd7bd5593e12cd771b
SHA256 61cf97c5e23cea5d2d570ede3e8865f045dfb49e4c6ac6bb07af369e1b8ab188
SHA512 485004d21d503b3c192b5876bae96372c9649d44ee66cc456334d382ed6a2eab1f177e37d2b5877a1731c27b65b398925cdeab573a07f510f6b9416b738a0380

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 b9be00d4efbf738dcdc43e47d8634b16
SHA1 7cff0bf015f51dfa5eb2af8fbf23e688d17e2303
SHA256 c64c1d6e1a76759175d449d8b827ce85331b97ec611c793e5eab80bcfbeac6e9
SHA512 1a443a6e9490c06ea2f4ce2698d018d64399f833ce16b3866728aab111a6f48a356762d5fe74eb3adfa053630d8fffd690780f57e465a1cdb082a74aeec924e6

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 70a2fc829ad225ef2f3b15ef2807014e
SHA1 aa36146067e8553048e253df313e8b7c96928aaf
SHA256 317fab382e50fdf2ab0388fdd3fc69096c01e19ac6542e6ba4d3ae8129d21a74
SHA512 ea157ea3be0cc8c22ae1742cb4e248e7cfcb501967cca0cafe6f35b286a2d0e26d5950b59e8bda7f8c7f7a17435488086771962ab5252cb2f48211bf6f97681f

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 69bc269c3694eaaec7c6ea96a38a350a
SHA1 4680dec9eddd4e4c58acf19f2559ebd60b0be65f
SHA256 8f22f7e25a352b00fc208f4b30cef94771e8e977829b0694da43d96115da7850
SHA512 35e799dc34e5eb4329427978f56d0a6fa99436fc3ad25585897f830f0293af34aa95ed09c03ef4a350f8d07faf1c9bf52aa255254f25dc10a26a93fc424cd07d

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 ba99084572c92b9b0ce0eac7b9fba58c
SHA1 d168ccb1a45d75ca54ae19896bac18254a8f81ba
SHA256 d6e7a9127e6796bb7be139486a395118201e7cf251a7fa29860c684590912fdb
SHA512 1c81c802d1d3098409854166236a73d9b9468ecc53b9a06e93b841002aa7154466b39c00d7546f282c74a9e70a12c95961ffdbe29ecf0cc22da3102c3eaa1580

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 adb2616a0c580da2259012963272a10e
SHA1 3a302e271d16c43d5e1fbae93de00765e560374d
SHA256 6e4cbe0ee8421e08df1fb29644a9cff1facbf0f69ac312f4510610d96cf73d85
SHA512 a5a43941051c3a9aea45652b4488a6c80759fa54fe17a1becd0ce73c697a3c99d33b14daefb6c386d9db2666011843760ae96a1f2d0c05676589ec03caa33713

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 1d676a735421912ffc1f9a9f1c413070
SHA1 079deb8391e47fe89b2a3b2973a98ff259c88158
SHA256 a255e45ce05205a5dd27b2e9f6395c4974fbf3788e340d0fc2079b3864795287
SHA512 50548ebaa08d59c6dbb300147646e0eaf886d49fbe5e29fffb757f09bc601b4f7250cc0a7e76cce25a77821ec23c54f025a636b552cacb1079109020f1cb8fcc

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 cfb5c34896973eecf24a21264efadaeb
SHA1 a22f9a8db754c16ea143492ea12ae65e9a54c2cd
SHA256 576f6401cc127aa83220557b836af643d9329acdbfa886d7509a9ddb837a687d
SHA512 fecf17aebfa48781e52de75a0ca1c86bd4facc3e94b735ed735c5058584c0c987ed592ab5dfb4b58fcc959bcfe638d57ce176a9a32636e73600f2c58df764f8e

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 a396c63c046b10107012e9e8699f5dad
SHA1 6251fd348f9a307db2692f025e2e4a53c46618ad
SHA256 8c7729ad94b529adbc60e45113335cf9950cd9e9c509c0e7a97becd867a71c98
SHA512 51f9e8e9a37df9f4f0bb2a8fe306cb31e4f6b957203ec7bedfbcf1a7a4ca566ec802ee2776172eaa97a92640d7daac9c387bc85ec82d9eb889cdbc695792e63d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 3e1b28cb2bfcbdce3bc988f4d717d5d8
SHA1 000a59f183bb2db7b0f819275f97382ac4e94701
SHA256 95623cc33f3973562883fe6b9990e5ffd7e667a8ce7c73d65f8ac2861d5a5cf5
SHA512 66d4bc7593832af169638d9e925f28b53d1304dffe861134f6c0ba365526e0167de32e3508b4179dde14883c756ae6d77e1956189421bd28403b3b42035a8398

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 eaaf1dbe6ec72908ef7a20e38c0a0540
SHA1 51944751aca0b761fab0b8ed593e7578f0e572b6
SHA256 211a60f10b625ceb75642c002fa0bbdd7c00afd290adc0a70eae48348f6c0015
SHA512 31af740acebcfd650a455b70f971dd2f408c9035dd4ac1ea32a6344a7460352294aa4d395250d8145499c85de771e24941ec36bc0e44a892df2968ad7f09baae

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e161b347cf5351733319bafd9cf411a9
SHA1 f6b6fe3d3624f4aa2f84b4405403fac48cef8122
SHA256 cb8af07d97a67a16535e19ff3f81840c1bc9e474eddb8d061e369ba1a947c593
SHA512 0d275e1557c270d78304d46d49b88d50d1bd6afdcffea7c2de6085fc807025e69f89d436a6d5875f6e615e832b4c2815f3cd241b4fc5847effa25011d35068f2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c98007179384babe369af0d195c3136e
SHA1 27e5776d693b88f310b55dd0f0171a3dff154d2c
SHA256 67bebec3b8a6149358a2b41f1a1b0867c8924702d1e4657f2e8b554ca3a2c6ea
SHA512 433eb1bb603c86175bd1ff492b127287ccf9db45fe317e7b1aebfa24dc0d0269432ae386ef549cdc0bd373bc4b2be7c8c5586d6ba08abc9ba6f31df09a3339fa

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 090a27424de29429dad0a7f645077b84
SHA1 ddc84ed23989a36e0ed635bedfafba4e746e2cbc
SHA256 72bd4876513bbeae9ca847a467d409dfe16655123d53d252be4856c16ee752c1
SHA512 fe60dc1b99c5f1a0ba0a92ed6459ffab8202e79bd2f90d21a321a494181792abb413b2bafa8f5ea6dd92cc39e25a2233ea6462ce4aa31812fc67cdfc5dd01148

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 1a4179892883fda276fa751396cee90f
SHA1 d3f81b30bd55194ed187d3505e526df40ba449c3
SHA256 b6ba01e87b2374b0e914c04e61575c5bd6f666fe7972f724c230ab0a052eaf1c
SHA512 e1aa6db9bf6c2c21acaabcf9b04ac8e3cca014b8c771e2a466c696b298d535caeadad1a518acf10827193c8acb6e6b0ed6931cde0fe034feb2254a7fd6bc4ae5

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2974517c9acdc7fdd6ee953af8ad85df
SHA1 ed37af83f182c883253c7460b12c343327affd38
SHA256 3cfbd6aeb42322642aa9ab90259a6ff8a60344b0f1864b6cf39edeeabf4c5de9
SHA512 c681a13365ded5c5ca7b5e252271cebc534d8327dc59f03ee7f2ed01f0d0c8fa09097a65ab32d3edb4bdcdf73ec9659cca18983510d8c2702196fc877344053a

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 fbf512c501880c901553a86c00e7d54f
SHA1 61a2f44c9ee263bdeef1a3e7bef77cfbccefed6f
SHA256 91f3cb2ee85d793a3ce561502e4b8088962a4b6839803c396a8e7f37b9121439
SHA512 754a9fc626756d18f283e3fe7086cfaa1efbb76a9770a449fe3ffb4b2d6d60b3936782168cf77adccba19f748805f34ab9e460c94d8907cf7f927c2b30cb579c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 76f3898c733a2affb99ddac891f7482f
SHA1 23f747a056dd340755e81889011a5f9bb1b8b5d0
SHA256 366dfcbb96926aa7e327e57c751696e9c80fcad5e17290db07ff56ed20e5d95a
SHA512 51763ba49c0692787af787dd8f606c77969e459160d927cfc2a7447051982d5fd4e867a50b0df61dec8ef850f68d5219f6e3634a66512c2bcfe3e8b851fed4a6

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4ffdd9ca068c62088302a576c4f9dc21
SHA1 dd249f9582503d7a488e9c571aea525c2f7203c5
SHA256 a0fec43fe0d4b2ca2f1ceca35d6920526220e1018679103d2fed52a840553c77
SHA512 ecc7967b3cc775c6acbeee2f0b14d2287f0646e9cbc4064d0071479a3b8b92f63ee0b30ef9facc2560f9cff724405ed4827d39db558559ba3d93e7ceb9a26fc9

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 29e5963430032887963edfe35e7a1e62
SHA1 2f54a55d83153df9559166f4fc81b24c6f437e24
SHA256 93b5f44d29b1fc729161227b5debe42cd661b1e74b12f683359a083069b2dfe8
SHA512 8ba52e680e19ac547ebba19039793ab8467070c6577e6a36882e1ab54953d7c1247195d83906cd36389674bbdb48a602c4ddc4f91b9d355267fdc911c13c8fb5

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 405508b676f58ecfb66d8dbcd5f9cbf6
SHA1 bdf178bbb2b11466075b0e80e0930f564278a57a
SHA256 0d83f1526b829a55ce5fee519aaf3167c6f23147cf4f9c850e8431e6924ccc20
SHA512 81c460ae82deae30c3e737b969acac2d66a976edf276aed61809ea853b69c0315f14cbb3bf504c18ff91a377ddb41760bc89f0c09b28e6104fbbd017cfd395a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 a61d5f5d51b6166011f1ea0f114fc163
SHA1 f2eaae8243df952347f66c2cd229896c1a168309
SHA256 bbba914b5f954c70263b89646e3da2ca6834ac4028ca25d5d20380af5faa4c7a
SHA512 75895ca0987af819e7b741b7775aa14ff6fbc0f74041c30ee7ebb62063abdc63a60c3d8c268a4ef21cb0606d11eb6aa3244c69c4c54136e21a49fa85067301be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4c77ee99e85c8f3618a742b7e6c52f0e
SHA1 d1370e785b01cb833bcd1cdf83c5fc5dff59bae5
SHA256 499c2271cbd605799e088e907d60e5532618e643cc4f1fc3c57ce5a798a391ad
SHA512 b7456d64edccf9a911faf62ec59b35c878e7fd9dcc5944e9abf367dafe6535c795415027649c1324df4044d9ea3aa881f69b20034cf7c1640c5953c02b18f2da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 c47c275b726982b19b7ca4f603445ed9
SHA1 a6ac2c16ddc2e6ad585767b5cd22d2fd66d876d3
SHA256 02e6a016c570a0a32358e5899cf1c4f3d0d2b9294db68bd4b8d2f05f14ffa1ee
SHA512 453b75c9ed755fd392d23d9ff1a1b930ef3815bd7237714ca0f5b640335723fb1cf02ad8e616982d47cc07b89a9571b419198f2b1eb97437111ad5c1764961a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 1c4da2cf6eb27878a7dfee2be6c20e15
SHA1 fe33fbaf4dca9c64f0c4d415b45fd953a0cce14c
SHA256 78799f4679be43bad0690a104ebb63e7f17f02a555383373a5b5e1f2e9171b02
SHA512 b7852736485c941b99fca29491d53fbd8e214c3a0b88915504fac9797f7fc8d58ec0ba639d4b335ae7e92eb3d6f20d785ac117e2f2898e09cdaf8f1eeb249706

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 ee0e7b91d516bcbc8be08c8e3526a941
SHA1 0895f7835618e106d3676745cd5df839d9d01cc2
SHA256 adb1411d60e2beba1228fc05b47588ba167318e32ce230ec06353e8ea20959ef
SHA512 bcf099caf5b1962e47edc448a386e2812056ffc86e52d757a4c0e739efd165c7c1b718cdfd7d928887bcb0b9d18d80e5e6121b4a4a2ebe32de37243eb6cbabb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 568212b31d08dc01d1e59d466aea19c2
SHA1 f363180c8257653395e2d2ea56e776bbc64a7c59
SHA256 7dd8cbfd69c76b530b024b30db28e47ba4a8e9808162bbcfd62babf865fd24cf
SHA512 9bbb760a3152e1fb188104219c9f8077279df65c93805ecdb6373e1e71899f751749b900d85b9d2cbef833e6c5e2ca321a36ff454917a741ec30a0b49466bc9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4a43283d529987b0d450f7cafbb2be49
SHA1 eb3fff34861a0d1b85cd6cb5c86b1895f1a2f775
SHA256 08ae87acc4d0d0626a141a9ee33e734d57fe79126f7f40ca4d92e99ea74b2bbd
SHA512 29fdf5e50c7bd1c076644e07578aa5e4c13d71d4ae435036474f7329ca41c16b835c74503e5f414f5bcd6c2d7e74a324323e25ced2d94096f87842beb367bf23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 108adc178f78161bc2ea497bb3daa649
SHA1 3b3dc6883ee0c5e1426101819a1d2f07a3a9261f
SHA256 99ca92ed3ea48300a973e71ca00cde26c5d81f90c35c8fa1f584d546cac05023
SHA512 3b49e260d5c71d15175cb0adf6bdaffe55fab26b5b32c3d5dd0eeb0ab6a86a172851f0e125f11baf8bea66f73a334b01c47e74c7b259f55cb33b132d143f7859

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 e16ae79a6e2d131ad40c7605341062a0
SHA1 b5d90a12798894bf4a84b4593dc5257c4b62df84
SHA256 8cc7f4644b62342b155c596c618ad6377710ecb317dfd7d8af79b4b33ac69531
SHA512 3c06b93374a8b7ebe1182b07b85044f86e7082cf463d878c0fcf4a2409014106a4fad7e1dbdba43e3437100739824a71e95ea9ae05053bb0035e058493cd5ffb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 993f34246978882ddeb89ecf00d7651a
SHA1 6f98dde02c674f9a1bf848c6316dd07b37b5fa14
SHA256 33b67a33c5fd56620117c61b987c0f1b1bef3d2e49d9e26cf2b375f129ae5c0b
SHA512 a1f39dc1da4ab5f6e868de6e13f6410185218dde2aef64a4febf4b53ef99d51caf6814c5c758f672e00cd7dfa87e39845e7a11ed0e52afd34bab78a480e5ec12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d45b64dff396c99e866d5a9e9123c2df
SHA1 163d101a2ebce1a62d91423effbe3d336e4f7d9c
SHA256 2213c475f91789e895fe7164308ef2144597cadd152171a0de9eb0f80ea945ef
SHA512 7c184f62a4acefb273152061957302b76d78c4b1da8833388b3f715c0f957004e73825a6834c8601fc3b04985c3f21f6e08abc00cb1517fc5921f9c22368fb52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 8ce373aded3d4c5be3fd08f84133e716
SHA1 094c0846e4a4d4569de8e4544fef066d49a6f37b
SHA256 da37df63394701dc4d14b01be320c816d3d298fa290d2d55f365fdb5cdfd06c7
SHA512 e56c82c037bfee80ebab07dbdeeb901a32c9bb9944582ae88240966b3baa939344446a5c108fa316538a1dcab1a90c5e7b79c0240d6bf9614a15c7885c6e37b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 3e4ee60eb28147717a09a79af6e9c25d
SHA1 d2d8f3d729e61a8b9a37c5b8fefead892c789dfb
SHA256 b212f97319cfdd21012962e66ebc497fc1e6e7742972ab23f225e57e812b61e2
SHA512 347254cec7b476add762c939ac2799a3efa0893b7a2e48dafa5d857f2fe6f451f85386e1972b887219bf38f69bb47baacea88e359abeaaa2a80c675f7008067c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 10230ccf20cbe5ced836aae8583817ba
SHA1 68bfe27bc48a37d790ad126707455f8f8768faf5
SHA256 4674fd0e978d5af49b782558347d1aa47af6e9580bb598fbc5f04749752a8045
SHA512 2074e9df2d104334a0a9e383db47cc813796d84683ba7c006510bbae756997972f8e371b5356b44a0cd241463e577f5ad20a39fde34c29c14c50d092da4ec9e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 aab6931b1551cc73e5642369adb306f9
SHA1 ffe73d1abc7c454cc37befde88e73aef7248557d
SHA256 364b6887cf773eadda08da87b7215c856117487c790095dcf1af5065c93af136
SHA512 b079b4214db7b29f166e0b48d680e8bddacce268dd63d00d698ad93c255a0cd7e0a6e91a50b7b33d8456bdefea955fe1593f08670466d9d5a55a2967ec074e95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 529eaff8086479f2eb7337a7215cbe7c
SHA1 7a8736f6976da2c719b7092ce62de5154c690a66
SHA256 04a22036fe70d6784423a91e3eb6ee46f7e79a738bddc7850bf4309ce9c5e6bc
SHA512 63f689fc19723c81316928382634fd5b4354b8582c8fd1e0f49997351f52591839dab21a2197b9c3e0b057b2dee2d7343eef5f228922417d9f9c56ce07b65513

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 648ec33241c472e7d3c4215da972faf7
SHA1 044a43e01dc13b787e62e3dca2d9d16df6502b56
SHA256 455b9ddc86c7bba2a2678c0b99222c89eeefc2e767f9e6dae3f37b26c557f11b
SHA512 3c5e1b7c5b97a28eb11b23729a5dffa26331c1113a18c6c2738c38811ffcd0ae1a8d1971f243c9974b6251b4797e8ebe35601f65ef39197781568dd5b4f9a897

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 2f7ac6ecd92f8bf9d8a81bc96dd3b335
SHA1 000368757943396cbb04295b3f723280ebeffb53
SHA256 d06fb03ee176b1715f198a58a6433cab2c466a75b52d110ee7e44528dd228ec9
SHA512 9ea7fc4e4dcd5778f72d31005c5e63b3295693af67b65e286b6d21c987abca8475c3301922295a61d366cc0e724c5f5a25781f26fcea282520cb983b084193f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 d2fe5e98348bee532d3d8569f8684c11
SHA1 4bf27a3742e5713f193dca15dcc08bf90b39622d
SHA256 8f54b5042af67f155a5fc8a82cfeab13313ee49756aa01020788eba11613e27e
SHA512 fd1491dae4ce30cd6ab74a87a7443425661dcfaa7854ed6dfa173e031d73213e8564623028b6127b5ee9fa0a94ec27a33c29c229fd2903c21bc5207a6d35de3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 fce06ee4e2604a8ee649c87b6547b928
SHA1 b31ff9b3575418c3a50f8eb8928776c8310d0b7a
SHA256 14ea3e9f4613dd5cf87a7fc8db5f87b9bd590e65d1b814232091b9926b49792a
SHA512 734dee3a4e5b547691e8d729c5d810db8841f19ba2db6fb9f413dbd990e63a8f7116efe36e101b23c84178cf286e53197e10ad52043248383892096549a1e982

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a992a776b180371282c3459cbe11b220
SHA1 ffcabe2cf277109b87a5761bc449853dcfaa4768
SHA256 e9b4f67ccd572d96c4170824bfe88d8e01bb1acbc3f36e505283a9aa6788cd2f
SHA512 74dc11972aeb80dc0a1cd9dec28a016b2eff62bc9ffe18a2b9865b610ee32d0bd9d2e68f361d1edf43431147085bfaa7e62ab6c86248693dd57050daeabec4ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 efb989c0ce9372362f9a0c0fe1b654ef
SHA1 8a10e6d0ba2521bbaae54ea4b2d7d411688fca67
SHA256 e92d26ab610037a9468a6d0a615e995d8e35f9d71956c60dfa98c5f65ae96b7c
SHA512 efb3e9e5cc94fd1b25586ab3f48b187346aa370e07b06acb612d57064796c0213f3bc43f6ce86c30adb3672781e4c3ef88b267197527943cd774ecffe129784e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 61852e875b866c2e36bae1c09085838f
SHA1 bd1e4e22c741a55df0ed7d5ca7170608a0200f32
SHA256 53f9055f4c1340c291a3d9be3bcffdd348618f895e17d547a903e534c72331ab
SHA512 fab57a6a2f42361fb3f495ce1d2c2b4d278f55bc66270651274787ab9f2d8f1570e25ceef1e2e291064d701b537d7f26738c1c385a1f600db51389b79d6295dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 081f02c0c9202280825378cfb37c832a
SHA1 a3a2b0ccbfb8ae92e55df3ae1207e99fcaebbef4
SHA256 a9c45316c7919f1c31dcc699e57992b09050a74f93c2c82ae6ad92ad1b784558
SHA512 cf72c4aa87f576c3ac3e74fb974a54c9909eb99bf110c045c72ff900c3bda008d4e372ba83577c5bcf7a86398b23af863a989489e55daeba806547e7c5e5584e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 e2b96b3aa704c444473c0451420b39e4
SHA1 4132c4115bf461c28897a02f80235a0a6c5f496c
SHA256 7049ae0cb86657f84e6fd102addd487fb0758f51f22f55e7906179b1017c33e5
SHA512 61036cb51391d0ec93b655d812218a4169095f80bbbccd33dc238e3b55e965888121abd94d71c353dc2f4a2535a78b3bac62c4bf796950fb58df9a09739e41bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 f7d8632a4f48b221049f9dad55042085
SHA1 27ef97bb7d8ca5341f3da76908dd832e91871153
SHA256 175d0aaeaaae6a61eac32bf00c09c6230579a412289574d358f3abf7298fbefb
SHA512 0beaa64d50aa1c19c4ad337c7e92debbe8a5f72fc7bf3b0ebab82005fdeb9916a4f74512164e12751939f9fb7c0c00102aa9f31232dda05d3960f369d0a08135

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c0dd1faddd1b0d3f0f3562d132b41611
SHA1 f319a089629122bc6a612d65e585eab3c41c196c
SHA256 325ddded3e04eefc398bb8fcddd19395fe3e2a0c5099da769f3ec0030f38a421
SHA512 03cef6cc6c6b58e390f0f15e2421801da7e05e081fc2969c888ada5d6714f9b39c2f3bfcb70863526055ac7d7b086fcced509bc6109525c1ddfb6790b804a835

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 03d5e3f08bfc90837fd65667e403ce69
SHA1 8e7193e64903b1911bf19d877a9ae1bf01211891
SHA256 513a2dcdb33cc09b49fc9bcd9d886032b6d98cd2b8e161e38a78bbb0e2ffd43e
SHA512 af51023abc0a2b09874979faf061195d045143cdfc2c73e5d20d2d140a5af96c9e415771fcc3f58898322cca0f90c920142ac718be01976e0a65a904877edac9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 7003eac7a8139908ccb689aed80ac774
SHA1 0a3db599b0068f34608cea2e4e32b182497b0afa
SHA256 b5ea6059bb45c8a875ee488fe288f35ccc2e481268f68b3cbcb0d716e76caafd
SHA512 2b27a84677c61703d67bb6acce5319c344f969fb930e1c3b7a15e86beccc11ad0f5703a1a7690e0c02215052685504a401ec92c52599f7995d9364fccd43f7cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 880f50dea6af17015b763dc03ed16b9b
SHA1 770727021496cfc13d85f5d8d679e3ffc6623b55
SHA256 06c748ce49cb0a5136296dedd809315e4b409e26b7ae35e6ddf48238c97fb096
SHA512 92a3a230e1afeba71e02fe3a7acb5eebbb54ba015286cc46db0dd9750f2c49afebad4a098aa5b67ec8c651446adf25d725b079c56d80477ef8e8164a5db95ecd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 e73b2766f328f3f2e345c547e5c77f02
SHA1 8174c7163680ab0b13862cdc76e96fe546e1eff4
SHA256 1b2712a780a42542b4c8c48331b609a9c98a3c37a0c0788d27c336df549a09b7
SHA512 a6622461adfaaf6e7748a36560ae7a66bdfb0cfabdf0aafb68d12de035376de3afe8ccb89ded992387fdf60afbc5aee991b7e83cd853976654150b55b9669b5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 02d55a16a2c9d27f2e84985d265a1b87
SHA1 12bb422428e0775d367b4e871bec65c14630d199
SHA256 966cf5924d9bd21a3bab802178317849d76e680105edeba44d5a8441584f9b3f
SHA512 ee672989c441b1f04340f89af166c43b6c460d80a2b44bc3cbe453e28143d1ff4e18a327ebf4e445ed069591335c9840c94edff302632eaf02f4ceb8b9eb4df4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 5ce1edc85788bda97586ecbec34d715a
SHA1 0315c051937ba91e80b5e48348645d5cd39df203
SHA256 eab53e1ded5446bbc74aea8deb8450261b2658ee2f54c9f8251368bed95ccfb7
SHA512 51b864f6359f9b15b1703296b8a688fc0cd22059cdc0c02c270ed86ad96ce031d171785904dc1f8de17d1d5800c0f6aeaad746e7ef0d70dd0b2a54303bd0f892

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 b54e4e95817b850e37b4546e5c60e69e
SHA1 4fc34422c39362a58670dc51a083a0c4c9cba90d
SHA256 77ecfb504ffa3fec5e3643c07d91dcedbf21c3028cf2367f14d7023c71b33680
SHA512 c6f1d349b3c5f52a9c41ca0c28c843ff976c3b9799a871e6542733cf690336e0d04fa1b861ee406c107520d36ad4f292eabb0fc906330b0b33735611ba2c9f49

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 fba9c122efc7e45e0c45f3b8b40c2bae
SHA1 144ceb4d1ac4a0cc5aebc650c1d217898a44aed0
SHA256 79667fe3b4cf28643c5dc05cce0978358efea2e0dc7b01771b715133ad33cead
SHA512 c8ba4abff0f7ab336cdb08a49fc8df7df46a86b2e2d8f82ea52e5b9126a91729d38d747885f9d8ba360503616d9f77ec6381e5d6724d1b8e62734e3732536eac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 3dd67bb0a29d4652f23bbc79d2a39348
SHA1 45fc9d7416f0a882f68d5d478d9ede756e948855
SHA256 1d3de621ff24b8f413c6568859efb30585b979810efd9a6968f9687b0e8facd1
SHA512 c15ee9609aa4fb2f5980249288f906d5b7eb21df48c8864c110aaa0e52870cc7a165e4bd353fbebe0ad6c3c68e993d0e0418dbdd4b60ddcad9ac411bd398aca0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 027a75c6fa1f3ed03bff6b4fca85425f
SHA1 8472f53ca2ea07e428f0814cfddae925ea694f21
SHA256 a3dda18a4bdfcf0e5b55265076d1a87c943121a772cfe017bf2f648b2d792c72
SHA512 d0c246b989da9e4d498bd41eceda26dfd0ba22d165eedb180d4941e79a2fb74a4d6315baa6e45efc4b2f2548688a305428508fbd71435d25adc7ee846e1cc77d

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 0b7c3fc20972fc92b183942199fcfbe7
SHA1 ca30fb0327b108268d32457c6f01479f780125fd
SHA256 fbe7ac67f3326c563b82b7ca04cb0350351e73fbe25614a334fac769a5c3e1b0
SHA512 c3f65ca859400c0695b53a400c8e238577660136cad1e66f7b7c41605f645d186cdc3ff30ba1dbe1f8f87f02675735e80b782aeb928e7cadd5179c09d4695295

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

MD5 c4441c08db307f2c8b5bda40d7ce1dc5
SHA1 b8cac82715020433f2e8133d3e5a6e6afc5910a5
SHA256 e7dc89cf968d0e351c86f622f26ff385980e1aee0845965c01d11cbb59f49e59
SHA512 099415ff338b871c45418614181dec1924583ade4e64cde7915499a775a97baa3cde22d295b6e21b450d2a8b8dca4920a9a9564b99fec79e42b86f7c79367813

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662439852198.txt.EnCiPhErEd

MD5 af4fc45f5f1f28038264645cb850f832
SHA1 1ad462c7d2579d80ad9111ecd0aff5af60e98c8c
SHA256 63c2811b2d2ceb71027c12c1f1cc28a25fd22924125281293aac01852e3b840c
SHA512 66fd1839f2efb72785ea119df4dd0e95961e239ddcd83f52f06377e02a64315ce06f31d74120e1b06eed0921cd7ad811cf9097da2c3dbf6c7ad43270506f3e34

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 069e6a2caaf7875a9f39a5e62303afe2
SHA1 5fb22c22a88f7b76a331f46a7225c595d1966e04
SHA256 183bbbcd2c2009397665064098b50ff3c96abad4303ba1372bdc94222829c004
SHA512 02abc9037c98cd2b8a3293755d11ef1f94e5fff14784b235f4235b23257f6d65b05375e7a533463533c94dac630e49102363b0e1b75b8fe3e0da77ae279a9c81

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

MD5 36c9c5470558796dd171a93e01462216
SHA1 25c5169a4fa9b168dc75a05dd93ceab49655c604
SHA256 2d7a19fcd83b60335492c57245ae7c456070f5bc4cb00412324e2d6741c961fb
SHA512 83779ebde31a29ff13a204da4364c9384946279c3379de346e2090e3fa80210c1269d0e2895126ddc1648a91ee88bf15a97f63ffcbf1d791dac8ecf861fdecb5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 9c5349277470a22ee2dfcc1c7f0ba4ee
SHA1 77f63580d8ec35984eaddb97a260976594cfe672
SHA256 fc7b1f0bb311fbee148c8ae73d03f4d6d05ee61ec67670b7c750acbb77988899
SHA512 c75f5a890f039621624b92d435879fca7e1798a98491e451e0cdc9c69946a082d6586e5cabaa43269ba9b19f964ec9fea1956427935db2785e51b3ece4586035

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 15f925a1051497b44115d44f2d8ec63c
SHA1 65b03d9d384193802d85becaa07a6545e828ea12
SHA256 7973e36158c2e4ecefabc2545924fd997d304a618e7fa2e16d131b990fbe8a4c
SHA512 eeb9ad52a1e90e31544fa53dda0bf5f49f0ae10370ebbc119f1c8343862bb0d72b389aba2d5f8ad7963c383ac1b089a98e7902146c9e92d1136f2bbc6914e08e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ef8c4659c47467ac184e2feb850d661e
SHA1 ed83f64e5acfe241dc3c987a6f714473fe3f9b4f
SHA256 9fff7e0e49b531069c3373df3d9c19161f0486afff520242aaea47de703ef198
SHA512 59dcfe0e39623436a503c25245c71bb5a4be084d106ebb6596e9fb9bc445bd747197f894879e1af61fa6c33c50a5be47fac42180c35b9fa8454cee175db8eb9d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ad3da2485e4a15843bba9cb677e973dc
SHA1 4151b9ffd2aeb40c4d55c5175797343a4a0679a5
SHA256 a05037fc701177ad7ccb3285a752021d8b115e5e4fced14ed67fad19153539e0
SHA512 0c76103064b602e836052708b5346419db5ddd7f52aa2db8c3c23c74d84b81c1464b77d956d5b084411cf0273a82d853211c0bb7bca2cbfa72f8283175b79d19

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e8c606ec48165ef4d26c8b89950c5956
SHA1 a68e8b367073b71f53ddda7d256f5662927eeb1a
SHA256 229fae19f8c45904844f2583fcc886e979b42d55dded0e348379b390dddd6b9a
SHA512 f472b6754a760bb41dee6f25e95ac6f15d14c9feb9c3ab2db7427032600bd81f4e021c5d21b472ea1d249c53b6a0289370276954c7dbbd3f759349ef168e53f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e9bf2fb41bde55458b83adbb98da1c16
SHA1 91ab4d7c5a369a6874640ba6f725bfe8f9648cc7
SHA256 fdd76377d6ab5aaf06f9034f7d707773c9a9113a775dc4ed7d2e5486d5e8c216
SHA512 3e92d06b416c7d1807097bcf5a32fdfc20afb51160d098d8472725ba6ee66f722e34144de5649a6ee67108b653be7c00af97f6f54ec7f1e9f8268f36f80fc46b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 ada540f194c21c506926f81a1c861443
SHA1 b3346583d5a553a40bf25c7837aaf673720a6d02
SHA256 564962b63a09b331f80d8dd5c5fcf0b642d4a3854f4030ea6aec4417f8f82d99
SHA512 164605bc650432d833f3bf36003cbb562adf5c2dbf470b06d99e0df0689484d35e61991a05eb239a9fabdea237bd7920166902bec3b200120ae9f54393612ab0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a8ad83d2c5bb02aa1fc2a72644d4796
SHA1 32d34b30cf6bb18e45e66e934306733d0f83e8e3
SHA256 30fadc62587e07545661256cf7168d65a6dc4da4a98fca59ddd4072e9df19fb0
SHA512 fda8b60034ede605502d1c2ee56cd05ee1b4c8e1d617a7dc15ed8eb26c44280d0b49b26494edc879c088d8765be3bdbd066866c5ac3970b4e7bb9d694650738b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 66f58f41664bba9a8c69c701e8f0455e
SHA1 6e899128c0f76eaf6ec7b53e0540a5cddbfc9b8c
SHA256 b457a090f5ad7cfede7fcab21582a7417a753ed9e0adedba634ace6ac3b79f98
SHA512 552362e659c895272eabb7997c88d87e95190674d8fcbeb19bf57f8efaec18e9f50a8bc17c7181dc87ead5f05d02d1406d68346178bf8e8946589ab811da8624

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0b0d68ad8601a20761b81e4eeced038f
SHA1 761ac91e1a6d4e1b177bd0c38462c9e38013ef33
SHA256 ae568ebad7e76297027be0bf292482129d0821b3d38a462bff3f225f69c15a1e
SHA512 3e13e23966e207a643ef255d2341e2960f04f05f47dab7b12bb4079f5572e789f6fe1a0f0519ccd684b4b203cff1908193e660d13a0f4bbb7a16a3b5426ffb96

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 370285afe59736fa5e7f9bcf4e898a34
SHA1 7dc706b94fa55d539b1f90c402a24ce8fbdf2e37
SHA256 42c7b2698d9bd065e1d94b359c131c4fa6474115bf965b7e4cb0ec0f7230f9f4
SHA512 3e8dadb2de4d79dadbab0d0e017f8ff17824424d57cd51485aeb5327076c6775b1d0fe6b0322ed661eb0de3ea7607f6d3a0a446f6abdf9f4413017cc49830f9d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 68ddee75809d72e414461587227dea47
SHA1 07105bbc8146555a847a99110bad1b8b0dbbd8ae
SHA256 ee89527ac0c1476e515c9308ff0d8789b286a0d6001359a5a0b4cab34d244502
SHA512 aff073c3c9b4732e824e094349ea1028a43c54f56e855153a4b3c1c7dea88a1d6ef384551cf95c9e72e2bc5fead6f4676310d00334f2377f02a02ab251c9fa1b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9720d66dca4a5ab0541e5ed60590aa8a
SHA1 60341b1cbbba6c84305766eed22852d889682737
SHA256 3cbdee50c5bac9b5cd819622d596ee5d4fcbe90e5e960d9e88017a25db498188
SHA512 0bdbbd0cdc1735fbad073d23e4da838ad06a4237a3d040353da5bda62be8039336f2f5bf1283d3e99b8d7fba16c67a4a85d3946cb59f68a64ab9afff8d453cd2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f318eb11789398f8fb0e73057d237af3
SHA1 fdcd2a7277c1e56cc321334698c2b033f7ace214
SHA256 20e587bc2744c21c74c081883c75838889dc9d5d532dd37996f43a799653d545
SHA512 cae8b0b9483fdfd462bb64fbba8af75c44c583cf2f80a1cd50d79b374dcaf977fa7b5540679ed613834cdf7c1a4edc9a810b251c033fd6fe2ccbb78ce372ebaf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e318788f85cb9164b2499e22c4b0c1be
SHA1 4ca6ece87a7eecb2c65cd83dc3b2e8e95b2014c9
SHA256 69f7e31bbe6ffb1b5e3ed2950658adf65f78920ad92db2e4bf5cdaca29e99ae1
SHA512 bd7519b03fc31de82854578e88116368da0de20a36420cbb50cc1a1cc87251de7b66d6a43223c8eb6c6af67e634fc9c1e7e58678d829f92c33dd31f7eca35c68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c85fff50f841c31085a7d403678c425d
SHA1 12583b9ac3554bd4d7d394a8e3e8f803b2d4ee6d
SHA256 4682f6d971e971ebed329e361b5fe2b74822cbd17cae648523dc39e226378a4a
SHA512 fce06d8bf96ca12088ad865061878df204818fb17b40e82205bb3ec50e5527781bba29a9300c372287dfb0b8160bd2964cb2c958397315372c7a42973e2a9a91

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 7cac430bdd468b107b42232954b2f1f5
SHA1 878a819814a66745f27f73cb5842002b5d5c5399
SHA256 a6b83d17d595f8e63bb90a5623759d237272554bfba970659d58a5b6416e11d4
SHA512 0298f40525528a27cd2ba7abf1526d81a6000cc66f1cc9c3007226921a0ebf9f6eb146f454371ac5659098602a418e2526780b5e364b25a8c87b489dca997a1c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 d16374cd2f631338d2098aff4a025907
SHA1 c0e62f804cd1d5337a48593ef8685e315cdfdb48
SHA256 8f8fc03aa1a9d3394cfa08b0c52d772ff524726ec32b117cd946cda9f099e601
SHA512 411338157019d9f55ce0ab1d29db0bc66ede023b42b5aaefff159d42ec1a79cff179de19af98a281dd0651342b0b076976d7c4134dc068b984612fa2b182be3d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f051106165779ce291097b5b0ed30cb2
SHA1 d2a3714d7e25d498ef151ed506f95a37bf90fc66
SHA256 380f94ebe5c38d6973ab89912e4304f7d89ba756f76aea1ea9efae67d53ddc2f
SHA512 ed2c7ba83104af5756392b0570cd244e3b2b7f2ce263a152977bb9c2339ac20d3bce6f092317a75d914aebcde2f224dcce7b934e47c481e7315d98095730bbf6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 e4572e2ab034d69e4da72fd7dc5fee99
SHA1 d251d83caaea882b3600f742d06f55c9e86aeb0e
SHA256 76224f342de32cb680ccf302d5622684e5ee720b17029512eb55c8a75dc1a350
SHA512 c5a5bad5699ee95e73b38263b9c97930edef5eee9ef78c225636902ea591bf1b070dac6d7c559bee4f845c1031fee1147e29c24e816a7bbcb6c102b491335bad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 f318e9d816b2af90ebf0511e667e9f11
SHA1 cb6c088503891765123a7ce2dcdef3e5760f51be
SHA256 e8f364653ba7fb0378e125acafd98e315fb54906a1f3a5d3cceb87819e14bce4
SHA512 712096eaa57cb2254c3a0e04458c9c7ef6e631d0ed25da6d3e5e8de05c5db12b2b79d0486d3d6ca034aa039c0fb52e658182adddfdf1015a7671bde1a6c09e40

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2d6ccb3835e498ccf2423f9a9ed3027b
SHA1 7c16988d2d467ac91c44103e2f7f96f38bf54d33
SHA256 db9f1542f8f9e97daaf2831ca7391fac15562ecd94fd2c576547df51b6e35b4b
SHA512 d895d524d0cc45eac1ea71dc1fa7e730b15b2fa85fce787df592fc635ec023fca8317fda413da6e3e42efcc62bb5add6a086949c07122120a9eaa106316fe129

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 2beb91c84417a2c6bba1020b434bc183
SHA1 b9b8ff2a6fa730590933d7743de4f745a5902a85
SHA256 55ee113e0d873336089ce797d41e6d2308dfc186da097c238d9c23505a064b62
SHA512 ca2d42a84000b2526fc5cafaf4695e236394c56330841bbca0a8eb665a2c5429ee2f3aab7cde70b70643416cd59c862ceb8d08ae4362f57464b5800347bfcb28

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 c5434e68f2dc70945fe4ed0b5e553d33
SHA1 fc07ba78e0412a34d24814e7d0bd9864638b6619
SHA256 241eba0da1924db8e8da40f9f2139833b711e362aa29628ccd896df5455777da
SHA512 0cf52b0a47fc672ab4b86591730aab6751e80c0c40cef16c11c93819c5336d5caf983fdaddf6dd0ebc5f9794cd9d752561ac38e0280404ca0b2c42c9ba4d05b8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c1db8ebe75d39d7ad04ff3855a8d5439
SHA1 dbf9dfdcd56f9bfa4908136eccf633b53599873e
SHA256 25ea9e2b89c6aad360f58ced9545800bf8cfd55d9fc143c8623f95f4807c729c
SHA512 512c48c0886ead9f3ff36f65e0f6c33ad5be00dce69191a0260606de4f8842922ab5378d6784251455de66936dc4f05b5ce8f71f88acf44baa930038a2e8c0f2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 fd4799f9dc2e67a4fda5c4c2db4772b8
SHA1 934e2c8efc4d84489ddfb1bc49bde3b8c44a2dc2
SHA256 466667d4fc45da8e0f34957c4413f1885db51cee7f071d472a51000b337ad5b3
SHA512 8c4e7a3a46a79469da2b30af1fb866caa112a987160bd174d791c74cc2e1b779be301eb96e22a9bb3a8956aed5cf4038761ef0ec756efd99631dc8e8c9ea92ac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4ebb8178b4654d52538d990680cc1a96
SHA1 025bb8b08c1a5fda08e0b02914dfe75bc837b7f6
SHA256 52d4a1f290888d0203cee032a5559ec6c6a1433eec6c55878104ffaa6e10ac07
SHA512 803bb55768dc4d07daee0beba76b3e96040ace44dac638cfa6eddfbd7fd2c3b58f4b6c19a4976b205bc9ca996ce439e5709339f4de3793148bc1c01530686c25

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 c9de01eb7acf26fe65a5ad0adb17d0b6
SHA1 7f4f0160b8c055f24e70cf6e9ef0005b76e8d0fe
SHA256 6a2f3fd93853e7803c751b00e4e0f3537f2e5bf3077e5fe18d795f493a2b1167
SHA512 de1b822a5dac15ad13d4576be96c4c3ab3a77b5a4eb77029f509e7a139f4a6b6b408cb163da53e8db7a9fb7d2988f95cf8d96041b4e9257d39307a00a35733a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0516a9bffe165068bb8a493507435ca9
SHA1 aee2f7b39ff37746cc28f1f613e350b60ce61a88
SHA256 84ee0ccb9f889a5ea64dc15ffb1df71b4a55e51a4f87c5ddabed2768d86e9cbf
SHA512 905aef176dec7e29d129c4a214eb94a229a38cc23a0eeab180726a5b19bf1742ac506b325dc6c9fd108b560954ca46ef7bf23f2bf1300904f4f200b6e5a1d566

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f8e63b40d70cfd5194747787d1137e3d
SHA1 d12b32f897135b171ae0eb5391977bd419710949
SHA256 fcadc74fb8cec8ea04ded961f1782d5d9c9df5b37cd2b7d5a06914da38b5ccb2
SHA512 0c13ddc87c09d62b10c0be2e7e859756edd4667ce3807ec65160a947f53c1e5c59adde6aa87a3e6eb6fc1e09c69c7b8d0380e23046724221fbded0219477960a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 909dc1cfbb792c1d65b9abb6eb829a38
SHA1 e3519cb9fc399e73f3216fbef9faab181f5e00a7
SHA256 2c4c9c58a01a494bdf556ec155b0347b12f39fabb09d99eb7dae2589ff97fe3c
SHA512 7985d739890af66533be1c2376c5cf8065d9eff010cd1ca933f60e018963fdfec80c6c0c7cb77cf8f12a6f97d09c01e9e3dc497952be608371a5b59418064474

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 29768a6184053bbf2840bb0f96fd7bc6
SHA1 401cec0144a96938fcd60eff7774b446c4af0e43
SHA256 a07889acc5a0b089616f764fecfd1bd2dc4df0569978299dcf3d71fa8c1946b4
SHA512 71478e384108d12f04f1e492ce2f518fa9ec899770f653bf4bf89f30931792325aa3da698199593f73d4105f846db2a034345d9f00eab143f49686b609cb2bbe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 c8dcf9768994559d3fed7c9948a95c67
SHA1 13d3bb142dc5c66b654380c75536e7f2099e69be
SHA256 667d7f2bd7bdc97de74f7565832e644c687da75c8e332928940b3c01b613a043
SHA512 19e445f2aa0fa79417344fd5a7c389a6711441f6124518a85d4f99ff967f6750967aa012472b18f8dd98d4383c922e01ce03f200c412c599488f9d2773f69acc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk.EnCiPhErEd

MD5 b69ae2cb8286a839d377e5ea6917e446
SHA1 7ac0ca2165b05bdd4efdc1d8504efbd14ca7ba34
SHA256 97271439710d0cf3eb91304fe983948f2b04dcd66129205bb2a8313426f7073e
SHA512 478db1dd7e3d7b08fe70a599afe7258bdd5634d2a50a4857a5009494a1e7c6856686f3c6fd2c1c078c3ffef9364e81f94bca75bd8a5d61144f4798479e90c399

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ac7bc7b6ae72d34ad4a243c435ed20b4
SHA1 7e51158775058f9aa7817f3265e45cf2dc4db8be
SHA256 cbb487886036301b2e591adb39ba1ff87b2bc7093d2cc28637b700bdca73b1f3
SHA512 3f9d0c206c4ad84257aefdcd28c2de4e2e0fb74a840fc073ee0ed7680e9ca36e3ba005cd9362cd2178a763af01a5d46060c4dd08fd7b0bc91e8a1f03f4468e37

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 e7aea11db642ca59738138b6f4aaf199
SHA1 67bfea2be84aced5389d1b18dd72b40abff0c671
SHA256 d1a5e133edd93f3ceb1c77bd9744e95f224caa88ccafa288223532b388484775
SHA512 5cca9ad435be1cb3165a905f1a4ce674aacf1d1ea0343e7f54bc88bc42bfa0e60289daaa65ef9a144c00448b0e000dab0ac8575ae494feb78858a7e9b17e4d8b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 aa73ff663a9164ff501676efb69f0eaa
SHA1 cae276ad23ba144abd7ba0d8457eb8d7e42023c3
SHA256 cb1a18db79fbff8e8465793e2865c3520d7040d332fe151a17dd81e5618f9063
SHA512 bb6c8d293969d1f3635797d60d465988ca2e493133d02f77b8ea054e8a847c4b5e77603cb81884db5a9ad7ee37e8bf3ba5ca658f0495641d4203b9e89f6406f2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 443dc77879271df14ec5f9a70f3d2bbe
SHA1 b976a595b7c4278e3b6934117a67e99026350ce6
SHA256 7481e2f087777c349d063e4a07f2bfb02014bbc61231a1dca20c8119c2bf36e0
SHA512 68ef1a67ff91ea9b14fa28ff0076358d9095f3cb224f499c830f12d61c7b4b3ac8574416619f9273ec2bf3993662a1ab558bfaafb48eafb7750184a0341b2d02

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 54b25a8c1d3ddb163a115c223b61971c
SHA1 bd9520f18c265f118b8c59e9d19e61b47c90eb2d
SHA256 64fa40743f1417afe140133daf26cdbe5e581d2f8f501c108b17f68137a6b141
SHA512 5a2dac1a56d8e6543090451075e70afebd85c20caca0647768f2ccd0af773d11716892f35f589e5fe72d4ca0abcb84d104a11f22a390a74e285b9903652b826a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 0a5d298197fd6dc3b75ebd0f0bb9371a
SHA1 120290ebd032b93476d966de5979bfab6bc82129
SHA256 8624aba373dc71f8af27535a52f753d9d6d1fdcbf8482250df2e7c26ed4b3b0b
SHA512 f1f0570b08fc20e63de9bb98ef6289fd92290ffcc9f546059202c5ffed18b9515f4000d9dc7e5328aaa77b7a7f8790eaf429493e7e37afd708618b53acca345f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 d78d51b36457720c992f2ffc373cc5d3
SHA1 215b1e1c8c50f1d11313ef0ea73f8fe9aa890a51
SHA256 c35a0d165d0d0796ab106cd96dd4c504f275060f0970e4ac627be360d85a77e1
SHA512 9083955749ede07198a1a59ebe3068219f055f87236b2cac67f1dd3452e9c99db94d1e84b307f3696546440c4659fefb3f972553b2534216902b68e5a222d39e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 1867163f10d3d66c65ea78fc98250cc7
SHA1 f58f19993fa464d6d6f3213d61f0abee35fcdb07
SHA256 50c1a5fcef985e8736f531868fd244d62df5776d26231397d1cbe326f9bf6d96
SHA512 d4d2561b444b33407682bac3511a7295299942275b28117efa41585b49d5bc3f88f4e2ad3f9f618ef59c56532c2775b5a01d1bd7ef6e48eb20010ae1421c20cc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c525c14ecb0b36741b832fe7f6fa666e
SHA1 ea65b9694e606cedebc33087fbfbeba51f9ea0cc
SHA256 70d6ce6b4e6320c7c5325b98a08ca34825be8aa4eb3d8874f7a13f3cec93528c
SHA512 01686cf69de267bf66eacea65c136c7b82a90ffa10f1df544c7c35584b28f97db4dd3a73b8630985982160a9714c6c9793e9ff8f7d5462c1d4605f7521156522

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d9a706aceadabc721ddbf0eaf885b7ff
SHA1 c686ac9edce21756894219b9087800bc0743b7c8
SHA256 28648ba0f0a85fd7fdc876bb3d1da4d8491ccbc2d21da275669f7f061915e69f
SHA512 34640a4f8ac3fd43503cc152b59d9fe287043a6a107e61432ff4c722a81087cd89125750d51b471020ff59d14590c15d0d17b24162a0d31028490528b87386a1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 20d32811dc219639ebff9dd0f1a581d7
SHA1 6db13a9e8fef144971fea79de66c1e22eb523290
SHA256 9a54bf387f8aea05e9070d821598ab579e4e70479d25a8818c2690a7ce9a5de3
SHA512 00c50084e0b6e1d90658dce933ceb9d95d02d2ccb8647da270fe246ccae4894c57791af7e08c3a6bdfae1ed0f34dc4d83b1dd225b037bc987bdc5f3933414179

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 8d2b3935e274e599d634c4913d5d519c
SHA1 1ba8ca6adb85832acf1b2b38f55ed44552dc5fa8
SHA256 89b2beb870bb1d29d92d151cf6012a1f7ec7f78b276b31396ff07259a4676468
SHA512 a26ac7f7e1d840ed75fdd7df3b7bd2f5a9e5b279f32e622d38100bd3c54503e33d71460bf49e0e7491281fd79d4b8da2dabf371b2ee01e400a4f8918f58d5506

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 5f73560e6f37303372024274c11f2ed3
SHA1 36af5a9475c899fb79e713a401df796323a7f915
SHA256 1965ba4360c5cbb560accb53e73830a7e3b1bc82bef3a146ee629291dc7f10b5
SHA512 02c30d2f31234915e35bb9230705836a835a365e13df75949a53467c3a5a02aeba6a3a15d0acde694a3ccdd8175b4b8d1f2db1cd5ce9cee4ccbed47a47c8c1f9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 74c34c4a04eb2301bd1c3136993dbd46
SHA1 cdabb4000694c6f7e55f5137235abfa565f2c01e
SHA256 0ad225841c5a406c80596f6bf99c2eb9c4f741059e439165bef0df9e675ba530
SHA512 c34cb2da079a6ac8231c6aefa13351674f7457aa793b2c8b4250190edd060e7c56a00859ec062a334de75af7c7670c290186a799e4f4bc6d27b7735ca24807c4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 21df753935f64afdd53651b825b7d721
SHA1 c63f472deb14f4cd427c0b33389c81d8f28954ee
SHA256 8274004293d34f8843eefa758f5542065df33a43152f5eacbceaacdd96bb6712
SHA512 52aa7e9cd11051e50186a1672574cb9dd3ec2c648e864ae29730034918c8033a6cb7ec140b82c58cba70eabb610267d7acbd4f9c7bffebe5b7a0c0e46ec6e280

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 70dfb652cbfd3078ae5c86eee24d00e2
SHA1 4a68545b94623cf98aecede2a8438d4c8a923669
SHA256 e0090d5c69a643c1fd841ea60fa29ca61436e9505fd8f3bf6a34674a403d3956
SHA512 1bc84066008d8335a4a029ee8f5bcf0757d510cffd278ffc83b21ac2b0061b019feb2845597d1013599b8ec4af4ecd3b714f51da02fe03e7774f7d1395dbdf55

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 29a497b133c63b57094ddc9145107521
SHA1 31decc8baf40b932b95f178e1071cd71673da012
SHA256 7f0e78a9117c0c9980ff2bed5dc6230f28eb2bd3abfa16ed27105027e45ac8db
SHA512 8fa155098b5f6b697a938851ee35c2c475c5b34eac048e9d4973594c28388214c497be405313d777554242d85020ea47ceea4d9ead657a2d5423511fef3a143f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 1fbe576a54070c7b6c90f2f47374fa2b
SHA1 d585cff728da14e5aff61329c64c6215dc9a9fbb
SHA256 b16e780a6d59adc99922ba8e2a991a22ade36993d0c5389367afcb0a6bfecca3
SHA512 99e231e4e4059a3ebe46c2e5875a7cc9c3aaa7e0bda1b1a111a641368584cf91104e56c3041f6cb1e6a2169369edb2cb3521d7872f86d355a7a79c9b3ec9201f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 80dd840149cc2fa3a5f66c31cb88b0ba
SHA1 d4654c0177dc272adef660bcd9e55f70587e8faf
SHA256 2e581dcaf72259ce420aa3df82c3b8d6387805735b761e4b14ea75b42c9980da
SHA512 834ae66acda10d3b521075629b0b18bd89a7c933c1cb57dc33d9222e6db655434eeba31655467c318aabb451880fe6f730be31507eb91ca66534f2604c815186

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 8ea8a0ad7f421597b3d8738a8d5b322e
SHA1 dd6af475c4e9c9c2d19df4fa2d8b9c02dc1e94d2
SHA256 54bc71896bde5318e9046405c4fea2aa13b53153df9c5724743c0dcb6115cc96
SHA512 d1a57e2e419a611a2deb7f8f37bd9c674e39ac8f3fd6c88c1a9c0acb8993c9f8bafeb6ed15351dfe674e313ef1cefc91971986ed272b69c058433dfcb6e99fda

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 58470c6bd8a9d5d530c14b0d1241bc95
SHA1 9b5bcecd7b3e84328ecbda4188c078dbc813d0e2
SHA256 431740673377cbbf5566e85ea30d72a894d6afd4654a6ae32048ae98458bac12
SHA512 219642b7376f98ee942d746dda434984ee651d916cd360d95de272b79aef41855a9b3f8ff8b06287b6f5a79a28c9ef368b799145e53c541ea69e75f43a1adc66

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d42fa29efaf42e49824b8547ed01fcad
SHA1 ad78528fbf908a39cf0cb27920987431682d1a06
SHA256 3178df72e853f8647ef93314bdc1f2c7c88418189c5e6fa58708f82352dc1503
SHA512 76a63ad58f548f5f4ce48589bc91a1622cb180786c4f97ae6730e0fdee7356fba0399de63b8defb01401cc27950d6c99904e1ec4145a930894105dc7be67c15d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 07f689d361737239f41a8db3e240aae9
SHA1 fcbee3601646b8bc84fd67b1f25c60715a50e186
SHA256 1223ae6b5850bda52fb56a8571f863e4108bab20e59f45ac9e6fe6c187db1ae5
SHA512 5f4ed4665a15ad083f286505df848ad99d326205c2949ab74bd6923390b807b0ec9ce359fd607206842d8b7c47eea8c9b800898fa9e518980e7d0aff3151d278

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 93f29858ff0e1f7cacf5c8c0af9f6bed
SHA1 cd51683c65a1a4d97d089fe5f7ca18bf5fa8d612
SHA256 cbc7f831eccd4c6a47c7aae43bbb8ebaf4b83407eddde126e79d4ce9526b51e8
SHA512 d1d92d88a58853ed85235b811a86d6af227abb41b89413876d010967f6a6a58231b519a3d490c470d59cce8b3ef3cbd576d8f1e449426dab428ca7d620f5fb32