Malware Analysis Report

2025-01-18 20:28

Sample ID 241204-r4n4zatnfm
Target c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118
SHA256 8a7c6ae143a867e7689d23b6f9f71cc06387026eccd75247466da569cd2fe1d4
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8a7c6ae143a867e7689d23b6f9f71cc06387026eccd75247466da569cd2fe1d4

Threat Level: Known bad

The file c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2214) files with added filename extension

Renames multiple (2173) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-04 14:45

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-04 14:45

Reported

2024-12-04 14:47

Platform

win7-20240903-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"

Signatures

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_neutral_a87289088ec2cdf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_neutral_0b11366838152a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CASHREG.WAV C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WIND.WAV C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2f8f2f031fd3ed16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c01c2904f944260e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.management.ftp_31bf3856ad364e35_6.1.7600.16385_none_2d8ee93c3959f1d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..p-provsvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_15d2dbee6e2bcc6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\164d9beb2bf9b6160593f915a2d9aa6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.1.7600.16385_none_da3b5e9090e80564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_3d23a154a5966360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_23b7b32e73eca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4e62c1e879bc4e05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_60803306b12f3e01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7101885ab508339d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403.htm C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tkeyboard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d0c91c6829ff58dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-microso..data_entity_targets_31bf3856ad364e35_6.1.7600.16385_none_97c825879dea5a84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_37e76787847804ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d84812f1bf0defb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_de-de_850100436cc18a89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-autoplay_31bf3856ad364e35_6.1.7601.17514_none_a8a9e59f4bfef126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_b0a402c879512106\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-escalate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ad6cea24cba1a390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44419527bfe271a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ab225f359f5f4de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.17514_none_09ee9e0dfa2c4fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fe0a300973cf3a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f0450e0d355cdbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9c272c9b1f341a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_fcd566500495183b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_931fa6e8d461efe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7600.16385_none_91ca0158317764ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_85f4a683e5bbc7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10079_31bf3856ad364e35_6.1.7600.16385_none_26c8c17d283a97be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-xwizards_31bf3856ad364e35_6.1.7600.16385_none_77fe6053a02b5dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iastorv.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_44b449fe9bd5c013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e665c683bff7ef12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cf656045fb19cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm004.inf_31bf3856ad364e35_6.1.7600.16385_none_50ff82015b97b704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fa3ac5c49589f64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00060408_31bf3856ad364e35_6.1.7600.16385_none_1907606a2b508f38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b6a810c932466c0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll_31bf3856ad364e35_6.1.7600.16385_none_ca0a23a23bc12926\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-tpm-tbs-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1015113591b29ad5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ipbusenum.resources_31bf3856ad364e35_6.1.7600.16385_de-de_64bb033d23d52278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7e7f3bd0c60c7e17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.services.design.resources_b77a5c561934e089_6.1.7601.17514_it-it_20a79342ca74ceae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_ds-ui-ext_31bf3856ad364e35_6.1.7601.17514_none_725495895dd6c054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbc557144037871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6b0d0584b7c57262\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..cing-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_01a818ccd3455d72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_6.1.7600.16385_none_f3c4b68fa2dbbf16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_m.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ice-transliteration_31bf3856ad364e35_6.1.7601.17514_none_b6d304bf3d6d523a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\ehome\CreateDisc\Components\tables\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe,0" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IGBFVPYJNTPCBSB" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a29d6d43965403aa88e48f69395adfa1
SHA1 46a0d2fd5bdeea0351ec38be300b447e94b0e0a6
SHA256 64a018ab90aff0da6b228e6671512a3fa98aaf9718d887891f3b6dd54e65ed37
SHA512 f77971f33a4fbfd5ebf84f67173e4de761bf27f6686bc84350b79eb7e849eac3c6b30573c60788a345ea564208b487abe35ecfc0976f314e8334ea0aee918a8e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 46239e096561407516aa4fc4e591ca1b
SHA1 4ef752091f4d678cafb242e92fa749cefd9cfc54
SHA256 44a14f0a1d432605d14641f48013d0735e82be1abfded62e0a8e08c608bde0cc
SHA512 69dc31484897bdd5731eb9ee1cf9baf8df0b7470ea817eecfcbbce6508fa8233462c6ebf750fd1be2d515f982110d9aede553e2b6c76690f2748c7a30cf48b56

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 2a4c85baa910eaef0d6dd60e48f142e5
SHA1 68658ae18ba63143fd305bb02953e53c3f6100a6
SHA256 aff20eab860cad98e703b5d1e232e08a914eb94347432f71321c377320bdc8ce
SHA512 3427a672b66c6e402663fbe80c5546358da02590c5560bd6087bdf693a084b9f5bc8fc2c4e7f576650973f1570efb1f62b7836fd2d4c047887e7e4d597843e6b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e69e60acd8c13a8b52bbafc2ff7bcdd8
SHA1 6850c9dd964fdc1e915c89751aa24de7b65a229b
SHA256 c866fcbbc8897f3ace39c2390805e1dbf3c8e9fbba22351dd9fb3eacef837904
SHA512 724fefa659ba78972b09cdee40a805e37c6884699201c0416555a8bf71ec60a3b3b3e9b3e7120d81db6b832868fe9a87b682b86931320195b933f0dc2a939c9c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 b97cd0966aeb3ecea5e5471304f96e16
SHA1 86f097c9627a66a09ce27fdce4ed0c239ba3cf0b
SHA256 b57081d6b93b8726e60b893067fb4cda001cc6444bf5445cb008491465ff88b4
SHA512 a91d28b1efefb0bf7fb570c87b958776d69fec81fbf1350aba7868f7e8877251987b54768cca573423741f44d4c36d3a8717ce729c654344ca3beb1fa7b33817

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 97c0b0dd69b979f2c729138fe400ec7b
SHA1 33ccbe33a5a943d3ff6b2689c3231b627cc929d3
SHA256 a3b47a6593ba9b4d07d8e9c7fc1643819c622319e3e6dc22673055634a3c5ef9
SHA512 c930b1dcdc7c59d492adf243d3340b42840323c85a70366565ae7fde6c0484e63cb17d72bed710f4ab502f7db8d369208b69da9f2b7d7ed605e1435280c30eaf

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 9ce57d07cad6cf1a4cd937c1e028af8d
SHA1 dc6ddaa63e8f124585afb6bf44713fcf1eb467fb
SHA256 0804b880a980cf435de7d72dd51082d0b21fef5a33c4a86b8d064c7d117c6cbe
SHA512 6fc13d6a2ffeac9b571fabbdd233024acd2d56f5366ee246c3ba3bc71c0b85f4401c1cd59fedab7f9f3134493b9ea3c896f16857386db56543b131328711019d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 0b3a9f56c520e24390ef753392718b77
SHA1 6a6c450006a70f765d96a9ab306a5d7896d55be1
SHA256 df3dc95686db374696f585105bb5a2acdcc118442709bb2ad5f3638a5d4f65cc
SHA512 4d1f60a15cd53af1d9e78e93ded59c9f2dc406ee96190c42540da0d9af5eb1f76f28becad29f4522cacd98a874ef39ff482210f1576385ce7dab6650c3a157df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 03a5cbfab4e2b1eed92d8f5a8769b2c2
SHA1 3b60ca98ac4dff494567810ce2ec4215c2cd916d
SHA256 605305fbdccc26d693cbb79f965903fea17b042034228dfaecb5eb5a649aea0a
SHA512 3002058ae2e5cc71cb4469ccd340689c6790abb8f33c09dedb46ae6794d2fc15feb314c499c9f9ffa8b3a9888b0005cddc8ff934be1681527609106e4f6fe09b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 550bc2dd1f5e38d520e60fd55c08184d
SHA1 aefbea49fe0c5a5863e916bc019a703268fb0d25
SHA256 31695ecd1abdc43cbe916f9e61c4f051b219d9bc18a01c17a0d6ced429a9bb21
SHA512 58782c93685e7e8501e31d2636c474c320d636a21ad2f612c65339457ff1b4a511676d2baa116be49bf6b62bd9f3999182546207a028765ae7b64a9cb8569b86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 01c7bb0c9a360c4a5674d13c6a2d6450
SHA1 642f47c9c57099a730048c1c8d05deb95fe9df35
SHA256 0d4851de33042d885e02c93a1ef42b9e3e021cc933e5388c05a8ec784fadc3af
SHA512 b0df50f376bd9287705df5b103f9545e30a11e0a7eb8d4d3ed6cb25ff1297eb2ae527ce712107bfb09636ec87521706bfe9050637c9c14c06757cedc639c9324

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 73ac5ce9a2a83ccda747fc52b28babb4
SHA1 2083369871768036b5fdc93ac020b4b6cf47042b
SHA256 04b71d8605b65a070c255fa0a34a5b62064624a74dff69cc06dc80d1ba690a92
SHA512 30e01f96e753f1968382d50c04b9ff3b768724240765dfb42e31a0d24fd38160c3a0f34e7c2fef1f59e59eb80fbd95fbccbbfeb0775357603bfa54069ee33e4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 fef4f87809c156f244dc0399ebb654bf
SHA1 b51cbcf6720ed658f352d340d2e6030c26cdd7df
SHA256 57136292f96859763e13f17c9e59451b5b31b8dd3471f27cf495e115cdacdf97
SHA512 a2ec43d1a0509b3ee9e50ebe9adf27245bde8dbe7d13e4934c7d274c9b0dd86e5bc9b71763fbf1ebe0ca5de4d544c29825607da718dfe75efe4ce0655a84959b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 bf4ecc2d876c2105db9457b248db96ae
SHA1 5a420e2b6c90b0946b1eb123280a144b0f44b25e
SHA256 b96103e44b3a425b44eb85c044fd54b332edd0a1869a7a2cfffaf04b10cc32fd
SHA512 8bbd1497c46c3fb39a13a152c079808db2391ffa119734dd6f0440c4dfbb9c26e1e826456e78d8e7caa76084f1db89aa2a096ef4ee6361ff6fe83ee0eb23c07a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 9892cda55a4fee1c2110aa47f1518349
SHA1 d1d054382cc9f049e982881b1dc3b96b55b1371b
SHA256 78918d96184bb4ff9f2fe19106cebd3102ba9b3b1f1b75fa36126e11ce2c7aeb
SHA512 c4986477287edfe910128589ba700df0c56632d2057780413ef84b7cc27eecb9d1bd4f53674c62e8d3c867d227b44749f1668813cb19670a93c6e1895f7ed56a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 1175aee8cd60088603ba4daf9416b359
SHA1 f8898f10d182c4e51bc8ba2e95194cb1c0d095ef
SHA256 5847b345240c8b3ec354e673a4a73f3f3794ae0fef44a4319fdec6b98a68dd37
SHA512 e52f40976d806a8bba534b97951a735a77fa3caa398519942b109c922325faa095c09b097ebc33f229f5779504dcebd95f2b380c48233fcbaae0c38c6124520e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 3d57b3a2e5d4a1f1d4d9c3a21ac78fdf
SHA1 a9b16fb76091ef8ce7c991dab1c39a3316c35407
SHA256 11c5354fd8922977b4e87b08c1faff73d7c9cb5331930da7dcaeaf83d1b65b14
SHA512 4749967ac13754bbee8497e0d3e65702c1af5a2738e8ab3c8e336b51b42a81a7ea9d898f9d96bd3286876e3998ff223a51b674e81d76cf620185e4dbe8d27f1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 357a9205ce5aac6defb541f4a1de88b7
SHA1 3c2974b0d785f54c43b411ed4012e8a46909a855
SHA256 96b1a724d5bba6647631f87b43c73cc28a17b1485e9f247f0d5350088c3855c5
SHA512 a3c23a79959270ccf5aa744e016a0f4bdc0237f00ab792b08c39291ef229706fdd2ce30d7ab3daac0225ade7d0b52c2208038c3dec148bb1e1988dc20b8bbf2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.EnCiPhErEd

MD5 916359c374a08e440b9e3489d661bb92
SHA1 a11af3317a07c439577f7ce6e4d624d57df8a40b
SHA256 0323702ed3fbe0deec6a56c36474f9c88db338404fc747f9bc1d58374b2844ed
SHA512 d239dea40e99364dc48d9579a40f1f4f5c9d56eadd0049b2541cc826d904094230e4fd19f2aaa96d71193035bfe5e98e800b44484000baed7303bc9a11aab4e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5dda063b04c2112939ca7bffd163c637
SHA1 33d620d6ecc335749c54f91712d1d871da521667
SHA256 b1a2c13f32345d0ca7aa66586e711852cc3056710e749a25b82a597889a5a5eb
SHA512 f9b3c773385b41caa705808c73bf39ee58c923b547edd4aa7efc1837f250607e1f93634f1f3c0d6c9ae17feacffc61470b7ecf93842cbda0e5f1480d4a2e2704

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 e662383c61be8793aec1b7403924aa04
SHA1 40bd4c2bd8a517826acde8b7765732f66688a5fd
SHA256 a3d1a52688fd76687bc6ce9af7d327e387a75a2314c506325b714c6bf49eb32c
SHA512 0229ef64ddac850524aaa191b03bef228b976ee0423f8146b3bde85efe18327249527bbbf3278acc58f22431d9f3ebe7a157d7534eedcd2bf199ed69d0a10d72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 74ccb4dcaed8b46edf432dd8461a56d9
SHA1 aed7da78ea3bea3e9b041ac46d826360c24ff7d5
SHA256 05f9bdad68c80fd0314fc39d829ef91e190e105841489f2daea93835fb6e6648
SHA512 49a73d1290a7195777ad0679a3f8bd0542592e97fa60126174104d83c903b8f6d36b274cb17eb4e19926bd8a846dbd49f1b324c03323b8a8c5dc785ef4ea1181

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ac0593446dc28452f982fedda9ba4abd
SHA1 25ff450c218da065004ec8a5ebf686417344286f
SHA256 809615f1d6ee199cd0a77d66e21b7f6774c0a9c45b6c3be158a7162169865bb3
SHA512 0ca3e8712dd24e5564c2fd3d90f8375350dfa3bb771932c8d9c430ba03e4611caa6bdb704feb797a765378cf505c1174aa35bf3d09a96cc6b2ed02160beb9167

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 b1a642ab06de57aa3ccdf99d899a1002
SHA1 b2421024672e5c442852d6fb507b10b3f7f5cac3
SHA256 da03613ef044a9c0b0479f58a88cd378e288ffffb3df6b419d108822aba3c5b7
SHA512 c8d398083b591745719acdabe7cdb3eb866bcb030e8781af1d295a61386253f854369686ef1ab69b901f54c4d79683bb753b699aff5586bf3cf39d88687a39f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 590d8800ff280e749c05802c0dcfc10c
SHA1 5cb6971304dc2930eedae0baf88580567a6b9ee5
SHA256 4830dd3c44b4a40ecafb651f7aefe366ed97424c5184d2ea32aff20342d58f30
SHA512 263ab4df67147bec46da98194917aa87f8b15432de175267ee69f9d8803c5e2f76903df2b64e716fa681d7012be8aed22b14cf7305f023f6f47f201b681fcf62

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 ad08accbf92bee1ad6b027d3e2453d3c
SHA1 564696be1e896f22d655cc908e9bea952a7d3d2a
SHA256 d65288142fa34cd3f9a72fd690af9c585b8edd21b806af0e26ac105554299069
SHA512 011a8b968058a7a28162f4c6ef98854bc862585ae3890456bced94492106f3f3346a6a075b3109554732bf85605ee075251f403c213a620c15b5d5215c9e246a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 efb705c328ea193381d4287955939b58
SHA1 797f81c7b61ed04937ca64ec90ffc4d8dbf3cbe3
SHA256 cc2e0a0777b573096a18efdb5f91b3590e2b612a167106221d975488bc00fb8f
SHA512 1f87768f0b651e760d6b3df3c0fb14a9f397b245ba1dc7a2e395976a06729711c9bdbcc151746b1e8394210031b841f99fa4a733164d58f76301a233ebf4cbd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 867b47d59d5960749516c14a63e36614
SHA1 303289d12a79c665a9d32e2586177d46c8585c94
SHA256 0e7c4524a7fefd8977cfde4d5df691613ce82402eced7da000c9047dc753ace9
SHA512 6418c7919098be9bf0fbfdf6db40da2f2951bb0151dee0f02adcb5e0b2f98a066273cbaaa3580de8aa9fc7504c5241bc68eb5847bba820e398fcceebe3c503a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 619b88b4f7f6dedc916665c82b209953
SHA1 7b2a66e157a349fac87585d4aefde3ade99c604a
SHA256 d16be5285197f24ff7e91f40bc0e2426440d99e22b1a8a99870247ce99616b96
SHA512 4a4c7eb02dbfc3f49909ccc4c3bb551d6bf79203f9044a304b1c21d824e79d5aa0425d791e7c951d02825e295af0c30c71200590911eba8cd303651817789202

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ef07122a53e040f1eaf194c86f9af357
SHA1 114fa562559544b1fe21dd838195be279563dc7d
SHA256 ef96b9147ab3624759efe310ea1a889ce0a6a2bad1e110920ac60580e9ddf8d3
SHA512 2c72430e04e1767c2a3cb4efaee0f2b9a72cd19d9bafe16628235271a058bb65ba97febfdc084738fc53fb2acfdb3e8a66638206200cb0a3d091128c7bc5974c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 3b24b04f98b8c35e30d0eb1462524bf2
SHA1 bc56062bb49b4fb5a4290b84c763ff5f3c51877d
SHA256 4683416c64cdb6e7c04264dc3fa6b3808f7ce6306fcf4f161a803ce4e034fe73
SHA512 637808caf01a2d1a9fcc070f728a3775f172ae8c9113488ce7ee0f59580f6b3be56e62d84848635b521868b1052b14a56a8381bfe8f22aef5644608d45c477fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 918baa675876776788aea180642a5ade
SHA1 c82eba1a84f9c0e9f9460d57f3b09aad5e73091d
SHA256 cc4a7ddfe13fde96ace0c242610af2ea5b35f14f600f034418845eec8a5fd99a
SHA512 866d5cc0ac4c87831587535f08a33bc20a7be5f65d4a594b65767deeb61e6f549281fa489be038883ff9f259b97f82723944f0f942e4e700f0fe9ebc2672f752

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6f02cbe5fa5162633d64b79993f00bc2
SHA1 c0992e45fe53c4c21c2dc6a84fe42f627e2655a5
SHA256 a4aa661a983791e3992d2d5acb0c65e728bcc972a7f34a63361ee3b2abf18840
SHA512 a7ada5d80016f6a2d567ba32ae2de224c35bb88a796b389d8ce91bc1b0dcf8fbc7dff3af5366c49eef6f2cddac11eca18e4b8c77e0b12694332d82846cc6a570

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 85a3cf01122664c3259b5759340fcce6
SHA1 82f89526e3f0b711cacabc73958438a460d52c2f
SHA256 4a86d8301788ee80eba64cdfba84ae296df846a3f3f046844d0cb92bfd34c539
SHA512 ddcecb9f3ae176552a6c2d7a7e1e2a2050f0eaa07ca65bd5a141ff4f1c0089776fd6a2910be732f8c2dc2e4ccf7b16c886a61eae842bdd5b2c4100ac5b3d5ee4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 a522a1c11aa84a7c3bbe1832a9d1eccd
SHA1 1eba6521752de5a1d3478ff33a3a5c5d06f751cf
SHA256 f849c68345e657d4395ecde57ea510b309e38e41944e793012ae3aaf263359af
SHA512 55875ceda6c5885413fdc13ba9cddf62f6b67e4c60f136f4cd5f484b86d9f20135e01f9e5854cffe396e9f59294557e44b53e8a04c6f13695b468400731a9704

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 cb2c5b9d5241a50068b7318f1c59a903
SHA1 8cc09eefb6e6a78d3309bcb2ad5766dc3cec0493
SHA256 165b654d72391db66ad9fa53812d25860c8832b84f05c13bc08c370dae574181
SHA512 1129384a9543345c6d6c742daf31c98ef90498ba50be3afce6c07fb544289ed2b2617dd49b53596cdab9b343174187084a3c54e307838006bb0b071f236bb893

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 1a98aa940327f4fdce020e16abfd90f8
SHA1 703fa63c1ddef278fedcca9e1d9901f44d65e74f
SHA256 a3134e7f5cd7e3c3aa174f3bb33328f0067a379b00b5b3c15d67cde31a627811
SHA512 0c7554264ff31591775a9d492276a2b22154e5556bd5b2059840afb1d1fdeacfce1663cd32289c3c48a93c5037488737e3dfc5ce9b3e75a80deeb625309b5a9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 2aa21d21dd7c2e79ba98592a01bf64e3
SHA1 8559acd86072fa21d188d45e1f38b61baabc6997
SHA256 53a179bc81621fd2dc396f8eb33b7c158e15e0e52b674ce39c1e661709e9b240
SHA512 2eb8d034164b63e61af74b1e7666c087830f833122674313650397cd9df4643a1f6dbf5dfdc886817c8a07ee06cd1b0f50f6f52d3e371c8092568bb4ad5142b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4e4992c018d619168054ae6a1a38ed1d
SHA1 e68bc1f96313acc52494453e820592a2bb74858a
SHA256 54e6129f827aca1da69e9315adb4561c9b33c13209dabbc826942bb6258e541b
SHA512 5f5214915367982f19502814158a60f184239af2d2d3bef342f1299e4bf4862ffc2e328118b1dafc92238dcc0c813744bc66fadf1a8a0ec0dce1a9c21c250f7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 dcb37fd0652fc2202e3b07bdb5394ed2
SHA1 e3e9e6e2330ebed7ac8ddef6e2168f62119aba8e
SHA256 48168411bd244c03b4ba920ea97343349529e57d3374b7c4a1d3dc3489bcb763
SHA512 0da260effe921955af04e5dd3c888d32c67484af7b11af01b6b6c9c48c29a837272af1363ea89d97f14dc2137e3ce634c62fa65a500e52802790629c893ce7e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f840aa6c946bfc1daa4932c4c7088ed6
SHA1 a303e126da0a76ecdffc947612a834cc7c57760d
SHA256 30bd73f603c9da83c00c29101a673414fa1bb33c29240d3aa3896bc44845e6e6
SHA512 b98c3711d5d5b99d63a37e7a03658ca86027f64b32d4efbfa33f4867492c888ab3e350adc08c513c4a7ae56f3010e4d4f0a06428d2c4f522b27bc3983ab0ea96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 ce469438ccbd3da57e340ef35f038813
SHA1 f05956643873ca022f50a0b2cf287078d800f1e0
SHA256 0f747ec0886d3da02ebb008268e262b439a57e502a2b9cbc4c4c5e1ec1baa60e
SHA512 40b17ae1c0dd8cae4cffdc7117489bdc1a4e3acea4ddd7b09ad34af27b3050acc2e088552b7016e04a7171b6a899813f072a0e50d60f89e6b76e92b5a67d5b5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 aacaa9687b2d0eb4c935ab831a754700
SHA1 5a09425a3c6ffc58f9d188430b32563c34b79e01
SHA256 f962c64b76395939959fa8644bc6d69896547a0e904ba91c1cdcbebd2f704138
SHA512 492085eedc08146facfaea0a5a6c796dd9918504817cd8fa498c3e142a02feefe911104d6855bc6c77efd29fb08d7a1d0dc7a13744a8dbba48a6ed809a7bc2f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 d6b91394e3940a5b6ca40b1611a07fac
SHA1 995fd14a70b7ccdf5045e09694e888ac841f5d3d
SHA256 096a153c65204924c8762e45303327b3b0fae3fd763b3c382c447e3695f805a1
SHA512 46711c10385341451b35201ea1353275c0ea7be9c0e3d7bc3ed3b8ba5cdee3830b23fdd7559d3b5d2f416e5074601d707ed4444e494121d298281d19653beb63

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 801cc32636696e1645196dfa3a8f050d
SHA1 5a2595920ca263aa60d035379b8303ad719fb2d0
SHA256 3bc71392d7d55f17e5a92e7ab63a9f6e522e9317773e8e8b474478550cd3b22e
SHA512 118f61a4666f6d0654e0092dc92fcfd8ccde2b09c847c463daa60ddc00511698d194e843f4fef261aa2b03f16bccd42b56b5ce16f4a68c65c7bb21ca456fa996

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3d01a3b5e7a3952a3d7058a60252074c
SHA1 25ee2261d55b4013ccc3ce04e5ed87b2e5a333c3
SHA256 5d452d0eb9456a7ba562bded0bb7c1530e942c387319f2f951ab61556c630ac3
SHA512 7dc39aa6e31363b73c775e0b6d47a31e1c9ffd7ac66d657343c398a5cf1c6e6e2a38121d6656d7fbb08df1c1770c92b5b360371ba00e5f662d69828cfa848474

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 58f91ed2d9132b113fbf935d83ba8b1b
SHA1 00e62d5ea0879f551f2ce3b6bf1e4d3b0c8073bb
SHA256 7866d26f6a3855cab544ca350f874c88782df3f6d2d4a3404210c3a98d786ffc
SHA512 15273e7243c3c9baf43087c66527bf79a616c512f431f73c6e671ed59e9ac5a93929745604b398e08d5e4fd1cc4bbd6a20a1ed5193dc49f16f3cffd6d61ca436

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 ac56d1d75513297832c93506ea3724a5
SHA1 da373a12a5f9edc8140661d15d5515dfc15d5676
SHA256 8c0321d1d96df7b12cb51c9d2ad47a95add7518827cf0c26d0a760c0995c45be
SHA512 33951424549653ce2d1e8910e3bc3e92b0a78a951c07d0fa4a6bfc7210d9e95a48d4082955245165e9a516807876b4228b0ff7cef68dd1361b97ee1a3535b744

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 0168522b0cf2ffa0ae79540f6d56834f
SHA1 86399a98cd9341064d95d5a70e4d2c301842aa39
SHA256 79d1c9c031510a237eecb1b4ff358eda5c397f019bc2040df8575ecfa9ac720e
SHA512 30040f6c1a3407459a47951cf7b91c5b5b934fc9249147ad6ebc96e2221212ceaf3f590d2c2248c8a4070c4a50a28e9a29d71a5cdfd35460c0a4524d34af78a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 da84d27ad449d16305bbaf8d1128cbf3
SHA1 f8e35c224d549fe1f6a74f7d56af03f36a83cb89
SHA256 c6f5904650d9f619181c1ac26cb943e78461bb85e174a642039f7f602f43c6d1
SHA512 36fc8f4b5c21b662e854cce344eb30965b360f0fc0e9ae910ad1e09195cb87976a447d471979dde67b53b1aaa4367fd702006706aa31ef02149f1ece1614ff62

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 6291e965fb016cd55f9e43fbbb00a60a
SHA1 f59b5892c0d4353d3e9bdfd897d6afa2e611a432
SHA256 e74d4fcb4874a1b972b3dc03e6e89853c7f23414f8832c0bcd2495e5c8fb20e6
SHA512 479d270c6e2b8b0127bd1fd762c75a3b0462fb03ad9ee3612683a0042e7088cedb90212ca13dbc7c685b747b87291bed49b8fc1e7e076fb36311c93c0658778f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 48de9a2986e7b320f22926a8f9c9c2de
SHA1 c7cf06e7413d561ecfd944768401b897666b8569
SHA256 e4f5202926054f19f5d2cea33ecbb7b59cf196ff1e61f8e7cfc8f46278f3824c
SHA512 b00b50679173760de99e0f8f057312eea394e0aab47354c107773cda0207dd9913a4776c22497fe6f825f4b3817577ad4421011b990fc1789c7dc433e15dbda0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c44622d51a91299847a8a32eb2c32004
SHA1 e91faf0cfecaaa441b5f32e555f7b0f632967928
SHA256 62c7c137d6683ae70fb2a1487ae39d5601a32bd2ef4fc912d6ce6e816e991401
SHA512 a8a0273d70838f3a964a6163f7f52316ff0e1f4ec66090816643a88cbbb443d21edbe6d1e4735ffdacfc2597e4be99acc9104a54e76b81ea5b3de2a38ac074f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 c84aae972456bb19fc244b5889660ee2
SHA1 b827e8f9bda6764d3a446f5b6b9f46a26d7240f9
SHA256 db81723ef8cd8bba9dd282e8298d88771e42070aee53b53396c40bde1f8b3fd2
SHA512 70ce4643c04577f198dcf800232a756a3581dda6be9f477d0fad0b71efc82a800ade6c43e1df822303cff2e8a0c79493681a91e840b9ce310375363648765cf8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6d16e0197266c6779277727ecde4ff3e
SHA1 13e203505557e8d3f5463453819b015c4da405d5
SHA256 3ee7f8fd971e572244308eecbc3ee0cb97dc2f0bdba136f04dff4f973d9adb5d
SHA512 f5ddbab8908e4e6045b67a8142ce1fbba76903b7e20797f9e544b298252531bb5afb2feb1c22d921437ca701d852a058b88517988f1fd730115b6c13e823e850

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 3cc9d18c3626b8958ac0bcb418fd77f2
SHA1 cc58aa80186b0b1a3349ea1838f035c565229cbf
SHA256 fd8a553b4219cf9971c313708018236d61f7338bf28813adaaac607deb2d0830
SHA512 03de90e734bfcafb850fc8d5f9890c59a34e0b63bc1dc9581e670b18c112094530104d7f8635331075b4a9947008e7fa8ee79bec8e34d0b8f0bf4a2ac4dffb7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 5713ced0a11759b3d4865bcfa22a3963
SHA1 1336dec547d81d5687d21691b3a6e05c0471cf72
SHA256 dd7ef50d6c2940884d4d52f5bf4979678b340a35f18ed3c9aa6600f34203f9cf
SHA512 3ef18fd8620ba7cfa4ec37f35027d62060216fe9a6d830eb6edba941ac6cd1e4566fef6759c82f61f65e3ce5a903f696e975af6e6b626b2ccfa132a818ab2cb3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3579de4b2a34ace8fc8f71f152f91a58
SHA1 41f866d438c3d4833c49b120443f2e9fc1ba3928
SHA256 3e5d161c0c41222e1d5a0b66262f4b762614377af970c327b07ee179ff254142
SHA512 43f17f71201f0d51f848e44a6d4a049808707235d9bdecda61664e7260cea0a01a582df3bdb6a3f99d98701ed7376cada07e5692a3024ab2fcd3acc345ad5772

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 9db3798b699dcdf0f0574491e565536b
SHA1 921e1758cffce7ed9ac56b14baa673f91f3c1d21
SHA256 d9b89a0d7c2c670cbe76f7bd3de2346bc621614934e2711774564efeac10b987
SHA512 0a061291e7b947e813a550266350d4ff4eec9b11bfa336068c4ac73ca1b3c7e547616e4288c29dda11387fef5c79ff6d716e8c86ad63eeb793c95ce5627c5fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 cc7566e1be441e64b22f8ed2bb4465f1
SHA1 667c3a063d58d5b1282af4017339afaf78fa3cea
SHA256 aac284c497737bc85fc8f2c01e7dd4abfa5268e4e794bd479c2da9b2cf956504
SHA512 1a852b7c22d6e122552ec6b36a602c8b2b4a357c29aa2b5ffe1c53b1a13637ebee646d46f57349b74f9c175d46988b7ce9e4ad015db243f95f072db0bf20fb10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 4be3536ef250111b76df3fcb684c116d
SHA1 7dd4b8528e0bd9d97c8a576ba4c3f7fe7273a402
SHA256 28e7771b3a38f7dc29a10d42764f23f0c8a93c11c225192709d59d5b58d9cf94
SHA512 366a4a161a91a9a9c7231454783a8d84089ff80be742f521c87d4ddd2c78f129ce4db39dc213b9c29630698aaff5c69ab7ba6e369b4b0a2cd62a54aaa1aaf42c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ca9e7b93c4ec457d622952ff157cb6ce
SHA1 a69de2449d668e97817351e1a6338b00cd496207
SHA256 1451fb9a95e8bc42309e185984e69b1711bea931afa6b0b869c46f767bb649f6
SHA512 511f76e69f3a0b1c62a52dfc4a088ac57a978a0955948453c957bde1ff616a2279256f76a082e8001095b0fb7d4fb400c871cf60cb235b9b9c6c4dbf5a46c53d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f80de726717a1b86f665a6964272db32
SHA1 756563484100628a1de4233811f5d64242f1a699
SHA256 84064f371d18ee2bb7accd16cb721dd54a0ed440d8d6dbec892200b6d66ee268
SHA512 01b0b49ce8c64e7e5049f8d11d308581d03da0f36ee5608d90203d97014010846da13b627bf4cb74696a7a63980a2f53df28308dc96a7868f96e62add6883062

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 44e2db69f4534f88c8062162bf5c00b4
SHA1 cb855e68d3fcecadb545014edf924cbeda78288f
SHA256 2d81fa6ec9de56543d77fae995fc67a19fb6c3ea60c1f9c6491a63b22ca3f206
SHA512 d8e14987d42e94cf733ade6c8e0e636cbf4872e112d3b809c6e19de24d4bfe70165755fb93809db6bb8e7f5367a67511f286d6fff65923a7c3a28d9d6fda9de3

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 aab2bb16dd5f3b10ad70427ac33a3f87
SHA1 389196012f2f962b0644f9d9238e36df7e37c66f
SHA256 952652ae4fd87a533d542a88c631e95d8b19960a781b466e676fb1081bf39f48
SHA512 8fb3c89dfc71a3d0ddd0c60c71f6b5df91cfcded7300d4d7956e60aabcef32f199e3c50f42733e43ae21b7938db2b68570fddb9f0879986d340b379a5c57d767

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 4163b5d5f482ee88f1a70e86d98dda03
SHA1 90b02ffac15e38a24d4d47f5c4c8f27b52fa5ce2
SHA256 a6fc40e01be1e14137f11f3e84087b3feeff8f518222b89001b679dd45d65f0a
SHA512 5aa5d64ae73536f50ec7f602e9c2bc78006e324280ee856167af5780b0fd29edec5d1c30c55c192d581c10508a82a5651b2c7be2b4cc7bc8b7989ede34d5d705

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 02f3dc0bdcccbb314f1e3007d8fd5089
SHA1 dfe4d1783edc99dc1fe115bee248e45f424b0f86
SHA256 a95e8ac3a1f74ffa08ae5d88798d6652e91fc18732fa90dfbbf48de25cad97fa
SHA512 0981f3da601c28be8e245912f60a0e6c75b3040a94042d381435d2cef11f2e8601007e96f5832a51f1e9979ea97116c2c199e9bf4de3f0423fcf98dd583798ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 05155138c197170785f2355e4aee6a92
SHA1 a73fe5d7f0ecb2f54ceddffb3c63ed9bf81a6ebe
SHA256 f777613b11de1fc1aaa9a9735e7d9dc266ed3a5d9267a8957536b02d2fb09985
SHA512 f0fc9538733765c1104d60d17992f324ceb0d3a74bb2fa3a813b5f3d97995a770c667a01eb9f215f928280aa85d4cb8d38af93c5908c07a85927e381b7c5f638

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 524da8d6221944b17e2b656bc1860693
SHA1 07d0cc216124b8838220907cd0e93629f35ff04a
SHA256 7d21de81f1d038d9e960390d7466127974b4e388345e2374d7f4de096b06015d
SHA512 9245db6fc90c31fd9869c2a084b0f25431ff7e08ed76ef63df5f5ab1f87d500c41e4d94c7c95104347d0d748a7515311053e65d06dc0142bedf9b624775e5acf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a99089adefae8026f41c25a8089eb4cf
SHA1 8b9a1125ee08118ed2b27fd7b63051474c198d3a
SHA256 3923047c9d1af5f41329a3d85fa4b7f6ec01ab7115f71adc04529837b6cb0f67
SHA512 ca15fa19ab39f38f83a591b8a5eaa38ed1b15feefbf983e0f7e58649b3cd1c801affc9a96ec33ca7bed5e52662148a6866fe8c6650effa7e62501606ba20aa6d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 13bce9d03b105879eade2e8f66f3ac3d
SHA1 9d810a4c1f5167b633f08be1a979deabd9af5207
SHA256 ae9f8c94ae4f987f2e752dedc8740c5b26a189b11f6eaacdb97eb757902c9b78
SHA512 208c16634179b49745e992358c6c8e8c1ad79fb76451e5962d7baa2d3f7fab75c91145c82952fcfdc8a2ce65647a0591c447f7dedb44d8bd3b74ec43698c8f0b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 5043bcaee82deb3d62603d66e787e0d9
SHA1 1a23bff04182344c29197c1ebc74a47a8efcb24b
SHA256 5a723d22f9b3906c2a67149a4900b0f60cf8360d9595c0acd0f5bcc0e8d037a9
SHA512 1297e3855383f51e9392f54f5ccf4ec996faf02d5a4516abe80eb584ec686df8b4ab949cd26e03f99e3c7f09a186e0e0a304fa438fbd7b2c9408c0e82c37f05d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 40c40407a6ecc5e6f5d5ec0d22c4c63b
SHA1 4cdb291dc312c36de69ca6fd260cd988e569e8fc
SHA256 36ef50ee4f1550840e5a02ff7a2fde1de1369e81953b7fec8626dcce97239710
SHA512 0425d48c033dcd728191dd333eba7c5b061adbfba8539acba6de160cc705369e30355843338da158fc9fb6d74162fcd3aec180adca1a6a49342e70f01783fd11

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 390527b63509a407537b8ef42c99eaaa
SHA1 ca7ec129ee236c8274b8330daf60ae927db3f0c2
SHA256 27495b064ffaf54e67b27424f40a24a04ad26c0cfa12d3af5b94885aaea19207
SHA512 52e5c9511dcc0895f2a8165dd4c0734765bd991e193dd7de78b2a39cbb01e2b1ef855789561360eeecf78a836bd44e1cc3c9ae621e6068fa9ecd54faa2f7d393

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 fbe4a0a59c49c1fd4dd45970098f5078
SHA1 cec9755906932ba4919244c7066073a4d8e82e90
SHA256 aae047a2717ee99f0abf2fcc09f84309d52461d8e05c5ea2def69b5938618d05
SHA512 1ada5b714f4a8c803d303de1665e84d4d46616c7aaddf1f208bd92a900608a6c23469b0ab4f5af730063c855dda39e0b5aa751565bdffd3493cff789ac0e8c45

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 88740c716ba9b1424c4ffe7161c0105e
SHA1 aea3d61c9054cbb08c611be89a63e53a3a103d97
SHA256 862eaddee0eab0a7a252a7ad84b30ef8022f05707a6c15b2c670c1f3ec8a2af8
SHA512 5ce99e8fb8f8175482b160b0d45d4f7b0ca31c58cdd170f7a4338f029290a491335a1950170d4f2030b12da358880db9fb404952a70a0afecd2e302b97646132

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 653bd137f3670447539571642c22f333
SHA1 43fa002f26b716a43fa69ebdee6e9b91fc9e5b71
SHA256 b643eb7bd8dff1f6b8f5fabca57864329c36b4dbf8794febbad5c71f5f48520a
SHA512 0e64e5a539659a50c48c47382c6e1f81f4d0005be68ee245e539c6d0f87b34d2588255eca9a275ebda2510a5f82d2a4704da99caffd2f8418ce68285899b1209

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4ab00a94d43e702cf439d9a7eb597b32
SHA1 e2e060af05cc9e82ee9ac039443bf5dfcdc36d16
SHA256 e4b6744921f46df7bd5eff00b265852b9357179060047c3ee3e3b7d86c54a99b
SHA512 735e4bbbfd81b2a4bf0d53a105381464ad76769488b92903741db3bde0474d2586e48cdd5ea36980b576ea8789cbc6cf32f263d45136ac8e981763b7044f753a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 2321d747cc8db5ec8b4d3148244785dc
SHA1 212f8e64eed564c84468ad0f6a73bf6661dcb131
SHA256 d7fa3492d0f4a6ee8e18a907b7fc5fc505b2f526a1c5ccb6c94bf7eaae84f640
SHA512 45c8ed722e52d5e2f218dcf95f3c662f14a42acb336392686d501f89996e026d34483619fa36694d55252ee4107104fb36dce38037a06d2210ab537e7b0d43b1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2741a018c6a3ed530181d009bceee2b1
SHA1 d4c1ab0c6f853729d01522b0ce4891db16e0351c
SHA256 6546c18285f1d479dd3e51ee72b280326da25a84ab60cbb4b74afb0a42436156
SHA512 d9dd4779339644765b7b5491b93d52e7fb627f389b63f9009aebdb3bdd94a59b1e635b23a854ea0766359626eb668e1b35239f7892c81f30a3235c6a59f34ff5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5b5421c0b0b54572a96574ab4bd53540
SHA1 9534b40ecce86a53618b2344c1d53dedf39805b0
SHA256 f55e2e1983cb440c4e9f9a7110d6308fff79550aa3c76e09d03af7b088ad1fa6
SHA512 a78d57af1ff2d44bc03ebadc77b748a0df5194ad0692a1dac2282aaf94e05caa5d2f1ae57d030bcd7512250bf38545e9970ea86ad57e8eea1e3f84a594e346ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d783e04d6adc8b00fde20f2b4d51f4d7
SHA1 969dd026f8bf0d6e569b062fbb5e50481df6856c
SHA256 82ae45470762e5250b804a7ab25a219d88e5cf319f442dd3f94803b3755c8094
SHA512 80d907ca0dac2b1265de2dd2c10e80765297db3280f358a3532986ccf0b60d5fe71254c9ca8627627c4da550402273428d26428c59c70cb33903eda7a22b5f3f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 1f1bf29e03529bd649743db17cb20460
SHA1 a14b315c6ce89186f242e560c17045fa754c5a82
SHA256 2f4766a954d04a747ee8d4e4c22652dc537d044d8fc4895b1233963372e10341
SHA512 0b172091ac6d877c36d5a470b1b87565de44975665a423f05b1aa7ed1b2c92b5433e63e865702e92d6fd6cbcb93107ac4959507643bdf0e1927b04172d1a274f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 10ef302424ff49275d10ecd69389aaeb
SHA1 3fe473bd17113893a3423d4c44c8ebdb706ab6dc
SHA256 aef565fce959507aa5bb9afd9f57fbbe73411c84cebec88f548a9c4785f9f1ea
SHA512 e5831d84f6d748eaaccfec945cff10d64b2c9805c28ee74f40b32e9e1b73ccf70883c104893fbb3943512b35a7cce2967e1342d6fdbf36199069a693fd4d845b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 d00077e97c4ebd02c75ac156802cca8f
SHA1 95a82890fe15602f6532395ee91a91232e5b1247
SHA256 33cf7fef0045a4721fc4c9e9c345f9e972f923a6325c0db70ce3c0c191925a2f
SHA512 8d70e432b024f44ddc6c2b7116497569ec13aafd91a6bbe46c49e8634bd589156f0b7a4908ac618838a54cbffa0a9b1c4199a1897b2edf0d1618b51b138ba90e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0d983540feece38506a94af317272578
SHA1 13a2ffdee659a54d5a693974c6c23d8f7539d146
SHA256 0d495f1a64d817b7d318372c276b740a7defbbfd2a272a0c5405b6d9b2d0c8e1
SHA512 d570d7d491bc1613d2a3739fc4f5e58ca53379659c3871af567d180aea091a215150b246af82933ab0b32ed3b38b700977106ef88ff9d1ea28683b7ed33c279e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c09db34c1b9e4e1947ce357f64f1c715
SHA1 3bbd60c1b7f757bcab33b5281227fe51502b28f1
SHA256 cf1b3ded7677a71adf975110e63f423bac63262af56053912bc3a47ea185c6ca
SHA512 a7276a2ea4b90d5284b17a76479871a1a9ec6f0bc0899b7ec710bf118ad3c3d11451f3c82b7f6048437cf624228f1bc2fa9545452ffabf0658de9c787ea0df47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-04 14:45

Reported

2024-12-04 14:47

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"

Signatures

Renames multiple (2173) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\errdev.inf_amd64_616c5168a5b1807a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_eb59a40d88060ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\call_failure_illustration.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-114x114-precomposed.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCacheMini.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{1D4B5551-822C-42C0-B673-53AB80587853}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\SMSConnect2x.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-200.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\hscroll-thumb.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlFrontIndicatorHover.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\8.jpg C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\example_icons.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_users_res_b03f5f7f11d50a3a_4.0.15805.0_none_dde36c0d0bd9e3f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_usbport.inf_31bf3856ad364e35_10.0.19041.1_none_d54192b9b0949c86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ructureconsumercore_31bf3856ad364e35_10.0.19041.1202_none_ae0b61173f965b5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ice.backgroundproxy_31bf3856ad364e35_10.0.19041.1_none_fa16cd4ceba3021a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_10.0.19041.1_it-it_a4639478cd1041f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-corperfmonext_dll_b03f5f7f11d50a3a_4.0.15805.0_none_08e6554895dd9e18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1202_none_cfef4afda1c50630\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-identitystore_31bf3856ad364e35_10.0.19041.746_none_1fbd618700a52b5f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_495d4cc0838a204a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgePDF.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\previewTabIcon.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..imeserver.resources_31bf3856ad364e35_10.0.19041.1_de-de_4c2f6661d9a3d714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.546_none_55651f1b7adb5c38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing-spooler-ppc_31bf3856ad364e35_10.0.19041.1_none_26e2dbbdc6cd4858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_sti.inf_31bf3856ad364e35_10.0.19041.264_none_0daadcaf12f909a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_10.0.19041.1_en-us_ce7a85b750327612\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..show-core.resources_31bf3856ad364e35_10.0.19041.1_de-de_5bf91c71ee5346d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_b1ef3035e92014fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..skscheduler-service_31bf3856ad364e35_10.0.19041.1023_none_f5c39f0cf22dc265\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.messaging.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_3ba040dea2209883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.19041.1_none_23bb28d0952bcec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-b..h-bthserv.resources_31bf3856ad364e35_10.0.19041.1_en-us_f6e7d389638c5385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..erclassfilterdriver_31bf3856ad364e35_10.0.19041.1_none_501bdfed027892d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_percsas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_171441c14ca84d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.scale-100.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Ignore.scale-125.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\toast-hero-image.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_10.0.19041.1_es-es_ebe6f36b4c5f3ce9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tionuxexe.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_247930607e3d4efc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_de-de_94bbe2514defe005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-haptics_31bf3856ad364e35_10.0.19041.264_none_2d0a641f9d88ee11\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_10.0.19041.1_de-de_4dc5437ea580c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9d6a17c0357eb3ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ers-about.resources_31bf3856ad364e35_10.0.19041.1_it-it_059a0355442ca0e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_b84e385529c68af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_ca50a32caa12ab10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..oundation.resources_31bf3856ad364e35_10.0.19041.1_it-it_d144eff82572d81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.153_none_70cb6ca43c818606\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.19041.1_none_cd761f3a5c1f786f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ppolicies.resources_31bf3856ad364e35_10.0.19041.1_it-it_d82f71797fedfb72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ows-web-diagnostics_31bf3856ad364e35_10.0.19041.1_none_a8c8490751bd9d21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_de-de_e1c7c5c5782839e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbdirect.resources_31bf3856ad364e35_10.0.19041.1_es-es_7baa65825aad4c6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptbase_31bf3856ad364e35_10.0.19041.546_none_4db3c6cb412a03a7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-cpxl-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_f360a0c8fbe1967a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1202_none_f4d88755d85c332f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_563f43a91c42ca16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d2585b1ab8d220db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..admanager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c72df24aec48666e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ad6b722487e177a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_10.0.19041.1_none_d1465b94f32c66f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_fdssdp_31bf3856ad364e35_10.0.19041.84_none_32810fcfa25bcb13\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..itefilter.resources_31bf3856ad364e35_10.0.19041.1266_en-us_b648a623c9262c3b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_980b0e2792bde2ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe,0" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IGBFVPYJNTPCBSB" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a29d6d43965403aa88e48f69395adfa1
SHA1 46a0d2fd5bdeea0351ec38be300b447e94b0e0a6
SHA256 64a018ab90aff0da6b228e6671512a3fa98aaf9718d887891f3b6dd54e65ed37
SHA512 f77971f33a4fbfd5ebf84f67173e4de761bf27f6686bc84350b79eb7e849eac3c6b30573c60788a345ea564208b487abe35ecfc0976f314e8334ea0aee918a8e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 a0e42f22d37013ea24eb57a76374b98f
SHA1 bc4b8acd7ac0db1307470be10cd6af213094cf12
SHA256 3082a661d136f8cec1d99f661a6753eb422d3e985b370dc9ac29a158b19fdd70
SHA512 cb6bb665e6c29ef1a100e9e43df21a422036ee6d06e3fe2b675e073a2457f7c50c713a426f8be8cd84ee78917345081e24a9bc377f64bd77e2fe0bedf90ececd

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 308607899164ea875c0c6ba392f0df23
SHA1 6d533314ff6025ee5486c4f07d7001d81153fe37
SHA256 18f149182912e955361ff26932dcbe5001def48c019cb49503a0c423ee3687f9
SHA512 b76bc89f45fbdefb0cfa0c921a6d6c16376ed4d966100240ae4ce7fb0521ca7ace1da2bff7ea170c3b02359844950cd4613247aa48ce7644784b6fbb03349dcf

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 adb1817fde5b5ae202b4184f772135ad
SHA1 d4cafc9d931d3c68c3503ad34e9b316a07c2c0c0
SHA256 43ee9b82ab7c88fd0f9966b4229492e5405f6f5856c0757f16e66454fb4b6f62
SHA512 398090826171a41f0b7ab145a2975711b11e7a2db218c372d525f5e3a4d05e2964613c337b87fd464e8b10f8df21456cdde4aaacdaf14ae0fb31b3e87095699a

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 8767716fc850a35a560739a8bc8f3d7c
SHA1 7ab9649a3b12604eb5f45fdd855dad8457a6870c
SHA256 979fd16cd6eb2e76aac73f6b9667dedf6c33c9132556fc4440884e6d4e9b0682
SHA512 564fe47fdddbc3cdbb22c5e7aaae9e888d17dc26b78890485c2e78c4edfe7001e5865af9cf7c5f62c241da99dbcb76992e8c75c7972ae9fcfffb896143b496a3

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 ad722944ecb02449148ce85e9a7b9ab6
SHA1 9a0282f1ae402c7776e85e4901c468f46b2e31c8
SHA256 5a70518bcab89c3efdbc8f9cd1fd53f62a36a99dcdbc5991876d64e122ed01fe
SHA512 0fba72d57855e37a787562d447017e9c6dcb5dfd3794a61dee80ceaaa5c22c3587f132e911aafa53dd4a231afbafd2133bc7f82f884a706e46433acb06222cdd

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 b04e8e66f4db6b178b1bdba346b62b29
SHA1 a528472ddbe2b4192f9c48fbb5960e5565c49239
SHA256 49f7ce02814692d594986e09cf452449cbf06e85cac601232a57b8981a0eb81b
SHA512 a31f274c3b2a88e4732c5fc66b39d2e806e1ebfabf57e5dd92c9c45352081146d8f57f3855a4153c2ae493f5bb1cdaebf25f17aa3461bda9835647251736b8ac

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 adcc576602935063f0511c90a641f93f
SHA1 7655100da1ed7a2f03b16469bf20777564c92de2
SHA256 c4a45a77fc6fff5b6a62dcd67546a1f73e27f44a9f02096d45296fedaff69b6a
SHA512 48e7b3a33241d5cb7009b1b87ed1a245e3626339b6c626ca7cec1eea2193c36f35db366dc9692ad7abe6d4c773fa629b33e12ece7abf0d117f019ee777ebc182

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 cb51e45f4913bc0edb9353d0c4287c75
SHA1 c0144f8d68bdf033599529185ea54ce50cb27d51
SHA256 a752f6edb573b00a0e92355c3467f44b37d3ed687f3e685c4ada6d65ef9ca5ad
SHA512 8dd73cdb2b146d14e67a158fd0755ee0c1eb01b1237aa809373701ce9eba20fce0156b50020b2f9923ed1669a4f74fb3d96d3f12f9ab2593538cd6fb161edd0e

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d14c05ab83c8a96a0bfed010582986a8
SHA1 644254a761d49195ea8cb803449736681f104666
SHA256 8c3734f5876ca438c33b94b88ce7dd47c69ce735adbdec6207f5f8e242a48e47
SHA512 e3dbe3f6973d164214418fba0563271f270e0fb7998bbc63a56c560cbaccf06564211f43a4bb38da5ae3d0d8f75f6ea97b1ca0d2ec080136b2f2626ce1c9defd

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 b908e0758f1d23fb89b9e43100e3dd97
SHA1 69a6482c14b165ae56c95deaaa189cc69a3098af
SHA256 e0aa8b5e6ceb604c58d0fa7488150b6f4ad515ab59f4cf8b4997d53f1436892b
SHA512 f1028463c137364adc49d2c9850fa05112f4aaa717f2277fabfee706ea8acc02180aed246f024d71895479ae5a9e9666245bd2e73a3556a7e9a93ba5e592046a

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 b6c60cda03d30ea33320b1df8b0c8fc3
SHA1 238e7bd1106a757d4a372dc83dc609baf697ff7a
SHA256 aaed07693f6c3d9547b6d500f64e109fd89a3e09fc2e78b88efdbd6617e43487
SHA512 be5699c3768f20ba038dd8d212c0525f83f6c22cabaab022766b0a6907bef79495efefa913e018410bf7dd0425ca53dbb4f5b63198f20773691f0875e1c4b3d7

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 406a1abf8be715611d07876db4ba47df
SHA1 ebe6eb2f43fc75236f1c0a47258ff1ae7d740799
SHA256 a861b7440f4fcfc2850b245b2a83d21264b078eb1614999dd7e3987c083243e2
SHA512 3fbf7068cd42da3874594147256a597bf560430e9dce39a359554e23a5187ae1d4f441e4580ae3d3b61cd80507b5f68a81c6ef93b7e21d5b7f6b47aca3834ef4

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 0367642452563f960d7e04ca29374ab1
SHA1 352601d4bfc14ed0925d71dcde4ac5c846b3740e
SHA256 5f21466b4f83ead916d684a37a831131f5107039a7456afdfec802c78767e989
SHA512 a7d0da0ede0c5c02f9bf105c4021f3216a87b0400c741d0a03f20f8ad272070e929930c0bbd493cb7464284c3a975e3665e2d7c6226fd0e54e6cf3a9ae75ed75

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 cfae05403e77615d5cb1417daac8f13b
SHA1 239c141bb2d3331cd9c2dcf858fc44a34c24bed6
SHA256 7a1757ab5dfb785b4adfac05c39bd0603fe055a3c9e3c3dce24bf372437d6ce5
SHA512 f46282b75f78aa37e61bbb4940455b211b2417187343bd2f796df153d00096ac4a0eb96eb0d66b9dc71bc8f87a162909d4164a0803c8d1fb66f1b09177628b90

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 8e0513e4f9a5ebbaa7a0ce6f2fc02958
SHA1 c46b9c4a6120794340f6a65d52065ee155c77c5f
SHA256 6837a06840a909dd4c08ef3c4e5fc4c5689416153193ad53670ed86eae8506c4
SHA512 70b42c3f9be08b610e672721576ef47dad8d2a793c95267964ced49e4734c62ed7d679a9adf078ce68f8e3816ea305bacce9a093281153170f9a42b9dbca6f65

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 a2cbc37bec7b759f07c3428957f14d21
SHA1 3917ecdedaaa666e75d3f88699bc9361ec30fcbf
SHA256 323304155c0798b97f29e9eae7cd48f688a45c2c4ffd94cadc046ca98f69a199
SHA512 340a8cd7077ca5399d09ceed6f798d3a5b0c1e37f300c84a7943dcdf65d1bfae4b2645b314c373148200d6224a9644ca90158f499e7e763036e5f0207eda853d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 7dea7fe269b1707db123f93d774589bb
SHA1 3531cdaae04b580adacc0c7e4cadd5ebde44bd76
SHA256 c1c440d81218bd801071f020add6af9eea7ae1724d393cabd2a1cbf8289bf4bf
SHA512 66df81009e5908f5612df9a02b3b30353eeb67aebf3cd6e4cb29300ecbd78e5a79b42a8c87a63cbb71753c2799d73eaa6d6ac5483f2c22de0d8decc01d316967

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 0b65e314bbfd904220cb1d5c94045f75
SHA1 9360a103450527ff7e7e79f9890f6675f3adaf4a
SHA256 986d27265769db4fa87a2ccba775bcd6f0ddcd9433de6bc15287c073417ada8c
SHA512 d5537e29d462c76697b4be535cf2d323872c026559bc96caaeb56f2c7a1c9f0a629cbe8321f299c90da39b606e1eb9dc9ef01c86dc9cfde07c89643341c12361

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 851c68938cef169890c08bb6d9b69e33
SHA1 b00d3bae4f8152a26e6e715590cf360aed84376b
SHA256 262950638df567e744e7b7f7faecc477c2264cce397c3f0e3b8464271fdb80b2
SHA512 0460d7900278187ff8303ca83075ef07cba64968517c685870c80c9b6c96b2fb275f910b290d6942dd02f10f73a9dac4692998bd57dc9f3ce8f92d27840ddbf8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 f16d66251d94b93cbb8b284ca7f12b15
SHA1 aa869638342f0169a8c14acd3c7758b64f9d1ccb
SHA256 c11ffafa70d695930fd1d0c255559a55650a469b8b206b400e5cd08529531e11
SHA512 a4d4090320d6bcb95b853c9cb612705306bf01d25a1d8f303d6211de6447daa9f6acfa4b3f6c47d713b34ec215b1501e72ab8dd20dcc586177289eb5bb054972

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 fee36227b911fa592a280aec7307fd18
SHA1 fa1c0b895a039426ee6e8388cf5704dac0e0d0ca
SHA256 b4f1c4aa7e9312e0f2a45539498e2c44cc88b7d1fb7e045b03fd22a33e4ea010
SHA512 57d31c0dd57f6baebdee53cf5f4314aa01ce6b2308744950888f7bb9c2b6762067bf979a7f70e0aff6a0effe6514e7aef559be27b329bd67af8c3e43e1edfc5e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0e9b0b8634d0875c76bc12005c8c60a0
SHA1 e8c6467f588cff4d11298e910fab7b22a06de604
SHA256 9abf9a9cf4d933fd4ee009f6b8f1cb57431d7e3753b3633d7a7971423b14236a
SHA512 a505f3d6858e05adf1ab0b4289e4724737e0b58bee333c24f9c2595e33691fa177be81e7c302e20dd0a05eb8c2de1e3448fef48859d8a5e920ccbfcc5ac34459

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 007615f92441c82c911e69bd7e1d6bd9
SHA1 1377416518a890d0547890e6c10989daa3236545
SHA256 549508e944dc1cf6ec997e1a1c002d4257cf51529419e4e16a7fab29e8ecf4b1
SHA512 2fe1ddf065ffde98a1c307110cdb1a64cc9089b144a5f630193399aa5063e5971dd692f02490858f2d44635cb9d140ff1420e651374587cf8d7008c80c70dc4a

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 b5329b0c6ce645edc5961a5594437478
SHA1 67ffd6d1959851dbca475806573a73ea67efeded
SHA256 a7ff5727a18beb7f7a31249eb91e2beadb3af38f9dd94f6b7f3411269996a485
SHA512 c57cf9b91c9228c521120d06cebd008bf53f703634d909e89da75b2dc8ea2d1fdcb189c4ef494514c13bd82ccf85abc937904b5aa5550800b3d6e1b81336a8f1

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 8f5f902f7140937651093b46e9cae6f2
SHA1 2a7b52239a4b790f53db7066f9e1ff6ee9f2367b
SHA256 f8a4d1e89f5cdc5aec0937856a44f54a389f7d1ad4a55507e0ee97702a47ced2
SHA512 fa2c1316749e6c446a89c6c3afd2c27311b81c3a3cc20700c4e9d9e2e7f596f8b3c384c2d702b5c6a5e61506e25a48baca7c59fbc8ba7895087a63a5de13056f

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 1210bf92d211b1a669c3c9ba50b463e9
SHA1 0e0eb705c2854b971e088e025bae9c18920fee7a
SHA256 c8915242a18d965cc060ec837dcd1dc06609d687b59931ea573da06cc8b3f885
SHA512 8c375c64130230e5f955fd3e8c24312003b57dac08452322227dc6622f0a08b6e98257ce75c1d33909ea7cda3b6260b44c6ca9fa02fbdacc6b3bb3af51a4a24c

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5e98bd4442bfa65828ccbe3bbedfec02
SHA1 c753bf49037d1b2ee60b9cf04a45c3a30c26b383
SHA256 b2f9a761873d12e877c91ae14ac3940990cfdc1c6fbe1c3d588ac526fb9d252c
SHA512 98b1c7e8de390284b6013351579e86757fec398bc1cab378d361e3d05588db72e352fdc795318cfba3ccac5e55cc1b1e676b4c5dd5f5175cedad8de98298e95d

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 59cbcf863c9771b8d1aa810a7e5459ca
SHA1 713b99a7cc5895fea5b5e178a7e2be43cb22fdc7
SHA256 a2c71b74d82f3e2beff9c6f5b80452595453eebc0bae1d2523112fb1d104b5d7
SHA512 e171260a8840515649c20e5629722090fb9e346df1504ee98dfe1bd9be7dd7877cb1d25762f6106c2ad727a851c650f2cb469873818c1d9ab894af35b8114d9d

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 5c14ddada4403b9f6dc6d55213f21ed7
SHA1 1fd8593513520979987944f55f59ade88e8da4c3
SHA256 b0f9f9bcd9ce04af482166adcae7cd82479dfc701dccec87077fde5c7dc201d3
SHA512 d6d1eafc82ec3831bbe704afd1141cd769a4a3b10c5d40002a0f83096bc8e40c5cc89f9c4695865bb8f6e49a68abb9dbe10ce4ac271df9a3bf38121abb0e2d2b

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c889142bd163afe8a0b3484dfc52eb78
SHA1 11d48dc50fdbedbf429781c71f325785d8737e1b
SHA256 d6921a4c9e76985698bd9db7035cbe6bf7dde7c056f79a988f48869346879b52
SHA512 c5267d194f131006c4208fc7668249aa557b1f5117e29f51711ae5a9106017cd698ff81f857f107cf50da6e8a50bd01c93520c902ffb3910f04934845c18bd2d

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 c639de7df5c99ec63fc8967400204529
SHA1 c1e2e3c04f0400ba74a638e89beee0b4163c94c2
SHA256 d2605dd7aee8adb1740ad5333306eea5cfaef7da36d0121d1f24279c726a889a
SHA512 788c9d1e483e832c8e5a58f6c0765846056a1533180d32f1df5c0ef295eb90a7d09d45ce98751828ed114de10a79fbc5d289c07feede76d29f59396666924a87

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 cfb8d786084effa9b4e3bc9c071f4853
SHA1 000474d2adcdd03e6dd7d8150c8411f29b203de4
SHA256 53fc6c90471404f4b79be60883d4cdec4ca95e212ec3c87c259de2b592d2c886
SHA512 7285027f0facebb42e7293754e6572fa13538a8d91176ffb01bb207df13e19b9d6326a62e99ebf450b82be0d741093ec24a26c21c0a2f7e7c345111742f3561c

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 2d4952577f1f9d9b9e330bcbec6221f8
SHA1 853d22c72c73eaf58231515625b6522b0f3fc491
SHA256 b6699b296b1f165e608c29537202c350cc7df0a4bf31b62f29ca4602e5b3f96f
SHA512 48f50110fff5216f84eaa0dc72ab6df3791d5496c1eaabd8889c20fb2e5bc69df695d5bc5cd79477d07f97370029acbcd8e6f523de5b6495f5e0c8a6daff7f3c

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 159124401f41c4469414b28ce495507d
SHA1 8ace9d8a118fa4f8a7ac5f296e51390ff2d030f1
SHA256 ed28623f01add273a2db22523445d2c618e289c1d3414cf82a36e8f8eac1f652
SHA512 2baf1fc94baed083935e9ac14feb780193dc840b49b862747f53ae68aa651d60eea684400790ee05e447d964d58552448fbc25523e079ef79e97b30ecb6e4a7d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9599be6f7e097a0b49df6c1e226bdf0c
SHA1 79c726b237dd7a26978f8c60165f7ea83ceef05f
SHA256 e76a35117bec2561b9345c3626ab75dd0b5f30469c296cfd8ec291a7b928fca3
SHA512 2b547b22a4e1824e481e555c21c9ab8deb13ea86e15db8a74227367634b8e88604b25a68366ee972969f23a12dc35ed0dfd7143cb331ac2004a97773e25dc86d

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 470570fe13e853de292a24107a611dea
SHA1 deb51f9cc1824248dc077c61dbc78c392385413c
SHA256 04dcbc8ef5346794d6a181b0c3616507f42f0e1450c069ef2a6b0bf26d4811bc
SHA512 cda9e907df687ce127dedb54545e8d02077d723bba3585efcca60f2e0d67fd26794b6bcb303d503370470f0419fedeace563f0bda7a841db105fe5cd2f043715

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 65efbff7a35a111e1ff7504b7a607f38
SHA1 3fc154aa03fe142b4b6e8dd98f74a1da70a9eb06
SHA256 c31342dd3496777c649b912daf43dac88179ceccfa612e696cb7a4627d05d05e
SHA512 3ce06833fe14c44ec89a6536552cec110d78a62da42348e79669fcba7e233a051e8b9ebeab1d6cabb9dc7de612b41129e6823251bd8f4067024c9ded82f6d565

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 7d31e17ca5ca93216c0932bae4b663ba
SHA1 1637a80e4c60cf533bb27702fe381fa2f0accdeb
SHA256 6f6e9bcae1e8f4b6e7c3160c753698e918d41c4fb114af31c93676f8ba0b85bd
SHA512 bc2d6c239ea1a40e4fe05882b9939061337cad2301d0106217d98e9a49f60f134f58762828101f243208f31d178d20637b3fe4dfbf0682208161cf8f404b5985

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2a7f640934ff772e3d66e61263a038a6
SHA1 982628eb2f471cea3d4944fe30940f7514f36fda
SHA256 5712e007174ec4df5fb7dbfd8d72e2dc5ef4265b821e06a9e713fd151c535df4
SHA512 f83bb6a113e2de8d74bd2b6bd53214de57ad76e0f4060238e3619b4c330cb89abc9ca142b0ca94878085f9aff418b54a2ec5cab8b6fd8593565f58a4cb67bf3c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 01222b680ac3cf0a702991d2eb460fef
SHA1 4d4e8462aeb01118de0c86de9cf18bb7064c7f98
SHA256 e0ee703eed8cdfcd7cf54efca105604607eeb1469207ddbc008e64b420d43dfb
SHA512 38521e05929720411f9624db4124bdfd1991ce9055e6b8fea6dbe40839b9e4730be66191fc0156872c9f669c5a9bc58e5c24ec7c5abf7e0fe3ec95556bb719aa

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 7d79617a9f4f9ab5813bbf61460e7907
SHA1 622e0e4faf76c146d45cddb59657cbe07c81160e
SHA256 2fc11083501593d958e681d25cf630539493bbc41338b478cb077773e64fa212
SHA512 efb184dd3d356526cfbacf78b668c8d5b64bb6fea54eaa86d8475fdbcdc654bdf386f6e754017889d686f32fd6efcd0cf70dce61be0018ff2ce2ca9b4aa72c21

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 bb4de160cfea30405a104db23017e0b8
SHA1 cc48d8c381ba18eb302f556b5120ebd7f71b8ac1
SHA256 a63fb055835bbb18d3e3ce7358c020e75ffccddc921afd927f21b6071b0cf9ea
SHA512 5856f723099e1979402cbf7937ae6263ba6679654188abc60294cb199d58791fb30de1e9823ad79bde5bff522088f5ded8cc908d6788784a62b7313c14531e58

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 641c9c935684408fdea94dedb9aa8cb2
SHA1 4e0f74ff86c9cba0da16e668b5f20fa0433fdad2
SHA256 56deaed6f67f23956a941d5bcd1030553f2801fb470fe344174bbe71f9c80c64
SHA512 1a384341627ee3cea80057753b82f4c67c0d2c7c2a2e551abf667fa751e4476286244753d3d054e7e928e8e21a2a1a6973f1c702671320ffea19854b9d9c641f

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 0aff002c23e13cb106943e8152fc1c34
SHA1 b3d61d3d03165e92d877b01d0ae7e7edcebb9c96
SHA256 aea5702ea6c57d5fbdab71be26c4ed5eeb36e62e96e1ce81ed1647067c39264b
SHA512 d47e613bbf5627c0e4d64a6826d4843f2a87ef62a0097d4658e9bc3ac2e7f54927c7dc3ede1de721e94b93f9fc875c814ed31508074fcb858f850db3bec1c606

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d2bc547768d85376ea22ffbd56c6a1ce
SHA1 d9092930f6a5f7816ab36d79d72ed83d3f033b16
SHA256 f5b88b1d0e09f42f60847027bf3d7a1f14c0175d21b0954781e05cb571a0cbfd
SHA512 7708f985399687a073b548d52304d2bd8291f223436928a5d54f6ed2e0602b2532ba428ecc7e6495e8de8208b26f58117847421d22e5fc66bc07d2bb743cd0bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 9a038cc873cd09bc55b1496be15c3958
SHA1 238a7b92b214bcd523890c71a9eb876880b8199e
SHA256 41d57fc2edabaa95ad208737ca8e68838e8c7e88f4b260ce74e7e94d98ae800b
SHA512 c1351e2b304a75a84012dcac0b68ac76ccf19a489fc00c36fe8a867ee2e3b5eea5f21cfaf6f409b25213ac2f77bfd7cf0507e22b09c0623ef963c0215d32b319

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 2d68d28cbf3ebd458641e3b8f3de3566
SHA1 459e5bf15977d496e50dc9691319c578e0bf2c69
SHA256 ad30af9d7e3cfc192ae60fe4226155da66414075630e0036fb194f690f423902
SHA512 b8880e52ee02ff5afc8586fd58843f7e06b0df8e84cd764d5c1ac2561ce335569746d964a926049ffe9d5fe68b0785c0d5b32a1dbaaa930623e39c441a5566f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 21647dfe229fdb087970b65d4d12a6ba
SHA1 8eba7acbdd8f5b18a1a17ab7348285691053b348
SHA256 55966b3c7691edcb47d225cc815355d492cdea4e6cea26cf96568a12534e5299
SHA512 2a21c053d58f903447a16046427555872608b03ac9c501b8bb5dcf476d1fc1cba99c4215ca4a885dcdb4bed2c8a074ebc5e5cafae5c9c43e4ce3817dd885f257

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 fef66bf048767673be69003941d31c9e
SHA1 0d149357b74428dc9a57ad2e6b6f1e228484ad82
SHA256 52a2e135c2e7fc04d8df8001fac4c79161c5ef26573865f43b0f4e89aae54272
SHA512 56f96d1297df0b17e1afcbf2b1ff02f8f6c933ec119272c54a2ee7651f498c9cf37faf1729cf4f59a64560b0d7162b9127de1d46680fa6cba8d9c54f322e06f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 a7ccb50ee386c199f59c067d5925d8e3
SHA1 4e90576290e82ae2f0965864b9423963b77c59a5
SHA256 87ea683e3ab64996529493f958e8ef88c947eed3f6e849fbb0ac883192f71c91
SHA512 043950784769a5c352864a89da21650f4505f4cb7ca2d097ffbd5581b597750ad8e3c07b53641918c668ddb06742576c99ddde173e38daf2a72c1013e913cc23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 91ddfa0978d28447df145fb2e6c60bdb
SHA1 3eb23bf68916b2f132d4552d6aa9c613ae8a78e3
SHA256 b0e52ed3a6d56b13daba29ee0fcc1d098724e54effb34fe766c89dd4648d9acd
SHA512 c02e02b4e85f01a44ea62abd5fee717e293e2e68fd1531ce25e6e865eab23bdaccf8059e7b9578f7c88f8f593ce1424470d5b112be8c183a713a138a17b4af45

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 872ac8a47ab5cc6bb281d795a27bfc5e
SHA1 aa8e5a8715be6baccc0e01bbb99b96b12e8af8b6
SHA256 4252a674b094fdac44a9272b12580164a2259b5a8e6c84d7fbef1c7ce87f3579
SHA512 fada0efed9b1867c9cca49b56c26cc593c91b58649817f73715bdcc5bea8e3d9fc01ed42c810244b48de5fa9205d1ca0e64156fb6de8afb3b412d29906be9b18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 bd2a1c6e6b1cb24194a7051b53ff25ac
SHA1 a1e7aec48635eb3d78262221257a63c902fd1f6f
SHA256 b5f267cda995296be1970723297cbeeae95f21ed7af0ecb5c1fa28e8869521a0
SHA512 8d1515943ba7e6633fc4c368f0990067811b94adc80e593a640f67a2e4c712dfcc7567a455fb053198f9ff9d8129812eb3bfffbdd74ceae3be94e124d064bf9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1defc2c443c783ba95a6f20fd9d99b63
SHA1 ac93aae10376c2cebbf224515e289cf01d6284c3
SHA256 e6417c5575daeea8b0f08fde38875864e1e6757e7b7c6ef4cd3fece054c9411c
SHA512 7f44e2a2ab32a54f01c0542c0b1de0c62a813784c327d0086f3abcbd22dd90da0560cb47b38d157850de82481dd91b30f3285b738de0c93c3ad986e55a3b3943

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 dc600e15abaff91a675e7861a1e7710e
SHA1 ad40ad451d6d443700c8c99367e965df7020e8bc
SHA256 f0576b90aa8fd78f0eb8fc6808eae41476ebb49f071061f935d4672080bc8c7f
SHA512 a53ab4fbb9349167c36cd7bfa01e970e7514427515f16fc4243a417c874dfbd353ce5357a43d3d42ce86d52b92e2157d868ef1f690baf0d71c70de0d6dacaad0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 a7f7b736c6e2b2deffd90ef470579cce
SHA1 96ec73dbeaa24a755da32f245fd4ff16c5cdd2b3
SHA256 0a2d7aaf5f6b52fe6ddc7e4e81ae51095ed56dceace1d19d55c8a0a79f2a16b1
SHA512 2a508bb6c2d605e14bc2c06be4dd28651ba328727a58f9deaa5cbc8090f0823407c6e761b492c174708e563099274713f16982d4e285a10a2b1d51781747f960

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 0d960b648b0f83d72c8f49fd62e9a071
SHA1 1c8d3a89666ea27502c2aa9907af9c75003f3662
SHA256 91b9adfe59bf526b6d6e2c5f8ec13f70198edb08c2dbba2f9fadbd5148648318
SHA512 6ff929284a0ba0a966383a6529935e916733d440009c1fd3ef3c97c96c2bddfd42971ba7745ba4dc12724b3a24365e055fc95c055a70b5dd27aa20354cc1f001

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 58316388888861288442b3a638bf4eb1
SHA1 9d04ba2ba13fa7c04d2f106d6aed27d5b4f028be
SHA256 147cbbb28196b6be3c09fe55a59d43e39e8bc15cea25f2eb102ec7d697eeac18
SHA512 a8180cef389ccbd4c0ae22dfa4f5ea8c12d82164b7748e88d80da51981da1221c1edee48ef3b09e2c5ed1f4d399f1cbc6d14696b2ca295dc1d6ce3d127d43031

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 402da11742f17243f0f261eae6ec2cb3
SHA1 9e07fcc2b922bfbda114caf7be4c8b01b30f1ea7
SHA256 f1b262e3bbdd9e541b402acd8eae833467d512d9234b85ac5f20726331cfc54f
SHA512 2d4f508b69639df2e4b0618a6d6416370506193220df969788d8872011d1c55da78c95a3d0b4ca2d8c592e0bc0568bdd73ec04e00bf5de977227bace8fdb5914

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3a747c8bd6895b1fa1b2faa0f05e307d
SHA1 f1b9dd4036fb327622f12ae3b4b419f8ec5a4cc0
SHA256 1eb1d08b1535681810699f0b2dfbcaffccd08dbdb76cf4bca6f25b8a2e5f676d
SHA512 392e23e725ddf5cbbe7bcf61f380c5439284e042c721d97aea246d84a0102d87294b7591aebd93ff36c0129b75a1a77a2aed2e336f24cf6b70fdf0a28e611280

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1d371ea0d8b4b7cf5bce7378a2046b88
SHA1 0bc388fedee2bde3834f94b0e2f7dbba0c107f2c
SHA256 38327563692b1e14e09840a7743aeb8f7d1d3d7136523fdd8a85300d0ab4b6fb
SHA512 e071189f0deaf16717d05c0ca3a103d0262bea195301e06796ddf05ee456358bd17587b114199876501cfda3ef190ea868256a27ffc67ba90fba91f664a8d0e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 636eec095d13d76285cfb225828bd644
SHA1 5f8fb91fd9d2d835291e623034541dec2c8977a5
SHA256 ffe5b81d062a1a4be65d7b162ffff0d8b013b763cf19c08a02c8fefacd6e4869
SHA512 b1fe1ab46a04d312181a14db696454509cc3c415caf37a3d2f7d74384d7ee3a89bcd463b0bd0853cbd42bc131916a84102caf35ed2aa480d042f658feca78ed8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1812e3308679f9bf73a56c2de6a6af73
SHA1 6e7144ce93b36d56905657594d753cd7921de452
SHA256 b839107bac242743ebc50d9b40341f56dc6da1ba65b4e8039402bf30cbb502a6
SHA512 5589577116b0a1a3709502393c65517eb0f0ce88c19acdf6a912dc09909cbf693010bd69261e39f70ae8077e540708186ed2ff26b7e2a3a691fc67f63e3dad20

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 183295d2bd4148a3681ceee14f086a50
SHA1 11ec5a23aa1ada4d1b2369f91ef7e06955f56609
SHA256 3c019f53871378aec22a5f2a52e6cc6022193c77dfccdeb0c909cee6fdac428d
SHA512 57fd602c342b154e2c7a0dd1686866bb2ee1d35969cf8c56fcfc365dc21eb1a610224dd52c4d26264b3e99d9e7e9f6f595b425a3d68dbd52e80b9b6436d37dea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 50815554338999526a42868b43cdac87
SHA1 0589fc2b03d31bea247bdfbd3d02415396933c51
SHA256 32f5b014c3d8ee09f3acd7e8135635cc046ab632a4efb6e0b92c18c91d28a43e
SHA512 539438324e262022a94e0f0a94a2d6177b13cf7ea76227a3bc4fc50aeff0bba049a4aafd741298223dd40818a783706da94d107a005fd1f4241ac799de691765

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e12b593ad5659819e68107b7c1dfda0d
SHA1 1754e96ccdd15622dd59b21772924be2ba599296
SHA256 3756e19bee5114ad3f0e6c98c01ae6df50df3235f66e1a333eaad80bb34198d5
SHA512 a84980f9289385bed4223f49b74a714cb085c8bb809d1cb3ae51299b782ab244d510dd2640ac04efb358b416692764c31696f626db7e3c7dc00d6c0dc23991cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 156ce991f91cc1384dc52a9dc85953b0
SHA1 f7d84c6dc7a645c274fcde245dd22b9dc053ab9b
SHA256 c7534de9cc9a975b91481f0abc1c3161c8d62880e88cac9704e1a39010a54cf4
SHA512 c2faa10a475110b3fd195c0e0e5359d8691cf9da6103c7d64578f541cbe79addb5a59a0c0752ccd89d73979822399d3f12f3abb88672f27d4f13e05f802afc9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 68fed1797815bd177a66475f95441163
SHA1 0f2941fb66df5a3e21fe9db98d5b6d044c615068
SHA256 146bb153e8767512ab442223bf5879edefa1d8030124b8548a4597cc0a0c64cd
SHA512 394c43d5b101260a3f6c7b9a3725b54a77e739047be5a451df01e57323669bca6cffd748bc896b9a775e5d74fa6ff36038e2f259f88b2109051606206a15b96c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 9f0bc70cade66676ea4419a8c631412b
SHA1 9268c66962ebc3bb0c1332632824f2b9f00adef2
SHA256 f856dd134b9e6ea0fabf7394d2dd92ebcada3bec501423d60597b9fea7a16adb
SHA512 5d2a809d47a714cef06f637f9f3992fd120b0f58a2b30e18d50e21c8dc4399f3a13e527678d69fef0b03067e7e692f95ae73510765f1d69c743d38ac3f486d18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 80df0798f98a8636905d737c0c74c4d0
SHA1 acbd934afa1eec5754c15c47df356fdc596c427d
SHA256 0be0175f9544f28bae9a7f1fa286b4d5bd9e6ba6bc842d5bde5a7f9879b2cba1
SHA512 56f8d162d3e0e8022457fdb082c22037e80fc332201a3d24b76d97addd9de9b79a4b9aac5f3c168fe1a1a6b684fdea0451db774242dba539085a3c303e97d6c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 8d2e1635d4a964bda375f446a3792669
SHA1 a3fbba886f468d2ea5ec61862c21f8de59a2b243
SHA256 6403d45e8a9a077a9625ce447eed5a1e5d3632daf99e77bdf2148728b9f5b369
SHA512 3252a2898e97883b2be00dd9b1dfc276058d410b2ce79700a22f64bcc0489b1dd2b5ff0cc82fc7615ae5771d7530979428fc84fe2824c123aa7b3d0ec50598a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 780ca5d3465f62d3b8b8a9fbfaeba071
SHA1 3efbc1501f83772d387637e9ce1f8903bf461405
SHA256 367b88c5df998d93f374a44cc03724b6fba553f768b769eb8f0f8c2a2a8f757f
SHA512 7b0d19a776550770575d6a9936e2d3388c356728b74c89454af2352e444c01fcdb89bdbe1a5b5fdbc3f0eb33554b1d3d5b7a67f76492ae737ad694f82d87abe2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 671f819827fd85ade29fdd04532c5502
SHA1 2c7b0ebfd0475a17caf75586cab6ecf1da92780b
SHA256 5a03901b397e537959ae81af73653513418b29959e435fc9e8aef4be45239a8a
SHA512 4b971d8882930e24a545280cddccb4a4898af27e2505960703a1b679083df05a952b41a519eda42c4f0497a27e7f629a8350eca3b0afc2ba9a4c694063b2433a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 a97da3bfd7745c760af9ffe270fa20a4
SHA1 24dc39cef9c0b3f3dd728792538b4ac58d7c6392
SHA256 8a925319174fb72abc259ca61590367041a6e12b61a00125a3332fec6aede41b
SHA512 3269df57a04f7cadadca6f8229f97d50b917c57c58e0f39855fc799137953a08b9107efefba2c48ee06e84949051909c88fefc86f7d9876e26db2d549e64440c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 e89d33a6affb951dffbd7fe66b73777b
SHA1 45c8c21a90f2a8bdc273f15b918ae7f9edc5501d
SHA256 2c882326599f887aa16bfe9a78804210eddfd4ae1344ac47a5edc92b56ef0681
SHA512 66eee1dc9b5174011fb3906d3f6bcfd55bb7fd343815cd00f97421dc754176ff5ae07db7512f7b9b13a910b8e5c24b654a58e987238f73fb6b4e71c579eff0fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 07b441e3db4bf04a1f69b46267b52a51
SHA1 5db159902fe58371aecb4c3fd696b8ca558b1d2c
SHA256 a1831b8b4888aeeefbb260d3b992d975e3280458d464ed97a6aaac51cc316fd3
SHA512 6b06b5c956156eeddfb25c8a8cc27b7fac1a77c648043e79cd424dfc7d0cb47efa73f23d189a32c033be61aad5b10df7648db533ac102d59b307b2ec11697ddf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 0c6f715bbfad3e5b16a242cc61e78052
SHA1 090a10ad19bae52ce208b5545ac0bbd7c6aad276
SHA256 76033ecac7021a0979c46f448390e59368f9c397d94874babe6de4ef02ea356a
SHA512 b689ffc88f6e6ad8e4ca37dcfb2f04e2f855bdbc66d058faac999da1f7c138edcfc996f5294dc7fef2689642af2d2cce9ff95a6b35a8f9999e67d00e2ef267f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 5ea262dbb6128c06ffe63f2ee397554e
SHA1 93b4032a83666fad0d4a1929c5e4b7b81b860c9e
SHA256 7d618fd3a4b73f745c935398dd11ef0ccf1f7402b5ebeb5a9ef49eb5e7de8a29
SHA512 d39f56a0783036fe5034919f97225c54c1745a20677fff8a48c8328631be88c005ef0c9d9d52d32cbd88c00375c09ffb0f826487075d3881cb01ab8184680f11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d3969b5f6c48e540a96345bc44643a20
SHA1 27cb48f184f29397dae1f00fbcea37d583a6e34c
SHA256 c1e59b18d8f8d42963c05f27ce09238d1d67c5edba8e5bfa1b6dc168c6627b0b
SHA512 090be8b15c934a2dca9b148d637986bb08591e137e481a46aa08f5c2e4afca3acda924da25a6593a360adb21ef91a2eab7af634e923742c2b722bc817d6039a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d355d9de9d05c101dc7b24cf9196397a
SHA1 e867a7700757854340cba48bcae72dd19453c840
SHA256 3bb6b0f071bea7aac1c57b29ecb6a5a20964723961fab542c0faafbf1ca3d407
SHA512 1b7c8872ee9d1dd2b4834591705d60d8188b708b52fd42fe1b5d29818cb81046ef6e0423297af7dddc325480e19617379af8effb65c09d245978c5bf7dc2ccd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 955dc0ab87394743c576d1b2d97b80c7
SHA1 d6629db236c6ff2c3cb01c7f5026f73a303569c5
SHA256 fd9a579ad4d2ee2c18e8e7bb5654a9343ff9d9448fad461cd57ce3dac8b3ccda
SHA512 299f67ec20bfb78386f260cd2438fefe6f8c69eb62d758261660e7863aa12be8df56fef1df3b76ff1359ebc9982a58367c2debb98421bec974072c6505727102

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f5f208a6badf8734667aa32d3a359a6d
SHA1 452c1d744526a61ea4c9dc1ca244f15768623bcb
SHA256 1e3e4430031e003e083ebb0da9c11edaf9d865c7919a70772b8e8a88aa21e218
SHA512 ae98f14876b53dcb587b00067fb11b33ae63d882e9e4cc204d77727fab858debc3c369ee341d6b5b1b7608b62fd0c4e6e39c8746a9be3f9548b2ca808eb1dada

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

MD5 89db0f277e7693c494c9bea97d01787f
SHA1 9d1da29444b576887bf893df90337ce544163794
SHA256 a23d174f88cd36bca2c795f68c77c2fb26336d6c709f2ec19908176691e307ff
SHA512 92fdcf45fc706db850404f72c10f634a1e6b61694f3b0e4336a7a006ab1d6df44fffa6e451cddf6b4d0eb58b9786c96f7fd251afa7432b122429afc515312cc9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

MD5 edd0a1a8ad8f42f546069e932fd651ea
SHA1 cd09797d505243fb948c68cb2de3291bcadba229
SHA256 8aa52093a4f8a8d69d3591d5155abb7cba52141813d8671f0013a35b2cdd797e
SHA512 d49692f1a974a5b1636ed2a62d3ff14d6580965bc1eb3a700361ef736c075717e76ff242294d7e5e3c0372b4405359efb743da8a5c31044727cad21db35405fc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

MD5 9c49f7c6ec6415b8dff2f5dbd99fb545
SHA1 3d2ce6cf9cb46e43577f23d545efbbfb7ded4ad0
SHA256 0ba4e2a1795644eecacba51df7db0447055fab649d19d991f709dceb7d785cd2
SHA512 500838951bef93c98b1b07b223beb5df7ae8e37b5fe03be0105414edd129947f3bc333a98c0fe99e97e13167511b53d22b374a77e3d302ab06e9509cf265e51f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

MD5 c6e099296437994d21f424cc05476a89
SHA1 4343de230d37a1003fb4341bee996fcc5dcac16e
SHA256 a66250c5a1f0bd3b804c4d859b41d26d3e8d6083c589aaf355f0e786913d8912
SHA512 1708d37fbc31ab402deb7ad5c2140ef9cc68e278e0858a5f940fb523c30994940c91de364cb575e59a41a67f0f38489bc49a3edc4fdb380748e215f8f1ae7c5b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 747c29bfe6a9c455123f216c8e32989f
SHA1 f45dd31dd6a24ccaa8bf1aa0586f910045e98e62
SHA256 e4934a9bde26676873fe0e913ef06749d5949a2bf59ecb3ca71172ee21628f30
SHA512 5a06c826b4315ebfabbcf4f3ada33ebb2ccc2bb2eda22f1e9f946ace3d67941ff4d589e62cee2a28c9564b4e57f6f4a772ea38b3e2792154c67b68b2938c96f2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 4163b5d5f482ee88f1a70e86d98dda03
SHA1 90b02ffac15e38a24d4d47f5c4c8f27b52fa5ce2
SHA256 a6fc40e01be1e14137f11f3e84087b3feeff8f518222b89001b679dd45d65f0a
SHA512 5aa5d64ae73536f50ec7f602e9c2bc78006e324280ee856167af5780b0fd29edec5d1c30c55c192d581c10508a82a5651b2c7be2b4cc7bc8b7989ede34d5d705

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 02f3dc0bdcccbb314f1e3007d8fd5089
SHA1 dfe4d1783edc99dc1fe115bee248e45f424b0f86
SHA256 a95e8ac3a1f74ffa08ae5d88798d6652e91fc18732fa90dfbbf48de25cad97fa
SHA512 0981f3da601c28be8e245912f60a0e6c75b3040a94042d381435d2cef11f2e8601007e96f5832a51f1e9979ea97116c2c199e9bf4de3f0423fcf98dd583798ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 05155138c197170785f2355e4aee6a92
SHA1 a73fe5d7f0ecb2f54ceddffb3c63ed9bf81a6ebe
SHA256 f777613b11de1fc1aaa9a9735e7d9dc266ed3a5d9267a8957536b02d2fb09985
SHA512 f0fc9538733765c1104d60d17992f324ceb0d3a74bb2fa3a813b5f3d97995a770c667a01eb9f215f928280aa85d4cb8d38af93c5908c07a85927e381b7c5f638

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 524da8d6221944b17e2b656bc1860693
SHA1 07d0cc216124b8838220907cd0e93629f35ff04a
SHA256 7d21de81f1d038d9e960390d7466127974b4e388345e2374d7f4de096b06015d
SHA512 9245db6fc90c31fd9869c2a084b0f25431ff7e08ed76ef63df5f5ab1f87d500c41e4d94c7c95104347d0d748a7515311053e65d06dc0142bedf9b624775e5acf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a99089adefae8026f41c25a8089eb4cf
SHA1 8b9a1125ee08118ed2b27fd7b63051474c198d3a
SHA256 3923047c9d1af5f41329a3d85fa4b7f6ec01ab7115f71adc04529837b6cb0f67
SHA512 ca15fa19ab39f38f83a591b8a5eaa38ed1b15feefbf983e0f7e58649b3cd1c801affc9a96ec33ca7bed5e52662148a6866fe8c6650effa7e62501606ba20aa6d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 13bce9d03b105879eade2e8f66f3ac3d
SHA1 9d810a4c1f5167b633f08be1a979deabd9af5207
SHA256 ae9f8c94ae4f987f2e752dedc8740c5b26a189b11f6eaacdb97eb757902c9b78
SHA512 208c16634179b49745e992358c6c8e8c1ad79fb76451e5962d7baa2d3f7fab75c91145c82952fcfdc8a2ce65647a0591c447f7dedb44d8bd3b74ec43698c8f0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 5043bcaee82deb3d62603d66e787e0d9
SHA1 1a23bff04182344c29197c1ebc74a47a8efcb24b
SHA256 5a723d22f9b3906c2a67149a4900b0f60cf8360d9595c0acd0f5bcc0e8d037a9
SHA512 1297e3855383f51e9392f54f5ccf4ec996faf02d5a4516abe80eb584ec686df8b4ab949cd26e03f99e3c7f09a186e0e0a304fa438fbd7b2c9408c0e82c37f05d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 40c40407a6ecc5e6f5d5ec0d22c4c63b
SHA1 4cdb291dc312c36de69ca6fd260cd988e569e8fc
SHA256 36ef50ee4f1550840e5a02ff7a2fde1de1369e81953b7fec8626dcce97239710
SHA512 0425d48c033dcd728191dd333eba7c5b061adbfba8539acba6de160cc705369e30355843338da158fc9fb6d74162fcd3aec180adca1a6a49342e70f01783fd11

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 390527b63509a407537b8ef42c99eaaa
SHA1 ca7ec129ee236c8274b8330daf60ae927db3f0c2
SHA256 27495b064ffaf54e67b27424f40a24a04ad26c0cfa12d3af5b94885aaea19207
SHA512 52e5c9511dcc0895f2a8165dd4c0734765bd991e193dd7de78b2a39cbb01e2b1ef855789561360eeecf78a836bd44e1cc3c9ae621e6068fa9ecd54faa2f7d393

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 fbe4a0a59c49c1fd4dd45970098f5078
SHA1 cec9755906932ba4919244c7066073a4d8e82e90
SHA256 aae047a2717ee99f0abf2fcc09f84309d52461d8e05c5ea2def69b5938618d05
SHA512 1ada5b714f4a8c803d303de1665e84d4d46616c7aaddf1f208bd92a900608a6c23469b0ab4f5af730063c855dda39e0b5aa751565bdffd3493cff789ac0e8c45

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 88740c716ba9b1424c4ffe7161c0105e
SHA1 aea3d61c9054cbb08c611be89a63e53a3a103d97
SHA256 862eaddee0eab0a7a252a7ad84b30ef8022f05707a6c15b2c670c1f3ec8a2af8
SHA512 5ce99e8fb8f8175482b160b0d45d4f7b0ca31c58cdd170f7a4338f029290a491335a1950170d4f2030b12da358880db9fb404952a70a0afecd2e302b97646132

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 653bd137f3670447539571642c22f333
SHA1 43fa002f26b716a43fa69ebdee6e9b91fc9e5b71
SHA256 b643eb7bd8dff1f6b8f5fabca57864329c36b4dbf8794febbad5c71f5f48520a
SHA512 0e64e5a539659a50c48c47382c6e1f81f4d0005be68ee245e539c6d0f87b34d2588255eca9a275ebda2510a5f82d2a4704da99caffd2f8418ce68285899b1209

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4ab00a94d43e702cf439d9a7eb597b32
SHA1 e2e060af05cc9e82ee9ac039443bf5dfcdc36d16
SHA256 e4b6744921f46df7bd5eff00b265852b9357179060047c3ee3e3b7d86c54a99b
SHA512 735e4bbbfd81b2a4bf0d53a105381464ad76769488b92903741db3bde0474d2586e48cdd5ea36980b576ea8789cbc6cf32f263d45136ac8e981763b7044f753a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 2321d747cc8db5ec8b4d3148244785dc
SHA1 212f8e64eed564c84468ad0f6a73bf6661dcb131
SHA256 d7fa3492d0f4a6ee8e18a907b7fc5fc505b2f526a1c5ccb6c94bf7eaae84f640
SHA512 45c8ed722e52d5e2f218dcf95f3c662f14a42acb336392686d501f89996e026d34483619fa36694d55252ee4107104fb36dce38037a06d2210ab537e7b0d43b1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2741a018c6a3ed530181d009bceee2b1
SHA1 d4c1ab0c6f853729d01522b0ce4891db16e0351c
SHA256 6546c18285f1d479dd3e51ee72b280326da25a84ab60cbb4b74afb0a42436156
SHA512 d9dd4779339644765b7b5491b93d52e7fb627f389b63f9009aebdb3bdd94a59b1e635b23a854ea0766359626eb668e1b35239f7892c81f30a3235c6a59f34ff5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5b5421c0b0b54572a96574ab4bd53540
SHA1 9534b40ecce86a53618b2344c1d53dedf39805b0
SHA256 f55e2e1983cb440c4e9f9a7110d6308fff79550aa3c76e09d03af7b088ad1fa6
SHA512 a78d57af1ff2d44bc03ebadc77b748a0df5194ad0692a1dac2282aaf94e05caa5d2f1ae57d030bcd7512250bf38545e9970ea86ad57e8eea1e3f84a594e346ec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d783e04d6adc8b00fde20f2b4d51f4d7
SHA1 969dd026f8bf0d6e569b062fbb5e50481df6856c
SHA256 82ae45470762e5250b804a7ab25a219d88e5cf319f442dd3f94803b3755c8094
SHA512 80d907ca0dac2b1265de2dd2c10e80765297db3280f358a3532986ccf0b60d5fe71254c9ca8627627c4da550402273428d26428c59c70cb33903eda7a22b5f3f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 1f1bf29e03529bd649743db17cb20460
SHA1 a14b315c6ce89186f242e560c17045fa754c5a82
SHA256 2f4766a954d04a747ee8d4e4c22652dc537d044d8fc4895b1233963372e10341
SHA512 0b172091ac6d877c36d5a470b1b87565de44975665a423f05b1aa7ed1b2c92b5433e63e865702e92d6fd6cbcb93107ac4959507643bdf0e1927b04172d1a274f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 10ef302424ff49275d10ecd69389aaeb
SHA1 3fe473bd17113893a3423d4c44c8ebdb706ab6dc
SHA256 aef565fce959507aa5bb9afd9f57fbbe73411c84cebec88f548a9c4785f9f1ea
SHA512 e5831d84f6d748eaaccfec945cff10d64b2c9805c28ee74f40b32e9e1b73ccf70883c104893fbb3943512b35a7cce2967e1342d6fdbf36199069a693fd4d845b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 d00077e97c4ebd02c75ac156802cca8f
SHA1 95a82890fe15602f6532395ee91a91232e5b1247
SHA256 33cf7fef0045a4721fc4c9e9c345f9e972f923a6325c0db70ce3c0c191925a2f
SHA512 8d70e432b024f44ddc6c2b7116497569ec13aafd91a6bbe46c49e8634bd589156f0b7a4908ac618838a54cbffa0a9b1c4199a1897b2edf0d1618b51b138ba90e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0d983540feece38506a94af317272578
SHA1 13a2ffdee659a54d5a693974c6c23d8f7539d146
SHA256 0d495f1a64d817b7d318372c276b740a7defbbfd2a272a0c5405b6d9b2d0c8e1
SHA512 d570d7d491bc1613d2a3739fc4f5e58ca53379659c3871af567d180aea091a215150b246af82933ab0b32ed3b38b700977106ef88ff9d1ea28683b7ed33c279e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c09db34c1b9e4e1947ce357f64f1c715
SHA1 3bbd60c1b7f757bcab33b5281227fe51502b28f1
SHA256 cf1b3ded7677a71adf975110e63f423bac63262af56053912bc3a47ea185c6ca
SHA512 a7276a2ea4b90d5284b17a76479871a1a9ec6f0bc0899b7ec710bf118ad3c3d11451f3c82b7f6048437cf624228f1bc2fa9545452ffabf0658de9c787ea0df47

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 6aab19e6d1fae17a284c304092b515a9
SHA1 751e21318833c0f0ec2d93a9f8d83ee9ad063070
SHA256 90f951450a4f541042717ec26e0a67897bebe008e7cc3549404a1712d82db046
SHA512 a3bddb45ca1e648cac01ca6e86a268efcc66f17bf0369eab26e3a79b0cf920dec6518225dd5bed2c3e148f53057f6de57f68d14560e74914852c87b19334056a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ef8a90f0ce50777279c3b5af0b9a9cb8
SHA1 3f95a295ff471ed8f3926e6341d2cca166662f7b
SHA256 3d9898409b19101038ebb34be680d53bcc57508ac26a23659ef57d8b1daf82b9
SHA512 5e417273a4aaa20451cdd6db3b68417a37c43a0ea021dc646f46a9415a87f04887ba1db3d49f778bba9bb599eedd68d40b24e6dbdbaa879f3d63919fa989d096

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 b1996ec72216e7ae559dc2b929ebffb9
SHA1 9ab46d0cc28ba1e698236051d20ce2c62d25b609
SHA256 51252dd06bf4a02bc8ae23d6617d4047990191e4b596474e744a0629fe26619c
SHA512 ab939644d8c5ecd235c32d174b1921b6ab848bac1ce095fdc18870e2e9bfa417635d2e84bb77bed83f0cc9e6475f4ec438b144eb5b31519515306edad28276db

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 883f35f4915f8aa2a05bc50f63f48aee
SHA1 0581d0fc9ce62d2e30b3bdacab822638933a4b45
SHA256 1133b56cf8013d10aa59fb147474b5cbfed7a32d9092cc92a5aebfe55869597e
SHA512 ba00fe0ee4ad4bed70b757fff2597fe6e4f808626ea695e83c941a35f5127d3c0bc848fb65dfeb6a38562696360c4adedce3d3e1c1b3ebb1f8c135ebfd84d4bf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 58accbda94a50cf9a438bb311f7e9e01
SHA1 eebea03b2099cfdc2ef6b7d418b268f726f68a9a
SHA256 a836edebfbd2c4beb64368a502d52f1643f7cd98296363b1bba7fe3c28a2f2ea
SHA512 297486d998fabe12f80e75bb1374f6d6e4f2ba6d8b52f3f088d3064e1e64712d518533700b712de4a2f25be823a7931bb5e0158e7a1a44ca9dd10958575ca5e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 d14e05d04693f1674feacead6654a9b8
SHA1 46750125546e44ac36e4ae04e9114f219a1afbed
SHA256 d6124c2b7434177ab0ae7ed417dd1aa20002a335c499587c5b98029c62add42b
SHA512 cf1b257cdba31e2f1fa1d96f0dd0c9fdbe6ccad6e71d7acc82ded00c549470d8e9c7dd03adefcfb9c3c8d2a4af33fc3cba598fb2713d692c341faf960678232a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 51648c99273be30f84ff7195bad09e57
SHA1 d2f11289148ce87e8f5663388985cbd4a0dfc89c
SHA256 43fee8b2f0dfbec2b88473830e401bb1d272ff6fe78c58d22c2f721de80f6a57
SHA512 d2af3b585593cdfa0c863fdb033aef84e45c4442f9181872083a7b1bcb4628b23b63616889741c07516c9f8f1dc9f7b8ba395ddfa2e19538c5a963159333e6f9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 3325fc9eb5567355c748365a04eef4fa
SHA1 149c2a7bd1b428cd07e1400671404e5f71390259
SHA256 c196d8806ebccafbdb208555fd9a9420ec4d9511d2320c1b02ef8f1c04d5b7f7
SHA512 f0602d42bdf0d9739529136bda7b7d38df386081edc75719d20938785160a690eefcfd8e391156fd550a0861fac76369db045b691c03a2c7481e966d3f635159

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 35da6145be2a0711e9dc448af31b6d30
SHA1 750d6a02060eac5c4d4624a7fa34b20cbd571791
SHA256 fd222f36c705150ff4eebb88b3e0cc868c35cb20fa3921e27e5ad2e50739c3ac
SHA512 fff3c33e85ecaaeaae00cd338150dd2290a393cbf8d7eb5783ac9ce52612a27d30a101f0a52813ca97c0827bf2919cab637f12ccd7c6355d4d27a2ba3d8cd4a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 93a73f0bdc2e14c2456a4f1d39842720
SHA1 dc6c7748a9f00a0f2ead39cc6e721bb852c647bb
SHA256 1fae03cef23084e422c5ce5cf2af3b566e170604a742184703e674e1784c0c41
SHA512 32333abe59aa389bde9138b4390a678e35326e89503f4bfe3e819dc03edfd8c1a24e66791cb410c1101674320624d7778ec388c0bd0af871f05026349f96c2e0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 262494c7151d16db8dbbc908334df72e
SHA1 85284ae782c0941bf81bf0f6bbd09f2d7a419927
SHA256 024e67bcab1954650683ea2780e68f8282b429f16cfe1e67ed22ea445258f09b
SHA512 582df10528a70ecfea7407865f4d4aa10f200498ef6eb43927b1919fa8decd3f3362e35fc52ab3a5704b6051b05b75397c124deb3c216d98df0f31f0f180461f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d5cfe1e2db041eaaacc14f7f848520a9
SHA1 8daea33c812c05c88bf4528e81d30524dc586c5a
SHA256 1cfce0de3d840df6f729e0d59d1399519cf70169678827113386c2f7a00e0df9
SHA512 0bfc90cf8531946f96ec95849048b0857365e6d0210a97f0a60d6ae7a639e9629fb863b94c6d2e40606c43cc52af79781d3190cdb398dd1505b776efc4856852

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 2986069cd2a8b2d048831e46f526bd58
SHA1 8a29b3aa7f42f05bd5aa7384cee95a9331214768
SHA256 792d6d382c0c2029ec0ab0f95079197cfe447a65fe6fc55c2d2b36b5b2f699d0
SHA512 6de095bd3209996c7b8041b57d0597e09aed843469902200b150dce4c570224600e2317f340082ca2ec219f38cf688f7b44a2581409b855da24a1464a27e4e78

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 47668f42ceadde97b42f3eb6a1e5199c
SHA1 63b04426a242e77a567345bb6ee7fb39ffa4c70e
SHA256 1531afe4473c15efba42fc3b367abbb61d63f97d3d414370727d9b2de162f4b9
SHA512 9152f94c132f103dfde0cd059dffa106be324505b54cae90486d08a0eab2eff708034143421f6246397af8cac7935a15ab91a13dbf0bef163b0d96263b3fb572

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9eebfe8f609d494c30ed3048376ae04f
SHA1 b85f46793cc8c1b2c85a17d081db283001b2109b
SHA256 c3a1b520e6bd5dc33de50108c915325438ad4add232624f926b80f92b9eb2981
SHA512 4a81d8860856c4b5bec54ecd6312e68fa21d3d8cd43ebc70671bd370cf918e014dfcabd3df079715d53b8744806e7933b49a0b6b244e843f303adcd7d55e1c06

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f684cd50b77635148e7434511c48f25d
SHA1 d1845337092c470e56dcc26d798b8af2efe1f727
SHA256 fa3ba6bfc4917b65ff7de76320f9ccb078592eb24d52fb520ea8446a980b85e0
SHA512 7ab1dd268c61dbf673d0225e89965178dfefd0bab8497509b9c1bf588dd7c9fef65374dd581b0b10e72c262b39b285ce81b3889dd12597470cfa7dc2205713a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 44ce50a508a5105a510797352c04b93f
SHA1 35ff2a538e4d45a22f7dc81181fb1bccc71272ea
SHA256 783a55b9e17a4d2973e34ca173e3c232b4678c06a2368fbdd904cceb87f4b9a8
SHA512 226e9bc5961779577b63940ef81af234ba118df5998631cf3b1174340590926250f1ca981f918ecb84a94e08e14dc232e11306b851cc87ccce389295a69bb6fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 b3f5dff5c3667a668319b489162f1235
SHA1 e15d148198ccdc83bf412d4a6a1c44a4901cf5b0
SHA256 47e40082118fb3e1038b72d834562c4d8973749103d0d92e38ef85fe511ee94d
SHA512 64beb268417b28ec2ce4e3bb0e989b92e2e4d143ed12ea1b2b1e6768cbac385740a79b738b64535f7046d0ac1341bbfa3304f0dc8f9b99ba69c9ba73038cfaf7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 cde6e68427164e671d107b6cb7dd775a
SHA1 a12244e7f009c013cdf5399ecff556d271629219
SHA256 a799b4f6fc44e2cebcb95b986bdc5414754b1ec2740fa19a570b774caee2af43
SHA512 930a2b3af5b76e3da007e99fb2ecb915f9fe16a36b966854e0c639be294c751d86f89f3ccc96236cec85e98a35fd722db26859b201e7067cf209b08eb16ed858

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 65d214e0788600da1f9cc0dc5c341ff1
SHA1 e7fba5d1114196a5be0f49db73a06de601ba7df2
SHA256 6b101e572a6d3dac1aacb16197d2b804338571f7146b13c5ca4f02f29731e631
SHA512 6d5de179354910d6ffa374f553315fed64a8be3b490230c8d23239a97b518aeb2a5a2fbbd787895d2b915cf62939522a1b498ce34bc85b56a6b932423fb50161

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c2816b087c5945d875c3181d3cd0bef1
SHA1 e66b3968b75a8906eddb013d049f0e05368888b5
SHA256 3cf719ad7fa3e74dc291549746ea43dc399742242532109aa07ea99c7ad48588
SHA512 e8bdf5be815b58ecece24f706edf3a3b91a452ebf765b88095f15f767d24cad9a551a67020882c9b026a95a5edaa4207abfc1f518d9140aa8ce35258e991b5ba

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 ea8498eaad32b8bc6ff1c88f3793f268
SHA1 a55fa8203699be977023d0e1224cce53b423e7ec
SHA256 0cf9627db35cb09b513d4d0973f6aed7b3683d2e34f3acae5869e170e4d22701
SHA512 6ab9c920c664de298c9dc50d209f9a68744e21974538e16b1c16c75890be3106e32f0fc0242efba422553bbc483c4b1a37e5e6ecfba4fc84dd593a5cd5288fbe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 d27166da0cc9cbbc95ae086e78ad9993
SHA1 2e1be775c97b589b07aee658f38c935f97f2f3e0
SHA256 74528e272188fbc449a410975f8b513511b46a5c56eeaf9790595f85b9c6c7ca
SHA512 38c6413dcbdceb1b6bccde3a0045a2b793de6dcfc4847db0f0b2e857c05dd9ab53ea90e5c1feb929502f86d5357abd28c5c1d7e8656d2c1a9de9f581ecb773f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 ff84ae4620fbf6afd3a079f34d465c96
SHA1 00029a2a929367944c68b1c2e40a7f5948e65b0f
SHA256 036342e03275de617ce4f04557f72905d43c4b364d1088f17c50e8cf7cbd1814
SHA512 73aa4769a65c173276cb8e9b839a01730ca587c7e3a90c0d819050a658734c475f881d61165ee917aba266a696750de0c89a753e4afe050f431b0361519a36dd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 19833d66dd6fb23211e44229b0a4a9c7
SHA1 0f65a094b7f6486a79e2d370f0e382e44714f095
SHA256 839fc8f5253e7b20c020112a3a37a14a7243e65f70a1140281e71f17907e83b2
SHA512 902dec6a76dface7518564658da2bd65df3c108b079fcd95cd50f8bd77e34f88b53396c99d29f7c1127a9dce81bf1751eb405e218b631ec05acf63e792cb63e8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 78d6582dd3b8e2f7325e1db9799c16df
SHA1 eb4f4429b1e2df73555b18280edc6e74571b9a0a
SHA256 74873b7d77a2f26385e0c9ad27550159c8f68243d15a008d3c6b4e95d4c65858
SHA512 a3882a527b83ae41c3013b1d9a714ab32451c9e04ca0f550a11cc4b1eb9cc9a0f3cfe84e533fdda3ca289333bb6ad8922f3e5e7076ba2ebb3c797359eba3c565

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 4fd81d9e16dd2eaffef1e1c9f694cbd7
SHA1 06bfe18a857e54c7561b43bd7036daa030c3d9f5
SHA256 66ab60383e13308f19453c176483d0a74a3e9e0cd2d1efe75f412315ce25883b
SHA512 ffede50c1b5b96049f531638bd99ef69a380a9521b1caa602c75e9cca661ca2344b49c684d5663357d8c567705d6748c378c24bc67975ca7a775759c49a70814

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 3c3bc09e05192d78400d2c688fcc1fbf
SHA1 e1d09f005a93e1482e8149c96ba98ccd062408a8
SHA256 81e496be9a814a6952104971cbfa33c948f037d294e8fc90884a33fc1b1b08bb
SHA512 621b68a930551a6982e7f6bab19ef920e2b614e19747adfa86770021ce27a9d797d29ac3432f8cd5daf72c59d4143b607cc01a0e1ef53a7e4ff38e0adfbc112b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 3cd4ca2c9a9e23eefffbddf674725320
SHA1 9c6abb7105b96868cb8599bcf550e65f1d29050e
SHA256 ba2a8d78daa114502b4dce9a70efaa07a4fb13bc1078f9c380e0269f08b7c63d
SHA512 d8c58e876525b9869a6548d9191e0ac3763e0e7493cd7dbc76999c922774cc5b9edbfab9c8af731abd79d7a6994bec164f5662b7dc3400cd957f366500a02cb4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 5f031e9d0cbf7bcb7b8af7d04541fbdc
SHA1 efbec2e84b183b48bcecd34be63d36c7b5141502
SHA256 41e917bfba1fd1a9676c6b22816e4ddda5bdd00476cd8c8e8ae0616417fa7672
SHA512 fef0527bd615cdc31e8b29b65bb717560b261d6d8f5bc5a23ff4ac06f8b7a59ee490d1f5f233432c5a4712ab019c1c76940b010497a2c7c91e84bd02be06a9fb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 e4e4ea7ea6f705c6208ab6f9cd338c78
SHA1 b02d89fc93dafb605eb201b192daa59b73cf53ab
SHA256 2655b4368779c40f360b652653d7edf7e075b69f40802a19a5d4894567b0a9db
SHA512 83bf5e16c6b8c777a6c5cf5985a82623f958c070f6eab1e3a7afa8af0f0115bb7ab62e60e9b0e434574173c27af831fc907f19c121c0b1f00283ede1e7407898

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 63193de42fafc36dbcd753edf811aade
SHA1 6a8dd0258f24670078d772eb90ff5dd52f3084e3
SHA256 ab68cdc7ba95fd106ab5597c527bd6c41e75390de9e68c0de07f13f6a8463c23
SHA512 dd28b8e7919338080da7e920e128883651d9df9bcae08ced5dccf75048b4b8560806e40cbbcd31bb5e2a291391c9efe7d7498705c4780b3420c2a0f5a8ee19df

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4aa17b9813d086c2b9d0082754578bc
SHA1 eb51f1476f5a2dcb5d742a8df39896062335ddba
SHA256 445e1c1b96cec13304a01d000aaa18b963d1c08f1e7e8c508190481e6ed2442a
SHA512 bb3b28b10f231665054d352eb77354bdbed13c381fe9913eaad0a2a300cf2e1d8c65226b128a0fb7f3e50b8affeee20f2355ed5b6d6c96c58558404bd4a28a1c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c87da46a5958ab7ad18f874ed852e35a
SHA1 911e1736b83d83cf83f265d480fa7d194cb52339
SHA256 220fd70d6380cf7e234a810587cc8e2788d98c79c5a61211c417b1fa8fae8171
SHA512 f0f19354fa05e313cf8c25a3bdd484323edcf479049d67d6604525c89bb8ad64b8e527a00c03353b709f5363f27f2fae09c9042d4bd604b3b3f3dec34b3c202c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 21c1245769bfe90175d7e0e87cf7c15b
SHA1 f33fa6c609d07c80bb66835b8153aec7e8577400
SHA256 1c62b8d28879e9f8a61a0cafb0eb73c6e5f91cd8de8593c72b1e88cd38882c8d
SHA512 0c1ec357e539b10a8cebdeb280be3bb06b14b162f236e1bcb17eee6b0cca8f9bdd18627ad3e2ba60878458d4155428116aeb32542f06952c0b7ef169b76e1b02

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 1ef08d1709acc13cdb39ffc809fbed98
SHA1 b310c1471a4954f24d543b95fe16f38c6c194665
SHA256 76dad2ad2c5314cb50856c3e8ef99783eaca30be68dcc1119f7ba3c80acca6a4
SHA512 295375b4371f3d627b0450abdf66a58815f4f7a532b0bef0a1a8b8b35a225600b33eb8a2a8fccf1816e3849c31fb56f7144f08af281607ebd4329ae189f56bab