Malware Analysis Report

2025-01-18 20:37

Sample ID 241205-sj7w1szlcx
Target c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118
SHA256 428299dc31e27b87dc22effc5ac29f77309061ad32148a0521b94fb438c4ed56
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

428299dc31e27b87dc22effc5ac29f77309061ad32148a0521b94fb438c4ed56

Threat Level: Known bad

The file c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2190) files with added filename extension

Renames multiple (2209) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 15:10

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 15:10

Reported

2024-12-05 15:12

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe"

Signatures

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\catroot2\dberr.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netb57va.inf_amd64_neutral_6264e97d4fc12211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1F.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_prnlx008.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d3c351224e8ae0c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-18.htm C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f1c4ddbe1d6460ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a87b71a591626c1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b7d0e50159d7fe4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0d4892640d5a889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.1.7600.16385_none_91d5eda96e27b8a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_414f4d10b077c5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1f85c65eb05726c7\settings.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-first-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e96e31580cc200c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.1.7601.17514_none_0fcd98a23fa9452a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ebdee3975b6f113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_6.1.7601.17514_none_8bb36948ae5a5afc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_06d49e4cea0604a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ab09743d05aab36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_de73c80256b94e4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1edda9a99ffeed56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5287fb653132a4aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b5777d55ceff979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_403deb7699962216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f3598caae7a1724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ponents-mdac-msdatl_31bf3856ad364e35_6.1.7600.16385_none_420a021325513b63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e7be835328ef2a06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93b34f8f10d6cb59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b7b7753bfcbf4fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\correct.avi C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd63e9cae56d5c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c393f6e884ec7a6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-dilleniaupc_31bf3856ad364e35_6.1.7600.16385_none_8390abd0a70bdb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_7b674a85b5245f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-mscorier_dll_non_mui_31bf3856ad364e35_6.1.7601.17514_none_7e99757d39515abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_627329c5bd7d0f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5c34eec16d0ebc6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a84c61c05e35b4e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_comsvcconfig.resources_b03f5f7f11d50a3a_6.1.7601.17514_it-it_fcb4104b09d543d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c60dbf2e39f40d95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_91dad42d6dd1ea26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..readwrite.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0921e3e3a5d60f69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_60588c2c5e51e081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2317dde6bc00bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5f871b07a900d354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81e99d7a3063fadb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_de-de_b9615ede3154164a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\en-US\epgtos.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_892e315f4e7ef6ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.visualc_b03f5f7f11d50a3a_6.1.7600.16385_none_5979280b6e249d91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_898fb6e6c8e19482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b0039ab1e26e1a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d36dbea01368547a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_34d01b93a7afb74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZPSFVNEOBKPZAMK" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe,0" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 34105a54c933656ef940379c27152036
SHA1 17f93b42e26aace5a979de6bbf20306d2ebcb7c5
SHA256 22e0f9ddef21a68c4a5c44f88d3faa907f072626c02194d15c6e0ec04abc8855
SHA512 2a0d537fb1239b84043248472a8790cf45b588065892156766ff15a268f69bd13fe74ce7eabcd1ecb7747ad51ea115887d13329fad3cd378e17e712d8c5dddb3

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1536a3097a194792b5e896aad90235e7
SHA1 c269537390e8c477fb9aefc951b1d3213eddb9df
SHA256 0c3785ea50bc46bba2f6f245858c0259eebed14dad47ffeb8fc4269bd5bb2287
SHA512 4373bf8a435bce81bf13134943ccf48f3537eb7e12d8c0dc867b70baff5b0322df1021bd728ded57fe88fc9bcc031873cba23525c9b191033b3410f2de20c26d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f60d9b6aed02e1a9dbbd1e68b3e90f0a
SHA1 6ebb902c04d25c9c546f0a08e2105a00c848cfc0
SHA256 57b10f84d18f118c75980efc634e34a6cd45cf4a1b536d24b4b5484e58abc588
SHA512 3479a345d885ab6e25e8a3acbdc4fc686fbaec02dda3f86378c0f750b23e387d672b5cffd05f0014537fbc6920ad7cee61649e3c43271b057f5b72df560b44d1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 7098b908ac1352fb70e6efd034922f73
SHA1 f7c322ec007a903a18a477c2887b2d0e80e90119
SHA256 b7a432704cec99c34d3d7d78f261f792f73610bf4e30c1e277e061613e092070
SHA512 b1ddf8e4343d12893a7d3ffab8511d42d754ac34db9fb88eb5682700e02ca47481d8b922dd83244601ca21ecd6038117f5ef9dcbb46205423fd3d5e53cc159c8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 68243838eaf306d995e173f4d6226c62
SHA1 b99cd72165c324d6b72b2aab39772449449f72b1
SHA256 cb44a488df4ce13a607eb9d9d95af986ce24eb8ed892d348fcb2b82c289ddc4a
SHA512 eb9ffd776d7853867d95f418364e094ff9844cd477250c8a3b59ea7a8eb1cefd353d13a856346e94ce4b0400cd202238509aafccf07dd64a126323c8deabf3ca

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 cef3843983a01a977a2deabc5dc0a1a9
SHA1 2614b32d7217f1423be9a4318868e4df292373dd
SHA256 d828c20c91400a16f794e8cd46f259343babdbfcca7c0396350d3c60997f7f1d
SHA512 0a556504af49543c80eed10e2c59df82bdd099de34bec7898e76eab8d6ae6c2ef264d9e9ba3c7ffab7625dc0d325730ee880a9c5d29602cb9369734cbf2c309b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 cfee59fedcf19a6019f35517886477b4
SHA1 7624af5a60bb67d1c2325a9396d028cf828b9e33
SHA256 dd3c9af4f1a285974de6275d4381e5e10c1856196121715c5854352bf6aa7fa6
SHA512 ac4f3bee08577205024e57e9cad127ae79d06ee9dd1ff32ae12911406b9fe9cb8768c922d5f6c7758109698762401b2865782fa5fa1fa09f916d97dde8f17051

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 72fc077585cac057076355de5e2aff21
SHA1 50d36eeeebc32ad075859e714691d0787b7cd428
SHA256 879e78a2fac8cb3f5f3e9a7595d6adee7ea802a5da1c2fdc99fb6490ddc10dea
SHA512 eedeeacfbeb7e4154147a14358fbbeb4c030c005a5248f62aa563ffb82ff7e3c324d77cde419ee4d417c712fe4757ca9c1c18909ec5f4b9c0ba35f30fe650dfb

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 8401ca3a01512fc5b42ab778125cedc9
SHA1 bc7ad1e214c64218a9c7c97536ee75a943b2f7e2
SHA256 c55b7eec3d17e7f0886943f5abfd4132d65e50ca6cc5f2e19fddeb5aafd3f23e
SHA512 fd9713430765d3e4057de6fdf7de7379f32185b18c0ada7a7860507831ed4a502ac3fa24a2195a043955a14efcc019853414b484f7d11169846c6188a9536fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 9b012d4ad7ab2c081c5a54757a789b23
SHA1 eabfbd9783f36fe4d898699e9aca8ec7f9348b5c
SHA256 0713519ccc841506e736c819f114d0f152c3155a1fa3aed90d20e9b3706bfb75
SHA512 34ebe98832c4b5f426f59b04a37d130f891c2186a31d3405d17470ba1bcfc8173f83382fde6e47f4819359c16cac439dc6b089de474c0a0789689b7afd3d7d5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 f1887fd3f6e763cf3e5d1533022154d2
SHA1 7041b9d71023ad02d7d2b6c133e0fc1f99dd8245
SHA256 b51117f2ecb88da0bc26234900c9dee89deceba62b045f143386c426739eacd1
SHA512 09e990edfde7210cd39435bd119af2f7e49e180c88c1f13b9ea78e32b1fca146c45c78fad18f960d115d210dd89b1f56cf7bfdc831b1eb461e01c4ed7ab51c03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 69bbffc47dbe2a30e3f2f77a8fe58c19
SHA1 26b20a3f20d9012bd38f49dc66f2331cdf3c0629
SHA256 db8f535f397c1c2104d78a60ec3ae6552c8dc17d39ca08593d32e1ac1e2e1ea9
SHA512 408d9c32b5fb4c476f13a8f8d0a7c91ac2b8507ca7e3e13fdd0c5cdb72fb296ff5499a9220732aef099006295b420df46c36385dff7caab6396a46f0b3a24a8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 01eeebc1956794d7e3c4405dfb9c3fb8
SHA1 db27b696e1c2e9573852a77b0d4d2e49cdc4131a
SHA256 137705b20313a094edb73ca465dccfa08d9c562b407daf9b86a6efe64fece33b
SHA512 9084a3d9b551019d3bf6d05803e675b49ce4f5379484c9c07c9ff9e177403e4b9473a6d6cc23c398674e9bcae029e6e73ac33debebb01c2c5372fe2cdb347ef8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 39a32a71600a61c308e16e834b3f5c26
SHA1 237dae6b66f0bc12294820ebc7b8e4318a2875a9
SHA256 574fe3cc6cdbd10f7ee490babd543d768e944f14e249e44a63b9ce78416da462
SHA512 8cc029df082c35b6b64ac06c52c3836def5e57676ef1b01874bac524f67be5dbc70b38f0e6c1c18b267249f89ea8cce4e2877ed58e70b313d2cee9c7262c67e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 68b61adb3dbb451ae6dd780f7e96492c
SHA1 e5a21bf460254dcfd68af32f8379ae3e94c835a6
SHA256 09762752133c2077881727a620958d06ea76c2a129febaa457d70ccb11f9e423
SHA512 282133716cdfcd4ab9113e0f8e0a5d928ca2cee3a5eebcdd9a3f10727a71e7ae64bcb6fe219259886baa8ade204cbaab042a75ec445238fc550fb946cf4417ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 99e19e270be27b33523dc079d7e0fb7c
SHA1 d1e6be2fa8f1dfd9c141b366a4922cedd7a40324
SHA256 206b890cbfd4de94962e86d83e3428a1142feed6f405846318e334a96a9ce63f
SHA512 01d09bed1ce0264a946f644c35b16c93d58c7cd440e325a680667bdb1b9ecf641714f928732af714492fbc593d6df339ffba435fe9867aa8502da572dbeb0e12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8bfc73737c49a30d74ec43a32a5caa5b
SHA1 526ecd9fb3cbe4bb60a92856b9aa3e6092de59eb
SHA256 9d3efdb3a3af05627cdf15b487b00e5dcc3e2a7c6d5dc505fd5085b52b8d3650
SHA512 e44996378beb3ae5df0e493de05026fd40ee7bcb2892e8e56b96c2eeb9d9e0033cd5578eb3643b9b5e0ecd72942622f291372190b7a84e31dfddecd7dc96b91c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 3533c51bf68abeb75f0734b9a0980c51
SHA1 aabf71a9d25f88087e63127364f3260c806ac59c
SHA256 d176b35c10016df0757f22a65b5f9487f7905d7c91e405df824f27f945bff9d9
SHA512 464907c9182ec431a7197ae7ffecbed5224c9fae9348063ce69d15d9503beb2e9013ffc855f139fe63a969989d11d2c68342c2eb658f9a4b00b88177687363b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 cba2c973ed4b1e1534f795067b84530b
SHA1 7cf16d6020d2401103882e0e02edf1603cb9d275
SHA256 d9575295cb189c02b88fef68809ec9064e26c9c716ffb35c6634127467e82da9
SHA512 61dea43a4be4a0238d192c1439a0fe2bd3adea8052b411800c64d9b8dd0f71385bf25fe9b9abeb622b51f713c305ebdbb1805096e3c203d25bdc82e1703d3cd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 a9827479ad526c27ca8a68ffd9082198
SHA1 a6167be85aa81fe83c21a1a605cd80c2713ab975
SHA256 9c36766e7ca476fb8aa07ddc86442f0ca08eb391b4e8dc4c59467b346c788e22
SHA512 552d9ca6bd7abe445dc02c0dfe510858a8d34ee929ece0221af26b46148e29a52dcdb164f2557bc4685656e7d43c563643f59b3a7a32022aeff05b43be65f2e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 81db3d93eae5b664a8282a1d917156ce
SHA1 fc8b88c442be37908ddd876ea35b023c67e19c74
SHA256 44572c49de5e3bd91774bc1ff3e7322bdcd798351ac6229eb9c5f295848fea80
SHA512 b0a4a6350c21915ba1cababbf5112b59e769f7fc38a58d09de3367b9b1db3949f8c40e7951c1940353b60dfae054b744f14c9b1c4c645022dff345aa115b4362

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c8897eda9e660c68c13493e9d84e6ce9
SHA1 69bba017c63c2b66762902dacc6821edddf8f962
SHA256 744865f925b5605b93821922627342ea0008c2260f88b59878fe01816f939c3d
SHA512 84fbf3866405916767d5fe67be43b5277d4b43a8be2731046f72fa6e4c11695ec9e15ed2e72172b9743cb3acb3cffd665fcee5d90415637b6b6b83601da4420f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 1e8a875a34efbe0f06d5e3d973ee3e65
SHA1 bcdb53f2f94e44777ff39325a288768f003756bf
SHA256 96e42dca7d6cbcf63e788936750345efaf3668e3995e4bff29c835c1f6e8feac
SHA512 872b39716876793c5049262c65cb18ef9c8ee3213943f91493777eae7632c5963f71f804fdf014de23fb5ac6df3ea6d2df11d5cc40c7fcc821c7c5301210a6e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 af8c85e95e80b0cc9a7daf7a76060d89
SHA1 21288d6c7a870aa637cfb1545b9fe3435dc44f3a
SHA256 55a49b0b8382f817a68b9af38c73eca4ef743c0854974da62867cf5f9a2b9173
SHA512 103ab9f7b94a33f28d3850404578e1e3dd9496f0722287c08555c8bbc6900986ea262da70d8b64f918b5160138e53cbbd50398ac1c7b966c8fe983881946fce9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6f3f31b1db9bcfd1be221d8d6a674600
SHA1 10ac43771fac841cffa20580ad6c48717df6c52d
SHA256 8ffd78b36776110d4417abd43ee4582d4fee2a54f3f2aa09bedf3ae95a575c82
SHA512 8fba2fadefb89b146d06573834f22371d3a6e06cce5fa40f44d6f1496743e60f42b241ca0914e876dd29a77a5348e06236bbd5877540e4d1cdb09444c340194a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 fc338dddcd17e9760b82d35cb9c3d0b3
SHA1 c483918cde3804c89417b2c12aaaf919a79e6d0b
SHA256 7f94149affd68336395a50953b0528a4d7fad018aa322502b311a9a42b76ab18
SHA512 a8f434c3812f1c85c30b23ab80c0e00b78704b94ba78f05ce209e011891377edec714844087ecd64edfc15079a618be438fe985938d9b82ce1d1bdaef871a7b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 0bb622b318b6f2899adacfcb9d614eac
SHA1 b6ca9177341ae08582497f38bec0d8d369367e28
SHA256 cf58fdd948c2edc7300eb4ef96cf17bc16fee730708dd98fd7eb6adbd04d1645
SHA512 236bd00372f6e107b54353924fb064d056a6286bf24a0315d1486f8050942642c7fcb32aa3f9e75563deb56ee6e7fd395023c1ec0e8e54ba611ef59d85cdd45c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 e0b80fd80efbc501bb17bf5b6f22aa30
SHA1 0f20ae12191db2b63c623cf3fc82f5326f21a6e6
SHA256 168b0e1cf638dc7c7c444957196f71e9f28ee58a724c9500752ce5c83d11a343
SHA512 31f0a78d8f8c9cb7d3d9b2d0971c5387c19f2f22f3e02c47edc5ef1ae6c002e64d1c80f66fff382d22e876ae2790e9dd31df88acfd98a192b2da8abe18b23107

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 f86141d4398175381238df2e5651d7aa
SHA1 557c8252e79955adca612783611d408ce46be39c
SHA256 b0ffdbb5f58411bc7cd87a5fbb7787e8d0c2be99db3a0aab4eb8b77aa8b975b8
SHA512 07eeb59e6ee38906db23fe9301b25d24a1453243cb75dcd73b35ef477b3683c895859439856a5775f47812ac4ba823b9d84579f4f2bdd94afbe371e3d0e0a081

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 9f531d10167d2a497f80eb93d2e38b0a
SHA1 65f8faa1a0f4dd5f40ac4725525ea4712ba6f6ff
SHA256 9c8a8a34045635c38291211a56e175534799a9c783cd88507482f8fb72d01824
SHA512 4549095ae1990d98ffb00f32815733283945b326cc8a8ce115b2996c1f13e77a3082e27fe1b44b3353a209d72420cdd37161147eadfb4c81a67fd7f23deafad0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 37f1ed1f9b6299764a353654cde72569
SHA1 8843fc749f1d6499c1ace809d88cf1bfa44a99a7
SHA256 381b0b2c7ef1b6b8da208d2f2291350904e55668ab2ef2108c1cf98a0ff2a261
SHA512 5214da4f2b7abd5279aad738a0b48d61b6aeb2c62743677f275acaa9786f31de78b682fac02a9c06b4833d9df8e05619df7a3e83b08b88b6c852bb95fc1f567e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 271a85380aabce412e2bd8dd4e461ba0
SHA1 3552a394c11f54755028de37fbc827551db7755d
SHA256 36227931852b8638f88a35d468297d544c732013afdc9190e0c5ed2993ff00e9
SHA512 4835403c9c0e4386bcc357c473ed4035a515676b82dca0fdfa8bf7b4e9e76a799170249a433eb4bc845dc633e1952c9990809fb338341263d3288b88f2cde416

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 5b9ebb8b3bb301f4e30be2ced024ade6
SHA1 dd932e4ddd9a6e68817195861596955b560cc528
SHA256 92ac61edb7f8ac3a3787997f82f7e12939bfed726adec7144cf80e8692a8ab9a
SHA512 819b0e0e0849ef55aa6008a5bad8ace563b489dcba53911e27d5fec9655af559868113fe93039db5bc5d7009061373ec3d4a0d67c5ddd86a460ac18edd79c7aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 fb8e81672e99ddfcad523f25cd75303d
SHA1 059b90cb0c2ea761c7110462c0195ee38a43bf22
SHA256 266eda9bc06cf8628a9c031a6d6987330047f5443e54dac20a3330f013fd3d4a
SHA512 410abfa85e98930a77bd87e2486c4ea5d633be9e40e8c85b767fd6bfd5d82caa0b1da5055f27131d6a66fb67527670e59b73571b83214f7783cb22e1a3cd1cd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 f4e3b3ea73c1883d5038b9ee86827f01
SHA1 4c8e46b5d037c4805214eb0e5c3111621c288c3a
SHA256 205c1f34dcbe671a31a9800138605f48a17768d610a69d8b595d845d81a3ce1f
SHA512 a710a04ff4a3b55ae8da244871d7d5afee60f396c6965dc96b9b235123160cd58a08eb9e6120523f47aaad043673a98af7f10e9f081822c37b1ccd8183bf351b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 872ef0d3956aa2a1485db57a6f6ce145
SHA1 ebc4b322e44255db54e6e4e45dea0383f6d8c4ba
SHA256 49e45ebbc6c4b80414f7bbbf7fd92b9635d255aa0c1632b5bbdf533cc40fa5f1
SHA512 fe5ff5e6ed323d30a521ba90bf6902101cbabe0df623e2bc640003fd40f4564971b93449d62690879f8df757a05d9804c5ad4c1a7047e11359f366f29683f947

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 51df5e6aa5f4e56e6380a272e5048908
SHA1 cd17046509e1904f18b0fe2cff48e5a9be3ab5f1
SHA256 b37e09d7066b1b206990ff8ec25729e5949c778def48bba16b298fcc6bf4f884
SHA512 2bec0ad67b250d027daf3cbe5d18fe9b5040509bd30e66c844d7b09743b2913b3b1e09bc8491802e73718e228202fe87c7624b46955b4fca1f434ad010920614

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 17eb02825981f38ed48e4cf433502229
SHA1 2093c07995f76780c51622ca6274e95cbe045188
SHA256 e47275ba36894faad22d84aefc821c2e70608f689f713bf524a6bf302e96ba3e
SHA512 e8c7b996fcd9facdedeb9c653b8fb82a59d72e97595e11e76816048d46c9a1b5163c357ec1aabae7d22bea263172ee27d3f5f31a027b1dca666bc3da6d5d8996

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6e4db3362d92e3d9b563ef3cf98a8f46
SHA1 a8bbe6b60421e14d7d6c0a50255de9ab8cddcdb5
SHA256 210aa340ddf18ad400110e840e164849d5ed006b4082f9d3dd88e2fa3251b595
SHA512 30e666ad1f43611e5e223277a7b5f73b7a3b6cced7bea248984e734440643c3148341f5e1d768b6b307b675169228c9b12ad7e4a6d7e99373d6d15ae8ff20132

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 8c13a03d52aa4085f59019e7b00221eb
SHA1 01849ad7c661076db842417a40c2d2f0d29a55e5
SHA256 68d5f861641b64c2b3587b4477068c00e68c4e087980acdda2952afd33816687
SHA512 771c3c8808574bf19ffd116b9166ab8422614206741c3e6e347884f5326d8a546bc889faca6ce24e6345fc3e09d6db94b6de3dc2f860024b2c38338daec796c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 0cc345c742783b6f2ccdffd8cafa6513
SHA1 a082533a454ad12900169d910592a43386d44341
SHA256 6ba4666f688c0dbc93bd6567ab11b4414bffb87930164f965bd695b00996fc42
SHA512 ed5ec326e1f154251245698a5d2decb90176bc25a5aa3434a0e9fd4dc776086403d5ed37873aefae54bc213db572e902b41aa427bd2a0b674aa98e2ea3d662db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 0bc7a60fc14a2dbaef13bc44dedb4f26
SHA1 95fbdc1073c7ac8094929c7239ea0ab3d72ebcc5
SHA256 ae8875ce417b4da6dcb7bfd710cfc40f7fbb1e8584f06274c258ef9c082670fd
SHA512 d8de43f38d803656855f5851d1654175d35d3014cc7c2896b88713e0a4e7ca07fba87e69d17649fec762eaca2c707f3b2fea01a2f110a9cbab054a85db78ff6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 ce2d4f92ebfadad55ed21f3496008732
SHA1 50cf05f78ec17b5a9bb759374d1c1e043e848ecb
SHA256 542420e3e04fd72b9c089fb20181c1385f9d6554d3025a7e63e5929f864ca09b
SHA512 a58a8b73cab52ae4a0e304d3628c65199daaeea9c26a71b8e6741c4ab159ab23388b2b90a9cf1628ac3f4e459a36cfca26bf41479872a75cb8ef59fcc4990842

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 753fc9d4b42e9f270f3c54e73a70ed5c
SHA1 75b7bb963fc9cdf2652e57f1cbc844f720c22c36
SHA256 1667efe9e4906094bdc2391a7c6f16b65f284a7bab650ed7cc38d0b702e727aa
SHA512 b6c789631da681371b69e34ef02261b9ee00ebf9ee408328a3e6ebfa1887d4818909156fb6a352c58643698cf2eedb7cac481cf6a51bb93ef7f94d49e4c04b56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 7fc15df9c464c1b329b2d866e7c5d8dc
SHA1 2702a9679f2fc1b4ecc61fb0e1174dbccb0b9451
SHA256 0fefaec5f00eda030297450171b49e9cb414f6021307f97ef8d5ea4c03032b0c
SHA512 cb6294ba533aa83c7e44bd14a7d7fa220aa21229c6a1f8fbb84d5269c7c9a64a07a240a28d3f9b7e7fb3d4e1b40c3471957d7644509af01ad15521e0455979df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 5580086575eef75ffea3c03d1eee469a
SHA1 f56ccfa7a57f2719b3671fff6ba17bdee417f4c6
SHA256 776bc2b2c96c383df2d6d39d0192042ced0a14882bc780005b6c9d276c9e215c
SHA512 8604cc525ad662ea6feb1b5b760eccbcb00dd4501d7b84bf9622432de2a5935f48f3a7b0cd53b6b9c1f5d402fba1c0e6de5974439caf0a063ab5cae7fb3b98c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg.EnCiPhErEd

MD5 35c89f9c5382658a06ae994d15af3117
SHA1 bcde2849bc3094a5a93385d7b45f41cbead78367
SHA256 9034b6ee7eaf83099e674e56e6f0db8763359571085842956e75ec90e71ed159
SHA512 b2d558c376e36b490fb42c22c86df21e72b7a20dea53eeb3b395f194b5bec36de0b11388c13785781f80f8fe4c74ccd54818f9eced31d5b72ab8b9564c14233c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 2df064e766203e03a8b15229dd385f8a
SHA1 e614cdcc60cd56d9f762b794f77173ba0422d807
SHA256 664ebe77376a248ecfc9f873bf91fe3d3c1472dbb4ea7ee1edadfecc8c1e3c2e
SHA512 88ae8d77d3b2112523643d51a6f309ab79637f1d21fc844780216a055e01edeaf40536a89f4d485c936a803d161d778308cbab80d86d81e2f2283fb39aef58b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 7ff0e2b2e8b558d0ef8e1981fbb11688
SHA1 51afd49a107e56100db7ec305a8b841b1c550634
SHA256 1a221fa88937b73492cbb2021872f4a506718f3d7310556096aacaade43fa098
SHA512 8547829e0de1d0604d1a7c44d8d205fdcaec9508de6db0415d23e0a32041810738401f08c783a02bd0c2c67a431d1863c588769452c16bcb7eecc84a1b15a657

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 947dc82edc5e7e9d5101ff79cca1d14c
SHA1 a0dee599b0a9d4ab619de1ac30259f087d2b9f6d
SHA256 c8dea8c6e03be042c782b6d555ebb72b7047a8dc4cc79193d120a1c299f0620a
SHA512 e769f8f864bd5c85223fdbbf612b51bee9f4f22052abec578eb40f5d80dba1ef34f2b5f0fe23bec1752c7266d88650760a7ce75dbd941bdf1d731584022ca64d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 d58889013e820875a9e70cd9de846c1a
SHA1 96812d418de7c96ea0fca9018a9257654f4987f8
SHA256 c68414d92016d6f53e1e6b4f2ad3d5d31a4b02082dbe844820b8df085327993d
SHA512 9d971ec7c3e8f99b2448dfe7b3f7b257012578d96c5062fe62ffcc4ebfdb95e0805e35d75c65f7650470f058a3c45aa9c5f187f3b9e6ab71f61cb571a53e1fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 ba38acaa5b329a4756e21b8055941629
SHA1 582e4e5741d2a2b3b01e7afcc977541c0ff9740b
SHA256 103146f9ce1a693d023c01162d04d1ebd5a2af46baa0976383a5a06133d8312d
SHA512 f72042fd96eb826fe179412343e0a27f724772957b311cdb2040e85a017f2daf09688d9c081338fecac4b64fe495d8f92f5514522085b6cefe48abe95502a26e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2e95bd61c818eba982be3c76273388d8
SHA1 d21ea83e51422a29cd37a5eb4ff38f577fb31995
SHA256 850a93aaac94652d22e7d31c54dc718a1b3b598f298471b05abc2db553074fbe
SHA512 8aa5a6300fea5a638e2ecb532b09da82c672032d637aeba0da23d737c0dc3369c8dcbad0ff3abf25e6d3defee020fb72719d76297bb60acf2e00673e8692149f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 6950594a530a32d731ccd85484542189
SHA1 ea0c22f0d2f7e6ba3e44ccfd25697cf0e8daeef6
SHA256 fff08c992a475536ee6a974f2a2539d64f9953eb3896d50acc6af9a20468cf23
SHA512 34234835a1ade9750bf1d4425d156602c36d792e789a4d4fc4ada8df2594bd3063ebc124d6709f6cf38f1bb8f15e504fcb070e4c9caa79111e64d6759aabefb0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 b742571203280b5c44c9b1cb67171e3c
SHA1 3d7ad9cae2742a15bb6f34f567d0727b5e1acf83
SHA256 967c0b3b6980f5a4ec26b0d8d2b4fe14a12bb28c8a7f0c43ab28893a451c9f63
SHA512 bafd0883648841527d06f13f520d47789913b32e0f83017028ad45ed0c5dc0b0378895c6ac04e32df2d1bfb7315ca9ab6308fdaeb9d2942460ef3ec9750b493c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 906c44773a5d94865ce3683e506f4196
SHA1 dbf50a6952f47a4469d1f8988b9192a3b5b5378e
SHA256 36953c63abd5b9ba032a181944ca1f9b6e4a502d47184e4f9b95037e8bce6195
SHA512 392bd299599ff3967dc234b52632ff924b2ee2cec578ba560cd635e23ecc7d8d558129b9985ab89bd142e024ac55a9cc57a91f11e8aa903bdca3e25767f05c07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 c71928d48b2dee5c1ebb5ef972905ca4
SHA1 78e67a8cc6039cd2225bd4e1f20308e199413980
SHA256 a56a4ff1d09627edd5a162db21ca0a075c40864d90bed5c17cc9d8e328f753be
SHA512 46ab3415aad619c36d64f0fd3582fff38e2283cb3c69f3e45c7825bfd59d6162908278d50d891b75168726a600c04dcb19e3d8b04f3439a3753e90cbf811414e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 9eca6530162a5d45c7c12f73ea4a44fc
SHA1 3da343c2b95a389948e0a8e3b53d220ef8ff5920
SHA256 7998a8962e9486660d01d53696be2186ef3e84f8301b698ce6e120c176ecd6c3
SHA512 94fcb88e78d6262f396ce9127f977a7be7960da981fc6b0dcc7e8c1f822e65a255c712c23cce71ef4573f3be3609fb90531f7478d0e5da9a2de796d84458a0ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4371e91e21cd02f1a328ea6277e0331d
SHA1 5a7ed2bee01b759d8021aebf0801acfd3f14d953
SHA256 4f41efa59bfc05159a171626ffa518c746b4262e753504bfc4b83e8b3c0a954e
SHA512 df05c2940bdda49de3a275d804ad54c9216b9690bab25b4c946d06463ef54f9667b19d70735db3c42a6b0e7b3da7e54629160df6b20875df9e15166cb6d06e1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 6d8d37d3bd2ca9de456366435ed76be1
SHA1 84d824b2892bf5e2f7b06ac971a72f8ea1cc7353
SHA256 ebd946466ae6d58ec5dcc95f28edabe19d4a13d2d89f8dbcd1990ee89b307116
SHA512 d5deee9a34c76f3788bb319f65280651eb4d6e482e61b00a21d1993bdfb50661ab772ba12af5de1d5c369404e46363510c5d7d62300a875936349dd058e14c05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 0f843bd367c793e044fb74ed82c839b4
SHA1 1facf7e88ccf765adfffddec76a8bde2d80970ff
SHA256 cbf9d6cba656d0087daef915e65b30f85e76f3bb5f5cf138581fc290da2f9932
SHA512 0a8c8c19925a82f7d4fbad3b026a5243f8955c95925e3899ddc4b6b10b4f08532edf97e1752e83ecbb6fe278426973b4991bb4f647d1303542e4e521f15bafc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 dc352704beb4fa235c0c2c47a48bf30b
SHA1 59a13a44976c0635185cca65807c9bdb608ce901
SHA256 f910b23e2251399ee4a5e4a95e76c9c6fd8065d923596a5c61824f64147f312e
SHA512 99c2a13d1914477803e4851f821df7626e4a83aff20936ccdbdcf5f53421ee8c658c7b57918f090277ed1c67a8d241c89710762d8d9dc6a2f6c87db61ecec87d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e84cc80fae946ae1f0d2fa0233fda64a
SHA1 0a28a41c736e1872e4372b266ce6020ba1c2a706
SHA256 1b4e2012783ede8e9cd8c1784292e37f511c5c4c332815deb76963a85c790f4c
SHA512 4bc7958fecb6b2bc2f94d70eef1058a8b675dea97826772f378a1da5647d2879b27c808b36c80e806d186366325e20b123b8bee4010d5f68fd8d2148509692ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 08694344edea5153f7ec5eea7cc08847
SHA1 d7a68f1b38df445bb4160e74d984f631452a6d3c
SHA256 55d2b60b07f38295a026e9f0f900f43964d458f165148a14d1a4545686ce4773
SHA512 0804dedf5ac2fe812cf18c49bce0178d976c3b75dfcfc721e4c5af2ef3a8ccc4ccb0a3f446c8cf59308f8f4e9cb8bfcf0a948222fd254fc3c8e9adad6cdacdb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 f90002d0f82eb834fe18ff0f376c9767
SHA1 5e773040ae291ef41340c1bcd5df6116d0fdbb8f
SHA256 28883a41272ac8d8f4244fb9899de567bc78e3966f9c18b76227cadb83224ec3
SHA512 042a203cf8ef7f7d5f27c53376a604b67c23640b04a5e3c9f3283ad55366b6677788cc5a8647f51d57c5a64dbf6f0fb6f7023ee6fdfbb41ef015b58eec6161bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 9d6d1fff68e0f92933c7aacfbc28b551
SHA1 28002175b32801ce634cb890bcc921470dd38dcf
SHA256 e7380bbb506902b14b0782495cd315ff134a7242f69ed6b8be3df02e55d255d4
SHA512 da06744ed378e352dd93fe8ef047430a828f949dce30116161c3b1c815f3444f6078786a824ae515e2efe8d8e161d1778621428bb8205f364304d123b3d307d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 26f7378709598344f37689c3eadf59f5
SHA1 d60ce901e6072f975e67feaf4eb6e872ec5b0f87
SHA256 e61df7a22efcd040e1681783795d0fd165a986084d843d06a08934cf84bc5be5
SHA512 bcd10a7a22c5ed27af7c56bc2cfe9b2eb09b19ed72d73b59ef09de245ec7bec9e5f32976c0b0206148d2b9ee0e2e66e5567c1ecf28096c0abb3b8ab441716cfd

C:\Users\Admin\Documents\TraceEdit.xlsx

MD5 d15980ff3196f055ab5c6c63e83d98b2
SHA1 19db7e6e49880188c13757ba601e8a72449ac030
SHA256 4b5e08a20370846e4e5e5e5aaaada8ffe056a867c10c5dd41921cd657bc76646
SHA512 83ed2dfde4092abf594c9e06a836c699a14f2be0cf3b2fc4330398029f8f24d0043996fc1e493eeead36d0bab9d1602ef6d0cc29af1a7de1dbdc6fe2056352cf

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 2df6b17dffd8a1859a361a0aa574393c
SHA1 cdefbb6e4fd5985ef917a859fc522e2bb0284edb
SHA256 1f324f527975db016e1bc699b5617b83910c4dc8d349779791917a564f958fbd
SHA512 3d60603db22cb0cb5fbc6126246011b523ecbe88ac1f556a063d25a3012f4dc66597ac14862860255c7324ade1df7015223df0119b6a6696b439b11b28b13906

C:\vcredist2010_x86.log.html

MD5 d61c62d685eaaae728c8c273b538c3c7
SHA1 6535391b8e47b9a250e08b7f4efc81a9de2872c3
SHA256 a87ee5a97ec34be8541f15c22d6499fc17d00500da01c1f7defc6dc8db794a36
SHA512 ede60b51a35c4b5b881d4f0c793fb2f876d7783b8334e76319ced63cb780d9b4c3ee473fbb7ef4e7c53bb2ab72675b95529d5a18aa9229d832f025f9f4a6e276

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 bc9234eefeb669f27c06ddc84246cb97
SHA1 d2b5bb9ec848d6543b52cf91c0b381f784ffdc01
SHA256 a43e895e8903394e4c7a804c074f61f7b21a0f9eae867a570bac7c8987fe1a70
SHA512 f811734e0b3b9d88bcfe1e96c6f0c19f23f4db6faa29de6e7a7403981a942f5f319c66e1bcb8a105162c72c36a3de2e8530702d4ad401b3035694746ea20cffd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 785d77c05982897f5ec27a60c68747e0
SHA1 4069c5c8acbf65faeff8dc110dd04cece7ff4826
SHA256 1d81b7c4ba7bd40afd218102059ca808a9e56b1631a902c9b51d33d3b258003c
SHA512 2a1482601620a1005cdf5759a3def65b94965762c5a567d999e20de77eb461fbaf02487427b6f841cf414aa5d5c662a7843b3d255c2138641252b57fa955b71c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 10078bc882e04212f317ba07525c7912
SHA1 c0f810c1d5fd2c40d78b18945a9819fbcb2c752a
SHA256 5f07e144b5080f53a430bdb38f6d14450da4d0ec739847aecca70d0ef551ff37
SHA512 5fb68421693ac3364ea61472cba01c5461190107f4e979dda50f58bbbf000d868c40f24f11854a8afa69ba4f7c1f8fcebbdc409c06be0538aebd121a5ad3e884

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 2a65ceb211f297e85cbfea9815971ab4
SHA1 00943a8dba6d552e01acdaa15a9c473ee8205791
SHA256 51e60ae062349272961b35cd41c81789386e6a2bd783e7b2ab4e3343adcf313a
SHA512 4f02ee450f4b1064f335f36f1763d2f7abfdf1b346f1e2a1d7512630d16a01f723a4e6d290c233766f8bd1d0bd3cf401aa8b5009bb168840d7c44a5bcae81157

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 89e95e232ddba961dd7818c3ef31ba72
SHA1 87a8bb9fee7f91d2dfd7599566a752bc5c04d66f
SHA256 a4033502d808f03435e52b5f64199627898b8f49a1ba9f4fb8dd4965d46e59d6
SHA512 20e63d0405e8998f283163830295c26d1ee896a868c1f668491fc1735ae1fc4dbda1ae887d0e80035069c2ccbddb4ee653ea99cc5533362830eef283fcefc8ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5fa7d70822766ee95436e314762ee053
SHA1 4e1063d591a9620aa58203fa00ef97ae6b376627
SHA256 a78ec826d1579adb8e89219989e52607af4f0e4cc1390c42a9f00c671e0cda43
SHA512 e576a890c0f90ab6a567544c7f4da1e6732a240f43806442e8601710c68a8cf6e80d6469dfb9c1350016303870815c3b397ab2581e901fc727fa5c5f6737ffb1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 480219d8c85debadefc50fc424f36b8a
SHA1 904074167d6ae6fe9f27b687be49557cc7866f91
SHA256 cd8ec7ddaf354a3d4e100a074b9b6e473f02d9273934250357de62560f942f24
SHA512 9e3af363fc14b05dc0c04f082bef5349e9e5791226ed4a8098adde84f00373a1b5bd1ea91fc9d0dd133b8656ea1a74f024c32ed6390d6fdf5d353af5bd537cbd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 da71778ea433431029d7e9aa0856c8f7
SHA1 04c87fe7832f62bf35a86bf1325c337cc068eca2
SHA256 f73f2f08b4b95f295c8ff7e2d2a32326c2beb048991d5f7b091c592dca54a404
SHA512 02c403043b6e99e37b3513a3cea247bd130fe348876bc04232d73a8eab6079ce6c28135a54efd6a93a004e95cb9a0d9c7554a1bc1ebca15c20ed9d55b03829c5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 16848be78c17c86ff9e584a3fe931aab
SHA1 b19ef630eb0760a0674c9f9864515d7e51edb3ad
SHA256 daf96e22001acbd9068361c7b43c88e482440f825033924b2fe792fdd0ec5e05
SHA512 37cb092ea32a01e38192fcdb12267d23ff0d2ded5bf8d27fde77d7bac040794f58499e791965ec0fcecf9a0cdfd56117d90d49f6508a92a55ff8456453f50402

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 113fbdce4db0a1efa8641f6b7e1e54a7
SHA1 f1a38e834eaa204e064eeca4fcec9a3cfee171af
SHA256 b3d637ddf33241f8af78d70ceb7835f9f8a515ce519f57d7092482440e9417dc
SHA512 f5149860b2620adb45c7a500733fe90439b24fa29059cfc8d70de415e280b002581cca954198f78829426e43880bef2d41a542643d32c9806f536e30b64b1d79

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b47aeeeefbe187812b32da6a6050f2bb
SHA1 ee16ef42fafdc4c2c1e09be3cdf15a6f3c6b00b8
SHA256 ba1147306b152ec12bafc2fd49b34b917187b99a0966f9b79f10217d4bb93c3f
SHA512 5c34af9249ab57e20ea16a3294060cd74b065c7226b4471e67c770e5bad2784b23bed41bc25100467fdf4daf49571d42878939475740ec68b6d9c192f6b79940

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 972cc28fa41c057529dd76b7368bf318
SHA1 05bb2c559384c8ca8e6ff4c3c53280a2dab31b46
SHA256 a5bdac680c7e3ae318975053f8f0e2149bb1f1c92452b5d02ea00fe0e816a667
SHA512 b87608b5e85284c803f7f152347577ffca4fd2638475b075f9fa2291df8ee39016cbcfbeb9462a8e742e46a927ca2f0210c5c6addaf7828612152171c9477994

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d98a50b2b163d78b2dea81805d8a7352
SHA1 179834cd359d27d8e08ac176a2131611ffc8018f
SHA256 f0658becdd73b42a7249573af071ddafe6fa4e67aab0144896a9c7d438d55183
SHA512 8e9e9535c4cdfa807c1d8ba60f9a019c33fdae3a3eb4cd8303fcb1b8c2896506737c8a63d6d3b0f6f8618c9c01f84b1976c7531976bbb5796613029a554fb0f7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d5a7df3bafb0aceef0257fac581bb75a
SHA1 3c2803eb9b350c9536f4848984f39b1dffbfc4d9
SHA256 42c14a8afa6efbcbc74b47382559e83aa275736110a3f5abd2b52313fb3dded5
SHA512 4121b9e56edd941dede0238f41ad54989595cde29b2bec83e5dccc32efacf5fbb20f9ac147b39951290216c39d967e426191efe0b08dd7727797038481624283

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3c15deb4ad30dcb3d2b50ff39b60887a
SHA1 c2e5ce6bdcc1a2e477e542aabfe3f189572b88ca
SHA256 cda31a5b359c89878dbbb0afa41c2bafd1d97b7e0e5b8637564288ab9d908abe
SHA512 b1c5790c91cca24c04f5df5340ca79d514592a7ef6f704d844f4eef1dc2bcce81ab3085d74f391cb459b733a852cf3c193ecf95d855a039d099c67654bf93e1e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 cd05023fcb9080ed76097fc23c1fcfbc
SHA1 26b175618298c514c75c044821ef8088f5d99ad6
SHA256 78265129a93fde3a02c66366f42f9b07637de18e2c9a0795ad17586e9b66a401
SHA512 08049642b9b585bd05976876a2f61ffb1880c72c0bde4d7f99244e3a46608e8b63c90a4bd0d1d352f33d907968855c6482a813a14d468954032e5c695934d01a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 d6b5a02659b0ba4f674aed27d0bf2a0f
SHA1 c530cb6f8c7286bd2f6b600778fcdc661daad999
SHA256 2e8f8a6aef90c8793d858b8f019b49e24864b818e3ae70b2e3c08fdb91899865
SHA512 3662121e98e45f0e6ccf8519edc955ddff5c01d81fc9c0d43c8f1c77297bfdf11c83e79c0f378398f5d23b1990369ef6ca61a9f661cc238184161a26cac5a7e5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 25b2065dfc9051e26dc123979a475662
SHA1 340a3a32c8c7779e72f37e79552a8430309d101f
SHA256 d3fcf07993b1c9580f9eb3d3528c42249de64889ca9492ad72e586196153a4b0
SHA512 c600c9baa59401f5711e5ba7324b43d0048ae8fc948fa1df6128d9a4cf8af2d0e7b8cf2feaf99edcd27c1ff09e30c3a8c5f09cdb75c8a00eb133514c6734a6ca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a652694fb221a616927ebd52e286e44c
SHA1 d0f9f6cd264413d5280d4088dc0d633c73a1e7f6
SHA256 39a5cf669da531051eb75d44b008fc52ec321343cc18a2117bf2eb3216fd5bf4
SHA512 bc45df194ec688da7ed0f10923f78fb4543f9daf937fd63882f8099e29a142cd02af72ed2a1fad8f86821ca54c4b7932c109399906a3c9c9a46679afb8f25a4f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f47aa58d0d4b32688b4d03fe5b52823e
SHA1 8981a67b83e389153e4d3e27fb74756f6a58c768
SHA256 863e1346dae7127d6b825764b6a29f9155069c56dc9872e022b5c775d6efe7b2
SHA512 4938bb4b8b01f63d4d645d6d9ae52369e833fa629b922a6b2366c633133d77c313b348b721e21179281a85c0ae29651962543aa0602aaec6ba8c4e9abd1921aa

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-05 15:10

Reported

2024-12-05 15:12

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe"

Signatures

Renames multiple (2190) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_fd7b06296b7ac679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Sunset.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe804.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-100.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-150.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\0.jpg C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8041_32x32x32.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..sprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_f60cf6dcfa7516c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_af86a6d0a68a60fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rewebenginebinaries_31bf3856ad364e35_10.0.19041.1_none_4af538bbc54afacd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_10.0.19041.84_none_3c0b821d6432722b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.resources_b77a5c561934e089_4.0.15805.0_it-it_4cf51b5f7acb5ae0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-unix-socket-provider_31bf3856ad364e35_10.0.19041.1110_none_ccd659acc809c04a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.19041.1_none_8ee60f0d56272cb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7f8e4d377a00d132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.abstractions.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_238407d384948527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.746_none_cc94ebe0400cd6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.1_none_66b82f27f4cd177d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_f646cba348024ba5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ure-time-aggregator_31bf3856ad364e35_10.0.19041.1_none_0aa395fef7ed696c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-admin_31bf3856ad364e35_10.0.19041.746_none_c5b7a9adbffd3a61\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nager-runtimeserver_31bf3856ad364e35_10.0.19041.264_none_3a70ff62ff294b67\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..em-profile-systemid_31bf3856ad364e35_10.0.19041.746_none_eb57da7956b8ee7a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz...client.6.3.wizards_31bf3856ad364e35_10.0.19041.1_none_b5720697df686342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_359f5cb3bc06abd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\unifiedEnrollmentFinished.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_es-es_f430dc031fb598f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-assignedaccess-csp_31bf3856ad364e35_10.0.19041.153_none_2f9be98cc4191f70\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lographicextensions_31bf3856ad364e35_10.0.19041.153_none_766dff58d5beafa2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-alljoyn-runtime_31bf3856ad364e35_10.0.19041.746_none_db2225b0ab459776\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.directoryser..protocols.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_3559c0dc6236d970\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbcciddriver.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a0b5b0fd321a9ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a7b00ca7e10b87f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\ooberegion-main.html C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square150x150Logo.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_118cca75affb3bed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1_none_941508ae54c02087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.dsc.coreconfproviders_31bf3856ad364e35_10.0.19041.1_none_026ed68e6d381ec1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..sql-netlibs-winsock_31bf3856ad364e35_10.0.19041.1_none_640aacd444895abc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_es-es_1c349e69990b09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.610_none_d94fa044111e8308\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_theme-dark.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wms-chm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2108f2815d2a8f3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-powershell-sip_31bf3856ad364e35_10.0.19041.546_none_4667e7de618212fb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_10.0.19041.1_none_420589df53dc49e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_nb-no_1a9a8ae9acee4716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_21ba56ffae4a6603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_10.0.19041.1_en-us_3314cba3b6d379b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_en-us_344a2a14700c7b55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Search\Images\logo.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsantivirus.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_754e76bd3dd61455\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-pdc-events-container_31bf3856ad364e35_10.0.19041.1_none_7eaa31884cc78e84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_195a9f3453e21426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3bfbc85ba6735f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_policy.1.0.microsof..ershell.consolehost_31bf3856ad364e35_10.0.19041.1_none_1daf3f6b5804f4a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1023_none_c9dbfa256e864692\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..erycenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_3da2ab0d21baa290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8eba12254e022a7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d3001ed972ae1e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_ja-jp_5416c68d7ab537ab\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.1_none_ab0246b6c25f7d5c\logo.contrast-white.png C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_10.0.19041.1_es-es_712bf4079e84971b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netnvm64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_a429c5aca43b6deb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-components-jettext_31bf3856ad364e35_10.0.19041.1_none_607a12958d667e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wdma_usb.inf_31bf3856ad364e35_10.0.19041.1202_none_127d0eadfce340dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d9cc841d3635a8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe,0" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZPSFVNEOBKPZAMK" C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 34105a54c933656ef940379c27152036
SHA1 17f93b42e26aace5a979de6bbf20306d2ebcb7c5
SHA256 22e0f9ddef21a68c4a5c44f88d3faa907f072626c02194d15c6e0ec04abc8855
SHA512 2a0d537fb1239b84043248472a8790cf45b588065892156766ff15a268f69bd13fe74ce7eabcd1ecb7747ad51ea115887d13329fad3cd378e17e712d8c5dddb3

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1536a3097a194792b5e896aad90235e7
SHA1 c269537390e8c477fb9aefc951b1d3213eddb9df
SHA256 0c3785ea50bc46bba2f6f245858c0259eebed14dad47ffeb8fc4269bd5bb2287
SHA512 4373bf8a435bce81bf13134943ccf48f3537eb7e12d8c0dc867b70baff5b0322df1021bd728ded57fe88fc9bcc031873cba23525c9b191033b3410f2de20c26d

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 0249767519402d51975f0101be9b128a
SHA1 11d157eff5098ae9e3c895222d98c2ac504c5781
SHA256 9e8a7de98a2febc77ddc08ee8707ca9c927da3eb63b03092d976cc5b1e50d343
SHA512 47f12b1e8756a7ea545462933ab46fc0ac781bdd9002805ad0c46668bb91bdc9ed8ac7454ec05daec5a14aac951307ecd9de52f6c8177d907505df52c064c75e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 5cabf8bcea2c7a5e78fee885d7a0e29d
SHA1 9f30b14338e166f4c80ccdfcd9aa208c69c87411
SHA256 32ba62641e98d238d94f849f392078979a0a72dcd6bac36aa4e379639e4d7c5a
SHA512 625ca467121c81a15262d9726fb4359ebf9497d6037c1c6ba55720431b9e3f58f058063a3b085167f5f077179537b21a760d77c603e2dea06475e9868b092506

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 441b2b2ef9ca2902752e8e94f226e13e
SHA1 d163fba8c2642bf418747087eae27bc485beee77
SHA256 681b94777082202a51de4f69d55434286184110bac4731a95fbff125aa6cf787
SHA512 dfcfce288508a94a503f06c40435308eed4ce64b6e4b0633e399b05c12f4db3e2f43dcaabfa73f5f5a57c93b96115abb208ad56758ce8e10416c543e185060da

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 25ebecc004429b100428fd2411c56b8b
SHA1 e453e3dd7c3d63d3532340352f426feb85af73de
SHA256 8923673b841eb8f465c7075d2c3f0143b833ebe30333e458d5b231ca8ca1b5ba
SHA512 f3802a5774d852f7104608f6f4ef0badea248daaa12ea60640a79c3fdfc97b5007a1c4f4e502469f3856cc5b7e852642f0538878f39bc1b689b34e13f46bae85

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 400ff4c235729ea83d328c8e159ae0e1
SHA1 8ec3f75abfd632a070492c27f3fc9a382960b53f
SHA256 761e6d7fb8aba8d1d9138563de59d654bc63bf403fe0aa556d2f4688603370d1
SHA512 8aa6755444e13e489c2462a84c282b5ae2225832fd70daa79b5dc7f31fe9dcfc81ec2c30ae53a5f5ff8fb93ebee09e2a1004db17666504e527b65e8ee6a66b12

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 61418db0813ac66be387ff4f4dadc754
SHA1 d19e35f2cf1b319c183170e867c71dbe44fa6efd
SHA256 e7d65fd42b45e028a5a8b6e671823867d90412d962cbb065a7c5015ebaeb24af
SHA512 9f04b85b460d252aba0d36f2411dd1b4ad7be5ba755c3ff8b6837de3abe19d414793f40ce08203c5cdef12f51a0b91d4b263f7caa4a617c177f588d1f531a135

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 e0dbfe47ddd6eaf8f172a1901787abe4
SHA1 c7b03349bf6a9e765ac38ecdf585faa55295d51a
SHA256 145b3d557563ccc6d4d570e3f423832b272c1675bfe69d1f78a9f191592dfcc8
SHA512 d180b97f417cdfcd480a7315a50fe548f387489142f0a65b7b9a5dd2a03cef7907ba4ceac47792648e8d146e6e011dda0d8336473afa7ea2f395e9a50768c4a4

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 7dc131a310e6ce834d1ebe3a1fd26528
SHA1 2b2e721ae6298c033b9ae4dbc104fd70ebc4b08e
SHA256 8c882e6862d3a73f775eef976c5ada45d0f51998a55405a0dede5b1cbfc3afc7
SHA512 4481f2d45a35bfcd428658563d5cdbe1ce4a408d572c74e6bb265b62ad9ce510ecd60edc89e86f1fedaf96178b1627ece27b37e6a475ce562cc6bf5f208e61e8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 868a21ccd2620224a3d01198a1da31e9
SHA1 d68265ddd700ede9503a14f5377ff76d027b6aca
SHA256 7a3fac15fa72340758524e1d755665283ff96fcbdeb735ec81c0b833cc028cc8
SHA512 43b583230c200f927c543887a335acdeec552231962ebafbd85760740b576975ea7a8ee3448d352a4a86007e1814f71f329b2600edd4c79d4d251e4306067f34

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e9eae372e06e467e8f33db39cc465a8a
SHA1 0aed829d86b4be549798589513059b85dd15fe9a
SHA256 23732393a279df92ff562ea8efd090931b6f5b071c342ff7f36d257c48d9aefa
SHA512 5f5c61b93b8ce845771c77fc6d245e19bdc96a92790e10b4c6ab64ccdbf81f35a9dd1af21ecceaab72c7f00672ae23f6d9813b854019116c1febf0c774dd00cb

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e9a6b52646f467a8c250eafa99ef2f68
SHA1 1d5bac4152b2b6474a6459281842fa1a8f39acea
SHA256 0055b249c86567fc6fcf11dc5ab16604e053a45988745db6cb5dd7b1419f4594
SHA512 4f0525f30b0ad9f6763b188e3dc7528eb6814f932859b98375fdad6cf49458e12149c83c00173ede9b45c44d8dfb01d0298e35f0fdda893c3a845cfa669003b3

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9223b8947aa4cd415bff63fee81bd451
SHA1 239842d9a3ecfc224275d97c92d15cba3f266d69
SHA256 014c9576a87d1820c1c13f718fe460edd438591c71e28982c74faf63e9779e60
SHA512 332563b8c4398aa334b93f1e3bff5822965c7ce0a29f5fc33765252cc9727654e75b2bd746d0d9c44c92c02f106065be5a235aa381740372b6615489a66d0915

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 7f099741cd4250f25c66addad3e37d9e
SHA1 113421e3a76ea438c8c49ee6a5a095f9df50770b
SHA256 f3cb38f87a0053252edd63aa2fe6349a05ef07da81b09879606718a60dde4fe2
SHA512 d5c110f9e0a14c3f41ce8731aa58e12b2895bf1437e81d01fd45c72a9d875e313ea942b6236e113412f09ba4d98d07035756b389f359132f4e0b253d31c1d449

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 792c9cdba7b6600725421af878cf7f8f
SHA1 394df2f05ef559b46e1d9d2ae57b3f2727a6c46b
SHA256 4bab61645b277191d504d01c0f1a670435a1e77d38e965a937063f7ea2ba22f2
SHA512 78bc27e4b8a7906302a05bb83bcd7ade3b99cd9eb3eb9167cc080716086c0fbded9ac57d6ce88df81ce88bb31e463c62106bcaa596249df856fdbe44d0bb6347

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 669acc8298279758bbf80b2668f847c7
SHA1 2628a0a1d9bfe519621039cde488b4cc604e4f9c
SHA256 8c2324afdb01dc78aed75b9036149ea23abf7821818905fdfae974c620240ee5
SHA512 7c1946319ed958b4233f075356558b084b662adf7f6633e34578ca8720cc5f75c91bc9d2e4bde38bd37c8feb6882bfa32168b0cc8737864e7935b4c42eb33054

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 bc545299bedce0ff3aac8d57269148df
SHA1 e185cc5e0afb3d65ece217ae8386aff5076c8687
SHA256 f68410582f57468a683fa8e8cbe8eb15ce2a618077cc209cc0624f9f9c8a0fa3
SHA512 dfd329b6968544a47fe5490550651afae54b8274fd4fc99f1c3971f1dfc97e3dd4882822c0e836f021eba0fd187f04adabb7d6f606c712a3175fdfa71b2a302a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 9dbbf8ac7913ff4d31d9d633e5434b22
SHA1 d50892e6c178a9c0cbac81f9ea372264eb201ca9
SHA256 5ae694ceaf7ad49c02b289ff485b257aee9a49f7bbcae9d404d4b3ac502dd209
SHA512 99fa6fbae398b8a93db12a2646a010b32c9028dd4ada0437dad02ce519c864b388a1edc816b6236763b66865a739cddd5c5e896a0154462e2e767f1351f7d943

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2eee0f1e4818a90fc4da64acb4a64820
SHA1 d31d445b75a50be298557604cb0a74f5a0cceef1
SHA256 4c549f144935b274d930e5b654c2515f810e5f645647d905e11e60eb8bff9aff
SHA512 4c275f60533af8dc10cd6f6c1f8867374809dbd65592019347ebd982bea413d62b1f83c9f32201f02660253985279971574c024c2f3ac6550cd1ca78e3ff3ace

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 5830c5aaad9c6d561c87d3242a89d404
SHA1 14ea70edfaccf539e0af854ca550e0e8cf0df05c
SHA256 a989423a87a216e4459d7e0fcd627c7dbb06abc7793e3d9dcc392d4d693c000e
SHA512 25c0931e3cca279440efa9c645cceabad60a28d54d3583c5a99c95edf73a0a842bea99c7240121104dad193eed38d1c60e44eb1b3139eb38b977e3f0289ea729

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 384c04f4ed5f5b3a67404ec93938ac7a
SHA1 5c444753fd4bc5a1c27e1f6f92040b1102977603
SHA256 6a1ff3df3b58a0090ba2d2503d634a5993a4db119c8c6f35683e48fef23e8aef
SHA512 d0ae603b762a2742e359fba31eb76da20a331ece97cbc12c8166a6a7764c1f59f08f8be178f5a12b378b0ec4660726549864fc0e08fbd1f263a4916033bd1f29

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 e7d2e3ef972aaefc36171cc598005a96
SHA1 24ea07eaa779dd2563e2ac5c1dbf4e40014d9535
SHA256 cf9f396f48f63a067d52f03164241415c2243b3a5eeb502326da3e4a140a5c0c
SHA512 4b1e76ee50dd4f458285e716ca76a522ad8a23babb0f1311ed7a41207bf3ac6ebbf7b5e645af0e36b86b1947b0c1b4d6947e8599a415c04fae1e81ec60e71923

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 45d97da98ef1f200d7986c6b202e9fd3
SHA1 983fa72c0c0a7eb8846803c30d20ccb8d40bc5c0
SHA256 8e761536d5600aa8d25c099a424c20ab0d4abaa38e808a49c0b449f3a723d636
SHA512 9ff68c9263c0cb7f60a6bcc9d95e16ac61888d188f1e325f8d6bb6adf3d0bcfd542b4bdbe7298d73168644e60b683ae6d351b7cd7ca7cc646e6daf30d336cd01

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 55e396cd6df697aea2b5407fe0187cf6
SHA1 b120e5e61bcf9b00d9627f92fb70422b58512d47
SHA256 f16321566663404dfef9c69aa2d384da02255946bdb7215e2041e6aab3087ff4
SHA512 4a2c967a5b53f73e566dd3c6ac982650c46e93d2368fcaa6da04784b460422bc23c0953e89af1eac9818d0c8c02b92608b9cd7c65b6a617d008250f561f56506

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 cc2f246147fe4a3d14061f07ce4851b3
SHA1 31528d232eb7502103a3bec3e2d3776dccf53421
SHA256 b546492cbf305b7c889cb1bb6fd6fe1abbe69a8f8f478a00df83e7529bf1d0c9
SHA512 84ee04044cc4ca516843bb848ed2182d74bb951353abf4d2317aa8d37eaa9c43b3664f38418bd39ec0fd0940dff263bd3893733cd9713a49458b01fbb18c16ee

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 cba23fb129b8eab868675b7a2b336f5b
SHA1 3dc5dde051dc35b9a60f69a1ab80c8ef30024849
SHA256 a8916cb4fdf3530e2cbb266d12fedf5415671c353b448eef7914f2b72ec4d295
SHA512 26a9be7a07d7d2a66388e70fb03268bfc62b4ba92586aaa78907bda37c823a0adbe33110ece9e33efbf8a783fb9930ba988ccdaa76ecd63dd38f075951f2d2ee

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 9c1d0b5e2d85cb19f9ac05137e48e512
SHA1 c209defea14886221498c086e6d809575f3cafb6
SHA256 c2235924657a5e11afaefb10e7c792c47d0eb43183d861ed63ba3998a0c904bf
SHA512 148ec52100dc46d4de163712e2109272b30bc7fe0c40c68f3919fab33b5cd7e953fa8fbfbebba02eed4200c4c7cf35597d228b06dffb29b3cad7c149d5619f8e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 daf8165f5876f338dd51d3e7d6b39dd1
SHA1 013d29122f6ce94b2b3e64cc8f47324605e17d1f
SHA256 49fae6a74c8243ab01ce638959bb9f35c2a85afb6fa9252e4cdd50656ee5e80a
SHA512 c0e5b6fdcf12ca01d792a53a1f7b939fae598f83e087f9b865642373fa622c180a9fe379dfaeedd2b59ccf5d86fed3abe977d06188e6a549c738096e79f534af

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 1079c5965f8c09cb9be18fd5b99f43db
SHA1 862811cdfd7b37a637a0805ffc8bcc740826d523
SHA256 078b198432bb538ede2585ecc97bd87b16f7f1cbaf3f97d33c6f9e104b75af81
SHA512 0786dd3aa76de6d0df2b9cf654ff192e575fa880e2fd42a4bb5895152ac00735d95ee5994540dfda416a1a4f0f03a4da3ff2b5ae918a78ba0613c49bf50fca37

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 48b7e85b450280a182aed5ef681f78f7
SHA1 0331c356de02225d0133b9e58af9d0d92e622056
SHA256 f8f6f9a82367603f72048e320bd80b1112ef9ecba01086be7b193d60131cbbce
SHA512 3fbc26650944c0db538f8c89b83ef0638937df52f397e6733fa7ea5a84fdd453d72d23927b331c559465fa3f6e530e1fc7937afd0b8d8b37d013f9a840e59cfc

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 18269de51905c70a6fff313303eb83ab
SHA1 45ed45bcba83c105e83c55760b352b9c8e000ff0
SHA256 6271f5a6f6c7c25d734eed607d97e462440068721d268b60aa18c4b20985b3c4
SHA512 35a8278195295af44783c7110ad335193ee9cbc7040f22844972f357fd69fee4651c4fb453312995c18f784fbe218c6f377f817e618926509ce709f69ab43b81

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e14fbec6428aa412035d310e968be9a5
SHA1 169847cda733bc344ed3513eded2002867c78cf7
SHA256 ce95fbd378469bafb1fa98196af1417a49d209152b72610d4cf46fb91752570f
SHA512 3152d649d35a07ad868f2a7dcae2518429465315d303a6f6bc800e08dde031f519f56387053c3af04a3669b2d9888e89619ed3d05e3ff40810740c8fb37fed29

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 59fdf697c5113ea9c8eb5d49efd40417
SHA1 147a8dc8cd71ff3fed0c33bdf3b2e37619ed3406
SHA256 3ab6472be40b39f4ee4864042559dc636dfc64cb409d4355c039f86463693042
SHA512 c951cc0a05e5a8cc874918cab25abd2232a72942b3e0b39a47c129908296d38d666afd046aaae066426c3ce2bbf08d83e39324d3d869ff604a456738abf92a01

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 70cfb1c77a470473a7fe4e8fb80d2a5c
SHA1 247843adc086aead036289b7a45eb3dbbeaf4d40
SHA256 4877fe3e33263d406ce21f8365abce5836ab440caf07a2c52a8047ec1a682b39
SHA512 df78ad6784c07cfa44dd3f86039be16719622eb630fdd8f32dda977f6ccc7f3afd143e581108b49e943e08907868b99bf59ce2ccf0c7d1e41c5acb68b793723e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 3fba100b5614cb4412d214212bc98184
SHA1 4138fe0422ec1b9a9695d29cc2aea8b70bb4c89e
SHA256 400e8ea449a0433936c2ce1fe05bf978f23ca9c9eec5940e5eca50bcc0277374
SHA512 bbc40df999fd0359b899fb2aa9dce20f4d441165153499a1c98689da5f2e11bc4bfdea704b506b0ee3ee8c0af0b127daa39b0517964ea3a2766a066e03811059

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 23f253ce4cc2fd27e990f6b010d65a1c
SHA1 d20b86ae1cfbbe60a9d1f879f1e90713bd479d85
SHA256 8639af873d2d6c6075cc7ba11b9dd0963a737c387a503be07ba0a848ff5b3159
SHA512 75619bc8c04d59db2cb8213e8f4b83dc596778e7d9db3849f508205a5770213b7c4d45d8000495f7fded8d57feaa8e84c296bac68078854d8f9abd4550326ced

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 39622c17e761317a3e74a99f68a14737
SHA1 dc8b6a7a8206c5356fdbd230e2dd4ba47a922bb5
SHA256 ebd988fd0b98278bf2c3999e1e2bab9d6d6494383a25b55d9b2f060a8c1bfcef
SHA512 412e86f2d089a8eb950c78f8e2f46fb28209ee783206f8ad0daf20889474421f0180b541e34f946d3e68613b22a9058e1d39b33b101591924545ba70779143e7

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 c61cc35ae92ac2985d72715d3935815b
SHA1 dd348183b0cbbe81d6aab995510205b5a34bb610
SHA256 e674a479058aec40487dfe936fc197d6fd303c3aeb89e9d8f88cb4f0780bd9e0
SHA512 95cc0f31cda67c6df7fff554dbeefcbea14ddaaa854d7c9681140ce27d132a23b14abf3bbd35c075d12a5a71222d231601a543194abfc48d2ceb30e6b3774cbd

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5f7f8b3ee078261287e7ae673d118d38
SHA1 b01ab155d96e66b055a43b858ae5e5a923ea3e58
SHA256 08fb9f9b1b7c3d1532400f00c806c705af7ee415ebf77b997d7d367788bde018
SHA512 a072b84a617143c8f197f6678db6025cb4fe6b697b033c2eb1e74589c79df3148cb2a2880f1c6017d4c41e03232d3d106ff01993987b2af629fef8284e85538c

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 a85bf09a8d9663fce5bd955b218aba99
SHA1 9950da6810f596b52739743438d3203117b1218d
SHA256 aae0c4d14647c551ba446a0e5f93b1e7075fc35979f003e91cfb5c17c466f72b
SHA512 b1a06c8ada40d169c2faceaf8ba4154060599d56a276f4b2ccca7618241e67641e67ff9e3cc58d67620c02c3dda74b83cc57bfe830ed0a1ac510a396775ba01d

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 d09d093b845875cd7b37c2887b7ff9ac
SHA1 e6bee38c791b494513f1226c68b93c75f27ac2c7
SHA256 a7f427dd3f53d9aa77e5ded8a329336840f256962a0b2a9c9bcd14d7c673a379
SHA512 6d183c05fc97fa4c8b6fd7be9c97675149547163509a7723f9d8db572a3ffbf885af9fed3c5b756978cabf6a4a0069de854f356121a253e8ca0b18ad980069f3

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 f7be9b847fade8919942586afb410473
SHA1 0a7fc5e59bba06437b89ddc62b878a38eded9c70
SHA256 aa0df762965a95c9600527a2bbddd2806a7eeb8b95d9930a2ab3190ef809de25
SHA512 f6320224c69656e95b97ffd44401e6ef45a63c4620d94f56b14b1df2a38ffadc8549d221b5ab5b1408f21925cc6b3d766c52ca932e469bb373dfe3a1dcdf1c86

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 873ef5619bf01f18cbfebd9cb1bca859
SHA1 1f4e887d6b388d669a83fc8d720b9f5165db11c9
SHA256 76ffc09e47d4325ebaf01de97a0b693f0b4837ea5cb37712cc2f84dc9479aae3
SHA512 5def791176823fafccb7e997fa8594f6c0214da3d6728946644ae7494985a4e65bd26dd5930068aa81fc6c66165dfa6c38317e0c497541e2cb4c4a8e760226ed

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 408bfff6c277683538e498543f68d1f6
SHA1 71828fae464192a463172eb47c9aa8068cac2510
SHA256 8a1c0eea3172ac8c603645343c1b830621c8a4f4ab7da3da4e5d91b020de22e5
SHA512 7926db61431e0fd1b8fb597db1585f69758ba6abb7d85c7f05ccb2cfcc8876b5b9c2a50a6b4bc6dbe15b6f51d8445a4255a6688f52972c71efc13047cfb319df

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 729290c6792dbae0303ccc8b02141976
SHA1 8e0560671d01fb1b937f374d1c32da6c7dcae0f9
SHA256 d791d158f650c7b4db738db2412439f74a4e1ee0babe0a142fca811dc5986d56
SHA512 55fcba1c09dea2cc312806f869390dea6aa646b725ce9387df7576566ff373c898e9078baf3b76ad68f61ffc5e471e51254b1518d69d795127aea62ece890fc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 a2edc270c5c87fb335ccfeba02e82117
SHA1 03d5c8711d5dd59534bdd73d5bde2665d6391b54
SHA256 777eea31ce788a15a2dd87e4f676d841bcc55ddff20ed85a3676ea4ce8689051
SHA512 b47d49a2d147f0ecb7af41382ace3cab5949780ebee90ab4b1ec9b8b9c7643531206eb34d308d8a01bf6766f87643a687057470372d0a605f08ca98691620a6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 5ce58b59d9311f877a55bdbdeef973c7
SHA1 e98cf61c865049bb58191bcfb37c1442000774ba
SHA256 0e6825fb45b6798583067338c45a2da293038d74b7848bdecb6a019119a444bf
SHA512 5b07fad7acde861e0e0c8ff9ae73fd91809754a16c362299341a075f14391451d6fe991555f921434bf3ba591674c8b564229609ee28894b1a4bf9ed4b1475b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 91c15cd7473f555207aa9a69299b276a
SHA1 56d5d4b26bc4bbae0cf5e2ea223afaff5dcc2172
SHA256 03b04318a605493e45a8ad0320635ee228a24d082ce22eaabb126f774f8d5c5d
SHA512 112bb36c1a47a6678be6253d358e750cd56d73f6e812b27b03d6eb49327b7ed2471eea0398b413537a798bebeffaf8b370c0cf50c3425bc55ff5e2b85882d25d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 8a907a8e90b227e42598053e55082ae9
SHA1 5f5cd7e4b09ab25f2e13897db41d7ec6a2616ca3
SHA256 92e847933726734f6bf50e94fb0c8086c61afde98242c6a59f9ca796c0c7f482
SHA512 52216e465c7dce9be3395b338d7ce19e6492e437511c1e9c0a0266de25346a67e723446063f5754749acc2a69b540027fce150c39a913646c7fe859d7574c3c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 7d0a4e63888ad3385c4cc4cfd7db5029
SHA1 169aaf59ee7320021fb5e8db83524bb0d37c3d7b
SHA256 1fce99e5a94a03a2740faf5979b24647bbac93bb503b7e14dfd178c1c7f6f345
SHA512 02ab2efc20f5715872cf2e2ba2b095e0eadf23b91e77ae2f1dcbcc2080b091f4da3e478e593035776cb424c575d9a91450fdfa163ea0cbddbaf4f9c0a86a811f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ad021b63b3446e8dadd70173297c2003
SHA1 de4cff4c7b11804d4a9aed768315250251fbeb5a
SHA256 27a29dbd37200b2858435c6ef6032103fd43699e5a2e7e1ccec41c653b3a2265
SHA512 d241c052a01c7f707d386c1c1ffd3097dc7cb6bc62381c190899bbe3fca5b84449cc10f6f455c4a38401c1e69b0d04cad48dfc90d327039e299607fc48e82567

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 8e75539f658574829b1c761f769b2941
SHA1 a08eabb491e7c5cc4acbc75eeeeaa94297aaedcc
SHA256 46e40e477b2e4dba0e277438db9568dcc6f737db6b41304df2b632e1f294e411
SHA512 bdf2d8c054530c78eda16d40bfdf0ad48cb8e70513f26115325d1f3290d01ce6e0cdd9706d44a31613493fe27cd5529f48faffc075821db37eaf7b763458b42e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 9892ed059dfccd5b520b676a83335eb5
SHA1 2184b0f9fc63a462176576e1c52481ef55a750db
SHA256 449439ae54c65bd10a64b358dfb4bc719d3e1d16628b83dae6c31c2bbc3541a4
SHA512 88138d02158eb7f9771ea2737ebb3efa36603bc15c8897cc20adce3877a72d504b6e109dbba10beefe39927e06fd51f712f01935e818b6a5513891ac3c351745

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 233cc92333ee1549202577f11b4cfb4d
SHA1 b349f07f82fa0b9d0e37c401a5fdc5c720d71331
SHA256 7eecaa9ebcea9f5ed83aadf60a92d6beffb2baf26104a200247a4421d59af2d7
SHA512 27d4dfc0e1ca25b0d89af1986cac2dcc14265fd80d1989455704771474935fb25d8c892b081ccc2731227e1b676288b9b6b6e8ab44e11bfdf61cff15f269042c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1186a6d8f333f3623b45c4131c422cec
SHA1 c17b205f1773f821241632e3ae6964e27c699e7c
SHA256 e8a8ba0e7df6b77a0ad66c7efe2cc46e33974eed46f9a8bf5a36d401d5df2f33
SHA512 aa797af8240fdf38babfcacc7b3a5e669b6dd5cfd5bf49b982c4cdb29e6b9590d51da66f323b0b480120527d0bfee591e545a84afcd993afd801c688b08f6b96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 ccac5f0a739646297d3a5cb8d09fda4e
SHA1 6ce907db76d41eb59d4a5fe0f98aa84f29b4180c
SHA256 7d33face95126bcd9e5ec9ffe16e0f757c3f7a79620589d9fc8eb159458426e3
SHA512 3ec3e68996dd63e0fe85414273a89abcbbc792f66f26150055318223a5f5d6a6666b8627543a656a2f9e6f2bf9aeb69fd126d0a37a6c5c694e6606954c9c13f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 ffbc952fe14a77e74d5938b7081ac3e2
SHA1 4744c4a825aec6a9f103b85f8663e661a9f91a9b
SHA256 5cc10843147c2b33ee374c39dd914c7cca6ba362fea43dcb96bcf88b8673f7af
SHA512 93c6ce4c17a2ae5fda342125a8600bd32ae2c2b245d6aa9128d0e5dcf167dc2fb2ce00e755cb54d3bc1bfb58c7085904c420c8cdd30fa4b242b7f8232b1ea159

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 0c54e73f514328aa539715f526a3eecb
SHA1 f76c44c957de9fe207f610c8d7d363cc54057ef7
SHA256 44c7d6aa1ebbae0b663fb37f9e4b5871ad570093a45564d54ba3fe7d48b1c5d8
SHA512 1511f9de180d7aa57350ab6318074412408bff6e2fdd125cb13f50a5056010f435a9a14d4cfa6b2d97e75fb39cde6f5a2b48f0cec851ae95ad8e7d5869818b78

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 9ffc480417385df5144e57095f33be3b
SHA1 1390e6c8d7b8e125343da9ebe82cf72919506e0f
SHA256 55eaf79362a40c24d7818f61772e2b6d38f93e4b58d1ab6e3e879fc9c6f4bff2
SHA512 d2a9160de842290be9291eb33e58abc63121c89bd33258e53d6c348328bb06a4f4c518c219d2243b042fe60253875ef6261fcf0a9b4e7181979f43f9349333c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 bf9f1118b1f2fc18e61fce79dca55a0d
SHA1 8188131e930eb43e970a263542269d92c7f89a4d
SHA256 c2066d46dfec8ea656aa608fb011b66675ed303925f8e1fc160899e79f238e39
SHA512 fcb0ee680f0ef0ee38b0da0b093549ae1fed1d65d668db8ab034a762503d5a6a698d0ac4ec6f2edf644f47ddd23b28c1bab873995f0daf94c465f746dcffca37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 d547d698c78f89c9760ca1ca4df51c48
SHA1 6938d853f878c8f09814ca0c9449d491d1304450
SHA256 fd8251f54db1f7c0cb90b3923c2cd101ef3cea9f7783924e44d52eb281649ca6
SHA512 a33b3cfa816ec7ddb28cb5c84cfbae8809c4e4f1d8bc3003b705ee61d7396bbabbd229446416b44ffbac27e50fa828a0b4c1d778e9becd9fbcdd84a577a56b11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 32cb20bb54e4743b8e948d909cc6da4e
SHA1 4251ec3c1a5b83b31d62dfa08b6651ac38ecb223
SHA256 fbcc2e19a6b5df42a84d93aeabb6c313fd3b29f87f40074ed9f18740dd6e0a14
SHA512 f80e8787122cb46f74e2aec83971b93e02098351c4b018ac22c9c0bc30854339e45303e26b822807c21dd75c801e53f13ae9e22622503a9951f244f1580bf56a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 634df26001c6ad7124972fab13848675
SHA1 5f95c9234fa3c769d9873e9a9926abbc8f12d382
SHA256 39138b28c4f23e1940b67295a4e5ff6f50262b842e3c8c5ce6379d01d5bf23a8
SHA512 d757ae0f5c4288bc874e080cfc4c0819acf74dbe8a536e3fef80435124714b2101edf3acc83ad355253e5c1913901eb8e1190cfce55d07410c56eecd67f15acc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 24ec4b874ba7ece6340c71b99bd9ce51
SHA1 93fb87143c3b5b8aaf90ea107bc7b98db89395e3
SHA256 ac97dd625de58439599f4485db2648e02c24bfb334cc4b195d33037fe462f5a3
SHA512 05815c15b42a73e49007bcfc787e22f7d4a85ebe1d78e9607d9351d94bf9160cf7770e6cce5c9bf1f215d29725f610a5ba1e5857b81faa4793462f85567f47de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 685ae26e6d8df176b10e00311503cde8
SHA1 5d10c2f857ca5ab62e5878bfa3714578635846c4
SHA256 e18f2337c57837e780d016981ec8f7132a1f5c7f29a3a0beb9ecc87565f0fa17
SHA512 e8af283548684bbf5623505d22da2d9f515ce74567ee9db4474e6867ccf7f157ad01e9f3bc8819d05891be00b86c44a55b3705151a238f95eddf6b39d2c6bc16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 91454fdeaae4b7a8bd80267d545095d6
SHA1 1f8698af75473c3bf490ef2afc1481c99fedf0a9
SHA256 011cc0f1212d1c876fcef4264f9dee216b89d47909eb9637283de9e71960ff49
SHA512 063384e63b470a73a422aba7a0ad0f920cd94d2a72c48de5dc5759c977dfbc893eb5d38bea96cb9d689d244f619e6f9430052ef11493f31b31bd3836778b81fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 cc06f30671ef185aab57839a905f4168
SHA1 ff23d18bfc258b2f73576ab7fea520bc15c42679
SHA256 becb001e7c851fe10722a8ab711709f518c77a1603fcd05594f7c8154454befa
SHA512 6cc8aee88f290f1f6e39a9636c772b06fff1f085d0aa2760d2992830b5d154c6e703ca79b4ee864fdfee953ab17274022d2d6333a7067ff0472371421ae89214

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 96479d2d49ba9adf119ee70a3d9aa7d2
SHA1 7214dfb2cf2346973be8b58d71fc4d7f549d3a9b
SHA256 0a5b5cf4570b489918c702f62b3d0093b4fdc33110bff46fe6f2d9101153b77a
SHA512 f8157464971e81a0776b300ae76c9ff2435cafb191721e6a5f491b25ada53d2f47cb020aa0e9ca4c7c6c89d341c13e93b55d2932d2d4c86393bfea0420f1ed3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c91ce3bc2676e98efd6cf51426ab081e
SHA1 b35c9e0810ca6e9d1ff98a2b251fbabebab285b1
SHA256 dd37138aee1df5cd579d5716f8f9557b9f3249fc73831c2f33e479e5bf58bfc1
SHA512 bfc43f5729131b23742c5468f72808e6b9381b4862d469f7147a7d625aaca6a259d06bb307423e6c2a74ec43670156125f35031162c1140d770468f845ec7412

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 0e80ac13e3d7c9a1d511d833d1d38a48
SHA1 092831f549e47cbc6dbc651c09e7e9d69f2ad510
SHA256 a2c6aa789eda9f189a5732a435992838f938e52ab585bff1eeaf157d8cf6c6db
SHA512 7489795a54e95ac0fa62c6c87985c6cbff1094f14dbb13996111fc609f36413602da546fc9d37f2e169402b609c1e65a69e96d2a210ba17bb093df0d1ab0da35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 cc630d24ee5df9bb713e6629f3d000ef
SHA1 327a5c068345f9ea67e540f57dee6307b087d6a7
SHA256 8a08de4bf98460106d6b8957541ae455352341037bc70ff4787424547c9962af
SHA512 293e3d34660695acaea5f9c6a6dae4f54e6b38885257fd133e8487632a0810655ed2d1e1978640b953be448a47bf745cdccf1f1b09e46b3a3cc76a91f73383bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 b7b1332e02c7c245fa1d2bf4e6f5be28
SHA1 3bfc468a590de8a4ad97df01e7a17d4eba051583
SHA256 235205aa866e86a9e45413d1210bbcdf6cec36d4d09106b11ca073ed762a9f1c
SHA512 009424d7509416d49bd792d00918b26a684da3cb97520000a8836dbd672d5bc1d09e83c032d4c6eff7d23a88a94737fb4e149e5f595edafc57f33e6c1dc6c0f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 af1954412197a78ab4b127365ac29d0d
SHA1 7ee5545223e9cb24487f08014ec5a34b6618369f
SHA256 1e0a3ff2b6bb8331b96b905ce0fdf06f1c81f6ced8ae5e10502b108ddb9b3084
SHA512 0c1f1d5748143d59c54d3238dc93534b7f93cf77e0f6b837d653bc62fcb8aed3c365fb03dcf156c6fa06acb14f477e6f4bcaabb11f769b3951da4a70b530c878

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c400229c94f79f3832fe96ed0b2d7ebb
SHA1 6cf0c0413519d65937a4e08f119315a339058bc0
SHA256 18d33be7bb0fe6067f9658d968f94285837ed2c5d4a0fd5c68c630dc2e3af5a4
SHA512 4263be94c536644e724c09f600c7db5057eb42fb08c300ada922cad2a20dcd7bd3da04f69c2e35e4412fc8422ce989d82ec795a38ce8fb13ddc5ac7ed18ec7c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 940868db51099b1ed0a8edd2403fdb84
SHA1 0e83fe1177b52f67a3736f4f15a6858d1f0c866f
SHA256 424340698c095fcdeef21b43b70342cd461d0e641d01dfd2540cf42587c88067
SHA512 f7da3cc77afa1033567d03018d0a5150b151e89ce112860d70eccecec8e3a6d9765eed5194c44859e1c29f6ad05183cf06126d77adc0ed5b6f49f5d6f9d9a755

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 b6da79cde6a16603e291c7831e298685
SHA1 e12c2efc879d46597d878eba8d23fc75284e371b
SHA256 6be5cce1a5d713cc25dbfa65d588077b0a1dec280a8cb26e63261243a641b023
SHA512 131b0a262222ccac18f3c255a8ac2199b2cd4f798f44d8c42cd4b69e32cf4e5b9c98f6728540001e7953f53e797029eae2b120fe32c206b50df9661071aed5c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 998dd85397c0f98ac28166ca4dd4ea72
SHA1 3be5c37ab6afe9de0d6f6c5068077ace9d3a70bc
SHA256 718fd8a4e02ff3788eed3fe94626d41c4b99aa4b83a0f01caf4948eeaa87280c
SHA512 2af3f7debef4b43bf9998c9e2ed13c9abbce0aeebecf885c3b11fef13b7f17e565f7e962e246baf8e12b8e7b7b1959948f5611d3364c9318195707783a7a0556

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 6769d0b93651701aae98b3cb6eb3c703
SHA1 595f5af92060262f3d9f2976ab08464e193f43f3
SHA256 df732da61d6b2e9600e49566ea95e9b566254ed331481c747189f881ae31597a
SHA512 b6d9c7fc9a76e3ac4e3d732958f02f912f4ec6becd2e1394effb79a77223f32f72f6deb13fd9a207abbe16ae5e68a88282b931d2566873ec97d7e75a7d1f541f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 b7316f72ae553f6570e931c761315401
SHA1 128d57f96de6cfaaec3ee92edf413c70d66fd4e0
SHA256 00f4accfce9b54aaa0be4edd682fceb7ef5b4b6d954df78c3ca63f4364474393
SHA512 ad14b234f1c325c1a081d6ec7c3b8569090b6d6bb3172a475fe895290d03cf9264c74199909941465381b28e0bb3b57dd046804714b72c6c9607eca3945791d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 df297a26f931ea0af73751dd356f8349
SHA1 d715a212044bc51f98ef2fd063571b5c737e2e48
SHA256 0538a1069b1dfce30167984a66a8fd912b7a4b029d9788c2b09d2edbd7b91a6b
SHA512 a9feee725725ca8f0521997f3a1b248760242635d56d58346d8894ebb220452e81b0152f382ef3018d11844591fa930e29e3713dc1e5036c3c7139b2ae2bd660

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 db79e49e3bbf6f25b763306e960e1d88
SHA1 0af012f1414a7cc7848808fa2415eb4dcbbc7617
SHA256 e46402decdfe7e36bc5fc736be78d94ba6c2875bcfdadb48f2cfb5dbd87a4d64
SHA512 0a56ef26b363b0debca29f18cd033441fea32a4aac19ed63115a9defbb9337b1d3d77e608b61b7df1a7d50466dbecb13fd1de7d5a1e03e4ce1102acefc39f064

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 a15c7311e110b16825c7bf89a50b72a6
SHA1 d1be8240691c7b8e099c4375437a48aa3cb936cf
SHA256 44254979e1ecd7a5b56ebb8f224d9b6e50cacd7c036673db9f472a462a9a0e8d
SHA512 8aaf81bbbec1b1c098c26761dcdff9b69b97ba71471cd84f33f77383992935ae2b813ce90e98cbb4b9248f550e402ec01fcf0488d371842d9f5a37f66a6aa254

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 e94f65ec0763b0cf1303e94679eecd76
SHA1 cc07074ff615ee6576aff4faf6a92b4cf6bf0172
SHA256 60057ec83aa4a67e918214a497208496dcaf6f949bd372b98b73602f4e5da4de
SHA512 0914756c1d04039dc394461546ae0c89567e5925907ce4b943277bc0092f6794a316c065f5698b6bc0e76c6733ae96a693093bea1b7891382133242c04c49bc7

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 cf77678363eaaee5e5f28e20872fba8a
SHA1 aa81657795c05a3c795ee678f374b089aa305f81
SHA256 73ad19d13361c974947940fd6fc1c697c0235ced536b079ed3e39efc6110486c
SHA512 4f4fc54c22c828eaed630828dc638d1928d93dc50c98969cb43f02a0df418db3dcda783e4d4f16337cbe0f83ae00f9e6ffdf8c27c6406bbe27e3fcfb73732cc0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 bcbe3ac5eb0a0742ccc35a7e0b10f9f9
SHA1 be219c8b2c76637f226af62ef8d8cdf8d02cfb1a
SHA256 73542c90c22d5647d45d24606ddc7850d7489d44d8a77dc3eb3b363aa2c64fb9
SHA512 802af151026656b4e2dc547da860e39a80cbf8cf76d3fa4efec44e3d9869700419307415a83e5726c83ec4b833cf2731b88fa3f6372d8980886337c84c5311e6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 34bd7e9c2804a16ad69046f69cd5d326
SHA1 7a77412f205d05f1f043aadd77d971593dee5c93
SHA256 40ef2465cf538efe60dc76b3300c3b015f85509bb88d1ff58c282f2bc0de9232
SHA512 0a9d91c6678ae9fd16032fd94e19781c95971f6a95472ccf0dde2ec9cb792e7215f1155134c5e13bc9d29e2bcb5b01bf0dbf0d9c0bda8a7062bca6c02a20ae92

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 0b8f37005f81b80c20abf49e86572721
SHA1 ca739beba8b7f7ab2460d22cbf951508fed29aa1
SHA256 5ea93b136ad7e1206986a6b7641ccd6ce2f7da351831b8f539db6ef9d668ae70
SHA512 c00695368c65a7cf2dc7e36a2b1c6a8b3f3360c9a909d6a10c02d22dafde6079d4bd04f6d5b7c5c6fb0b51147021bae6df6339349e27aa6bf9b619596fa9e098

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 7627c88eb36897aa7575b8ae44fcef9a
SHA1 9e6d04dff412a67feac9019ff5afec87fff08c3c
SHA256 355dcb4a5835b872572d3b4117371372eb89fe36863b86d56d77d06192501b5d
SHA512 326fd79d37e92e8d2e1864b52260b5d6a8a053828ec03cd0ba0030230d32001f0a3eebd3e9b32918a932da69488c91e2b8d6550e96b95e4dce4f563cfbad3c1d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 0f578c703c338f95b75321bcbffc6899
SHA1 2e1fe6a0b63647c2cb353ebc0bf69803af0967f5
SHA256 1fbcbc6a76a6b4c7222496c567fbae3108de5d888b7a1fdb8c388e2fb09e12cb
SHA512 b22e9725a223cb427b1cf37aa9928d8d889f5d923dcd578167aa56192796cafb8e1d63de0a8458bc56f93f5971796ffbb72030e98bf55492931b52d8046ee28d

C:\vcredist2010_x86.log.html

MD5 4808bd3d1155e3b4a8206cdadad89571
SHA1 8cb20c6cf8cf1943ca0b575b266c19053b8af6f6
SHA256 caab8536347be28c030585429a95397677f06ecfb5430cde7d82d0b477a68a82
SHA512 9c57af2a227d6019fb187de13027e2765576a00847e6b772d617c670087bbcecf417c6c6251c2572a1480a228183b827d93bf5455294b2aeb8c595872517235d

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 bc9234eefeb669f27c06ddc84246cb97
SHA1 d2b5bb9ec848d6543b52cf91c0b381f784ffdc01
SHA256 a43e895e8903394e4c7a804c074f61f7b21a0f9eae867a570bac7c8987fe1a70
SHA512 f811734e0b3b9d88bcfe1e96c6f0c19f23f4db6faa29de6e7a7403981a942f5f319c66e1bcb8a105162c72c36a3de2e8530702d4ad401b3035694746ea20cffd

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 785d77c05982897f5ec27a60c68747e0
SHA1 4069c5c8acbf65faeff8dc110dd04cece7ff4826
SHA256 1d81b7c4ba7bd40afd218102059ca808a9e56b1631a902c9b51d33d3b258003c
SHA512 2a1482601620a1005cdf5759a3def65b94965762c5a567d999e20de77eb461fbaf02487427b6f841cf414aa5d5c662a7843b3d255c2138641252b57fa955b71c

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 10078bc882e04212f317ba07525c7912
SHA1 c0f810c1d5fd2c40d78b18945a9819fbcb2c752a
SHA256 5f07e144b5080f53a430bdb38f6d14450da4d0ec739847aecca70d0ef551ff37
SHA512 5fb68421693ac3364ea61472cba01c5461190107f4e979dda50f58bbbf000d868c40f24f11854a8afa69ba4f7c1f8fcebbdc409c06be0538aebd121a5ad3e884

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 2a65ceb211f297e85cbfea9815971ab4
SHA1 00943a8dba6d552e01acdaa15a9c473ee8205791
SHA256 51e60ae062349272961b35cd41c81789386e6a2bd783e7b2ab4e3343adcf313a
SHA512 4f02ee450f4b1064f335f36f1763d2f7abfdf1b346f1e2a1d7512630d16a01f723a4e6d290c233766f8bd1d0bd3cf401aa8b5009bb168840d7c44a5bcae81157

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 89e95e232ddba961dd7818c3ef31ba72
SHA1 87a8bb9fee7f91d2dfd7599566a752bc5c04d66f
SHA256 a4033502d808f03435e52b5f64199627898b8f49a1ba9f4fb8dd4965d46e59d6
SHA512 20e63d0405e8998f283163830295c26d1ee896a868c1f668491fc1735ae1fc4dbda1ae887d0e80035069c2ccbddb4ee653ea99cc5533362830eef283fcefc8ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 480219d8c85debadefc50fc424f36b8a
SHA1 904074167d6ae6fe9f27b687be49557cc7866f91
SHA256 cd8ec7ddaf354a3d4e100a074b9b6e473f02d9273934250357de62560f942f24
SHA512 9e3af363fc14b05dc0c04f082bef5349e9e5791226ed4a8098adde84f00373a1b5bd1ea91fc9d0dd133b8656ea1a74f024c32ed6390d6fdf5d353af5bd537cbd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5fa7d70822766ee95436e314762ee053
SHA1 4e1063d591a9620aa58203fa00ef97ae6b376627
SHA256 a78ec826d1579adb8e89219989e52607af4f0e4cc1390c42a9f00c671e0cda43
SHA512 e576a890c0f90ab6a567544c7f4da1e6732a240f43806442e8601710c68a8cf6e80d6469dfb9c1350016303870815c3b397ab2581e901fc727fa5c5f6737ffb1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 25b2065dfc9051e26dc123979a475662
SHA1 340a3a32c8c7779e72f37e79552a8430309d101f
SHA256 d3fcf07993b1c9580f9eb3d3528c42249de64889ca9492ad72e586196153a4b0
SHA512 c600c9baa59401f5711e5ba7324b43d0048ae8fc948fa1df6128d9a4cf8af2d0e7b8cf2feaf99edcd27c1ff09e30c3a8c5f09cdb75c8a00eb133514c6734a6ca

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 d6b5a02659b0ba4f674aed27d0bf2a0f
SHA1 c530cb6f8c7286bd2f6b600778fcdc661daad999
SHA256 2e8f8a6aef90c8793d858b8f019b49e24864b818e3ae70b2e3c08fdb91899865
SHA512 3662121e98e45f0e6ccf8519edc955ddff5c01d81fc9c0d43c8f1c77297bfdf11c83e79c0f378398f5d23b1990369ef6ca61a9f661cc238184161a26cac5a7e5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 cd05023fcb9080ed76097fc23c1fcfbc
SHA1 26b175618298c514c75c044821ef8088f5d99ad6
SHA256 78265129a93fde3a02c66366f42f9b07637de18e2c9a0795ad17586e9b66a401
SHA512 08049642b9b585bd05976876a2f61ffb1880c72c0bde4d7f99244e3a46608e8b63c90a4bd0d1d352f33d907968855c6482a813a14d468954032e5c695934d01a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3c15deb4ad30dcb3d2b50ff39b60887a
SHA1 c2e5ce6bdcc1a2e477e542aabfe3f189572b88ca
SHA256 cda31a5b359c89878dbbb0afa41c2bafd1d97b7e0e5b8637564288ab9d908abe
SHA512 b1c5790c91cca24c04f5df5340ca79d514592a7ef6f704d844f4eef1dc2bcce81ab3085d74f391cb459b733a852cf3c193ecf95d855a039d099c67654bf93e1e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d5a7df3bafb0aceef0257fac581bb75a
SHA1 3c2803eb9b350c9536f4848984f39b1dffbfc4d9
SHA256 42c14a8afa6efbcbc74b47382559e83aa275736110a3f5abd2b52313fb3dded5
SHA512 4121b9e56edd941dede0238f41ad54989595cde29b2bec83e5dccc32efacf5fbb20f9ac147b39951290216c39d967e426191efe0b08dd7727797038481624283

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 d98a50b2b163d78b2dea81805d8a7352
SHA1 179834cd359d27d8e08ac176a2131611ffc8018f
SHA256 f0658becdd73b42a7249573af071ddafe6fa4e67aab0144896a9c7d438d55183
SHA512 8e9e9535c4cdfa807c1d8ba60f9a019c33fdae3a3eb4cd8303fcb1b8c2896506737c8a63d6d3b0f6f8618c9c01f84b1976c7531976bbb5796613029a554fb0f7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 972cc28fa41c057529dd76b7368bf318
SHA1 05bb2c559384c8ca8e6ff4c3c53280a2dab31b46
SHA256 a5bdac680c7e3ae318975053f8f0e2149bb1f1c92452b5d02ea00fe0e816a667
SHA512 b87608b5e85284c803f7f152347577ffca4fd2638475b075f9fa2291df8ee39016cbcfbeb9462a8e742e46a927ca2f0210c5c6addaf7828612152171c9477994

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b47aeeeefbe187812b32da6a6050f2bb
SHA1 ee16ef42fafdc4c2c1e09be3cdf15a6f3c6b00b8
SHA256 ba1147306b152ec12bafc2fd49b34b917187b99a0966f9b79f10217d4bb93c3f
SHA512 5c34af9249ab57e20ea16a3294060cd74b065c7226b4471e67c770e5bad2784b23bed41bc25100467fdf4daf49571d42878939475740ec68b6d9c192f6b79940

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 113fbdce4db0a1efa8641f6b7e1e54a7
SHA1 f1a38e834eaa204e064eeca4fcec9a3cfee171af
SHA256 b3d637ddf33241f8af78d70ceb7835f9f8a515ce519f57d7092482440e9417dc
SHA512 f5149860b2620adb45c7a500733fe90439b24fa29059cfc8d70de415e280b002581cca954198f78829426e43880bef2d41a542643d32c9806f536e30b64b1d79

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 16848be78c17c86ff9e584a3fe931aab
SHA1 b19ef630eb0760a0674c9f9864515d7e51edb3ad
SHA256 daf96e22001acbd9068361c7b43c88e482440f825033924b2fe792fdd0ec5e05
SHA512 37cb092ea32a01e38192fcdb12267d23ff0d2ded5bf8d27fde77d7bac040794f58499e791965ec0fcecf9a0cdfd56117d90d49f6508a92a55ff8456453f50402

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 da71778ea433431029d7e9aa0856c8f7
SHA1 04c87fe7832f62bf35a86bf1325c337cc068eca2
SHA256 f73f2f08b4b95f295c8ff7e2d2a32326c2beb048991d5f7b091c592dca54a404
SHA512 02c403043b6e99e37b3513a3cea247bd130fe348876bc04232d73a8eab6079ce6c28135a54efd6a93a004e95cb9a0d9c7554a1bc1ebca15c20ed9d55b03829c5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a652694fb221a616927ebd52e286e44c
SHA1 d0f9f6cd264413d5280d4088dc0d633c73a1e7f6
SHA256 39a5cf669da531051eb75d44b008fc52ec321343cc18a2117bf2eb3216fd5bf4
SHA512 bc45df194ec688da7ed0f10923f78fb4543f9daf937fd63882f8099e29a142cd02af72ed2a1fad8f86821ca54c4b7932c109399906a3c9c9a46679afb8f25a4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f47aa58d0d4b32688b4d03fe5b52823e
SHA1 8981a67b83e389153e4d3e27fb74756f6a58c768
SHA256 863e1346dae7127d6b825764b6a29f9155069c56dc9872e022b5c775d6efe7b2
SHA512 4938bb4b8b01f63d4d645d6d9ae52369e833fa629b922a6b2366c633133d77c313b348b721e21179281a85c0ae29651962543aa0602aaec6ba8c4e9abd1921aa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 8b0e302fd610ca99d5122e2487265af6
SHA1 57b63a3df9e4c95222a6589c52096462e481eb64
SHA256 a1edbb41fc242549e46654f3449e8c6c7ebf37467015f5ebb618e2ce314762da
SHA512 9ed6a4faabdc71790c070301c48a83db4bbfe63b10fd45474152e5d881c8d04b9c924995ad4fe7900252253053d47b01c9a531f317f61382257c797cc91467f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 69867fbc9d384983446b2063065f4cea
SHA1 0b22f91dae34ab4b72a1a0bdf38529a24bf54f28
SHA256 a56ed7dca9a22ce4831eeb3670d03963c9c41c8d23615933f705246d2c71d410
SHA512 b76501dd41ce4c9017d907069ae9218d26038f2d4f43f1301dec8bf6e82b19d41b5c46c4fa7def9fd834c80449c47ee3547982b50cfebf1eea93ed1c831c8ee0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 0a09e79f168a434ced137d70d698bc0c
SHA1 976001cac5b955309387805521af9011418f4c44
SHA256 79fac10a2edc6e03a090e32f0ca05d0bb81966d850e6ac18255f0df490537737
SHA512 6f8d195aaf23a5b18d5ab2feb47244d6918a1a8e96b85e3d9bae23ce224033cf1bc17c11cd5ce51e67de2cd10f7b18a5904ea8acc43a83c9b2c6e5927401d0ea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 7c00daa4e2cc16066d239849ca037cff
SHA1 18d25928318e28594624c66bd32257f1913dc88c
SHA256 f4a1404ed10b969f2de3de716bba0beb6b1b83a8b823d8db868913373c8b38a4
SHA512 12c8fb37edf17ffcd5b82aa23a0c7f3eb189fcbaa634e63296100d0a9f0bfe04a8a1aa2fc9e78d33e8cac336f4b0de479654429a79d25a0a432c1d77526c382e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 55d336680395f4148a261cd552a37d3c
SHA1 d178f6a897ad3fe950c39d39407892e3ca06fb4c
SHA256 b47d7b3b6594a29bf376909819c57327c81e5c94c20389c127c32b20cef2a72b
SHA512 049571587a1152b8f9dc312fc80bd4977cd97b4dc819cde0a691187877196e67711670a74f353bffaa8f12f052a33a2c5e156f915128346e5736100b54b49309

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 0858aebff4a8096d920f81c4bf0e454f
SHA1 0da1083b07adea920481c6dd0d6395c4e2cde464
SHA256 abfc57b3e7ea9adabbc4b06a150959c88dfa68dd5f0b2b6bbfa51a2c390dfd85
SHA512 349d08626465f81676206aa72f1504f9bb7ee2734a70b511901dc0e32d32259dfb0ad56c8c3e56c097f9eca8ebdf83c1c2fe92f9a30799df2ceb8eb85dc77d0f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ee329c3b1b1f54e8c8a8273c0335899e
SHA1 b48329136411d8d847d98e5f3afdd7e928019543
SHA256 1f2bf11268b2ce6b5f83c6d79878c3b3565d1ccbecc2bee1b46c018601865bec
SHA512 4c1dfbf0cb9486d0b891f12471543c479b352a7196e11aae4b0db1f7e4a1923d5509c877e9742c55c50bcad13bb63c225a3069f98ad7121bdb0015a8aa9d888f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 6498cc3d87eccefbc1a9bccb0355c229
SHA1 f0ad7b36d499d0bcc355c1b7132b09d4b5df4032
SHA256 86e1a344f18d059d8a9ddaee83b2f18e7cad487c6282ac5a1f390fa600ccd2de
SHA512 45b970cc46a0917eac5fa9c38fbc81fd2f40d728d4f8b8d27834cb9899a864ef4c02edd68842e8e429f1a0301ce16897a62d4bcee01e9556049c02706318f7e1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 0221d043a0bb6f39becd6f96bf928150
SHA1 ae19ead212fad8d2c91c60570b30cc0207238a08
SHA256 79af102ca4b7891c7d207baad19fd44cc8abd0c23b82fd16a79a8545a9751676
SHA512 3ef0be768af5ef81a1ca72bca9a596e59441969e91605c21d9df87283f8f60b323d82e807eeb842c3543611e4963e9a9adad4083db649011ce4ff8f4c9122949

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ee411dd0f86045535ea60382f64250b6
SHA1 edd7a0380a99d345372d8e5f8690b8aa13a07ca3
SHA256 20d7d1c650f8713ec5f2b74657b97aa76dc42c594361ea8ee2c4e59ecfaf30fd
SHA512 4700bd1736d7d522e4ba0c73a7b83de2dd270cb6e0200eb8108042b321d5d1ba7b47ea29bad60b849cf1a466b21f772cdca52b5f68f17059ae6d9315b77eefe9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 4ee53b9e3648b6a0279012944de0746f
SHA1 acd436d972640685578e3aa12277e0a55b8a9c5b
SHA256 103a172ebfcdab1c42d0ecb8748ab7164f5bba72baadbf32274782abb1897473
SHA512 9a358d8a9ebbbdda9bf96abf3210881f7647fb18e6b00366e4ea5923d658e34d53eca315f09ea4c1b5f8a6cb2646eb9ef39fbfb781d5d71b0cfee5bb699670b3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 075152979ac5a189d7e25c159c47b03a
SHA1 2e601b66f9217abc29696ae8e8e4b5218dea4890
SHA256 2d86144f7df35822807c511c9dd4a3154e32b53b3ba059bdcfbcf66f72f5a1d3
SHA512 18fab41be89500980946906d41a0e40f1fb7491f0b718a16b19dc76cab33ab45a002bb5a4383fc143263183044af08ee9d2f98e09f556091cc9f26a596be422c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 3bac0e38206fed4ffff4603c65f5341d
SHA1 781f35c6892911f5ce555278a27091118664a3a0
SHA256 3c49f85d8bdc38948bcdc8005bdf9783d1528dd319b9638dc5d91394ed802cc4
SHA512 8592780567d551d31f758522149dcab9f8569cfefb9627542dc72eb195ae7789385a987ac3414f298fec7e0c2125bd28a23552ffdf0f21a843a2716f84759920

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 20a9dd7b098f7156f9d045d5ffba6c7f
SHA1 d4914dc8bb305fff63a3779605ec154e6caaae55
SHA256 835e0e5bb9f88d3e93c2ee9d8fe8de3fcdab95daa6107423c6c5ba0fc87c9c56
SHA512 eb26742f6ea4510bd014fb998c9273d3b9164a76da1f7e120333b397399db54f5f142b0c494cef654f0d4ab620c46ff845b814351778b01c0b425d0ebcaef4bf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 636e8c77801889cfb2c7bf7c7057880a
SHA1 30960b09bcb1ea0fb85f0d428a377dfd3658c1d6
SHA256 7f9f7ba6ab09ec77eb1b3f4502d707be908e00e0bf24925a7ffea4bc10594933
SHA512 db08edd44b88340bd1bab26cf5210d0d0c263e6471f1fec42d7dfd75a839493cfc4c9be61ac0e90cf632ce5888d993779c460513f581b4611bccc276b1501975

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 77d47ff42325311ab78eceb1f660c9ff
SHA1 ff805d9561303c6b3f6c82255c0f489ff1a064f0
SHA256 77d8cecb43dbd78856e8bb3088ba81d5c78f4ac0f4af74ae655d1a3066ccf482
SHA512 e8728dc1fc00c85761916dd78a9740e2f6e9fb219755747247ce0101c72e05639550c827ceeadec21bfe6bd506a5613b2b74c368a1c0c14f6d0061a79337cd7b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 7e8ee5375c3b505bef80ed1e1ef08fd7
SHA1 fcc9250628c8eed458f1ab53606b44d744d9040e
SHA256 eb4fdddcb44d6b741257a35bf0c6f9c91cfa131e0fb8bee9b994c91b679e8c68
SHA512 1f4f6d3729a70e4eee9db8050c90a3d697d6274ee72d004cd2bd243c77288a7a5cd2509bbba3935ffb8375c40e27f98ee4dd91a4753266316ad04546744a58fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 d87b84e8e685cf2dab8e00071665190e
SHA1 67daa4627c09bb6b84f32a1a7567aadbc169a5bb
SHA256 a84257a4fa0ad64b79524a93681f593c98c1a3a409832509eba9145985fa46b0
SHA512 205e860d2b2caf94d5419f0dcc75c0891843fd523753ba2af844aa038ae7836b2216f508c9ba4229336f1a9b4f16af1db47fe1f79cf2bdf9c47087529c174e48

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 9f9f3840239e7d226aee9aafed741040
SHA1 b03f1beecbcbffbadfbee233f33fdd550441eb98
SHA256 8689c895e20f36b5f06ce04b7f9a49e9790da4f7a0d6e1770753792092e25c15
SHA512 d715ad754c5827a6548e95be1fdc18b7d8c656104a182a2a965857c0791852ae7de03ee1ea64ab37c79c5a62fd1b144a2511ebe5c9cefb483c03dea58312b323

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 a5e8f626abb1ca95ee52504e47f8e2b7
SHA1 9455445d10ae9ab0aa62e3b7d47e0baa1ac3be4d
SHA256 19c09056759a9f53af1f6bb8b25519d59015bc28eb077a808b685faa0a2ff71a
SHA512 aa2777cbd198a9273685bb17457e0c02d7f08ec01ff208893b5c5deab0ef7fcb3ec87abbcabad365f0b14dde9a92dc38ded24168f6861c9d4509363ce75c1fc4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 7d88cd2dc3b4c62e7dd3a08431175aec
SHA1 d2556eea4d7399886834fc2e9ed474c23c0c0be4
SHA256 0660c834f3007b201b3c92135e433813f44dc65d620e80bc92c8ea57801be4f6
SHA512 408591c1f50589a38d244552500110a727b2a1c5a6332bb54ce9a04ee4a2454723c7335800379f7dfc6c07dd8a5c1954b8a7f3d98fc793442a51e536c61559fc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 35f0b9deb13b15efa42d995a7bb391e0
SHA1 86ede4c2b9b1f17c882ea06d4f36df7e38216c7f
SHA256 0cc7e544e7e86c05716670632bf00d2dd73729e70cbb0cfd15dc730325c6cf4e
SHA512 95c6ba3f46fe31fb269877ea7aed71df606dc350942da2e7f600cf3842cdaaaad80dae1bea1a9a0319c1015fb47b12524a025cc26905fe0e19b2bc24defe21e7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 47c4aa23e85ae7376bed2b321ad67c40
SHA1 c73fc041514fa55c94815f4dc94a6afac65ada0a
SHA256 3b15c24e15b25475e9aec4f4a899ba61dae8092156e5ad08c4f82998036fdc7d
SHA512 21b160adeec7192af634cfb2b8bc57fa01f244f43f956ff506bee9afe60462de6d790b16dc835c5216c2952674b67958733ca43744dc6311522559323c4701be

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 64794f4f88099912e868f0a7debed6d3
SHA1 037b66febcc1a654daab123ac456959f4a09fa0d
SHA256 b3a499bc7f28566ea2f61bb547281532ee9b796ce01eb9f86311a9efcce3d108
SHA512 b31441ae2141136073c1b958dd4ffff1eb92bfe023fbd7899e9325e0540bd177e0ee80c66a32067cacde73bc984d8b21449f98057acd9a3f37ff7f57c9cc09b4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 80ecd6af22a0d2d50bbb15d5cfadb501
SHA1 16803efb9caa80160cb13a7f8687767c4f7e4cee
SHA256 3ca90df22445db613947b7c24eac895b52170557d39123e5b93d3aaceec624d5
SHA512 c6fbe4c405416462cdbd6986c52bd8b8e3564a29f98b6adac429b75dcecef86bc1a3347b0757f9a934df33a2fd11cf413ad461915649f9009a1c51866dd4d293

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 5769f0d33250b5731e773422bf06fe2d
SHA1 cf11885b81968cbfa4bd7c3a4b6b9f26964f50fd
SHA256 31e96044109a65b53c9e525f60be73bab7df4155dad18fb33c518a37bd373506
SHA512 d09d357e1bfad7bbe6854ab355c9f1c65eb42a981d35ccfaa19b7a9f3d08c6eabe7d102d099225c5d0268a2d378cfd14fbe24f98317349bd3f215fcc4e0e07b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 8e695c2000a922359a6ad55d3e1a6516
SHA1 df49104a1f73b26ca152a117ccd20f2937f8aa76
SHA256 b36d3c388152d7e1d0ba0749637956ad4bfdaf4f66c298010602e8b69247cfe5
SHA512 da8ddee392d77afa1d1099fb8998b7b399530bded47c97734bd253bb4d07c1d4bde1c73fe8dc977a890c70aed3d6ae8d76ebd56ba658c154cd62d56db84e8d14

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 74ebbfe51116ddbb27a198c0c884cb8a
SHA1 d6e760fb7680a63f0d91e8c4e5728875e70ea27f
SHA256 aa0f246ed3df5479c428d4570eee4cc1fb60d600c58c2c182312bd6504a8ba7b
SHA512 921cacbd8de70925676182de0b35b196cbbed4f6ca7ce3193cba31f5a5de08c70f4dacdea0567393aa4bf9bc62ab99e231bf6d4597d91a4cc59cc8750280c181

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 98166fee71baa38dd08fc8e183d58726
SHA1 e2bf28af74315b412a1657b996bc17489f601300
SHA256 7c8d442499fab3cc3245b93283b57a1a9acd41e7182d755a6c3f69233d8da6c0
SHA512 032c450779e4b2d9fa1d5443fe01ec8dc732420135ea008bc43035235c0cb18620bce8aeaa3ae8a76a73602d3159a847260cecfcc26f3095e6bed338d37b41b2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 f841fe6eadf20f1476fd54e51f5f8218
SHA1 66c834fc09862912176dd27c75b3a787bf544b32
SHA256 341f93897984d0033f9f19779d0145c286c9b79ea2dac8cbe7a453d4392c94ef
SHA512 cb7a481f2906f678fbf865af13f4ea6b075737e841616068f5720e571728ebfe1e0a4416240d730a38fa9dd5a584607b336a0f4bb3aa71bf1f575304a9a0e99c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 e85aa6908a096764a8db1a2bb47f8ecf
SHA1 6de43d3e2f14aa4b1c83529981434874159d4651
SHA256 5ac95f478eb6efdabfaa72f3ef6dab4c996b09c0ac881db142534e8162ba8134
SHA512 5181f380c3cc4fd0605d228b950c006ed6e22d6fef0a91ab3352ea5d57e92e4ba5674a577b66d3109df8254583b268f306a607db64fa6107b12d269f98e14e86

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 ff5f040c71e667a3eca1a0887c23c89d
SHA1 b7463aa28072eda3689485dd5293546f96c20ea9
SHA256 98302404468f90aae38289220cdbe8d64b86cdfb66058a6a4e0b5f6b6c25288a
SHA512 861b954990d95be73ab7c13f4f539c30845a3334ef87ea2b283afbb25f9048c3d348d3123fa5f020c514a006cb677e05ed06c2b88f8c345af4cc40980c2ce9f9

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 2fb3760f42a15d6e9e19a12037a9880b
SHA1 e87bc74f96dda6c8d167a61e56dcad20ec916a79
SHA256 440ca3055ad668a08a030264cf4243d2a6abde79b743f04d0a7bacf15badcd52
SHA512 228bd61491520d126477f5543d0befb2f3471b415d5b8b21c9b5d34262dc0d981f3d7421361a90b50c8a509070252422957179c66eb8565db5c2679b4820168b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 daec8fd12c0e96a61c7360aba624f9aa
SHA1 457de5c041d9f99f70f6216a4d545705c5847031
SHA256 bef46d5ffea18351ea4f5a9d92ea90191325b2b9fe27cedc13a2a8d1447e98e3
SHA512 95f74b2b252f09749986fe3315f6b3c14d96ee47c6661790ab646ef913ca06602c18489b16852f8464f47d355d6c3197d4c8b67d0797101e45d1c4e20aa6fcba

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 84227065d5342a15d1cb838092dd5675
SHA1 1bd0f151335500de344bf1e983a0b417854cf012
SHA256 16f10330e95f1af8b32cb79f7d7d0231b282d32069b71c52e811fd8fdd3d1a91
SHA512 f33466e3239c74ddd56a20f7ebb28dba6848c92c5883e615d5823856761a7fd46569a3f19ae34e6a9ce23e5801636be87a0d8b8f0de48265b5094d7e76c726ad

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 bff33dfd7b6a92c252fba94cfefc6524
SHA1 40febeb8c8ef6ef52040d839b36207fe680fd6f2
SHA256 501abf25dc6f13c075b184d7d6dad185ef4572ef4e2a9d9a37698b65f465b6a7
SHA512 30f090eed609f19480035557c3c56bf8f85b87c3bb2c05e554d4b7e450da30730349c334d77056fe4e9062fc7a8213bb8fa82a7bb483163f0dba99359066484d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 e8a9ae1632be10049bc196532943251e
SHA1 072e5b86c3d47bf3b56da6b16a928da26f4f16e6
SHA256 27976d7bbd5fe516030bf90be22e5d48133a585e0af3374c7b604bb68f10e9db
SHA512 4d3f8d66e4fb341d31a9147b73ecc14970f4e411d347fced347b38f62ae1a171223160aab2ee628b8931b04232066e02780e18fd2ffd0d38be76e7dd64a632e3