Malware Analysis Report

2025-01-18 20:40

Sample ID 241208-kbr7laykf1
Target d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118
SHA256 8e870b7eb6e79ea13819a32a54a80ca5df642527334ed5ad071428c052dd3d45
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8e870b7eb6e79ea13819a32a54a80ca5df642527334ed5ad071428c052dd3d45

Threat Level: Known bad

The file d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2200) files with added filename extension

Renames multiple (2175) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-08 08:25

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-08 08:25

Reported

2024-12-08 08:28

Platform

win7-20240729-en

Max time kernel

38s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe"

Signatures

Renames multiple (2200) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMESC5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35B.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1F.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10336_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01295_.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\icon.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_57823863b622b466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.1.7601.17514_none_8d32f6bc0f6a779e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_63daa472b9440b1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ea53b341a53f805\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_it-it_3838a63f071c9c41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ieinstal.resources_31bf3856ad364e35_8.0.7600.16385_it-it_fd37f0baad6af68f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9369fa08bb57d53b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d4faf89465aea390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_search_down.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_winusb.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5b39ae058f71f749\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_403d230b6e5b87e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_89701e1decba44ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8f32cc65923460d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_VideoInset.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-bwcontexthandler_31bf3856ad364e35_6.1.7600.16385_none_decc6df4e44f2aa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_36b997dc1006f298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_454c741475b5380e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..utilities.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0feb9670fc01a02f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ce2d4a737bddb767\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll001a_31bf3856ad364e35_6.1.7600.16385_none_48985de8cb1f7a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_it-it_58c398a5f8a28193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.17514_none_e52d9c94ad8b0f54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d64d237e2b4016c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sysinfo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_642db17f83414215\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\4233efbee3de5f702340b1088df01439\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_1f641766a12e7c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-hotpatchinstaller_1122334455667788_6.1.7600.16385_none_d12c619138ed9bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640cccbf2e2ceefa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sisraid2.inf_31bf3856ad364e35_6.1.7600.16385_none_832517589fa2d115\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..dlanguage_en-gb.ale_31bf3856ad364e35_6.1.7600.16385_en-gb_580d777d0ee38bd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d74bb9dc4ea86b7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll0005_31bf3856ad364e35_6.1.7600.16385_none_4a02934aca03a821\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2dbe977664a0b5e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_32649e3ddcc6caec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_199a79fb26d4d837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddI3d71a354#\d8c41b9b493fc289758fc3f7f094df61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.mmc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6fe1f4a7f8512ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_df75cab8ff0bf002\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\6.1.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..haringapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_993e1611cd45c734\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a5e778f500e50f21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\Speech Off.wav C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4748b24b19a6eee8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_de-de_da67d42e60aaa0ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_0821fb4c2461fee0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-diskmgt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_840ea3b8b598d868\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_fd30fb074d73753b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d7822f4fa214cd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_33d51b0128f1afeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbtmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_af17a416dc74fd47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1b15fb8021971e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6a84c19c1214b4c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_de-de_01cafd1aaa8ec853\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe,0" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA\ = "DMMNYJYJBJCPRID" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 ad136daffb0403d7adb1f96ec0ebdb76
SHA1 1a120e23149ae0b27f00c198295a5783e2a11d5f
SHA256 6c09906367b9f3b17251a9587fe500426ed53ba85e282adbb1175a45b8c14dd5
SHA512 b6e1917226e385d1e9c4ee1fc0d14274db4346f23edd1320967b7aaa8f60f70ffa02bb3a9b69581d03353bf932a4dfeff880bb5aa59ba09a501020da202c2b20

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 cfc385beac7f5434bfd6713d1332c4e6
SHA1 9b8c363d6bdd4341cf2ef6dfc5bde0df04b7187a
SHA256 3231db480431a4cb157de5d6cb5eaa4773c9e2ff747e4449b24eb12aacea46ff
SHA512 92632ceb7a51b5761d76a9299a1f3189201ba76ca1c51a2bbb5fb111aeb3664715aa87711cb7a185274308b6c3c6613d3eb3655791066c4cdf6be75934a05b59

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 7024c76fa7fa4ba12ef514ab33d2f0b4
SHA1 74c8bd28d1c10201fbf91dd68c1e7f9220c81a6f
SHA256 f923abe0bfe73a601f94887fdcf7bdabae91706fd277a12aae564e117e01927a
SHA512 2d2c5c91278d59d7c2d6d316a183be2ce12a2796962f4e391be001dba087e020144f8c4d225437ff96f2ed26cd98e5e07976da8069612ed350c3f4ec9af7346d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ba724b5d8a9e65f2dfed2d2d537a80f2
SHA1 aecfe76cf7a5d12ef7b369c625bca42c7ca9f9e8
SHA256 42b78514c06649c62c9e4dccba657b8a07b00583fd04335640050bf720ffa2d8
SHA512 672392c55d19f6be53302ddfd721078ab75ef544cf6dc3153423b06a57fec306cff847aa77273218ff9c632267d656f76376d1366220d1804410d41c7b132896

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 24721a1db80c47dd39c5973a9b6ef464
SHA1 551dc461ccdba64bb22676b6c25e90b255e1fffe
SHA256 50cce3408d13b3ed3738cb4c6521b601ed82d3a629141d2cd5a2f68ffcec544d
SHA512 27ef616910c53f13069939a4ef06748465c813b7b9ecf2e8df90e09d87bb86ea17ea15cb61c41c85c4c19d9f1273d66cc079fce48e94738e6e6163a01b748b93

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 48a536136d689d58680d209903ff49e0
SHA1 ef4673aa9895ba38e19a96a581206633c2b2b3eb
SHA256 7320d93248899b8838a543606f29362b0279547c1ee2972f5ca09e69509890c7
SHA512 a5d3c0ef96aed86cf7e60d3751a15a426ff661a4fe6fa8eb2e190616769e90b47b0d06dcbb90448d8c96ad3fd8077677a7ccbb150348b66935f7f0e537c7c3dd

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 09728fa878594196f9f1a6859989361f
SHA1 c44a516ca435fd0037fd1743c997e7ea67daa6b1
SHA256 b6c7e579ed9fa0ecee5ac8e1f9d174bbbc5beca3dcd4f1be20ca3cb5de901c49
SHA512 ec9661e0e4303b059f4d2ddeeb7fe0b696c7aa27b97e4e3701f2fca9e4eb5316044838827df44e9d5faad83515d4b19aabf73cfe81e72379d4107944aa477e4c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b9e9e2fe22eb5d7a8f439d52d72f5c25
SHA1 77b9e5725c9c6da6e18a8daba3efcaf6f307f406
SHA256 8d8b9dd0cc0069fa54ebd3fa92b37a3b55beb7b11a894e9be30038f4925a519b
SHA512 63fafa853eca909ddf09e9f0c587a83d86acbdb26b7af95a4dd7d5e0095f9cd3a29a48e43cb5210574aefd80c5055017f723c67d578e7527374f99eb345810f2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 d4403b631d50280f3372b1211efc588e
SHA1 9dd2d384e2743a61046e958a06950135da0f73d9
SHA256 a5e9ac913ed98b540ad29ea1293467330eae12e0cef75186a138b683fb309f3e
SHA512 5daaf757313c3778947f6fd7b3f7644cd4dbba7f0f9df75b7eb910a072f5e726b39a09b2a26093f0f8d3488837bc803920e4045fb51474e3bc2365258c98c5c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 78e796ba9f24f141f2b911b40ec7482a
SHA1 5f58e92badead4188de1dab6b99c6a7c86b42efe
SHA256 cfcb201ce02a8bcced668f28fb5c3cd0e0fa38db029a6a974396d2e6d783e49c
SHA512 e1a9244d1d1af086d830f47c74b998dacf018df7313faa92b6df60dd050b1bb64ff442239ceb51d2843bd2c1fe0ed9fcf65b275966c8b9bbacde3be8e5b4b36b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 ea9ac19f74d61ae3c61e2067f175b102
SHA1 6257fe067918017feb8aa942534814f03431db1a
SHA256 72967e4f8104ffed1c776b78db72a6c6f982bd8a8a62aa00c694ec645e473835
SHA512 f3b947216c48902219f3669a933e7298ac5dd762ec1679a31afaa60b529bebbe3b3b8fd6c82609cee3495416593ec086ff9be220fa279d21c2879a9ee89a8bf2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9e7662a842f3af15106a27ff1efbce1e
SHA1 e83bc9ca2ebc895a11cc063e7205a6241d14242b
SHA256 f5ec18aebfd985b048e4f8a9461b85505809b7f9a61552c180a732add2e04d82
SHA512 b63216fa85f76a8812a54771c49b5dc7249c19d3c49d243099e00e7e6371d8202c30bebd53e20ae745452aaa26f84b25c3cf691f33a25bdafc44045958aeecd8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0d224921355e4338a8d7740493a8e975
SHA1 d77dd1e4af71191a0c2b5919a424eabbc9ff7a79
SHA256 fda17106f53acbfc41598750fe1a9e9e589bac10146b3b4e1ed86d4b8ebf817c
SHA512 d44bd82e8a4d6ff47679203e145da7df1164a71cf673ea18d495b02466e64cbdf88ba245a9d23104a6a6a9b667046913971731a56d66861c14006358da68bdbd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 c829eaef78b48dc8c7a42b23ff21a88d
SHA1 93598ae8d40bc2a03ae6a223e2674697e17b0d65
SHA256 0c4d15c50c816ba90e5a20ede81e924a6245e507b8d88ed1f280d63a4a145f67
SHA512 32fede4af7b42efa76ced7a7744a3464ab9d52d5922c7b825f026e6fa5ef8fa37af0e8df7fbb19e3ab010c0b080b7de46176fe92ffbc922d6db7a62ad0e9c1b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 10e34b316e111cd8f80afe1fa11d7853
SHA1 9b508b7071e53bdecf6fc0537fb5ce1105546fa3
SHA256 c5d2cb257940db58dea089d3afe4810c4d6b781600a2eadfed1604b22950eb90
SHA512 fb858a6c65346476178a7397f26843bc124c8cbbbd562860abf158f6bac9804bbb7e38d2b6d43c96eb2eddadf39570413b15e46a84c93fc76b68fd66593b5a80

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 98c2d5e2b114ea63e353c841f68dec57
SHA1 07d234c901b21af4e7bf7c10cef7b042acf3bbd8
SHA256 1b07909105b4c6a3f34b9c5a78900f1cedb18a7459a13fc41b6e1b58946b8a45
SHA512 a17a7463ef9eb369651388d03acfe2c85509865529562cefc22ce2caffc5cf2535e3169e19371f9cebae4db9d3db03fe20562adea9cda77bd2ae6eb1a8baa102

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 ecc6e4fdc1ed63e048596d66f31df109
SHA1 936d5ea903d35441b4a70605d371e9911ad2e744
SHA256 4fd63753ebdb772f7c88ab63a7fef96de0bf41653aa1382cd65b3810dfccf005
SHA512 e50d106d2fe22c70066fa71fe253f93d3810b17050a8160cf5400084b627e62bc7a1cee89b96d8c76c763321e1cda261b94b912fba6141d6d5aa1b4e495d1270

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 bb996e9ab681fe382d081cd9ea375382
SHA1 26121a3b54db2601755a206f7428c90fd66acc9d
SHA256 98819d14ba5f862e2ca3f43b67106d29d57569997b6a810149c3869594ff7515
SHA512 04120479b53e8fe3a9e2b0742e72e04501a073c96dcced75260ce82959e1d6839e336bfc442f68b56bed7daa7c374f6ce2b4a339d9f72b80ed52831660889657

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 bfff2b82a4040121901878102ede210a
SHA1 b03739baaf67c26a3d3486a99b6b11387e4d17c0
SHA256 88011dfbafbfc8184a12eaed8bdd0bf15fe418e6c63d9ccfb1995eddcb2c1547
SHA512 1b1272c6c924976d1a61fb144a1bd9939b59e208264f2f5d5674b16d2d598147294ca1e5790a95587ff1bddda3a1d26bc05391d29dae7230db018ef7fb13b635

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 3441c49c84bff3d4ea5923afa8ae78e5
SHA1 72fdf22c03e509009966714329701f60bc3a5609
SHA256 8ddf38a09d91095f6a60486407f5831899d6918e00eac31e3403cf82af88bf03
SHA512 7f4a4291c6cd3d0e91204cd7a2eece2f89544453eaa1f3605ca58546d63972a10d333f0c95df62562fda61bc1bf8912bcee18e8315731022f1c1d9d81f7de676

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 003cd39a4c6e9a7909a3411b2e3bc741
SHA1 0de4266ed7f91396be98ff7ffe3af05d18dd693d
SHA256 7b159f303fc80dd4dcaf868e440d06d171ab8d4df825ce8562f9254b0d5cb26c
SHA512 198d894775b13b0f4df0bfe96e3517a2105338a425b7c20173c04ff0bf96e0809dcf0530a6c5bf0be6b50c98d10c6a2dd1e6a5ae67acf128dc2c7c80c245c9eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 0c006b6c5191d43686050fbe7fd3ec29
SHA1 4410652e721b2a3256ff365d61f293d6cdbbd9cc
SHA256 cf2be1321d285d96934d3f9db73705978633c553a2f2bf98e8449cee0d8440f2
SHA512 28fbadee0877a1d687a322b8f83f87c56b835aa204d81e09899ee122a638f6cbd48bf7abb16cd1563ee6da997d0b3fa9d830bf23a1f0a54a3bd7088f75d78f94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 b918226d0a15d74a40bfd40535af1b3d
SHA1 9efba6e46655cbe04b33b94ed59bcf3909aa556d
SHA256 1269153bcdcb874991c16b73d4bd7bffdf0e8d761ab40ba525a7b8ffc402f1f4
SHA512 bb04389c9986b904021ee1c9921c927dd17829c7600b4e05ada68e6768a1a111552edf60b71a67653db6da55603770452628c77107709e6e5a03c351ccdd24a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 36022a5085bac9b2e12314fac1ee6ea2
SHA1 1fe04c42c8e2c35de8b315d8635fc8803fcc90e4
SHA256 d74570094b9f7e2b3e515ada37283d0516f88dd744be59b9651f09c34175dc89
SHA512 491186377341052612c898a9e10da17b4616c5763448b4615a259a0258967a9e267f1c9427b32774034e6bcac2fe18d8f03c36fe1bb9ff9ac786f5612c427515

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 bcaf18131b438e51de4173d72c288029
SHA1 d60366bcb4579311a4e680e32bdfcb6150fb80b8
SHA256 0e5ddc5e8fc65e36e5a6d9fcc49081e3947ef77aeee3bbad4ff9b04139546e5b
SHA512 8e3dba16e89dc55aaa0d0e43b793535677001f845e70157a3af774c2315d1159572eefbc2a621a46732f8b0fc5fd5bb2fb60cf7143db45f016474926273cdc43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 1760a8ab61d1d61e5662d88544ea38e1
SHA1 bd67c92b992ae6d59c66992b78a5a8cf0e72257a
SHA256 8e1b1126d57c3a3d8f261c8c3ee2eb674084c8d29d69d586330c43badc35a86c
SHA512 89080db8f7251c524e70748e1cac3bfacfdf2c4eb141d9bcbb913220176bc374f79c7b5497a7e1f4612a18be06af805e216a906fc729d5bcb73ff25f968cdb42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 471f163da628eadb91d4da9b9bda54f0
SHA1 95449b93419d2ce3e174a70f4173e3bcab20d9a9
SHA256 384da0efd32ee7e7cad7487687c262ffe6dc29811bad9117ed373f5331465abf
SHA512 9fa47e2b3d6e0f81d59b5162a63ac1df82e2b18bfb3174f38458482c7a28c027fcc89865bb5303cbdda3c6c21825f3a93f7dd2abb11a91b6683b869928fd2fff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 013fe7a0b60678746cd5af928ff62b19
SHA1 63adf7d86b74d9671d8d84853f6d94bb9a504347
SHA256 9b1e2a77fa6d74c95e390236f3564602b57665213e613fd1dbbe426d1c40a975
SHA512 96cdf58864b6551f141a6a6589f573a4b111cd5fde3e4199c17653513c87e529d3ce1ccb927b2087d9606097e2995593241e2ec7e76748c9c58a5252184942c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 33e2bbc02c7d5db8b8274d0fd4f7f335
SHA1 193b29e3c397433793e03400fb94fcdaba4e12b5
SHA256 ab244aef2dbfb61c37ff866b20d04084e183c5b5f445a769380068028fa72d25
SHA512 5d0c6a29dd1083016b92ef44547ddb89de21317b91a8c831a683b6ff3b16f0715b0918c21ea03be1c13f8cd7bdba7e859d18c9cf245d04bc2567c41c0cf07176

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 10b5361a92150a8c7155f7a16bdf5cb0
SHA1 ce0f33767dfda4b6e5f58fcb4e5cf1b877fe6eee
SHA256 8002b7213afd79135cc361a9c484fd66db2d5583b6256fb2de04c887db293d04
SHA512 728398711be662464bcf06a43afa870296cb517db77fb86eee7ec2807e42a4cc1ad2e9dbe41171e5c906729a48d9016d14505e26134f651c346f6b91bf7d3096

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 10bf521ee011ca8b4adb43994f8a384d
SHA1 49bf8040ab67ad28020cd811d1c14649c28a808c
SHA256 08f9348e639eab5c9c58f440de5a45fef80000f580aae6ede01948e502537aba
SHA512 e815db38a2c8d57072dd5ac51b7c759adada6bd5bc192952c2ccc8fc55cba907f5bc5253932358d28478df16ea2cf7d1ce81fde5a756172b7ed091dfb5224277

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 8e27e840efa4ce9336d5dc28af659d5d
SHA1 1e7b405999ba0d51242e6acdc31943863e122550
SHA256 e96015c3abb52181fb040b7da35592808ace9c1e8f5a0a3242e576db6d72c6f7
SHA512 b7cb5c3779674ded25938b945177edd822a2c25802ec7e3076f64b11b0b4ea264a26f5533a5deb83b0b0498105271a36913000e4bc42194a043db128d9027d29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 9b0a3efa8e4713c55791a6a9b780e190
SHA1 8e7dac909fff817160369c0b2011fb843a46f384
SHA256 42769153419a60a0b26c79a9ee5e82ac9d50e1fe75e16651233adc27992f0be5
SHA512 7828cf6c34f5d288e18cd07c4ba13da0b3bcea3af17f9e4155afd90f60c9994039dc437add96859220706b65eb36455a1d84be45d71ef569e04785ec0aed34bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 4fbe8008e364f3d94aa903fa3bd4c013
SHA1 3b742724eca9d2a03453c19567ead44c095cb1f0
SHA256 c4ba43aea361e955019004755477da952d99c4d44a9bcd2d52b3b2e7152d8f34
SHA512 f958527da111455b9ef6ad196f6c2561c1c6f0fde7963d241b11adb7caf17b4ff1091ed355377caf1485ccef56389dd6a3fc32b0258f6eb2afabee1a80dca4f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 69c8e326d724d72e732a003c95dc9865
SHA1 e36efaf9a2f2f8f97b2fa72fe8cbce1de66d18d8
SHA256 7e845ebb199f967244b844be8330a9a34a4e4a3b1db4e1a704406f4ba662edeb
SHA512 6c6b4249d71b362161b6e7ec907a1a97236a6aef9f42c8f0c65ec5c28357fdf3abfe5a7e040f38390f4d1805bf766b33303c639301e4a400da8d510fca091988

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 100a7d2021221bce987379745b6a685c
SHA1 2c54a4721eb630fb0f9672aed84d1dad76b46425
SHA256 4eec95df2c686442f1e5e3cd3a2d0a65f726c172998d2e6f836151ebb2acc2fb
SHA512 38e9e748c0d69452632cd1acf4c6695005dc2a4f359e8d3aa026b026cfe769f021ac00d625631b21db4818d0dd612e9353ec2f294ae778c294d6f95034de5c49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 350b750cac15b809e7a749df27c56cda
SHA1 be8a402db9e3a166709df75227a36aca9afcc32d
SHA256 049857f796793da89eea4908a27d2926fc13758daeda5cc7d29dd23ce05a77a6
SHA512 aed0529f990678c8d2ac60fd32acfbbea24a935e36ba0a52bcec4d65d70d2b71162715cf17103046284d354377be69b12efc569d130725c0d1bfcc20dbe359a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 f79a26f67c9a7c3eb2f84172226aa2f9
SHA1 b229b2ec3b8cca7fa142c93008d490ba2f8dfa5c
SHA256 ec7ee51099b8585759a3b151f78f6711b0783c4ca3ace3fff9dbc11be626b855
SHA512 9a7247c1027f736f09d3a87cb6c6812b0e953851621f0b3b51e47f4848a75bfd706410b069707da3ebe142c34a9c39d9008f5dd08ff2ffe575828e992dada8df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 1563655929d18bfb82c7f83cf2df5b97
SHA1 9175d628954efe801da180d6b23e183620eec81d
SHA256 23d0ea5f9b00fcbfbcbd8ed5964655a6ce48104eff3d84575a72d6c7d524d018
SHA512 ca34b519dc760a46c63f190246b8348a9c948cde526329b2f8e46ec1239afd274b8d6ad10aab6f087f7e37c9fcfb2601ed558cc0b83471328110cf2a46a668ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 fcaf93600667404185671d141d3139aa
SHA1 a086a2b765f8ba70686aa444a8751c8266db6837
SHA256 64ea26c25c4acb05f8828fb5a072484365a2418266c9305d2d2efd4d8271684a
SHA512 686e37b44c509c98a049d21d2ebae624db74f5739f799ffd81f39e2c4c539b0a39e57e6eb5129709394899d406207f3d871335e77c9e76812c89ed35faf7b923

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 c6e1683b67b7031bba003763d4f85e40
SHA1 7daec48d49d0eea1a7843054cb8d57c2912749ba
SHA256 27f74549f9c6784f4c0b97bf0ce163b6202968c3a81a6c9287345f8e0c617694
SHA512 2b4fcf5aaf05b9ce6d87486444b0383d9418a03397c96a57569572f7427da437286a490a14f31ec35028bf97cdc3856cca542c1e594bd9d8379a7b71c3a4a9f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f3ce526a90d68a9d1d7895cb5409d7c0
SHA1 13cda0ca549923652f1ef917695ef083308c524a
SHA256 5397b4931a462d0bb40794f1f2a6a607b172c7268896045531c8b1dbd7d4f7d1
SHA512 6fc90df0a94985778fb2c8620f3ccadc3a6f2ff2ceaf10db2a0950640c4a404951a7b0a3a7c4707e4165d3544c0b9a168c55138448fa294812a70e111fb63033

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a9805f0820aee9acba5867a30762c76f
SHA1 f0b82c2769069a6ab4dc77ad3dc1715c21c8a721
SHA256 3a437669d31c249be765d4ad71d7ed6577a3a5ed359603d77549dd2e0846b2dc
SHA512 33595fe138e2e95f3bb514f2f9987413264786c0ba53e14db7449204036a67f448c9ca29292f5c424ba1b16fae4f1075c070ef361375e2997482d575b782b5d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 13a32c95789461685eb30cf4fba691e6
SHA1 d6587eb27219803136abb59b3d022ae540e9a8f8
SHA256 08f65b87cbb72431ae43ab21decffccd19582a8941a067429cd4c3eb68299120
SHA512 36c124df8c959fe0fe4aa112de5634570063ad2a8fd942cdb5ff160ed5492ccad17e50440031a90807a780d98e470e4f8fc5a40e0f11cca023397fecc7681324

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9834cdf4e501220b7d5258ae9731385d
SHA1 025be57443628daaeb3ca63b5426c6ad49397fd1
SHA256 bf09fe0aca0805e39e9382d210e56dc2c8b69ca82fae207b7e28a075ef3e89a8
SHA512 57f26547fb6d3544c130d7b2f7b103761fdbd4d9babef5527506ae43d16cb1b15435f2326e6cf38622759a315e3be92c9d8cd2eb9e792e3d52b7c57b8ea0811f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 485431270eb019e4a4535dc283d656a8
SHA1 4f8d13bf4224a06c21c3e163ae66f2eec92e4f31
SHA256 9f11ff79e962faadd0dc3eb50291827f2d7f2b8cbf01e9c9b32c63b51ee8fc11
SHA512 29d2754193b47297db9394f9a5f989b1fe9414d3b060a3047f27ca534b18cca3e8cbe12f89c03919e71f9734361fa8e430f51194631d444958f3fd3dcf325eeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 869a62e5a745e69b30847e4ea6d16da3
SHA1 cb5d3367f760c1489b054f1df2e386aa5eeea71a
SHA256 13e552ec30320ad461400e4e0a8c0410484a083e831ba98c50b644f52899f874
SHA512 98e689eb56a5a96cace56e7e88e2bd55614f9e42d9b3f35548a33c3039056b0f77f1e289de280667ddfd68f9269bd69ed48f64495e152f9cf41c305a8e71784a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 48542ace917dd16ab15bc80f1ed7332d
SHA1 cb4c54bf72536a4867ae1502a1f319b8627e7213
SHA256 8cab1fd50ba88d28a5636035850c536730194c20e0472d4e360449f2b84feb96
SHA512 6c209693692c48398654291d0a5e113fb0f810fe17b22b9c216cfbd553aba8892b82c22cdbea634a12940bb65f4ea82dc5cfaa9974bbe93460e816417dc678fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 bb4aa450d7381f7496a2decac061be03
SHA1 ab2043c5d75eb9e495fbe56ff90efd9a87ed9bff
SHA256 718461223cb61ff391f7e7e11fdb533a02875919726f2702839c99f7927e1ac6
SHA512 a9833500232f387cbcc56a34e317bac24c85c84efc0639f82d1a0d42b41c8a7a8726120946511e09f970a931cf9c932e80cccb129cc0499049513e36b5702de9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 5b832467a48d4394f8cf481e4c62e756
SHA1 20a7762a9c787494a4347bc64d65fca667767d95
SHA256 e198a482f7c0f338a8c1a6a74d7202034f9a6fe2d140b5f4c6dabc1d96d46f06
SHA512 d62c898334dafd87260e20be1f502d7fe9235a8beae41bd5284082b4ffc4f6f42091645b5ed0c98604fce2f09d75278820ebb5b67c5c2d3c0bfa14d47506c5c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 1b42ddd5708d6c837bc86b3597946a05
SHA1 6b199d1c3636991dc332e38a7fca430d07a11f77
SHA256 f822e46075e928e30c705c63ca3d0f39f611a58e5639aabdb59a4bcec9aa5061
SHA512 a3929dcf963240418e0ca8596d2a30610b7ee0a6822333004815fdf5516e180bb02548dc031a4859a76be573e8e0e3eb88fff1a45e84b67f1da09d7b2a76f59e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 e9ea8daa22047d59478acac488207438
SHA1 ce83a2c6632e4f6ee334e442daba7743d10aa7a5
SHA256 73be97ddbdcca1910b399420e08c739cfb40ae64eb5a59e340699d3f19a77d96
SHA512 f10014542f6a005504485f2bf555e32d8928aaad9f093934dd12c895f87df894cfdd36115f0d86901af910c8e8bbc153e02b21495b359c1f843cbc016f9eb8e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 71e963aff1bd3b8c1c2e3d6199ff3abb
SHA1 8d3a05893c03044c139e51257e08d7de4b184195
SHA256 cbbafbf449941121b6f3378f37255104fec5a6b48dc6c8f888d2422336790da5
SHA512 d2f4b90fc7e4f7efd1156d75fbe4d734696c56a8fdde0ed8b33f2b355cfbbfe5f48b762aa197f4810db7019e086fa27632a797ce92f611d76b5c9ba1c519a034

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 a02c4a003269b571f1f9e559f66b5814
SHA1 911c3c5faa8b66254efcd22acb8bd52c90044d0e
SHA256 05b2155e9f499d050c5cbcaf9a45fa5f9086256a2af703e8d3fe991a9fae0d5c
SHA512 a57073d264d786a14be0e316ce7d8bea56225fc749718baff68a457f7e47bb3acbd8bd20b7ec4f03953eb8f77775bed7848c124b6f46e0d2e873733438f4ca22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 9ad1f44b80dab052a6472c3e4db334e9
SHA1 f726bc4b54d23729821290b855fd70a971f7d3d3
SHA256 bb188b3030ccaffe8d4ad9c4df169c4d2efd80eb1bf9315ffb0f3fad80a480ca
SHA512 d65ac5083481e04292737e8b93933b7289af81a8ac169536feeee7ed48c1f640fabbf55933234987f3f9d6d6fd6df129ff77ed22973c50c50c9f5ff79fba8bf0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 20dd06bfa9d385f88103933fe607a094
SHA1 12ec0960803f3e2cb0f57c53e72951429af56dc2
SHA256 0cd9654d074d953206f8516c9f508c57069fabe80b0c3751f95d6fcc73f88022
SHA512 2f372d8b89874f7afaf7da5d6a2718009a3d0cf36b8d6780b7fc5e8ad3fd6949f86dbce4eae68abc8db16bf66fad41a767d1800fa9be009ca720a693458bdcbe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 8e48d1ea8d46db5af25b3b3425df43dd
SHA1 8719580dff3affee9fe3e108d5934bc1ac2880d1
SHA256 9526c8bf804d4105740504d9de1c13f969359ecb44808e8918e70102c04bb1f5
SHA512 6dee891e579965da5fd3b73aa5b5adcc34f984ba0b748e530189275dfe6742839edc4da91471399d4c9a9ec7ee8e07b175b18177e05a8ead8ccf36b2cb477995

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4d52c15ae8af3dc1e85f0d83a76362cd
SHA1 e4e7a5582481e507c5346db4e196a21e173f9c6a
SHA256 ab732a14caf117c811961ea31e79d6a0d8ab1a86d1a3788ede8c0f7860a3b6e6
SHA512 3a8dc12ed7378fbc2687b8796cd035dfea41de023a1503c055d96f176e4b8aa7d627d9c9010c36bb028bd3242f156a2312a564d1cfdd637f884a0829ed606fd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 b549ff9b71579af9642023201d00377a
SHA1 372cd16b3a9a58d23dde18706b7db633925376e1
SHA256 6adf9cdec8a7061033b6e4074ddcf33445856f8dfbcecfa5d245c8f78677b1d7
SHA512 79fb5c1b3646c11d678fbebf1e4fd141108411dc17c8fba61f96cecf975a223d614eeeb9632a44c723cb5d4e710f2d34e092610e90cb89611115e5b40dc47a1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 ef0a2d028775afc5c44ec75e218226a7
SHA1 0fc985187665f149bdce3a6ca8a8872395232370
SHA256 186e59e35aa3708981ff7f666543144ef343990c3588033fe26f8167e056a1ee
SHA512 8dff12b0f3f61fe14a57ee3c77689edb1b0a6ab9f8b10cd70a48e13955e431169f6fcd6b528f510095c638178cbcc24de1febe86e50f346722e146731a543bf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 00e33c596794065033c93c881263a750
SHA1 6f9bb837ae8dadec9a892753a97ce9499d2e24ff
SHA256 76ad9a97dd19bf960f12d9bfbf1fe2a9dc0404d960989dea234527dc9a713b66
SHA512 f6e01a3b879f6e83ea1f7a685c01a558efaab6888671808d521afc1228e257463181bac777abd3d2eedaecb9cc1dec9cd9157a931efb14f5c67c0a285a97b637

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 9bb70dc50112d783d446827f3ecdcf6c
SHA1 5eb6193c988c130e5da91af5e9083a47602b0ffa
SHA256 d35542f624ff1b8fd0a2557dcbb2f4de503be9002e2990368787818194ffd88c
SHA512 5b98f1a57139bdfa8c3860dd2b1164f7e3fd39ea597829d6fb972a7bbd503d18c2f39e1821a33c91eb9912f2c21ae9aeb6aab08675c8c7537de93ef6c64799e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 928c308c0b7c94458878fd2d036962f3
SHA1 c1dcf84769d583c69ea721926a499f514dfb0f59
SHA256 00eebf96b03a4f3742e5842d709ad71fa9bae1b3f1320173b50c8d0b357017d3
SHA512 ed819ff1eb9d847fb13abc6d524451bfda293276627e764219775ddb30e86b3e324f643fa482ef2d527c1dfd80e38a8a9a633b64f70fafa260fbbd699354c193

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 df1d905e6872e91c7544d9f2a0f6a8c6
SHA1 58f2e7a2ceda4d2dfc02c7ae3673cdc729697a5e
SHA256 b1558b49839ea1ae1c1c1bff3b4611fc30047bfc1d35856af90644c0f48cc0e6
SHA512 94fff556ebb775612ccb5ef40504d38d6f2510f5113010081d8e34af611cf9fbf6732f1abd80abafb61390b0e0b86e723d5beaa7f906b0fb5947a8ef0c8446f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 54261b53ed9a99a461b91b4badcf2938
SHA1 adfa6f6e387fea3b9170bc03b8a328b0eb6a1cdf
SHA256 46d97cf855b163409741a829115a0654c63c7d5f9fde725fa87f15b14b5a4692
SHA512 6d7c3da4a75b03477dd6dea008af8b2275f72e6a4455e644e2b67800d8d6b236f676088cc1cef16ab373bec5adc49cfe83e5b06ae2292a6b5f86e13f00c9b67c

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 b462313c79faf31ebea0a4e7cc7aca87
SHA1 71bc4abe2679a113289067a58aee8d74c82c6a5e
SHA256 4f495c00f23c388b1a2a79f334134ca946d5c1143c74bede5c021d790c522f6b
SHA512 cf079fdcee0fa898eac0ff3e3722ab3b6dc43b8e3f8b23859cfd6ee9aea86d677e6d15ff6ce0134a578287dbbe6c44d5f5475a32ba14d67a44907677fb454bbc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 0b6c8ae97f124e9875d27564dcc0ecf4
SHA1 4c84bf5c64120ea7acc508550d8c13eae79c60f5
SHA256 cfd561c3c8f26f7dc7398196897ee383db2b198bb69584f6db6da9dbd3d6e030
SHA512 7c5f67947b9978ee00056620b26a677deda19e574852a324a9f6f4012b478b44325c507465eb845612527fed3617a5cd4ffd855126779ed3123602d023cb36b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 62847d71635f39842e053af004597f7d
SHA1 ffb31261f5d0bf4b0b839b12666850f243de0c1e
SHA256 ac693d4138ae7f78ac57590f95c570e42e5afa304db50b2e8135cc8308adbabd
SHA512 afacff400c901f86d7be708bfcf634f278ef3a02c629a61f10ee460a6d02f14edcf49fb24b03318abfec79c256c3a7b697f4bbdf1dfa67569c716289ce8a3254

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 75b43460f50846b686a8742f22854a47
SHA1 8e06acc6679050085f4448176d7f5f7005a39a64
SHA256 49a14f9917f3a8c0fb2342fafc61281e75d9ecc6f98b96d64ea227c5c60e7581
SHA512 8b84aa0cfbfe21382f68d862e59f7714ffbb1b7b52650ffafe3ee83339784bb5045a0650e17f2da8a31dfc04d906c525a47b739d680670c447853e32ddd209a1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 fa98f9eae3cefa61cadeb10dbf722bba
SHA1 cb865773a1be8c026a039aef89b2faa697592708
SHA256 200bc152c0abbc879ca964960ee3d2e8fce761d40e47bc87d404d7b7049c1813
SHA512 8dc3d522e9ff00d83e6df8a51a498901236181b92f3b5493396dbcdc0e91e92a441d7124b0a71ac547706d2d7a709b904b53c4e4b3bb982f91b015c9289e9d6d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a5a61724fdb88a7020ab3b50dbf2bb64
SHA1 02ac15e8c7bd6551311d1031d792f53dc34c9559
SHA256 83b78308d1c904c310b2813335ac0eaab0ac7f68102ac77721baf2069af5726b
SHA512 7e8b49087c70820bd044a5475b0c2c4cade72dfc6e9bfabb3b4f54015377f53b409d876955b91baac4bdb18a800f04d2fa4e7d1a26445747ef81692bd29d86f3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2f02337e7c12701c0a53c008d21e23fc
SHA1 e33543a392152d4c3dc6185c13d451ebc9ebbdac
SHA256 a210086bd8a479f92b0ce37f91a0a3d58c68e1d4aa0b098b36cb540f481d127a
SHA512 7b6e77cd05b88fec1e4ece7ebb299e6a76852b96a0da0f4e0ad44189f8aa90c49b5d31f0cca8aa83421eac24fd7a1fadb52eca22d10ac6fb0e0599d47d82483e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c78bc2ef6d81925bff54fa113a18ed4f
SHA1 10991ec46692fcb92d56fb39360cc6faeb20c33b
SHA256 9997bd274c82c63118bf6aaf4afb173b0c3e0b8d932fab09cbe66495f476ff54
SHA512 ffccd11a2777d5c7eccd87c19b99847ad5563218578057a3c9c7eceb9f0e1bcada7817846d43de9dc26a489c1ac3a2db116af304b5a2634dffcf0637f44f3580

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ae55b0d7f6db42451534ecbfbc08a620
SHA1 01883721d27e53edb773ebdbbd16471362798ab1
SHA256 fdadc7a2263a6c59d55fbd60d5306c1b6e22e6881c003728b9f2d7c1fe00d55b
SHA512 1ee105af2b640dab244df8566173b06799d4911a98ecd81bc7c7717c9cd314f48c847e8114fb638a4300e1edda1d59b69f699ae6d6b3cad143942a43e81ea425

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8752dad203d093efabc8fcde90bb33a7
SHA1 dd2f639ee6be8cce370cd3e625cc85fd60df7054
SHA256 1674086cd4c1e20570a6f22f1c4136be5b57dbad39cd45e943c7f5b4f8cca39b
SHA512 97e881f5976ad661c7108d390f808cf7f06eb1677fbd2133a71c2889f635df55fd4076d6021d2034df66b1571baf84655356f20ec6d02f8daf1016ad7c291004

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 b2c1184e7fd1dccbd27da645b4380da9
SHA1 30badd4571f375702e1ad91e0c0a0091f88442d0
SHA256 1b21a0a3303bd95044f19683d6488950b5479987441c7545d10a609a7c0f3059
SHA512 5fe9b27402d7440e3154b5954d1608c12aa7f46c338059b3f6ac113ee671a2d2a725aa18bf5018d0a65f17f3e1a9b92b248f27249a2769c2e25e643d2eb2965f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2eb823c83a0846d4d0593ba3b639069e
SHA1 5d055b5ef912e0484d477ff2ebca3d3bbec8ed05
SHA256 3609eab7ad2d5275bdc974586df7af98b593a316fbbf49f3e0d4cfb8546232c9
SHA512 acf33b59527b61c9a172b5952613c3c877be893c4616185ea0a56f6f6ba28bfe928b17265d019afb2e952b6a3eeba89d26ad8fd62c6db9c7ef96bc12c5ec69ea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 63f4841854acf4e6ae7cc3e5158ca96b
SHA1 fd26a642499f8f58adf72afa743206413517c93c
SHA256 52d011d9059fc326fc16979957955647ffa804f24b9ed31051d64c189c83f95f
SHA512 ad0b133c18efc9738ee454f92316edfd8b2b7075101a7bf16b319d34dfd10f45a5247e68e44583689cf1b21790273a8387af49e234d106ada1c1dddaec82f8a9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 52d8d1bd36dbe2a24c01bc608651303a
SHA1 5d9d56877940a93dc3e989c3d1f7f1a5c5bc8d8a
SHA256 5c9c78c0c41fa781a0be1c103361173f02d321c78dca1000f060c75dd22b3744
SHA512 d94cbf2f3968f8433b2ea4b190bc7a3e156b72897f8a9b683670753bd7cff585e2192fc30612cefa1993ce93a9373cb9e630013a8d459824a6368f10bb2c2a39

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 afcea2db8d5abd95d8dd249583993eaa
SHA1 464072a6ecadf7360d8f4d44d9aba0e574d141b3
SHA256 fb4928ae6f3d318ae50cfab0bebd677a1ff7ec533f2d213c134def21bc099c39
SHA512 0e769a9f07d886cb7ab47bb680ac0803637c7e007dafde256c54168a0ebfedb5f81671ead3b1e551a4beb0613a9b24ee5ecd4449dd68f77e3f75a26f3f0cfce5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 f93b53a2fc2ee036f37e7b51773e9688
SHA1 fe03bd8e9fc048fa4daad4063ec0357d445e541d
SHA256 7092d09295e072afa81e9495fbe665c50baf5200d2597de1d7e4ad78f1daa2bb
SHA512 478bad4d70bddc2e22955b2b633de6f01b10da025faf06c1199fc94fe51bc9d359951b7f82b7f9d014e44bcf151d9896e6d7574878ad5639008f3ac8c82290a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 a9a2669e3482388891dd58adfe1d9764
SHA1 04326a5d7c3d0118409734f9245a46631435b667
SHA256 3924d719ac7d798230770a9af0c0884a824f96a7ec893317ca410ea5120d0fab
SHA512 6621e4d4d7f7cde6d880e5ac1283467afa420f34c88271d8385c456dd4409f8c55e793a8360a780d8a2d80fe8e23f2e1fbbdb0c9e7f4129a8f50156f5aa473c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 726403849e45a9edb39e58d905009c47
SHA1 929fb20ea2dcdc17c6c28d29eca76343c4f649fa
SHA256 f226c02009c2359602600e64b8feab279308c1698bc57a426861e7d5a4368c9f
SHA512 1df27a3321824248e58cb9319ca8e60ca9a482b3e26e27b0a91d960bbb8d9c1e4022efd1b9dbc6048f171188ef63171c5743175990368020c27072d979c9b1fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b86a5658251dc236e7d4c4026a0238d1
SHA1 b0dfb83d25dcab7d803488c317cd60ce97b8b079
SHA256 fe36fc47b98c06394257f38bccf4cc95df201d9233408e5ec3f773bcf834a21c
SHA512 fd19881f4bd43fbe1edabfb977867337bf5c15f7ce91b0e8eca4442d79fe9b017e4c32e934f459c8fce013792917fa2015d5361d7097b925110d0e748a43a027

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 f8cec8b372f6292d53888152fe68cc64
SHA1 aa9c341bbb50f368540abb34d05fa65667a38787
SHA256 b8f669b9fbcc631bdb9398ab7e8d1d810de7a19e420047fad0e2c5234badbc98
SHA512 47ea7dc2ec4888b9039cb86b21b1faaecfcdb20213f99d98696fd635db47e2a240a55d6bac3aeca97f81bd4abf2e43a7b57c25c35fd1ae58f0c780397a701ac3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9198f8109c21b7a0056a51a98b416ee0
SHA1 295be83288154320bf7c4cc0a89a4e0625555d26
SHA256 ee5a3fdf11bf281225469afd0c46cf00195a3c964d7c80ab3dc9a120434fd465
SHA512 7d81ea6fddf3751a534e0d858f6f3e49effd53aa59229c72dc99c99f08a277b8747b0f0ffc41897a21d687259e9247790fab39ec2676766195c13bbd54c2680f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 17cede4723ef6d78b7c6c0084460eda9
SHA1 a74f205836097cbae757e3fdb5b76a7dbc087c5f
SHA256 2ff69d5724468368fa6a51cea3ef08ddcc6a1aacb454c9268738a5db696dd38f
SHA512 6a19e9b321af5d06d4b922e3cfeaf5f185f233fe85cccc48ae1432630c4c992ca1c60147df0b3b6523890034ffc558484cb0d268e66e8a17ee59bf81065e2b01

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e9a2a71275987a87b7c5983fab2621c8
SHA1 d243ba959fa6e6e5cbdba813df74f39593b79d8d
SHA256 e5db18e48ceea8e372e4efda6bade2b974abfba6f1032d5c0352dc37366738df
SHA512 0c5269656e302046f32850efed4ca5f6d4be56bf01e247a23309db35c7bbdd50f27219a02e2aae83a37801024ccc090a2db468974c4ebb8e08e10d0776452b8e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-08 08:25

Reported

2024-12-08 08:28

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe"

Signatures

Renames multiple (2175) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_b74e18ebf47de72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_e879d41db6fd1ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpep.inf_amd64_2e156c5dc4231642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscompression.inf_amd64_2aa5f249d7ee104a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlOuterCircle.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLashEye.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\tab_mru.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\music_welcome_page.jpg C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Cloud.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\accessibility_poster.jpg C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\calls_emptystate_v3.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.contrast-black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W5.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Wide310x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\download-btn.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-24.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sq-AL\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\optimize_poster.jpg C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_retina.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\DeviceNotFound.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\diagnostics\system\Printer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..component.resources_31bf3856ad364e35_10.0.19041.1_de-de_830416c714be4b98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rdvgwddmdx11.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_c57a84933764070e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-portabledevices-winrt_31bf3856ad364e35_10.0.19041.746_none_9889f48b835455dc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wifidisplay.resources_31bf3856ad364e35_10.0.19041.1_de-de_1e0cfee130041ab6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.directoryservices.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_6782eaa1a066ce09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.reflection.context.resources_b77a5c561934e089_4.0.15805.0_it-it_78948084428f2fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_b304b89859f48ecf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..lter-html.resources_31bf3856ad364e35_7.0.19041.1_ja-jp_860bcf1949f30e48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.0.19041.1_de-de_e365cb47d7f752c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lua-onecore_31bf3856ad364e35_10.0.19041.1266_none_7c78c66cb767e03b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_57d193173da3f87b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_10.0.19041.1_es-es_653caff1cec3a882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_fi-fi_c69b231ca322e2b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_480f43636d573995\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.identitymodel.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc204eaaa936ed03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.jscript.resources_b03f5f7f11d50a3a_10.0.19041.1_fr-fr_2b1d3a5ef5350849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvcsp_31bf3856ad364e35_10.0.19041.1_none_601a087d979eaf75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..urepicker.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_2719bdeef32ae98e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_10.0.19041.1_de-de_60698ecb2b23357c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_10.0.19041.1_it-it_bfbf94cd80fe6738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e4ed5318fe15445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_server-help-chm.mmc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1551b9605fd4c289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000485_31bf3856ad364e35_10.0.19041.1_none_a94d429936d2e124\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..es-smartcards-winrt_31bf3856ad364e35_10.0.19041.746_none_1dd59b39d541978e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..management-omadmapi_31bf3856ad364e35_10.0.19041.1081_none_241b8c46f4c6ba60\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\DropAccept.scale-400.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-edgecontent_31bf3856ad364e35_10.0.19041.1266_none_b4f47dfa8b363f0f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ws3cap.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_aee23a00a2c829ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_hidbth.inf_31bf3856ad364e35_10.0.19041.423_none_226d067426a3a65c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..trolpoint.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3d2338b025cbef70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bluetooth-mtpenum_31bf3856ad364e35_10.0.19041.1_none_b872a80597251486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1237_none_93b54e644dd9793e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.19041.1_it-it_bddceaf325c3cfd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_10.0.19041.1_de-de_00c609c5ceeb0835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\LocationIcon.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-web-http.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_76616f77358a44e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\PhishSite_Iframe.htm C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-isolatedvm-svc-extension_31bf3856ad364e35_10.0.19041.1266_none_ba2d7b1e644c55e4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_it-it_44e9529932f83639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.1_none_dfad5e1f22ad0541\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fcb0687ecd315eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1023_none_d3d892f3280079d7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_10.0.19041.1_es-es_72231a0a337695d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_sk-sk_0ff0ddecf400ecb4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042e_31bf3856ad364e35_10.0.19041.1_none_b4427996f4c25eb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_36b0037ce5cfeea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.423_none_62aeb4079e61ade0\f\officehub150x150.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Speech.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8f98add3a6b9ca20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\404-3.htm C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.19041.1_none_bf2412b3ea69b4cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_10.0.19041.1_none_b8c5253467557e69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\http_404.htm C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobecortana-main.html C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_b57nd60a.inf_31bf3856ad364e35_10.0.19041.1_none_33d1287db1205b10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0013_31bf3856ad364e35_10.0.19041.1_none_a485d62d4f56f49a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7c8c3ed57f6473d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-200.png C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_xusb22.inf_31bf3856ad364e35_10.0.19041.1_none_06db87eae10b8df5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ntprint.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_be28d506b0ddc1b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA\ = "DMMNYJYJBJCPRID" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe,0" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d61fa5b7780306578be845e7e7e00ed8_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 ad136daffb0403d7adb1f96ec0ebdb76
SHA1 1a120e23149ae0b27f00c198295a5783e2a11d5f
SHA256 6c09906367b9f3b17251a9587fe500426ed53ba85e282adbb1175a45b8c14dd5
SHA512 b6e1917226e385d1e9c4ee1fc0d14274db4346f23edd1320967b7aaa8f60f70ffa02bb3a9b69581d03353bf932a4dfeff880bb5aa59ba09a501020da202c2b20

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 cfc385beac7f5434bfd6713d1332c4e6
SHA1 9b8c363d6bdd4341cf2ef6dfc5bde0df04b7187a
SHA256 3231db480431a4cb157de5d6cb5eaa4773c9e2ff747e4449b24eb12aacea46ff
SHA512 92632ceb7a51b5761d76a9299a1f3189201ba76ca1c51a2bbb5fb111aeb3664715aa87711cb7a185274308b6c3c6613d3eb3655791066c4cdf6be75934a05b59

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 63179e84b431954a3f05185cb4c42384
SHA1 826f30768ab30f02db06e2ed5b70671b23c27e88
SHA256 7c77c36d1d14cbd66da3e324119dd1940b1fe3e2f4d175954dd771ee152985df
SHA512 f2686b9d551ac2b327813d761072a883c06a8b07475c3c7661de7c761313f24b774cbbdf89454137754087312d8a905583fdcb8f75633997e4a43030bbff4ca6

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 48329ab67e030ca764004ba1fe5defea
SHA1 d87ec1a5e5c1f3cb839cb1702f2dfce06d044188
SHA256 7815f45762c5dd949291c70ce3b4a3d23403d6ff4f30aa0efac4fc5890ef1ab5
SHA512 1b6d9ecb5cbe38571d596ed5a695902ee26e908a2131d14632d8ca1d330be571ed1a7fd0fe71b7d892cb7b6a365e8ad29d1c38ec1ade06b74bf72db449bc3510

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 2e4e6d2cf658931d904afcf5038d5025
SHA1 bbb7cf5d2c2e5419ab519b9765065f92f0c309da
SHA256 8cf1d21c94d732f256c5104c1bcab9e7f1ce719aaf1663fdb518d6cd14ef0592
SHA512 d8ba8a2706997423b677f5640270dda44138b742a04f3d10d5137fd58828f4e9c755ffe487da4c37b0f5aee2624c19a5542a955270744fb32d110a52e7e12b3c

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 3f81942fdfaaba9fa6ec37be5a0ec082
SHA1 11b8e4eb7219e1b545c15f19d941ebc4189d77b1
SHA256 66dd26e93b20b78f2954e366b2ffac11abb854b541ffc75a8ecba2a5161dfb92
SHA512 76b08895be31edb2d7db92580cb4336647d8474830d2a2d15bcd697273b75411e5342e474cd9ed0f008f9eb42d6846666118ed1512453556f1da41fef6def3b1

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 8779b48918325780025d41858dcf63d9
SHA1 ed364d2b04e9c384b4b6256e4d95c4aa382c0378
SHA256 8cb1c2de4803597e45cfc24760315514c678877b9d9b7b7f226b1d326c61b7d2
SHA512 37b5f47852f22d0c456df50d96ca459998b7759c69a6b1ebf0c054406afcf1e2b3a675140c33fdde355134e15285330393cff2027615c3cc8e4c84c9da4d8329

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d7012a558d7e420031517906d42fc749
SHA1 ffbe0a5ea3027f0bb508c79dd2cabd4f404b1f98
SHA256 89cb875e2c529c727a41610ed12ed4791189a41d68eaccc8d1b87fb39d4e07c2
SHA512 9c2518037ff8fc6868f255a469872cbcb388f59c48e12ff2198a628e1bec10ba2592d53211aae44169bb870dc3f265a0d631ff4f6cd7c59bc4cd0399fcc65856

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 82b168aa330cb300939270f253bb59ac
SHA1 147b685f6115ec5dbbc92139bc3a2672707fb0d3
SHA256 b9ad6f8a89f42f63e222e771172c2e3b97a2c4bd62d4660d08cbb43ea492d92a
SHA512 6cef67d5830ff0a1dabce0b71671258840c0e1d5475b1e6adea4fab7da1770c068ff6145c8f1e8b209e68aa223b80e58e4bc7d565b67b85a03205d9b028f8d29

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 53ee3beea904b9e13f14a0f2b4c2f541
SHA1 12942fee27bea6c24f298973af47fe5e4b6accb2
SHA256 0ff92f1aef35804dc95a5905e1bb1f0e537a4b357c5c3b7fe1048811260c10eb
SHA512 d04a6c774a7a1d2bb774017fb86e7cab01aed140505c7f2b8e8f3809e999ff08dc66b1243018f9933fe256c898499b148db08f280e44512c645250377a353b31

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 95acc8dba867cd7999f724617e5005aa
SHA1 e992b1507bdd08fe8c29af65303dbe1f36ca0a37
SHA256 c2a5a46a00ecd6e0f7494fe6c34a3a05017ba969494a4fdb397ea057652ba777
SHA512 213f4277e3f0008b887ec9c26d79b7d6c228e84c6c6013cbf5889cb6391fa236aadc6cb7357792c17c10d2448eccc01b1451aa8e953e935ef24af1f476ea2472

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 d1aef8b6fedd0d4cac3181a591b42dd7
SHA1 db2c9da5660d37a6b654ec8201d6b63f56183543
SHA256 db118209bd108f0f334151d3f5dccffa1760550a09299e9ffeac0cea397ae311
SHA512 56523f98ea76d5b1af95bdf55ff2e74fb52913b00c32b1982511df5906dead5ac2faa875d26f15b6a2a256b0e27a85b292d3e49fed1e3e499ec3e46747d085cc

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3ef4223234133a689e0010a22bd22126
SHA1 8f18966b04aaafe1d367e93c97af9eef540f36f3
SHA256 1315f2a6a5cb5d265b8da6753a05ddf88f1ce73e097d733ad8cb58f7f5d32028
SHA512 42e6287a4ae577b64c74f1584fcc19435b57d47dd39ed54fb07dc78744036c845bc6fb3b60774d5bfef94fea0ae107879159b47ddbe453dc2b50664f7c120d9b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 94c3ff614bdd7499889ba826e485ec5c
SHA1 18a62ce7a13b435b89050e5b739f17fbdf1c37b8
SHA256 30162ddc051a06df3309865451f3010d3a4197780bc97c32e8a76697963ba75c
SHA512 8c5960b4da9307fd4b12642670e805c58ec5a019ab30dc0440c356d2953d46aec598a189b20894a377aa46378a9bd7bcac3b6f9564056a31aaaceabb5d3b977f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 63c518282d0c4d914786180770d91618
SHA1 2e0861673e310a09eaa288fff385866ec6916b69
SHA256 e4d1d3e607d3a2cbe73a61f4e4f40d46fb0b3aec55ab6fc05779b5849fa0d1b3
SHA512 a1bea558fd3372865e633f8130d75a2c8dc2b1cb102f4d2ecf87e5bd388c65b9d12abd71af2707867e9551124ed55ef094964a0f5cc59b42a4ba72178ee8ca48

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 e369b803a2e617d75fc9979006902781
SHA1 1c911b2c90f5d0d2fd0516d32b43f678076fe92e
SHA256 d3d50fe688f9aa1e61fa777ff6451ae754e58bcc1a9c15c63c657756c01c6b3c
SHA512 fca04ae810e61aeded8dabf8815973d5306703b757020f78dac8cecbfc72e4e086d5af93fa7fb5dac7b7cc4e17e9fd8aeab06cd208c6fcc148be56ffc1e2932d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 562979c50fb355e484b5f42c30a75343
SHA1 da54c4bd45aa1ac9182489943930acd938ade87d
SHA256 c1526b4bdfebe213329cf21e8a279147e8226034df1809f080a4ce97797f72f9
SHA512 33c27f6e683be0e92dbeed4e0f200cf9137b0985d9d2a10e8c550aa5256da640ae7aed3f1e4b86d5fc670b6e5aa2cd13bc6f95d05e1e5a5a164c4a570643d302

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 a4a63524ce0231bbd7a8ece5570e8dc0
SHA1 141a322fded1d1ee3cc3d1998660f277407cbaa5
SHA256 ec53c54700b17191f2ffb3d8fecfc5a5a4938c4ff71dd731a94968407946d39c
SHA512 6dff01738ccfe350d614e3b0257d9b706722a7e5b09410b7bb2bb700c963ec230a11917e23adc6b1dc2aee7f49b305fe2099b323541827dedd5994814beb4ee2

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 2e3334aa35f458b5d6cc386769e5595a
SHA1 e5410931806b5ba57b43c6cb352178897e4ef156
SHA256 957b06a7ba4cdd3b57fe8c5c8eb1c7f044565fea508f51efdf9c8fe2c0909808
SHA512 3248f7ad93062a010503d419473b687e4f00538e841848ecc45a8e6c87112db4da897121740abc2a81ce32a3990adc6e4b49ed8f36dafdd51fbde5be79fa64ed

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 d60758d17d477a27cb11d10f3310ed73
SHA1 3ed5eeae28a0fc22afbda48e901387cd874345e5
SHA256 f31ad237aaab464dddf803a37f206b13f66fe8736e9077132ce2c63a9ca85ae1
SHA512 add06de16f88543a286ccc28ee15146ad448c36c5df2438ab6c9c10d263bb6d4d039abea2e01d1acf04515f6e892e8b0e343dcbaa330a270bfc4147a6f993149

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 0bf20f136450f40c86a461fd0b754bcd
SHA1 b20f9dd61ba3a65f29e869c9f2e29177d68b7b84
SHA256 ec879718968ba340218bfb5c894fffc6fece01eb97fa99abc2dbe8905e7ae0cc
SHA512 877b290fa92f68ba95462755cd2fe6f99dcf78a391e0bd425cac9bde0e4fe931392ab5bc7aa580e2f5faf5e2a7fcffac89254bfcc7b2dd4001ae46d8e5c637e0

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 87a6236a6c2805f256eb63d75dc83f6a
SHA1 1a1b55114e014e542559dc9d9b638628cd98de11
SHA256 292f3cbf4b7c9b7c3430ac2049e3d36bcf8b7d0c922b24de13e250a62dc9463e
SHA512 77a6d0dada47b7a7f01c785e8a9af3f66f48de882124e2fa64593680bdb4a85f4cde38cc27b573b9142d9fa204a580acbc9597944704856d707c325b295c76ec

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 8073b80a8f2e4ea50b76d92ea2493600
SHA1 db67415eb8367dac1808b44e89aab54c06e08418
SHA256 5bb600b319b329fa8d4631527777b93c71bde2661deecb81c98437f533445ec6
SHA512 45d0c9b543b81e16e02d30649c798ff6009cdb9c00f0c4902cf7a03d8eb81e6d5e1c5265e790ddf6bb7674fd5158d280abf3a835e527249176f634314064df68

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 73f006a352eaf56886c644d0aa1fb0c7
SHA1 31d9ca83d0aaaaa041ab1c1d1419ea6807182563
SHA256 655d740decac78aed370cf4d003b41f4d1a5b8d7a4067183fb16b98e75661f2d
SHA512 70445180dc4a3e7a932a6f59f99a8c3a4a2bc8bd77b280023ca2eb9f4b5490a52021c2a07608d0269f63ac79fe5263dff0a979d2b7337bb963e919619c3d302d

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 98eefb531e98ae7f23c93c0f883e310a
SHA1 2b79cf774b053bd21c3b89d1d0eca3c2325730c8
SHA256 807b104f75009a6e351e0d0c2ac91106c97e2610c6b294cbed0876679adccaf4
SHA512 c9a86f8c7156c2ac53e2c27f1ce29f875a11babaf8795162c45bec2bc5c8fce79a50717d1b8b3c8db72d2313dee5e51efeeceb57eede51fae5badb540970d6b1

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 05859042947452b6caac963c706458f0
SHA1 67b7528118a1dc3e2cf42bd869e71f74ed1c5b59
SHA256 63c4e9a782393de3ba99e196a681c3611dac5268958a06e58a9132b48d272371
SHA512 f7ec4f5412818e51375fba87c25dcf7b93eb5b126a50ccf594747bfa0be09b52df8e97dce5b831e99a9b9dbc59255bb3546dd83c9e39323af17999289e710507

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 3b2c11325ab8447b284fea54ccf9e56f
SHA1 2a89f0d59f80a0f5e94b4cd6d1b9aae5cbd86562
SHA256 8395c23f80ead2c7c240299c9bac278e31a102bd11a27c01b4b1632fde092b94
SHA512 392a84aa27793c4c7a10d951ba474e704e801014ddfac23be7a619a39a74202b21fdb9331e4bf4ccdda344844301552f553d72f5832fa0ff39d6eb22f34c20b8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 889fd534e3b8ce2c1771c709f60f41c1
SHA1 e71d006f7c6a02f82264e84d8f6b57608bdbc541
SHA256 81c9b705806677db5170f5582b1d54db0361a30fcb909e90bd464b3f74946d27
SHA512 ae4770f6d2e174ae41fc2afe0187d2fb6a922a891ba0701ef04468f1bdf0204b3c72b951524c27fd1ee5f34583e577aee576687af6e9c310d1523248ba3c0a5a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 32f322970f0e054ecd88e84eeb7e16a2
SHA1 a911e3e8bf2bc859ab75486d791d6577b158c23a
SHA256 08f5ad30b70e499e0e9e47d02c6b309e55a17a73d452944774d9555263535e2c
SHA512 4e453fe416617ed4aab08ca21f9ccd116dba76cde973bcff7759628aa1680ce05b7b5833a1c6770b94cb55bef2fab56c88d21a57fa51a562d4c3ae94f38ddf9e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 40fe159015fd9b167447e56c2ab35423
SHA1 f4de7ef95ffe09147a37e0054ad2b45b59a9174e
SHA256 ba0872570d649a15622710fef09ea6251ca6520b87ca197c8e1c14aafb5a84d8
SHA512 15ffbc4e0d5b4fab3a77003dd9ce9556c288a771e887f0f672ef317e599c7362ecc40ff51b2e92754403ec5396261dd2bd9c8cfaba589a520ca6572f4c6e8034

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 0d3f21f9377860213c8fe573cfa9690e
SHA1 5d4eaff8167a49263820c5e9be9f9bbeb988d327
SHA256 6b9a2f2da5edde5d35534b061e9a1ff645f5c9caf064e76286a5774f58397e09
SHA512 85373d6dab7012dabf5e88d3520e3ca036149af703a285d529d83b25ab23fe72f13e99ae1b363f8e1253c227ff585dcf3e89c30153d4b307f65afb531d2845b8

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 fda34143c0391a4a31cb33b985375e1c
SHA1 b9f9d983f6e7b685040dab29e9074c231ef17999
SHA256 c13d650a041655540b5cd12a59467fd125264cc12580d3da718984c63b240b18
SHA512 923797124c0981a76bbba1089387eb527eeac8e30ef8e3c66c9bb1e087821f375dbec86da768a403e3361ed1512d3b2c20f7d3acf70bf877fa8597a9af7a42db

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 06291e2c7d01d873664f24629f013219
SHA1 ad5691187a9e882ec13636c962b9493a63e259d0
SHA256 2f584b49c4cfc2e8bfc1d194a89c2af106beb231395448e4de4b1d5058f69144
SHA512 164121ef825737cd81c23dfc98c9bda1dc10c04a31441358a0d6f0691d79463aad66218d091079c7c8c8024163a5951f953b606ba2cca858c3996611eb4248b3

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 219c4a8a89d4bbd3e81611e1f9e38049
SHA1 08fecdd9a6f96d831fa8b380172e782f21474772
SHA256 c200d3d11d00cb6937eab8cbe3936774621c1f8c417088a6ad7371fe1373fce6
SHA512 2581450711fbcc04a514c4e526951c785b8c4b1608721dcd73807618d581057a069da4313a3e44340110d4353589ece464c261b3519a259ef732a115e86a3a42

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1641bbe368d0f80b442d61b9ea157876
SHA1 5349b4e5b06bf2bea77acb08e65fdbdf2dbdb08f
SHA256 a68671b7f97cf14e61da8b366690894f3b5d62a9eef1a1bae99012b5be95864e
SHA512 998365e2b753508ee41a0bfd5028b1d0b757d270b3b8b17036ad4e630b06457431da1c831a574ba549a2330e126f8c8ecc18d1e35ac3b5cc973443b239a4d956

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 9b9f8b1fa4fe98da481fd30baaef9c7e
SHA1 1bd30ed27ddeaec5d059e386b6b568a1954ad404
SHA256 67c80fa220e5279a729dade69799614b55a8fe58cc53ccf18a519783dfee0dc8
SHA512 50cae498aefa07b11b8bc5cc3825e46cb2af4e1655ad4cc8afe20704db238246957bba93fb486cb026d03e3e15aad3ce8983336a47042fb01a104af41d37caf2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 132d96f4b86bd3ef244513cc28bc77dd
SHA1 85a2645e4b6144ad0d745f750d5b5198528fae39
SHA256 3edabbb6132009ba4aa7ade7afb0c0374f9f6eea22053e3afe4a76b02aed8dd3
SHA512 98d165ce66b13b7b2ca9563a444664d57fc6f846dfbeca7d18c47e40c486965d5f7f15114cba57bdf282d29aa00ac369bd8d50af69b7d4463771ca70f3fe6d21

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 a7c65dea5981a0d183d80785973f6592
SHA1 ec59fec4f06dcc692647cb838d7ea0e0c9c4cb5a
SHA256 4437fe0dba6dcbaba4857fe012034270d71a3eaa3f3c0cb59199a16b4174379b
SHA512 dc402cf03217e6f13d0ea4ac3876d0826e3f439d4d6dfd283ea783bc7da903f8e6f9e7a7b17c11e5fbf1e40e206e93607ada7a69cc50e2b4e228f3744b095e3e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 f77380778502a0ea9db38f5acfa3f6aa
SHA1 ad9257319bad86e6555b88069ee396a33498d12f
SHA256 20937b54a0ed4abd684fd38ebc3d2bff39a1b7b6f9ba9d003e323a7044e9f63a
SHA512 c5a34d61efb69e61f776b0eb06183c34d648414863bc347dbfe3e7ad11e6b4ce2bd2677fdc05e2b3c222089391b42f8e1647e739b4fe1ae16d948d07e74e5a2b

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 566792af7baf3f721f788ba96a6a24ea
SHA1 59b957ed957f65d5b66bdaa5b166914e4e7b034b
SHA256 f5e74993284cca565e80734a68a6c3767b45af46f355ce27952a3be6d388a31b
SHA512 159d984ac0fb07d36a74282cee6e86ba4e1f78c8ca9a1a0afc8bd0ce1ea612d4c3accc0a9afe7054b0c23007c1f0a30fd11a9dc924c1a12665275e60f871e1f1

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 75011eb12aecac785326d220d09e7bb1
SHA1 971be53ff54951cf83fb7e20b7b509653342c7b0
SHA256 df119dd40091badaf29456c3d5bf73b49c6523b4931f298adb83ba6b36d83553
SHA512 a3bd734a59bc92ce5ed3ca053d1c05fda793a1c15a3b5d8cde9770422a67ccba71cf3f05058cf62872d120ff1787526c8a77d26b1728dfc34e0717ffbd27a6d4

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e5383208e87e49e7b1e433d314b80327
SHA1 49bb6639eee33467eed0c3c3d2422c3e861ca3ab
SHA256 bb6a815e87db8dafdf0689c414befaa9124eaa1a70fce60cb648a33b073de7dd
SHA512 3a9f8b4ffcbeca81b81390a42fd92410c61f948bed9f7cedba67c66ef1a462879252ba8e45c30812a0dfea1ec7698347a05bcd06841a330c12a2a21e452f070f

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 981ac8ca87c9ce5d12e875772b1abfaf
SHA1 158ea85e7817312b68cfc9d350e9194c36549cb6
SHA256 e5b4241e7a03b1e5e601025121ab8bbd73af0b20994014ff0b05337211bed2be
SHA512 fb529b7e065e9d5e6caefb916782870ccfedea9b6e53f4fcffb134657f00b45077ffb5af8e309ed307930832b9f81bba8120282a81c51dee6b5aaa0b54202ea6

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 2162bad0329256b66f926e15744992c1
SHA1 76745c33e5c9a62c12e9bd9aaaff879ed469c5c0
SHA256 273df0f31198bcf69a945cfbc9f0c78a954f007b6d89c231c8fa6d68c685e596
SHA512 169592f75ecd8d576db1acc6db8bf7139f898bf84d630d17d2130e101adc74c955eb9ce56a10b9a4eee1a80b19b9b3dc6eabe40b3bb7f654558b87440bb98f73

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 1e57473b24f74df5e10a27e67f6283b4
SHA1 f04c8c30da303fac8469f91c44955f148a97186f
SHA256 c39b84041125f4d40cd519b56d8bc24dc3c2d64e247d951fbb795bbb2c947c23
SHA512 274c20217164a7a8720ec3af586ce3c069013f1baf08735b88f6e7addcc826395f9f6d3098497d0063a870b4d0944826385e44eae1adf2d586a1a8af2e10ca7f

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 26d7ee5ec69c11827dfa6dd3b8477756
SHA1 d6fef25fd3c3a5a7ceb8d9aaad073198c7d0c30d
SHA256 9d79e732e05c75380e3dd0d2dbf5fb97ad039e860093d85c9bb6cf24c054d715
SHA512 3967635c9090f91e50d0eb47f116adccfe84423ca5b8aaea64f78ffe7c2ba7edf188cee2eddd2e3efd725a5aa8b2f7b13dc8ee7c866ec030c5004a009bfc61a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 1ba59ae0bb89856e270d5c938b99989b
SHA1 ddc42975f43008d9dab068a85f2bffd6f1abc7e8
SHA256 3bd90c12b5700c2200e7c0b3c895812ae4ce7889e39fb780d4431143e83b8192
SHA512 93cd7a195d92dd26b7f802f4da3083d3d4d4df5cbaae69f6dc45a5b8be246cc91c635f130c9ff4763e6411a7dcb04b3510b9d7814ae2c5a2e8e784174934a238

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 d50acf09e252ff2c20e901e4790fdb23
SHA1 bfdf04d961bd29072d99df330bf6931a728fc4d0
SHA256 fa4a0330585d73f3307427955265ef81e227f1a391ce464248db2722e75c2d8d
SHA512 62b181cf81ab74e40f29ad4dbc39223593de1e3bad43fc2825863d3569dd4c550a280533552770927a7a3d120fcaa3ea350354757e6f55c43874184c5c140aa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 84dd777d87421b84af384608e5a65daa
SHA1 8fe83d23436841b66ae793a67730a86cfe88a99f
SHA256 fd53c9c9144dd5b867a70cf249bdffb2dd01872748dd7f94397945fd395d6fac
SHA512 0718b9b8f253d07f0dcf58e04b123e9a5bd448b374f8b8545ed3bfbf240c3d9af1cb532a5816133a801100cf19819cd72e8129380b0b31c37ab96a1d9ec7957a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 d941158c783544aae85a49cb87caadab
SHA1 a15f6f93476b59b91ce801bbbb9977d89a2b90f3
SHA256 533ed3b67e6bee9ed79c8bfae849829d7da09f85962e6c219e6a5fe1cfbd0b66
SHA512 f7b10bd98a956e485896161b74207c92d1e2c89b345967f68e1ae16499206b68cca00ca2608168899c48fe41f35f95c4862090d32fa1aa5b00cd77b507e25a34

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 f4a09def19a2b23caffd0d6830037c42
SHA1 7db265498e3b71fbdc91363b378203e1e305c037
SHA256 360c9606067cdde4ad9f71753a97e90788c548ce7e88a8d4de3869172e7ca709
SHA512 e06de5cd5b9d6b188dd6db93960f4e9e52ebabcd31cd1742bf93ead17a8a3301c667a0ca2f0dc1a6f2ee23988958de3f5d018187c1c376d1fc1df97008415724

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png.DURA

MD5 80ccbb6981b789c09a866c0ca9a7285e
SHA1 86ebbe15e55d4b8a1cc3d7ba21f5f0ecbfbe880f
SHA256 24d02f898a019be45e50d3b8569a6c0a61f5f5ca908b61a956d886184e94efa5
SHA512 8ee1f49e0e677907b72e909bea669cd1be209710b9d67c5717d8c3a05162bf123079886e8f4805512da7217c43981451bda4b0c4869ac8830fca3035ee202a0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 d7e55f4499163e1fac8e807e5c145294
SHA1 c83799eb028e3662ac32ff4f351797a6ea503bc3
SHA256 d5feef2ff0b9c922ca8969a387de001defeef3c49bfabfae1b071ce13661519a
SHA512 8d359445a3d022187bdb957e99aef6c2b83728678c598a42f977f7fbda91bea41e9c2c88cdc41c3347d9bb2f65b7621006321c3549652e22c180f4e63ac7eb23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 481a8ecb373f09abec32f48f0d71e0d8
SHA1 b723aeab884c846988cbebf7e8a989c2a1caf0e7
SHA256 a0cebe1955a90284c540130a2991d7357c66f205e8bb83d72c6c9311cb3a8ffc
SHA512 7cb4a7b40e0538598e1c9553c5482448d78b6347f2a82732e551b859241612a8109bb873ed61d1135111d1ad7d60c293ed5f930dfdcf85b86df24e411be0e78c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 b325bdb4921fd63e8d8b61f77b40cc3f
SHA1 7999f09a895dfcc2240409f7256c4abc9ec484d2
SHA256 efda913e0157880797eda769eb14b58e368db780307d580b22478aaf7e3721ab
SHA512 e0c34335bcefd9c0fd0c3c74c1589acd2c23064a0cb6ea5fb5702e8af8420e9ddd3679f8f5b9a6f1203a7e2603d11068b2c06162f3c7e7b745229e4adf2fba86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 6464c58390ae5ab277fdb35733912279
SHA1 1a3201487e35fe5ebcd9478c857181a3ce9353cb
SHA256 b65f48cf868e777d18385f892f079e2ca3d844db86da5a6b0b63b7587fd045d0
SHA512 a8279af5e5e58aa2ef08c57064272b60a500d4bc4866ec12fc7cd125d7417904cd2696530b56e70a5cd7faba6c069923d3da3c13bc1d51f3c10b6219b0f29b77

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 418116a5dc9eb9f26e8e32630d0c6c32
SHA1 44c2500eef843bc55a30d2649629415ece584b45
SHA256 bfc87ab039bca7bafbe149abf96fe8b11cc70950f653abf3f7159b3a384bc100
SHA512 4a2d5f4044a7ff10180ccf277e5167ebb7b4b7599ad214f81dc5027d21eedb5256702e70dcc5cdc1469411b72e1da5e4bd3471f8f43eddd46336977a22c2d087

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 7df8a81329b70a3285acf2651e581a7f
SHA1 55dc7efd7a8e5782fb28b60c824d859b8006b303
SHA256 3210b9d89a2288d47f991fbbf937e770580704377454616fa721047a6bc6513b
SHA512 75815025974c83c1b1750ac73deeeaaa94dc7ca90b546b11d528756a34c8986aef7b2168b00a9d5db21bcc143027a1e36611a53ef16d50800c6327c9e3371820

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 c1df3decbd14f509ebc399e3f5bfc7b3
SHA1 6973f9c814cb6fbe8aacdbf02c495443bea29774
SHA256 feaff7d862720fb0687a4ac480dc9c2e9e1c3f5b55e310e2a027bef355a69332
SHA512 739e942fe274aef01208f80cecee88df01f67f69a19ccc6f094b8c05d518b5ce165b35d7bc0b812bc9189fda3b7a7000c815dfc6313ec94f953911d83e7c3c10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 087af9a0b128ffe238e4dd905a3b434f
SHA1 2aeaab8ca5f5d8ef24160f2585971044416e2a12
SHA256 1c799bf510f517d9c8f36df88bc9945c2de7d73f7d4bf1cc5faf02d79fc1a2cb
SHA512 6d8606c858a4fcf288d799e1030ada1fda9b1e9f89ac59da97800ad502df92520b9f21fa427e768f06e2664c93ef4af7c3901a692516024325128c53ddf0f6fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 94406db196236db3b02e41b69fa25b38
SHA1 3afc38235439e3b15bec81457b1adb9e4e5c6620
SHA256 9a3aa5a91a33e0c18f512e5b715416b0f8a5498ceb34b48716b1ec1131006e3c
SHA512 27c5898d0717413acee76cf50d244ee8ba35c74057908b4d5a8b64cf5573be98f6ac74334f3f453d5f3ab4872081f6043ce13793a5299e0a45d4841982a26ee4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 d5118d2a46a1612843996c82008a60bd
SHA1 a9cf47e5bbbc3fd59b9f151ff712a5752aefe093
SHA256 68c82b71fb86cf3ba2e88de2050739c71ab61b33ef852ff6a6ea3fb3410d480e
SHA512 f636c1962407988bb2d7a41ad9a23fa521aea81213bc2f20bfaf0e09c0cfbf5b98d8837c34510c5c52520e553c3272a38aa392168156ce76f995acb25e053968

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b7808c2cd05cb0701356ae39d0646056
SHA1 f0c30855ea480383ba0fae087bad39103ace5b4d
SHA256 a4a0edefc954026caba361354a072a11c88c583477e8d2682c9a98474e48fb00
SHA512 feb5b8a6d273fe0dbd7164a7c5cf60f06427d3296f300d4ca4d3b72a70e136e08cea964380078af363dccc512da1aa92cfb7f1241093c3d28a3c432109c82505

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8f0ad64187f81e1c78d8abeb4374f98d
SHA1 1eae2cff2cf48d706ac6a302c7074709d221c491
SHA256 b9102c60631439c6bd5d9a660a59d5bbb0e074b949a7bbd96539784d308884db
SHA512 75561c371ee71d3e6879f9dac31d9dabadc8551271081c430e7373eed8641ef7e8ebd9d5b431d06fe09cb10c387118a3e381b00b20b7c49aadeb8d6b2e619239

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 28cae27aa26f9d0629eaff794ca1144d
SHA1 352b793f9c560f01c98ae1642f10aa130e6ec73a
SHA256 fc5616f05b556596eb45f2e310e6dfd3f2c128352e8ad7d90233872e8e75e309
SHA512 5081c244edbca8b4fcdb865957bdf72c5fea34915aa94cc68f2dc27387af6438bc3810cbea82ef307493a1729bb36518e1f65c200c9988c63661f71f01064975

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 fc0af6d09c06e3470394f7f568bd6cc6
SHA1 8bbbd65e416d582da955973f170db81d9f815fc4
SHA256 ea395a828ee6eed3aba35dfa5a66000743b9ee0e4c414738865d3fccb641602f
SHA512 a1c3a0b5ca3a99822ca3fbfa5687c1cd2a9692f5c431e78936f1cc1e64894a1338a7a1ade2b05e2a324897b3ed7424cb61fa7b255562f5afa34907c575e5fb15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 fd35a8a2a1c6c2338a9f59d2f95845bb
SHA1 6bfb3bd377d5e4a1810c283546285b86a8df4e31
SHA256 c7d2dbdc140255c7df46262539897e6eda0754702ddd1801140bac8e590d8a82
SHA512 0645e8f814858827a035b4410ce817903f8082dfd655420a4efcd4e4473bc8444f1031bb3da84e228a714ee76eee053e3be66f220cec83d3734bf31fc6812a94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 344836af8107346c6c34e53f809a6a27
SHA1 884f69b0e88194de24e56857b7a95110d874128f
SHA256 1d77d86f24e808fd2b7f3afe7e42c3a9c7154c71276888c666c62654ea9566f8
SHA512 2ae78711311bb1c4f833aba8842e04e8008594576701d0c5b412cadf2393931a34d54176f11bd88e9dda752d9d3c9ffc8cff9a126ef4fb7641f5202adb6497a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 6df985270b121964786fbd1c080d5014
SHA1 f51351c808d30d64803666664cea38b8a2ab9ad5
SHA256 02289753067d0096803898bfd6a4999b17e41738a083e1c7170356dbbc64a101
SHA512 87a8391c5c2bc51979bac6133ecbf8286e85a48e5097faa711878ec1a0f095b43e95ca609e4fed41f044a8567f033b57f38e8dee427ba6ec42a06659f759107c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 aef6421e302b16d60a8cdc0a0269dc3f
SHA1 4eebcd3e1764b07faf836d98c40d9bf182341cdb
SHA256 208696d39b4768c490f43c799086aec1898a0baeabc3a61fcbcdbea9c09ee706
SHA512 eb5603941a1a8c1ff03834a01f2d551326e1ff85c44523cb735f38d3354b54e4d17dba040eecc67d949e0beb12ccb526d1004a0e16015a3252cc2084ab9ef143

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 56cf2d9e6d5c40031bfd7bb059e11d70
SHA1 54d9b7e5c4c761b06d1a8e9958d6f7dc6ee8fac2
SHA256 30cb496734f4869ac4542b7e952993448191770cf98b937b541b50ea98e83206
SHA512 33c9bf31cdd370ce65fe815d4f2fbef5ba04ec4065ebff33b761d5f07a37ea81d176cdc576f6cdf22c445bb0c55504bd65b51026b03f4e256822321209e9ecb2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 b19779ea64ea32e16881433c90b5912f
SHA1 82e8aa0dbbf55e2dd546073cdabf86ee87e16280
SHA256 84b4301c401f645a99ec044c8b00c88c170acfc97e27cfd118ba634a24b0418a
SHA512 52736ff010019a219eda6e7f382784bef6e15fa2545e06650404d198848c6b7d2f5ca8f9e8c42a002131b91594d9f1f8c5b85b6368b9b5549f4f1e96e6f437b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 c4610ed7a6864b041daa914a9b4a6bd8
SHA1 8c5a6a148b2bec578f98fed8ad113f79ce5df7b1
SHA256 69392d76d41bca6e68059ec210c70237dcb2f3bd328eb28ecbe4de8c6c5dee5b
SHA512 e6a3f8a4834078cd93d673e3dd3d2e4ba1996562785c4aadc36b2faac2da40a339e259032adfdb4d2f974ab02594ecca24427290e8944e145cce3ab9f8aabfcb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a394c77b673ccf7f126dad3f0207aef1
SHA1 a790a768ea723ef8e0b40b4aa08993fa45173907
SHA256 18aca11f01d8d555743222b90d92f132b062bfa32547903093640e9d3f89913c
SHA512 7f5f60c52e6da52a45b8189c632a74aa8c37a03ba13a74b18e7a7a1691a3908b5448c0d34b3728def182010297950ce439e6eaf5ea516028f13d0cb358c6c691

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 5f6cfbb502fa9ae526c89a7415fc685e
SHA1 002de9f8da3c4f411df6101f13ebb672f57a792c
SHA256 880d7c527412108d61e8309fb2a61dad1eab5bf699ea5973673a5ae4c6c246d4
SHA512 6d58465bad168646b3d18120148d1ddd564f15cb00813a65e2eecccf7d4701ec0ac887ad18fea8c933c56766761d929c814c052ff97d8e355caf6fd8dd75dfe8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 daceefa909d931be1b92ffcd10d1b9a1
SHA1 74d47eeb56ec15231c7669b243b5594d6b75e592
SHA256 0fbb449670c12aeb62ce2efba31d341cf3b8413c5afea4f99439aaf7b34222ac
SHA512 2f54539adea2c3d888fa893355bf39ae2e89de47ec3dc62f4e95bf760567f2f92f085348a57a22965ebbc4a9b91df5049503fa6c0ac32f37bd04c3e3fd829c1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 588f594dc8f05ff225c252874d13172d
SHA1 8a57b945fb29f7979b52dc0739e538811c11744e
SHA256 7afb9b90f5cfb6904f3845f494d5d68f987dbd5facbf5188c7ee07d6828ddfec
SHA512 394a8d5b7ea11ed25e57f6bcae4393bb96f0b9f3280cc966c581a4f60b54653980d6e2bee64a9942d9f98104f0fe8ffc6f2ed64ff1b571a7679937648c63ff4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 cfe17163e51047f63a60411bd2219b17
SHA1 89a33bcec32cb0d2201a0adb64cba8b52a95d787
SHA256 b6c878c30e5db5d15f8fe56c19d13fdd8fdd386686af5a6b685d15f352724c1c
SHA512 34962b390bf569cecb4c4a7bb1ed33c40566ca50f7a565c12a648c1375b6a07c7bd869bc166d0fd20ae82b379249c0647e499916d385411905739f6404ec8c3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 1998c932809bf0fc82df24654e172f2a
SHA1 a1e610b3e3c76b814450fa30abe89416b130f557
SHA256 738801b0680f25f8aacc4751eb1a7a61b2d5224976b03e69370bf8c327eef548
SHA512 40723beb4c79e37448f306e8fd7822778454fccba08e410a28f0194cd4a0b7ea76ab1c6f94b2d6e80e2a7243afa26cd199475a88106ed00de11a72ce71b7a1b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 bc47677f2e676c2876562abafc292f6f
SHA1 cedde08d089ad06cda211f57f2e4a93cd820ebd0
SHA256 f55db6e4e19eb5567c33d97b466fc9ec7a520a9cbeea97dffdd5c8341fe6cff4
SHA512 2a7a3295ba43a3a446eb3ff354ea263fe17e191280493da8f890ec5b22b156422bb6c7bba35a6260a2af81b02d862eb748381e8834bde9eb3b98e128270723bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 9724ee0cdae300780b6e6ec9cb45dd3c
SHA1 d6f6345a926b9461d437e4be4679984ae35283e8
SHA256 9ac72b7aa7f9a61694f0d55e18c93a16b39988c54138ee5a9f3b5f0bf9a10783
SHA512 4f8a43ea4bf802f0ce6503743503a513f0c07535bd057c5cf96f057933b7e00814383b25a33e03e73daa374af64fba305ab3c6a5688d46139073ce7f8578b046

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 060a9c07c44b6b2d1ff38c9704d6131e
SHA1 6d8d8f853016930d703fa367bd398828b2225b35
SHA256 36f333316ea63f93e81e604f2e50b614d4f586e00b1af38a7dc793a5bb048379
SHA512 8918fa381d7cb3ff4a0d8c7775a6a58d15ef1756a4724902d3358ade2f91bc15109556905f2a43a0b641417b9eaab9996b623f9123cc5677692cf026f9ef661e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 06ed304a8251ba730d7fb0610cec1ea9
SHA1 24fc96447b9f66b13af0c8825c8f36f6f76b3019
SHA256 0ebe4db0fffe6acc8843b18846d3efb5df6c0bc8f1f5c8e426b30680640576ab
SHA512 72aee3fd4a99e5c87d60385ca577fbcf0d72b78da81da7766c2e9537856f0c0de024675d747fe0a720fa30ab4b7171bd99fbf95f431a53c1e52d3b2bebf570f3

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 b6ee459b01899b6cca6b16d04205fa6f
SHA1 e47db0cc86a514651208a673cbd35a5096091a55
SHA256 ced0031d231d015ed2da12404236d7e61ee4cca21859bd2c4c17bf64483b85ed
SHA512 dc660a2845987d457b411590391e68da181cc43e1281200b9d9759d2eba95d829925c40eee8f7df09cd373081d0c49304d521cb0927adc0c165d34b0ec90b214

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 35b1c01ef825ffc3e241357019b50320
SHA1 7db4dbcd2fc0a01c41131e14713713ea1c0834e5
SHA256 f7c3f33f2855d7786d682854322a5f8669fde06878c7adfb77be037de4972069
SHA512 75f990397bcd9ea569872d320ef43ec6d1ce02c2013bc18e066e46509ea594b6b93de8269520f8e0cb61565f5821dced1b42c1c4209789a4004b864daa5d8568

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 b69abfd1ada8b4c9638c765e55e5e767
SHA1 73602788e29669b00e0f66fdd9223b98aa1b738e
SHA256 37deabcbb235babc7fa2416e06c3ffd797960ff6d1f8c984e71fdb7af519eb20
SHA512 002ba0319c39babbe18ff9c8388e85ba1e6525611cfd0ee3cd28e6a8aeda20bf5267f32dc8a67be83e9b31a9ce72cc01285a8c66621bee1ece66c74deb954550

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 b6e465f6b97eefd13d192348fa195304
SHA1 5c14489049c523c07a1c6ac6db572ab1f32e9ff2
SHA256 15b516afc8224b25809695a12f18b4122dfc986224be50b13b1b8143601e5114
SHA512 cdf6f5534bfd8516c9b30050641090eab5bb57b2227047ac42241b36d1904921076f3d448ffbe0cd2f301e02e6d4dce6510b483fafe65421f6a46a9b0aef7600

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 3f6185504c0292679526a52095c1f5f9
SHA1 237d884434dc3a603eb17cda8edfd80715a25bee
SHA256 284df3b34432617d21581532629da5bb4389de1cbb87c621dd4a8f5849facf96
SHA512 b8f95d647c553a9163f5e1ea8270c3875b6289e5e0d96ea70c12c98fba04e87a8923b0c137ce0e3af69e42c2b7d152c11eba3a51950d89ad34323f7e89c1e276

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 dcfcc4ce47aaa67e1eead3ccc5e9f1c0
SHA1 1c5f6ba2edb14b120bd03d6fafc91b779337f108
SHA256 0bbaae0bbae71e82e082322c15054fa6da870261134a5827d46106ad7aa05baa
SHA512 041b71d5c140375fd40938c49ab6f7572d602b8c99a012626e6dd8fa791ccdd5312f54a5febbb680c2776f42b9c5f8aafcc1dd8ce0a37c82b61fc7b226f6c657

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 0b6c8ae97f124e9875d27564dcc0ecf4
SHA1 4c84bf5c64120ea7acc508550d8c13eae79c60f5
SHA256 cfd561c3c8f26f7dc7398196897ee383db2b198bb69584f6db6da9dbd3d6e030
SHA512 7c5f67947b9978ee00056620b26a677deda19e574852a324a9f6f4012b478b44325c507465eb845612527fed3617a5cd4ffd855126779ed3123602d023cb36b3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 62847d71635f39842e053af004597f7d
SHA1 ffb31261f5d0bf4b0b839b12666850f243de0c1e
SHA256 ac693d4138ae7f78ac57590f95c570e42e5afa304db50b2e8135cc8308adbabd
SHA512 afacff400c901f86d7be708bfcf634f278ef3a02c629a61f10ee460a6d02f14edcf49fb24b03318abfec79c256c3a7b697f4bbdf1dfa67569c716289ce8a3254

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 75b43460f50846b686a8742f22854a47
SHA1 8e06acc6679050085f4448176d7f5f7005a39a64
SHA256 49a14f9917f3a8c0fb2342fafc61281e75d9ecc6f98b96d64ea227c5c60e7581
SHA512 8b84aa0cfbfe21382f68d862e59f7714ffbb1b7b52650ffafe3ee83339784bb5045a0650e17f2da8a31dfc04d906c525a47b739d680670c447853e32ddd209a1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 fa98f9eae3cefa61cadeb10dbf722bba
SHA1 cb865773a1be8c026a039aef89b2faa697592708
SHA256 200bc152c0abbc879ca964960ee3d2e8fce761d40e47bc87d404d7b7049c1813
SHA512 8dc3d522e9ff00d83e6df8a51a498901236181b92f3b5493396dbcdc0e91e92a441d7124b0a71ac547706d2d7a709b904b53c4e4b3bb982f91b015c9289e9d6d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a5a61724fdb88a7020ab3b50dbf2bb64
SHA1 02ac15e8c7bd6551311d1031d792f53dc34c9559
SHA256 83b78308d1c904c310b2813335ac0eaab0ac7f68102ac77721baf2069af5726b
SHA512 7e8b49087c70820bd044a5475b0c2c4cade72dfc6e9bfabb3b4f54015377f53b409d876955b91baac4bdb18a800f04d2fa4e7d1a26445747ef81692bd29d86f3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 63f4841854acf4e6ae7cc3e5158ca96b
SHA1 fd26a642499f8f58adf72afa743206413517c93c
SHA256 52d011d9059fc326fc16979957955647ffa804f24b9ed31051d64c189c83f95f
SHA512 ad0b133c18efc9738ee454f92316edfd8b2b7075101a7bf16b319d34dfd10f45a5247e68e44583689cf1b21790273a8387af49e234d106ada1c1dddaec82f8a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 b2c1184e7fd1dccbd27da645b4380da9
SHA1 30badd4571f375702e1ad91e0c0a0091f88442d0
SHA256 1b21a0a3303bd95044f19683d6488950b5479987441c7545d10a609a7c0f3059
SHA512 5fe9b27402d7440e3154b5954d1608c12aa7f46c338059b3f6ac113ee671a2d2a725aa18bf5018d0a65f17f3e1a9b92b248f27249a2769c2e25e643d2eb2965f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8752dad203d093efabc8fcde90bb33a7
SHA1 dd2f639ee6be8cce370cd3e625cc85fd60df7054
SHA256 1674086cd4c1e20570a6f22f1c4136be5b57dbad39cd45e943c7f5b4f8cca39b
SHA512 97e881f5976ad661c7108d390f808cf7f06eb1677fbd2133a71c2889f635df55fd4076d6021d2034df66b1571baf84655356f20ec6d02f8daf1016ad7c291004

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ae55b0d7f6db42451534ecbfbc08a620
SHA1 01883721d27e53edb773ebdbbd16471362798ab1
SHA256 fdadc7a2263a6c59d55fbd60d5306c1b6e22e6881c003728b9f2d7c1fe00d55b
SHA512 1ee105af2b640dab244df8566173b06799d4911a98ecd81bc7c7717c9cd314f48c847e8114fb638a4300e1edda1d59b69f699ae6d6b3cad143942a43e81ea425

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c78bc2ef6d81925bff54fa113a18ed4f
SHA1 10991ec46692fcb92d56fb39360cc6faeb20c33b
SHA256 9997bd274c82c63118bf6aaf4afb173b0c3e0b8d932fab09cbe66495f476ff54
SHA512 ffccd11a2777d5c7eccd87c19b99847ad5563218578057a3c9c7eceb9f0e1bcada7817846d43de9dc26a489c1ac3a2db116af304b5a2634dffcf0637f44f3580

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2f02337e7c12701c0a53c008d21e23fc
SHA1 e33543a392152d4c3dc6185c13d451ebc9ebbdac
SHA256 a210086bd8a479f92b0ce37f91a0a3d58c68e1d4aa0b098b36cb540f481d127a
SHA512 7b6e77cd05b88fec1e4ece7ebb299e6a76852b96a0da0f4e0ad44189f8aa90c49b5d31f0cca8aa83421eac24fd7a1fadb52eca22d10ac6fb0e0599d47d82483e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2eb823c83a0846d4d0593ba3b639069e
SHA1 5d055b5ef912e0484d477ff2ebca3d3bbec8ed05
SHA256 3609eab7ad2d5275bdc974586df7af98b593a316fbbf49f3e0d4cfb8546232c9
SHA512 acf33b59527b61c9a172b5952613c3c877be893c4616185ea0a56f6f6ba28bfe928b17265d019afb2e952b6a3eeba89d26ad8fd62c6db9c7ef96bc12c5ec69ea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 52d8d1bd36dbe2a24c01bc608651303a
SHA1 5d9d56877940a93dc3e989c3d1f7f1a5c5bc8d8a
SHA256 5c9c78c0c41fa781a0be1c103361173f02d321c78dca1000f060c75dd22b3744
SHA512 d94cbf2f3968f8433b2ea4b190bc7a3e156b72897f8a9b683670753bd7cff585e2192fc30612cefa1993ce93a9373cb9e630013a8d459824a6368f10bb2c2a39

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9198f8109c21b7a0056a51a98b416ee0
SHA1 295be83288154320bf7c4cc0a89a4e0625555d26
SHA256 ee5a3fdf11bf281225469afd0c46cf00195a3c964d7c80ab3dc9a120434fd465
SHA512 7d81ea6fddf3751a534e0d858f6f3e49effd53aa59229c72dc99c99f08a277b8747b0f0ffc41897a21d687259e9247790fab39ec2676766195c13bbd54c2680f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 17cede4723ef6d78b7c6c0084460eda9
SHA1 a74f205836097cbae757e3fdb5b76a7dbc087c5f
SHA256 2ff69d5724468368fa6a51cea3ef08ddcc6a1aacb454c9268738a5db696dd38f
SHA512 6a19e9b321af5d06d4b922e3cfeaf5f185f233fe85cccc48ae1432630c4c992ca1c60147df0b3b6523890034ffc558484cb0d268e66e8a17ee59bf81065e2b01

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e9a2a71275987a87b7c5983fab2621c8
SHA1 d243ba959fa6e6e5cbdba813df74f39593b79d8d
SHA256 e5db18e48ceea8e372e4efda6bade2b974abfba6f1032d5c0352dc37366738df
SHA512 0c5269656e302046f32850efed4ca5f6d4be56bf01e247a23309db35c7bbdd50f27219a02e2aae83a37801024ccc090a2db468974c4ebb8e08e10d0776452b8e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 afcea2db8d5abd95d8dd249583993eaa
SHA1 464072a6ecadf7360d8f4d44d9aba0e574d141b3
SHA256 fb4928ae6f3d318ae50cfab0bebd677a1ff7ec533f2d213c134def21bc099c39
SHA512 0e769a9f07d886cb7ab47bb680ac0803637c7e007dafde256c54168a0ebfedb5f81671ead3b1e551a4beb0613a9b24ee5ecd4449dd68f77e3f75a26f3f0cfce5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 f93b53a2fc2ee036f37e7b51773e9688
SHA1 fe03bd8e9fc048fa4daad4063ec0357d445e541d
SHA256 7092d09295e072afa81e9495fbe665c50baf5200d2597de1d7e4ad78f1daa2bb
SHA512 478bad4d70bddc2e22955b2b633de6f01b10da025faf06c1199fc94fe51bc9d359951b7f82b7f9d014e44bcf151d9896e6d7574878ad5639008f3ac8c82290a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 a9a2669e3482388891dd58adfe1d9764
SHA1 04326a5d7c3d0118409734f9245a46631435b667
SHA256 3924d719ac7d798230770a9af0c0884a824f96a7ec893317ca410ea5120d0fab
SHA512 6621e4d4d7f7cde6d880e5ac1283467afa420f34c88271d8385c456dd4409f8c55e793a8360a780d8a2d80fe8e23f2e1fbbdb0c9e7f4129a8f50156f5aa473c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 726403849e45a9edb39e58d905009c47
SHA1 929fb20ea2dcdc17c6c28d29eca76343c4f649fa
SHA256 f226c02009c2359602600e64b8feab279308c1698bc57a426861e7d5a4368c9f
SHA512 1df27a3321824248e58cb9319ca8e60ca9a482b3e26e27b0a91d960bbb8d9c1e4022efd1b9dbc6048f171188ef63171c5743175990368020c27072d979c9b1fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b86a5658251dc236e7d4c4026a0238d1
SHA1 b0dfb83d25dcab7d803488c317cd60ce97b8b079
SHA256 fe36fc47b98c06394257f38bccf4cc95df201d9233408e5ec3f773bcf834a21c
SHA512 fd19881f4bd43fbe1edabfb977867337bf5c15f7ce91b0e8eca4442d79fe9b017e4c32e934f459c8fce013792917fa2015d5361d7097b925110d0e748a43a027

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 f8cec8b372f6292d53888152fe68cc64
SHA1 aa9c341bbb50f368540abb34d05fa65667a38787
SHA256 b8f669b9fbcc631bdb9398ab7e8d1d810de7a19e420047fad0e2c5234badbc98
SHA512 47ea7dc2ec4888b9039cb86b21b1faaecfcdb20213f99d98696fd635db47e2a240a55d6bac3aeca97f81bd4abf2e43a7b57c25c35fd1ae58f0c780397a701ac3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 07ab590f7cf749d966ffe6abdb8c24c4
SHA1 f824eca1cec736ec9139cf37e100262698d4bcfd
SHA256 a1148e7629a97df5626fbfcd4350caca0a6aed9b8f467129d46111a565205475
SHA512 8b63f15b267459a76ecc6a8bc4059605500a382fa5501c1d6d8b6ba277b21db4c573c2b33f6236cd205e0df7e373248f434ade139ff361bc1e054ff6f72b6e65

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6fefb53ea6344a9e2ad32c1cc303dcae
SHA1 6e9f46a950c25a657c54eb2e502791e809635b49
SHA256 da75ae550f8651cde048f3f12282ab8fad11839af1601e1f8d5fec8840034c52
SHA512 692c815974d485ef158c70bbd396ea96cd165bcbaa84d35f3752cab88e1ec87e1d66a93b7248d2347a0b6bd2358398ae71377e80b85e141468dffbe8c3214ea1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 fd4ae0091b6d8d864c8dbeb91fdc02f6
SHA1 a3db1c12bc9de01595e0839d40e9549adf0fc6ee
SHA256 b9acaca30fa72445d204d14f5dba0e27b5745b068ad6e44d1dde7529a6fd87b5
SHA512 77b60f9beedde88ae80a0f05fbeab99266f74cc84e92c9d7fc366340fc81b0b7e965b02674355d87cae6d91d163ce01e5e5437f1fba2f44e3861811c55130293

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 121aee237f0570b49870764bd8557c95
SHA1 3cea3b8a83f859b0acac835f2d2800f2e7ace416
SHA256 06078ff9937a237cca1062741c21d0f1e29f3c6811d5118829f3bebded561639
SHA512 3c74bb87a6560bed5f5649cd3e5646034d4d1c3e39b9e25a1afa195174651b879f0934816247d3cc1915f486107988d23ef104ea475e136550ec391ebf8eaa55

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 ca7dabc0c4462b824c9e82cea3acc31f
SHA1 5a8da8bc8c127f5e770a5edba7b0e02aebcd5451
SHA256 39104c2a5e81d72f8027313f4688fdac99ac6291a987729ade61fdbcae4d1609
SHA512 33555e56cef473aee4cc103771959614d400a6a24e3b75c896135021eb6d197cc53e06650bb007744435f9da93be784f4eff899af6213df1cbc2b19e25ef8d2b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 0312c2cde89d5fc1a56eac3b0e4040c4
SHA1 12aa3711be6a2a4197815b820dfa0c473fffb0b6
SHA256 639c2a7c42f21a3956d4063e28595fcb5f45a369c68a8d0a43219694f1eb79b6
SHA512 90ee9b94bd3faa58e73fe1f79eb04492b0b34175813d0056e15e58edc44f48c6b7ed5c09de4eca9f34fabd107a4f9d5c8316207161efb322ca79ce089eb372ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b63d12eed414cc99ac76d8519f5ce388
SHA1 8943c4945cee9b6020d136ebfe45f7d8bcb1c3e7
SHA256 ed25114f3f43994fa37a6dfd60930f0ec2e330c6088d39bda6e64876806728b0
SHA512 92580f185538448fc7042a4ec479a8b3fb051a2f1d0050da9e0b7bc041671b35b3dda2549277fbcc18958686010a604e4f6f327af6f1a9cdf56df9855a7e52c8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 c984174231c511d4af6b2a6ce0d04b62
SHA1 9b41b594159242ebb2cef6912f04b7853db94734
SHA256 7f569d1ad9e280f247aed57442873a76e722c62501b01ae06c6ccbd73d3d0ceb
SHA512 0e00f56f28b82a4aa1681696352afab92b4e506558d384ba49300f58fc38ce19a58c997c6d8639fdda3735449e218138b51693cea0b0a448b8523d68b75c9476

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 04d5eb2881a7fc9f101f3538c54eba1a
SHA1 e453e6b34b3ab7ed3ebf1ce34c479c0ceeca6aea
SHA256 5cc430364120243ed99e153de69a19e936b4d32a5f7f3b9179315287868a5929
SHA512 f60954dac6f092a4de8aef5398d3a09bcca54a9dca8f01f1ce7fb1f8d6c4b10efa9652b8d1b8ba3f5776b2be3bbbd45a18e00e39125e066ea293141e6047b318

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 183e86c0f3cb7265606e729558b9c997
SHA1 72786907af280930c6f96d90a184ae1190d2ae1d
SHA256 507a34a56fcd41499ec955927772c9fde51b9c7048d752cff3698a0ea443b04e
SHA512 99d66a57633b858c2b4e599036bec47ae0cd48dc6720ce2d37bba2ec4606140e8d23dbb478f3aa432b90ba3b95515926a61405b3954e158a1f474363431463b8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 d9c23b5d89f4d991d983d96d7a50b264
SHA1 6c409acd851bd3ea1302541cbbb1f9be8c8592cc
SHA256 6c87dfc4c9c41d7d2c470e3983404549c9dd096af9dac70ed7ac24ab0c490084
SHA512 b0cb12d8277a8ba2b11f84173f8d1277ddd117a76e88e60d6d2e465789cccdbf4e5890b2eecc4a164ce76a7809cedf91262da5f16c54dac446f2e79684029677

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 8fc221c60641a5ea4e2975dc8fde613b
SHA1 68493c2836684b577c78724b25d96318b18d2c11
SHA256 9b769304ac0111a6fce7512b0b9e7ddfdc83e3d32e5548c43c8c94123f204a33
SHA512 6e59a6adadc76806ca552acc8d62dc1bc708bd7ae5eed10822e52a8a4efe43e6fc5367436a5a543a2afea0c3982051b4dada89e270f48cc41876fbfc4f3aa1bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 a3e7c82d351c7d5b9b0706c222ff2708
SHA1 b8bc67b5af05bc1e0ac5ddbc22a64a293f4d5357
SHA256 6e330cee7c0ed39c4634c26f7888eb79d0945089b9b0d091341a37a585779314
SHA512 a417bf29b2c4751718e5e7ec80996b0eb58e6d87ad49cef2640251ef60d0203a9ecdde99da1db0bb49e8291d7cd23a3dcec24046a1f03971e4e1268ae409179c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 bdb55c22a9d97935054284546a4709f5
SHA1 74de0f0753bd2793a96eb3548e491fc16c4e948f
SHA256 dfe771130f37970b9c281c044152461149a1e491532cff664571c435477b1a89
SHA512 95954425c4d9fff04cdf14d142f0c7e3719e361fef3c47962c08b370eaf8c7b1eaeed4f7d72b1b3f68fcceacbc29420adaa4390be5b74b42291e8ef2371281e2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 57288f4ec04e6a115aa7883b5023dfde
SHA1 90d431d059f9b1f6434a3598290de3fdd9f113d8
SHA256 8669644556454fbd218ab835f912ab82658ce4e9b748927e996c26dffd190061
SHA512 dcc663963180dc65b923d1bf3814e4bd3f5bccbe2c91e48068d119547dcac0f2391d1a28cc3c03e9f057e1a1a74f9a1f91a5e176b91df52dd75b1c408d9ff2d8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 d2928419e309a3a83a1cc58095bb88a0
SHA1 0a4ea5b39e7122832fff2fd66f62669071d94ef0
SHA256 9509da77a8861bfc25ed65d5aa1d3c45dd740fa6b5d5888b9a228fb23e69c0c9
SHA512 83f0db056690963951021695370dcd30396fd840d960e5f2c16094483060b287f2f66c91586fab4092d874381319ce7b0196e1e0f2c1da226da1582d18f0552e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 552438d767f5d73e6e0bc8a8c72350d9
SHA1 88530f24463d308cde4998c5d8dbe40c1d226364
SHA256 5c297f1e345bfadb284908d1df0a98bf817a51876b36b0ad837491d9814233e0
SHA512 16d0dad5a2eff44045b059322df5cf347fcda1584576a569dd569a43b1f5b11439e206a8f1ed0e1483c9cdf793f5789b03de303b89f6853c7fe767797236bd1e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 3e465d70d283d8fb552def3ca61cd078
SHA1 ca2c64ed1dee4799e6d010309089670c20c0e5fa
SHA256 8434ce289b3f024160e7d3088f7a129d8c83d6eb066c2d6ffa437ee3afd447f4
SHA512 1cb4530414f2a458a43b8e3e111ad607b73b5685482bb41a0ed941b3a97e2d1622b5efaccc5243ae42f75f45cabfb3877444a40f61e6d134e1c6456c262a38ab

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 fe76a632603ab69deb23b6325cd75552
SHA1 8834cef035f9cdcbb14fd64c590e450c1cfea1b0
SHA256 ebff19d376653fa8b3b250b3ad67d27689a909afc7bb403e300550c1cdd7d6e7
SHA512 6a14068fa0c53ddc2fbc0a035430ab2740a86ec99f8970dfed8cc9b2e9293daee3266dee65085fe4619fde104391f5cf7ea3354bf39754509e55b4c44941be1e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c651f0105d3fea4d377449bd3c93c34d
SHA1 87df285a1841dc68f29c18e8ba9d2fda64a57777
SHA256 e44058e28dee319160f549a40e2898375fb1e7b0b49416ccd11398d533d87c09
SHA512 3e3bec762f257122a844e29afb78eb89d67dfaa8261e4f4d7523601cbe047a3002b8c6b98ea5b779e8500b7a765d8874088c994ae90f4d45e1d43440f5c6f288

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 afd8cd7d8c5a24b4a81315f7960e260e
SHA1 e4614b6bf6d949bafa839187d24ca606e62d915d
SHA256 98841bbb2a64a2c15d95b3118aabbde1b34f5ecb0e8aa04b2d84b7f3405f0426
SHA512 87a7ab3e3f00f2795f683468ec23fcfe991b99c39cf7479bb62831ffdcd47e1c75aa42c2e85e34fc305ca0c4906a6f81c6689ff0f742adaad2017778a78f72f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 c9ab349fde25483457e2f0b1e81c8d22
SHA1 c5a8bf0376e6aab8921e5ab98397faf9dcb363ae
SHA256 839100a9394bbbf6483f347fa0959217677815f653dbe5f345daf7ced4d04b30
SHA512 17a2103f94346ee444bc5f8684b2aa421e0ff9c9ca3730b751722938374076eeebca015511ed65975e7c335a8d6291edcfb32c45bf93485a7e355fe70686f0c3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b9152a4b65bf0585115f5f6bfc694579
SHA1 c02ee0ac3e05c626e7637a596cd1b3a1d96f9127
SHA256 f7b3906db0dbc5a106a6f4b4943b51e4b6a61732e88fcb2ac57634b1c679a6b5
SHA512 a5c453e83d1ab3a33540e0bf3fbe8719a32220aee13c70b0e975eac0b9c342e6edaa396a42397357e9554decc7278da80685e27c08883c2752eb33d423b1f861

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 ba490142b6d8201ae97862ab8262bb17
SHA1 c47603452c6ac9f1e0e2c7a35d12e4dbd5755ac0
SHA256 1c9c3f6d3a485004f50ee2a390d27aeff81e674df2782b3b0caddc06b3be617c
SHA512 77d19e1b9882e730b381a27fb6f302532fb4af0b0e0f0a45f4d0d85ab36b0a17ab47ef04095f9a617b58204300ca76467c2e43d28e56c81f41959bd95592a575

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 4d55cb02751496f5ac8af86772b72e4f
SHA1 be22743b8efd65b012e96f5336764182311b0740
SHA256 81e3d0507cc36908458b461addc64b12d7543ed47b4a2d9974fad1d1549268af
SHA512 a591bb15b5481daf9dd8965838382edf9e8b3ce3eca3dfb5c2aa5270cb1d520a17cca8c92848d3bffa0054eb31b066e0261a59c56ffc44c399bdfeece8e5dccf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 cbc64d8cb9188e28a1e311835eac56c9
SHA1 e6ca3530a86bb4f7659c5354c530e9c4de3163f2
SHA256 196832fddd8cac89c9e5d7ea8467bb387ee1125b8ee702cdd0e5fb2adc7f0a9e
SHA512 6e61807e2effc3dba873e509e3b328a3bb811cd73d221ed42515d10abdc41a0e3fcccf9e7bbec121bf3221a86eaa50ba0f609603de02b9dd179d5c25a4e84c03

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 47aeeee1eba275918a9092d93b592d78
SHA1 f4a7041c77fe4368f20abb5b98cb073e3aa16825
SHA256 f8b6460df89b5a969f99e00dba61bd86ff6ef55733378d40a3c803f950fa6cdb
SHA512 ef0706339cb67c15141b499db282c07c1524e9b7c6ada800476a8731aeb3eb251487097d04cf32f5dcc36ad3e94f9e8d3a3c99da2d37f71c0992d8e9e30dddfe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 06bf05c84cfe68c9b213a7e699d48e55
SHA1 9156119b1a85744710c484276144e7fc8383d8c0
SHA256 929fbac4d9747295b7f343ee9ba5121fd450b2c9c651ed38b2e2a7604a4dc0de
SHA512 945e37911b9e2eb058a58f65addee8a7e26ef2210e163f712b4ef54cc0c42850478ce39875db46368b5f3e4f6751706be6e60faaaa4734da6bf7b6e85c11ce82

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 d8a813cb49915431b0dc2348b160a4cb
SHA1 9473b555301409ef82e929fdc392aa9852aaa04b
SHA256 2f768fccd72f87b2d9227d936cc785cfeff7e4786dade9b7c2ee942a475bd035
SHA512 7938b353dbb744362154bcec0f26a6e27c080e7cbf17f8dea1345557f8c29dac8dfc6e8418f84542053951f408a2bea35cc0133def4cf10b692ce5887cf41c00

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 b4cc3b319d817b1838ac1f27bdd61c51
SHA1 019115d6d5900eb71a164b36f1ca6c4e13ff8679
SHA256 9b3ded03c7544b9d471bb00a7301a4dafd5cd34419c725de990b8f6c4b20664a
SHA512 da7975420bfcec3869c1da52cf500e6f579ae0aa6e236cda264b94d0a5929a63ff6f96d6e1cde28f989becd590d4cd073f47ba8cfc3f9762737c0e757a864456

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 90093dcd5e5f8812400bbd2808a49d3a
SHA1 155822a76b8f5b791bbbef2eb6dc6113a60c54cd
SHA256 b76735a91977057dd593ce4d50622988eff650b71061d0eb049bcd760c4997bf
SHA512 9dfde78ad7fe62caf4609b60e2c1d31514842608c834948a2e258592bb752294a971afd3fc8fe596819478cd8ba3e72f1562a10c8cf0422704e2f0e3463efb95

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 cc51cf3baaae5d2139b37b511a2d4dbc
SHA1 abc0a805c8f88477d24793a18c24154e82bfe1ea
SHA256 af52212164ca621c8952faba2ff37f45dad110a6d60313f9b5bd8d23835537e5
SHA512 430acda34f8736a4b6122c2dcb0c95b37408a70fa150965c938f9823fc611970870e3eabf9bfcc19461da6958a757e789e44bac080dde7ef7974cabeb811557f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 83da30aa7ecd18b8f938e7be6971a997
SHA1 3f5c0ba2b42fe2ce430d3b7a05bd67d1d62e59d3
SHA256 43178b603adab5b59ab2d2e4a2746bf5932cb081332f61735bf1e0f4989b503c
SHA512 e33fcb2847e3d1da43f6b62cf9abd0246ed57b98e423d3b50c7cb05c51315302ebc048499bc0975ae85665a59cd3a6f492163ea2a1ed27580c0c038cd18dc149

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 f90ad039e2503fb939410c1be4ddee36
SHA1 e9859a6b3965a177d69aa134cb5d4ee2b3e40df7
SHA256 791d177f437008555e7e44dac96aff4b8590a4257d5d7bcaeb6826d236cd52de
SHA512 d609983910b9bc663e19c753434420cb26aa5a7020cb5c5cd992799d652e5e9c6ab8e3c34327bd222efa519d92c8041583316153fbffe6c7a546ba4400741171

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 4cde88e64d9a12b677731fec7c597e7a
SHA1 ab2a54b27ceb885a8edb848c70b752eb462d4146
SHA256 088602a116930196c8afa836b892818206f4806a0924cbb27ea0c1c23eb313a7
SHA512 7bed211b71698e419539188962c5ac8fb737b67b4fa64f00a92b8f8a62b11422f2d2140db3cf55fbc2d609cf21e98944a84551a9a1a8406e776e53f8d37a4320

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 c98247901dfa4c89b50755df639b6e45
SHA1 6fc6e5c4bac8697ecbf07d8df7ca7d8d1f5879e3
SHA256 f8e071ebfc574c161fdcb593e384e411e3177807fd314690c5aa47190645544f
SHA512 3ff128a34f7a1a43130cc03b1e221bb1a00e8795814c16f25efc1c90a6590244203ac240101bc3ec70a664cb8154185eeac67219485920fe853fd072f0128cc0