Malware Analysis Report

2025-01-18 20:39

Sample ID 241208-ns5qsssmew
Target d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118
SHA256 15e5d4175eca82907df06543dce2bf6e68adfea9183b2c625a9f7ee4fff76f61
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

15e5d4175eca82907df06543dce2bf6e68adfea9183b2c625a9f7ee4fff76f61

Threat Level: Known bad

The file d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2214) files with added filename extension

Renames multiple (2183) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-08 11:40

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-08 11:40

Reported

2024-12-08 11:43

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe"

Signatures

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx005.inf_amd64_neutral_5304c93e2193f237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\shared\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_neutral_b64bd08009e7444f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_neutral_814744dd97ccf09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29B.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.HTM C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\README.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14756_.GIF C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..e-rassstp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_449f95d072a7ae4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_transfercable.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b10aac442287f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_43c1f4df0ee8b2c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6336f71e6582b89f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a5ecc4c239bc0f04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5a0aaea7147d1a1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd82e5faa91e3f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..intmapper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_468dbb8913417112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.1.7600.16385_none_fe560f0352e04f48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedde71c1edc8f9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b0cbaae98ba463cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysprep.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6f9b5c0d8421b81a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-sonic-clickme_31bf3856ad364e35_6.1.7600.16385_none_560dd693a7476c8c\ClickMe.htm C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_58424d46739cf624\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-setup.resources_31bf3856ad364e35_8.0.7600.16385_de-de_1eec0e2a72381832\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_49fa92fda9820581\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.engine.resources_b03f5f7f11d50a3a_3.5.7600.16385_ja-jp_8a19bdb69703660d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eec1b61879907842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_es-es_c18920d0e9ed59b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.diskm_v.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2e787fab6f3379c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.engine_b03f5f7f11d50a3a_3.5.7601.17514_none_d621e6a35e491e44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b91f4c11edec673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\ZA-wp4.jpg C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..rtuimedia.resources_31bf3856ad364e35_6.1.7600.16385_de-de_336f711d4edcda2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3676997cefee224b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Notify.wav C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a0e539441d9ce77a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d6a2e5c047c34b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_61d1faf26e443c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e119eb1646de0342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_amdsata.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c21da54655fab3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.html C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0b9cf3a70c6e1585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f9dfb0bfad606007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_lsi_sas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61a63821397a90a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\MOF\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-14.htm C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\401-1.htm C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ee9965825c3dfac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.iscsi_init.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b2200113bda2e41c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.pmc_lh.resources_31bf3856ad364e35_6.1.7601.17514_es-es_bed0145c01400abb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlangpui_31bf3856ad364e35_6.1.7601.17514_none_9ea2d5aa2131e232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\2.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_de-de_14f8635dedf1d007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-nap-oobsha.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_febafc2540895757\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-itvres.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f01aa6ebc1cf4def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_65b99de8d68f5c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..datastore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e3279aad4e45e881\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d05d18903bc15ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.157953\ = "BUJYFGNMEYMSLBG" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe,0" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.157953 C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 f7b1a7c2747732fdbe4f31406c7ff809
SHA1 c3d9ba99199fd3b6e357699ca59f3f359729a075
SHA256 2958ba7b084b4097bccfb53bc6141c9e73c3ac67b9eea400ecd63528d69e5ec1
SHA512 105b8c363eed685fae1ac9e53320c143044116b8d8ab23844a2c6ef08ca3c81add491ef3d9f09a64e0b5712007073c66141e7b23f5d59686cf554c41892fa67a

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 3bee9abcfbc086b08b06be9ab32a7d64
SHA1 390a6169f6619246a4c86c057e85a21e26df13a0
SHA256 854f8e80ad90f10c9dbd09d675e456aed38928e48aa5c1150e7ecaea7de5c6c3
SHA512 dec95f807d1230d0be24a1c4299f6bb0d09b600a84a5cc7f6177ae0ff13db0e6705dc08a3aba2df347c832dec987e84630200540cb01c0fbdc1f560dd0e5efda

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 6c0a5a4a318bb3d279dce502dc7f74b1
SHA1 334a76e9786daedaaad64d43d138e50f54976994
SHA256 896d3b46e19dc90ee7967e0280e11b18a9f4a1cfd2767657a0dbafdac9840fe2
SHA512 575fb3cf34fca5ba1adb93a8bff60948097e6ab725a707e02942e16997c6f19e8d3eaa5f086a3582de5ebbcb87861a1fc491d336de0b5d8e804f0e3f70dfc939

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 6578e2aebcad53e5fd9b40039a073da7
SHA1 b8bc8a0ea9facac6508558a65aa31a19e0a34b58
SHA256 bd4624a5899577c166cd6be182f707d24eadb17518057ea383add883ad1509d9
SHA512 c55d4f44399937a8eb4a36fca69a72d15716849fadeaba5aedaf45f742649608d10517c46279e4842bdfc58831a821c0362086019b5ae8140d4253f10f750ab8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 222bcfbe4fafc096675439c5acd43d9a
SHA1 bb3c641c07b77a7b2873c54a1add5e367659778e
SHA256 bc2f91624be0aaf4c9c34d56bef9206842c41d222e12b250cf0f1fc1a0caca73
SHA512 0b6bd6bffff913720d9eea814f2a94c8f005d55bc81a0770668c68b6404a37587e0aede461ca53a14e4ba9c5b1ea56b200c915d5073fdb2c16feeeea7b1a02ca

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 7298bbedf2beffab2fa9793980c88b00
SHA1 742e6e9c4cf1529fcbe482e564b07431f69ce943
SHA256 0845191889309530526c1609fa35e3d20f79e60a1b5aa5d6b1021f787fd41e61
SHA512 021c40e5c578a524cbf88bc1f9aa836374bb03c6167b2a902ef61737f8f22615eba555cf612277f218b13debaab0701afa6b8f5fdef87947b5519b42fc4cd6e6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 fcb4b2f0a0e5f21a8e0a0429106f9f55
SHA1 fc4a6c580fb1f412d179d77ededcd0763f7b698c
SHA256 fe8f390180303d0f4b5d4041fe8b94036d9b3a5f9837d1bf3a921e6cd14f7c26
SHA512 b5f2613459fe6a70910edae137d4174819b27217feee9cc7ac95115092c815f74cf72843e6ad2ab12b44fa05e95f87f748e0b81dd2377e0a68cd3a84b6f26fbc

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 8ef4e1ea424b8ef5d205cc7703604594
SHA1 5e50c13907748d1c70ef5bb8d5b04400b5ad79ba
SHA256 49c182ea467e40c9cf464596b0f9ee19007cdf20df9f9628e0fff248bcf5de21
SHA512 ccf045e935143496effb885bc6704cf977bf3de46e7430cc2534905ece864d14de3b57f517643c79671e4ca7a216407bc457ad83af1fd98e9d164165d3052467

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 1f2d503d60b252405b0accf41353e859
SHA1 b855052eacbc58ba77e97fbe75de39af89275c77
SHA256 e287467c5da5bd23f1cd16e00bf95dea0c1ad7fbcad15f16c39ca6adf824c36b
SHA512 84682ee23cf85860af3fadd7dbc82af8dae3fc59735b1cec7312007ae69b76baa1f29ebfa4d883d9af54a8efababb009a40822a1a11e464927ee9fd4373b134a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 37cf85751a33a3bf29e49e7d0e6d2176
SHA1 4a75a763c052cc3bf124e5e88e0b3f9eda4aa8b6
SHA256 a63cadcfebe12d037de5280cd18cc5d025cda0d4df1422c7d8e1ec0746ac431b
SHA512 9c689e93b01d9801e9f2d9fb3a536feed02cfbc8984759056b37ad38ce5c5fffb4ebb51a660c3fc66c856175083842aa5e30f6d9e8956affe5379e9622e31927

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 19830412fb1bc0f2565fae8743561b59
SHA1 032d190fde8da695d5d038866a02b438dd522b51
SHA256 9668f242aec28adee51f956641fb96117ef05d0df346474e6c76b503f430c455
SHA512 de66d825ba2acc1d7f199a1801af77a8dc7497b7f54d70efa24702a2fac59d17bc554ea2be55255f05a287545d89f89cd63a86e274e2751162e068de1bb552cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ba34e5eb11ac462751f2cf9101f4b2a6
SHA1 4360580d0c0f7659b28c53d8d93eadf86afa6020
SHA256 f28a2ac590ad53dc77f4b45712eabb4d5c48ef1eac798863af1b3d3be859865c
SHA512 44f272775dcffe8cafd460cac2551396089cc7bc23a8e5a522f6b1d1b4bbc5f3b68cbf0c4d2acbeb71bc932cf3b94853097eddd17d0d2d8b274ea82fc487440f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 f64209d9bfbabe7bff1860dd8b3ee691
SHA1 20eaec37f9e7fb0f4c69ca7f04e076722dc8b85c
SHA256 35bca1fad3b738738c137acb63bb97d3f296ff54cbd9572e02f39b5996ca68ca
SHA512 3df4a4765ea5de29e59f07ba3a08cceb11af6719da297bf9913b77e61ff67ae32ea9abcf56da79e26f4a42cb48f8e6ddde80316012ee7c703d40c1208ce3f6d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 6c73169438f6b0d58d23fde2a58d1c0c
SHA1 cf6026ee9cbb7603066ffaec55f1d89bdb752e9e
SHA256 d9a18458c9855359780274f7f9beba24734521db766075da4bc3a0631d612a9f
SHA512 8d262211b7d1ccef4b8aac1b2aaf637101015913afbf2b37546fb6944505bde8200a7e0b733e227525f3cbab7d6f04967d67c239e355892ee8eede824cf60da1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 d65f930486aa11f7b29c4d592a693e47
SHA1 1db3f7d4139c13e3e30e3da856bd05bb78f44284
SHA256 77a92928a26819aea33da210dcf1c1d65d4bbbd35953b2f9cc48522940c4baeb
SHA512 09be7f31c9d2f9d7620a5e6307681c51fc97d8c70766e3f04de365707eb68bf16aff6dcf1236d53d97e04d95072529720629ce0afe91011514057b936f4df00d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 2e85e3db77a44721919c0bc1853a7921
SHA1 5efc8f5d174a2b62545ec816c316f9068ab167c8
SHA256 713b022f2638910da7ed85959aa2fc6090f858c30d160fdd2e564c6e1f8f86d5
SHA512 9c1aac3a51745e6ed20ff41348f2452bed690eb75555ec5b1b43ef4346fe72f03175a1036f104d98b16eea0436c916bd0f5d2e5292861253f72c46f095a34c10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 0866db313909556d6c9aa511ed7d5ea4
SHA1 6a89c63099ee1d42bf5fc5030f3c02f302e456db
SHA256 b2b11e80269aea4cf9a806eae2e2446a6e68ca3109ac2324f6f49ba7949ce2b1
SHA512 58ffcbce87a46f254a8249edcb7585a937b98baa65c97763a9c9411470a73c728ff7997c32aaf3eb84d1d9f6cf69339b4f7763e1a105f583528f9ec9b8457e0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2c318be8ab20f252ec57eae4f92281af
SHA1 6378527fd5dc8890e7c596cfaba4c8cd29664981
SHA256 509c6094bfb85891f9436c588101fdaf0a066ca3b5092c1289b792bb30cd1111
SHA512 6f69ef355247fc194d04cd5b12c5d2c8bfe940a81054817d6937bfafaf4d126536f7c35e8a44d22f69e48322032ecf40baeacb66b1a1c8bce06be626f2d3ca63

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 d465086b7d8c4b519f71983def0505da
SHA1 91790fe38bb3550913a1eea17c1a13f4abbd6eef
SHA256 69919de74ae7dfce561cae2492797b4e5be69b9434c6925a5c3e90db0ee9dbe1
SHA512 843269d61a67b1203dbe74eec357dbab642fb6a1ae1dc5d1b746fc9839bb2f28d9e0c931302ca8cf4dc1c7d83fa096faecc486cef1e4baf2d264b70ce0ac0c1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 0a319d76d88a8c0b12797d1f2bbcd9ac
SHA1 7ec988e9e9352dd24f96acc178670f007c1c0f89
SHA256 4bae5bc6b8f8269764446c5881ea217708e1d15e79432ab7e8522dac57ececa7
SHA512 5d97f6a4d61e180e83aec21b1a1fa9e27700eb04205859503d20019b570129e577ab490752d3a7bee668ba35708b0112cadfcede6ad86ec55a3dc6b3c1b26759

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d2860518bd389013583f7b727e6a805c
SHA1 cd8afa36773c9402a087a7ca3e54f0442b7f7a3f
SHA256 38215898f4cfd9bc5cd3d12cd5bc79c11a80db4d918b768106dc14665f667326
SHA512 7048445a0ae94e31484da343beb4213788bdb4db833e8496816285b760a53b28622420eec6e952a6eb1180fff1dd7e9b8442d45991b12f74524f8d238322fe8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7f89ca38700a52d763547d4403141c9d
SHA1 a7ee9804519a9c3d611bd3e75e2290222bb4ed94
SHA256 d21416f6099bf345379fe5094f496cb3e6ba94dce14b81bb8b40acd4fddafecd
SHA512 7717f996baa65cb6ba79ecaafab9fec204617c587fa31d54f2faee7db426fc01f023b98e703938c7bc5720b31e0febfcb97742e5f5c32d4c90949ef12a87f741

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 a44835e0e447f6f96a8decf5e45f7687
SHA1 61917c870ecae2d7d30d02b63e923966764eb85b
SHA256 73c525ac68db2deb8487ee39661613d70f7fedaabd92fd4f49b8d9e7bab99b75
SHA512 c2da001b3c3b8a62d94dbca7828350da475fc120b96a1d560ecc2e3471402385a733d056d428a7222263a4f5ce05e3d8350a86eb08227f5080b28671eb003f5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 743cda0d014e8e9eece3156d3735df76
SHA1 fbf0db9935badd17dfdc1cfd6e52d7b524c0548d
SHA256 7dda2a95a368b9041a36bf3b26e104de79210a1a4c3497199201f8b2ec2a3737
SHA512 00fe083bf69758460b13b10912cb96eb057be29e61421c03f0e0963593bdee6e27cadc1d4fa842e20bd842cb98014b2e3f05fa408cc07d18c3a4c3f9ebe52cc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 8cc2500c45932b482c098bd2b20d3a77
SHA1 ca4c4667fc659898270a931383a537c2ce31c341
SHA256 680d349be132005b03062d719e7aae4f190df7ba7293a96ff8bd4eeecc1eb7a0
SHA512 33b14fffd92abb1831be2a91a652a52e3ead2d21d21586fec0ad4a3c4a85afc1b0570155e24190bfd33bb2dbf9a99fe6ffbb1c96b89bc9f10f6ec4d7e6c2a607

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 8c682fb2db00475978b9f4da99defd5e
SHA1 3c9d1f9ca8ca27f73e53463b52c3ce262aa313e1
SHA256 6e92aba55d0a31a40326c7f1cda1886a734cdbf312766f05e99f195e23d74acb
SHA512 dc9fb60d5ef2b784664bd7f38ad46a8d4dbfc8f29121a55c03896c5c36f064317d6c633b827272ea2cf69469e814e52dfb27277db247bd22b1c1dccf035de9ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 40afb3e79d3eb46357225d28c238802b
SHA1 20d97ca3b190e68076a89fb50f5b7f1f8fdf58dc
SHA256 112e6a459f32204087e54cac032ff44a5460235c66139f279dbfee6d064efacb
SHA512 f2a1ddd30e07e06b05588a9314424852d41c70a5a3e8f6c60720ffd37b3946505c4c51a0f034af91fa21231d6f4828a1d1e0a8a450bf26085726fcc191ce2e50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 fbaa1bc62b555c67f27e7ac73221bed8
SHA1 52dce23bcfe736eb4ca55aee5457b1b87d5a9307
SHA256 66a3e979974966962dac78b7ecebe347573325e29fd86570adf4fdb4e2b7ce0a
SHA512 62503e477d4978c555311fd7bd86d034eccb213ad8795d33e4812ce4ae02a5d74966cd0dd527b9577e24c54a06043190ba2f12216ca38a8b1f2653190216fb4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif.157953

MD5 b8a68b71b49719ea4fcd994b26643b08
SHA1 13c5bc67d07d3c61566d13d4652ee45cbd67fd2f
SHA256 a1552d02631febef03d48f9fae4bc43f1d5d50e745aff77bd9c535005504485d
SHA512 cd6529700da91ffddae51df1da5f4409c80079e4ae02009c5006d75d84dfeceb4074756dd06a6cba021a19239817a077d9a4e2add021478c8163c9a70119d9af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 5833a6b6eab0abb443b628d65cce2a86
SHA1 8ef62cb2d7f123b7545fe9c9a7e3cf0fdfa58922
SHA256 4fff5d5663d2b80f7ffb3f41eda45b2acfba9b5e1e5d6ddf3a51c6163707d063
SHA512 2535063a8c9da127b87c5fc8689b7f8983eb8254998556bac015fd2716bdd9d63de47bf82bde45a7826a1698346bae08eae43f5426a994081b6c1e1f90c43874

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 11de64e70a31a778ebc7babe03a10029
SHA1 c49954c66fc3f855575762aa2364bfc8bb526ac7
SHA256 97555d60615042c076df02a744d6a5a8efb3613c2685eec0a2f938c1aa567a46
SHA512 35fe9687ecdb17d3e4a03d2d94e67c977831b49a53faf793cb2434e39434ca8e8ce87073cade8b999d58d4d44443b046222091fac9d54d10f248064c4d1235da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 cf271ce6dce4d8a224cd48139fee75ef
SHA1 7cb6355042a8fb282b7c2f70e78d6f7299c691e0
SHA256 8e3d00700651a179635388feaee77fa4f8f83f0adcdebef6ae5c70fd8a383e7f
SHA512 510f2120e8c57be462f1d15c7b8822974093b4fada24397b5263872ee5523c42a6c99f31a194040cc5e9556d412485b3283916898d2fd6b8de5166810b16aaa2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 e553cdce92f25dba2c4889ef6dd3e41b
SHA1 65ec7e4ece47b800b03d8ca3af4bd767aae5b55e
SHA256 6cf411582ab2bb75667f226a20989b2fc71d799c11492443257d91c39440649f
SHA512 e616b5822a4269ad1b383b36a4db374a741880da688b1718f68bd2ec17cd0758d2f7d610d5dd7fc7a2f574567f8da6ff03b1e23b432c6a6301395952c3194eda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 0258e9a745177636928cf7fe9c227b82
SHA1 9ac2b7a35dd867a0863721555a7e882fc0010833
SHA256 d9d9b79a40b4c4be13f398664f0cf4f2a4229a7c224f7268cce20d35eddefecb
SHA512 880ea246fcf0c3b67b7850e61e9c55cadf4f67893831c7e3694e771868c2f5a4b0acb916fa2377817858e3edb390c114ceea24138d42443a8dba91dbc07a7b1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 3f19e3ef052996c2a39860baaef2dcba
SHA1 a01c482fbf2a1256cde4a5880973658a9e1499d6
SHA256 5f6459b838ef64d83f2e0d9901e984087d2c9166cb07bee036125d9acda2e8a6
SHA512 f8293c88bf17d18852cf07663e33fad581c104fc921d3742d3d937a94a6468d966d579951cd43790a3ba617875fe0deeb7ac8984f3c5f3c4b3ac412d6c0679d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 d83424eb3740837fc204ba4dfdc47478
SHA1 dfae1072cc1b271617426737f57982df6c1aa44a
SHA256 72578a913ca92b8ba9d799d8a5cb662a5e19cc0da27c23dfa9148202e839ad79
SHA512 ca8032df671336ff10134fd6beca49294fb7bfae65d316699f4d1cea467a6f35b05ff5aa00c259e12bfd02a777f1a2753ef54bd9ffbcdc618b729272b21c00df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 48734a2dd4755eb8f978b21b1de75e6b
SHA1 b6d345b6b00c61df1f0ad51899add36cad685069
SHA256 61d1020cc60a9de12e7f79a2f8cf9c8a2e38de0921319fe18adcf4d5df5406ca
SHA512 b00c1280256da70e3648cb52e60a9a857ad334bd082fb8f4c664ddfa7397633cbf2e5ddea95775683314a343d220038eecce3c1b6c21d660b3620956ef463c44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 570fcf6f99ea5fb5a1a4c26c1d509c75
SHA1 d7e0e0606f6470c55be306db096608155b19ece9
SHA256 0a4c9dc9f0ec4c7831b48907d9707866aeea020dd6894a617cae190056bf8515
SHA512 d3513f3ac5e70037f9444f1e1530829d627bde441373f489c4be146844e1b32e9abfe695ace4128cf791ae481870ec2ad6bbb0893ff0bbd2282910e57b2974d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 52c792994f499241f60fddf5e7385981
SHA1 066ecec4a94aadd400a1db8ea5a6862a1fb21977
SHA256 eec9aae96d466fcd3b7b08580f1d82eea47a4cd7a3f7a12093560a19a90deb0c
SHA512 882b8af2fac989d63aa3952f4bfc25fa23112908af3ecb4cf79a46d3f96be845d9fc131f27513ddcd9dffd16245312805f97577c68e069e1d1b10e59c8805f44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 061bd241305e5cdf3fc7a031ada3b854
SHA1 f991f8b9b23bea4ebdbe926c4896d700773cc13b
SHA256 d7f6bd8bc816f0d383d1d74031af5ebd9061a0bd4733f561f83cfba96c1046f1
SHA512 8199bfb6a92332f7da3648326e3da2c4ff837ce9e70c8eeed57f06e95d764bc838b58794b75824823869e367850044f7d27d764b88dbc20a5802deacb3d1ae29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ebcb0c9b5e7210f9b7ccd74991525a89
SHA1 49a47f4985a41790a004665f89b0825b6826a497
SHA256 becc7fea551f95fdf59e87b3f8069a6619769a025fd9cd19e5dc2058f011d24a
SHA512 facdb5fb567b3f3bb22b53228ee819a1ef1e2dfd9c8be850830e6bf72cd02004a5716f3dafe6d0ddcd7fed172c7237ebe10a4b84c0cf83e0e69444b6844495eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 b7e1cb0e98e786c4ee0aa8e83cade82e
SHA1 c215959c283475a1bd267b6f4fc07b5b95c452a0
SHA256 f07f740bd64dff9a6f7fe4f72e43d94616fd0567768f034106b220b993feb8bb
SHA512 bd2d2715ce71fc26f6e03892459c0729b4c3d6f610c384f768b62856c43b36b32bfdbc9dcb2a3680895d7d2016864e896629898fb64192d800f834755b90c273

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 3eedd4c64f9f4075a98ef669aef3f8eb
SHA1 9d1f377c3e49880aebf30d997cc5196785f0a9a6
SHA256 af91c12e6c7bb6a213ef4e04ee7404693d86f17ef58974a706bb40be86253c44
SHA512 61a2fa8d59b1451b839f0d78967ea3264ef92e385dff69b8333f7fe0a72fcd75b4de60c52b7aae98dc497f4901c8111d9453f1e83b90f8d5a50118f130f8cadc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f38901629e48abac4b81bbee709498e0
SHA1 08d93de991eab59a3b8a2c15cabf1a483bfd5aa8
SHA256 2d2dccc709123ab13db0b7847dda70dbe514d976d25971b5b41113f82cfa8571
SHA512 4a3854a9b07edf5747bc8a99cfb50f5c85f448fb448cd30b816e89fd5e948a02e104448e1ab818a6b8c77becde4d5577c0eb7ba6f6f6b95da4ef2d93c47976ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 bdcdcb9da525618e39742a12fc188767
SHA1 c4edb75a9795f405db330c53fd30a95f52ab136c
SHA256 cacd9f407eac538822ce5188404006545687348177b45869cf85af60c3a4fd27
SHA512 1ebc2beba2958ca481e2cf729dfd6e9a9433d5c40788bf0dd82b95eafd9784ce877727550787d750bd919118d1626cef66cbc14dbdd3f5c594cc2c3435621926

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 2c70f9bf3a2bf4c0135e558cacce5359
SHA1 17075d128c39ca271bbe1abfddd9e75add4bc6c2
SHA256 90624724748961dd1628e5a93f2d56e2d6b92213ea9b35006838262dde3937ef
SHA512 9dca5dd26e2175d953c22090d20a74c711f05cf477a7d1b65a0e59b67444bf7a3b8583fc5a44de4256eb2c79ab64e98a5e9368ad350c6b0fbb308a62e72d3de3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 50a70798c0325bcd5056a2d528d6bced
SHA1 89100e90bd736ee269c466486f302d1e7405a2d6
SHA256 f9eaee6743b43133e7e8bc2a4048844501b149ede55557f58954828806543051
SHA512 a8da6213bf978101af606e9a3ac3bf935cbf8a9fccde10729b885d3565437f64ff1b3a00e649da1756b2f0465369fcf78ee515dc4308ce414dd5e79f00256c7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 9505433546f71d5ce9f7f209f5703c8e
SHA1 ec0f98a277b2c2ce7da69c242ab22d1d0353ec57
SHA256 e879a020ca7d4e58ce39d966c3ad0734d21b0da296924235411f3b09217aa7c2
SHA512 5d61ed7ef9ff24665a927ef69f008a7a8b82e39ad1c0b084ba7466c2a9900af9de222855418f08b71966aea31c7c8c81bb12006584b9340b5335804cba235876

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 744e1bd754f48507d3b6476104b25dfa
SHA1 6a1eb4dc40996cc04eb6d0034fe1925ebe95390a
SHA256 733ba6165fef0714f40990c681cfaa014cadcfc9eddf192529d10332a08223a7
SHA512 eae3df04621c6722c53fe777edd3287ec9f8e787a3ca58acb983309ec667499a6369457e5e8da86905d638d829c7e2b30a36c4d42f34f9b16f01bf54ba6605cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 7f8749fb4bfad95208c4b263b55c12a2
SHA1 15fc05a0110437948261cb7667e6b56236aa83df
SHA256 7ee94079b5007e4e7461a204d7944934247a65be02331c0405ea0c9ab5ae42bc
SHA512 c42e1f886882e8a99a3fec40b938ecb932ca006519e12442daef9ed5c9c332162d8022d18238b23a953552c9b34515a8eb70ce77267972e0df6f7defe1fa9e48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 02f48b53f5a043ae05c8bbe76f372c6d
SHA1 9ac934c79a499d0540e577a241aebed753301031
SHA256 525b596df7219c246e811991fdd70f49004aa91f0f74c3721f319d062b77df41
SHA512 44d59d87075984450fb3aae6a498a193f55255f2a23a0525dbea8141307a12c34f2608cd38d0b49d692f74b26a3498a2604ff6eacd97b8a8b34b87e971162aee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 013509a04fb1fe3925f8e9b0927bb11f
SHA1 2ce45bb83e70a3dbec852cb7897c9c1d691e256b
SHA256 aae0bea89ab359cc3a6f998727823b28123490ca97f0e0fc62a7b39209659003
SHA512 71777668c80cec896c60a2dae46cab12c94864aa1f10a559a99054b546973d3f805a52545f7718881e21854600b4db7d15adf189b390d128e5e9e27bc8b5f7f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 ae5091647fcc302e202b1be3c1e088f5
SHA1 76a100d022122f7f8b91b6d0095c99b392a98fd2
SHA256 6fffedd33a5ac318c4adff92dc82ff732ca014453a48db41fd2a5d5fc070d4a9
SHA512 3126abcfd3a6dd1e18c0862b2643a7858eaa182933fd0d567bdd5de790a5f8bfd27657b2ec5ec49600a6cae3c8497e07d4b962ac28280230848359d0409ebc56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 d910b1c3ec08b36938bfae93a491848e
SHA1 f116d2856aa644811cb5fbd873f70c8d4e74184b
SHA256 ba18ea47c8fada97579810fb733944f9a50200423676693c490f0dc79150a0b8
SHA512 1160e4a21a8ab11c649bd901532638019d97012a238ada8d452dff53444e67a4982a0053ef38f1cbd0faed4bac36c012fb368d9a06e2622041a8180dd8bb092d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 8e6bf9c5faba30522f2989de9e738bb0
SHA1 743516b2aa475c7995bc447c0edd90c5cd11f1cb
SHA256 875466ba806cbc0541ab5cec76cb6be6933ca4c0a2f4f0d9966d27af4ef47757
SHA512 35041e738d42235e7c8b08635732160731bfc6525b32e08e738b4151e14f631fc8c11c634ad36398e0968c1f68a35be16cf9e0f874253694dc9c78df48ef8e0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 c2ff731c766fb9da2396501ed2ffae06
SHA1 3dc03362bfdd5657a82037e2f1b2ee4956381bda
SHA256 fda81207e7f24a42af1b902add6cb10250889da2c1bb87064467e7cd1732bad1
SHA512 37565c23775d1c21d1a969d7a4cc435d7344bc7ae2812dfd8730d086ec2eab65944c6f17107b33c9b84da6f130c427f65f5e1c2bfcf15e38fbf7523115192863

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4b0e02855c303e5d8e5443c3114fba7f
SHA1 e55083c5e6d61b0723d99ac668517c8a941985af
SHA256 d1022f65076000faca87a9d506a80af4b08a797811c46f6aeeac53cc6649dd93
SHA512 925e3b155d132f02241aa9042769731902ab386bc28995f4342b2657d9b8b63f4eb7aa8fed693bb5b25768527375bd98a104ed66683b387a0b48c0298df9c0bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 5fc637ed917c81af16f361f618309205
SHA1 221c60b410d58c61c36afa379ec46f01524d3c62
SHA256 fdb2622ed09ce0f0ca345b96da64a8136497112c6a7786a061af3774a505754c
SHA512 8af531430a407a590ec407c3b372121ca8b1d997f7ee2f49f0caa48290d83eabe1fd3576c912c5404867cd4307c4cd311d82b4ab05f5425e1fa3fa6264ded396

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 97da0acdc28167907e5e89e6601174b8
SHA1 ecf0665e6578441e77d51295089353f21383e7e1
SHA256 c467240a9fe14dac0a67d2ce0327687cba656077d11c30ab0cb7c16f1476e8c1
SHA512 b8c3442852597b6d1448cce0ee4d423bd0defe13691d8149a2f897003600f512e8229effbe46d7e523c97e8f6863fe73585df74db976b697b8c915ad7607e540

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 63b784e8bc16def780b9894316f2f6f2
SHA1 4d79af0147fc8acde3c745d62d85ec8c644066ed
SHA256 d0752aa18d1b476dc5b35980c84ad56e868c9f70ac84811782a66a1351911ba5
SHA512 c42e42d1adb88b1bf246cf7b554224c58bc3a0f0c34256fa71b380235538042029f4b250d34e6c986e9de74d4d7189e4cc28537e11b732397fb4d4a6ee7c47d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 a39417b0d349d97e14e790983b30ce37
SHA1 5ad2f3b3bcacc77c8cfbf5e9282a49be88a5238d
SHA256 2925396500aa5eb865dc9dd4054f39f08ffb3b6c0de347c03d841c1f128001d7
SHA512 cec9b0918dfa62b8345a39b1fe1bafa3714513e174da0079f02b293a5b56196c5810afb0f6bc44eafc60c5ff201587629baba96af279187f91fb7650d8338f55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 3eafed88018b24cdc7b817a077389689
SHA1 41799f59ca1fd75548fcb23bf6c8e5fbe5a20c35
SHA256 40d3c98164ef09601319745003e9fd7daa533821907a1a6eea144666103af50b
SHA512 56500e784f6ac9b9e8fb7ca4d63ccc4db40295eb513cb6ca22913bea71769f78d0cee9c608af71119f53f5f5dd52870d9989ca73960843f9c989a5221524fc75

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9ea6892a592514c28f3f007039a83869
SHA1 a2a02baa741e70cdef2f98bb02c7c83438107dcc
SHA256 78e2aa777e7eed64924b6ab18565335f28a2b278a619beee71d0106f3edc84e1
SHA512 8f716875f16c4c6ea860ffbd661421d55c46d1d9981e90a3d44eb9626e22be3a9fad024c540c3e6d9a1045aaf09c66e90d7a196df32516bec0495bf26809717d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5e3b19f76c62d00bbb1d122a700f8ac1
SHA1 f741f640ed554697554ec01d99aa29a4b7e9e841
SHA256 85e0e6466b02998eca3e4a2ad9402ca012f8ce9bc848eff255b7ccf1e3c0ffdb
SHA512 809ce9fb5a107a4c94799795c7480f5dccbdfacec91292093d857f419c0e8ff1fae833d81e2f17f6c0641dfef99c551ed78317b0ce1bd3c3077fab9333ab34c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 16c0e2364b3373e472a45e75048dac04
SHA1 5c18ec7f12d7d179fbbc693acc50651fcc6e6c89
SHA256 8fb3ccb9b34da10d2ad84f9565cc7f6c304a78bc005e9cc8c496de283fdec423
SHA512 36ef26d1d92870eaf7c140e42674c4de4ddf12c077f98de574511bbf0eeb690214c3a0b6fee136b9c38538015128f09e41c877c7102a621deff30d46a9f4179d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 51f31971b36033904c8ebb3d9bc72065
SHA1 51662b2706e98a9e1ae6660e3172032b571ea459
SHA256 82727a3ea85731fcd226659e6c4155bedc916ea0afaabda47bcee30ebf8a40d1
SHA512 e36c8a213fe1b4b7ee534bc5e785f63e7549866d24c8d8b0d27b638167a0c1f10af9e13d16d33f112da5567bfcf5ed800072ce4faed710cd43e950cba2604e38

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 eee08885066978361d8abaa17ff70400
SHA1 b3b15f5af702f7516ad5b24c13576a80e2fdb844
SHA256 5e4305ed89c3d1a1bf6e9cef7bbca30c367ecccc1bfb22a3175b1595a1d12efe
SHA512 1b0595fa28f22019b81094974e4a9977b666c74c627559a04cbc0b45abafe0e48a80ef053852fa7a4f30c353c9f1c5059a1fb737dd860b7a101f8470710a8460

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 326513f77872e1497c65df6eee1c9d1d
SHA1 42fd9d9b0695eaa67ce05bf4fcff54b9a0678c43
SHA256 100fe1337a8d59627c53a94f0d410dc4b057dfff6e56cd0006cac05327d69a36
SHA512 12453f675e58723d2236315b3d0f40c97f927b3df38251427996cb4b7408f2b980ad9778cd84edaee33562d0b6fd6d962f84efe7520dd63b3db361c298fd7198

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e2a3b4c469de7b31f2afd5ec343aab40
SHA1 ae287329d77835206cd125b3eeff1c811bece13b
SHA256 d6defb1e9976b21f0627dc813ca1d63a60fec5b1a8ca380333ebfe45795311e7
SHA512 e6b433f98d255e954cbeb25e1ed1eb0ba956eae5faa005847914bcb644b15167da02c2ce79fa08272938de17234f163170b09b8c7706f34df87a33328d6037ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 51f8a4351625259b8feea4df81ee27a5
SHA1 8171dd9e1e442f7ffd1709240f7eb8b23e252520
SHA256 0dd28ea5b4246652b8054ae6e51fcb8af15f232f002a1935526a8213c4c069de
SHA512 45ed8c6581e10e67ae5bc43644c345611ac2a61d048b463e44179f8760c703370ec513c2be66b7ea280cd79ace09a51aa7b961c78bf5a925c9d7689ee7a66f99

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 c07314e5eaafa7b3963c1ce6635590a0
SHA1 43d42228ad32e5c4d6da16b3a892e884f26f5be3
SHA256 471ced9bd9f2c0dbfa8e476b625f5b3fe78b50603f3ec30e805b2494c11bb16d
SHA512 e0fe9f0de3dd9b51786f7d5ff549b64b7db70e1a211443bdbf44982188cd1c71f03d0b1fa3ae354670020679615d23942dd520ad1fce22646253493022c50be5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 54211f15cc83bc8ef54cb62dce92d0b1
SHA1 c40a9843ed992710098298fb8e1d4315725ee986
SHA256 9d035ffd80b755c7834dd0b7a19a017b7a558c6efe07a44a6a275fb897a7f9a2
SHA512 98cc373fdb9ebb050d9154ec88a3e8fe9e95c42183db9ef6fba51cd61c49f688d65a09fe3852acc8c2c8d87b1b0d9816521ea8404254c928808cb9b4a94232ce

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 67fd7a5d45498d57f0639c6ae30c7002
SHA1 408a0e0a6b9c04928b0d64a8b49e79135cf8d79d
SHA256 604e6f118f81143572c7f3e080e8b54b23b0fd9e23ba12cf8859b3bc59726ec1
SHA512 3c446d0b0a6cc5720a05ac855ba331529a90bedf307cad0e28573af3b5525ebc9de655482b89e44d4c9c828cff5322444e22e4781cc9dd68035232a780ba0ffa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 b3cd2a1d3551e7ec412cb12cece040fb
SHA1 ba12d66d71e4bcc1a5810de98ece0b2793e3cff5
SHA256 36a2f88d6a51e59194284e310e4740c500b644b703bd8b939dfb08b39fd3d550
SHA512 8991232256deb9fa872c604020cc1e3aa217bc397ab02b6ecfd03b6d8debd498a1a5b29a4a235d9410dc9069b9872211c59f22764330a8a57fc951a04fcf3649

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d2c13708f6380c35c5dbd682b808f0c9
SHA1 fc69f992da129f60f77536a020e5c4fbc68f82b0
SHA256 29e4a31815e17b03aa3faf116c7d99d04c8e3c5368122ffb756d5a46dd3901f4
SHA512 dee3b5d518b69dee5568ec344b669e245ccf09746d3520f0083992454b0183533d0705d5c5929ce1af909e4db759748b265ecaf48bd2075407764eb43dd5dea1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e4d41c23e04f9fcf29c03d77147dcc9b
SHA1 631315948d2da2df12aa45c0288d0dc5032ba099
SHA256 246bbebbb6b6c69a8cc3819dcc7cdda91714ee8a779561001f26a7f3896e45ca
SHA512 644c0246211b581a6b88000ba9216e77e1e2589d8474a2e629268c3b6ecbc25199afba4489e31eb93740a00f55c6c14f04ee8304535d338b90e28450ffadaf74

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 452d49e23089f887dcc36e7cfec0c4f2
SHA1 763d0be6d7a79422035668ede6dd674a1b4d745d
SHA256 8e0e5ae10dbf677e535b295bdce362456f88f575e77cdd1e62fca1d6c75b1fdd
SHA512 285c5f3d3cfede518d4b6a1ca47e4738e8936e0cacbb423f9d9dfdbed5c64d5f7e8e657a0944a8cf615804402b19c33eeaad1a71ca2a086690e41a4af2503088

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 28b20a47a682173f93dccf3921d4c69d
SHA1 3e5aa4d131899b0b367da569f801e216984bc941
SHA256 f224675401924966c42da19362d6d1b6544c1003c55b036bcfc6355fac8e5b44
SHA512 f826db99b77c00e037231b6007adbc693379df859c44f1ddbcaf9d9fb127b3bb5340d09db4bce68d1a482794d7e3181cde0056829e040210eb0e4279a69f99ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c0d7bc3404cadeca65478a566749b6c2
SHA1 9079424fd46095f8569f8cfac330da951c569418
SHA256 22c5e97e0d69c5b32426c4dbeb00289f3e13c3f384e2586ca67a5824e7052208
SHA512 cac97f6cbce9da53459ba1e41abd3651bc77d4986ed02e2dbe43fffbab5ac4c3dc53d166b61530fae38576cff8af28c19e7a497d120079dd2061ef28c5d3db57

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2441e3c16908f11b6bcd236f93b3ee35
SHA1 e27b2ff1c14a5b08cf217565a28d5edc5b6e60cf
SHA256 d34cbb1559618e4e8c85fc4e12d04c60cca5dbff252284ca1efaf4400b9c53de
SHA512 776a90903c011f53aa85c9b5a96d9b93ddc49b5e862a3c1712e63402c014de62222ca568d37b9f4bd93f1348eacc35a91e1be5ca983bfe16b7c575ae3d4bb08e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 291a37c5075c9fcb49c88dca7e75abcc
SHA1 81154fbf92332271d48da4595a230fd4cc52ee74
SHA256 5850d8b1f525c41dbb189fe36aeb3b4679a38f2022f7b9a0d4d9259794d9f96a
SHA512 1dde86e5ef955d54edf470180050ec7cb41b09d60f15ad4baf1237276388e5a9829359ed99bbedf27fe8c235afefc0d460375bbc91904845704bac469a43cb4e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e8b3707c97d91df8eca87ce8c2cc0373
SHA1 b191e9302c41769533307c3ac2280c5f10799f1a
SHA256 241d129d0a584d4383d7f9522ab0428dbf7b71cb93bdc44226af2b08cb121010
SHA512 c734d0b30d046b68d45d6a011d9019c91fc6046dd68ab14d145ce51d98ed0541fa2605c077f71719711d40148832279a998312ebf3fab54a26d11709515bce16

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ba594efb4b6653ee614caa18d976c79d
SHA1 d7e3dd845dc5382794e90163701bedc22e43ed96
SHA256 e629449881b0aca639613ac5f7e4b96cd3a15fec1023ddba07b3cf67a3d329f0
SHA512 61fd14e57161417a1acb8cb5c891cf02e1875925c1a71dc6a1025b237fc3c0450119a11ea84393f1a1ea8ad236c5d019d2c6c1986056761cb7b33e25cd8bb8d7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 4789e7f96983053f665b41248ac7d82f
SHA1 7cbb6436311ac5721caa0e731d825dc64e1dd482
SHA256 69096f46d09274b27aeb61dd3bfbaecfd8489548fbbaf92063a49a770d6449c3
SHA512 bc4834a36cdd5c3acc31f2fe403a24d875b6fa5f822161c88cb2f874e712ea13d49c733dd5b2d70dace99ebfb3ff9c2474607fd7666fb27ba58a8a5d3f265b00

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 da14d7c47823f93d4998de74c6b51a36
SHA1 4aea53e91f33fa92fe4d8a7689d353d12c08f31b
SHA256 ccb534fe3fbacac74d73e0cddcd55b8aa0c255485d1245c434b227cede5e5746
SHA512 f566d52f076df743315e37f15d2220ca6f0b76e242f5fcadd65e2eee86d08ed061f16eca65788dbe6d7b754bf3b8fda1612af8b426d0d29e87abaae995517b55

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 df28862681bf1c09a365b19f11e044e4
SHA1 fba0289f2f104cd5e53944fdfbd1ef46a2abf122
SHA256 7447abe5e93db894de44f1d949c4f58a59c5334aa11cb219a83dda22dda3ae05
SHA512 55968c806221f203c9962fa022458718cec2bc85b651d0a94556b590a5685607f568e2ac673f0a1338a5cab026a19dfb63902a847e4b9cdb8ad2d9dd245d6ca2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e106827611dfe1cd524400aae74faa74
SHA1 fedfeeb83f9d657e725a9ee5e6c01c1bb84a81c7
SHA256 1a0e35740fb63d357ce923fce53805b9d80d0fc20388db01178a5c0772bb1553
SHA512 1518574778b02c8a250a76637afabad8225435e8365a6410a0b2ff03c9cdf11cc49e6431011180910a73e4a5582b06871318454c5144e96d537f248cd4d0f6b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a3f49753ac61ba319dd065a0cac18a28
SHA1 a2ff784e2952ba5d4e4265a0312699373e6a9b9a
SHA256 5a1bfab86e5862c8044f4dfa6fd824e79e641819b0407afd366878ad47b7f701
SHA512 afc793091d6f050473497b123ee92d22df1ff0792089cd18834ba3647634bb1de1ca4477103164b31e8f2f7974c4242e527448abb3d1e95f18e792ad0f51c93e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-08 11:40

Reported

2024-12-08 11:43

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe"

Signatures

Renames multiple (2183) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_74bb5e3e01cfd526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_bfabc750039f8ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_b74e18ebf47de72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\YahooPromoTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\2.jpg C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\6.jpg C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\sendingLight.gif C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Json\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-up.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LockScreenLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\add-comment.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Preview.scale-200_layoutdir-LTR.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-100_contrast-high.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\LogoBeta.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125_contrast-high.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-200.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp4.scale-125.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-30.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\34.jpg C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-remoteposworker_31bf3856ad364e35_10.0.19041.1_none_d570c31a162768ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_guestinterface.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_d4c11707d90b7d97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nt-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b2cc5d8f1b6b020d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..communication-winrt_31bf3856ad364e35_10.0.19041.867_none_d23b6d4be95e3f80\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_2470928dac14483c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_en-us_19341bd8495fd344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\splashscreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..anagement.resources_31bf3856ad364e35_10.0.19041.1_es-es_f712a3ac6a0bdd7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_10.0.19041.1_es-es_11bdf628787f22b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_51af3fe9747b2ac4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net9500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_64aa7f15f0275f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_presentationcore_31bf3856ad364e35_4.0.15805.0_none_d98c964acb93f681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Tpm.Commands.Resources\v4.0_10.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.visualbasic.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_35121ab21a02b8b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_eventviewer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c681a6538fc9e40f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12platform2_31bf3856ad364e35_11.0.19041.746_none_e96d63dc613210e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kdscli.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c33b7f14f3f2940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cb027767e0c94681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_f12_context_chartselection_clear_disabled.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-wudf-smc-classext_31bf3856ad364e35_10.0.19041.1_none_34645cc30b7fbea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.log.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_d3915b21724559c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.19041.746_none_9dd2fd0bc68c998c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile44x44.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.746_none_3f2d4097772e54ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tapicore.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba2ddb082fc69890\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.746_none_687db275b43858e0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_10.0.19041.1266_none_af088594af3a4ea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-networkcenter_31bf3856ad364e35_10.0.19041.423_none_1dfa0c156bf3cda3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tapiservice_31bf3856ad364e35_10.0.19041.84_none_e534a0664770c42c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..s-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a90789ee968e8035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2aaa2a7ed28c270a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..on-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_69700e77687a5a51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicequeryprovider_31bf3856ad364e35_10.0.19041.1_none_974055e21492d599\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1288_none_380fca96841747d4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_sl-si_b068fa9d1555b8df\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_7c6065e05fc486c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_en-us_b511a5babb2e8bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.data.services.design.resources_b77a5c561934e089_10.0.19041.1_es-es_eb932f11892ecf08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ngerprintcredential_31bf3856ad364e35_10.0.19041.1081_none_1acc3ea302a542af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-openwith.resources_31bf3856ad364e35_10.0.19041.1_it-it_65d15bc663ac5cf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1_none_de83be952b0afb6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.compressi..ilesystem.resources_b77a5c561934e089_4.0.15805.0_it-it_1764058b9d95f1ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsreplication.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_9a47e17b777b2876\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-credwiz_31bf3856ad364e35_10.0.19041.1_none_55cbbe2f0b32a503\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-host-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_07dc2f32ba97dfa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_678a73cff4c240cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4cedfff00010ef7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.0.19041.1_en-us_6f7f1a93c9ea8397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars43.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ryoptimization-mgmt_31bf3856ad364e35_10.0.19041.1266_none_cf8da0ad7e53f2a4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msvideodsp_31bf3856ad364e35_10.0.19041.746_none_ad89793cfc7e4a0b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_10.0.19041.1_it-it_66605a628b963f04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000488_31bf3856ad364e35_10.0.19041.1_none_aaa1d82335f7eeb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.19041.1_en-us_7cd59418f708faf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.546_none_2e110dc7e116d9cd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe,0" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.157953 C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.157953\ = "BUJYFGNMEYMSLBG" C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d6dc4a3412996de04df54bbf0cafcf5f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 f7b1a7c2747732fdbe4f31406c7ff809
SHA1 c3d9ba99199fd3b6e357699ca59f3f359729a075
SHA256 2958ba7b084b4097bccfb53bc6141c9e73c3ac67b9eea400ecd63528d69e5ec1
SHA512 105b8c363eed685fae1ac9e53320c143044116b8d8ab23844a2c6ef08ca3c81add491ef3d9f09a64e0b5712007073c66141e7b23f5d59686cf554c41892fa67a

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 3bee9abcfbc086b08b06be9ab32a7d64
SHA1 390a6169f6619246a4c86c057e85a21e26df13a0
SHA256 854f8e80ad90f10c9dbd09d675e456aed38928e48aa5c1150e7ecaea7de5c6c3
SHA512 dec95f807d1230d0be24a1c4299f6bb0d09b600a84a5cc7f6177ae0ff13db0e6705dc08a3aba2df347c832dec987e84630200540cb01c0fbdc1f560dd0e5efda

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 5d23d3efd0dd0fe0a6f0482f0b04ea3e
SHA1 f3caf024f56f33fcc3d82f66eacdb3876875e1c8
SHA256 0f3574f147732bd9b1d80dfe7151949802a8ef66320470c55b4b1375fe2184cc
SHA512 cdfac1d8fd45da409dda2937a4be769d9a76abe78915a1ac503155317784b30116da8231ed55ac1c32b91310965c62bb957530ae512ddcc659c26d87c0c85c57

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 16410e5799a3eeccdbf0e76703de76db
SHA1 abc1612a4cee5c20f8f5aee47d97927d9dcaa129
SHA256 ba97b59869ceedb2a94bf3b7948782f9e968a0a652e640da87158ddb4643ac7a
SHA512 3249d926b5416b86c48401ee0eaa8de2fcdc0769780a10144b2a2d9c519e53e1017fb4e1875014e1b1a06f74a8506456f3ebf8687bbd8f7a08df4b1b952aac3e

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 cadad57a12c29995d3bec46326d0b733
SHA1 65e9f4389e10abcdb9863904aee283afb1061d38
SHA256 924f3b16d39587492d2657b10aa8ce9a53a04335347bb6b5517ca229964555ef
SHA512 a16db083e2018f7e546be203e74b1a6faec6f702f7c3b2f80a45de0b5ef15420e2c8e6dea1047b5954563b08ad065eac99e0abd99c38f780401de81572923442

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 66093839a614900fcc2900fecf3ea3f0
SHA1 35e8208e2a8406600ae3c81aeb54b802791b95de
SHA256 3f5bb43bf319e37c12ebfaeb9c8585bde45d9c42bbc7f48b487f9ea6d50d3606
SHA512 e91edcc1009ec9391cd61d3a7ca54c2c64fc21405d8d8e847b36b3614b95f9a860148449fbe8cd5950a2efe94c976f90809cdc5e55b445eaf474072d9f11d5c7

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 3062453028d244b0260ba2d9d26b424d
SHA1 14aaa189885b94daa205d1d4326953c2e02fe435
SHA256 e3ac495dd895d7b50ed86a153e0b6a5e5b84ba402cb9a7b954235efb61cd79c5
SHA512 9abf9f93d88ed4e268344b46cf784282b0909ea8e7b4f55f3d98f900ed39cadee214ed6a91c7f08d9c643681074e7c613aa546952262f272eafc450b985f679b

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 65fe3822de71213ab9e0cd5676c1bff1
SHA1 c6b9b1b5bc702bb5fab7772feb8855a5c029938b
SHA256 d082f052dba59611210d392362543a8707138c538e5ed25301fe44b6429009cb
SHA512 b32975f581743d55b338ee4cfe64fca6b47dc0e2c02e8942e7f6127494dbe35553c57c9fbe15da3c04c27a65b1c75057ab95d6c3ce6b2c5000456d94519acab5

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 cf0d5b67f95e10a471289d7f3260aa88
SHA1 d5bb850d3f0df0caf9bc278fa490b5d0d65e7f4f
SHA256 c9f92c1551b2ed0c323dd9508df928fca5704f68661cf536a99493b8ccf2e68f
SHA512 0bdb95dd57f1c22c97f0df77767a2edf990ba2df20691b365bf1dcd2e538eb4bd9a936f181dbf2b148f81d637ad9919993a54519d766409014fe074d2976692a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 ffe811ff4f2faa76c5cb546ca6b9c863
SHA1 4af3f22d0224a12e2d3ba1b502f1dba596715e01
SHA256 9a85ae497f0d2a8daf89b1f7c73b50b227cf8e007af33ba1c692cf1667502581
SHA512 a420126ff7449d1b4cb918a36d17e34592c08603446a0683849e534345ecf6464213f5198afe169e81c0c15809f9cb2f31049ed2524ed91a3bb880efb6979b13

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 b96e961ebbc79880fcf91edfa0211cb0
SHA1 f36300458edded3bc5adefe495a27ce1fbf817f3
SHA256 f7284249e80bbef0d82ed9b49777ab12df4450e9d40ce382f7058c512f5f359e
SHA512 15427d870f1c5479a53c39f8a7be3bdfe0fecbf6d193a0f4bdf299028f321b0f97acd6ecade3278e36b8b969930ea2a43b531779e8ef2a91a8830d5122101dd5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 125198efd002b0c1bf0cb98b92d8fe36
SHA1 947a251d1b01ead4aa3d48e8ed0de801920cf87f
SHA256 a0531af53bb19e8785e857ede5d5eadd8552d7b6ea172d8ed0ac630ba699bf80
SHA512 94ff666acde8ab7e4a620c2021ebb4d8e3672aa8f29ab94db79d98380dd2a6b5872efde5b6f83ea453dfe8bd6b407774819a5578a9861ab30072baada8c4c537

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 1f5c2110faf6cad6d7ee42f16e4c83b4
SHA1 daa28841cc12c566bbe0c522a0ccca7ae107f535
SHA256 e9acefd77ada43b825d264ed70947c8ebd1c5f1fae05408c8b7eac8939209358
SHA512 2a4bbb46de743276be33fbb10d28fbedf9f198471211accac7f851ffcc90b86ec1369c67a620f18090a2b166d3e7ff805936c500810e30ad2c29e5545b8e4ded

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 670843f27624ac672381cd69a7fbd7d1
SHA1 a3b7b27db5b2f9450b373bcf420196c896bfcd1b
SHA256 c76c7e9ad94f490bb418f132c5d1cd03e25f0f163f4dc20590391b3d6917b21e
SHA512 76b7cc11c7aa69da91e5095ab1aaaf78b9c6b2370fde66525ef44c8712da637f5d6cd4beaaaf7d0253f832214c9628843d9195a7b993fb72ff524125e67c6454

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 7a6483b010c1a2bdeb9fefc613d55961
SHA1 7f44474a70704cd65f625f8e43fcf496dcaee724
SHA256 b4aebfad9837c4182197b0ba740e6415e70a601c06cdfad6651fd2e8462cb0f6
SHA512 b005300bccce203189bda0382c5d6fd8b9ad8950a5e050c1834e58d08856068750c48068128b04b04b48515610d111d01035ddd5198269782d7b29b8201a3ca5

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 90d4bfed5a42abdf5121d8cddb007209
SHA1 993211a8ef0cd79c410a8f43578fcab54292d001
SHA256 ccad4a216bc8f47631bfbe779a7f96a2a68b89b1ef6e1f3938e38b77ecb11edd
SHA512 673356580fc139170ac39e9ae339edaef2dd50c6ff8ceac90a1c6ab750459adcae3243bc25395ca792ca4318f03ae2bbdc326ee319adcae31369fca88acaad8b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 e553b6ede5e12d2401f1beae52b4ea38
SHA1 4ebf55d41358e24d996134f078c43ce7ab731112
SHA256 2db80f4f6a8ac85aa1b5de0405de8a71be7a617ff4c1529389c45ab7c564f723
SHA512 71301a676cfed1f423a71f3ce55fcc395699aee86968162e4a1ee3bb955504542c013fe76b947425d7d9e4d24a4103e161f71d95e167e8f555d8ddd517ff09ba

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 6c456eeaa42cfd62dfda8175ca4f5d97
SHA1 2d8323cb46c9889a4d4d2ace6d824a492afce0ff
SHA256 61ae8481750fb88692e04f21125b2a6d0ed0d40ea66e08ca403b95bc305d68f6
SHA512 4960b0014dd60222d6a5380915b302e9deae3e9034f8638adb6944831f1491a05d0dee841fa43c786bede1582312d57e2175bae80839ec65274b12a2ec971d72

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e9d54e6f273c9fc697df95b6d0752296
SHA1 50af7b9a36cc8492cde21ff99e2f30d26c256d93
SHA256 3017dea15065e7ae4ff0fdec89d8ed40e9c8efb02439c7ddcd25ab93938e778e
SHA512 fbbaad81330204b55d145e2cdf2406d22005fd3d5b7d300dde9316c3b71b8cc8974a1350d94df8b99d18967232adb7e4ebc93199f5f89cb3047a3228aa0286da

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 6bf67fd22c5cceb4b5754354aada9bee
SHA1 c5a73b86a115c4c219581d2e43b365fbabe4dcdb
SHA256 6b92ee14142f0284b76c51182fec86bdd5d4ac164ea8461d06167ee57811ce79
SHA512 e529909e885818e233558f25d38b024f85009622884fda8bd51fb1cc3a775885a5dc8f545c984305c0da3993d37f0864a8740ee07a4fbbcbdf74cf57fe681574

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 8199354da004faa26d44561ff4b54e05
SHA1 aa4b83c86144926424f0e53bfa5944c9529c5b95
SHA256 ced4fa17fbd19c3f986c9ff1d38186b940c5d86fa4018baf7b6907b3d96b95e2
SHA512 88b8828d63e840131c72e88f7258856ae493c00f39327f73c908d3e5f814fbc2c93daeeb61fa92dd6cfa80daec82f663fb8f5880bbd249f9ff7f2c372b9576be

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 6fbd7c1f836972a5756e22bbedcb9ab5
SHA1 7f5f1b4c99dbeb896cf51dca9a7687eb2dcb897d
SHA256 822341a6b7d2dc89e60ab8ed2036b7bf6b9b1273c21d507a4b62cd6172069b87
SHA512 c97a49b77802da92923f69ef9a8f90a3eb25bd467741d527884ae103bfc718abcfcfceec5aeeeeead6c0b828e78deb394ec0a742a258966d0bfd0c275ecf96e1

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 2c0e6a5ae1e86d90aa06338dec165889
SHA1 3af42540fcd2651c7e45d051024b9a1f4c3cf7d0
SHA256 326f8565f79615befd956ed0590466cc89f7411babfa615e197de7422341c76f
SHA512 80af6e947676098ebfba25abe5e6c2bb63f47c40a7c9182a0cd03884ae802a59c5e9f231a0ea464e4cb226c4f107f9b5774d67eb5eb27f69ed5c851dd9bbaeda

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2e85f5f2d246de99e7be96cd9ac218f2
SHA1 2441ca7f37e107e1b113233c647cbf4070f74b31
SHA256 9a8b0ee25cd464f5d211ba36d7ec25d2241717b9063967a2fee4dbddfcbee959
SHA512 21b47f6174a05954959642e8fcdf184a65bb69536a15222b32931841927971f0d090a1e1be34f83e33ada1ef0afd2cf01a69bce9ecdcb35f1cb2a32c47fde532

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 7aeaa7cbe841dbd8eeaf22e11d5f61ad
SHA1 50c60467068b7efca0e14723bb8e679f8669fe5a
SHA256 1dd2159fd40ddbf5a2a25768f8197c36e66aa634d4f6f22fd9b142a7b24e9a44
SHA512 70f22a58c0efb905d151acf50f81d66dfa6a30e2b2ebb453327e927ed95014d0ee7c950c6dd29b5456af6ad66d84492b5f514d1e12ceb3dd0b90a0f9f2f41603

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 744f013a14fa5729fc19b72ff9c84ff7
SHA1 559b2973609e167eabbf6fb6653ee6a5b3beb4bc
SHA256 3c6ef85f8b239c51859ab69b40c68d90cdad5b9627825fa9da8872246b1840fd
SHA512 459995f2537297684f1ca4e721f703b95cb2c0b98a4926a9a9ba8cc5f88a9088f181175c0733c230e46589c4ae09d09f6316d96fa91058b67a1e1a6b83e3d153

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 894dfa10322c469f1eb94812f1ba5127
SHA1 10f66746a503c998a86085d24ab39f622f2ca1cf
SHA256 4a6a65a528599d452eb43b0c08c2b217e37adf4a41ac393076332c42afd9ee98
SHA512 89363114afe02ba4dd4eeecd2ab785d4db747f775237d7e438aefb55f9ab846534d3cfe3fb84aa89198f29708c1b611753760a887976054691e7c1d372e3c9ba

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 6badade3228ba854bebb7c50905c84bb
SHA1 93d48d0e6fd52b0458822d71ae3b3edc6de7f134
SHA256 753a0f125dd22ae85f5794be9cdb802b400567f61c3fd399934c3dcdb81b3fed
SHA512 328c0a640c2518d0542e486846ee651b6e5125a406240c7d8ab55676ddb5399570071b2b8271978e79f4ceb12bf3e4b5b4299122ba2f9a9d1fa208ee58412a72

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 839e34c847c1b16ad2ba204fe3a438ca
SHA1 c6281367d0a22c3263d84d309861245fb8ed261f
SHA256 b4c51a38e0d2e5d6efa6ae15671153fae8991ce3cbe009d8b73d31f758ff20b0
SHA512 ef384d34a854b825eeb1bec567d29629a5f74027d738503d178b55448ce7f2f6ff3652860fb20862314b897096046242f4024e0787071cf2a7f2e2cc3d27ca5e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 408cf57f002604ade04a17efd3bcc2bc
SHA1 8743541f63a3205ba6a09a04112a629b60b80d10
SHA256 62f03cfd6b7d891249ed537e6f6e60f4a94c3215c9bb68c880a935a32dc47416
SHA512 443b78f4cce8231d16c5dfe3ac1f5f1a945db3907dd9908852ec9c35c76f2517ac3e1bf1586793acdd4d5db10aa55beb7348c2b91158ad2df1ef490cd6a2c3d3

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 68371ed940e5f5368e6884cdc0156217
SHA1 f1b7b9eb122f97ed84dc598f7e61ea838ffcfb01
SHA256 85f5c7a945ebe05939f50bfb0bd21ae6e86f990732b2e3d176911235e1750bc7
SHA512 64f9297e04ecbcce0e0348f7f21ec2008be3e9a9c4fc5e95ce7ddd41841f73608094ebf80b0e9c43c40a38c1c6c2442868e46ff4c3b7f01d320c0aa47e093eb0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 274161e127dbc2219012184f43c77e93
SHA1 421649e7dd4fb5cde69a465996226b7d10949bcc
SHA256 af5e86fd8b90dbcf2f49bd3097b1ba7573d7a7a990c28f52b4334fbec1640ec5
SHA512 8f9bc472166888c11598e1b615d4ce63640d1e73ee89127c3f395f6abb355cffb9f1f683aae2589d8d9991e50fd480202315cd286bbbf9bf211ee05f4b8999d0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 16d4357c2ffac251d30c96ba1b2c77e7
SHA1 eadbef3974da6b40ae7ec8636975e35a42e5a6a4
SHA256 0188182db9dd374ee3101cb37e880d2a858f3f984f4d0ca0b10e6fdc7a08a626
SHA512 bb145fa56b95a045872f686e5643bd19e4a7a24e18b1a6cabf2f5882078f88f4b71cdc6f10295311687330950a0611e75a166f3ef981724c9123a38b2f8ea28e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 56bdc3e0c10475b86f1868581d205953
SHA1 7691a9962b1e29f0c975058f90e5f3a24f931462
SHA256 0d7cf5ab649f422315a51af42c76a2f1b7ac1c37e17a58742aec3cca1945896c
SHA512 13eba0b4b779a0d9e28476b5ed9e67908469fe887dce623f4e3327010b0f7d8aabe43e844af1bdd1cfffdf0191e2781a62f599286fcca3adf8602821b9ef0120

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 5a84031300c29677ffa99011142a574e
SHA1 363ef7a7ac1f6454184121f5d3caece1ef867949
SHA256 0fafba4bf0b792faaa7242d189062bf0ab579781d4b4b1ecdfcbf33eaf6fa4cf
SHA512 93633d6724a15d0bc78bcfcd56b56833d472a5791014ff734dd5a630ab627f1065b693fd04951e40f0e76c5313ba78ba2003158a92f8e3c523085c8b0b7b3e81

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 68177c12f67a62e8cbc08d47c4b2d7bb
SHA1 2409850ba74f8c35bbc2fbb2f7ce50d5e28b2500
SHA256 32f1f84396363b105e5fd41ca85ad967854841368519fc9100f827c33f95a109
SHA512 ceead1bff528b4025473d41018505f8fcd87cee1c04ee305384a4f7ed06b0bba93b69505b28058b7053db54dce253c33465d57c6ad8a9a855a1203fc5f572638

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 8bd96dbe6ab1151d1a15c9c5074bcf32
SHA1 52c44161125ef8336f9c7c5369e79d80709968bb
SHA256 1664d5ca45ed897d239174161db1001359d5c8f5fafd96686e86e57bca7672b0
SHA512 c27dd4308c7e6e53e0830717346942c06b1abb3265e556781222c383307bd128e3d2a912cbf146b6cabaf07e0e8f0f8ffddfee539fef4ed97aa71eedd1a9ed6f

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 bffcaf0d4dee65ecfdec5221efcd1114
SHA1 d197a67d7b6c0046a75fdb489c6d99a41808d6a0
SHA256 ea0284d390454d42ff7538d6aa0a379593b36945347b824cb260a30de40664a3
SHA512 9210d2e88e996674411792c9155dfa29d042cb4a5af5155267aeb6ebf2e790cc45a12eec3667910ba3eb021e182b73c19252f37b34362e94599787f31833d980

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 c09724e6ce7dd64e3aae2817506d0e7e
SHA1 43f2e1cd494c45ca0a210b6015a2a7fd279307bf
SHA256 9e8ed41334f6247b568d34bdd70f4943b701b5e42c90674d9c533a8e872ba80b
SHA512 448ec63c65d8166e666cd1043bc05d8d4ebc8613071ec750775090f0fdc383da9566511eb9ee3612842a39e28821c3bd8910fc886c695108829e566ce503d5a2

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c73ccb650e675965ee1723c3482219da
SHA1 7ed05d57fb91a2c543496c288d502e229cbb3743
SHA256 565ab6a296b964797eaeda459c13136cac80ce07f06effa4902881f00a9c8110
SHA512 d45079fa6be5d97ed9d9c008eb704d12ee39af386cbdb82088ab5a17cd4a13bdf89224fecd74632f60c6ed3d8d22d5acc1c98501e90f6995ba5556c4f0633fd6

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 349cca6681351a335042880bd8886003
SHA1 abc99b668fdbc35712d9e709209b17d8bf04974b
SHA256 44a1e57ef633f2480f07d860797deb7b9931914da780416ca4a93beb8dcc5409
SHA512 0d2ae7d3ce3600fb2d5ac552ceb4a9c0a27341c79226e3f8c691d38e9ab4dbaaf2cc97afeb8009addebf6e1795560bec625e5660ea06fdbbd1cca48d9202d154

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 d5713addc6a14c164077b512afa7913c
SHA1 0acd5224d1b04715e736e0244b4b32f204b48576
SHA256 8bc20f9df8defdff71c0f4f94aec33bb84e5761ca6a290d3956af5761053e605
SHA512 10edabf6f374a9dd2e244b8ec8f1043782483ff3313d3620d71de3c2ce456783351323c7939cb2940d43c89f6b12eb272e85aadf2fb261f37b48ac20f0dba316

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 60c112091de70b2e8567f5c1bcc4980b
SHA1 8e1d4064756569c6f7d32c001c2912e8aa25459a
SHA256 7130539c50d146b5f5044e884fda847cb5f909d328ecc31a2ddcd5c5c9660b22
SHA512 4b2d3a137824152972763b21aebdd88e56cf295c1e7a3d19d81191c3e2891cf1dadf60cdac42b7594645ee75d600cfa01ab76ec8d315673eabaa8f819de987ef

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0d46228aa9ef2d093ba8c16cdc3341a6
SHA1 2b948d251451378ec593ed05b906b55912848731
SHA256 82806c31122c3372d3d4795e4491a4a722cf98448e049c080e94af40fa49fef4
SHA512 b5b84bf6ea573c0f3c20246f53a783377813dc0c1dc3fb27f3bea8722b024c1619b42efbac407e49ab1ff46bb209d27ed800ca1be12d7cedd8ca15355a5e25da

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 3ba0e3dd6bd9c3cf77f1ad018cb64f70
SHA1 0d359ff087eaa2b25d2ceea8c12d7464ca45d66f
SHA256 d22e78adb03a1508bd81956bb67e21730553b0a60264bdd0dea6d2ec0526c751
SHA512 3760ad0b2367d03fb2b301ceb0006cbf4fc27f345d95971d3b149cfc0aa27a2e59db6af7d697785359f59db14f06071ad6ea294e5f16ac81d92bc32153131582

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 1a3a0250e7e6b9c78a11c68bfa1444cd
SHA1 1b170188b969acd319344ceec603ce8880a302e5
SHA256 c239a9edbbd35480d18c1c2f92f97d0368c4630a1a4e71eab84ae481a0a009de
SHA512 d5dc668af12d27b628824106ada453e1986d8a957d4761cc8fa316feae6181c18c22f95ef580b1185a749851fda823d5ef7c7967c822a38c2fde68d0575e84a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 e73fe9a8c69d30afdfe455cb51e2d000
SHA1 00f56109f610bd9f3b317e5b1cae7e0974291d21
SHA256 65ddd5976670de07a4c44bc7cdd606ab54ac32a029368ce76c677f9863bc936c
SHA512 805fd3fd0de3b64f462f7b751221e1a4f72ee689da926bbf06a4cede0b794a64e8932a91658b9563914c4a605eba6593fb11d86273af5c22184a19ddf53a1154

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 f064ed0ed903162d8e25022391693718
SHA1 620a78ef786d2fd7354775c3176619b83e5ab329
SHA256 6e93b620ec55f6593c9e5c67cdc003c878cec43886208296fd948b6f8236c967
SHA512 7e912f19ddd0b8ca930e075f107287c3842eecb66cec99451febca0b8ecab34d8cf4ad314c4b3f4bdeed03e25592ec0a1069545ae079c291a9f890976c908806

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a94c5be3ae7981804c250093049b7cab
SHA1 c80170f9aff54d5a7d658380d4e311785ec51ef9
SHA256 282652d34b7d03d14e0c9ecdef618582526416a7d94e6580052486364a763bf9
SHA512 94f8c232710aa30cae178240a02cf35274aa406d718aea0264bc94d1b1f1efb8e9714f39a2f2ca5ac6f063cae3d420a7e5e2675af7e5842a278b109ce6da4932

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 115e267cbd959dd70cd9a35de6623b44
SHA1 5fb9e39d392284792a8644535f9e0ea5579c3528
SHA256 bc0fb80b4158bb592b3f5c5e85be064738ba96f04f69b9d89c2234a2de320526
SHA512 e34a8ac3e62fc903c742a463123534eeb731667e56dc0315129ef91589540a1fb3b400986c03f7eae417be608b5355f20ed348a0cd99e81d79669a5e6e4afa28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 fe1a261f24ba5ace607782b66cdb60fb
SHA1 fe7234684542c07854fb032a039f0387aac06522
SHA256 d969c7ba6ba967707dacaff00aaa920732cd999d6f427f1021742818bcfb0e7c
SHA512 81260bcd371a5db162736fabe38535273cef8c02dfb0b18e3694f9dfe3577cdcdbc5fa9241db113d2216556d72c281bfe5d37021ed21228556636d2845dbc4fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 82728222bcfcf4c85551e429020b7c50
SHA1 e115f9700a4f78a1508957fe015bdd97d747889c
SHA256 5fe55892010a19af66b34e9ad7d05e74ec33bc23f78078052af988a615dd4131
SHA512 37218dbee230e112f09b61ac1c77d3fcc3229e68e2df2e2593315e7f2edd002d824628ef30822d571500ad1afe61593d781c644e4ceeed81d8b87241f3ddfe4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 e3615fdde7900c649ae7ce2396564b6e
SHA1 12329b153e268bbb2c9628c1588e50b2c0f2a05f
SHA256 967e312063074161203218f5672a886155bbed0da26bbae1bc6ded37d199fd4c
SHA512 dc97130ddb358bde931dc5987b3e11b105a49a04bf11375ae3d7844e7eca62f791345390790da83bca68de98e94e0f66ef724ebf1fca11789144aa3ed7b2341e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 cc825548be256e1c69e732d3d47b4e9a
SHA1 5a3be5e332171436ef528bbd5cd063a200d51a3a
SHA256 b1ebbee814bb4efde5ca4a45814190d4424b29f58d4aad9d6299df93d80dcb87
SHA512 6c2023ed292673d4c7cbbbaaf9273d0a737c4023605ebabca94b06f5422ec222f8156778e1795b57b9171d4da65e20426723faf30a04948a552f1c5f381db0d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ec9b7d60032e6a92ba0ebf0217a8d912
SHA1 dc876f3c158774c834ebad8fdd1d23e48ccb0528
SHA256 9002047b8313bc33883871f11c0b7328e73c5a993fdaeb202de6aa9e793e98b9
SHA512 5597af80c2715e0630bac6231af489bb367e1341f718532d48710ef8353259ba45e2b7c9a5cb3d0dac85ae0cf23ec70be695a6b788da518a26676b9281c5f57a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 89630112bc02bcc73a85e9a83cc604e9
SHA1 c1198791476a9f75c9f072fe1104c1a7a29ffb9b
SHA256 77f5ae0f8a7b400f829d1fd31f5349b8bcbdddb7cf1864ae46d94d95ca6a9441
SHA512 71a396af3fd5fbbefd43fbf3303f589859110419d2a3fdb429d78e0a563d19680295a92eda2b1034f74c19213dc1cb768dcb7682d50aac7243de8a58d31911a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 9d7a26985624cee44de0cda40b662230
SHA1 9bffdd36e54c8dee44ff2c3136fbab0520d0cf2c
SHA256 0fb87eb7ce829bcdb59fe80183e59efc18d39a808e9f5436371ce66af5422479
SHA512 e169687fed758fd4ca756daa97f1dd631bfc568302c7f746bd8d3e3d7a1bf8c6610390a8b347c68e686eaffb6f90ea1bb6c98a224509d0412c559a623377d249

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 6523708174fd125bf820e34b8e4d0f4d
SHA1 620a1fc2389851bc41fb2251b829ffdbff281cc5
SHA256 899f241a68b7a0984efc016e51d2edcfb8179791285f7715f91077df7e38fa17
SHA512 65a9fdc892d1532197507d58612409ced4f5b4ebf4b91f5569e7050fd7cbf4c227581367c86a5e1c6b92a3db2e94c69323a7eea6cf9ce094752768dce76ee160

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 462c2316687cdd8c47d3a442e70fac3d
SHA1 4a3d78d53f50718037a4b191d22aaf7d4fd7348c
SHA256 5d029f0752606270a960d154631ac16f6c1e4029ab1e0002c2d30441ab554735
SHA512 b6db90c006faa3cc078c8328c00448e7222d85650e90c6bbac9d4262dac0671e9a589b07f3de32259039d03057933abed304b0c84a0b05f2e3f8fd0736c2f9b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 0ebe36a0e6dc9dc7dcb47e0fd5f88373
SHA1 6652463fc41770509b096ad660a6260245de0a62
SHA256 16a82d166f63dfa729081d493e2c0212a72b4f894cb85e3b1537e3498f1f9bb3
SHA512 bee9728ae32a6a4349559aa90fbf5092de1d25268e86afa53c4f68584e1f73e77834d22fc2bf7ed83e3139db0dc9b0ce8e36b613bd681e50f0ca1a45f199d551

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 b7adc68352ba50471668ab2b65651771
SHA1 6aab1267299a2043b26da164f2ce73fbf912ccf6
SHA256 54595392703cd330173e8d38dfecabfd931f21eba9c250a78559459f8deb42e6
SHA512 785fab4b2b062b2ac40d25580603c6bbc983ceadf2b4ca5b2f4802f4aebb2de90c63fc493aa80ca5875265b59907d3425f8d010f583d63e4e26c1541d491c128

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 cda087a3ca8522f92e102c4937d62efc
SHA1 30f5bcd5ab9273a2ece39b14b5bc1df0b7c5a584
SHA256 24327d5a9f911e44791c6e4d0a53b995f92641352c67a6f0a13672c834e10360
SHA512 307e41c98713add8e5f2f664efd2c91cb6f5ce1ca688fc0be4bebc931676d672e964bd63b720bdf7e1018f87ec674cc4daff6f3789819d141cc282b15145073a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 de8b0f622c5ee12ea9c4b240b1c5f37c
SHA1 5b5c38f2ffae8c6e2f66610a84b343d8a06ff908
SHA256 05de118c3310b5dac96fabaab376165458d4d3aeb5567864b42886cd9e5607ad
SHA512 e9896d2cc306c365af752a4957648924c018c0b6e214c2538169fdb5d2dc4ca1020606f061ae7ce5bd6b37c77c2b854e741db75489dc51e04f9821ab408a6646

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 43448700b1318072bd277fad6a8ca200
SHA1 d03dd91b84fe669cf28323709fc5cae06953d3e8
SHA256 edfbbb82951aaa6d4c656627f88db235ea3b7dca5bda9c0c8a0ac140b6bc67e7
SHA512 f3117ce4f9145fc0d1a5aa1677c1b161f4b225922c749985a219888c70e77b305345ac5c4faa1adad3f69873f2de42d22c0106bdd5e0bef256611beadcca86af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 0ee8f44609ccb5fce9c5a420c54697ec
SHA1 4453faed013a6a11a555acbe4fcc32bb92439edf
SHA256 d9d868f6cbf580751c6d4d48e82a1c963283ffc75b0df78bf609d7aa55a413a9
SHA512 2a1525e6581f104f6c0ffea34aba4d98c4e84973092c0262d09d4dd4f91286df28ad123587d19629e38849898ec6aa6a55ab9ccd707a11efa868f01f98943f88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 59fc00aae174f77c84e81b1b1de08540
SHA1 a018d2dd08694668f97cf8a39247f1b0bc273a41
SHA256 dd4ad9da4648afdb1884d32a9f6bdf2984633618ac141f8830c8b3a2924b0b8f
SHA512 04934605af88fbf0af87e73442ba3c2de00bedddeb30194eaf2ff3d01c88fcd084666094cc9c06c3caff5a4634c5263fb03cb99a3f4c39e1dec4cc6820cfd02f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a0f1aeef607795ab4d62a5abc1332db7
SHA1 b81c88f0f66842e1e59dd709ada68880f4a7fd38
SHA256 448b955f08a1de164829c890788d0a7d94c91c5073532b778772b1d259fe8d4e
SHA512 d8cea97fd7a4caf1c7900c89a9a5b3e5c6cda7fb81a283d662526f0f34abcb0f4910f50f441966314638299eb3f8dc2a677e68a915f0e302e05a755b8b6f0893

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 3a7ae5618ec57c874b6f8ac25cfce41b
SHA1 bf42f4ba23dec74d4f3a9b12b10669423dcc3a7b
SHA256 c8db18a5516ddd23315de2e584f0fb565cbd418807d5662ff2dad6bb77b06de9
SHA512 097773b1164952b405ff98ddd19dc2e09a68b13cd5f836386d0fcf5b40728bf7d88b111041df1d98c67f0213b7fc5147fbeb1f58ec1783a9026f59a0340e7179

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 fabcf47cb01aad8432e89fb01a833279
SHA1 827256409deef4a5bcc9020081cb7a4a34f9d28a
SHA256 1750cc6d4a7b9c27510cb3a64ffe780008722691a7db63b4fd8bf041e0da5c58
SHA512 f5e977221f79762c363a2d7d05996ce261e9bf5d565ed0cd8bbf61d56cf16762df329c714b0e458f371aa09e93e308683d5c05df75e9fca98b5ddf65e535d353

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 b716cd650df6dceb5e5a4c8ffd2f8938
SHA1 8e2472e42cf572834c7adbd02d924f00c59eea35
SHA256 7cd7af384106b93a8f0b0b1d542425f205edf87282fbc2645b1f9b56751840b1
SHA512 2278b1a351e7aa18fe830ec4eba8756e294c95e0977eb7722e45899828cf36adbc0368c79be96597b15e319aacde32b6ae8eb22796294089340eb64c859e6843

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 13ac75fd2a2c8581c9e470e97f869114
SHA1 d55700fc0ad89875ecf5e9293ffb8b00f30d57b2
SHA256 f9aa8587d933a99c5dd6ffdcca6625a5bf7e77556681d2882083894eeedfe881
SHA512 fe14c158a10077bdcd8f3e13a2a8afb071a537ef5fbcb5f988857043aa791e4a4e02a0824e48c7f9ed2f7d2218f486f504517df1c5509ab97c3b333319c1796e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 a327fd06a51b247f05b99f878aa3f6a9
SHA1 4fa7242f6930aa6c485a68dcbdeb94adde79d40c
SHA256 1a8ed908b7c17a9fe153ad38724bb79213a62c2e5eefc171f8702bca19edb3fc
SHA512 8a556a0c40b18aec1b90f761f5e8f31b7d70dc44d015fe86b37c42043014a4e586cd76636cbfda0959ecdca3562fead22b07293360f4baa211816b8d63a7d042

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 400f1cd15043c1b6eae361bb8cdafa6b
SHA1 30d737198fb6a68e6c2c5d8ff5c1ad4c323399a1
SHA256 8c8e84c6fc51abf8f4ac3bc8cc9f7dc2fe2b48b9c0851368d83c826c6e0fc1a2
SHA512 f29421883162dc7428141e16c8423e68154b6e2578e46701cb232037a1b79d80d7e293cd9f4b90b3340bce7567d32551a6b924f2d38e29cc13a04d37e29f2f0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 b6eb8fa8a5cb9c81754ddfa8bfacb9ce
SHA1 aeda4cd603a7bd054a5c2f84b81ae7d17a051e00
SHA256 fcf37dc7cfc2cc493578a34f6fe15411887bd41a15aa6fb776503f9b672190f2
SHA512 cebe893e9d7e9be8eaba511c4af27d026f82b1f539dd47a102f778719c7db3b4a3be91440353136d2a227d4750a447562812dad8d97dbfc8e0c286ed90f7c5b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e0a08887bae5b40e9078dff008cf9be3
SHA1 f12e91d7e90f8fba451a3fa13af1a95709c69563
SHA256 a8b159ce4ef7743aa39c0daf01010a18190b53d5147fa3a2136875b54f8ef2a2
SHA512 c7753960d71c24f65619363c1456a5c5c50617e1b3e19c6cbf09454bb7c873ba279f64b60b2ffc86e56bf73f7414da7c7316fee0bd7837f7382eef0385ddb8c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 2652569b1898d44c91fce71ff17d92fc
SHA1 340bc0f488e223d1b644be4d02d9f566e55f1edb
SHA256 aa3dcb3b6f81427de1e7f1f283fac0cbcdb52ea65634df968a2a3b00b041f4d6
SHA512 e5e87f3228cce686b643843bb2178e84bd913fb62e034ff343ed59dea5a0ef4a7c8895c203e042954546b901c819f8932b75562e5557e8a053411432c6cce2ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 099329c56a234ffdbcfbcd610a3f1f89
SHA1 6352329cd3601e4dbf28bc3c0d9a53e254f47523
SHA256 cf5045e6d1b7aa0a7d7759260a2f46a6dd8eb30a33980dccbeaa59317654f4eb
SHA512 63aff947cc4a820d051a77b791259e5e2daa8544313208e467c8b96601e5d66e0b4d3c7a6ddc314f17a3b886b9f67aab256b9688d83b03eb319ea050395bcebe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2da32ec4cb4d730f5c5668fc94679b3f
SHA1 51c3bcfe88181ef2bcda87fa893d4a01b113a4ba
SHA256 2312adc88bc91260756d9f39219379482ff25196187b9a573b8e54d1248bdf0f
SHA512 a7a9eb31724aa4d11252e6c54dc88c39341ecc9fc8165d37e779251385289c175599e8d31b71cb0612da3af540634294863d0637a4d855401f287179430fabc8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 a5d0b02338bff32f5be67dd630666b29
SHA1 14d9a132c85c07b19b12f9f06607fe4b3a40ab91
SHA256 9c521c43da18ae25173b8c1b00af2681c354f4d87693022bb664918801d3fae5
SHA512 9cc6a4386a1097518464a82939bdde2d72a60cfd9548852440ec2a2aa3d60880bac7ae37a067074767919e936c7e4dda38379f32d52bbc90e78dfbc5d2bd97a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 1db68b8de6e3e56369081687593e6fd4
SHA1 7482a754ed28a3cba95a42b693ccd5b1a6120e8a
SHA256 08d96753c6c25d2cb948da4e93e3db5c0a2a98041be052966159c042b05bb9be
SHA512 24735d2ae3629fd6876e34aedf40707e3ac1ff5ff0040d80f2e229f59e4a8ab0f11b395d5b70ee96d122ae478ddb2a6d986242574c9659c08702f5ce3f2eb8e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 43f9299950981d066d36d0c3a19aee2b
SHA1 3bf222f83025d58fe19ddb9ea6d0298ba315eb47
SHA256 fdfbe719caee4aa476fd6ef984a3189b0101eabf5a4badfe9168e7433ad3d19a
SHA512 8ffedffcf629a62ad22be9935d980e704f8704fc91968e88a04ccf0fa1cb36272ed49f88966c175e3e1099f95165c19ce334f132f4414adb6c085d283f565f9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 3a992942d1b4b517b4ff0c6da0818ad7
SHA1 52bdf532557d09cff834a1e9dca5fa0840db7f77
SHA256 95f032fb1d371e133d8f23c9ae5b79f5922cce281a4359441d1758ac69639004
SHA512 5e9f577fe54ac216aa0c105bfa3400df46e9df7e561812b9bf83e1507cfc98d9b4efa3114fc33e7100b341861f96e33972b2875b8263f677a627ff57e2a5c14e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 c140b5be8cb3539cf85d8ea05ccdc6ef
SHA1 acb88b6fa3208964f92e0aeb25381a7047ad8823
SHA256 c98d752a3fda97813f813d27eef6d2c96de1e23cec1eb60356d8d5e0c3c59d24
SHA512 01f8e0e6f57eea928691bb91927abda49049f8023466eba740dc159041c70ae1f1f943bfe084bcc97fcf6845c4c66508fa58364e03c59951011d2df6a70250ec

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8c263853413c802f19552e486c7f0f55
SHA1 87c535bbc13bf5bb824df2c2fe967dc5838fe131
SHA256 7943bf66399e0aae83ab551d5a381bed43a5f0292d1c2f841e57a147903be1ff
SHA512 607622edf0f87e08016225fe61402e7f0eb8d603ab49714648cf315754e0a1e5d9c30711625e0ac52c3f8e8c624e63d484a1422c73754cf3f4a5b9b32354f7c8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 9526ecd575d7216a241508eaeae4d003
SHA1 32c048147467b887a1c176ea0cdddf8bbc305c3f
SHA256 a547935db26daf7babe7d863a552d2f848a08ba09c5ad39b6fc61b4a8021063c
SHA512 7559190737efd1e9a6d33d10fd7f547b373aafdf7570dd84f22cf86a38f6bea08c9b30d4f7f1a32023b70b734c53a7601b1f437cc31321ff0a3ff96b7823bfe0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 0ab7065ef45645209a49bc28c39f6e51
SHA1 8ed6618e6b0f182237fef033c768f62b3d9fdb2f
SHA256 8f583f686d5ef1b4139aae2f172d77af80de49285124bcbbba061106f83b750c
SHA512 129145efaf2662fc0a0ec3f0b2d6230b60a370d5226fc3e46d40479ec3b66c5ae894d88c6a431c15dca61a3d4766a6544c5422f1039d68ca59a464470becf3b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 868bffcb2dd5b2c2bf9f033746b71648
SHA1 cf1e5b5e7b20cbf235fb8d9e7b7e20680876ad89
SHA256 24a71a290de06cc79745b6a4f0635b56ccc940bd9ce393fb761e27d5cbffa35b
SHA512 a8bd65c07ba4b43e5af80143a7b8a8dbe9ebb2ea712aa8aaa1371b4f95085e472446611313e9909651a49b47e9543a06cf962f13ca5b2f9b0c7d3bb68b88db9a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 72f3e91b63c39088f8d99abc1181ef51
SHA1 35854eb0ed010f98c5ea3118443d56955a775a97
SHA256 5b5653778c41314a6ed01ea2f6c0219bb2f596de5a3606d066644c50f3598714
SHA512 795cc5fa3cd348d2b1b1a06fe3d5dcf85ec1c3f9825e75a34acaca6ee3f0e58fc2d3c3cee3c4d7b4c78b2d8ec1ec4ff1da1ac69374cd07d046c3831879687236

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ba2d5a0550790090965cf79cebf7d7f6
SHA1 3913ceda5f1acc7e2f5a532be012efc73c61e09f
SHA256 55059ef891ce49e56fda9553f07e6aa75c11fd4d227c4d7dc4798c635ac1a470
SHA512 1ac3df040e892e226407f0f9280d8601e51d7921cdececc988bef42f0d570ebf44edf7a399a481540fc571acc0e626913574135a318de9b84bf4b51a2fc28874

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 eee08885066978361d8abaa17ff70400
SHA1 b3b15f5af702f7516ad5b24c13576a80e2fdb844
SHA256 5e4305ed89c3d1a1bf6e9cef7bbca30c367ecccc1bfb22a3175b1595a1d12efe
SHA512 1b0595fa28f22019b81094974e4a9977b666c74c627559a04cbc0b45abafe0e48a80ef053852fa7a4f30c353c9f1c5059a1fb737dd860b7a101f8470710a8460

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 326513f77872e1497c65df6eee1c9d1d
SHA1 42fd9d9b0695eaa67ce05bf4fcff54b9a0678c43
SHA256 100fe1337a8d59627c53a94f0d410dc4b057dfff6e56cd0006cac05327d69a36
SHA512 12453f675e58723d2236315b3d0f40c97f927b3df38251427996cb4b7408f2b980ad9778cd84edaee33562d0b6fd6d962f84efe7520dd63b3db361c298fd7198

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 e2a3b4c469de7b31f2afd5ec343aab40
SHA1 ae287329d77835206cd125b3eeff1c811bece13b
SHA256 d6defb1e9976b21f0627dc813ca1d63a60fec5b1a8ca380333ebfe45795311e7
SHA512 e6b433f98d255e954cbeb25e1ed1eb0ba956eae5faa005847914bcb644b15167da02c2ce79fa08272938de17234f163170b09b8c7706f34df87a33328d6037ec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 67fd7a5d45498d57f0639c6ae30c7002
SHA1 408a0e0a6b9c04928b0d64a8b49e79135cf8d79d
SHA256 604e6f118f81143572c7f3e080e8b54b23b0fd9e23ba12cf8859b3bc59726ec1
SHA512 3c446d0b0a6cc5720a05ac855ba331529a90bedf307cad0e28573af3b5525ebc9de655482b89e44d4c9c828cff5322444e22e4781cc9dd68035232a780ba0ffa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 51f8a4351625259b8feea4df81ee27a5
SHA1 8171dd9e1e442f7ffd1709240f7eb8b23e252520
SHA256 0dd28ea5b4246652b8054ae6e51fcb8af15f232f002a1935526a8213c4c069de
SHA512 45ed8c6581e10e67ae5bc43644c345611ac2a61d048b463e44179f8760c703370ec513c2be66b7ea280cd79ace09a51aa7b961c78bf5a925c9d7689ee7a66f99

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 54211f15cc83bc8ef54cb62dce92d0b1
SHA1 c40a9843ed992710098298fb8e1d4315725ee986
SHA256 9d035ffd80b755c7834dd0b7a19a017b7a558c6efe07a44a6a275fb897a7f9a2
SHA512 98cc373fdb9ebb050d9154ec88a3e8fe9e95c42183db9ef6fba51cd61c49f688d65a09fe3852acc8c2c8d87b1b0d9816521ea8404254c928808cb9b4a94232ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 c07314e5eaafa7b3963c1ce6635590a0
SHA1 43d42228ad32e5c4d6da16b3a892e884f26f5be3
SHA256 471ced9bd9f2c0dbfa8e476b625f5b3fe78b50603f3ec30e805b2494c11bb16d
SHA512 e0fe9f0de3dd9b51786f7d5ff549b64b7db70e1a211443bdbf44982188cd1c71f03d0b1fa3ae354670020679615d23942dd520ad1fce22646253493022c50be5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 28b20a47a682173f93dccf3921d4c69d
SHA1 3e5aa4d131899b0b367da569f801e216984bc941
SHA256 f224675401924966c42da19362d6d1b6544c1003c55b036bcfc6355fac8e5b44
SHA512 f826db99b77c00e037231b6007adbc693379df859c44f1ddbcaf9d9fb127b3bb5340d09db4bce68d1a482794d7e3181cde0056829e040210eb0e4279a69f99ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 452d49e23089f887dcc36e7cfec0c4f2
SHA1 763d0be6d7a79422035668ede6dd674a1b4d745d
SHA256 8e0e5ae10dbf677e535b295bdce362456f88f575e77cdd1e62fca1d6c75b1fdd
SHA512 285c5f3d3cfede518d4b6a1ca47e4738e8936e0cacbb423f9d9dfdbed5c64d5f7e8e657a0944a8cf615804402b19c33eeaad1a71ca2a086690e41a4af2503088

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 b3cd2a1d3551e7ec412cb12cece040fb
SHA1 ba12d66d71e4bcc1a5810de98ece0b2793e3cff5
SHA256 36a2f88d6a51e59194284e310e4740c500b644b703bd8b939dfb08b39fd3d550
SHA512 8991232256deb9fa872c604020cc1e3aa217bc397ab02b6ecfd03b6d8debd498a1a5b29a4a235d9410dc9069b9872211c59f22764330a8a57fc951a04fcf3649

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e4d41c23e04f9fcf29c03d77147dcc9b
SHA1 631315948d2da2df12aa45c0288d0dc5032ba099
SHA256 246bbebbb6b6c69a8cc3819dcc7cdda91714ee8a779561001f26a7f3896e45ca
SHA512 644c0246211b581a6b88000ba9216e77e1e2589d8474a2e629268c3b6ecbc25199afba4489e31eb93740a00f55c6c14f04ee8304535d338b90e28450ffadaf74

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d2c13708f6380c35c5dbd682b808f0c9
SHA1 fc69f992da129f60f77536a020e5c4fbc68f82b0
SHA256 29e4a31815e17b03aa3faf116c7d99d04c8e3c5368122ffb756d5a46dd3901f4
SHA512 dee3b5d518b69dee5568ec344b669e245ccf09746d3520f0083992454b0183533d0705d5c5929ce1af909e4db759748b265ecaf48bd2075407764eb43dd5dea1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a3f49753ac61ba319dd065a0cac18a28
SHA1 a2ff784e2952ba5d4e4265a0312699373e6a9b9a
SHA256 5a1bfab86e5862c8044f4dfa6fd824e79e641819b0407afd366878ad47b7f701
SHA512 afc793091d6f050473497b123ee92d22df1ff0792089cd18834ba3647634bb1de1ca4477103164b31e8f2f7974c4242e527448abb3d1e95f18e792ad0f51c93e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e106827611dfe1cd524400aae74faa74
SHA1 fedfeeb83f9d657e725a9ee5e6c01c1bb84a81c7
SHA256 1a0e35740fb63d357ce923fce53805b9d80d0fc20388db01178a5c0772bb1553
SHA512 1518574778b02c8a250a76637afabad8225435e8365a6410a0b2ff03c9cdf11cc49e6431011180910a73e4a5582b06871318454c5144e96d537f248cd4d0f6b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 df28862681bf1c09a365b19f11e044e4
SHA1 fba0289f2f104cd5e53944fdfbd1ef46a2abf122
SHA256 7447abe5e93db894de44f1d949c4f58a59c5334aa11cb219a83dda22dda3ae05
SHA512 55968c806221f203c9962fa022458718cec2bc85b651d0a94556b590a5685607f568e2ac673f0a1338a5cab026a19dfb63902a847e4b9cdb8ad2d9dd245d6ca2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 c0d7bc3404cadeca65478a566749b6c2
SHA1 9079424fd46095f8569f8cfac330da951c569418
SHA256 22c5e97e0d69c5b32426c4dbeb00289f3e13c3f384e2586ca67a5824e7052208
SHA512 cac97f6cbce9da53459ba1e41abd3651bc77d4986ed02e2dbe43fffbab5ac4c3dc53d166b61530fae38576cff8af28c19e7a497d120079dd2061ef28c5d3db57

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 da14d7c47823f93d4998de74c6b51a36
SHA1 4aea53e91f33fa92fe4d8a7689d353d12c08f31b
SHA256 ccb534fe3fbacac74d73e0cddcd55b8aa0c255485d1245c434b227cede5e5746
SHA512 f566d52f076df743315e37f15d2220ca6f0b76e242f5fcadd65e2eee86d08ed061f16eca65788dbe6d7b754bf3b8fda1612af8b426d0d29e87abaae995517b55

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 4789e7f96983053f665b41248ac7d82f
SHA1 7cbb6436311ac5721caa0e731d825dc64e1dd482
SHA256 69096f46d09274b27aeb61dd3bfbaecfd8489548fbbaf92063a49a770d6449c3
SHA512 bc4834a36cdd5c3acc31f2fe403a24d875b6fa5f822161c88cb2f874e712ea13d49c733dd5b2d70dace99ebfb3ff9c2474607fd7666fb27ba58a8a5d3f265b00

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e8b3707c97d91df8eca87ce8c2cc0373
SHA1 b191e9302c41769533307c3ac2280c5f10799f1a
SHA256 241d129d0a584d4383d7f9522ab0428dbf7b71cb93bdc44226af2b08cb121010
SHA512 c734d0b30d046b68d45d6a011d9019c91fc6046dd68ab14d145ce51d98ed0541fa2605c077f71719711d40148832279a998312ebf3fab54a26d11709515bce16

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 291a37c5075c9fcb49c88dca7e75abcc
SHA1 81154fbf92332271d48da4595a230fd4cc52ee74
SHA256 5850d8b1f525c41dbb189fe36aeb3b4679a38f2022f7b9a0d4d9259794d9f96a
SHA512 1dde86e5ef955d54edf470180050ec7cb41b09d60f15ad4baf1237276388e5a9829359ed99bbedf27fe8c235afefc0d460375bbc91904845704bac469a43cb4e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2441e3c16908f11b6bcd236f93b3ee35
SHA1 e27b2ff1c14a5b08cf217565a28d5edc5b6e60cf
SHA256 d34cbb1559618e4e8c85fc4e12d04c60cca5dbff252284ca1efaf4400b9c53de
SHA512 776a90903c011f53aa85c9b5a96d9b93ddc49b5e862a3c1712e63402c014de62222ca568d37b9f4bd93f1348eacc35a91e1be5ca983bfe16b7c575ae3d4bb08e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ba594efb4b6653ee614caa18d976c79d
SHA1 d7e3dd845dc5382794e90163701bedc22e43ed96
SHA256 e629449881b0aca639613ac5f7e4b96cd3a15fec1023ddba07b3cf67a3d329f0
SHA512 61fd14e57161417a1acb8cb5c891cf02e1875925c1a71dc6a1025b237fc3c0450119a11ea84393f1a1ea8ad236c5d019d2c6c1986056761cb7b33e25cd8bb8d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ebc752fc0c10e3464103661a6162056a
SHA1 9c72bd1abb838ec9abb24bd682203bf934de25c3
SHA256 7a0515c70890c8a6be4a89e6153bbbdce18d0173ca376099dbe9a32d897bc474
SHA512 a12d60146e253cc780f417888a6a2077d7ab76e7377a02d9f6830a1ccbbe4a2a3dba1ad52e0a5a0fc1d839ff69a635a6e9e21eceee25078b1cb39a0c05739a99

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 215ba1f1ab13aa4f4a292fb5dd11213b
SHA1 b6baa4fbffe23f16a52c1713e5109558f003a512
SHA256 6d9bee1da8c2886a7d50c52bafbd51388c165f1a79ab7735714d32ad582c9c3b
SHA512 e5d2ce66749590ba80ed7b5fc68b3f57e83689333365950f381b2ce1827fb9180cfb8abc763bc07767875edc04dc860c142282b8b67cb520935b22ba871a0c56

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 6a69a628f1f41d723cb7d8be769c0ae1
SHA1 de2a6769d4947ca1d0b74684f55e00b3f01eb3d4
SHA256 1175f3c405fe5a82b928618a9e6c70ca41fe421cda6a6b1f191589dcb387bc66
SHA512 2fca2fac28d6a5d6f6f367c65cf33a83d910beed8eb39240397831f5e0e5bafa6a6321b344f22bd9958f42d35a0fabdaf92ae51bb3d7a381420001f4a0cff1ca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 3707bc19d9b9f28e5812b2d6312969a7
SHA1 de46fa602312849ec93a9c954fecf0e25192a8f8
SHA256 d832b1e05e84ce3b7d53a13b93929b0a37268f42352a6cc8d41f491281754411
SHA512 fd1cf89bb2fed6f8bde082ee20a49bcf9ef400762a6cab1b960719d68e528c58437c584c924973b445333bc3790944d6afee37053f9c2f0a440f72cb236eec78

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 840724390d2a26c00e6e6b9ff440e9ea
SHA1 2c1b8bef2239334e5782f0a999f55efefcd9c671
SHA256 e2c36aff6f82ce81748b28f4e865b1d8c87ab481946f16ad9fc8f546a79ab43a
SHA512 d21e338aadec8028c14739acb1da3d6ba2a5a36c165c1709871cccaebee8397af706e676687ce8309c1c99bc0a85f3219c28c07c94a5f93134e829dd934e0cde

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 e37db6aa6f4168c4a2dd31452a67bdc4
SHA1 bec9aa733df13a1bd282da738c479757b822ba38
SHA256 5a4f456233c151489a3f8bec5e3e579048338cc3c862908bd429b2a042117d64
SHA512 35e4eb5963117c6d57da71f8c0a86985c8680b8103eb05e0400ec1b5aa1e3f0fce1daa12ef1e7f0f7c91ca39d49086487264c17cde2ccc574fd4db4fa8a42cc6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 6ce2ad74b625c695f7a922655109ab41
SHA1 e7d4198985654cf2bb75fe5befa28a38a0407c6c
SHA256 b914c2fc6228f2ba113d462d5f3431a049edae27a499d9c5384cc101f268e774
SHA512 eaf223cb67dfa953d1269e21520f1816c167ed188705f083f1cdb2a65ed56f5cbf5346d094e81a0da4354f617e8ccea4882b185b416cc923d858b79b8e1c3424

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 6c2c973d8d65793d81b21ef12fa5cdea
SHA1 3b48606faa71b04d5757ff5ff445b3741d73639b
SHA256 813050e7456ad51af186ddd87eaf589b849863066f27e8d44fd294bbb6e62ca0
SHA512 39355aea525bf579e4bd35367d8e01aa18854f35c6d3587753d14c3295cb392a6d60abe655e249b55157dc3b58faee6b988e45e17bb02d0b3a6926f76865e09d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 13536f3ff306d0dd47f00c35670d9c92
SHA1 88485ce21829bc34474e92d3fc4f5111e3f6c767
SHA256 04ed574425529b1b8e8bad721495cf20b41cd8d12e1da2296a81579820114529
SHA512 c1f4e36ddae5ad821ffdafc372f29d3df946180d4ede55bad24f2960060b67b30ec14012cd0c011ed1d248959b8fb20b883a2ad31592d4e3e4282307cd599312

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 d027f3b1e68aa590807055a4482ee185
SHA1 4c83591838e7efe8e681667224a433d1d8fa9ef4
SHA256 93cd052159a2fc9965b9a3d8a4a7c33d60789ac5c2e27c9585509ece63a77feb
SHA512 e6daba987a4204663edb9e956e702517d58acebb379179bbd6a8d564f68ec32ee2af4b71db968a4039f295568d9a7cca4ad0db54f1c0f75bf40fbdf751498853

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 4c14907f6e6e04b649ee1382f6961047
SHA1 2b4467b9aedef52b84be63f330026c66920d15b3
SHA256 6f6244eecbe32e91ab1ae4f5dca55ebf11a4d4851b73af223e6ea9eee782b013
SHA512 89fa8af6956f77957614a4c904d5d5afaa8612c21ffc3d96aa58ccf1fba7623704b2ba0724eb22d5fdd8402242ad926c3dd8cca07efff860913336f2b9362e6a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 7adb6ebada4534f7aef22c7854c932e5
SHA1 de006d3e0cfd6b89a32463dfd5e0dfd053246ead
SHA256 de4e7bd96ec1c06fcf9ec373b1dba48dfb8a0fef6b8c737e011b53a8ae8a6fdd
SHA512 c9bd7a57a993ea468f14e10e0a4c34a8f26c87ae7c05ddaa970e3182d09ca8c4c6c561759248f2c56c598a39b71e5247155abf85f0f1a907383f4d6d5904fef9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 dfa0ab9fa22cf534f94e641b2f966f39
SHA1 8f91bb4580ab2d6b7ededada81aff5aae1dfe771
SHA256 aefc48e14f1b17c9972101e0e425560e63a077fa1d65862c2383c23c0106fd5e
SHA512 60ec8eccac933c4426df8f26fc54cda832234cfee36bf362d0c6f932d2ae6896f0871c157460d2a3a5e6e3472447d2fc71aabbeea41c89f1a3ad6d21d526158d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 f827b7f51776c3e945d09aca04a6009d
SHA1 6afc3ffd3165394ca4df181cc45f4146a8bfe806
SHA256 c2765020cff1f79303a587d2185374d8999c65b542117f435826a9a8ebc7c277
SHA512 e18a4b7d4e783b0434b9a173de07bcbd9e58a34eca2bbbea39488c22ede852800b09e8edee7321ca61693bac75bc5bebe2e96650d9a3e4e08096bbecb842db72

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9695199f2bddd3cd4040a0e63594f585
SHA1 26a2e3392110607dd194c893376ab4f154324223
SHA256 6e175aaea4bcd889b1385b5c9db2974ffe6955c93e62afd085a1c25977faafa4
SHA512 371a435489896af2d9eb699f76d6b0a25d5245d7fa85fbe71aa382d6a68ed2f1d06345cf1bef0a74d6d5be23a77605520a703ffc398a21a8cbad9a3a65158371

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e8a48beb4eca4b36a8a5e4ca29898aa7
SHA1 0093ba5af2c74b558da939a80d49d2d68b1a171e
SHA256 ffbb9481f4da530e2044f35acc8e92a9a28ef4cf0fe4203e517d88d9fea8af45
SHA512 465b0becd642b21c5e2866af23e2d0579b45dbd834f56eaf0bb628eb4ee53c1e34594734523ec3f6e245bac1fd7111cb2d162a71319acf2fd0444a58fb909d46

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 4b24f1c9881e4f55aa4f11e53f94c53c
SHA1 34c20353fc8ac98865efbe82b481673dede6232a
SHA256 fa6e7e082a9dcb8023d16624e036877e0160dbc50513e4ba8b5fc1d5f54e8a3d
SHA512 dc66c7ca7c127a50745436ec106b24d01922e5d88681484818f6265acd9d15c2f6a7969702dfaa14dfd61c62f3eabd8457b7f1c4ad3422262935518c5182a988

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 3e20c7d9f127ae2546c396525579972c
SHA1 592f1cbd790772306897295653369ffd23fb300d
SHA256 b3d2b73534326b2d1474f4bb50c53ba599e4ba4f9d88187335a9c57eb054a4b3
SHA512 0f981022e5221078066e18525bc2efda33467ff76821bd0d6b0bc336dc2d7c63f2c25285633b980d6748859b2ce3e8ee6f86648885a1c772f58e1248a67df6f4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 97bd3b7ce482bf0cf080b77b1f093c1d
SHA1 0615522b7e19c4095d67472ad39060df39d1e058
SHA256 540f776d9b42264014ed8e032d947beae4eea48006f84ad4c13a23c3a1c49e81
SHA512 dea97d5f3e3dea5c34627cb27570aa1e9bfd6a726c85621918dbf8137047e7145bcba32f5fd02c30793c05d99acc84a4273d84344d1db2c2ea1e879b11487ecd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 cdd21fc0ac1f4e1f1bd67797fb1af78a
SHA1 ebd5069b599d7a304e4d7f200c9c75fc51ce7c18
SHA256 8aad3f889420a49661409b49b6c8b60a809c0674ea92b4291046bfd4220a4bb7
SHA512 5e4176374167ab1b879083011abee7aece870c5a8aaa8ba056b376db51ecf7711fce1a680367a61da6ee06636ed54de4c645c543681c145a47f58b3faa67b9e2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b0ec7362f48674248a606b520a2c1b11
SHA1 092854307f599a3139084623471d94220d0d062a
SHA256 30e978d7bfd8a6925b8e0ade5141eecb3ca3cc44457be05acb5cd47d9a777695
SHA512 eacd4b92dfc854e4f7293f14695c319003d06d9e0df486b6dcf80f8837aca74c4c45c31078935c08ac9e484382fcde4c96b80e02db05d51f7eb499f3289cc1a9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 76bc8386bdecc002727735ac3b3c3654
SHA1 93a05db7a5c391a298e967fac1ee2d5377dd56b5
SHA256 5cbe0aeb20faaaadf303f37d23f9e220c96c65b1ffbf157d328534189d4bb47d
SHA512 ebbb33a57466eb755b4fe115b372f0a03302e754a1bb06564d97069c62a9a60811668f03d21f754a9422127721e511880e86b7cf82aa34e4bc96ce1f2ba71217

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 0ae42cf9290d420fac80f14f51db79aa
SHA1 40677b8877fef024de2da725415a565f9ce5fbac
SHA256 bc34a6597c6dd58f052bb783d0cc26ee38037cca6d35ab5a78df686ccde792df
SHA512 bb1a050f3eb192ab2968d20a9bcffb4bc7adb599ddaa533f8a9b8bfc9ece8a64fe852db757f845675187b28cbbed8660aeb751dcdc4103b986ea22bcf68de0c5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6bb9150c5a7ec9734caefcb06ebfe8ef
SHA1 7e25a81cd835d2b9281ce30d5b6881392ea31d63
SHA256 c1993dcf124f6b5df17c4e6e6abc6a42fce9eac48613ab29705d4cc4d6816c57
SHA512 9f141cef61d662f6c4fb2e57522c8c1390b8536ae003a3dc5549dab583e37d5b33ed78905c27a5c9b981c85d3cce68d23ea36a77af3bfd034a6b9e70662b89b7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 cc4199ce3cca0b647c679d2613f81be8
SHA1 8a2315c6a85d81019c3c6196e08c219b54acf532
SHA256 4627676f43f468365420a797f41f75ed01127195e908a3ce2011a3afdd88c175
SHA512 2ab96a67f98fa35c7120e04d520d0fc6969bdd45ba65b313db935bc8dfe40772dae9ae6ae2f029319b94a9e7bff94cdd4386afbe779e3d8c44ad18541451688d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 8538ea0047e0364a22f54e352f1a53bc
SHA1 f54cc54c14ebe01683d02d218c68abe7e6cec0f3
SHA256 3abfcdbc8dfcec9874eba374b78fa75f69c8b7f15585bc5f02721ed556be47dd
SHA512 89c20745c011bae4ae9f87bc165f14be1c098a51a51469bf10f157d5ee933d343dd20a276a8f15408a5e3bc06866a7fcfcd4f0924cd35dabe7d5a726969a5f57

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 58c5c85b8c901213abe6709573892314
SHA1 fc82fd41a24fac34175c571dc503206c2c981708
SHA256 0a9394464ac598b50fe6da6de1a536b18746c2ec62cb439550dae4d1be51c8fd
SHA512 0fa610d57a845964359eb7a17e68339e3b4f15e07545009a1946a457d84c716df9c3634a2acd438b15560e9a3be493f8f9a849a2eb2094001dfa1a8cbbe63347

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 8feed4316f6e91c0d14606c671fe1af4
SHA1 663021d36afc0ea7d10f42cd6c41988ea1845c87
SHA256 ca712b1b1281a5555b69f1f01aa96eda9766f9c20bced507168346e6ba2dbc8f
SHA512 e6ebcc96cbb7367bb6a51adc209849e8ee6a2d96730312501bee2b1ae0921e24bec5c48a3e6aa46547b42ec6720c61a21a7d0f457bcebd027cc26c2980cc62e9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 08b466785f989e5609aa8e35729d3687
SHA1 cf073dbbc6db6460bd7fd8d5330870ee0ddf80dc
SHA256 255fc9bc08b86f77397893e012a804805621bf970fbc483ee4987a9f4fe75c92
SHA512 c6b397d8c019a3e51525738015b4219b29bc903b1099af9e5d4b40a751720a953468c77a18324f067a97c8b3e8372b61e69092abdfbd7e32c4c1d0cfd4be7c46

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 26d2b1dbad41f8858465612decc73db0
SHA1 7ab2e85352261ea7dec1b7b50b268f9cbed647d1
SHA256 9240615542d8aed2f4b60c09c9cc2ea7436be7abf27b534847d000141bcd1ce2
SHA512 f92147292cffea4618060f46db6925df4691c8fedd2b3515e76bba79e37b9d1c4cbfbecfea631ce5f9b0502c3df1d9e8c40e697153a892f4d7e9b9a9d0a37160

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 5b246641eae46332d8f1656305e1783a
SHA1 a3b46d4a74700e4326284a1ae4f19eb5a73ebe3a
SHA256 2f56271a4cfcc194130704eb622bbc47480c6783457d8fba09b78581a0514daa
SHA512 83c7fee06358090b775c443ffeb0d6b7c72d50916aef95f828692cff6e690333454e1934a571a539df4bf2015e3bf05ae2784757501e9c950c88edbb638d5afe

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f3e708453ac264e35c45f3b310cc7da1
SHA1 43c3ec9ee079705582528eb89420f7102ac642e4
SHA256 a2bee7234d7a284222aaa0c482b82a2508ea037b26eba4d79c1cf4ed1cdb4744
SHA512 3b8bc327a466462b3395ede8c8ac4ea6c10e7209b8da3b7936b164625b580925b730543efca6e15045eea405a9f210394de26723683a348bee88d1919f5b0cb0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 01e5cab0e287c0ab229174fc36e8a5ca
SHA1 befb03b76d370a115c0b7558a6f3f325d9c9dc15
SHA256 667e61b2e99ed3377c06867e0edbfcc4906faf5b7b5ba6e0646f52ad14c85080
SHA512 4a4452458d4516ad5f0c083937129c6232aa8aa2d8efed4734d4803250e1f4aa952773a952b9dff8ff88a242455d9468619616e620f0bb6184ea2476ef411e6a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 104b671d4142c19a5912d19d725a4fb0
SHA1 3f3548fc83dec6db7a53413ecf8cdd4cd8d71669
SHA256 82b18d30a9a6d44478d5a1c58afda31fe7229d96634dbc1f19ab1bbbbb1779e4
SHA512 07ac1d5c757305986de8e3e8e63d8ab78dc1bb0b67079dfc2b88d0831cb8796477bdf013ba57e981a19e9a8017d11b1f1cd3e31bcbbad9c5aa81eb080a4ee861

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ff861d26d6b7b991ba68ea2d4255d57b
SHA1 789cc8ea6c8743c6b3b72384a6de2e9d1e1420ad
SHA256 c6efdbd39f2e53ac5a01ec2d4182530417fdceee6e0879ce4b24837ab52cebec
SHA512 706bfaf0c86b258539c97364b5aa813a2409803a9f628acd8e00f43ba1576bd1bbe1274cd42130b21903e5a0e697213109a61d1bc3b4f8fff7888a3ac2b6f104

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 b027c7e1b43449947996682966a9b2a4
SHA1 b5c2e65b304914d53d0cb3c8da3ce225928ece57
SHA256 69505ddba311435ecae3f37cb7537527555172bdde0000a562946bbfa67219ed
SHA512 a74cdf953b10c03a5928198fe0a4fecdf06e99dc338563bb0536268b85e985e1c06523483e515f4ba3109767aa7560f0f5ccdd65af1e5abde611bb07e5e6bf5c