Malware Analysis Report

2025-01-18 20:41

Sample ID 241214-wp954szme1
Target f00774a9eb0843d6661183fff0b1e036_JaffaCakes118
SHA256 36e27fc3d476b9e94813b20e50d6fd88694bf0e4ad4372cec351481e668e1754
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

36e27fc3d476b9e94813b20e50d6fd88694bf0e4ad4372cec351481e668e1754

Threat Level: Known bad

The file f00774a9eb0843d6661183fff0b1e036_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2503) files with added filename extension

Renames multiple (2506) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 18:07

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 18:07

Reported

2024-12-14 18:09

Platform

win7-20240708-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe"

Signatures

Renames multiple (2503) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\nslookup.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\shutdown.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dialer.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\RpcPing.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\runas.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\cttune.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\setx.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\COIN.WAV C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.HTM C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47F.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.jpg C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_TexturedBlue.gif C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_es-es_accd0db07da7e5b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83f9ba7f24518cb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 3.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_54c77126780b8c98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_93df2ae4c2ef11d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9f270d24fd5d0529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-10.htm C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_52e0d9ffb6275e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\Globalization\MCT\MCT-CA\Wallpaper\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5aa7fcdbe5c4f795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ae1bce6b81c0916\flyout.html C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_1898d1bbe9180b39\chkntfs.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_54a63fc9155a6773\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00b.inf_31bf3856ad364e35_6.1.7600.16385_none_ad2d68ddc89d49d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b823e4c5e86dde32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cde043816cec01b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prngt002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4060ca3886538c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_449a32d8d37f0185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\inf\TermService\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d3bb1d70ac28e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..s-service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_672d64655c2fd4d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnin004.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21ecfa407734c24a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2d0643b056296a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d7a4ed29273cf0d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-imagesp1.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_460b0e06bf9d6fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c35c1dfed0297589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_es-es_26652a05bab78d8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4845c082c93349d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_es-es_096480c5fb992866\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010401_31bf3856ad364e35_6.1.7600.16385_none_e65559fb7079dd6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cb5615c491ff5304\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.mediacenter.bml_31bf3856ad364e35_6.1.7600.16385_none_867a3560cbde31e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ds-ce-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_64fe665193d19a8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-movie.resources_31bf3856ad364e35_6.1.7600.16385_en-us_80ddc92403116cc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6d900c25fe9726ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_6e8b7c84e12ac48e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_79ef66a203052213\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_6.1.7600.16385_none_dced72f14bf0da01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9732feaf635ba983\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d36dbea01368547a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5cc21e7318e595ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..smenttool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9728b91b875690eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_f9c9eb8d6d88670f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.1.7600.16385_none_b33c89b0075f9149\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_lsi_sas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0b2db5728648fbb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b5694087aa5a965f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\PLA\Reports\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-admfiles_31bf3856ad364e35_6.1.7600.16385_none_beabfc5b1399cd8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\shadow.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.services.client.resources_b77a5c561934e089_6.1.7601.17514_de-de_b9ecd08973f05915\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7600.16385_none_a6ba49cfd6917b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_es-es_2691a3277d21c7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..store-mof.resources_31bf3856ad364e35_6.1.7601.17514_en-us_86a717d49b758fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f661e404c67754b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe,0" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open\command C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PPKOMBPFSDFSSET" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1874a1c4e1bfa6879789a3b31adcc95f
SHA1 796d0e190184a1ff8232c5c22fd92d5d817ba7e9
SHA256 8c691aa8b074ddeb14d07e99609da9e04e4dede0fafdb23c5e4c4a65dedd870c
SHA512 d1d3869bc35ebc14f92230e86a67d5a1c6471cb5477b3b2748808e12688fdb3cef5a3a713f91f549fe2b3e004c8a182fbfa23fb62b6faf5d35777bae844e8ad2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2e927b8947456cb4581a79fe5ef5f51c
SHA1 1bca58c55613a02399d0613cbee22489295b8140
SHA256 ca5f11989e41da8d40a4a8055614e9860b43dc3d834c193c2924f063115fb9ed
SHA512 2c13110e46ce8da996d8278c42e7ca09eca1baa5dcb99b10e11ac2b7c64ee0853a1b71c7220c3e63b04ca33e7109635b5157e4917a6b2d6017ebe5665b688636

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b4aeaeda405250b1d0a0e419c3dc9b7c
SHA1 9452ec3d042ea7a01fe9d55f7b01f2a9773f7dee
SHA256 1ab00dff85031f7bf18992341014c5f8339aef57fcfb4a6bd206f6a71ea4bd5a
SHA512 fb660b8a55284ce00839d1dd0a8d0ea0509f7baad224a588221e8052691fc8b4a340aea7717f8f0f3da62ea994f57aa05da6998e9d440b59947c4a358b9cc1e5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 6d6a341d428878d34440877c40314f21
SHA1 331ba2b5f97a3db2e8cc059f66745fd71ee0efb8
SHA256 68f81a98c3ce57f7899d4de75329eccae364ae9cf0926db2e1d6870ac970fc07
SHA512 9355aa842179d057eeb5fde830e7ccfddc5cf6654e974b8222f6e089e3a7de925d56eb9e67b52114c8ecf506aa2fe0d5c7212b75af82a902c68ff29b01d69554

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 c97e095331ea20a9ee1f4a85f10dbb29
SHA1 c0dbcdae5d8e9183dbd7a7816449ab89ab045335
SHA256 c2b8a5bd38a5a95187dadd79fd51afc9a9d8c7a914800e5b6dec8cf9312681c0
SHA512 ab2957b55d4763b33957657e58f2e5b51b4056f2b624fdca6df8d10c9f7f6299c99906122a010144a725f7ed8eabe89a3369c04012e4f1b14bba9199046e0cf5

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 81624a28c3e22ba32e3c354e0ba4ec64
SHA1 58d7c0805b7f007705a5583709406eaf9f31c234
SHA256 a171bd3a867292f5e86f3abb8d1bc0fcefd9e50b4c6ee10ff81d55e2a8e75c1f
SHA512 4de5501947cf35b90adc46459f71de71ffbe1a80a164556968c0e890971be8913a2324e7601888f4223adec2f500184bc57c1d378dc9fbb48ca6f8b4046af53f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 ae011f3526108e588137c34b5e62e69b
SHA1 975708a448abcb70e41901393307cf3dc4da44c3
SHA256 c4f49fcad8f1c5a282b8d0be4e34458a3439e6d0f226d55ae2b2b0877eb80f33
SHA512 aef3d82054023bcdafaf777af8f9c1b4371422adbe5c4394396b4422a210a6008b00cfe038bb5c64c1f4dc201d223e8f3a5091628d0aa2a9fc65e8076c1d477a

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 cd6cb1b35d9811d0d8b3c1ebf987fd14
SHA1 e30b388b3c24a5770c1bda9e8084c64e8a295a95
SHA256 d8d9317ab69fa1823268cb465f7b5ad8acd855b01f8d68d73c1192b40c303c6d
SHA512 51698805380df5840c5ae3eb8298ba4a1e810c69f5a89cee39707b9e9461d4915e909c7a37fb3fc3d8c618d67242606823344db202fa13bead9689f9af64c603

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 15e069e97f77072d7831392d34f0816e
SHA1 f1286b1086180e54dfec2c69f2419f9d77539ba7
SHA256 a938eb76ed7a1f9c13541a946fb279bfcc0b5e22126a5c5c4b1054af3dc70256
SHA512 12150d9a5f6d1f2b95ba615d418555d46dce66ff0935e14aaf998ec5390ead4162bbd182f7af32f5e65a3e821ecd736577496c6724dc68178501c6ca5ee993d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 fad420558b0d82ba3ce31480c5e1d9ce
SHA1 7cc9a1c819d24e8e826b1b9c40f7a43670eaee39
SHA256 fc6051668bfbc243a2e22c7419ecd8ae9938d41b09e4ca8f4ae372c5883f8bf7
SHA512 9604192dcfa5560f92ae1f7efb277cb09438e93ad58ab231a8492e0652d5d9ecb341c724bdf715f440d8b7d67aa34bd36cfdad5e3597d8665cbc520d673e6f46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 8b9dec96eac265203292766eacc90d23
SHA1 680a7e56dcaa9f4fed1361dcdae7d5a1d4908b82
SHA256 c4b0e2f28d6324c04c17c8e6f3ff0aafaa919237475c30502348ef8ee827b7af
SHA512 e0275584ee4a6327d28831b88571a69221557242ae51b6ba12ae4fcd204a405e4bd8f5d4479b57a4802c95143be8a575348b57364f13cd1a23ba21a6141eb913

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 21fb5a7a77d410b54c827ab931f68f16
SHA1 e606ac6bb26d1fd751f1177157b351ea69d32406
SHA256 c29f30dfcaccdb5d71a73df2ce0093d62ea5a5e2b5202e3c376637f7f250fcaf
SHA512 625756083aada26f393141f7064cee958f877b8479d7c83390592fbb3deb10209e90ece296ceae5e0bcce3042b1bb5db978d549667457b1941c883958954a1de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ace3a2f564608fc0d3ebcdb22b1ca4ce
SHA1 728a0791456be6a9611132a231aa1bcfc10e762a
SHA256 5d8221ca64015e9db3eac97e5717605140ddae188fd9b03d1bc38c50d7843dab
SHA512 ca8ef5163c74a2cc7c7af0c8b6f7ffe80fb38b49fff8207e51690caf621ff39cc47595116aa8b3d600dc63f99b3a5bcb3c8e1648b9bb7a2cd55240d264c79ee1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 44af45d43d638fbde95ced8286b230ae
SHA1 c653068908b905aacbbfd4eac39ebc1260b21b1c
SHA256 ed3342478c896d3e5ba6f57925613eafc26f6bc2d0d0e8f227c5db4af29dce91
SHA512 30eaf426feb67c502b48ea81c20636d88462d6392f55aa53e1740aa5ea96451549dcb755d14c534daca904d0db1c7b19ba81c0ff07387502f2f1460b553c50c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 6a631150bf6f96d2e4dfcc5033d16cf3
SHA1 1c54755984fe3781e709a1fe32759f098aa84915
SHA256 0a8d91572b54ac4a95b6652e9aa48cbc1b6e170e30622e04ed9cd14cc31408c9
SHA512 2f08eee1e14f3547d5084ba84f8221e2b2b7cdaa8628c83283a114132074669584bf5ab34ba97b431b4add9f07d7281b1fa00c9379c7bfbebc6c584214af2c46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 34f34901a775152d8d8c60114d87d7e9
SHA1 407d2f911ea91dc65ce13fbc3271c58c61cab475
SHA256 cc98cb8b8f0e5f0206dbcd7989dedb8b5d1978ff91462ce0527f76db45596f9f
SHA512 1c5ad71d94ac9b442b5a96dd6714fd369b14186321d9fd573f04687e715bff7e050d9fef3c1820cb330387fe98e77fe2fe6a4cf0db84459d6063403ebc2787c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 a9180635d5cc9467749ff29c0e14c4db
SHA1 9bf12f9237f53c7c2e1ed649c2048630ed3ae5fc
SHA256 0e1d4613cbbc8f9138c2871b95d26467886d16c428506896d0dd4c04571152fd
SHA512 62483e38f8f8de4dca04b7b7ffd35c5c6b992bad32a1f361886e1e84822f5eff6a8fa8fff106230f2675f84f86c8fd0de1b5841624f413784e6588f7c2d2910f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 43e2883acff99d491220f4bcdc8cb7b1
SHA1 d8fde46844c1fc99750da1f6e4deb7f8f5a4fb1b
SHA256 7fbf286e806cedc80079b71d8dc0d810272a5aca292e146e6e860a34c60c70d4
SHA512 48a288f0881deda472c9a26ca93a7de029cebf74711c3975052e892db539ea1fd3b0c767afcedc9fc2909b57f3e1434d01a03a649580c862f83091257f626d5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 bd7093d2631511da1b40bb714f38985f
SHA1 14349df5ff75ea060a226eeb30a46d3f5951674c
SHA256 46e4b828aaf264402e54700c4618472d322eade75978c2cc5bcbbb77046a84bd
SHA512 d36200a792ff0f8dd86c8cfaec37fbf9e0ca08a79aed70b45031a90efd682e3ac7dc829c70011194f2aa4a8dc2a3f6354bfc03deefacca83d4fd2fd5cb464f21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 40583f46e3c75cb95ccc3ac11a3a28d5
SHA1 60c625ac86bc7bf75a54586dee945cd6c48734ab
SHA256 ccaa356607cd350131abf4b2803aa60dbaa43b83c4afe14ae0337d017981c0b0
SHA512 a3c8a5eb037daa0b7430a0e74874b0304ad27952ab8a04a072d37431909317809de39f560f7d129ac1f6298c868062b93046838af3b8eb52c215a7f4d5a9b343

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 107fe1946ae05720ebd6bf2a64bcd592
SHA1 81f9f55af32cfe303ae11dcbab3a3e157fa7b795
SHA256 6146bef7382c695d41f5f7b77840e170b7acbec4d514f0801a3770cd38044109
SHA512 1b6b63e8307fe9cebdce74a1c5e71063e99a505fdaaaab0d1b1f88d81d07c21333ed2de2dc2be37d467d2820e86d7e979c75cc5b27df3d4da09befb1282faa8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 5cee610f72d52d4bf46461ed85ada9a2
SHA1 82a20b4c6f7f533411da4ac0dfb247d97e98cdf9
SHA256 9dc7c1d2c06e863d20f7d63f0c7f0ec0876f99cfe48ab6dc0bd1efb8186abb85
SHA512 652238247349e929e2a456604821c364799152218adb8b086259c9e2139aa324c4c8cbce30714fda4848d9a2315b4d26f715a3229ad7a7c8b586341f649484a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 230980f5126a9bc30151f67319b152d8
SHA1 bc635703ff882f67e054d067f3f43bf5457f7373
SHA256 bdd14c1b869251884c3cb1c9f780ccdc9eb5f9be34abe4e08a2d9937dafb30e7
SHA512 739b6046a845cb171549a974e058ab32ff2ac153eb032c0f4216f18c23de9d7b4367968cfcee8cbd4ae681ab84e56418a66c9c84a7ab19efc74f7ccc2887f815

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a16d9a821df6c101a41983dff7da3580
SHA1 c178cd38854d1fa447ffbc1683946beab61811af
SHA256 db2769790e53432d527c9ef11c16a0385c4054012790d8974c12cc457fae43ec
SHA512 5dc055e6f71a28c300ba78b1d21698542c30ed081cc687aa40b5f8d2341ceb844dd95fba6c46ce177083d0ed83e583f081c800d21d92ef8af383ff7c0180b55d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 94d421b7941a30019e99472e3d0d0684
SHA1 83096713059ce20ed327efd5fc80230ca0e54a1f
SHA256 fe256f2980dbcf9e6135f569299ee4974bdbf8d809509f5bc9b2ef641f5adcd6
SHA512 cab535b46d8fe278da3026f0cf2d488a50a1e8ebcfcb1db51766a707245b23766642800dbb525fcc1d1d9f93ccb9cf5ea021866948c0ff4fc521d569a7993bec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c6bf6d1c7a5da106aeb3520dbd7913f9
SHA1 9ffe2f2a47688b7ad18955eda75400bb5a19aac7
SHA256 6ec28cb0988f0732c4a351f708fe3a4aea960e3126bed0bec450b9054d3706ee
SHA512 fc9c7bbf7cafe5a5f25e033717fbdc253dd1e24f1bde8dfa177f20353bcacceff7bc9d072e0a19c3d4516f6d99b17fcca489ee6d860044a59f294b0a3695407c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 8e77512df273b7ffade913d659a64e84
SHA1 83f47a61de6510c87045a13a819254b6ce45a488
SHA256 22683aec3ab8cd270c25b58c64752d1bfcc6dbe6524faea7f7c930a7e3fd07cb
SHA512 2ba02d35726281ecf518932e78baf32dc27a6a44513e32a10363e2f065e1a8bc6043783c92cd182c38622e694aebd786e72351de57ec3dc110e5c723db313c1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 577f89bddf02e25cad7263d6ffa6240e
SHA1 0058910293d4cf87b3b4935be6fb5f06f05c7ae7
SHA256 ab1a02f80d5754bfbc03054faf534a0b63ef3e913f5574df9a5c3ec9ba10d096
SHA512 d20384707c7198c09bf05d77574e5ec518bffecee00837a616ed36ddbf8aed484006ca91a5dce6b825564df92b2b2925b431b9277853be54a6e9a76b1cf9747e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 1411fd8eb9e8e1ed60c5da3423f30ccf
SHA1 320f2d6341f4aa2d776dc07d3cd6a48cb45fc6ba
SHA256 360edd0234cbde40f2866345da2c997adab27ee7f63400cb0143bb4437079ee4
SHA512 cf051af08392ca26a93253f80e23028bab03c3e8ec88f085964937f23c379ae72414e0c4249adf31797cace5838438a09b872afaf0aed6a17c5b4bcf98b43ce6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 06d703e28ac527dc51438080becf5b04
SHA1 bb866ae3b4636ee760375a53f21036a6e18fe55b
SHA256 965dd581f2ee820d3136cbf5b7ef12435eef254c7cf711ad904c54d2aa811d1c
SHA512 089bfdcf3d326987fdb119c94c2c7b887475549b254d8e0a4d0d306727c4d83201fa685ce6c90a3a478b8871da8d4db18bf130f682cc174bb42080ecd345d73c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 710fe71bf5f642278eefeac6f6126ad0
SHA1 e76d940189442bdfbea9cfe8b77971d8a2a9b713
SHA256 41bd9f1f603de53c341518da2522ed9c7046a08ae807e0025a3780d1cd6d245b
SHA512 d9b0249d69d2a21b2387eed5927b505b12dc308c54fc3229589c7b38f0e217f297a60596585cad38391133915421a989a07e6dc37da80a2128235cad98d6732a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 9712e49d146e372764ccd37fa73fc78d
SHA1 20936a7da4599a81f993990027e69117e3263fe3
SHA256 5c42ce06f18356585d5e427c3c0c011db9568c47e1edc92d76389ba22aff7855
SHA512 1d9a4ebb4af0a0d0c54680f29eae633caed883ef37da8b77e1f7737e3f18be90083c337e4035f692e1572df3817e7bb6fab612e45ccfa227e895adc58c7dbe11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 d9ec31be30ba069294908154acdcdfe3
SHA1 82c7b98ba1f6a6d0019098b73319eabe62a3bb29
SHA256 68b1cdf37a8e623accb211de8aca152f85b6f8820bc3aeda66865f0da9dcedba
SHA512 ccd7308f8092199e349c5e53fd64acf8a8f0162d9f838effe49e52317abb08f1a7811adce116bbbf2e9cbcc44a8a1c8d34d9cc565683cda38fabcd420d10838d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 9ed8fd13fa6971b70c3e4a8b761e1789
SHA1 c35932bf8a658ab69274ba683869abdb012bb908
SHA256 b34d355000410ed3640fa636adf4310e7464e4b64b176dfa1d154f499a412c2a
SHA512 41721094e1847da0130dbb9215f68bb793cb4e4b4153974e5dc990c29083175be4a19f0b5e1ab4531689204b26d97d09b354eeee45216c5e1a0c3cc10e845c14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 5657ef17528ccc4024f398074811aa42
SHA1 b6c9a35ae6a82aae879400e4326a18197c334b23
SHA256 86593b71941e0ece0aacef46e5f5f0df5767d3db1961dfc8864ac372e8041008
SHA512 311d4d45eee3598f10d3fd9619763642e58dd079e090bac708230319060acb092908d877d72de953776b5100d49f29eca4bc26cbc9e7de02aed0dae1213c7d10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 7843a88c5ece9b5ebb697d99065915f8
SHA1 6797a3a50d5fad8a3e61f27933c9d9cdf8126586
SHA256 9673cfe6fcec171af2959dda0281945f132fdecbc2c3fc22a470a9fe0f518146
SHA512 12de5e2345247ea93a40541bcef9e04e3067aedfe5ce74be17f0232ac67926cf5f146538ea0b2ad8e00bbce3c1a5162869c26ac221c1c5507f6db35d78350979

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 aa5358511fe3567dc37658c9a9ffa9ab
SHA1 dd038fb4d85908dc8867d03256dd0f9a6fd18cf7
SHA256 91d33842d500cea8a128c4535b0080fae1c4e07834e2d21d0800db2ddee1212f
SHA512 a5bec017d4edfc0411b8c3d62c7364677b59d530d1b14f86aa4086de14dbf12ca7d24704fbd7bd3a4cc65cefa30685010756cd25f94e34f4bb72ef4f86b25caa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 e6e625c500e51abab0d6d9dfd62f3fb5
SHA1 845742ee44ffff786f875b262166e2d540d142bb
SHA256 63a9d7dab458985c8f4ba0699853fe0bed681ff6986340081a61b00c743ba57b
SHA512 1a4e3a60ed3c46302f099dcce2e19b949f4dc97d3f4260a02efff4785f46e926fd56927a89357d64e7b25e4a724b3c3a2da8feede684a1238847ceaba4516404

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 01be6d67023af8c3a2f71b9dd7e321b1
SHA1 947367d80ef7f3b48a323b5ea1ee024de53c1105
SHA256 964a757bf65aa7b9384396e1a3ccf53def3b3abf3f1a467ea03a2dd46daec08f
SHA512 10d540ebf1e9bc55c74d1ff3f36cb127993773c97f7f4422f34864e405bf23df50c31c323861a8bf7d36c2af125d21303cf1caaad05aa207c49407a51c644994

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 a606f1ea9c6fd9b62d95efd8dc77ffe0
SHA1 1128622f3a8bcb1bfe52f10bbc07de70a5ea3136
SHA256 180fd47df25d2dcf7fe58561ef9c89e7b9ebfa91920cc8acb7de26e0b5567555
SHA512 ded84f6ea324a6bad2345434d86b8b9d081e0f7e11ba3974571436e469b4ba71bc19e81a807918f2ccec6bd637f08a4095c02528573c349927b953ad5f5ed072

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 f23872ddfb451cd3283c6c53daa2661b
SHA1 0ad2f57565351db75aeaa946036b29a387658c78
SHA256 7ff9f91f1297cbedb5ebffad141e4c87326e20fafd08d157618cd28b61e51b99
SHA512 75d3f1b550d58cee6039513520ec65bbceded805e8fa8cb3e4653deec0c3c57aafbe18d51f7f5307c4033eeac64ec48dce1baf34d043b2f7393c5b5d84e574a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 10875c93739b59b529bc7bdc5e612687
SHA1 6261e256f0e092a0a110f5ac960f403f35786e95
SHA256 1efca9cc90ef155fa81f6159eed6121b592513a912a359cebe7177f9b4bb5467
SHA512 d623b59fdab66c83aa14ca54f2169f1d92a590cd9efe5cbb226462cd0fc367388f438ee5847990832d281337775fd6597cf0b4206a429277639bfa958395b17a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f245a97bb05a768a75921b71ae096dd3
SHA1 7d5ba932d8be6cfaef22e2b013931f676856c126
SHA256 09ad5b92b11665df8d5aad85ff28eb2a47224eb4551ec05cde33e10f61907dbc
SHA512 eb743736528ac3a7558965fe3d380eed795b9f5633b31727b8ea2f02c4ecdbf3c8da6edf40d654dd87d2366fb5a69f0d8888fce4579645a712b5df10e11d88b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 19559f1030628b1084853ff8b0f9dcc9
SHA1 95f83e7b5748fcd5142191a834b49a9a6bbea475
SHA256 445de92bd506c07e19fb11c8fa80f1e3d9505caa7e2160cae3848e72f2eadf98
SHA512 f968baddf94879e9de13b0b677eb934f20f1aec4d8697ffcb26fbc46d697fe9153b4e059b3d31f1ae3dc812c3e65ff543a6b9f654f187fcd21c0948ebdee6bf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 4999c02a780b31c951e028e098bcad6e
SHA1 924f158b4553e4afd1e7017d789a788b945861cc
SHA256 f524d98c8790c5601f4124a1bcb004ca4feeaf4f7a9e70bd1dd780896aafeb3c
SHA512 46999187c6a438e9919e918e4bc596daa2a47a1961bfad149cf1850047e76caf84671fb1b86069757668146d7529fa380c7fd38541dbabb5945b140c30b190f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 09dc0bd72c4ef619d88245778e50814c
SHA1 6fb1c0bfee26ed56c98b5d4ad3235b3af1c264cb
SHA256 2e11faf1625b7126e51ca1f8749af2af6a3df154a73b446bf3348ad3cdcf83f9
SHA512 5038f6a94e5dc42a3ca2fc6d92bd77654ba425cceb6c590bf8b0fd9aa4fab17815c1bd9089fa18169279eb179963ed762c63191e35b3ef6576047886168ce4a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 d6471dc37fb9a9c78ecd1fdf6159a72e
SHA1 75afb609feb3d2f8ee35b60b1942352fa0d66d42
SHA256 be9a0799f148c19fd433addfd0204b38ce7aab1f41c319f2a3f92bd9764c063f
SHA512 925cf596084bd710344ac75ffbd95b2833cca16fee37ab86e9cd9bbf967636dc78776651d332209e95a71c3daada71afcd11d601bf8a0a2f35b0bb198788f2e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 de5dc3813ee25e16718bee063d1ef73a
SHA1 6c2a4b713ddab15839722895e9bc12cc1ff6fc38
SHA256 84249990f3ec35062434086a8bc8de7ca371b2a3294f391036dff2fe6973936e
SHA512 83559f371a4af006545d972926f71f41c493dc574589cc95a54c719df4a5811974f3d68254aaf3f24f7d79539191b7ba3f9f463cb07389db71f46e1fac7ccc3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 95509c066bbb6468f1733e577ce3feaf
SHA1 7053d768d31c2f412323f9eeba01338f281be50e
SHA256 956bb07d1f037c36f6d677ce1071e04ff694d8bd0fb38756cccdadff904adc1d
SHA512 c36a8a102a77bf857f71373b5f22d701c45d2ee33f7f4025c2824e9fc06adfc096dc514f77dc10b9bf21d90e6ddb358d455de32a0b6eafdb13348040bbeb9bc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 1e85bfe8f6ff3e5028c688833ce368c3
SHA1 5a9afb827a66e5703dafb2ef9489c1ac22c5cb35
SHA256 6724bc2fcb98c38aa28beaf1f55cf6580e7dd8ef75e008e52634bd2468c3fcc1
SHA512 fa4f783aa05bcd11248522dbda63a90e23208ccc04b5aaa2038e992873d661b0b00e697390dfb9ee1fe183299453a2928a33b3aae7368aa4ba23f20ab731571a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 97063b9bfb409e4370c07944f9fe1424
SHA1 71ea885cf56d83c7dc279a7bf60d91d305a66d75
SHA256 22fe5f1c5ab3299d9a75193f268d59cfb6c4056538d52ed1a948d9503b1886e2
SHA512 d895562f88e3d04913014f9be6bc2b6b09ea43dd712698576b5ba6feb975dac71bdc5427f621d10676acef4d00cad8ffe0616354c324ea6b8d310acb07b2966c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 cae6b78115a568e35895b10dda463b53
SHA1 6bada4a01554d4761bcad08e0d0d821e1fa6366b
SHA256 c669fa4b65b9f316bff674f8ec8baf32718a11aaf6a8e785b4b271de5b088935
SHA512 50077767d23db95e36c9078050317ca5cce05516349e44e27c658c9b08859f7e4857c88c5dbf1d047bd88113981baa5c5b12b068aa728390516e360ced7bd069

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 dbd2c222cf869ff5929f017a88b19d90
SHA1 cfe758c5256c802b3da4c0e54db677d0995376a1
SHA256 2cd0d1e5c987e53ec25bc84aec6d2848b10c35a5f88b5fe2de634a6df545eaf4
SHA512 4d1fd9753ec835f149be045214244c59a59379a66b05c078bddbb58f6ffb34e8bfaeb3cd7bf8f5d42ffacdda558d7ac521542110488069cb9d384030c65cbb32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 8d8976f1cbfe0c79ef1c34fb3440045b
SHA1 12534f7b0a679fb5ba028fc930f4d6199a4240cb
SHA256 f02434bc749ba26d2f2e691bb11c4327dd932804971ad403487a5ebf7854877a
SHA512 d9ac8d61df37af4c33a2c409ae2531e8e807bf69a0df9f7d9da2c53944ffbf52daedc89520f88d8ca52633819140fea2483b3c7548f4cea63e2afc6e3a986c8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 4ae9518e22b272c0f47db65775e8e5f0
SHA1 4464d14a0b9b03dd5dbd2de6c786a63aafba8b92
SHA256 63c0e651b16b4deae6fe3530056658a1d9acfc3c3955657f2ec10e988421e7ee
SHA512 64bd6642d8dd0bf29e737f0695cd1d81f78c0f03fe2aebf6d95a3e42e034fdc8ec1053e472906962e1aa3502465f30f110465ef5c9c7ce42bcc80a0f8d5acb24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 7deecd127cf8baee460c068d45f6c40a
SHA1 16aff7a5463c7254d87456bb9eda7fe75bc97f90
SHA256 ae5c0c147dbb426770f172d520611e27496d4299b1560ebb467eed534d52ac0f
SHA512 627c511f3ecaafac028d705f5f51c503d0fc08ae4c930f3c9150a34c741c8758a75435e55b29c158e787bde271fd4fbab550b5e10909261696a94a8ba9ca86fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 93225bbc94e8287089f3b9fb9e896743
SHA1 2e1424d2be2109caa2433c2b66f5e6e7f431217d
SHA256 28a36025fedcc0b72dbb2a99cf106df085cc82f36e69f639b946f640ad570e73
SHA512 bfec64260115ec2cd501d66ea82c7667c2676a73b03307730b5a073347ae796f99cb6578df102df82116e4aa75468b455dc3c41c3849c7e64b606076a2bf66ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 d7a09d29d605bd2c5d93625f112f2379
SHA1 417fb312697bdd117bb0eec18efd22f617f66da5
SHA256 227dc7ea1531c2aaa012e1fa18b8e7811d2ee3181ca62e9796bfea7199949a8b
SHA512 07473009ccfc7b61e8bdd0e5fb64d0f04e93d688b8e8245eadd17b7c1fd11545db743309f6f170ab1cb2a73dad30b3b6e01db25dbd11cc841161bc5aa17ca52c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3a9356a1a0ac48bf9f608aba8a4d0c16
SHA1 2c8fedfd1f247b7ed0045e2e39a3c55b57e8aa1e
SHA256 b5ba90581ce8f741539b15b20ef35c7f0572acc635cafd8761246cebded0b68e
SHA512 9c58a80c2e4843323fc2993b92f164719313fdb1838082b270e3fa78eb94beba288e331ff5c7a7959c3f9f8bb082c1700f37448acfbccbf79ebb75d80b1c0c8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 2cb14875e55cdc398221537fd0151ec3
SHA1 edd8edda9584d89f29f336ff36dc5f00abc122ee
SHA256 2a06f7a3791363d68e6a46475bf45f09877713c34d6c08ac144f6fc43d602e7b
SHA512 1cdbb78e06382573c14f71d5036f93810988962f63d285d59c00a1f73a3e81a116999b42eb5359598482537c814bba7977fca9e8227ed39c37daded803c085c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c39ea7aa86cca9f9b4a94a9913ce69e0
SHA1 d4660b1812005ebf06273b36867ccade51bcff55
SHA256 673fcf3bf932957d192dee8b76631717f897b282efd681a5edc5145dfeba7cf6
SHA512 dec64d4c9719808797e96dd2408c1a726740e6eebacdb8179d6ef73a0fe3f754ed103a2294de2cde7cd562e5ca692ecda3ac6639885bbe203c816bd042534eaf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 f6703a6ed9553c5532dfd9a8b2da47b1
SHA1 f9666dd9282c47620aad4a21fb24447d25991740
SHA256 93504c1608a14a86da6cdaf7b05b0c218ca4d2b400c079aa7974f880238c5af0
SHA512 d31f7656d563ea947ec3c4284af83903b3bb6481ab7bbfe5fb5931ff6386999e96f70b71467aefa18728509ce43a45172afced268d983415ca432b8bb6f7b151

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 531e6fb5d6db3bf2071930abe4311942
SHA1 aa4c88898b0b0b3989f34ecdf8caeb86b32e47a7
SHA256 d5dde517e86d88315b7373e5d45ac53da96df081b7ab93c00dd069faa1a0841f
SHA512 173830c715e9c6a06303bf3bcdfeba60e87e9b5971967ca38342ba366eca1237eee42d81d1de900a4cc091299ad00c5478f7256f73138176aa72217c765d8557

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 3a0695952e6f7a73f3107c07bfd8653e
SHA1 aa266875a5f9be033a3da93572908b94e96dc470
SHA256 56affcabac63ef644c9e2aa852ec95eef5d196ddc97860a35dbddab9a718e799
SHA512 81464c8e019c317cab040fc9cf3775f88737c06d1bdaf6b1a348cb3e6df397d6223c03ed76fcff049f650a17939a04e9090e198cf92870bfc416168b6d4d2127

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 353990b89109aa95cc2c2303e37431f1
SHA1 07655897161c79a10f9a542af14335ae6feb92ba
SHA256 7c9e0edc689882e4e5e09a7c52f4de5e543c14133e68b253fe7efe461c4bdbd1
SHA512 6c30c035f3221796ca7a9d26dbcc59243da3c6038fda8cc96024edb046d08b2477e87469b6515fa87f067cc6d8766845ea389806b88216892e625d0a85ed96c1

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 0f659cb7fd3b4a67a2459ba5adf0ff72
SHA1 9e7e25963093a2541c45d43f567f1b1e1d98c77e
SHA256 43137695322171cf87d0557038fdf770f53670b4ca9a3ec2bd247df98eed4b3c
SHA512 afa81c3b12c0dc13faaa8aa77844f96777a4721225136166af16d06b8d48e7d13517977e7fd345096a85b98bf0931445f5cb4d57bf828381a7f1f33032e784a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 2019026791181dfa20d162a8a6c3d49d
SHA1 c0ac58bd790680792ad34f6f7f0e218e851c3524
SHA256 f8c39086750249e229c70dc7e81672df456ea804ca01d4365b8d637c25079c98
SHA512 cda50dcb93abd9b480c8ddfba2ac03dbe7723aea392c754702f6a42eabdaebd8f7c5e9559f47b5f07f5aa8c8ca5d258c38f6a3bc43fe929a2559b90f40497711

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 cf6419b748cbfe9d611cefc3377e25a6
SHA1 0625274880655bd48df513e15dc6a1badb6937be
SHA256 4259826a7f0336d83b92888b8d265b4a4a4ce6cc76d8c8438a7f7ed99507f227
SHA512 0d36672e72b5efa857f2932a61a6a3e3aecf450d61d14350296f311b45ba0549a5d0a3b12b38fe53e2574a0dd3a4733d8323b7d23500776749d40d0de90b2a52

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a664dd644699ec67d1ee9fb1ec8f3669
SHA1 a137d59072daab879b3cc2aecb4ce6681f04180c
SHA256 cf4d832c653f24b6a489eb09d12121714a3b8d408465c896dd3e6de5e47fe2ff
SHA512 a9092687cfef164aac9ff9fa1331472f4bde792ea934e107fcc19078f49ea41ef62bf04bf9a4dace23f0d0d13610cb0f810cb565aba23c38d975008bcf273f4f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 65409bdf66d82b3ed2c694d0e0e60ef7
SHA1 ae501ea8f966a35be0791d6df62475d23e06be26
SHA256 7b02c5ca6c96da746648c9774c2c4b3ac50501e9372359b0fde5fb9947d51b6f
SHA512 a82bbf6de7bda6949d28d47adc5a8dbf280ba97516a262dc8312d393a550b9f7574c7d2d9b6147b00af46767e39efbfd69892497bf83cf62b7e03dcf14153913

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ab6335062f24fea66dc3946f5659a367
SHA1 a1f0e36b9b65104ca6760b9e119eafa6abf8bfed
SHA256 726975b583b3e87615d0d731905d3e78035c6fc2e1367a2d1667e3bc972e4beb
SHA512 da6a06baee10564e9b2e75a9f7e2ee0692a60958ae0405a94d84f45080c24dfc37b820540ede12cf3929a482a0f67be9ac136c4e2dc46503e9a09c4ee47cee61

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 db998da03a26192daa52dd39e15abe07
SHA1 ed8ad79ce0cf22254eaae9c0d84774086114103f
SHA256 91b999c0d6bf9b6cdd4f11a64ae2eb8d6516a1e79ba5a3694340dea171ceaf1f
SHA512 7af39a39c7c5bb4f86981ba85fb626d93c67639f14f9dd62410e0696401a7eaf293a3a435ab32812b427870a5b6cb9bfb2ecab93ca21922e5ed6525f1a00f2be

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3568fddc799fd3d28da6b16a2caac8cb
SHA1 184c969222c418a2f3386861ef4dc13bc236598a
SHA256 1314af738082f7837cd40c95b6bd9ad74ceba3c60b8c7b572d0ee791ae03d497
SHA512 490409fd1310b705d9c0ba615bb201226ddb5ec5f0c9469346f9fe6fcf3834192cc971a7c44646515575ac7052f954aa3ed398915aab1d43abbcf0380b30c68b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c0ac39323c00c1d8a7ac8b852929b980
SHA1 09f5ea31610690bba03768f7f1771168d6dc481a
SHA256 594200d138a8b148e019db00f4f598b7bf5cdce5e9c4e1b52409fdcae97cd14c
SHA512 d18d7d953b299ce6e91d621b17d54dac798e876b2813f7466bb663337790b10c94dfaf51e26d46d068310a7098e1b6d83d90f0832b5c7bb38dd8dcc4515e9ab7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bebb0d934bd2952fc9c09d1ed4b03021
SHA1 31b9f72f3f6762cdd099c7908c8fedacd8a65f42
SHA256 1c1691ac1b23ffec72c94477dd8a0a8d67339fae0a7c50d165ccec8c9a8dff5c
SHA512 d5b073aa496b49c08a9dd3831435e95a8f930f420ad585ce78d341b16f5fac365aabc985010219cef8ea7ede85795556496268744565505e3a172415868a0ef4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d8d0f6f54a4e9f2ce2108060741e9468
SHA1 d7f6718bb008829c737e1e26e4b65bdb430a56f0
SHA256 e4b9c1918b4d97e0074ac670ba2e42288e33586ef064cb10b161c80323882b74
SHA512 dce0585e20969a7af133b8ca1fe6cfd252508f65f1d96c6fb3cc29cd8b097571e2fb3db5e45b3e48aebee3cb6fb55aaddd3eac9dfa7ab4758dd13a80826beed6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 e391ca88b5b0f624871ad4cc9c327dfe
SHA1 29b211a48c1a955c40b09e51b75648bcb33c50d1
SHA256 539cbd443dac34b9a2d8049ed51cd64abfd85babaa3a961f87239fdaa9f0d6f7
SHA512 9b59b7d05d026d6c87c9e49cb001e068755a15844d758d396e25ce4920cd23b4729c9e9bdaf1ec720811c0403bf83b3957c607fde2bd83701657249a16439879

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 855a6edbce1d61e0a05744dc7d37cc79
SHA1 f46087c755020301b239c056ed65325a753d91a3
SHA256 7cde1100085f91f59b3e74aef3716eaec4528e1ab110181945060f1ebcf5f8fc
SHA512 e29adf7d8e9d7e1c48648b8e6abbd68f897152321cfc6095fd3bc65814983107abcb977b4096732b18f87edc4e4f773607229998599d9c390066459595f7ddd6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a8dd921a687b288181369d64c7e37f79
SHA1 bc9ab49df38f8fe2e464c7ddf5303dc0b6ddbda4
SHA256 3c9246b1244f31428d9ee3eef93c8fd9ab818c088be8bba8e9975b3aebd33a74
SHA512 e6ae0bc63c674b3faaea84cfd79c9131484272083c08beb4ea5c6ba72f4711604ed4eb5333cd6a668fd97fb8b105efcbe027d2748c03a84fe2015f87380d7195

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f9096b011a9f7ae95f2e3425a681b5d2
SHA1 e23543056185509a34b541b15678b4d50b4f2493
SHA256 daa0884af93a369eb94ad8aa0589eda1485cf392ddd01b085ea8da7a7f5c5423
SHA512 ac74ccd2d550d6f90f388cde99418740dea99ad52cd68ab0216c8b691c83362b0d2fcb8ac3cc61cbadf96210155011afe8c2b3c2edfd8c36706287ad0c8e113d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 921f4d49997bb2221821dd1b50d0dc8b
SHA1 acde315a41648b4c49ab0a6bf80a069c458ccf1b
SHA256 ab3766258229a44eb628d737a1d139fc8fff8230d49ce8728d9c4111907fed71
SHA512 68404ba26bd29cad107284da1538f9e7a3434f5777a14fbdcc584102485684e6411f6d8a006af12eeb4390a9db081f6645602c2892d2add15019080faafe9a11

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ac9d8ea59923ad9c8f3e8197dbe9258a
SHA1 ab831803158bfe20404eb3297be82de0f9918630
SHA256 f01adcb27e0b225c9a23f37422e05d24189d8f673a8c9a41fbeafdf6f4c9c006
SHA512 aea1eac1c40edaf26ff15a4bbdbaf654ff111a1f84c9bdaacb4bf5dfc582fd20b21fa57dcc4f99ed0537042d881f9c694d952c563524346917d8e14096d2f47f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 c43a72239a00fd43a6af3217af163ba1
SHA1 814aa2a271b914e43b12dc38f46f8eb064a4a974
SHA256 cd56a1e003cc40625943171d7b8ed13d0e6a1415e311ce21839a362f92c5551b
SHA512 5ad75f0981491ce31929f57d698c9ce60a580edfed958ba877f6551b630618690ded7069ca454946bda1a20258d6018d0cb9d15842b7e9d8fed7dc6f3540b93e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 18:07

Reported

2024-12-14 18:09

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe"

Signatures

Renames multiple (2506) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_4c83ce3a06d0048e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dvdplay.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\F12\IEChooser.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\TSTheme.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dcomcnfg.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\EhStorAuthn.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\iexpress.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MRINFO.EXE C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\PresentationHost.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\cscript.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\RdpSaProxy.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\nslookup.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\secinit.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-140.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlInnerCircleHover.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44LogoExtensions.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateVertically.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\NoConnection.scale-100.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\japanese_over.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\avatar_default_large.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\group_avatar_128x.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-bits-perf_31bf3856ad364e35_10.0.19041.1_none_e915a90ea007a043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..hlpclient.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3705a1c04e91f0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net7800-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_dec2bcf4b3e2ac74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_76f1f963ba3c380e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7a697ad09c27813\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\f\ScreenClipping\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ae430dcd56a8f788\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.secureboot.commands.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_72a832cb097a538a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_11.0.19041.1_en-us_e32159926166c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\logo.scale-100_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_10.0.19041.1_none_4c6c261a29634af6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_75a8272a05eb1672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_it-it_0b97db13d1e83aa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8c26848715e8e367\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_ar-sa_ad43bd382e8daac8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_27ace42d8a36b758\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.19041.1_none_f23fc9b9908be4fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.identitymodel.resources_b77a5c561934e089_4.0.15805.0_it-it_14834bc98f31d063\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.threading.thread_b03f5f7f11d50a3a_4.0.15805.0_none_28268ebb4677affa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mdm-adm.resources_31bf3856ad364e35_10.0.19041.662_en-us_ed46a9fe02dfcefc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.746_none_ebc47b06544bfaab\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_10.0.19041.1237_none_8291e45d9d19a4c1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.264_none_5bddc2e54ca343d3\LaunchWinApp.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_en-us_58f169c91b49eead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ldap-client_31bf3856ad364e35_10.0.19041.1_none_a92d551af5c93a56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_it-it_db4788a0b1141a37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-hvsocket-control_31bf3856ad364e35_10.0.19041.1_none_cb1d2b492a944f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ifier-xdv.resources_31bf3856ad364e35_10.0.19041.1_it-it_3ef1f3ca556da304\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_10.0.19041.264_none_ebb0c96046c6d932\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_presentationcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e828a8194c0d284d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.173_none_4f258a6fc1228741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-miracast-receiver-ext_31bf3856ad364e35_10.0.19041.746_none_f26ae82fab00646e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square44x44logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.84_none_8ea6a37043f4ae90\ClipUp.exe C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..infrastructurewinrt_31bf3856ad364e35_10.0.19041.1266_none_14d7e82486a6d1d1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-k..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ad4b330c145b3b98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net1ic64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_d01738b53431569d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.componentmod..istration.resources_b77a5c561934e089_4.0.15805.0_ja-jp_6f92fa089c4660e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-11.htm C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setup-cleanup_31bf3856ad364e35_10.0.19041.1266_none_ce5bf122dc7af319\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7ac73417ead60011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1_none_c9ab5039878e5e74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Outlook.Theme-Dark_Scale-150.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.management.ftp.resources_31bf3856ad364e35_10.0.19041.1_en-us_2160b07a23ba9f55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e0dc83355e5b510\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..mentmanifests-shell_31bf3856ad364e35_10.0.19041.1_none_761d12dd3e21a6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_de-de_91f1eba470aaf993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_771d5dbaa549e71b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shmig_31bf3856ad364e35_10.0.19041.423_none_3daa5dafd5e0c639\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_da-dk_c2b1ad4ca766b8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_10.0.19041.264_none_9bd2473a5123859e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_ar-sa_e6e33b55cda77618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..dstore-schema-shell_31bf3856ad364e35_10.0.19041.746_none_71d74c9c052371e4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lers-maps.resources_31bf3856ad364e35_10.0.19041.1_de-de_5ecef4571e0dc006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f515f6d2d7aea975\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_08319c8c3c0ade72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\Help\mui\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-data-activities_31bf3856ad364e35_10.0.19041.746_none_3f40bf6b7136aaf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e...appxmain.resources_31bf3856ad364e35_10.0.19041.1_en-us_aeb3b8ec09258c8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..sioning-diagnostics_31bf3856ad364e35_10.0.19041.508_none_cd1d0ddb07768853\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PPKOMBPFSDFSSET" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1Px8LOI14KdwK2l.exe,0" C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open\command C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PPKOMBPFSDFSSET\shell\open C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f00774a9eb0843d6661183fff0b1e036_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1874a1c4e1bfa6879789a3b31adcc95f
SHA1 796d0e190184a1ff8232c5c22fd92d5d817ba7e9
SHA256 8c691aa8b074ddeb14d07e99609da9e04e4dede0fafdb23c5e4c4a65dedd870c
SHA512 d1d3869bc35ebc14f92230e86a67d5a1c6471cb5477b3b2748808e12688fdb3cef5a3a713f91f549fe2b3e004c8a182fbfa23fb62b6faf5d35777bae844e8ad2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2e927b8947456cb4581a79fe5ef5f51c
SHA1 1bca58c55613a02399d0613cbee22489295b8140
SHA256 ca5f11989e41da8d40a4a8055614e9860b43dc3d834c193c2924f063115fb9ed
SHA512 2c13110e46ce8da996d8278c42e7ca09eca1baa5dcb99b10e11ac2b7c64ee0853a1b71c7220c3e63b04ca33e7109635b5157e4917a6b2d6017ebe5665b688636

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b1b58cc3afbababe3f854566a7b0943a
SHA1 f69ea061909ef28d20e12b79c86b21100a32c619
SHA256 3633555da5226db992cc87d83d647c84ddf6ef69fa2b46a35423c15ca5f4e88c
SHA512 f238c752e29014d65682af004d29a61817ddceb1aa3bc5b53c5a19f12420411f20f0ab4e2c6d3147fcbb44ade9b1e6476153f58728ed0e87c5dc8b06234199ea

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 4b7bb45c495ad2fcd9581e15608676b7
SHA1 7ddba1f7241d9eee908a1f2e67fe3417a3ea71e1
SHA256 8545880166d44ad098749ae750e40a2022538a1ef65cd47b0d20ddc8ec7599cc
SHA512 dc8b1f04bc8c534df8be71eaea78b220201dc0d964dc3ff059e18bbbb71c26b15f4442fbf5dba4bc637899600c1900c59cca9af3ab1a37ccecd0d18a753132b4

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 bdbb608ac82e8553bb3ff7ed63681e14
SHA1 8cd93bbcf8eb5e8eacd9338cc0847985a366ac2c
SHA256 7df98eb0d3dae3cd4775dbd98d89e5310bef75cc7660e938271b66a6db7f970d
SHA512 897013b421d6f4babfaf685ecf2648608f034703e9583d93a8170948f59410f9da3e27d8488a7fbcc35e91942b8c7e1eb937822ed9af149e5f1d70f5c437ddab

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6ddade82b9c7957cb94f4f6364393368
SHA1 57db9eca76380f31776fe05805ebbd1d2228e302
SHA256 b2203b1e14de7fdb39b71a010a71ea864e0a356fa511fc5c32d3fa900376ca1f
SHA512 5c687c10292abc5fc873aefe8eb18eea3eb6864919eda046785b60a5998ff186f1d05b1606a61d74a3a44b0c755f36f6726c4310de0afe3789b6d64b9ad06ebf

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 94b72bdb1295f255b1696977ec1bba18
SHA1 b5547143063d401fb978199fdf6685e35e4efa8b
SHA256 aaf643096d27f01c559a090a57e13a6d891afed653ac0e2823c2e59934ae20e3
SHA512 17d59c8fb9578be27519bb97a5ad556b2e5806a5ff7893fdc315942314ac872ebddebc1622f32edeea8707d5b23c4cfb03ee7568366dbe91d5113326923eeeab

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 f95e5b9a23a9a61bda6da18c2b0944de
SHA1 9a3563746c050e3c59a3586503aa4c960485231a
SHA256 2f07da6d320d158e89d09f40e4f430cde70fb6783e8a9bffbd0c9dc6d43d67cf
SHA512 07e50bd122228d937f524a4bae48c170b8eb17f2c07529d0077095fc5b19f378cb13cd0e1bdc17d090c951eb7f02d04d7f9867ad3e492fd50918f998d410642d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 6c69ed24097793e2e8e68b3a677e9792
SHA1 f2908d2b39870f29e2648d32dc64b3b96203400a
SHA256 36261a8ad2432d026b3af709cfa25d93512f303eecc4268156b530ae64a11e0b
SHA512 9ba162fde0471ee6103d36bbb82c03f86c990fea07f9c1b0f57a492da0884f8ce7ea73d3ae530092f7b1de535ae56d0f122d3277b8aa78938d0500eaa5e21ac5

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 3b5c183691a577c6be842d48cd084835
SHA1 210fc2c35ff898ac7be82f5282d8303712b7a460
SHA256 c2496e0495e84566d2b9d2f9cf94f572d87519c62f2f8029c7e9c592c498076b
SHA512 bf63855e38bf115be8f009d1d48a70e57c679555483c98006517ce9a96746db4bce64ad23788dd3ce1cb67000bdf46aaa14a9eace7686f2c01ad3341eaf1fb28

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 b86b803e29dff40623e42d0001c3f145
SHA1 f1af59cd8bae6222d815182c5da2ed0a9f82e95e
SHA256 c6bb59c69211fe678670bcd13d136fe16a8cc400f106c571464b42142990eae8
SHA512 cd6918cc3196764f94597a6e5097cdc7e4be936f0e664fc7c53e477429338eb3958cad28f92cf5848a7b21ce94c75efc05e75bf2b42b36a074d8872124f7aebb

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e2cae18e0396f58ab82572d46cc473e9
SHA1 53c6e562f590ca06075ebe6983827e4e2eb0d476
SHA256 59ef4fb0b6c9f008c912582b51b29f76655a13c2b984f10bd5f95f0f244c3ad5
SHA512 dcead9b1e656c66b547156c0175c5f5d011fedcdcf63321c5557badb1bc4a0ab0f55e1661f366caeb7e55c03254e99abd09beec65b608778ae7ddd98c1121c1a

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 5f86e54a27cc5bdb6677bff70dac4164
SHA1 197de1215c55cfdaf98b295e89d393264e1fd6f8
SHA256 5ca64ef53347dff956237363df8906d59d1cbd563008756e92de35d871d46dbc
SHA512 d4b754f57f6a8d1b84fdb73e39e83d082d799d7b889dc544585836f23e67cfb07d438ec04f8dfeb0d1a2ebb1db60cae66cdcc6f1c0404598dabf6a5a69d5cdfe

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 5851b1ae94796a97590b751dfa2b559f
SHA1 fb64900e0a64826a76267517f9294bb9fc6d21bc
SHA256 1d8a06ba9fcc05af574a726e57854239e3fa4c20262b292dcde78481fac06f64
SHA512 a1636e57e2e4370252d971a4c4b799d189a0c0133ba7b1dfbc86fa0af8b9d6449ea16ae01c6aa1571806922bb51f153cea2e47255c064ab8c030c8c9d5ad74cd

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 bce4f3efef4a950e471e403e34e1e495
SHA1 02a70eb9990b1f37a96a566a91d27d53e9328704
SHA256 d93c49fcd93f13f254e7288f1217ec72ead090f37ecdb26f64f505a00a197752
SHA512 33199269033c736c7c86e82e08ec9145bfeaadc2cf243014eab2d52026f99110506c5e755de5c366555b9ad22619700819e2a580fcb14873765893e619fc2387

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 9253e643040401ab7f1f197eb6e89b27
SHA1 a44766e43543d901cab56543e72274d5aa7805aa
SHA256 617255f5338e32e943211c812dae97c7b4be326693b2c72d93b4521ffb4f2ee9
SHA512 8ec0a8f5ba9e3ed136f9e09f79b058a56c1cfa5466307a44b37c132f749ececb8452c949a4049096aa5ee4eec15f0637d215a66d5e06830e1c35d9bec16f1e12

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 9df3f09fe3a1bc40726ccf52ac383585
SHA1 034367495cfc6808e8f109de5c50414350d3d5ab
SHA256 1be56b621dfcb151bcb558185fd24f2c821c05c02ed47d1413ec010e35d32db5
SHA512 d56c9758d01888fdc1a9db8c4735adba9be4b68d1e102eb822f04813b3703bc94d32daf1cc7f118ac07ec5c0e0bb39f5d7fc247adbe828c9b88f67eecd65ef55

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 ddff7c9250a39d5fffe96818d5bd2fa4
SHA1 5cc8c506c55fe80376859a71303675bba4ad8c55
SHA256 efd8e25be5d6056dc433e68f4dd5c297ef2e51854bacb9226c736fb18d900954
SHA512 33d9acbe64b833b9f3530050be74d9ac9ab8508a07244288bc4d87b0f96a8f133071a002d3e779532e3ee77f8c7cf602bd34fa5080d1e4349fddb8ef107ddc82

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 ca857a67599cf9cbdded6d3876b8e351
SHA1 2b34e9c0482363e4c6d42da15b0c14cd809b871a
SHA256 c14aec4fd7f705f01cd93161f917efd7abf2a2cc09955cda8a3c53573f8ebb8d
SHA512 361e118abb25ac8e964271cc8efc5cd75a817c1fb3d3a8dbe895feba8482bf5ad4b5269329a6b2a2a815e8bea1af3eb8abf6405ab2be4225f50f2f08a53c22e6

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f0c2890c8cbe52420c786a7f5bec7eb8
SHA1 0c8445ab3cb101277ea733a9b27176efd091bce1
SHA256 de399b2977d4177700ea5dc013b8efe6ec5381352e19c9772093c3654cb0519a
SHA512 9ab1e1adfc95f721e1ce061c70c392d2928883beb1f677a1b881e755c350a914ec2426139d8c0752a53a8fdcb5a91812da2e11bc261e4e88812374cdfb10e1cc

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 1d0da64ecf8f53d87c6924c65c7138b5
SHA1 622579568624aecbaa34348f968304af3b14970c
SHA256 20fb2ae7933f7522d9dacb35ef303312920464135e803eea236dfe3d832911d3
SHA512 a2b93deaeeccbd26c5deb2f5fa2827b9394af81ee9b06ceb1578d61da7bc611c2e9726e2e1e93c78fb8d959a1d0e8110c4b14c45d98bfcc979fb82ed5ff6d947

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c68be3e629777b1511476fb22e1ef65c
SHA1 109296e4c4770ec392b76632b02f5714dd8537b7
SHA256 52d314a6c42c0f8f0ffb7e79699f10fc20bc0f4f382b3009d43bff6438ec3e68
SHA512 d86e3b6ff8b46e1143ba9ce3321ea857d4985be3d70efcc22862c595e03b193b1873b0966031f4bb61639f59fa3398f02a0c2434ff081996ef9d896920d474d0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 8b188300bf90f98a55912de0281f5315
SHA1 4b902d4b7dab92bcd8a68f4c2565f7027730ed6c
SHA256 245b4ededa3e6ab7d5206a7a9d4fcea8838d770dc2e833f8fc418e9ffa4d890d
SHA512 51026a4c55ca1c6a945bd1707c9b7e9f2c6890e4415c4e4903386f1f40576064f4ef490b57f6f19d1e5199b28871933edc9a16f757154d3a5c7ecba1501af6d3

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 d8aa6a8a8d4d595264749b601d9a24bd
SHA1 d2184e859e8eae8b9645ddbfa15171ab25e75d7b
SHA256 d9cf94c197f1798c9840ef6a66412b87fbc56593362457a8b7c076e9d56d8880
SHA512 0d6ea6097a8c23f35395ac056f2d88a23132c441644f1c6c1952f003467fe55c7edc4f9525cde822a6ce6f211f6b3d0168e2762d80f36dc57059fafc4b69bf7c

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 6af20a77c365d7711952feb227404d91
SHA1 9ce3eb52ce72be69b7b5f9bf8ff819bf4b87fc50
SHA256 8a671ed1b9f7d61c48d530539a196e2d424cc6eb430acf7e37f5ccb400dc6b9b
SHA512 89b44f9e646b276f7f6122ea9d489f8e474d1bc74c675e65188a5a449879edc10c0b7d81c05927b159d02fb31635d41362473689210c06463e4795b0d293adcd

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f32824fc6f253582ce46187b80edadfe
SHA1 9c9cc43d637bc8c3b774f37c15fdaa8c0a385d06
SHA256 c8722a29242735202e2112385027fe6aaae6cdec60d69e63c4ffb9484e9b7ef5
SHA512 9b75b86db6249482abc535b36e5cb3b3aa902db4b0a4a92b3d0cedd6d49d09c8ea87b1e28e464af54a2f3e63ea455dc875337dc2d4f456431dd174c9398718c3

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 640233b4e48f31e3c8283687f4c00df4
SHA1 e8817f20984cd21c4adc35f1412cca19fabc1871
SHA256 0788f83f6c9da27153cc58cb643f4ed3febca433661ba5ed03017b3ebd2ffaa9
SHA512 8f70f102d5af41b019ba595cf2638ddb84d0427b64df2febdf1fe06141933641a805c2abb874a9a06e8bad49745269857a87a284b42cd703ecbd584010e243d6

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 188950e0757f51992a03142ac6f22dc6
SHA1 c69c6d6af20b13431bee29431224fbb7a46227df
SHA256 79b894d7314f36cc07013d32ffded186a200db197c1caa16ec0466e06cfd8b0e
SHA512 09b7c0e9d4f12e38f237bd73d380f6048e78f7a4ef9bfbfd4ea03d179ab5e375480bed18f8eb748479ba0c55ba30daf39c3791fae491fbcef65d36f2402d4fdc

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 5dd343eeb57a08f28884da2ecad2659c
SHA1 fbb7afbc807d52f78c9b46c379003ce7e63cf32f
SHA256 7dc3b5c89034ee833b5760110684b6d49b2f1361a45d99023739e906accedf8d
SHA512 a47ca0fd2e0758f425474073a9e567143fd6730077cbac316db8d0ffd6b030a02ba37bdc57d1c2e738681d3689a25c24401ef68cc665223de6a633b97f38a39b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 15dc1acd555150cd1c09324997cc0736
SHA1 93b726c165cd869b47521edb90cd79ed8c08a5ad
SHA256 59db785dbefea5f08ee7504a9de2e5740657addf9f358330d219157107f1aa88
SHA512 1f101d840b749528a89b47d6bcb9c90cfa11750796e1954232847d8365b6dfc49f87b2a56c9db69a92b56466004a3004deb03fe0a01c2adac16b502ccf57da1e

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 f3005e3c307aa494c0d139fca1c1929a
SHA1 ab4992f223a6ec6bafbe1d146ecc69cc4d615152
SHA256 b32989496f9f455e66ea97eb8fb8672155d49aa9980880b5379a717fadbcbc2f
SHA512 d25f20e9276d1fab06ba51a11876932f9ccdd0fdeb527dd5737155e679707fac8abe1f0a23f4589ac10a8aaf9e06e88656a7cb926e21ba3da6b4a96db5d9c13a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4365e2700e696bb9a4ba31b4f01b1660
SHA1 0e3e5fef5cca17b01c6bac87cb12d996f40abd87
SHA256 6425f92f578a10dfa804226e2752847d712ce3bb39195910c9b28978a14fb47b
SHA512 a6d0f938d81b09285934e0e3b6a7ebfcecc889d7be7aece5bbd6d94472c9bbf74bf200457fe48b386a00e632b3d83382b74d5a34fe11b083337f589d17d31b47

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 85b4bb3379e733efea2c88150a7966c0
SHA1 4ec774c235f34698ec4ad5a4f88ddcb287570a9e
SHA256 6effa6a5500ac8e800deb2621c9b554b5b9be0a0f99185ab87a24db83ac727fe
SHA512 c4365713fa654e7b554c92b5583747a49527bfa4f330726c2310980a1716ab2dbac0ca2d1767897be4bdd0069b071382731fee6562fb4879b37dd7919fe54f2d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 cef3cf594f235966901b96330b95ecd4
SHA1 2c7d494159cb4408769d9b86cec1c05dee3f4526
SHA256 c82cfff9bad574f286df926b4a08bb03b58b8d87392acc45779741f83d1d9c74
SHA512 49be66020f76f38b34d672e67301864a00d5b81a7e53f0c0a0f657cc9570e886de2f5ab601ee98e8070e620fecf6c76fa693609c71585e7330b3597230da67f8

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 788b787cfa7ec6ab7e050583ede7862f
SHA1 7fc4733dbb939df52468bc8a4dcc113845a1656a
SHA256 bdf83a9c00027041e00a6ca2bdb1ffe4cd0a6ae9961c812fe273bed2fc70895d
SHA512 8fec49086b999021ef61a85a6b0f858103b5dc193a2e081eaffba1b653c930a958b50c2ffe734a34b6666494830c5583ac91dda27cbfb507de19af81dfdd33d6

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 73b4968c6318bced7ea9edf2a7bf343d
SHA1 ea9791ea72804feb9a5996de16f282c66575b06e
SHA256 f3c7aecbff5bd765f0a1e89b9ccf51f23cc0ceea93481d157b83b78baa9395ea
SHA512 bbd91f783d12940bbdbb14862689a685ecdf1b2e0c5b469b209802645c3d35c15c93653496145bf8833d154742d3b2ae55e8232d3acfa60463de9d4d0bc33165

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 1fa87c4b13c510cacf995798b4fc61ef
SHA1 f69d95a3d92c532cc4753e4efbc9c18f3c6619e9
SHA256 a971b40c4596f876d2e0865dcdf7935911717fc8113993de5fc26c654842176e
SHA512 302dde18aad8bf74f0f3f6bf53d240e8f8327b96bbe87b51ba681a40bf754ad91b007f9c4e106efd65ee48325925b3a8bacb9bd8da02782ec840268c7d9f1dc9

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 140c3a1d96b2d48adfbbd425fc7e47a2
SHA1 57d395183bb23c505a723526e79fda128d417a6b
SHA256 c0053935be2bf31d15d81a9dcf8ccb821b238d2dedda35d4191cb6a128f08f03
SHA512 8177562613a0e8ccb06318539bcdf9921955ecbfc59eb32fd03eb89763f0ec890d91c2aba0573334c507fe1197fae959d35e803575a07c8403e7db88a7c4658f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 959ddfe94d4183a3137af85379820f27
SHA1 34516187f46580ca2515dbf3415cd055d7506d29
SHA256 db4b8f648854e3e6e0f3a43d01f2d7d4b92a3390e5f698e0692d99c598a57a59
SHA512 40992d7982a565876a9ce5909360140d41742ff82dd19606694d0d8da7baecc30dcd1074ee5470c2e6fd9aafbf2fbddd372b37f808005672e37156c3dc002df5

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 bc62619cf28e447eb8fbfa00cb0558a7
SHA1 d16599ba36b74feb395311ddb7d4ca699203fc85
SHA256 6f5fab7201d14c6faccee9fefe3ea573cff14456ce45068957ff653d0c9f373d
SHA512 f2c85c339b454f0b2a4bea60b3a2b873c9cbf58467abf1ceae69810e7558008aeddb3b688245f4dec5841ebf6f7afa89490f8b5d666f011bf90af4a18a3b2c75

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 993d2738389600f5d75116d6ac759578
SHA1 b5df3ef6c9cc7a00a9070a44539129fac6c67580
SHA256 54aa5ed4182ccb8a67799faa965327d61a8c06c3b22f1e40a450d78a67383683
SHA512 606428b49d90633aba961015e125901d783d876e477cc05880f9e2f1fb80edcd4e3e16754b3f5812633d61f54d1bf755013ad59bd62fcba3be163f411eaedeae

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 d490aaf881dd19be1d7e3fb8dfdf9ddf
SHA1 c96790b865bee923d7f1ed10776f196ff56ca15e
SHA256 dadbbd7686cbb0f943db71e7a8c8bbf35a78f2d9bb6ee3ca690df055f479aa6f
SHA512 92f9473c7fbd3cad2aa65a99a63d00585ccd3818de574a1e96c63476ecbe01f47e617658deb56e0659c2f4afa76aed2b8298fec7e0ceaacea9e8e33e15d9ad9b

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 9c62142f9d7102f18870cec6e382cc11
SHA1 847bb488624004379f2bf8fbe48a12d98065840c
SHA256 c21aac0a7daf3ba3644ec3418be42ead7cf40de22d89a872e3290c0ccfa8af6e
SHA512 265054ead6b06b6b1340a835fd334ae6b4b8a2182d5150f0ec582248e3c28c48a35c1d85d09223682db3bf0f7bf17d09368b15ae88a964a7ff9395a4bfc2a519

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 604a0f77c66210a6bf36b1b5b3ef54b4
SHA1 9f60176d3b57807ba879574b881dcf0a480a874d
SHA256 b6ff5ca5009105e394c8b172bcbe928d20e2d7bb91d4979a74e6ec10ac013f79
SHA512 4b3d7477b755af7e1195e49bba383a5431a1987b0f01423e1498be843775e2441eeb39c1e4bda53d2b88fc92b379a006498aeafbcd0716bc40acca5ebb72ea1d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 80c6002d98d245060ad9e6bafe40abdf
SHA1 2ed60e524435171e1c4f5797833a8512b20fc385
SHA256 256632a6d68e6e7e9d8a27a498ca4fc115aad6188a833399ca508886c32111f6
SHA512 44d2fd522254353e03633147c4fc15efbf716396dee5f56d848d12a6721e1f77193a8ad4f57d447a156b94988c939a0ad60afa5a5c504bac1d69294c74c0309b

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 2131c685243ee70253e9ab26b133f62a
SHA1 4da1e92d2b7e853fc195a4fdfc9793f03e6591ea
SHA256 3a0622b22af23d73eaaa43962193389b47e3938a05779d0733f509528cf57074
SHA512 f420fc79036c24df4db68b0c74a7e71a0ca6712098da0fab744c2e43b46667b3971f39d05c112856b4b516a78de19caf4db2363a0735b70d85f84a9ecb90a43c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d9bf55636deb4dd9ebd8b48a5b1bdf02
SHA1 e6503409bb9dd88c3dc5ca794213685ac68790bf
SHA256 ad340c904b8286176b81b912d6ca09c73907d056b8e2f42e2973e4c5d02e3dce
SHA512 3e38f8e48eedc89c510e27c14f4063acd3f7d8a3a116895bfe8e6f7ecc54ebb810ac0571d3f3a28c9aece037b5e8967f9aa798977a2af5051e1dca5db17eeec6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a79e93d69c27ad4ed33fcab900a5759d
SHA1 373b824b13ad823093a6f21613a4290aa944091d
SHA256 01efd14e3eccffc1c6ea77436fd4e16aefac1d79c33e17d5df76152c97657d60
SHA512 75f53058f3f4d385390d45e5d8f312a60b997e0569223e49123c4c18c42c4f2942674757b88d9a7b7f88ac3a03c6c8d223cd0178881853b13800de44490cdcf4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 fc0481951661053d6283118313be2365
SHA1 9be3ac23858076c454c530b5f7ace647518e7591
SHA256 77c337c7d3f9cd7f73ab5e083115dc66d6be3faaf237626409ca3d5dd7d1cb9d
SHA512 83f5a4e631a0757ebee9b73f6efe5a4a4d2facc6302444ab47be93a064cdcfa4a7d87ac5ff8987679db83065af7d0c622cc51f3f2e5de2facdcea5136a0f6312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 d39cc3504a0ed66fe94d223cf63d61eb
SHA1 0bd334df3c0c1d8017ab790d05ce755dd77f8d6e
SHA256 0b903f264e389a5b4f753468d05756ca20b4263f3eba46d215c36f041f93fc94
SHA512 102d0819f0fb02f81f4f889a17c4e56289df73e29a796c2b8a091584d52903a71d8dc29f97c7f3cee2dedbf7418c043bd6068be50e420f22e54c711b22714081

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 dd4675c6d1715564054e0f4cc18048c5
SHA1 edbc7d9813c203ab7bdc4ccbeaefdf437d4f917c
SHA256 cd0ba254905153908e36127d03a785ac654607dd1a8796e6b32a0cea68239a50
SHA512 282658116240e38b9a40fafddd9b260878296aae59eaea4438b45da5580360f2a278308a2498244b159c468ec918ce4774f6f6790405e5a2dd7db4b2d8d9131f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 9324ada317863b0564ded2a2807d6375
SHA1 65ee95acce2074409b6151d62ba49281135cf177
SHA256 fecd0f797d6dea72283ed8b9911847f455edea9e480ea21d39e68455fae90252
SHA512 77a316eef955c5aa479fe463134176b1d3c28badd15e2a882bb652395144e60b5abe47e73bba594ce2200477cc9f6ea9614756f402fbc596e95d13045f641071

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 6dfe202fa9ffe236f091b31c2db0bbdd
SHA1 8a74d58acf7dda5e5b3cdd938c15a8bfd68a502f
SHA256 7c12eadc5c6e52688fdd620fc5790e7dbce83dcb4913125ac9cd318bebeaf9cc
SHA512 c0d117dc1b41f14dc37d9da5169921b9eccfd33d2140cd0243d98affeb99ce832b03011a7f3dd3177f941fd30e40ab5ec6f887d885e4d34d742212cce13317f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 98a7b841c2d086b276ff386bd06eae0a
SHA1 82ec0d667fd8b0a4aa3c159ac7cf024579144a96
SHA256 05e392e0c30243c4bd40d0e289f61711b89ffa37cd6f0378a58598e6e5de9111
SHA512 520a27bdc3426b95a5070f1ce343daf9eac59f21878f6d5f09ee78c4414bb345278d6b99e634819d832fe41d695d199ee605b2ae91bead9122024036a88cde2c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 bfd85666f4dbf13cab50b06a22abbc50
SHA1 03bd5c2c21157405ef3bdc31d10e8dfc2f964755
SHA256 aed506505831fef3971392a4ea6cfd0095d3f6909fec243eca393a852b3d2a65
SHA512 8aef061afe39b73b7e72b44184534f6b3b3715fd000b5955608f03da1709ca32802b94564623faf75c9191bbaaaa11e8486df12193a9b238794f83e424be5d59

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 443785f859c4e8893d7b5e7e5d61367e
SHA1 1e2e3948781bcfa363779714c961c0ee443b18d3
SHA256 04aa09d1273f28536ebdfe03896ae80e9452faa893f84ea74d0b5f0dac6c67fb
SHA512 7355ade11333700f0f0f9df822774e86709297bb995ccef2b6b101b41a631de887bd94bc4ea7cebad2d8983fc22206ab2ca6e079507b1232f2c7eff967871874

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.EnCiPhErEd

MD5 0403f7cebd14953efcf9a62e84268185
SHA1 7e974b499fcfd7850814a93d232ff0fc4de8c483
SHA256 f7dfcfd1b83a326ecde36df51ec31a6c98b6dabf0e02871b899fdd385c83ddb1
SHA512 7580226e2868c34ca7a315571bc008fbaf9bbecbc15418d3b5f96222b6b6a9623266604d91577a75815878616b482913158532479c8730d723311c8f298cc463

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 8b6b28cf218fb867ae49d2fb4c876e1d
SHA1 c812fce3b689afd75e5a3cd3bc3e91a7ea25454b
SHA256 59c9745aa1698714c4dcd73024eb89bc3b8e200d8cbb2935b2ff9c3041f74662
SHA512 8696cc76d175121eea801fe035314eec19a28c8054b823ed77626009a15663b261a51f758b99df58529de9bb05a6d9698f092010d0a35e99927f13eb2624c4fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f8fbf1c1a639fbe923b2ac488598f5f6
SHA1 53f1eec92ced8912142f717fe71a5460347dbbe3
SHA256 bb2e5395afedc599db1e8ed57e851dd744517d71a21ce2800b4b4357f74be86a
SHA512 b1988ff10759bb7a6d340932f1f2b962b908349feab4a6fe81b1828865cb33957cdd0dce183ec5f3d8cf4e53c871367a0cf5a1d8e35653586ac7afa6bfaf24ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 8aac717cb3471a268d0ccbc48cbd62bf
SHA1 c58141a06de988bfcd9307387beb7156bfd77ff5
SHA256 ee007944f1c2553980008dc88852d4d641d1f3ef6cd0d33851c90b7dda470666
SHA512 0c579c8cc51d6ae8793a6f3ddd9585b6b31030d4efa01e589787f1b5552851671b30cf6c0a743e2d0203b1940cfed30499b78e91c5157e62709845d757ab443a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 fc63e617c1a341c8738931e585ff27d2
SHA1 a8120a527927aa54fafd96612bb9809c41dfb704
SHA256 8e1e09656450362275bc703b9168511873f71ab0138c8a8291826004c5f7c4f2
SHA512 aae5dd553e3fbae6c7070f510a75b7cf8e09b43084ca36183589c987b3adba349f788ee653c7df89eb2c16bd608661b8dffe79fee38469094f876a9ae22dec16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 7a09c12a2c4fe425fbc8409eb3ea5ef0
SHA1 45154e53aa27fb54a1fddc3c6f64c9be8ea37de3
SHA256 6afa128afdfff7ffea78f872e33dcf014fe34b1338f9b612fb6ee00da519e79b
SHA512 7d94a0961649fe6faadf6f1016b555ecee9963c24cfea9497ef6d9214b82fb688c3cef5d5d880b2b52c9fd3f67a1adfc9ec0cece2792831b1d8986af038449a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 73a4a8e377ad19b871441776124a98b1
SHA1 f45a0860917a472e2fdad2989c2e83c01d451096
SHA256 4c964cda57fc9aaf23ff24ec2225d42163355302a7f7ce233d69a1b94e58dac7
SHA512 56682563dd04afa7dcab57c479bbe7347402e159457ee57a44182a2436180b7c836122938fc8b36126fc6c1c29a9ece1c7ad0590298d626efd21235c32386ecf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a64b7f8baa1f0755968f922e422b8847
SHA1 1713bccee1fe7c9825931813119b0007435b1334
SHA256 3094ae54d4b788b193490c501ff43718be070612c4aeeff8e5877ef31bb510b9
SHA512 b1d6b4a611b3de57ccfad9ec1891a6caab4452ad054ad738744177842f61502c4105c64a8656da66252e955e660f0822f4241063120523d0e287c24278e3ec51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 ffffd5ec3b567b340692222ddde701e2
SHA1 42ff25d5a5d0232897305d8c00a9c6d980710c49
SHA256 ed14cb06c43fc99b9fb147c01dae9e5e98ab9ce5fff7ceb905a8f36fa204bcfe
SHA512 6a769f2e9fb246b0582c662bba6c49dc46fca23d39452b91e199c31e1c396d8723d0b188fbe44f54a2fe5d58c7b0b30396a01cde878499ed8a47727d6d0f4fa4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 c74269759dd172ecb60f0d07eeef9582
SHA1 f01073cf10f4766448be6b2dfcf5c3ae6f6b02a3
SHA256 c48288fcf71f0b0d1ce8d59e30caa4ef9daf2a18d02468bc1ad7080183016913
SHA512 b89c81dd62096ea79052e649cd683ffc015587f540cd553d1f12d34f9ea6e1ee15a2bb1ccd3aa610f3ccac9914fb499d6565c13f5203ae5b3654f5925c7543e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a9bbb04cc36a6a75506992ad25ab6367
SHA1 d5b11f98f95af2d70865849b6984d23c04468f68
SHA256 28377f6db40c48a0d5e73e6665953d9d48b884cb14dc3d9552e8f5bb18f31825
SHA512 24b456ce12f7083bf9fbeecd7e51f365ebf30c8b464fb73ef0def903055b4f1af09d87af793cdc04c22590eb594e565539d30032f31792503d5a6c66b3ef4438

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 c26a9aa7a8302567ca563663c73445d8
SHA1 cb2ea1b325ede193d618806819c15cc5434861b8
SHA256 83478925688d7d0a962d95cf3acb0ccb68718865ee71559eac095c8ae1c0d935
SHA512 27525376853d52a80d0bc97a1c880fa7344245268e71ca92dd2c9579c6109088957f807a8c1e631e816784c2568b7cc936c76391fe257934f31a1e4e5a373c6a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c84863a225c1ad45f5f96e9d4bb40a29
SHA1 602c78fb9d3a2adac4350596228bc1633601847e
SHA256 787d3a7e7d2ddc507fa45784ad67c4158fad8d292797a55690f1d06415814c00
SHA512 ac4642bd8dcea66b3f3ef6e3c31d76c9b554e1da8b39587a8108af41c4564a9076b06906f0b70a638eb5aa341f49e491412ca118ef49a336305eb96d4aee74d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 3ef2440df4e6909832a8a903c68e3420
SHA1 80521968a7665a8c7e6ff790a311396c6be4107c
SHA256 4bef1bda31d83cfcd8d1b6e43c1720464c31a27efa0d93f7415f59feecbdc9ba
SHA512 a2353bf1ae63be3f69fed09a0bb98d34fc51c5921a7bab0d0963439d071303c73e6b66f4f22c91f8cfe885df459fb8c3c40bfdde34386dcb54cd87424a30469c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 362c772318f6944578834fad09329b4f
SHA1 574b51b08d337dadf906cd6a62d7973ee7ba33c0
SHA256 b6943b773bb6d6483b80cd991675924e9e65cf86724318aa1d7c409c2bd5e5ac
SHA512 ebd83da05e2acbe3f7def347a0804d79a083c3daca08ac08a436c04a6cf42e13cd2d652a45193eb95a804a44e0a31eb9080ec023c4939aa38fd7dbccf1ed37bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 3e90738c693114230369cedca7c24cb9
SHA1 ecc8f2cc90c0861158516b837295550773e397c3
SHA256 17a9656b8c6aa436727bbaad78cc43817c5cac26f0b928d205836adbe9e99303
SHA512 83055e9678e3a48c8be5d9a2dc5d0525f175de066b6e4367d7c2a1a354f2d24641f2dc54ffa63ebaecabc7d3b6eb090800afca2d91af6d27e456d8acd46e81c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 29581428ecedb7afcfa0d6955b3f7e24
SHA1 2871143536ee9c6d7e1ce651c0d7e8ce3aede309
SHA256 bcc908d4459918d293341ec0fc874409644c3bd5b039fe68837624f6aec4b28c
SHA512 56e070e2e480fe29213770011a52aa4ba013f5e3d5ced41b9d7235c28d442430c67a9d7584ccabfb25fca2398d718e7e1c71abef6de05e30bd0f78ecc7e4c74d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c1b6c6181246580c352590f9c9fe5d56
SHA1 48de884f7c5d66e332ee316fd27cf3abee4caeb6
SHA256 40bcc1b7b38bf7b6e9ebd3675266935b78d7db3de36f2474d97bd6ede785aeaa
SHA512 2876494d1e642f3bad4324eaee3a354ac725e058a91d7df84119fd698ec3b81dd94450e3136e5065f13c200444f145cbad34c5721722c8202bd97bd7373440d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 ec3fdea892c9afd57ace34b6b68a934b
SHA1 32b340ee0c9af6428fb86dea9e48424b3f2db54e
SHA256 3ecab0925c9eed9ce0655f59123e1648e8785c519574ec34ae5831c2a77d1bf3
SHA512 7352f84c645318c50ceda6b1b2c24f319e26556bad8cb741757acbc8f0927bb10445b9261a0ed75d6e9bf005cb77feafcd43b618977cf810fc31f644ebb8d613

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 ce59b472a048a08c4423de6c5d15ad1d
SHA1 d67f865bb407ee9f05323ac22766f7be77a76015
SHA256 bf6e54efb5e9e27e117f350d8c748f4597b44ffe3883a25defc5c50597bb73c1
SHA512 89006a8dfaf03ae254e816757de3628a90cffd7cfb05b6e2b0446bbf542ec9d869cf08d3c0e7058f29c0b7d151fd7b57b4ca879ab0c741ceb301437d9e0ef786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a09bdc3a51958b8ff983dd32a93ad6ae
SHA1 8ed48a00cb6395e2423d513c2c72faf1bbdf2a08
SHA256 a35a358209f448011b46fc14d3b1bfe975ebce256cb3c87998e713984e3af9c0
SHA512 43707fc661c5f400fec0ccec138d93aac1343c01441db1beb6964ecc3a0dabc088c8135ef83109bd69271fcbde8ccbbd712f480d54345f6837e3c71c743b7301

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 ea017caa19b9138b33c5bb227f1aec49
SHA1 85ff509ceb1eef929ce6ba5d65ff15c52f091f1e
SHA256 850c1319bb42a7d2e296e92d1c47e1c21126eb8294060da9ae6ee72b7d1f14e5
SHA512 9edf7c935fed38a6a6ce6170aafd0e66e2e5b3646b03c4aa9ae3b750016080e314f1212979cabf641984cf7d8f7d4720966a61c979ac8480682a5de4469980fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 2da7ea8467284ec07522014c45487d94
SHA1 d808022943e2ce718de3142a958fb1853e5e7a39
SHA256 63e5cc19b949d5c367a15f4b83a4767c254d3a6bb4b050770d90c0a9523dac5a
SHA512 e90895c46cf621fb2462cc833f89ee990132a5f68b5a299bcaa1b25cf16e980692c21b2fa345abc2e6e983dab5a138d0dce51102437a5f27b199062e4a5818fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 8bb1db54c7c668238855a7d19e584ed8
SHA1 39cfd29ed9564ee03fd2e90ecd238b09d3262833
SHA256 b0b1ec6ba3352dac158e95352017c5961380d72d133c60592e976a84bf146d00
SHA512 4cfbffc128bda2313d0d5a290eb1d1f8057de8fdcb3642f4abf402a5ef4cfeed1dc88f6b134a380f9cc4854f52e355620859b38b61df232f4d04a687294d65bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8e44c621c0107c9a70a936ea04c2d168
SHA1 40112a691ef1c42fd663c1a050f67d56fdb21a80
SHA256 8aece4822305f7647eb8a3be62a9e617e7cf68f245022dc4696d78e8a8328e2d
SHA512 d36474c6a89f0041c66a43532009c2d8cf00bb8fdb7919ccfaddf4952a31672e19e1ac55e696ddc3ad582f4ae3475ccda399d6bdbcdd0506ae82e89c5ac69470

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 ab823f97b3c2d29a6da0fbaad45e281e
SHA1 09873b7371151d42dd1621d15a77d44eff71e1af
SHA256 52641147124d0358c28865d2ed4fd3df176e7a67010bd7c3c4fc386d90245efa
SHA512 86d12382f6985afd58cae2b641fb44fb0718d02b3feac292ba0a035a3ba7b6722e49db0887fe617730094e8f4b855d8b8019ab4b2f549f40aa739e4557be1cf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 4e86049dd669d70db5981a9d9f0b45d0
SHA1 23f7f45edae015e18ad28c618648404634f8f98a
SHA256 b0aad626aa3bc200fb746d6257b448ea338a090546c8a8f8b68871707772be46
SHA512 fc19c31d72cc831cdbfa260fa161c5de1d33386cf2e12b4792c8d3c18af3e010d6e77e6537c9d807239639e047c9e13c89cd80f9dfb4fc0ce5a112cca47f4fa9

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f55a42264ef56d638627d58d538a1094
SHA1 71e38767b2f893d4eb26e87f61760ec6a0baaad8
SHA256 50342a9d664e09715ba967379aa9f79ca27e8b5ac427a2fd9260267a0c9f4044
SHA512 8995c2e9351f5a49d2858d9f4acd8987650c87723e84a1bfe776a527d64e52b8561d71f32481f3bcd808065dcb53dbf2c7092dc47f6625c9f7e3d8f4c2521994

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

MD5 0b6519e85052c3893d1e3c55c12caa58
SHA1 3d3062935e8316d7251c8abf769ddf6b3fea52db
SHA256 36518f641737efbb990773fda3e5b7383e0f097a72e1f23f74ddfa3493877d7c
SHA512 19a44d2beea758ac8d7f4ed1535c0f783341daf7a2726b137aaa40147b83b3486891f3647773d904d72678603503eacd54242452304048c4c0d8cf49fbe1eeef

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt.EnCiPhErEd

MD5 fc880d7e4db64a15ff9931d640fe67bf
SHA1 d058d1dbe94c3fdc44ccf902c3bfa856f452695b
SHA256 44682a30a41cb0ea847908a8f4c5d95e5e3e721347c7774482392b16f9d85ceb
SHA512 b92ff85ee80264ac7fee791ab6c8e132203ee5aafcf9bc114e5edf1234993038f113d4d9f3bf8797f8ba2df6972cc7760558d598a978e43594e6d696963b0200

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

MD5 694ecf9ac34ebfa343a0033817d61f6e
SHA1 7bb2113cadc672d2259100bf4b6006f1a189fb1d
SHA256 39804c8627a06b72e934ed8b6cf80d76f1298fefd7cf1e9754ef862d1fec30d3
SHA512 589a7e4e65efb4f4e910e5042a69327a91deef3c230d8b1d45566269935d3abda882184e6de05345b115728cdb780a1a28fc89bce8eb29eb0d5d7e02fceb7228

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

MD5 8702996f183ba023b886ec4c14520020
SHA1 fe16bff08d09eda34a91e6e071e223031555534d
SHA256 45645c7095543a463fa39ef947133e59f2e8eefe267e3756d3e3104f96023601
SHA512 8e3aab093bdd286e23d9143574aaee433073c03e4ed1f8f66e26872a917db66983db7f79d8cf5a64669f9ea19f19fc46f2a8285749f2ea09107b6cbf7136ccbc

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ece6c4e16848c7614193393821d2599e
SHA1 2fbab3be0a0ec5e640112d0d6ed253c93c657ecc
SHA256 a1fcb8f09e8ff493de70d8d9bd65f04bf1a51c8de864cea9b306a96f088078f0
SHA512 16b24af3bc345d519f61f6b1c6a585982dabdc460416683f12e8c775538f12cf71ecc69451564eff17cd7374d39eb4a34f2fe3685ab71748f8e7681653614a9a

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 2019026791181dfa20d162a8a6c3d49d
SHA1 c0ac58bd790680792ad34f6f7f0e218e851c3524
SHA256 f8c39086750249e229c70dc7e81672df456ea804ca01d4365b8d637c25079c98
SHA512 cda50dcb93abd9b480c8ddfba2ac03dbe7723aea392c754702f6a42eabdaebd8f7c5e9559f47b5f07f5aa8c8ca5d258c38f6a3bc43fe929a2559b90f40497711

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 cf6419b748cbfe9d611cefc3377e25a6
SHA1 0625274880655bd48df513e15dc6a1badb6937be
SHA256 4259826a7f0336d83b92888b8d265b4a4a4ce6cc76d8c8438a7f7ed99507f227
SHA512 0d36672e72b5efa857f2932a61a6a3e3aecf450d61d14350296f311b45ba0549a5d0a3b12b38fe53e2574a0dd3a4733d8323b7d23500776749d40d0de90b2a52

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 65409bdf66d82b3ed2c694d0e0e60ef7
SHA1 ae501ea8f966a35be0791d6df62475d23e06be26
SHA256 7b02c5ca6c96da746648c9774c2c4b3ac50501e9372359b0fde5fb9947d51b6f
SHA512 a82bbf6de7bda6949d28d47adc5a8dbf280ba97516a262dc8312d393a550b9f7574c7d2d9b6147b00af46767e39efbfd69892497bf83cf62b7e03dcf14153913

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a664dd644699ec67d1ee9fb1ec8f3669
SHA1 a137d59072daab879b3cc2aecb4ce6681f04180c
SHA256 cf4d832c653f24b6a489eb09d12121714a3b8d408465c896dd3e6de5e47fe2ff
SHA512 a9092687cfef164aac9ff9fa1331472f4bde792ea934e107fcc19078f49ea41ef62bf04bf9a4dace23f0d0d13610cb0f810cb565aba23c38d975008bcf273f4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f9096b011a9f7ae95f2e3425a681b5d2
SHA1 e23543056185509a34b541b15678b4d50b4f2493
SHA256 daa0884af93a369eb94ad8aa0589eda1485cf392ddd01b085ea8da7a7f5c5423
SHA512 ac74ccd2d550d6f90f388cde99418740dea99ad52cd68ab0216c8b691c83362b0d2fcb8ac3cc61cbadf96210155011afe8c2b3c2edfd8c36706287ad0c8e113d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 921f4d49997bb2221821dd1b50d0dc8b
SHA1 acde315a41648b4c49ab0a6bf80a069c458ccf1b
SHA256 ab3766258229a44eb628d737a1d139fc8fff8230d49ce8728d9c4111907fed71
SHA512 68404ba26bd29cad107284da1538f9e7a3434f5777a14fbdcc584102485684e6411f6d8a006af12eeb4390a9db081f6645602c2892d2add15019080faafe9a11

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a8dd921a687b288181369d64c7e37f79
SHA1 bc9ab49df38f8fe2e464c7ddf5303dc0b6ddbda4
SHA256 3c9246b1244f31428d9ee3eef93c8fd9ab818c088be8bba8e9975b3aebd33a74
SHA512 e6ae0bc63c674b3faaea84cfd79c9131484272083c08beb4ea5c6ba72f4711604ed4eb5333cd6a668fd97fb8b105efcbe027d2748c03a84fe2015f87380d7195

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 855a6edbce1d61e0a05744dc7d37cc79
SHA1 f46087c755020301b239c056ed65325a753d91a3
SHA256 7cde1100085f91f59b3e74aef3716eaec4528e1ab110181945060f1ebcf5f8fc
SHA512 e29adf7d8e9d7e1c48648b8e6abbd68f897152321cfc6095fd3bc65814983107abcb977b4096732b18f87edc4e4f773607229998599d9c390066459595f7ddd6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 e391ca88b5b0f624871ad4cc9c327dfe
SHA1 29b211a48c1a955c40b09e51b75648bcb33c50d1
SHA256 539cbd443dac34b9a2d8049ed51cd64abfd85babaa3a961f87239fdaa9f0d6f7
SHA512 9b59b7d05d026d6c87c9e49cb001e068755a15844d758d396e25ce4920cd23b4729c9e9bdaf1ec720811c0403bf83b3957c607fde2bd83701657249a16439879

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ac9d8ea59923ad9c8f3e8197dbe9258a
SHA1 ab831803158bfe20404eb3297be82de0f9918630
SHA256 f01adcb27e0b225c9a23f37422e05d24189d8f673a8c9a41fbeafdf6f4c9c006
SHA512 aea1eac1c40edaf26ff15a4bbdbaf654ff111a1f84c9bdaacb4bf5dfc582fd20b21fa57dcc4f99ed0537042d881f9c694d952c563524346917d8e14096d2f47f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d8d0f6f54a4e9f2ce2108060741e9468
SHA1 d7f6718bb008829c737e1e26e4b65bdb430a56f0
SHA256 e4b9c1918b4d97e0074ac670ba2e42288e33586ef064cb10b161c80323882b74
SHA512 dce0585e20969a7af133b8ca1fe6cfd252508f65f1d96c6fb3cc29cd8b097571e2fb3db5e45b3e48aebee3cb6fb55aaddd3eac9dfa7ab4758dd13a80826beed6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bebb0d934bd2952fc9c09d1ed4b03021
SHA1 31b9f72f3f6762cdd099c7908c8fedacd8a65f42
SHA256 1c1691ac1b23ffec72c94477dd8a0a8d67339fae0a7c50d165ccec8c9a8dff5c
SHA512 d5b073aa496b49c08a9dd3831435e95a8f930f420ad585ce78d341b16f5fac365aabc985010219cef8ea7ede85795556496268744565505e3a172415868a0ef4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c0ac39323c00c1d8a7ac8b852929b980
SHA1 09f5ea31610690bba03768f7f1771168d6dc481a
SHA256 594200d138a8b148e019db00f4f598b7bf5cdce5e9c4e1b52409fdcae97cd14c
SHA512 d18d7d953b299ce6e91d621b17d54dac798e876b2813f7466bb663337790b10c94dfaf51e26d46d068310a7098e1b6d83d90f0832b5c7bb38dd8dcc4515e9ab7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 3568fddc799fd3d28da6b16a2caac8cb
SHA1 184c969222c418a2f3386861ef4dc13bc236598a
SHA256 1314af738082f7837cd40c95b6bd9ad74ceba3c60b8c7b572d0ee791ae03d497
SHA512 490409fd1310b705d9c0ba615bb201226ddb5ec5f0c9469346f9fe6fcf3834192cc971a7c44646515575ac7052f954aa3ed398915aab1d43abbcf0380b30c68b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 db998da03a26192daa52dd39e15abe07
SHA1 ed8ad79ce0cf22254eaae9c0d84774086114103f
SHA256 91b999c0d6bf9b6cdd4f11a64ae2eb8d6516a1e79ba5a3694340dea171ceaf1f
SHA512 7af39a39c7c5bb4f86981ba85fb626d93c67639f14f9dd62410e0696401a7eaf293a3a435ab32812b427870a5b6cb9bfb2ecab93ca21922e5ed6525f1a00f2be

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ab6335062f24fea66dc3946f5659a367
SHA1 a1f0e36b9b65104ca6760b9e119eafa6abf8bfed
SHA256 726975b583b3e87615d0d731905d3e78035c6fc2e1367a2d1667e3bc972e4beb
SHA512 da6a06baee10564e9b2e75a9f7e2ee0692a60958ae0405a94d84f45080c24dfc37b820540ede12cf3929a482a0f67be9ac136c4e2dc46503e9a09c4ee47cee61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 6125c04bbf7df20846c9ff6c6daad06b
SHA1 d50486aa7834671ba06351b804dc2a89ee1e21b5
SHA256 76548ef1d7fe8eed00dc080e25ef2e931782c6f8e76c58607304f5f790bcb009
SHA512 83e71f8094dd2dbf07f59d483b1d60c7efa3abfd2e3731a2129e4b8af4765c004c9b2c72bc65e7c9c983dba269e31c023c814ed437ec538166200207da8d483e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 e75138f69175aeb090f078bb2ccf69e4
SHA1 bdc1f9a458f2ad1bfc96a977cee6c546e2131d6c
SHA256 17e5862317e9abb3a1a5bbf728b689d7a88660dcf0cea9678d941c877e11aeb1
SHA512 44955e4bf23085299a22d8855e6edbb7cb7a4379367fd55d20384bc8a4c9dca3f922e6c34eaa3463400d8ac089cb8bf9ed4dce379c7b8e5059d112b214c2569c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 836cde72d1178d92cec67edd9d33ea7a
SHA1 057555ac52607f5b9eba1a322f411a0aa7801749
SHA256 3af4318d163bef5cba1427a4aa52d63cd576caa63ccac62cee040dc0aefdfa78
SHA512 cb21b78fa38146af2d0451141250c3bc1bc849ef114b051673b7cab6b3d83fea2e67e4761c286b4c02683a16e8f1d96133fcdb5a20517bd67fd69caadb6cedba

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e489cb44a39b819dc6624ea3aa621547
SHA1 48e714aa79daf62196304907267e5c7fc55b1e85
SHA256 5ce5cc8580cc9f5d4e6d226e28c543a3703bc3fb8974d8b55e2e31903afbdf3e
SHA512 1066d0c0a83ab12444d0192bd44958d1f41461bcc6a2ab405db6c2ceef2c3f5397962ed2dd12aab2df67f98add7c3c3cb9dbf890f6e767cb86d9b334a35ec12f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 9b7177826f0ad796cc6717a51c3569ba
SHA1 9ef5d9ce35593008acb55477de94734eb3b95240
SHA256 d64b19d94094f4dabc7e4c8d5bbcfcbe514f4fe6594aa221fbfa0c416e29b92b
SHA512 9f7919cf1fd1929f82894e67637d0d307e8ddedf64d913ca8d6368550d9d699fc171c4b81edb4c5663fbd4f7b212f09168498c04a7b1c7f67a3560f9f5766657

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 67cb6f540797a4a3added6616db2afc1
SHA1 25605d00c7b1d9aa5827b0befdba2d0ca00758fb
SHA256 dae1ce44ba8f2ad31c03a8d9757b6ce4bd3f5fd13f20aefc48752308aad2d3af
SHA512 dbb562ae798e091b0af402a7e4fed89c2549b97a9c4343c0e65bbb16efd32f157fa9066535f091b91075f3cac06166596a06d3c7d32987b347f8f1942826bfac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 44f1289e1d4a55c2a4bc19799546b16d
SHA1 dc56dde106b99332014728d0147787714c3f0321
SHA256 49591a81c4d957fcd332d64a76ba0c7e33bcf9c7b36f20cc137c6490972da977
SHA512 d8b9d1845718e390f09a7c0ce4e2d0179de2a74a98fd88b848d9856a14ce8f6a07134dfe49826dd3288222e2b2c5bb7e9a90aeea1d30e5e88ce4f929925e83ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f7f920580737c3510f342db65288405d
SHA1 d3daa751d9f0cfcd9119bfa08d922df496293f29
SHA256 c8b651dc365e5808633c820ca362bcf04ba70c2b708046492f8593b60a0282b7
SHA512 0fc9d014801a3f9b4f656c4562ff4afda2da46104b6c104cebd800a54e5f23a608bc167d1961526ea8cdf7d7be39acf810f4b4eeb53190c71d705d921f0a73a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 bbda5e5278a9084b8ea76a3e51667c9f
SHA1 4525a24d16aa16c137ce663f752d86d1c58604e4
SHA256 1244e5cb871ed611c6f85eb42a2d43416541740944d2c030e3a01767ed9569d6
SHA512 b6e82e4acf2c49094634b967e74d95a5fd2cff9db2ddcaadbffe6f969d4bb787a0ec92e6d823575a779526572d899cfea93660de3e379f82ec1e3a1275718099

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 3a76721e4554e85e295ff65b0b1a58ae
SHA1 b554fd8b5ce3e831a7307b9b2cd03f63f9db4a88
SHA256 ef84bbf251c4f8691b17d741771744cfe16badbef6249bbb052951f33d540313
SHA512 b6cf1ed84c39b7a52ab3b18dd142be474107b02f4e96c93c813117eb0197265d794a5f4b35525da4ca23b4c7962ea0e051263e49089b37748e9df77fe04cb875

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 9108048f7d4b105de2d4c6b25acc5994
SHA1 ff2ee539f1a783f57676fd0826e29a51473edd4b
SHA256 277f46966aa8302ffb92299f96a314c2d20acf376882745a81f75f417292c742
SHA512 7e6d851c1f390be3af84109160c7a4880250a0287ee093886afd5d6a80c1772b150138d886fbfa708592db9639dcf35c469da9ff23a1fc573d42bb2aeea153ff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 3882e435ece588b6ee0fcadb64a33c76
SHA1 74488b4d71d4cde5aa9317720f7ad376d74da734
SHA256 247a86c85b61070584767af3b17d9c29bf05bff9fd5d2ec1abf3a7adf8d22bbc
SHA512 29cbe44c91bd7a64f01cb16a9352d9c7c752884dfb3604ae1ae31c0108e9e54e53ff86c8f20598e1995de5bbdcb4436532f2cf8ba3559edc9c4f7856a63d787a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 c5aea50a3b1bc8595cd03153c6282c76
SHA1 7bdd16b8ebac52f71fb0a515a796867de7554a0f
SHA256 1c8efb7c450fddac3aeaa8b51512846d134133a8f0c6e8df1fe99fd3614cf1c4
SHA512 c587103414e1f338bda79a3d08cdd34bc4cfa96b4bb52dccdfdfd682f2ffdcc0174d45691ff7e8dad899bea0ac120ec2753146e92fb92dc4f8f1df2713fc002b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 68104c466ebaaea6be5c00a3b12ee27b
SHA1 993caf175f8e15b2d0563980f2116061c7d6cc82
SHA256 e922ffc15312679cde0921099c5cd6b232fbbb756d36a69e2d97eeadd2019bab
SHA512 8802464136b669e33b5137780400bf44e6af4d28ad8bed4d4cd300f0b2ad18dea88a190b34024ff7daec4a337a7d4370effbb6591653eada0fb7736e8350fd97

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 d44119cd799c3745a47b9f7b13512eb9
SHA1 63ff2d1ed4fdeb83f063273dde77efd03ab9178e
SHA256 6368ef1593fa82a660615a4e771abfb89d828a7524bffb066e1beee7fd1d6694
SHA512 8e596c0cb342e7ec1e3bb350e6db778591aededb7db79ff46e0bf23faa95e8a7e012986b3fe9e45b943dbbd3a39ae5bc752d9c2083f31877f2b3e5fceaf3ff8d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 10c8dd2c4d12aec2160ba7699f8430e6
SHA1 63e2666dd238ec071a4e949a6e827d1111eb422d
SHA256 b9cfda8cc842e8537e7d8e0755c6485ae54111a72195b63076212439ed598023
SHA512 24b1aa51fe6a6bd01327e1d0523ee5195a4e9b2e6143ea06e4703de168dee4bbc0c044d9d6bdef799b0d547deda41e28c5303f765eedb8085fa0371b3e9e39bf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 840303ce7a602aeaa81f893c078b27c5
SHA1 00eb54af1da865964871f7ab5ae56905bbb84100
SHA256 8ba1b80ab96a6cb1f370fb706ff211bb1003a8cfca57a504e93bbf0a8bfe720c
SHA512 a05b3bc7ccdd93644f197990045f34707007cfdff3d1c97239ad30b9abc02fb84a76f0062a1e5a8ea8dfcfd326c6037212be0cf35c6a0508e1a196b613e3e219

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 e02b4f866160f86c2577020c7d40d5d5
SHA1 4dc9394755c0f55887ad16fc8f31ade9cc26fcf6
SHA256 accecc70683deba0ee3a1f1beab23744c1ae3efcccc7430dd03d40d46b2dce5d
SHA512 8565d258c690d730a5bf00230447a88815bc11431b1cb9755dbfdb1ada6f939fa611b72c1a064957a8684ec50d9425dc250570673499bfc7dc99f32261d4c38d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 63b9d8fc055cb7ddbd8413031fa0b8bf
SHA1 7bc28b075a6cf47499c200beac3a58c6cffc68cf
SHA256 391d2751b11450323e99c3daacdb28d33a34f93365bbff093a7709df8ee96e5e
SHA512 2ee011e94f1e67cbc8bd7f738c8b1533a218296e6afc81b071a74e760cdeb158b4fed4c387106578b0ef5040a4e7a8247e4ca4029b595af72a83e77ace284b67

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b58363bedd43d9907c79c7102736a826
SHA1 2abb83329564012011f396cc1aa876d57d99b3eb
SHA256 1fff5a4657bfb7762c7cf8bda1062960ba98625f72af9990c9c4f2509c6ff892
SHA512 3828f271dac8d15108bb4cf08b6f75b6175248aaa905ecb9d14b7d83960e0fb5b0e246b0ca426c6538a5a2ede55a2ea4124bdf1993c420150493990c3acc15e2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 069c30a7fdbdf0d89e807f6bafa6528b
SHA1 83baab184d772c05605d75ee18d55adcd09362ec
SHA256 6bf9e0b3837d01ca86c5702168b8477df6c54e43c367d4be0802ecaccbfb799f
SHA512 d3c378e9c9ee68d6e556755b7a06046f091412d15e3b7273ac75b2725bf41c79f7de953a07ddf1ed04d723ebd427617d8c72dc6d65277ed1881711f30c5c6276

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5ba0d88eb8ed424531c36bd97049304c
SHA1 eb430c4e3bb18f966b567af264bc356c5ed5bdb4
SHA256 47c509b4172c8d1aaeaba8cd6d3cd1a0fccf50cb424b65158dd3f9500520f9e6
SHA512 c45daf16ca39093b472d025d2641a0447f89a44a90de8267ef5c3a22dbd5f888206fa703ce1d32fd4f922c3ddded9d2255ecd111d1eb7c50126dd344475b533e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 e6fd452e2ad72c5b4e6cc44afe1dd435
SHA1 2008daa5df58411fcf6696c075cb983927515c81
SHA256 26bdc484516551734de1883b1f9f501b239d73653cf4790199dfb6fe00fc66c5
SHA512 293ee3a0cd4b1bd7daba665bd59dae47de409331e937c62f2664f65c33ca283166e97029ae359c737bedf89bba20067ffbb06dc29896fa1f333ab69897968f19

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 ffcdf8351b0f8f39c8f35cf79bf76153
SHA1 2409f510c8b40a25c04efad0e2a62ad2e0e9a8f4
SHA256 661afffda49bbfdde2c62768392b7792b3484edb8850fece31cd31b95d35dded
SHA512 c5b7f8d6f9dda31cc532df0dbb18b3756018931f9e66b2c68de1f3b693eea93ac87f943f9f2a70681505088880b58b91aa658656c4bee1b42569065f0af040d8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c317cda771edccab550b87af2eb87636
SHA1 aafcf769ae77cd83b188e5b4572b548e873b563d
SHA256 23d3eaf16f6d59ac3bf85547df10e4253bd904158d0b5ef83632fe530da95ffb
SHA512 22ae55a01e101129a2c2a9b4d0402e8080b59d5aecaeb646a1dec23cdc74efce7752aec7023a1c5f06b13d4db9e5f71ad0f3bf82b37488352f964be8e74db71c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 88aa6703c7cfa0cd311ecabd3e132da0
SHA1 e6b11ac0fb2d42bcb82733b73f7dce92121f7625
SHA256 96b34fa9670d07b68a3a18a088a6ee0aec7f0dec8bb1e8daceaafdc2bb6d8c7d
SHA512 42b1cb70dadd65d33e2616276ae2ec3579a3269b6167808cfdd9a24088fd8da9c4d1b302fbfa5ea994437486ea283dd9edc87e46f9b18bfdfd1acf1771b06594

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 28f4cbb7a81c892bbad82e9bdf459914
SHA1 dfa12f89e5a731ffaed790b962840693e5340b1d
SHA256 aedeb70626bdc689ccb08d1ce8c7d8e0bdc62c0aa765a49fa421e0a761a49427
SHA512 537cca5658633ee1b2b35294de92fb354c2f2241274463b38af840026abecdf8ca5938e2fce2fa21c3a2f2a2d5617929f6f801009706f3223fd4426c5927589e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c816830d42dce77389eb9440ac189e82
SHA1 a29cd9781e5509ee5d06e018e1faee45c42aeacc
SHA256 a6292dccbe7b87e9aae6a1696505d3e9099be24ad91e6d4c48cd5babf9c0e7a6
SHA512 8da4a374183dee087d447cbfb8456991a0b1634d3b3e034f57fb356b724094dc6dc751fb24d61c3ee58a1bc3725ac454baabbc9c6a5a93ae850aae416f825a7a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 137acd8f400e4cdafb0abcce7f4e0626
SHA1 ad958659cbe9a977fac6946b57e7261a54d0ad62
SHA256 83e18b7508928b60cc84a5142f6b27a5b73828f535aea86646ba34d4551db944
SHA512 88bb23573606c2c01ddf82e754d49c0c8034644b39cb64e551e38d3a14b77b28ea6f0db63219142a41cc5a321775b9d191bffc1bfd4f756d84ee5ea1ddf5d050

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 a5c727f0ec3e9855afb23af86c2b7aa7
SHA1 bde9eb8613aa9cad80f52d9cc4e9505d7486881d
SHA256 2cdb4c481c6c9b206ef7d5a8bedcd69d8bfc4273386275b74a9788cebbcedbfc
SHA512 5ae9feb65b0a8fe79b0d7ed32448466738e32a627610a849f93eaabccb8c4377429b3fb8239570f3250ae0b1d1dc745d289c8a8929182188a349ef58e38e9245

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 41b998a0fb7365a1f4277428fb4e61fd
SHA1 4be78bb55c5d3fe9f10215978e5b2c3bf918d7a1
SHA256 5399c8a41d34aba2485e8068fc875896bbb81941d59e7053379517768262b81d
SHA512 67002fa5f202fea2543739395e227b31c0340b3624eafeb65b07bcb1cfae551d4bd2f07c7ff43ec98c839a3d6b5713e25b69c9b2aa97ab1466e69d4c9a27b48f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 37b7367fbfcf774770f5b17dc12e9b39
SHA1 06cfafc8fc2b1b4c7d31ad030e0ae91550410e9a
SHA256 403b28161d6b82baa6ff7258f5715decd0e7a6502914c750b7477cdb6ea472bf
SHA512 4255ddb59ad96411c16fb2808aa6ec40d15e4d638a55d37939990b39be2bb9eff0b98254dbec369c8fc0107c92ad34083f2a6fcaac6640588fe0a576fa09254b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 49400665a29d3e190a3530c09629a79a
SHA1 425a1117450fea29bab0d907375e5bb1d4bdba39
SHA256 b3c67d0c8dff734c0d3d9f444549416c19c79e9563716bff17c07d4ba2e01ec1
SHA512 2bbc4a5fc14e0fb16a252f61f45e61513e5af7bcd35f9c8634ea355b1beab8306c8f8a8795d817c42e3415ac90a1c2e8665b65d848ae7762e301da3c17789fec

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 cca4789d83db4ef29dca777291827bea
SHA1 8e411f5a75af5a74377eba7fb803730be9d0f10d
SHA256 0d6458de9fde45adbc1047b03b64cb7034981826059a5b48d805a17a4fcdee01
SHA512 e9066679a766010855a8bc063f2ed531332f743ac13deecdd12dd1c83c3c54285d9651aa9c302659775740fff09e8c807d3bd18701f55e2108edd46483bec64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 3296cc4445632d9fe0957b45193971da
SHA1 2f654c29604a87e0a86c39aeb36ffeac3a7d5c84
SHA256 2b85d9c6305710fc78a55eb3b09a50741b7c9500dcd1b1088f5500c1409bdbed
SHA512 24ca04ad59faf6a73a67141ef11f2ce184fcbfbdb1047eebde619ad04c353a3ac3a600cf7db7cc9d36ee8441c35f72d4315553249d70b1151397d5ce2f4ba8aa

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 91b5b6046d7834af8ef238aaeb49315a
SHA1 69a5d9679a4358a767f8d3725ed26074ad56193b
SHA256 560dd4bd405772b0d856bd97f503db0ea25822e77da71126c9de00d9a9b148cc
SHA512 beaeba079f2b473c1969abca77f807831ff3819b73392dd68917df06618e08e5db610b989f24dde814b61f5c422cf1114f1474ad356b2d35a22020f66789e30a