Malware Analysis Report

2025-01-18 20:59

Sample ID 241215-d5pj8sspdz
Target f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118
SHA256 b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f
Tags
xorist ransomware spyware stealer discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f

Threat Level: Known bad

The file f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist ransomware spyware stealer discovery

Xorist family

Detected Xorist Ransomware

Renames multiple (2766) files with added filename extension

Renames multiple (3056) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 03:35

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 03:35

Reported

2024-12-15 03:38

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe"

Signatures

Renames multiple (3056) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1433E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\NR1393E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\lipeula.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1391E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\KO5550PU.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\RacRules.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO7300T.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\KYW7QURY.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\LEXC524.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\NR1332E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\SV2191E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpf4200t.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\RI1342E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\RI3232D3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\tcpbidi.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\KOC353U.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\EP0SBT00.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\GEDS7903.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\hpmcpcp6.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc8100t.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Management.dll-Help.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\KYKC5025.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64\INISC203.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1341E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN2171E3.PPD C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Management.dll-Help.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\PACBELL.NET.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WITHCOMP.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\PRODIGY.NET.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN075.XML C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_hov.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9b84a779e457f3e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3c08c58c1a7a6fa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\fr-FR\epgtos.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..aticcontentbinaries_31bf3856ad364e35_6.1.7601.17514_none_de9297bf648e8c64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_25c081fa77349ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-client_31bf3856ad364e35_6.1.7600.16385_none_4be0e22c043d2679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14956a919480b944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e5966adda19f72b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e89c52d6f87fae01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.5.7601.17514_es-es_7473de1afb0db231\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ab0c075194d9555\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fdbc420d767a65e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9c7ac407415bf79f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1459115ca65c0654\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2dfecca11d70a2c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a56cb41c8b19254a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f847dfe4592445eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_6.1.7600.16385_none_5117b55cb001f347\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bg-dock.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_069ffb30ea2cf64c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_6.1.7601.17514_none_c87778b746d52a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.1.7600.16385_none_da36ab884a9c25c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdcomp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf2c238937f608f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.extensions_31bf3856ad364e35_6.1.7601.17514_none_3d3f7e36fc4f6ba2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_10e8fabda88618c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_53ca68d49dc78692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.1.7600.16385_none_12b230ea15a9e57a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnsh002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_82df43beb9f6b824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..nter-shellproviders_31bf3856ad364e35_6.1.7600.16385_none_9444767151309ce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dd9d3cecf47a4564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..libraries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ab1b22ba2dcdbb62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_70416df523130950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.1.7600.16385_es-es_d863840be88e280a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7600.16385_none_ceb756d4b98f01a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0a132734932c23f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_6.1.7600.16385_none_42c577fc7e31d54b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_70b406154cde2a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\Microsoft.PowerShell.Security.dll-Help.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_89009cca9c91feec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ed8b37006b00933\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-14.htm C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_6.1.7601.17514_none_4cd64fce99b89311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_prnhp005.inf_31bf3856ad364e35_6.1.7600.16385_none_30e9a6119eda44e5\Amd64\hp8500gt.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e90d63b64b72be5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-storage.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c69bcae57b58066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-mgmt-api_31bf3856ad364e35_6.1.7600.16385_none_47815118cd38388a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_bc35c9a22f7dc1b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_33867737402be86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_ca4f304d289b7800\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sidebar-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4ecdd933f44ed8f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_b81694890087430f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15495050540f23f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12 C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12\ = "AWAKKOIYADHWLKX" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe,0" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 36001bca10d5e5a1d8de4295bdc4f31f
SHA1 941c80149232d99d34ccdc00c5b5232eb2f9086a
SHA256 fd63fcfcc28130a2b6054c678b98aae8378788b55364ffec192fede79cd9a447
SHA512 86c47e7ef718ded4c6066475571ce44a38eb71d6ac64b50b5b1989a7df765ed5ca82e5d40c532aa25bee41898d053497772aebf2a772a56b0596d3a7532be1af

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e9b7c2654481697388bc65f14ddc490b
SHA1 c2ef2394f2a7485fbdcf245d4dc915d91a555228
SHA256 2e45f0d36026e447eb72a0eacd2a1bd8c5995b65f31426ecbf53ced93b9ce287
SHA512 6916c093a7714c71fcef4b63f25f48b53a3acb5594603900d6a8c6fe68f8562812bc63bda9e80ee32a21a69674d55d882981861281a0872cc1c0997dccbba0ba

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 57eee58d2a1efbbfdaf4aeb86d058577
SHA1 07561c87d2cc0e35e287dcc9c8a61ffd6354e186
SHA256 811a3675bcf2ef933e7802ae9d5745bba0ecb8c9423228a5953c47d2324fc199
SHA512 6e2c523ef408d8d3a98be704515abbcf93c812d5a269b96a1abcb98e210202c9531684e7811947a6396687e563474db5d3efe99e1fd10528e8b1011afad842de

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 04961a555a40ca545b88e41abc36cb4c
SHA1 8bf1c68f6b2170873066360cb13e915254e166e3
SHA256 3df0dc6e8d73dac9e9e0b242fb209d95c101e2176b068537dbdfb09f2cbd7b28
SHA512 2da5ee641a7a6c2639117ce0c9c849f00f802ca44b05d1b77b80230aef1ee400f7fc57a3c02a566a2b230f64315f9fb8cfdb4225259676ffac6b7e1f77d3f620

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 9cfeea6a5720d70233e6929075e3693b
SHA1 0ed9cb8670ad18d0d5ac84a2866f590b74644392
SHA256 9d9c0bbd5194d23c220a86e10a25357b7b35dcb404acc4ab4745212fa3c69b05
SHA512 8aa0e1e1e35ed5f6448be53c37b10dff3f467922bd3d077d71794f424304b3aa5c1d05a706b439844a934dc7b9abc4617321de5c623a4087ddd7144631680181

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 81254bba883d20bb62ae8d804cbe1ee3
SHA1 d6c41ece9211f64a0258d389b09199e0693b7353
SHA256 6cd4bf2d0b1d1eaac704fb7dc4b2ad02833049dfbc85bcabcdab0693d94f2cfd
SHA512 1b72d9e2e9c1b893331bda1e8190ca4a06ef9bda04f212c7a8b9f42d784f1b140d1308315677f956f01ee643fe06ed15f3b5512662ee1aee3d48c3c90dabda47

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e97eabe0b7109d084e834defb647d757
SHA1 f55eea666c0a19bd70f453be8f6e1c89db5f9428
SHA256 72bc6fece506310e33e9edd7b53025588998b74efa311715f76672da4379b09a
SHA512 e3f3ffb6b39216800899f9c251eeaacbe439cef50fccb6ea8fd06743859f5bed4135b0624c0b68c0ca9184915397e4c3e07790e2eb688d110ccfe10bd046a1ec

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b3e5d331471050a673e65d1e96e26fe9
SHA1 1ed55f60158a031a99f4152788f61bf38492005b
SHA256 77d1bbb77421d034a6619f7c54496ab59cf450237271a9339b8f13c8ff057adf
SHA512 6462ea7fb1653a8a86dbcff5ddab503bcc59cbae7eb3e8b9553546dbbd2cf621f0fb3e3121e54668cb96a4772d2c80aa474221c130f239caac66b5f05410af78

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 23cd72acc1dfbd8139c82e30c9970b47
SHA1 e09aa53c2ad61be869d3e9334fb98c20f27d5b8a
SHA256 03904de3f5f06970b0d3080db3fb9a5274a87f1004b765dc88412580c868fc74
SHA512 1edb433aed400775b230c6a73cbf6dff032249554b1ea31f0b6a018b140bd7a9726c06c046b3ef3cf84e60d8ce883e353182b000c8113a86e25beb7a44ab5e0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 7d3267fd7333c78d25bac3c29fc940da
SHA1 90820f76fc43a17eee4290202dd30a657ef421d1
SHA256 01959db491f2f899b6145a0a62436d95d99134ffa183d02974ded8f912f9c672
SHA512 299c7241d12d9e35867e0562e8e284c0c419b7356a027d2d9fdf1b421d48092f1d36b52fd7bf47a1372a27614953ec68884e2f7d489544f7430b71ff47b08fe5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 269cbb289af6421b52b18ae933afa467
SHA1 d12582bec95e45fa79f1b0867229c00898f3feb7
SHA256 f078e4092b1a832f198111fb960846fa21ec3757ef4d96666b9f0d7f0b47f20a
SHA512 b9abee9e291a9dc7bf3674480d49a1e2d4d37190dbedc47d5e8a28930361cacb403b9c7d25e75eac3a090f48060c05d3fb339d9dca3f5ab79834282dd73965f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 dc9f2bbfd5eaf549d30a2512ff6151c4
SHA1 52511ef560b7f67ee7bf316e976256051db3bbb1
SHA256 4b576617c2c96ee8800f2c4c5b8bb7d13add3447e222e5f4e1865ed7ddaae461
SHA512 b388ef07883e337005510ed98521f0570fdd1e36e5e2b9f659db51a9a5e8d971a63565a97e7cd905acc60695f9dc4c8bea55c9f655e6937291a5fc4706965ef9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 d6c1998bfd046985391e5666ac3d2714
SHA1 ca0dd606b592ff8cbcb6fdad3f1a5e7cf1695658
SHA256 4fa5d7b3a761f937b0325980f842d34fcdec122ce5852667c6a2e0c5641fc28d
SHA512 c01fce5437a38f6eee9ea23ac893b8aa282ba87282df49184b2ac4b7580381e3534d8723afead240ac69b2b3ff5be20b29ea453d0d7ce5150d5c53fcf94a0d41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 9fd609b97f0ca601cfb5162327b4a546
SHA1 076349a66f3c17c34c75f511bed81e40513ff9b0
SHA256 803f19e8342b6cb9596a5de998afc65a342eaf847a616aaaff5a35faa3d86e69
SHA512 71eb39e41300d3f4368dfbb8470e44f41c120f50fe5897630b2c8961c68260e1291a265f29f93072f0710c7ef599472c5eaf31da928aed65b01d4931f84c0a30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 3035f2ac67e40a119cd1b14237d17c06
SHA1 e8806936253f79be25e9228b2c02199faca0487f
SHA256 1e354d46b020026e2bf2ff32f804e8a5b698610b93037bd34998cf17ae52b4f1
SHA512 b414f6da138d81c702e406549b80f375009e49a405335a67b601687804d75a49e5cfd54ca216cec267629249ef91629d79eb160f221824ffbeecea084acc463e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 a75597650f3a5737b36234fc3ce63988
SHA1 0693d3856b2277099644f149c45f6086e2c659bc
SHA256 e08ff8c571b57eed4348e98c2c4833bd7397526b1f9760e043105ad3a7b04eae
SHA512 72cf79078794cef28dca3366fd7853e1dedd9f28b778e5ebefd50c0815cb97dc71b9721817205db25decad98d1098023bbb5f34a3cb0a231cfb2318af91baefa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 56d42b148652fa76e220d665bdf28591
SHA1 96db31220d7896d2519274b3539e073625434655
SHA256 e9ef530fc678d3ad25c718032098ebc3163b896692f3107d2aaa8f620586c61f
SHA512 be7a78024d4f17aeab54aee5a8b5ed703a63b83adca6272b362e3fd46f0e1c657caba5ddaa3cca3f20240697e16908e7c700b59f6299acefab5134a724e9740a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 84d013dfb82e073ea2a8d8291c87f83e
SHA1 9d0608480ae8743ffe11b8a1dd5213118ce7bcd4
SHA256 3787817fc7c78e1748efa52b9908e65b9e0bb96158d78689b6d5abf535e25389
SHA512 8cb931aad7ff5264dd216009e67f4d4b39e73636901a15d164ed0417068683b2b0a198cd2b0dda3bc9acb1d567347b680829f5f27739ac585e4de8ecc2c064a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 1118226f89d71f8f609164c2f4bee250
SHA1 726fde53623b4917e6d519deefbc28f89870c643
SHA256 4ca67e6b8f5456cae4968d3a180d6a0685076830464cd23980abc6ca27684de2
SHA512 45bd87cffcab5d6daf8bd7f562342ab020903b8010d651befb396337b06863968a4e977475cf4defe3428876e8d01deb06c33298e63192b88b606346f8a19b7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 6d869e205aec0bb51c3c08dc9e2e0a76
SHA1 74bd8962af8f3c465528cd1c37050ce7d3d18b95
SHA256 498ede561349f09a41df0ba6be7e4656642d95644fdddc25d34b746cf3bbf243
SHA512 b97c28d43bf88c40d11c0dfc0da1011e3350c5e58461be0d727d744eb3ef9a2d18a277445c7663426d3d78c1ee881c4bee7d617062e037a79dfb6738c527b475

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 50b0f7905c1cf50822730f9c2db8468d
SHA1 c46a1b1860a25e6c43e3ffa64cab75e71d96b64a
SHA256 3a9015962816de487696b6c45510c6c9380154250b09cc974d40d1ce35974274
SHA512 bb5d28e8f0f4e85821e42cf92423d1a3a13de4b140730b7a66e9df3c31d38c76b79b6e2e66b7a04d0fb67ca4a4c4021c7485ba13a75b9c263490f4a6eadd513e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 9dcd334932e375b6f95ddb4fb58f8a4e
SHA1 d039013ae2ab229052b44c3761add72e534fd025
SHA256 f56519190789a8f74c1afedad5e51db84fcd678c06cb9566ff77fd6690a727f9
SHA512 1ad99417defe17b5e7d78a55e84675e316d431c06588bbdd433ed1b22c670542f39ce8324c2f28e76366e74fdc9a16bf432799ec2cc6ac144a91b5b609c5d63d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 61390298fd6c377f3c1f3d7033ecbcd9
SHA1 ed80cd93006e1c787c9b0e0aa38184e1e42fb775
SHA256 9db91ccbe46bf431caa860a506b63e17c73b14d363f29e7aea25f72e6ce64f6e
SHA512 e1ab7299b68b5045934c9a7eb49ff43f425ecddec42c86e805adb1a178a7e0742e2f2788c04b39074b0f5a64fd0945a15c06b550cd42208b001614569da84f7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 d4ecedb7154cb7fb13bae2f406f8019e
SHA1 5792f9eb6b84137f92c3580f3f0b41aa86a36e14
SHA256 d24a8fc8d7d299f3363276db8a7e56038895405ff59340773355cf8b356ef1e5
SHA512 68ae14d8bb9078d0ec97ddffa0103695d778022bb1dc155dcc23a7b63fc83943491b8682168f6796e5719d3e6f980d09b19ef8372a6456138cbe7d0bf7be0a8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c1d83ad6f5467757e25f1c99fdccc48a
SHA1 e3feea993007eb5c9d2c85ff9c9e93655d988e6e
SHA256 918c20b21a6fc948590f7324588b55e919a4cd89b76b13beb9b654ea749d8b42
SHA512 172bc322ca94f1394c3c075662b60d449f80316250aa4bfd37b927beaf3d960397a64bc35ad8232e51e2588418248858c667d11b53faee031c532ecd91d893e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 39818db1df8bd27226e9083f9f54eb52
SHA1 fbec4cf57158ca3a0a1edd9d4d33d54462259f82
SHA256 ff26551a7c0b93f2195d86473a32a80a38a0a2a71daeda8466919bb5f41d1708
SHA512 0b28083a64473386e2f815e1f5a0dac3ef8749413791d4a60019e52d003a3ca280e3154789f2600ad7069eb16b3e5aec561097e6fd45886476f6472f03da5414

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 5a1e850b32498fb34678dfd206ec5335
SHA1 1fb685b59bb3c6257b3d80853dfdc9839020df2e
SHA256 e06ed751bdc2dd755aeaac0fb802ea995463061007f20af724309bb3cc19fa71
SHA512 92c2532ea6f54c73d730d5d730b2d5b0312694d43109ce445dc67c0cff52255054fb7be5c9826ec210e3cbe4d76753fa4f618316a04e6fe482504f86472c0ade

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 263762815e0ffc9ac2bb373e4d33687c
SHA1 376ca42c55b9185fae1b38dadc4582be21d8e5fc
SHA256 48e14a5f6148ac4af0a5eba2d088949ab96767a4fbe382d8b433f123d59d5210
SHA512 e91ea1e4262cfb0d5f73da2246c9637dcc065f11ff21b5d2d9d2c3c0d9b8d7be542b4b9bd5d6ecc2409095d7dd9947974e3ddf64d977a4f94a10030a9609251d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 46ef987074349ad3c37f20fe4e76f5f2
SHA1 e06829951b6151b5d609ed57339e61044e3f4cfa
SHA256 b509cee18bfb14cb11cb6109b565c48aec89b338b00d3f55b50e6ff31a0cdff4
SHA512 f21a382bee357d1bfb2c494a1bc08c78f0cc60155a9a1a3e3e6fb75659a9fd96773871d09ef620e0ae18c8f686847511b8d21cecbf472fbedf15afe7ce5a87d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 f83be317a82a4dc3ddcb1bb8e5db652e
SHA1 026524fab047056f3020e6b8543d761ac6e4bde0
SHA256 5bb4e971daca20e84d58ea083aba10fdbefb921ea86c5a8600d8c74876ae8c05
SHA512 9ecad2b4f6843701a4728a167665074ba13671deb3308c1d0ceecbfb18496a6531973fbfc6905a24492c90d705b3feaaf8968cdc56139186f015e883210721e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 e4bed605d86e90d655a39eb9cea43058
SHA1 7daa95dcea57756a59638ac7ffe57496093a2e67
SHA256 66bfdd7500a7a2ce14916f9dbfc68c9185b1e828e5b3120b54b8d05336b54bbb
SHA512 d5b912d09a27fd4dfe040f248170a86eb391b085c85ad04c925390c59377cbd9d3afc8dab8012401541539ec51bf5eb1219b6335b7e3c97447e1e7ad2c61f0ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 49f04895b0c5374b5b53648d82917169
SHA1 8994f741fa55ac95993d495bbb7466da84cd16e9
SHA256 4aff34c49009d1f81a498c4062bf6195771cfb0bb10750cfbf5035cea36edae8
SHA512 c76d7e9aa521c563032ce265140eeefd511cda30e2610d96f01e44e093f632b3c851c7b480ae395a03134440d6cb2e31d92c288a220441bc17a220d1ced06dbd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 068b5c696f3e8110860d26084e631730
SHA1 15ab73962bde26c94ca457c5c2b7857f304e69f2
SHA256 70b3a5051bd805ea54fa381379a5814e84332161d109111fb6ebbcaa91911acd
SHA512 f4e2e63ad2c075ecf4d18d3f421248a8374d7c5ce95e4117876eb292f0be2b2a5344a9a926d599b5d73d4900b0f9dafc37633d8ebfabdac0656fde70c1b5e8be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 c62e60525cc65da2afcfd99f161678bd
SHA1 d1cca20857c35b10981a264a01426711a4a3194e
SHA256 4e3e8e2b29e03c239d2946209a148c18e55de07e87984ab1b160644affb6d722
SHA512 053a44501ac039c10b98fc77469d14cb2743c651109581ed197984ab1b63c735a0d01e58f1b5fe63decccf1f8c931fefaa7382c402009d063934a5fcf01eaefa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 9b4c0e7942cf9f766363302c372bb5fb
SHA1 867180d691ff1defee43d1b364cbf3cadeabc8b6
SHA256 c6ca3c7588596fd77a46bfdf0a173455ad665b162b1323716777da4a69ee9ccf
SHA512 9de2fc7122f80ac76c3bc45d03fc3d5fbc003136f4dceef48d5083894fb4b7f296d934a35b709b44a950da2f7971a56ca525efd26384930c6c2521e80c8445e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 14f75d54e3f2e784a6e216f14006594d
SHA1 24db2d4f1001bcbbd8e0398e2b0b982b7ea959a0
SHA256 0fa971724f89701ceb2f803c7a53056ec0a5c52502e80f01f8e7c3e59a6963c3
SHA512 e410438b3ff102c91fd2c554e026ba0b0c9764472f1dd9e72ef0de7d6d97646aadc92fae1012f35d3a643e5ac761363957cd8951e7514d7273d2236c763fa43c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 37996d8ef493614d30a0ad44db9b525b
SHA1 75c88883ff5a2c235b8bd814e783b0d203313bf3
SHA256 a4a75a94a96ff6269332dc33f3d71387ae3b0e3c8f4fb1e1daa0a9ec34e8b9be
SHA512 959afacec249772539ab63d23978eea85d2c0ebfab3f9d7ab0419135f0c57a537d8c025f278fbee2abcc7a0038b806b8e340d0fe6af19072bece6dfcda9fac15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 da21d5fec7aeceed2a5aa406b38cc50d
SHA1 3c2f3b4242b208c1f3acac7b14351d5f900155a5
SHA256 c1516ac56e74853617c33440c48ad07b71089a84d65a4b60f48405a06d2320ad
SHA512 73eb917ca8eb6447700567fa5cca30bfc37346fab0f8ca40199a6b77cefc828f36895672d26f814fa380f256615249cab3ab2adf2ee0f1293d227d6a3aafc80f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 b576d74e1fd5019cdabed17137f511d5
SHA1 e9e9eac208ea2a1b6e04a57ae302d402a5d0b0ef
SHA256 4b9dff48e44853c1fdb88ec1ba8742679ba2a382bf2e979486008b3d103ad74c
SHA512 671a8392f1eaa1bf93653caf0c0a23186a0800a3c46324b532b571bcfed8b41483be0ceb02952f1885acb4b46551fca9362a217ffe218251b20bf736c034a430

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 1e8c9696be568cedce95e109cde57d76
SHA1 0dacd2d602701932107e6c25869898e1565c7090
SHA256 75ca35ae5a013118c847ca379adb742b4bb03d7fd106199a0ec0dc0403899eb9
SHA512 a22190d0303ffb30701165db7437aca19c350622464f5423d9ccc6ea8aa25543076d63fefa5bceb7cc9430342affd5773c70308409f6ad974336f9f37a92b0c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 a5ffec9c32df434375fd29d94f54ccdb
SHA1 c1185c2b94867876d5b18e7b435e8dd2a82cd850
SHA256 50863614b975a9e5d6775f27928f9680b8275215ecd182eb69a11d69857cb403
SHA512 d451786d9b3926134317b966a0ea138370c55da084a5b508812248cf65c4df8a651a3d940bba0bba502c640255caa0ade201cbdf71de3d90dd74411fa3cfd7f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 7d4d2887182e22103b999aff16b1b319
SHA1 c193fac898a4615abd7743588967dd282660cdd2
SHA256 82cabf4608e342dbf5f183cc7684a9612a65f89509ace8d605f4739d1356f3fa
SHA512 69f0c11d3aa648ae915dba630aa22352b2aaa5f3fad2a5336d53bc7b18289af8f52174ce0380143d893968728322092ad4e4db3dafb5e75c1cc3f1e2cd725b61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 c08d6191375667c268d67524c3fde014
SHA1 96baf5b1195a2595b6dcc573d54d8bed50637f51
SHA256 7472a4f8a32d4cf52842371183eacb6c62086f84e65347f50a4f8ad5cb4d916f
SHA512 92068969e2e7c020773aa347f0edf481f027407f5b6ea42ae6d4ae5fa1b5d702b076d95e9bd22967ee51ca90678bb798c2eba151ec23ca2c99ae66737ba5869f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c8e6f13051d08c518a036b90ed1fb82e
SHA1 7af4efae000e588fed09d77cc83e248627e2e44b
SHA256 05ca3ca232f493c56d3e31ca6cb2118e9e7af36e4940b8e092494ba9eabed98c
SHA512 0117b22f5cb748466064cb5a0e44fb689b9c7b2586cfaa09dfd2f32c10b85f9092009e83f3ace0475f15a7d34601de9fdb27cb3104e8dde3a8ab80f0706f9ecd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 f0cfcd79259ecb70fa2243f552f8ba4c
SHA1 820d369f2f85aadf383ed7572fb1eb692ed45ef1
SHA256 062aed73d1a9adc7e11837099866170355380c97a102199a76ed390ee0fa2a90
SHA512 bc0e11e25eb39cde63f4bafcdb8ae04ee1f3936f8489bca95b22497fc0ea64988fa7082faebc0c2b969228720566a01bf02953fd139c6c41971bafb0998dc09e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 1b962fbeaa9f35d0984243fe87cf7fea
SHA1 46cec99e475de2a7808c556be8bdb9970df18af8
SHA256 ba02a7631501d85e8947208072acc5e9f1943b33627a35bd5c34819224bc0fb5
SHA512 0e6edf3430ce79d079079352d198beb186fd91213a6b944d21306c738556e8fd32d528a480efd5bf46a5b573b9a2ebf794a53f2d7103cd419843da96bd221f4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 f28028868b871ee9ecb80f76620a50be
SHA1 b289a98a49aea7579c2e001427edfdc3324363f0
SHA256 ce4ad26cd7d0e2770a8c663a1d7dbfd0f80a465873c14a58e02dd19ae892efec
SHA512 f4fad24bdaf126a4a5d5ab5c8e1ea681b6a0546c64d14fb0ac017a26f9b3bbe44ab9c4ee5ba72aba9753b742169d8a622ecd77487f9d0ba623a76869a2188b63

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 43297811a485400674eb7776d9d954cc
SHA1 bc6e381c66d9ed803b8bad86419ef5986ac6772e
SHA256 aca28435ae546f7c1653ecf94da51d5f6b3f0d48c1c0a192e58591b646f2a343
SHA512 bf76929ab523c38baacacd4b4c466fffc871457f9bc4100779d990882bf79aa8b0dc6a89ad3b600a790a1663ffebb192c38ecf550de5683a71964ce56b7547c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b133af5f1b7e203d3c8462fa2a150581
SHA1 f34d7809b9421ac06857cc5c234edfef5b3c4692
SHA256 90df23af67b9ea1d8224e288835c465c1ac95b4bf134797036167d7b58243d1f
SHA512 cf2d15a6f7fbaa9c9e76698539e3ac3f424a4f1fdc76576ea685986eb0e9d02b16f16bd7a2ce71c4aa269ffc946837f3b1a445b128a6fc401ef4ee2338dba40b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6ac77bfa12e52c3697ac9006e9751b8a
SHA1 a552eae2e441f680ed3b7590d24dc06a25c202fa
SHA256 a89f015e7966d79cf9ca1505b6a0cef150040665000bc5fbe8b61c4f1ad3b47f
SHA512 ad1864ad9d9f76663f566dde6405a5fd85db8804b733414fa94a13562d595be7d728be7a4b2ce5894596e326c65ec4622d997f269891a8cb06cf4449d264e719

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 029fc8d52adb32f9cbf09fc0c27700d5
SHA1 631e16bb84122557fece4cf17ad2d004381fb489
SHA256 725d5883e1bb3ce5a75eb84633131caab21dfa21aa6aa004a8a5dbc36e561383
SHA512 767ac14cbc6616d0ff46d9de2700714b740ecbee7361d995f7452a1b6fea1c16e66adae9e0023aa65e6eb657e5513c5ee76ab1e154ffaec5c4e4783b1e21e123

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 82302a2737bab25441d16d9e6ca183bd
SHA1 ce93f7bc38d586143e2a3910937734301abf1c07
SHA256 8d890034c7f8550b5dde6256c47cc2bce909102699b934db3d20e53f3b7c02db
SHA512 10a71fd189cb4519564d0efefea7f80576f1199c2865c2686d4da87d6428df01025cd02e7332646c95379106b89903d5b9fd8932cef43a95a6c122a3811eec61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 58f5549c3efe23b190dcfc2c2f7b3f33
SHA1 eeac3fc1e31743441e1540d221867151954f8d57
SHA256 f26970a4433b01ce64ca53edbe360065f41d28079b2d5c9794a90d1577def720
SHA512 a6f81989bb71fca0672c557a721555ff1ca9098d0d1216d52f5e69b9599fed648503862488560d227f4cbdb2e520c962dd5792e0ccca3a4ae0f81cb551356619

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 8ebd585ce2883f271a597f9eaa9c229b
SHA1 b96ce440b13877a737f222624077620b8d89db66
SHA256 a9a9b73901025e5e6f7f759c8ac971b8d4829a0c5f37efc522989d2b01997911
SHA512 e2218c4d9726d60410ab47d2beafb85e7f33c5a3b28410cf544378f6a8ca112d5829ecba0320c4b1e9815bdfbf4e6994b11e2ab05b8f0d0ce2f5c55ea54fc4a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 2b98f0d8a180f197bbafab21fa39ed91
SHA1 e264e20fe6955275948e2faa639162cc628afae0
SHA256 bec0f6ff8d3fc0c8bd63d7150786044dba3540e0cc57ee5e4efa8008d5bced80
SHA512 fd5512579cd4ca9806d2c69efe906a312d49d488f4510674c6c82d60230e7ed0b091f0bf6d7789e050c6331396adc9f48e810a03c75e4e26577bbdd82a85dc6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 d90f2e30c7c1048199da76ab162b8b1b
SHA1 fb58a9906d4c21dd30af48659ffac9b8657c342d
SHA256 f9ac78c2bfcf4c193e175975df2459d7d352b61db60a2c26c0b1421e984c305e
SHA512 0c15bb15a9b7b12a881e5771c59aed9ebf779c7b7f4af5a6beee4d653e703ffa69c371befefec510f8352ff2b91352d3ae246c35c7440e69a23ec4b5d19faf56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 1aa23368fb44b6db1a34fda677acac9b
SHA1 d0f56402bbe6dcc81bd6876beb67f2644172f014
SHA256 cc34c377f053565fe7d00a6b23e6c4b87e320824b2a0ef91452471ccb7ee3315
SHA512 c83fc3d0d2afff2653a3bd28d8f2656e8f8e5dc766218bcae333a6913ad5b5c0d681bf907ef90c3b54f2ffb49e7011860235c176ce2cf68601e82728bf904573

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 0a80fed6b4408b9f01edd3d492c11031
SHA1 4b4fa5c2255f9ba600f6e19693ddc909de6e33f7
SHA256 a674ac4f058b80f4d1b59588dd47225a64629dee4814902e965a0a5b0f203544
SHA512 82ae874e21c65ea57b4fc4d90516e583f1a82419ccad9aa8751239df94f82739a1fabfe4493eaf1d11cace5181a7a26866609e146a152414864a03169245ac7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 32a30e0e3d0c696a11b6356845ae45fb
SHA1 9d4fe8a512f96fb7d99d01050808cbc10634f270
SHA256 a3c0896120ff44f4b3a57a87f7b47ab6dbb3aa8d91800c69b8ff5d715d2efd1f
SHA512 9faf2727c9ae8fe4de1d4d1b0a0f668dfbf7ba0d4e89b929651709414229922fb490092e50e532c1339884de0bca5a725006fccb755321cedcab48aebdce3064

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 2e9be03cf6797b3c8f6818e961e0b9c3
SHA1 2ab6f99748459fbcf446ad5c4a32e1a309a2bd50
SHA256 fd4dd1bb42511d4751b20b0dd6b540b3ba834eef678c94b0c2a0af7a8d0db4d8
SHA512 aa7bfaf6dafbf76d20f6310470df6557d782e97c5841391ef0901e34475deac24b914b1a764b19c44fbe6360bbaa7f2bd6917f6c98b4abf42528eb646f11fa45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 df4a7071c2fcefd86bf9354da2a76ec3
SHA1 db07fcbf0fa409ce23808d9098cb86af3b610050
SHA256 4b3266494b0224b139813f75394b90d65608e64f7f9fbad8490fc7f67b77f00c
SHA512 484eebfe76481e70f485f387ede66d573da37a87c3a1023ac63478491991657a372b71bf9576234dfc44fd021b4339e6c609608953a921cd21ccd1f2963c0eb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 470fa860cae8259460283c2c14f952a8
SHA1 d896354aa871ab421f6466cd3f3a78de2829424e
SHA256 6a60df6ea23084be3b3bc5c855e9ee6a6c9cda47b37b69f50624bf68e4737cab
SHA512 b0f1d522256a93973efb4164a4b7c4ea0142be8ae72f2e87feeb0aa48a114afc316747469d350ac538fa092c9b204af4987ed9c63bfa7cb954e909432a5b1586

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9816c15f60dcc2ea9f72bad1aa7ea0f9
SHA1 74c652b6b7938ecb6423dfa1ccf4b682f3f3d9be
SHA256 c157ab07557999285ad53457af375da495e545695d9cc51b67c39abce8a2ff2b
SHA512 521e61e81d0aa50e133ffacadc1bcb2097c6c33c9f7f86babf958b6ae46b0ba2be26f8fe8559cdd3335b028bdabae3dfe3c8687b44d20326b0dc2d07e601cb62

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 d9198d4a4ab676df757198dee4990325
SHA1 6e2c5632bf308f3e758f8482a3fc72766bfde0e6
SHA256 ddfbd6ac51312958cffd8aa21e96ed9d62ee0b8106159ccc1be9f6bffb216e6e
SHA512 749a24fa456e1dd4febae9daf6a9e9e44623d825674630b53914553584ee6c50bddd39391730679b4ffe599bc1b5b74b17e72b96aff78d392efde47204a9f864

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a10e134ee394e459a9bc30eddd93e20a
SHA1 04736e62a8b3dca23ddd00c00be72ff67fd0a96a
SHA256 ea3b11b9cbe6c2e243e4b5d842c5bef7753b77b2b10012d169bc2b018a70686b
SHA512 20459f94a9aeb1218fe4dc0612f2e78f490d067211bc2aeb7e37783e1b0672af45ffb4d7efe524a2025b1169a701980b4d738ab94260f410a362bda77fc704fa

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 8cf83a2414ca9416d079d005c5aa4535
SHA1 134d3e6ddec7cab0e694427024e1177d990a131e
SHA256 0e28713c6420251e4fcb449328cb428c025d67b102f6cdac901c75772f0af9da
SHA512 b26c187401717e24b8eb110720c38f1278bba78a5d6d2b25a3e269f46fa33add5724679119c7d04df5203a1e81a71717dd3de0255a8d556a9c6a54b2a909f010

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 9dd7a1a9acb8e6c7af8bdc156f4e8412
SHA1 c500790ebf54f6ea2675793c434ec2e00d5cf5d8
SHA256 53456f2804a2fd70770a1b59787cff246bfcbdd614611af23d2cdb9d928e2641
SHA512 13b216fdcdfac32b3a1d5bf89413fcce20e425a8df541474a118440e538dfdae9b83ba719f8feed0fa8538acb34ca82f12e24aa77c4d59b6b9d87d5f13596820

C:\Users\Admin\Documents\CloseDismount.xlsx

MD5 0f71057662be3662e03e9b46aa82639b
SHA1 a42946bad7937a3bc629aaa41443c60a97125f75
SHA256 4f53a64c82424b0bcddb57baa7b53f87b697a8899452a7c47f0074f48e909295
SHA512 54d6a672fbfa6eeeba72166244542681df36050f7f60b36603b871eb51eed11394c4e36d82de01531b0aeba17042780ce4d384ad00aefdf81cda3e941d5f2f45

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 d1b54927334481bb37ff423ff77d88a2
SHA1 087fbf3bbdc9ca4bc4243c9daa5c3ee563668dc4
SHA256 6db346f1e9270967ac1446f53b227303989533fe7b5875ec940a0200d3641e4a
SHA512 7554c2bbcc21c0c04438fd1238e19b26d1d8b17cfc329d818af590a081ab3802888658d29bfc9697ecdc75e476f141242254a914e6974aee94c2335086c824ff

C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

MD5 58053e7994708c0c30c2688ad2c58aa8
SHA1 2990dfad4464fc96554d5cff815e5c81d1314fd1
SHA256 8bda25a746f228f2c09a4e37764e1df4038afd7f1aba1bf5e3d515ab3d905e4f
SHA512 42309a457a8bd1a9502cfc7405e72e89ca724f69c80d528404ec2897b7a86e9e6706f950cc7a80a4d78b2fd888a24fddbf5f9f1279ca46ed29fba160f8efee9c

C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

MD5 4cd3c2da09e21acc8f4147c6c740a78b
SHA1 040425b094c6e0ba091b0edd1b92a81c96ef8a9b
SHA256 71a3a34cb5b992f935c343c27090335c518a6ee22f16088fce6dcc1bdc28e9b5
SHA512 54ca0367e03aae1eb90838d6f36be11b743e536b0b93720e8169124d43268078f19b8de18b8622eaef011c2ac3eac6ffd0f88c7f56041da7271b2dad11191053

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

MD5 6206313f42edbc6290f70447c08619a0
SHA1 a98d6a081625641680317e14b437c871521ee3dd
SHA256 54a58b995b8f8b761a19426ed0eec3b6366a79b9bd5d17268f97248667de1640
SHA512 76f046cd86ebf9033b13f46942dac916c79c056936e6a81c9d2a3250f5e6b87064a5e50d22ea868a5b6270fbd9e33342f78f98b103f573a6373a8823e96e9b4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

MD5 391dd193a3d7b204b52d9a930115069d
SHA1 03974ad9f5e39ab0af08b91347ab3b382c35004d
SHA256 0bf50dd29490409a2659502615f2d99936a2466def2190d37224656256aebd7f
SHA512 fee5ef2aeccb41c39117c6b182a1119213bef9682270f81b164478cc8a108e6ab53dc0fb96c8a94a4ecebf4b453b202ee7d515d27525a6fc6209a45ece0688f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

MD5 cbc82c93b75a1e9f22f4014ba48252a4
SHA1 a6734f037c003b72a5777ccc95cada7f657d69e7
SHA256 6fa9279c248108df15e5da42de36ba54273fa1dfc3db07cc85d49cd0c8e65dd7
SHA512 5583b816d884e51c622c950f531ba393539c3474d9065a48791c7beb023b2eaeab093e18ee57fc43ccf45ee94485fec44a13c19ff90d79b11df40e119e63c075

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

MD5 41711336899978183e2ff784d0c6cbf1
SHA1 956ea45515232089ff7e44aa30c80c24294621b8
SHA256 0f4ed97e0492d5a576f0a11e449c5ac5dc9a11a36205115b8172828a15e0644f
SHA512 723c2208244a3ba4ec06ffd6baeeff5cc43fdeb5ba4a033b39a880c9470eb45e5810709d89f7fbc107ec44926fd4c75ba263ae4e5cc0740835067d7d2fd97bb5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

MD5 1e6ab0720d3bc475fe54551fe08afaf3
SHA1 d83c8aed6dbf197fafef236f60dfb9eb0bff725b
SHA256 e885f3a04da4a028f83b81dd861a2f8b9a09cadecb37f456597e6bfbac12e452
SHA512 124e9139828b0f87f167923fa35adeca39b0011852d836761e7a35e128fcd06abecc5c38b55f5dbdeb4ec8b3c670935151bff9efe873bcc659c89ff822b1e6c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

MD5 6160f9a77ef01107d938e59bd6ffe6b4
SHA1 b9ffece2a6feb4f79e8a7cd1ce2247739f295e39
SHA256 8d6be2e92f0bfde497fd2a3ec2965c2f106fa1b3bc68bbdafe449cb1cc1493b3
SHA512 f28f5c244c9ed9e225512057172fb51317d8a3f83ae15b94543d2b81408d00ef96abded2182819c93f7ef5b0cb90b40d9ab7204dbd1fc902329b2a229420cc5e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

MD5 9902cf76f2da1264564104e0e867ab9e
SHA1 5ea55dbe171d12a1d32df0c8242e40fe08a33110
SHA256 0309b9a3d92c7d8713995bc0c020e1ac191e1f4f3a0b830f9a35b7ce749b041f
SHA512 30c46aaaaf7c6a1802f653e14205c2ddfb79c01486f43dd0c536431a835ca7d11d2054f87754c76af5c5daa5df4bedd3702df75b9330c3ece60d17a02f3adb68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

MD5 cf1b6dd6301bbd1298d778178607c17b
SHA1 3c649cdb6db9d1de4951af41b04a3d885169136b
SHA256 1d987454a530221fb2ca6e5606b1338444f078950183e0649fc6b9fee063cae9
SHA512 8ed90c3bd6eec24701e9ad00e48379e245c504d3d76093d749d269ad01458b249191ad8d22f25fc08cb11251db6e09cd7c90b52ccb03793df7326a66429e90c7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

MD5 68b8d369a3f0541855edb9bd0a373292
SHA1 a305cae020c84e3ebe0f6c2c35cacf80d8f2997a
SHA256 b0585e8ae8cfc90a1d33e54f9e7fd551b02234ffc365e43b264f03c8f4064b38
SHA512 1da9ec30589cd7c0b6c54111e787cb738be00b310360cd1ef4b3908993af894a62a5ca5831861156404801af52f4a9e16ee563d54f721f9be94885da99da7721

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

MD5 53c9842b68aa51279adf06cdb35c7c86
SHA1 2cf8dc196e3f4f4e7576154ac7f900852202d365
SHA256 0b7b5dd22fbf05c5fc26f976bd2ebfe9cd6b560175fd44ed3f9e7de30918503f
SHA512 3cd38c56daa922b95a9af39299eb8cf7dacef8c7b51e5df7abb0f345af725f4ec82c5d1b6b4b37f3bb68b068f0a55cd18ce413fe466a4e0fb2cb5f2c0d7038e4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

MD5 e375e4f9c08ddbcd4ef8e5041fe8e7c8
SHA1 24a5b319fcad133b9269b6481916cca56b887f6d
SHA256 bb643c56f8468f7aed647c6de6553eb8b1e61b4ea419feef20a0e91e5c35c9e6
SHA512 4fb3b0241491a9d413baceb9fa2468e31a2224fec06cdc80ccb28273b55e70de8440c1782adfdc8c3b21d8273869dfd7dfd6c561ec5533b4f2561f480434cc81

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

MD5 fb299b78ae25ad25947ed77a3b979358
SHA1 45d33a172b525689c051976b0fef938efab67fe2
SHA256 9230ae5743faae3552d6cfcb34067e35fc06c0b1ac2aa9ec358655187c6c2e41
SHA512 c0e98a7eabd8c8b3845bdb6b981860d551bf35071e114794150478648e24d09c4f9d3f6c3f96656352ea37ea149bb34a49ef4f52b54be416a7ef2a478fa054f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

MD5 8cb7a13f954e54f7ae2b4407ee312d1e
SHA1 f7f9f5c4267ae3549f164aab0789c96ea2e27109
SHA256 eb8a43ea365a7602a483d69f0860cd469d8bf1feb768c12df1095f79b39d0d16
SHA512 58eb90bd0ee51ee7decf58f02740ce6a793c6b31c05f888a638228545243d863316f27e0803f3e531c04413933e3d964cb5d4a8670b5e6a7ec7451941bb2f977

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

MD5 bcfe372e3cdcf419b178a29b3c507b54
SHA1 39dd659ab2c4fe4868e9eb69e104ff4731756951
SHA256 d9b395e2b7ab93969dfdec7272647dceec5fcd9290a156086f2941c82b2aedf8
SHA512 3edc144973a0bcd27ed08762f1cee46e07227905a0b9b48c87a3f9066fff229b6d23f25e541aff5aced7872fc675e3d0c994017f9ecf30e467ed3ddc3f5cad69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

MD5 bebfd7155f0e7b16c0430962c4ef468c
SHA1 9f73b4352ccac26320d6c729bfb9666750c8f001
SHA256 2a50b34f42f3e267615fce9135bc677d57c0c0ed6796f32694922be0b368cfd5
SHA512 2616ff59cfc8a3fa83267945d2deb68ea5e60fa5abc430628a33865da4fa97d8431820183cb8b9bc825b68e3654ec5afdec937f2446eab57f90e9f0d765aa19d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

MD5 5cbe2e75c7f1882e836ca5efe81f1d67
SHA1 8db9aebfd87a2c04bb8fff7adc24cb4200ff729a
SHA256 9c4fca395ce9cdd6354dc99c71df985c917cc0900f9993fb83002c56785ce2f7
SHA512 2319997ca4a19c50b18dd32dfa4f0d1ccaadfea6483865ace81509e186e0d281bac144b1f5539e644010d23f0fd7f903ee4de1181f77a5d6421a682aa4668870

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

MD5 0815d8b4e98bfc863f3847db5dff9397
SHA1 d9eb8d9b3023c3119b87888a34fa756142a4a6cc
SHA256 cc12b8a35d3d6136dac7dc373e59eca0e6dbf10413b7f65766d1eb913e03ca55
SHA512 d01e5377b086adcc66fda4fe936f34bd48a6acf9a5ccef12905bb4c014508bc79b2cda8518ac53b5f057dbeff4e052130c3da24153ad35ed4aea8ca7e590f4da

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

MD5 e246c2269d0f25227e4da9eca828aed0
SHA1 8924c56d6af4edb403cca800e69066856a0d15bb
SHA256 69f39657a5b417b571e6024ee3b3d1fd38747f85b35b6049dc65f13af0fdfe48
SHA512 82e4e3f6a25c09a60cf1ad289c7c09c268b75cb6c8c2da4650980aee7b2369e392fcdeef7a48cd96742a7dfb9ab8fb07579266b7a70d6df3166bc5d3d14a6b0a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

MD5 d876d626553067b450e73f2624bff2c9
SHA1 246191b2fd13a26dd6715334cd01b8473968d861
SHA256 573040854b28ea76df92b0c9edd865da9d0995d0b588d6c3c2b5f10b871bd038
SHA512 e5d97def6272a109a13de6101c161750feb77a0c4c2c46d7ef0e07689732a8a37d89ebb029192cdad412d939c564277a78d844df5f680823bf05096074f2d41c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f8f8a527a7e9e933a3edf0b6bbd55aae
SHA1 478f385b526a28f6e3cc4138d8ac3fb3e82c854b
SHA256 9d4505cf9a3b187c59e14278fd1e36e9a4c4f75c0cfe73023b2e802541e89dc2
SHA512 17c0bf1515efba890f590503626712880ff32b1e51a4813a0a5bc4e032993efc2fb04bdfd07218d40612a553a6b2e550993f0422a8a1fd8e61f3bbdf50e4e7f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7858b6fbb6bf7406b2cfd2f00a510992
SHA1 22bb1bae4922cde29e7742b9f417d08bef1ad049
SHA256 46f414e540253ccc1ec56e060c67eded0c7c3b13a7078c9b1217d4cd9d2383f4
SHA512 71c39f2925daf83acfb11baf950315805d2981a288b6dc47903a57f1e89a8b15fb8965773858c00008dabecea79d1417a35448d3f7132c46be3b36bd6457d7cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8d9fd349896feb3b0a7578547a67a063
SHA1 d4c6714206f67187a0f981c5390f8efb910a03e5
SHA256 186c3658375a953cc82c9735a6109587783d38c24715df8fd9dc051fc12e4f60
SHA512 4ff9b04830ad5689187701c3d7af72ee053f6705c9b06374bd346bd6d29a89d5eb1ba513cd6df91d79bc43d6ffac4705173112c3b6aa4abb41093de4b522fbc0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 58be6a2f152d66e8068fd9513a991f10
SHA1 b9654a153fdc35d62e808c8dda66d3990cd9a6da
SHA256 5f4ea710e87b7ced99d1406baad16abb9d63ed6cc1f9c7e97ce98d343bdcdd3d
SHA512 f056a2af4b518f240218e51b1519240dad8ce2670070043d9120b5122c5689768149885ddcf87d831ad7b3b06b0d433069da009327299e2143e397e6b8644040

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c5d62736bdab60d231f4545e8a61c58d
SHA1 022933692050adbd4de27345e7df51ef89658fe2
SHA256 d9522d83d02ed76378fc1fc658b9892015446d55717a3b68ea458cd8c1f99247
SHA512 12a58c3c94876ff26ae4d44a333ba03904027131d70f7034d4c4c8f4e91f3364206e4f70695ff6e492815ca9dc9e3fa0f08d841d344d2944ceb8ccd102d468a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 9e2863b6f3afbc2195fc2b9926bad24f
SHA1 a3efab4ad0aa242c483225f09cd093f50a70ba2e
SHA256 869daae98b6889db4651120da3769659d82d783bcd9fa092db378c626a5a70f5
SHA512 26d32fc9481691e2f3f6d8114cda89f66414cd1482c17bf62dc64243482b34ccf4896fe68db7f47ee067bebf1438525144bd69af5941017f1bf74206a09ab314

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 59db5f980fbea3fb17eeee25ca3357df
SHA1 a3b77529a4341b5a5dae8b757aab155e0e390d40
SHA256 c38c99b4375551b00416d9e948594567673b0b032526908d8a9ad2c15aef467a
SHA512 561b677010d2980df80306b5c54667d228937d2e569faf59f03b0b489029f8f555ca571c4c936e241b16dd1806465bd368b8851ebacfaafc56a7abf271f12361

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d9d02a2e3b17a7f6b4e3443c2404c1e1
SHA1 a4a96033bdab8be4a6d079b999ef1ba67e5539a4
SHA256 e2d842608387131c4dce6ce014527c7ab07b38cf0d73ad8d02269f370ba28486
SHA512 ed7ba14c5c377cbb5f499d7a366d89e25cd11dc8b0822566f41e900707051d019405b3f5ecec7382c6a9f583a022c3c735da100a9ac2d1e02a5def36d1eeb10b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 fd493915445adb7db2abfd0eb046a92f
SHA1 4657dca9c0e76b8a8f0285797fe73b5fc0e2884c
SHA256 90009ed04d1afaa77867abf25b5c46376518a5b3e40bcf9cfbc093fd793b7a10
SHA512 17ca8ee798a9d7e98ebf14bc2dc22e7a4d1f693e115027d6ccd27fc59f54cf9471e031919b13174a7149c8be20057d2c08a3b03f8399a027f28bc7900c42fa42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 05336bc13ae62c8a310155a3da38ceae
SHA1 b99ce6f50d358ed37858565662ccbc10c3370f56
SHA256 90285368d0af25ce0ff807b2b015283c6d8292decfdd04a1d79a811a00cdf984
SHA512 9443be8b3298cf9cdcdf63de16b5ec282a17232a2e8acddf1fa0f86a0c1015e832100c13c4da214c6cef5ee6890fb4206fc01a9e58cd0a50359499c364da7f69

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9f2cc43203a437fb7d189d9f6c038322
SHA1 77b17e7ce83a332293323b1b3190f63dde761ae3
SHA256 4d27e3a08437a202bd07e655d15686b1df89cb4fc4d658b4eb619dcc2e5b929c
SHA512 7ca3c9c52b5acebe4eb034872e85f5e621693c66076d74fae62e222b4284f46ac91b6f9143f031d26a91b071774aed997d7ef745b239868e29cc6ac75005d9c4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b50d81587510148cef60b6ea4877450d
SHA1 90e512ce446534acb298da821f924d0d8bda3c42
SHA256 0530e14dba9f036ef82202bfff33c99b75ca83c22b58a7f3ed846232813beb61
SHA512 04fde9cc010cecc4a5384a37fda185d9d4cede2e669226749dd395052318c9bde18efd66249567838418e207a1a76de2afa2a650ec8ec25b43c7cc27fa34e934

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dedccdc256805ded9d1b545c1e52efa4
SHA1 a662a7d86f9e23a54d0faea3ae7f1ac6f6d024ae
SHA256 8caa83fb6ff7eef2804b0b3901164cb2d01628f602c52d58e482895e02bb9f58
SHA512 4a9dc6d1e3015a982ecdb73e84aab5f43252c66bc11beafc5ca4a7d796e9bd8ce098855cb373de092021baa1e5730d2d238b638a25b8d212840c1122aec4f52c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8bf15be59350927bf916cfe81e694fdc
SHA1 78bc3006f9c9fdf3e97430bcec50034bf0affca2
SHA256 0116730b84a6e1602d42d6744e08abc5b31a1308d3cf84eb0ce57512ea6759ac
SHA512 ae4f6f64bba34f2e96a3cb4a5ce154d1cbf3dbd008827ed48a8ad8b4d7dad4a2e538b52d59934544a22aae025f7006e1bcc67c1276a4184cabba8ef5af514485

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

MD5 cdea4f2e70cab5650bf702020041ad6c
SHA1 66d63421b6a363ed2d0f134374892151c7b3611b
SHA256 bc93dee3879ad2ec508ef55a48972437cb7ebac7fbe1332873d60cc8fa68142c
SHA512 00b9b934599283906b39d91462309fa8e56ed05eced731c2e5a7c62db70d809ac11cb8d2ebdfef0eba88c6050fb46e7ef311891e86f6d1eb2ae6c46b41b7033f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

MD5 a8d802048d062e2ac7c72f10c6bfa661
SHA1 33d925f25a7fc0d439f722460daa712c4193f809
SHA256 3dbe6c52881d117c0f17cb487df38e1745b6e4a88d24896d21044ea64b77d3b1
SHA512 01962a3f98b98b37d33eb1caf0b1822a4892388b987d3bdf383c202340b8fc9751a8303e7f4aab62b446c77b7aaa21eee1502ae1f6dd32cd336d21f43c483b18

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

MD5 7462ab27094feae793646d8ca0308d1d
SHA1 f6e5a3cc25b9d72f2653e2ee3496e0c99b2e859e
SHA256 48bdcb889e926d07f5e8d4de772eae11d31f7a1475d9921789f2af0d8b549abf
SHA512 203dc2cf30b7c515a6301be0774403ba0dfeb91cf9b5282ba4d50fce79b210df8a422467fb358f3ce55fcd4fe7f7870fbe61e30b2d948a7385540e16bd83178b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

MD5 4df3aea2a96cddfedd0cd0db3962259a
SHA1 6af9d97be4dcf3369e6d33587096cc37257e8555
SHA256 509c5095c17b45fdaa7bc826cefb8a4381fff3b7ba23167b467340167030f326
SHA512 bb1321427649f645a1ed45b9c4c65e52cc37758b645ce93d64454c495a0716fc9aa6644757087a197088286aa385297ec9b8d3a5cfdd58a20f3161c3367a9a50

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 03:35

Reported

2024-12-15 03:38

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe"

Signatures

Renames multiple (2766) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mbtr8897w81x64.inf_amd64_0d8225e7d2696ece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPCL6-pipelineconfig.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_c4c8f901e3534194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_93b84ecb5fd1cc85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\license.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP-pipelineconfig.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\lpeula.rtf C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up.gif C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Paint_PDP.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-125.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-250.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\x_2x.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceTigrinya.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-200.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\46.jpg C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-100.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1850_20x20x32.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Heart.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg1a.jpg C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\trace.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4a42b216383aa9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_de-de_5f62429dbd124202\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_10.0.19041.1_es-es_225883fd4325c2e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_ro-ro_6bff4a7f0ff97122\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.19041.546_none_93b4a0a1641d085c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-trkwks.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e131bb414d5e8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..nkobjcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b051086052b81881\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\05 - Device Manager.lnk C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\libraryCodeIcon.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_99f7681a50b408e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-syncsettings_31bf3856ad364e35_10.0.19041.1202_none_0a85d29e13d6bc20\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.546_de-de_1ffe9f42dfdf278e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1_none_ed4924afa14354c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_el-gr_78f993560d286ca3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeenterpriseprovisioning-main.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..zard-task.resources_31bf3856ad364e35_10.0.19041.1_de-de_93e09aa7a4d174ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\navcancl.htm C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_744fd835e07b80ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-gb_61455d639cf26591\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..communication-winrt_31bf3856ad364e35_10.0.19041.746_none_dca4b5461dafb31b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmvdecod_31bf3856ad364e35_10.0.19041.1_none_82d03c27b40e6ae3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ddcd2fb40bffee6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..itefilter.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_20e5151b922a7eae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rastapi_31bf3856ad364e35_10.0.19041.1_none_c4d537dd193a87bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net7400-x64-n650.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f0f5642209a27d2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-font-embedding_31bf3856ad364e35_10.0.19041.264_none_9df66e7bb235e234\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.19041.746_none_c2332356a565df1c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-miracast-receiver-api_31bf3856ad364e35_10.0.19041.746_none_f0f047a9abed5c0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_10.0.19041.1_none_9f52886e7ba2c371\UninstallPersistSqlState.sql C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\v4.0_3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmmhzel.inf_31bf3856ad364e35_10.0.19041.1_none_9f3c37adfae7ab47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..management-coredpus_31bf3856ad364e35_10.0.19041.789_none_f00b638561c37d1f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..indowsuiinputinking_31bf3856ad364e35_10.0.19041.964_none_cd503dcb4207c819\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.r..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_483acb9efea3cd46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.1_none_9224c91b2d8eed57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9a7ce02ef73966bb\Rules.System.Network.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.264_none_a4799d6c7f7a472c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.746_none_a2b3f28a7d262dfe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_start.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\addXHRBreakpoint.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_44344cd8024ee1bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.1_none_e2f75fda217d5015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ayingsessionmanager_31bf3856ad364e35_10.0.19041.746_none_6344049ee013f218\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onex_31bf3856ad364e35_10.0.19041.1_none_5bbc2970bcb926cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_2728a1282da563c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00011009_31bf3856ad364e35_10.0.19041.1_none_43cede33f3ea380b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeBooksSquare150x150.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.dura..nstancing.resources_31bf3856ad364e35_4.0.15805.0_de-de_9788d9ff3d8066db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_de-de_44f3b896d1c628fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_10.0.19041.1_none_db9b05e7278d28f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..esources-mrmindexer_31bf3856ad364e35_10.0.19041.264_none_46982d372e36f203\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmvxencd_31bf3856ad364e35_10.0.19041.1_none_09d58e7a0e38d4a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_es-mx_3074710fb85bf18e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Data.Entity.Build.Tasks.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\pdferrormfnotfound.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.scale-400.png C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-x..ectdialog.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_fe2a3fc32038c1d1\r\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\retailDemoMsa.html C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-gaming-input-winrt_31bf3856ad364e35_10.0.19041.746_none_fb318affc6ac79b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..space-launcher-tool_31bf3856ad364e35_10.0.19041.746_none_948bc3f58c193023\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12 C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12\ = "AWAKKOIYADHWLKX" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe,0" C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 36001bca10d5e5a1d8de4295bdc4f31f
SHA1 941c80149232d99d34ccdc00c5b5232eb2f9086a
SHA256 fd63fcfcc28130a2b6054c678b98aae8378788b55364ffec192fede79cd9a447
SHA512 86c47e7ef718ded4c6066475571ce44a38eb71d6ac64b50b5b1989a7df765ed5ca82e5d40c532aa25bee41898d053497772aebf2a772a56b0596d3a7532be1af

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e9b7c2654481697388bc65f14ddc490b
SHA1 c2ef2394f2a7485fbdcf245d4dc915d91a555228
SHA256 2e45f0d36026e447eb72a0eacd2a1bd8c5995b65f31426ecbf53ced93b9ce287
SHA512 6916c093a7714c71fcef4b63f25f48b53a3acb5594603900d6a8c6fe68f8562812bc63bda9e80ee32a21a69674d55d882981861281a0872cc1c0997dccbba0ba

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 cb82db1689218f2605ce67c70aed0633
SHA1 e37a9d1f4f51936d284bd580aba8b403cf0afcb8
SHA256 3db805edc08de48695e1b67d7d4fb0d0e6db1e87ba7e66291ee44d8e557fb6b7
SHA512 352004af332c15cba6f67e21ce7ef8422d782bae938024d9b2c5d0b3be445df5e127967c2c5c75312999d19d50dbea97780ebdd23f4c686ff8f959962810bc8f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 67f8851faad57d014a05a55abeb54714
SHA1 b6cbf35645faa48d3a90bee4e167c13b9d0abade
SHA256 3d1ecde85843c4d2e8a03b291350742b4183a0910fa2e10a52bb4d3ca5566c53
SHA512 c81ca8a37d261b97874e5effcf5f90446d20272d5e866af3095d5d2be4debb16bb67f85b0f6c794ca0d206e18e70a69726bd31950071b70eefff1209c19c5f60

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 01b471c186e3d6f57b6b171b4fa1b217
SHA1 692968d84be8a135b06e76cf32a8d5b14fa9b17c
SHA256 4e9f1be51c325afbc0c7dcd10320c22d3fad9029641496df06adf55ebef5ec33
SHA512 fe14a477e017f81d27b216fd4c88ad9fe5a5194123c0500d7efec9ae851ba1315c597e409a14a8104011f15a96720e3bda6a14da9123ea12c43a7457cb5ce2ba

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 ab269f874ce2324739d0f3b87a2ca607
SHA1 5a0b160c898b05008280a84b71e050dcc2d19db8
SHA256 c14adfb2243debecdbe150789723cd1b14fa62d29be5ad8f031cf9fcb2ab51ed
SHA512 1843e800093881b6df04448c50498d9456f914e2fbb629cd4514c2504a36bc8b71713f8fd1219e9b64d246c6467a57f9c15f425c4ea21769ae5d5e088c860b93

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 8da24da3223233b58cc3408e4482ec44
SHA1 af7200c92189a763e55a357e2a3a980eeef7b306
SHA256 7229a06a5414d7f930783bc770b510c945e690e18c25e7aea770c266f192d7c2
SHA512 48b65952c9c205ec685b72661d96bd05c71c2cb7d275b69e70d4fa8e1c8f44aaf5fc5f0d0777d9f3ec27e716efc5102c51272396c91de36da795ffbc2385d89b

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 1f0bce3fd44793f2fb2411e10038e2b7
SHA1 1161bccc076eb78725f3959100445d8947ee99de
SHA256 7744e4ea1be888877947d64e28b80ca528582427ed3aa412379f6fb9ce6b8178
SHA512 8f51ba6bbc1f54501f02f592b893e0ce7ef4e233ab7d363b7657745ba4ebbfdb5512986a67d74a92d6d5d9ba8221b645fc4aeeb5c5521be247dbd9b8706371f4

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 6226211574cfeea71b76edc8e81b19cc
SHA1 6b704e306b70b4c96e10164595016df32eb7d640
SHA256 3db14609cad157abb9fdcb717e3225c9f0d8c8f49f17c2788d8ab5eadb85fb2a
SHA512 1186f58c56af0f5ea4aec8df89eeaa1794b646d6c1e7549ee2a91217975127a1f709f69c3296fa9d885b87aca1776eeb2c9a6bea5406ac085758874b84e152e1

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 c9513afb385650457df31e273ff3eb10
SHA1 6dacf89a4540f5ac4a230aeb266a8032bd0cc846
SHA256 6bd85ef38abb9813dc0cd6a44710a9af8aad26ad8c8441532663473adf2600dd
SHA512 f17d5e0443104d5e4192036238463eb88f46a8d0d4eb018e7372284cf88240ece56eac3b5468b8dbe053d32cc6c8e7be279703a8d5d2d10428d80f50a26b8a85

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 fd0819c1e2aaafd4d4f5ad695f5f546d
SHA1 e98841c449a962520b07f7967c17cfc8ecab1445
SHA256 7c11cbcf281ed424f3329e42252bd6796f42552fa0f9055b60feacdfcf70f9f3
SHA512 e6a106c3753d7040ae03ec1e1ca546ba96b5f3e220f40e57ad2bbb56af354074f67df8454bc8169889587b2420679bf7822d830ebc4f9cb7c96dddc7211318e8

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 a87dcd7235d014fb4ba5f9e44db0fed6
SHA1 046ed12fca7f744c239d5d43051839204291174d
SHA256 3da3bd58162fbe3eb0c5a9fca66d4829605c0999f2a5fc38e5c4587aab46ac5a
SHA512 e173d557afa88b636470aa47cfc34e037eba0384766025c4c62b2291c179aa33efa38cd654c969394c8d1b06efa83b130e078c07cc717f30113f1a841f8c138c

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 29e571f5e4299e960605a2e2c12e7962
SHA1 372466bfe1d3952a1cd1281b799aaac0bd3ea058
SHA256 ba66f7e40c48eb46c3b864b3e78a433b7b31aca49a16d73de4e4d70ac967c6ee
SHA512 e50a5303c502f99851d4c341d3688fd4b3c41134d6adb76be498eec2860512d941074d489741c1c17f025736e195b8e1f330f7c3f30ae45bea912fad003cb30d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9983fb0e69b5aeab63cc76bba39b984f
SHA1 a9ed3339ef7c85ce8523d0aa6cbf5a60fd98a486
SHA256 33f5ab9180fd05305189bff54a229c496e9769e92b8e1e3069b78d0996b66912
SHA512 9c1127f8677586ab9dd976b0e58e4f218b93a56ae11beb36d637ad29c19c13332b2c9974eeed41d3db996fd8a4e1e402fe8766e38da9663abb530cdd706832bc

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 78681593ec5b7673aec1bc5a8d6dbc82
SHA1 f55aafda40f9cfeead78a6b6f09c8dee2234e799
SHA256 8dd6c0cd045cccb3d8ee94dce8f37d93515afa5621e0adf1de502e2f453cdce5
SHA512 54c0754da8624637649f53331448320ae39f54ec1a7234a4153211ca5a2c265d02d9444c2fcf1d8f2df82cb57405e72fc3c59ff08746846f55e4d81871450b2a

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 1212318fa61dc273396e47212618d80a
SHA1 ed023bfa0c5f647be57973e4d22d8fec51b78c05
SHA256 adae647930ac98bc156f6529acd5c2157e4bc5addd4e795863bf44ebc054247a
SHA512 443dbb6b1b5cd254d9776b709416bba5f694bff484cff8c9b9d14cf7a9b1cfb1b5fbe7dd07aaf31ab6934a78c4f202ae1262f6be42a32fd2ed37fa033fdfebb6

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 41ef1eae398d9b069e3e4653a3b8237d
SHA1 2ebc4133a36da5def4d3fd30ef880fd58cb9dc74
SHA256 9f866f4ae9650de055adc9ddb0224198a64f6a3ca8c77329231f63acb963b2d9
SHA512 721585ae096bbfb956a3b5416c41177a8de796d57a291c2ba60f89b9d67a5bf5d63e275dd9eb8ef8d2fd75735f02f77a98c9e95d9d27c734abe144d5e99d6cc7

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 0e5c9e47abac8ebc59867bf0d9d26588
SHA1 ff2089740e5f177fd14504f7d32761be0c36c65e
SHA256 b98a54fa8b13849e47edbb037a34aafcd9d57cfb11545cf697bd44b6f62f6cd9
SHA512 479260b019f377620de307fc67e57a3a4a6b53fe315241d340a71399316b5ad86b6344b9b7e4bc12098cca6f0411fd83dfa95554197e6efee9510c4238d993da

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 b9e542c16937086951ddf34ce0820978
SHA1 6b7bde6264f20058779c696fa11a0d38b5d0df99
SHA256 63866cbd6b2ad4b6b2d7ec5d2913967861e4c44a4a677df77d0cef2e5f26b121
SHA512 6a675fb4792fe92ffd0feca0db00207167b06d1b0c026f32c1b1bbc7af39116de6e3fca616ec5043ddd33cbe4b502dc5f45f34279e152fedc3bce1609a654cd7

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 a3cd752bc6fee4d6c0b2faf2ad8251fb
SHA1 f3cae2487b8d9dcbbd31582db4feef2e63fc0ab5
SHA256 32c8fe174a63f50380dbefd7ef55288ceee1f420b086245a370d2ea1ad1a4642
SHA512 d9cb47832f51d066ae0cf151429469c29831df00f13711ad02c69b3fa7f1e218ab472ae868255cad605715f22d510549274a09a76eb76e84c9ad426df43d6924

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 df42246e7eedf457f14dda20135e3c2a
SHA1 a1dbd232fab5298eb55659790573c1a1fa4d0d32
SHA256 e1323f10f1715462adb53f00ce0ff7e86be4c1c95f7cc1baeb41df5c242befe5
SHA512 04f1cf1faeef415c4f2b257b0a6e5ea1ef1987eee73bcc158e831013cc6d068d3a4cc8b130adeeb7d6556d73407d6d0a61fd66edf2e1835892b8f3682ca4a1db

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 549aca7e040d92335570eaa816dee79f
SHA1 b1723e064b0783e14595afa0e5c2f90868f7544a
SHA256 6ce99b1768b061d83374a8edf867600cd77ec5397bd7d0ea58244cfa245ab5f6
SHA512 d6ff9871801c1ef73831f34ff1d5449da3046ed9d632da8955c8374992047da04e141b7e6ddfc9c88caa6b429c45d2e560dbd8fa304975e24f5343c8057ea85d

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 51b3a4dddd72036df535f3ed4a2b5ca1
SHA1 2e87512fcbe848e78b5d7e13fe16a28fce2d4104
SHA256 8620a6fcf160f760fdf894a09959e64e54f61eaf34cef3cb390114401c515bfa
SHA512 a3c3a209529588da7a99db65310137759cfec17445354065c2cd012b5ca747594887e9c15e408c333f4d839cb3532553ae2d01e0f1eb394b58d766e0ab130d85

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 4d70a280b260eab2ebdc574eae9df2b7
SHA1 4e5975a4c9b8831e0b35a2489b4e5d172f17f61f
SHA256 bf5a6f4e21333b8d0ec45a611eff7027f647a6fd7d994b4b8393b4685c437ea8
SHA512 625d69d9486c766d39ffa3d84ab4eb486713b40697b5ff67a0ab70a2a3f5239b0bbc1f1764b7b1daaa8cc3ecc3eee765e396e7d2c0b335cf634248481c22a26b

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 8650340faef968be141548b9447cde3b
SHA1 ed2a11eac3b5cdbe4d1eb7e22646df692b4d85b7
SHA256 4f734ede9aa4c65131641f1252dd46e6e798c40f3e98ddb0993049074e1bf2eb
SHA512 08635969dd623d886c5a6417305aed7ef47cf7080df4056644e0055defaac7c152f084d41a13ddd7a91186a03a5dfe4268e3fbc976edbc1b631c53f33e362b6b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 bb206266c911ff5430cd9667f6c72b46
SHA1 69fcce6d2c016880c32509d340fa8856548fcf6d
SHA256 6df96da59097d7bc84f57ae4842d7fc2a48550c4e9e85f2b34968dc74e88d017
SHA512 8f1da4a809268bb8bed546ad5e567aef2b0d0ffd4a107cb4d32f282b0c9fa80e33c9e6b7bd4841769090a2ba6e60b35983caba10e09b8f749e20dc3af18b2c5c

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 229a14eff5cc4e561df17a7df09571b4
SHA1 5739da02bac85c1d167915fc409293350f1cf370
SHA256 ff71d785cb7a9add0f890f2a773cbe08b9e2e1b00e9a52e056e4a7a36c6fc0da
SHA512 26fadb6969c1860d195be9351483a52e3cf92d80375c3f81a34ce2ca969c855eb52984fb88d5d281760df33dfc37643e9ef967ca41d1319ac3e8661f4e8475b1

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 db32af5299905cad2233924f62c631e2
SHA1 21b569493ac1cf5149c9299a0c1888c5fef30f36
SHA256 4c51081a6b10339328348e7ad6bee220cbae38f816c88516067f95a01f354d1a
SHA512 fc32b3dc48595b621a32e23bb1d4d2fb41abf38084f12965fead46e73b1891f56f18e8a062112aee71c712bd7378b3720ad65d42867cd653d31e51d394f55fa4

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 65dcb8ab6868c38695d0b7d434ff4ad9
SHA1 a964d7442c314d048d0cd5f3a14c1c4b222f0041
SHA256 2989041bdabfcec572b7edf21c5602e23b12e52f1659ce61aee5c7341e926453
SHA512 94352a3f43c725d72716c0a2c71318479bb41746598ae861d2c4d015ec4b3d742226929fa533ad19f2fa8bf9a1e2c05edfd1efdaa964454d984fa1e328fb29bc

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4180905ee5f3ec4506179e19c80b0361
SHA1 f318e2702b1840aee99f59bef3ab8dc560875e0a
SHA256 46a26dcb860ec53db31d86c5277c163feafe9a26d925b15199d490c33f061ebc
SHA512 6fa35cfffa7319a9c0211d82731f6471f24b41783e0c7fe378f3381380cc9e03613ca48475730c9941ba410eef3feb75aa8b614bffd4af3a8009b9dd36e485f0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 000a3c47680332ccaf7a9502a0f67221
SHA1 7accb3d93a486e64478057e257debac8eff32f87
SHA256 3fc0277b0ee6c4fbc547c138364dc8f2720c940d5f99f90b7e089ccc24c9f3d5
SHA512 93d9cfab5fbbaf2a1b8db66cc7a908e8800822ea6ee4753c317d319c67dede46a77971be9d60fcf810a76ca7a499b4a55e05c8ffbf53fbf8f5b7d7a5ddea9716

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 726d35f025ef25e87d27ec0772d550c5
SHA1 76e1153eda7d4d963ebe186416e302afcc52a305
SHA256 cd0ed4fba6afd2e7b5e7e7e7b4c9e22359adfb104963f9c9a99394a28b43cf01
SHA512 2088f047a566508d265ec1e365abf9f58b0fbafc868d8b2bbc73e6212ea729f75f36af5de83729cd265653c31114b350f59156b055616babf545f98e3b1982ad

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 96bc2037a69e5c5359bd66c37b400e28
SHA1 c3e81bf9bc076603241d347d82229613ae05d996
SHA256 550168dfec5c248bb2d74b1fefd357ce91e22d936c097db1b93c4c5fdf2bfd64
SHA512 7320e3f57d181744b8567dea3c14710a6fd6bb99a240d090544a1b588273ae10217aa52da655e6f7a72580b72ed901cf76e8b0983fdbfa519b1c18b70ce424c2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e7ca4886c085d354c9313a83e3e402e9
SHA1 79b1f3857f177e728681408767eef8447757e144
SHA256 bb6a9b5a0a9c2a0711b2babb717fb99133ac914ac2ba4812788781eb4e6f7012
SHA512 54b1f49ab959937be7e45e18ddfe71572f6881f8258b4023832e76c42c4ed7ad86850d7b8c213376aff0e136c7cd864eb7bea5f838a7c95ceadc017e475ed612

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ab635cd060f4bb35c50e7e9f5140cd75
SHA1 7da1f344953f93488bcb0490e07890d790d5d2e8
SHA256 47518ee89cebaf0d105b2d1cf049c7f826b9d8faa5357f9a5b9aea3d1fc26760
SHA512 cddf355cf656cea85e176eb60f2bc56f75662fc4e8e8fc02becac24728670d4ea130a63124de29a40c84245f99c7a78b23fa409df0fe3ee2532c01d4e49d56f3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e75e990465f38cde103a7ecc2a139763
SHA1 9482526464dcec6f42d19d31aac8b1667f354ab2
SHA256 82980da4b8ac791e0b7ed9686adfaecaee61798f2bd4077008e389ac8305d38a
SHA512 b16da6f0b9cb34d4c7a9cdc998b5194c9421a57a637002dd10a231ddb9ca1b3482ebcfcde33a197b849bf5b6a73ccb6c992c42e2332f1f5b59de72802c6fe0d1

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e962d85ec8cb471fc3dde61d0430b1f3
SHA1 263c5796f83dd434f499199aa37bc40eea2e0401
SHA256 2a4c924bd17f03d954f870b5e37e1b6b5e60239b2e420259b1bb222bf817a23b
SHA512 ba23f45306907990087f0570022574c4ac9a3997a7ed3329ce3c96dfd22fa03cea2712becf9c4926686f52826700b5243a6d5547f6aa4c6c482fab51b88b768d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9d387d544c431784ed297bf454337ae3
SHA1 3c924a88d621179107ee2708d2dd34e44e7ec092
SHA256 2c00623f0a2f04a21baf81e1cf6a0873a45e0e681bd28ccf7ea13c79cd32610f
SHA512 fe91c7d6e47eec2cea2f19ca8003426f1c14a8834e6af8f91cd46948bd6577f4eaaf61501165515d9616139778e53e9a71a983698dfe9f9656466e2d4e74f46d

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7a8f5c8258ce8086fdb9c4523d2d725e
SHA1 f8085c7909c454481f81796f9c360e9f6f05a473
SHA256 ef2620850d3798700ea50ded20d0c6747196e7980590e1609ecded364f020a82
SHA512 4c5e994dc0625ff2454477048521031f82abfe55c41ae885f47de89c069fdcc69821008a8f8d266270a690e7aace008c4446f0f82681f97447ed83c922b3df28

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 50f2e1e9c9e4e7985d4d8f288186ba7a
SHA1 0f1b65d990537b3ec47e350a92e689886df4a481
SHA256 72e2c4a1ba4f84b345b4098591fd1ea64d67a471f47f70fad838c5b18409709f
SHA512 b66a0ae05b3f46972bb01bebcd5bd65873d745c114f3039a65260a750d1bdc623534f605d9cc6bd3532ac09ff10b913c6114ac8a9efcbb441b129ded9e516b99

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 269188c469352a37fbada66e1a1e927d
SHA1 2eed0bb6a98c7471344bbbe1ab89fdeaaef339de
SHA256 e0067731a21247e9cc96627682d28a8d41b430b5c0f027ce2d6c55df6d9ed128
SHA512 b3bf94b2d955d7df68158aa518f61315cb27d7b5033b4c588bfedf74ffd92d60a5537f1fa9f7ce2c71894ff167af0520ab2aa998747e56be09c50920d05f89fe

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f805202d5134e8b4e8de070d78ed4499
SHA1 b4a6739e44b41bedfd43de23d3d4f64dc62fcaf4
SHA256 4d358c221d8facb8fe0d524be672c96483ef8c0038c92f83cba67bd0da0b8bb4
SHA512 3f7da3f4e9b1623cf5e0d0dbc06f67d2eb4b95b46ebd51efdfb5881d68e94644cdcb9a735f66c269c2a2cfe776d25e9903aaf33bf7efecf6d447a8170bbd4562

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b2668bbc85758aa5eeaebd75535d8a2c
SHA1 848e662226c228092f25e5c440ff67517d508ad7
SHA256 a6125c7e75de160b56f118926a658dcf189bb7be76405f725c00fdd349d4c841
SHA512 8a928cfcfe15412171c5c23eaed047c20b51c5b2f418f66e121cbe1a0f373740466956f53dc0938547ccbe4f3720b06a597517d1274dc3ae092ca825fe4e392a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 85b96619aec783b22bf1fd0eb0564a9e
SHA1 dfa8736298a0f755a9f7cb23c61d56dd3ef49729
SHA256 354d88c5894a74338dfe3a9dc10fb64587c9f500a89100eb409c11f0addb6995
SHA512 4e6e7b1acede30259a0fea037dfc6e6ced258c987482e9e3fd2014663593c83f5096840e6c5e8695b130724446d833d77d5b0537c1bec3ba8425c8085b87eed5

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 6040006078e2cc1dad63befe06985cfe
SHA1 fe1466413135d41306d069ed8da63f5b19520060
SHA256 fb2c6116f7daf7c31f52ad627ed81a188f8ed9579a9899a6df2e1b572b262e94
SHA512 be499b16c3c97b9e62b22909a446aaab80bbc5e46071f60fa2c600717751894973c962e6e20ffa2f977eb4892752c9c22aeebbcd2cd7704307bdfe96b0dc3fe0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 709ce7ace34549c3acd2dca9ce12802e
SHA1 ff10b593e6be923e57c6c3278d6443320a3a51bb
SHA256 2fa56c989be81edc58e5ab489cfc2999b7a32d0d1235842c84754ee70afef579
SHA512 69374f2273817878a79bbe8dd4bc44a6da310c208442dddfb186fc36ec725d8fe0edbe1f0557611cc5ce1a35bb38f36c40f5fe9247c20783fe131e8246495562

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 b781308baf1ae89b5f7eeaea231b0201
SHA1 a14d1c13d8615670ed5d35b3d832f04f48d0c6ed
SHA256 e3eb28a4e2481d69c2f876c39b1dee312b6318f77bd64592fd5c2177b4580b20
SHA512 57fba73ce4f5c80bdca9599cba7c8eb63bdd48415711ad7567f044d0afffb2a0c9abfacac5b7fa876b5912a4e5cb0cdc67ac6384235afc3940e7dfd9b75cbeb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a54ae95caca06b56c5483e3d341caa6c
SHA1 01352e0961c57d3424ecd7b337493e719d07f235
SHA256 81329129b31c55338b9e843bc42befffbc4c03786da6390b4d5ff261ba591c10
SHA512 b383370cdd802ead0c0ec999e7732b41d1824f1944ee0cbad1b6d812d296c762086affe4831c52865909eceb71a90a98b1780cba631015accdc4f317675f3653

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 c0cf00d4ed4a00b5fd19306da7a8c1fa
SHA1 b4637fcbf5e1f4a8ffaab0c55f19966b4067dd6c
SHA256 b3ac1c21d0e0b10a2ea98a95ac62ed696b6408f3a38bc5737f6f7b4661360a94
SHA512 77797290d5a15654f57159d4d8b265bb4ebe9a04604f77a1de7eff763d0c850280d31fae13d30efa985dda38566d4f6f9f076b7c1f581f438e7e331a52c3bc8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1e1263d880a5382ba8e3e272ed1b54c3
SHA1 07b2f9ae15dae41cc5dc1a966f29bf1a668ad788
SHA256 8af952db1bc97cd838dc0b1336d8d8fd83625ec1bcb1e05abb95e33d6a6ff7b1
SHA512 60f2faf948216366f643d590324b3b27310ddbde708364bd6afc9778d8f82dd27d00dd8ed964d96562334289103c2a3103f5e171a9a2d97ef6406b7ff5adaad7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 19205975f16cf6364d20ab1715decf68
SHA1 a9821be87bd9c1d79b8849706fc8265b3c080f9d
SHA256 20d3a9d1a10607691b17388a6b6a2d7ad39a0ea2b2243ec2af0eefc803a0da97
SHA512 5411cc946f0a55e33d9528408d172df587e6b477b1be72853cf57536153c45682e79922ed6125d4051ec8e633808dc184e7a300c99f05e1f12bd36099854ec9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 483e8df7586a4d24bd22f6ee27c610e9
SHA1 8583db34904a86b344f7616a11d47069e46309c7
SHA256 4734aff08e31d92ba889e36a22cb0edd83519aa96e5242fa69bd12008df2f8c3
SHA512 96fb087beecf0dcfba0b5d943abb2ed3e2fb8cef6090e9532ba1c5afb2846537d881da8982b85e90dd5c6a04faeba1bf1fabb15dba0a21fd446d795e7522c034

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 d89562911069bba73e01a2444e865e32
SHA1 ae8fae78d2fc253a87bc834073e7dfc8b45038d2
SHA256 705a2802c1ef46facc7b7d0c7252ae5b89b667ac9e98eb7a148540c1031c4454
SHA512 168abef617d409b5b0d1bebd7f8a0478e58fb2c55fe80a67ca53f135e6ee718d76d6a34275a6ee7f5311b1acc36c242ab7b4ca098e502c0e7860f283c419300e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 4680dab4ce69333849684e4c929c2bf9
SHA1 16dd98080ebd65459ec4c732deec461ad6af022e
SHA256 d843b87c36c3859264e52e36d6c59780a4e3072b3852a9edecdf1d177945b8b9
SHA512 1d578ee23d546fcc84e34346b97126e777d7ab689c4f75d31eabe16ad16a7f9cf806c4568d433408d06b8bfcc65c1b598c662459090b110caee2579efc29bf38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 347c97cd623ca49e20903d6ed9bc0725
SHA1 ce5f367503679a53fdc1f5602d279daac3d58a23
SHA256 2d7c9c03883eb6c49e1eef3df97e71ff54df40ea10f7ed8b85add7a8a1405956
SHA512 27ca71bc4b3f77ac42afc7ab6f4f104dfc91b7fba6473e1049acd4ac4c7a65975427bab01877d861a977ac4f9b693e0cf46d2179a01fe6b9e56adeca414d262a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 985c6a48e9925c1d3f59248fa9a4f2bf
SHA1 41b350b960f14f7f1a2e6fc983cd770150882442
SHA256 023ffe37efac9064a2ee00c4d6944daff6e910e72c8a8ec6ddf2a6e7235d7100
SHA512 763cb244b4115f3f29f2994baf9109417ad0ede5f4e0793bbf96089fbb4861bf399dd7086fdd9059b59266cf2f9550740cc92fa14c0420e4d1dcfe10b92bea09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 a651849d029a4d666a139886773ba3ec
SHA1 ada3b72cd1700c814369b66fdb4a453e1c4cffae
SHA256 e8ca233de93952198eb0c2a3f75c617493385345eda9907c188cb80ef9bd1353
SHA512 33d1b800f1335c6fa3e464910389fb91758976917390c464b205e5c35ace7bb118b42a57ad89f6b30b0cbf66487857636b1a795e5a6d2c53864ba8339bfbb32a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d400eda7146152d0c07521483aea8009
SHA1 7b5e186fa2ea0fe2c7e72a3224f98fd934f3977f
SHA256 2fd99fe1918759899ff6f2c61903cd5841490b8597cfdda812d55fcf53356e39
SHA512 1014e18c1595f8edea96d998d5a16e42992c0b0b177371b07c62b61404ac65b6b2dfe3a1851d53cf569ee19eddb866022ccf60a21db381d21ff8e799efc40955

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 47b3424606a8de2034d6082ec81d5119
SHA1 c38d826752fbc781d319f8359e55bf467b740396
SHA256 564b5294928280b1e1f5dc13b63da033f53adcb02f84c2b6153be4670e37edd4
SHA512 5b8f9e6b651ee32c3323b28dd43b4695871ae3c3dc46cdb7a6f2f4f144d7c6443caac38c4f88db914219b3bbae02b6b838ac25c30bee5a79ad6620d06b36a6e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 6c7ab7a76ceff69274dc5a356bd23a69
SHA1 ae1742c2cbfd1fa3488a3eef03fd5ff0da2ebe89
SHA256 360ac09a16d2aba21f168ed9bc89c1f5e7df2db14bdbd334bea90e36ead5502c
SHA512 0c0f60d6a8adb8292f6725ed1f683e5a39c4be46e516693dff8fe0ee02c0fa7ab55ae621f6ac6cbaae33ae74415a9259634cf3c09e1e2ae5a27a48e3d749f729

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 b473e7f6578586abe4cf47abf169acb3
SHA1 f5f781703017e6117ac1b1daa43f6b672b34542d
SHA256 6047a1d3c1e20d3875afe290feed98c4d25ef2e08f83c59f66894ce3b6339daa
SHA512 94c7ee423746e49ed86c0e35fc25293b300ddf3e8ecffdfc1826be863383b5216dbd6cd416fb40aac452f7b06ad0a8b30bebec5309881e29fceb5b404586c37c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d81593e52f7753112b2f6c1222ef2bb5
SHA1 476686d09d8c8c04956cd76ffde6e69a8f54211c
SHA256 77e444892dda3405b8ad4b4187e8b07030bceb1fc51428b9fcfbe27d5e2552f5
SHA512 d3af2827d62725b842e3ea96010c45479f63740482d33cc148d5ba59cb433b1479980f8faae965577b14a2fac477a4b07873af5ad6b962a5caa425a0e5ca72d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8beba0feacace5b89441f6699a332f47
SHA1 95d88db0bf09f5b507d784e408768e2e5f2cf3f9
SHA256 e6e008f9cd85563a219557ce33c262140cf52acf169e9a7a90b738a218e4476f
SHA512 e3e0b3346074c6544ed008dac922fb8d001d50d504b09a86fafc949ef4eae0ec247732f9da60cdebe99e0c312e1ac2a35e5c4a8107dde560b96bd1bdc2b93496

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1932fc2c0362db74415061c7ca111766
SHA1 3f6df4760ee59d047b7ba07bce42b5b238e0ca15
SHA256 d0b4a97e162321b22fb3dc7d5134eb9e7f16ec456ed5e2725e77d1113045fbd7
SHA512 ea5f8c8c53950d33f35b284b18b13e281c44a25a7cb6d21874fa342e19ce70a98c785d678d81c4ff36235d77135e5451df6a7b325f56a5d424bb6e937bc58421

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 08d0482069533380240553fdd8845926
SHA1 e0b0f7055efd10694e409b27ba75e0fd0e3ab9ad
SHA256 7ce8aa2779933a0902031a89045e8b710642c1f63995d84d4c35208fd52618a7
SHA512 b574db5292443153a173bd319f346378caa606e2a2446d0be3803e7c86e9264f5eca86768886d8e72104b0fcd09d3a02f1766df76eefbefdf925776eb51ab98e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f70f7bccec836d39db83d4f811057253
SHA1 081acd0286f53171892256f21eaf0394c84d7386
SHA256 32b0476ce0f70f1452486252c266e0987b8182988f4c30c99dedeeef13f7b146
SHA512 ca65a856e910480130a07c9bdbb352aa6f98ec39795a09958b02dc4a14c66965570fd90226598d294780bd3fe146687e14109b05028133b71edc1f1356971c09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 838edb4c7c3e2e4bf3db9aaf576f62d2
SHA1 92fa7efe1a0333f22261803442fa08436877cedd
SHA256 21df637295f7435454282558f24476dbd26d7677b4d9f7a0800a4e288984b8c1
SHA512 568a321895b317b5c82a92c28a7685b15e380ef5e0436731c378c0ac5a7455580e33fd9e5057a063dd14cd35fefc0b60b4ce4982c2589a25266bb6f0bccb1416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 b1078a4eaf576fcf63307854b1ef8a16
SHA1 d98d0b8245cf10f6bf28ee0775555a6fedfebf7a
SHA256 a74a3fd6119beee7303e621c393dabead8a09fd7619a0e470a479c8417800dc4
SHA512 58671d75df3a301274f0618c1d28355748051f802eb420c34fea2c1b02ca4de98bf15ade631769e521e13a1e906a1fafc92ac98c188c3d97cf5b75e5a25b4f66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 37eb9985610e37e3f129fe9a4a9db00f
SHA1 56e15e7f4434e0f0836973a3351f936391637a60
SHA256 0e744d22cad3b030f828010c2e2dbd39ddac440665987a00252b6fd491abad0c
SHA512 9581051a8aa71a483974b255203f3e36817e48bd1d834a65455292cabf0e166cc242dc0a69190057190b3e42529a5925290106168b65ead7c381b4a420d533f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 6106e6d4b7048deddb432418dcd0c2b0
SHA1 327e8d31cccba1b514082d172f29ac6ca5b13f71
SHA256 47bd64142cc3f4dff3f64eec4bbb795e347527a2628e9761200e4ddc16f23ccc
SHA512 777a967923f90c2b5c846aeff497c9d3f00acf51855ab8d0f31b9e867bb39d053b9c39b3656183090891cc9cf6568de7c7e8e3bc93482b94f3295d87c4e78a72

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 df5854b9bc6fe8a1194beeb8d2c86d80
SHA1 d8ba6c6862be4a72f56329334f32dfa79eb6b6a8
SHA256 97f8980ad0b3f99a3acbb879c8e4885c857516632450c45b9d66e3f6a2fb15cc
SHA512 107658d9f1bec73d4895b3d97e0c554be4866d1342b4505efd3097aa55ac3b2642c54353fe9c292cee978be58ffa5846f41ab03dedfec332a90314256a23ff5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4a60a768e0a79f93c2c263410df89a47
SHA1 913a6fe14541d5172c8dbd7217d7ca9f4d89dfde
SHA256 4734b6b76d3caae67dd723f5bc78f82cda5035cd3268b65a44d3888aa71f7904
SHA512 d3864478bab3fff1dddb333238665e68134ac7e43debc9f0d3376e050b1db0e4ec021f8ad7eb1ba844718f50483640ad224878822ccccd73487ec50ad3bc7925

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 646e9ccf45a51c424497943f7fccd6dd
SHA1 ddd808f97f28021d5f268f13bc5eb545102fa6e3
SHA256 d287375a1176d2bfa952e7afed0beed8f1a978052a88a90a838d079429e002de
SHA512 f8cd4021c802b8ef7c0ccd5d9187ef1c0911e01c15fe832114c546eff928786ce45fc1f8511d9f94c35c40564bfc73e590bd744e5f0a62834168c58a18512293

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 97f7b51b1e100f1eb09a1bc8c1d370c8
SHA1 b66ad8f7168132caf1bc583cd1a6bfd68ff1920a
SHA256 5093ca5fa138a9728dc4b3b89b357d6f594bc3e36a59d4b323fc0c6238eca97d
SHA512 bf7f215872ce26837f3477fa3270cb7622d32945e0f31e59e22ab37e0e95f4aa0d6460f203d28a86439e4925646791bb65e59672ce3d31a57df72f278b457240

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 c4c55505f348ae64e89b859344db4922
SHA1 1012e1ef8a2adc35268774b9a8b5f47f79708555
SHA256 b59bdc2d060c54eae870856988978175b91dface3e7df55cfe1031077d84ef4f
SHA512 f21e40f59448d088ff3253a0a2f28f3874bca7b4c3f2e5d93c4244e1b50581c960c9ee2ee4fc53d64462bd1064cfba0c34ad65446fcfff9a6f483b1feacf4c12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 ec461aed0cfb84e1a3cc5660a0994886
SHA1 2e648c3d6329f378a46245708ea9aa973a6c1f5e
SHA256 23648f0a237c7c2379e23365e77851e156e1d4b53cc83f777422d982bd637d05
SHA512 67cf71c58a8685bf104b4ea4dabf2e8c59755f77209e46b0f17527857cd7a7ffe5a04c8d326d8314f1b661a4553b13f4877ff5f1262fc10ca1a1c899981e35e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 93a4fd1617a39d59c3b8b5940f0cebe9
SHA1 f2d4d6dcb6a5c90963fb51901804884e5683b001
SHA256 55a50a6a09348edcbedb0f3089b053d8d7b29dcccc4b684e996cc1dfc082e336
SHA512 c32c6fcbf1579ef731a65708612e3fc97898a356cd7f6beac67ef786243c4c882708e0e6c9ca5a3e3261b546ca3cb281ea9cf9957482f89b54c64077cd761e32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 6403d7c48a77bb8af0308f782b347e83
SHA1 6edb83f506ad5e61ea3b117985e488823fd13307
SHA256 fcfb49b4b02e296b726adf2d15af6e1aa15bba0abcd404d3c9e03b30487f7b61
SHA512 fc43fbcbcca727180305f8313170168943c5c2e43988a894264170ff05642ee01367ba4f446deb319acdddba2196340745b8711eed8c4b3fd9b13de7abab17b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 7cdc51728e4c103859eadfe0e3d1134d
SHA1 c6f03aa3a18f09b8a25325efe246689fb5729f85
SHA256 c73c4677da9d601e545f2310ebc1fdae9319b83459b0173955cc6b9b3ea1062a
SHA512 8766018eb40ceece86773d1e4cf25a3eae0e8d68b1dd6c9a0a9e488f519d1f968e9768187ca268dceb6a347538b52659a6e160a226860edafc74c1e3287b4edb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 a7ee0944b102b6bf09202ecc4327979f
SHA1 3ad27c9b52ff570746ff6d19b4c248bff2b43e07
SHA256 fe08edfa38c0a47c44ae884c0851bbd9657050eaf18caea9cd2fd4dc034ea5b2
SHA512 6395653e368ccd9760127181e0d5bab460bff47b5649b017a8e5e4ac30044533b4cd32d0be525276544d2a14025414fd86b598d6fd49f78439fd92bafe290e99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 c9f0acd75a414803a0f4e9f8e377374b
SHA1 6ba07eb2ace581696d3386bf391d228590351be9
SHA256 55ac7c631b75887e1d09b0405e6d7f4c1484233e22efe3746b0d550843b2a4d0
SHA512 1c8d07746fae30b183924fbb6405a3fe6d8249e498232df268dbe6ec8716f1bfede5c261b2e2a8c6c2dec8c462f5d9137ddde4ffbc92cadcff7145e3444a47ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 3628955df7bcefc4fbefcabd2f6258b8
SHA1 63c2012f83b4849ce2cfc23777777ef2921b083d
SHA256 d0bff361ba2cdbf046ac7b672e31575c33b6d311650a71e7fe30efa8f7b265e0
SHA512 3bda60e4fe0d5343940602ee921d1d3bf71d430e4f2111f1a3ba291a23a291704513877f5b04f836f342c2ad2a1809f88fa8cf480b438a019dadc2c4bc2701d9

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 94c2a147c3d1de77c41b32b9ea110d19
SHA1 0ddde9bf87e07219e4e56879dd6c3c4e42d57ebe
SHA256 c485441c9d41520ee4b4b9e6101fd36f588b96985f704cdc93a34c5d76e4fad0
SHA512 fbcdb00ad164955a43be03f06cca8c37c01994f528a198f59cae8552bbdfa2761ba603df62d9c81cdac9731a13f4d5ddff768f2c6e957287f19a39a088fe25a7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 5064b967d49a84198df359fe8c52e9d4
SHA1 6e769b5b10295ab8dd5d0aa4d84b2f522fba8332
SHA256 c05a3a1ecb019e022bd0680f592838c8cd4a0dcb00483c740e880578fcfee75c
SHA512 3cba7d85b2bbde84435e656b872075c6aca382d610db2b9cb1dd3d0c307f7a9c16dd41a6162f7c5cd537cfa23835f50479fd75ec272d802ba19bb2c2d518eefb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 0587475a183b94730d9365cd8859a985
SHA1 a379ef148f5b048f5a096e012d2ca7ca0817280c
SHA256 f909d812a57d1b5994056b09dcbcabee56e9216a63f86f3eddebd87631b19973
SHA512 37955576554aa2ff1e90b06ea70d8a225fdafa3a4b81eccc4f0fc62473426f4e7fc21713bc3e01f40e3fc4f095a00b4d08e6bd0d8b612a29fb42347717aaf806

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 cf3cb7ea21696703596a1dea52070a81
SHA1 755385f7e25f43e4677ce50d634183300aeba8e1
SHA256 3b6fb9be90700b0724ad306f67629e7dd10adf198f4d3f840c4852954cd47c7e
SHA512 e603c1bf9438b0016f677dd8e87f1435ead9e807cc24d3b61df9f584a85022832e48ab4ee15da2183d30a72d1f4e04dd7e594061e33e8524659883c268a7430a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 7669a0c9fdb509ea3dc0c1cf4af311e2
SHA1 f4fabd4f360300847d408b64bf743c3d6d592995
SHA256 9ed06dad6332dfae3175657e94b72195f0d8be0af5a1dc5f2371cd69a6f6e16c
SHA512 987f68fbca638d078bbf6fc941dbba23bfc8b5a867e8053ab87fe8779fcc2503c25fd04c3c9c7163ea9d6c0f10833876a9b0b5e03b798acf2c95085cc80f802d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ab1ce192be2a8396ca38ae12cc2e62d3
SHA1 6786348c0a6aeb8725bc64e6797daa28cc594a7d
SHA256 ec02b23ea6915f448c759c7d03df5352d003e219e21a68391f79764bf4957c41
SHA512 9225a701ac59f8229a231deb571593532f65ee15ac17a8aa54caca5cbb42ede83936ea68f503c52babd3795c8f4f47cf862f6436f291474f745b61134cf01919

C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

MD5 58053e7994708c0c30c2688ad2c58aa8
SHA1 2990dfad4464fc96554d5cff815e5c81d1314fd1
SHA256 8bda25a746f228f2c09a4e37764e1df4038afd7f1aba1bf5e3d515ab3d905e4f
SHA512 42309a457a8bd1a9502cfc7405e72e89ca724f69c80d528404ec2897b7a86e9e6706f950cc7a80a4d78b2fd888a24fddbf5f9f1279ca46ed29fba160f8efee9c

C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

MD5 4cd3c2da09e21acc8f4147c6c740a78b
SHA1 040425b094c6e0ba091b0edd1b92a81c96ef8a9b
SHA256 71a3a34cb5b992f935c343c27090335c518a6ee22f16088fce6dcc1bdc28e9b5
SHA512 54ca0367e03aae1eb90838d6f36be11b743e536b0b93720e8169124d43268078f19b8de18b8622eaef011c2ac3eac6ffd0f88c7f56041da7271b2dad11191053

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

MD5 d876d626553067b450e73f2624bff2c9
SHA1 246191b2fd13a26dd6715334cd01b8473968d861
SHA256 573040854b28ea76df92b0c9edd865da9d0995d0b588d6c3c2b5f10b871bd038
SHA512 e5d97def6272a109a13de6101c161750feb77a0c4c2c46d7ef0e07689732a8a37d89ebb029192cdad412d939c564277a78d844df5f680823bf05096074f2d41c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 f8f8a527a7e9e933a3edf0b6bbd55aae
SHA1 478f385b526a28f6e3cc4138d8ac3fb3e82c854b
SHA256 9d4505cf9a3b187c59e14278fd1e36e9a4c4f75c0cfe73023b2e802541e89dc2
SHA512 17c0bf1515efba890f590503626712880ff32b1e51a4813a0a5bc4e032993efc2fb04bdfd07218d40612a553a6b2e550993f0422a8a1fd8e61f3bbdf50e4e7f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 7858b6fbb6bf7406b2cfd2f00a510992
SHA1 22bb1bae4922cde29e7742b9f417d08bef1ad049
SHA256 46f414e540253ccc1ec56e060c67eded0c7c3b13a7078c9b1217d4cd9d2383f4
SHA512 71c39f2925daf83acfb11baf950315805d2981a288b6dc47903a57f1e89a8b15fb8965773858c00008dabecea79d1417a35448d3f7132c46be3b36bd6457d7cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8d9fd349896feb3b0a7578547a67a063
SHA1 d4c6714206f67187a0f981c5390f8efb910a03e5
SHA256 186c3658375a953cc82c9735a6109587783d38c24715df8fd9dc051fc12e4f60
SHA512 4ff9b04830ad5689187701c3d7af72ee053f6705c9b06374bd346bd6d29a89d5eb1ba513cd6df91d79bc43d6ffac4705173112c3b6aa4abb41093de4b522fbc0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 58be6a2f152d66e8068fd9513a991f10
SHA1 b9654a153fdc35d62e808c8dda66d3990cd9a6da
SHA256 5f4ea710e87b7ced99d1406baad16abb9d63ed6cc1f9c7e97ce98d343bdcdd3d
SHA512 f056a2af4b518f240218e51b1519240dad8ce2670070043d9120b5122c5689768149885ddcf87d831ad7b3b06b0d433069da009327299e2143e397e6b8644040

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.BoX_12

MD5 c5d62736bdab60d231f4545e8a61c58d
SHA1 022933692050adbd4de27345e7df51ef89658fe2
SHA256 d9522d83d02ed76378fc1fc658b9892015446d55717a3b68ea458cd8c1f99247
SHA512 12a58c3c94876ff26ae4d44a333ba03904027131d70f7034d4c4c8f4e91f3364206e4f70695ff6e492815ca9dc9e3fa0f08d841d344d2944ceb8ccd102d468a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 59db5f980fbea3fb17eeee25ca3357df
SHA1 a3b77529a4341b5a5dae8b757aab155e0e390d40
SHA256 c38c99b4375551b00416d9e948594567673b0b032526908d8a9ad2c15aef467a
SHA512 561b677010d2980df80306b5c54667d228937d2e569faf59f03b0b489029f8f555ca571c4c936e241b16dd1806465bd368b8851ebacfaafc56a7abf271f12361

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 9e2863b6f3afbc2195fc2b9926bad24f
SHA1 a3efab4ad0aa242c483225f09cd093f50a70ba2e
SHA256 869daae98b6889db4651120da3769659d82d783bcd9fa092db378c626a5a70f5
SHA512 26d32fc9481691e2f3f6d8114cda89f66414cd1482c17bf62dc64243482b34ccf4896fe68db7f47ee067bebf1438525144bd69af5941017f1bf74206a09ab314

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 d9d02a2e3b17a7f6b4e3443c2404c1e1
SHA1 a4a96033bdab8be4a6d079b999ef1ba67e5539a4
SHA256 e2d842608387131c4dce6ce014527c7ab07b38cf0d73ad8d02269f370ba28486
SHA512 ed7ba14c5c377cbb5f499d7a366d89e25cd11dc8b0822566f41e900707051d019405b3f5ecec7382c6a9f583a022c3c735da100a9ac2d1e02a5def36d1eeb10b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 fd493915445adb7db2abfd0eb046a92f
SHA1 4657dca9c0e76b8a8f0285797fe73b5fc0e2884c
SHA256 90009ed04d1afaa77867abf25b5c46376518a5b3e40bcf9cfbc093fd793b7a10
SHA512 17ca8ee798a9d7e98ebf14bc2dc22e7a4d1f693e115027d6ccd27fc59f54cf9471e031919b13174a7149c8be20057d2c08a3b03f8399a027f28bc7900c42fa42

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b50d81587510148cef60b6ea4877450d
SHA1 90e512ce446534acb298da821f924d0d8bda3c42
SHA256 0530e14dba9f036ef82202bfff33c99b75ca83c22b58a7f3ed846232813beb61
SHA512 04fde9cc010cecc4a5384a37fda185d9d4cede2e669226749dd395052318c9bde18efd66249567838418e207a1a76de2afa2a650ec8ec25b43c7cc27fa34e934

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9f2cc43203a437fb7d189d9f6c038322
SHA1 77b17e7ce83a332293323b1b3190f63dde761ae3
SHA256 4d27e3a08437a202bd07e655d15686b1df89cb4fc4d658b4eb619dcc2e5b929c
SHA512 7ca3c9c52b5acebe4eb034872e85f5e621693c66076d74fae62e222b4284f46ac91b6f9143f031d26a91b071774aed997d7ef745b239868e29cc6ac75005d9c4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 05336bc13ae62c8a310155a3da38ceae
SHA1 b99ce6f50d358ed37858565662ccbc10c3370f56
SHA256 90285368d0af25ce0ff807b2b015283c6d8292decfdd04a1d79a811a00cdf984
SHA512 9443be8b3298cf9cdcdf63de16b5ec282a17232a2e8acddf1fa0f86a0c1015e832100c13c4da214c6cef5ee6890fb4206fc01a9e58cd0a50359499c364da7f69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dedccdc256805ded9d1b545c1e52efa4
SHA1 a662a7d86f9e23a54d0faea3ae7f1ac6f6d024ae
SHA256 8caa83fb6ff7eef2804b0b3901164cb2d01628f602c52d58e482895e02bb9f58
SHA512 4a9dc6d1e3015a982ecdb73e84aab5f43252c66bc11beafc5ca4a7d796e9bd8ce098855cb373de092021baa1e5730d2d238b638a25b8d212840c1122aec4f52c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8bf15be59350927bf916cfe81e694fdc
SHA1 78bc3006f9c9fdf3e97430bcec50034bf0affca2
SHA256 0116730b84a6e1602d42d6744e08abc5b31a1308d3cf84eb0ce57512ea6759ac
SHA512 ae4f6f64bba34f2e96a3cb4a5ce154d1cbf3dbd008827ed48a8ad8b4d7dad4a2e538b52d59934544a22aae025f7006e1bcc67c1276a4184cabba8ef5af514485

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

MD5 6206313f42edbc6290f70447c08619a0
SHA1 a98d6a081625641680317e14b437c871521ee3dd
SHA256 54a58b995b8f8b761a19426ed0eec3b6366a79b9bd5d17268f97248667de1640
SHA512 76f046cd86ebf9033b13f46942dac916c79c056936e6a81c9d2a3250f5e6b87064a5e50d22ea868a5b6270fbd9e33342f78f98b103f573a6373a8823e96e9b4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

MD5 391dd193a3d7b204b52d9a930115069d
SHA1 03974ad9f5e39ab0af08b91347ab3b382c35004d
SHA256 0bf50dd29490409a2659502615f2d99936a2466def2190d37224656256aebd7f
SHA512 fee5ef2aeccb41c39117c6b182a1119213bef9682270f81b164478cc8a108e6ab53dc0fb96c8a94a4ecebf4b453b202ee7d515d27525a6fc6209a45ece0688f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

MD5 cbc82c93b75a1e9f22f4014ba48252a4
SHA1 a6734f037c003b72a5777ccc95cada7f657d69e7
SHA256 6fa9279c248108df15e5da42de36ba54273fa1dfc3db07cc85d49cd0c8e65dd7
SHA512 5583b816d884e51c622c950f531ba393539c3474d9065a48791c7beb023b2eaeab093e18ee57fc43ccf45ee94485fec44a13c19ff90d79b11df40e119e63c075

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

MD5 41711336899978183e2ff784d0c6cbf1
SHA1 956ea45515232089ff7e44aa30c80c24294621b8
SHA256 0f4ed97e0492d5a576f0a11e449c5ac5dc9a11a36205115b8172828a15e0644f
SHA512 723c2208244a3ba4ec06ffd6baeeff5cc43fdeb5ba4a033b39a880c9470eb45e5810709d89f7fbc107ec44926fd4c75ba263ae4e5cc0740835067d7d2fd97bb5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

MD5 1e6ab0720d3bc475fe54551fe08afaf3
SHA1 d83c8aed6dbf197fafef236f60dfb9eb0bff725b
SHA256 e885f3a04da4a028f83b81dd861a2f8b9a09cadecb37f456597e6bfbac12e452
SHA512 124e9139828b0f87f167923fa35adeca39b0011852d836761e7a35e128fcd06abecc5c38b55f5dbdeb4ec8b3c670935151bff9efe873bcc659c89ff822b1e6c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

MD5 6160f9a77ef01107d938e59bd6ffe6b4
SHA1 b9ffece2a6feb4f79e8a7cd1ce2247739f295e39
SHA256 8d6be2e92f0bfde497fd2a3ec2965c2f106fa1b3bc68bbdafe449cb1cc1493b3
SHA512 f28f5c244c9ed9e225512057172fb51317d8a3f83ae15b94543d2b81408d00ef96abded2182819c93f7ef5b0cb90b40d9ab7204dbd1fc902329b2a229420cc5e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

MD5 9902cf76f2da1264564104e0e867ab9e
SHA1 5ea55dbe171d12a1d32df0c8242e40fe08a33110
SHA256 0309b9a3d92c7d8713995bc0c020e1ac191e1f4f3a0b830f9a35b7ce749b041f
SHA512 30c46aaaaf7c6a1802f653e14205c2ddfb79c01486f43dd0c536431a835ca7d11d2054f87754c76af5c5daa5df4bedd3702df75b9330c3ece60d17a02f3adb68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

MD5 cf1b6dd6301bbd1298d778178607c17b
SHA1 3c649cdb6db9d1de4951af41b04a3d885169136b
SHA256 1d987454a530221fb2ca6e5606b1338444f078950183e0649fc6b9fee063cae9
SHA512 8ed90c3bd6eec24701e9ad00e48379e245c504d3d76093d749d269ad01458b249191ad8d22f25fc08cb11251db6e09cd7c90b52ccb03793df7326a66429e90c7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

MD5 68b8d369a3f0541855edb9bd0a373292
SHA1 a305cae020c84e3ebe0f6c2c35cacf80d8f2997a
SHA256 b0585e8ae8cfc90a1d33e54f9e7fd551b02234ffc365e43b264f03c8f4064b38
SHA512 1da9ec30589cd7c0b6c54111e787cb738be00b310360cd1ef4b3908993af894a62a5ca5831861156404801af52f4a9e16ee563d54f721f9be94885da99da7721

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

MD5 53c9842b68aa51279adf06cdb35c7c86
SHA1 2cf8dc196e3f4f4e7576154ac7f900852202d365
SHA256 0b7b5dd22fbf05c5fc26f976bd2ebfe9cd6b560175fd44ed3f9e7de30918503f
SHA512 3cd38c56daa922b95a9af39299eb8cf7dacef8c7b51e5df7abb0f345af725f4ec82c5d1b6b4b37f3bb68b068f0a55cd18ce413fe466a4e0fb2cb5f2c0d7038e4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

MD5 e375e4f9c08ddbcd4ef8e5041fe8e7c8
SHA1 24a5b319fcad133b9269b6481916cca56b887f6d
SHA256 bb643c56f8468f7aed647c6de6553eb8b1e61b4ea419feef20a0e91e5c35c9e6
SHA512 4fb3b0241491a9d413baceb9fa2468e31a2224fec06cdc80ccb28273b55e70de8440c1782adfdc8c3b21d8273869dfd7dfd6c561ec5533b4f2561f480434cc81

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

MD5 fb299b78ae25ad25947ed77a3b979358
SHA1 45d33a172b525689c051976b0fef938efab67fe2
SHA256 9230ae5743faae3552d6cfcb34067e35fc06c0b1ac2aa9ec358655187c6c2e41
SHA512 c0e98a7eabd8c8b3845bdb6b981860d551bf35071e114794150478648e24d09c4f9d3f6c3f96656352ea37ea149bb34a49ef4f52b54be416a7ef2a478fa054f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

MD5 8cb7a13f954e54f7ae2b4407ee312d1e
SHA1 f7f9f5c4267ae3549f164aab0789c96ea2e27109
SHA256 eb8a43ea365a7602a483d69f0860cd469d8bf1feb768c12df1095f79b39d0d16
SHA512 58eb90bd0ee51ee7decf58f02740ce6a793c6b31c05f888a638228545243d863316f27e0803f3e531c04413933e3d964cb5d4a8670b5e6a7ec7451941bb2f977

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

MD5 bcfe372e3cdcf419b178a29b3c507b54
SHA1 39dd659ab2c4fe4868e9eb69e104ff4731756951
SHA256 d9b395e2b7ab93969dfdec7272647dceec5fcd9290a156086f2941c82b2aedf8
SHA512 3edc144973a0bcd27ed08762f1cee46e07227905a0b9b48c87a3f9066fff229b6d23f25e541aff5aced7872fc675e3d0c994017f9ecf30e467ed3ddc3f5cad69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

MD5 bebfd7155f0e7b16c0430962c4ef468c
SHA1 9f73b4352ccac26320d6c729bfb9666750c8f001
SHA256 2a50b34f42f3e267615fce9135bc677d57c0c0ed6796f32694922be0b368cfd5
SHA512 2616ff59cfc8a3fa83267945d2deb68ea5e60fa5abc430628a33865da4fa97d8431820183cb8b9bc825b68e3654ec5afdec937f2446eab57f90e9f0d765aa19d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

MD5 5cbe2e75c7f1882e836ca5efe81f1d67
SHA1 8db9aebfd87a2c04bb8fff7adc24cb4200ff729a
SHA256 9c4fca395ce9cdd6354dc99c71df985c917cc0900f9993fb83002c56785ce2f7
SHA512 2319997ca4a19c50b18dd32dfa4f0d1ccaadfea6483865ace81509e186e0d281bac144b1f5539e644010d23f0fd7f903ee4de1181f77a5d6421a682aa4668870

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

MD5 0815d8b4e98bfc863f3847db5dff9397
SHA1 d9eb8d9b3023c3119b87888a34fa756142a4a6cc
SHA256 cc12b8a35d3d6136dac7dc373e59eca0e6dbf10413b7f65766d1eb913e03ca55
SHA512 d01e5377b086adcc66fda4fe936f34bd48a6acf9a5ccef12905bb4c014508bc79b2cda8518ac53b5f057dbeff4e052130c3da24153ad35ed4aea8ca7e590f4da

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

MD5 e246c2269d0f25227e4da9eca828aed0
SHA1 8924c56d6af4edb403cca800e69066856a0d15bb
SHA256 69f39657a5b417b571e6024ee3b3d1fd38747f85b35b6049dc65f13af0fdfe48
SHA512 82e4e3f6a25c09a60cf1ad289c7c09c268b75cb6c8c2da4650980aee7b2369e392fcdeef7a48cd96742a7dfb9ab8fb07579266b7a70d6df3166bc5d3d14a6b0a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

MD5 cdea4f2e70cab5650bf702020041ad6c
SHA1 66d63421b6a363ed2d0f134374892151c7b3611b
SHA256 bc93dee3879ad2ec508ef55a48972437cb7ebac7fbe1332873d60cc8fa68142c
SHA512 00b9b934599283906b39d91462309fa8e56ed05eced731c2e5a7c62db70d809ac11cb8d2ebdfef0eba88c6050fb46e7ef311891e86f6d1eb2ae6c46b41b7033f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

MD5 a8d802048d062e2ac7c72f10c6bfa661
SHA1 33d925f25a7fc0d439f722460daa712c4193f809
SHA256 3dbe6c52881d117c0f17cb487df38e1745b6e4a88d24896d21044ea64b77d3b1
SHA512 01962a3f98b98b37d33eb1caf0b1822a4892388b987d3bdf383c202340b8fc9751a8303e7f4aab62b446c77b7aaa21eee1502ae1f6dd32cd336d21f43c483b18

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

MD5 7462ab27094feae793646d8ca0308d1d
SHA1 f6e5a3cc25b9d72f2653e2ee3496e0c99b2e859e
SHA256 48bdcb889e926d07f5e8d4de772eae11d31f7a1475d9921789f2af0d8b549abf
SHA512 203dc2cf30b7c515a6301be0774403ba0dfeb91cf9b5282ba4d50fce79b210df8a422467fb358f3ce55fcd4fe7f7870fbe61e30b2d948a7385540e16bd83178b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

MD5 4df3aea2a96cddfedd0cd0db3962259a
SHA1 6af9d97be4dcf3369e6d33587096cc37257e8555
SHA256 509c5095c17b45fdaa7bc826cefb8a4381fff3b7ba23167b467340167030f326
SHA512 bb1321427649f645a1ed45b9c4c65e52cc37758b645ce93d64454c495a0716fc9aa6644757087a197088286aa385297ec9b8d3a5cfdd58a20f3161c3367a9a50

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

MD5 9bef2d97bd3019fad66f92263051a66b
SHA1 67ca57080b59c9d2335522c69229c7af278b5eb8
SHA256 9684640b5287788b2ed312d65a8f62ee7fbd0e7068f314cc25d58e208131bc0f
SHA512 b34277f5551268829284dd243c18cd913ae44e6c8d8f6cf4d3632c07f0341d3be8a06ad50fffe1b410710858a5b88a9e8bd15d5b32797f2f857febf744a87e56

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 17b2e2b622435153ae9985fc3619644b
SHA1 8b28e41b0836f2940c133f9ac4f83a12fb1718a6
SHA256 baa0802375604745cadc12f6eca98cfb93f48e42ba8ec751ea4854b341e2bf7d
SHA512 227b60650688a4a19b2a36daf06a1b6fdd0a74cae1f2db7b077b2806a501d537c9e779f029a7697b22272f228199df612533fdcf1c2405cbc2a57e5798394ff0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e882fbb1d88c7fce7da170339f3f12a0
SHA1 8379b2dc147cb8a706619736a794f68f7b45a65d
SHA256 f7ad6071aed77998c2514bfe1b80d61c7400e668823cd082f90b17cdcbfed7eb
SHA512 f35d9438e7f43cffb6385708c25bf6a601fa62abce55172fb960d9d01bc7b5a6369bafbdfca0ced10710238a0ba8a717941b2dcd740974a9c283c6016b993394

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 28757d4978bd1dc62674da7d1235f77b
SHA1 dda685235dc139b1af6beaeded23b11ce967761b
SHA256 8a030d04e222b535f2a50811018cb8fb5b14d9dada14b9cbf8c51650a3d43398
SHA512 c67328831fa51ce77edd4e577efcc0283718b13a01e3f02612bfd4d96302f1b41dc9b42a6d2a05131aecb65d111729cb147f072294bf45edcf7e14e8b2a655c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 0383036fd7bf877283c5bbe18b1593b2
SHA1 bd4384da3a71a6a318fe30e3fc53cca15d7b2895
SHA256 315f23603acee8e91678b1a10867c064546eeadd9022d041c61498a4fd7e1625
SHA512 8a35c95208686ee805576cdeb769839c3c54ae09a780ba248b8e0730c491c3b914fc9742d6b9d859653d6038a1db607e6c98fee125d052dd01e27efeb22730b5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 b706452c2bfef5560bc66cb32784d666
SHA1 5f588c7d9ffaa863b81137fd27535c13b2064581
SHA256 13de5bb4733e7bc827b9d9c404ae53bb9742a0ad653cc63f9b951a9db608c0e1
SHA512 c9f66be60c9c5be2ba277b775be561a24c164e2868dc41446093788479a933585a89bde005d3718f9c9e114c39984e08493bb3a06baaf4d916f8ccfa5c997bb4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 c434430a53025ba140e470efe1096bae
SHA1 e1960482179c086badb148c9574877eef3e32c06
SHA256 f3d5a8be0b1990a7356f10572403f75673358bdd4ecde7cb440c5641359ae0bc
SHA512 1bdbae4eeb5e9b94b075750ec6da8c1f42562f0ee15111ce92f1dc81da8d0ed5a6e4c60443cb8a022bd36d733fdc0600f6fb9bbb0ce8992fe3ac8c6ca706a2a0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 417d818656f165220241ee23920215ab
SHA1 dd532f33f7f7bdefb2ff4d03f9a1f19697120c30
SHA256 146f8afdb26d5ff7f529503095d6970529ad428c82baa2f4bc45541d6f7565cb
SHA512 d7286f12e8a2a39af1e16d7fb3e3d3643bba28536780cb336863faeea38418a7201a2b2014bcd30c7855eb5ce9a6fae0feac1134c957114389c7674e8becc375

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 3392dd1730e5b11bf6fb38d10fd9d949
SHA1 064d5463eb357885e08be6780e147b1cbd5b15f6
SHA256 53810bd9eb8b725697eb7deca235f68f87f47c55ab421c5c35049b685355a03f
SHA512 d8357d053eb454f6d9de827c4ec9d183cfc90036acd9129a796a0fa4dee4a203163b57fad6ba7879676cd431de733f80392105d12aafcc97c5c0038d46467a6e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 ae034928a91cef7849469cfd71e866a2
SHA1 0b2dcb94a2c4330d880d5f52f8e5a718e8506634
SHA256 f39b430fd1eed773fb2799826f18fee41e988b4d553b0fe4a536fb2533c5b6e3
SHA512 06c591c816124bea5b617c3708e360245d79fccc049f810f2164a0972f4748a523d21d1b1cefec0a2dfd4e8804cde81089fdb6bc941041bd1c0ee1cc78a9ebe2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ca2fe2a7113a6ad4eb7682a1460c8334
SHA1 d3788b76e25b42305f1139edb8fcea8dbad33068
SHA256 2de16c33030775c98f9e16019c3caea083cebee60f2d396a69cc12df4eb0a85d
SHA512 8daa5e44ad269ea1ff81e7ba9ba06268773c8e33555175c8759801726458b20a384004216f01d9232852cb2604dd6e8389ff6c2c17cb3d30f61b6fb280008ddb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 bc3a3c627f9b2f81af004b29224cb9ee
SHA1 07d249816e014ac98873723db445f5ced5a48218
SHA256 52d73ddb1f1afc204a896b70736595d76c6203bee79a86a30c2a30c0913ad40a
SHA512 6841b4e4a7c76ad900243f31dc60f7bf8db11c3e5a32e963a9fcce5974547d9ea47a7c6dd32586778af988e55ed492b227bdbc06c271840bfa245e32fd4f6238

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 3e5fa08e091b9cec709f6c922e0e9d37
SHA1 d1faff0bbce6b4a11ec519b4292fddafb3674f4f
SHA256 88eed061f8a1727e07b500292d074a5f2e3d7442073de6a097337159b6430fcc
SHA512 0276742486f9018b22f86205c57c7dd5974ff3067bef5a454d709c9209b29811c65fc9d1bc7d1136e61d614bd77c0c62e3688c4b823b089c60b30f4dab53a01b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 0e30b6795d3c50d050c94ef28ebc7f42
SHA1 731240f28795af27e7467f6b9006b299f7dab63f
SHA256 1f91a117815163814851e0c7f2cfa6409957023a2171ed975958726be4de9c57
SHA512 a8fefb21515059887c812349eb4518db0c161b816f57bea22d3aadca9b6b89a1674f0c37331b44d3938083a46bc5aa77217784cfd5d3175154942f28cbf5fa39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 af4843755c2230993114a7f131a0fa0d
SHA1 facc9027518a81ca100297b1a27b9d3d5598f176
SHA256 e7a93b9200dbcb6b5ea0a5715bebbc855083d0d0cd687e07f451d78cd35b71bd
SHA512 89cd6a7388fc1998df9aa6c8fedb19cddc7b945b91a76e75eac93229c514bd8c8efb5742cc36e0d9726c3604e9fc84d24e03802310da41a9d9dfa33d1e13302f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 203eda5cb32b7c0f4509ef9920460577
SHA1 00472fd819b7c8c2dd02369ccdb50f020817277f
SHA256 9f835481c5ab54d4fb46754b0b66e1adb9bcfe48290f6e0e91fee5ee549a4a99
SHA512 b7ff37378aaa6d6f16154b63716aa73b7373a7e909d1a8df1c49bf472cf6ca08c671ac395e3fb0600ef7be3d8b424f811564205b7ae7a35b6f83577cc062823c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 0b8411844a1241ce1a57ad252a30c56e
SHA1 93089976118ae7e020f1b58e82122aa90ef07e50
SHA256 ac47adccb8a09802c0656160c6e5e908b7d815613f8e2671e6d190c5aa4f936b
SHA512 d3370a069465c9010f1c843657441624ea7b7f8f0bfee0cc0f4253f3fa840025cd80e81b1538ea606efe48f25cc21022bcd2cb2da5b45c4aa7b9970722d5bfbb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 15bbc0e15e3d6836c36343c6aa3555a4
SHA1 ff3a45eda88e92a7a6c743d6735f7469df56e65a
SHA256 a3c5d1a02b65562608316cf81efbfebc609e6e4a8a292ff6af14ee1e222281d8
SHA512 cdae6a8004245d0793bf22aded0977400d44b99fd17284ed11cc42277f479dece9245c43682a53b293fe6a234d7e6d194df57969e88ac0fafe1705b925d8129d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 674a1a7a64253c87c0795b3644f0aec7
SHA1 ac6b49506251218d0344f66b65e1f2953b9c82c1
SHA256 2d0dcdf6a66cde28e0669879e22462b1973b2d0fed4c62d9ebbcfbcd5681253b
SHA512 1aa4fae06fb460dbce25ad56472276e0fd1dfac6dbdd53d007dff5e4aa875221cd1169e106f63389e84dbc70ce1f23a8cd744b17f5aa38c14f6a49e6f40767f0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 685d1cce71c48cdaa022a54d8207453e
SHA1 029058db4e85eed4795565d54879a9e369637e60
SHA256 e7c7ba7b0bb93a3e5c288654735edffd8e89ee5252f813ce097fd287d42a8b5f
SHA512 67875270b9a4bcb44b73befe4e44c24f51b8983f903d11f77b79f8e3ceaad61837ffbf7ecc870c85a5746d97a104f2a64730c39024c52711e2156b810a809fea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 95be49359df03625aff395da6fe6513f
SHA1 11407fb7e0466431fa9b08bd15a8648c22d1abf5
SHA256 4f7a4595edf7b9388e3de7378ccfbf58f4a7205d34e836f5da5441c3f35ccf8a
SHA512 27745e50ee0f06cc86f4838ce63074116a3956178274b31011debead499db6d67dbc82f8d1ec2494cf0b1096207c7c353894aae420230d888ad9fa02f7f8d393

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 97d6512f27c2dd24dc415bb54961a26a
SHA1 5fb22f6b71fe8b35915d0bdd8e82bf1fd3739bed
SHA256 66a26a4320c04c198fcec3514c87b35c04feaebf5f034973e72cd835602e193e
SHA512 3000a6c5e136d8e2cb7846f7127ea20c6dd6b93d3f262e6cac3d6c4e1de76757c32f75933c96243072a4dd5a6a7ab1bf55abc0eb717e3dd22a44bc0b14e5ce38

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5300dcbb6d4133ef782e3eb89718de54
SHA1 43914edd7a6ecc8a0607e804f7d7bb856a141810
SHA256 701fecf974a1e23e81c7887aa6356d4db2cfb7caf3aad0a8411dc2b3e03e2129
SHA512 0113c57dcc878bafea0bb7d4ef33e12859a711053aea6612ae6bc9fead0bc6fc02484c4ae8464eb29ddf1908873920961011c4c704f42a9c6eaf28f101ef3d22

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 ea243ae9cd4b47988cca95edb0ef6e67
SHA1 7eaceac932deed2cc9c8771e7bece59a287b9b41
SHA256 e1ab316960b4b57988173384bbef13aea3613865f0ab576a17c98759184bd68a
SHA512 fc529ce67f8773a97ca4b3181cff31664bc481e379760ac43e772be5f57425af1ec6628fa9a8cf23ae8932088406d0ebe1bcb0d58289b7147b9767e9344f485a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 fdd62f492af5be3379d27229d7023022
SHA1 05e52705b0902edceb523595bfad8909d841cc0e
SHA256 4c094b56108a6149bf9d16613d1e79c2ce815f6f575fa2f4d0f7cff281e40db5
SHA512 05682edde5e1d46d7c5fe4b98976db0fbfda8226f6b77a02d2ccd96c629fa168cfb05fd8532055988c0d5cdbc0d96f051df3e46c3b686457e2cbea9fc10d8d79

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 1c24246f10a4226fd7b56f24f81092ad
SHA1 c7e836deaf267a18d5d61d087f7f4616e6d4f2c8
SHA256 e6f8634260b14ccf1e85e688f02f696fa5d578d09ebbdf4f49846197b0e5a569
SHA512 b1ce1109611e43be4e70dcc8a2ada656015cd2b9ea62e1687a80e19b497e28c8d85af6f6a56ef87892296a84a614a1b8ba20707135a73bdfc5508b9bd020b430

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 a301fca5b7ddc53fcc7d4647326b25ed
SHA1 c1e4632bfee92b79ab16fa13916072db82479f4b
SHA256 4f96dd523f34185d54199d32af1b01104c59e22894c869dd47210cae1f58d2dc
SHA512 eacd225077ebde7c2260eebe10bf0e11b4a9510af8f0358d90846a1338ea79a96b56bd4a0ff3729ade38a427cf26172e7c828ad7cd35eb7a5046a8eef14776c5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 fdaa45e42bfcdf189877d6c1869f59b3
SHA1 eb43260893ba40a3164ae7ca78ab3c4d0b29eacc
SHA256 9666815b9bb2497a52e812052994deb98447a57fb7eb0d6a201d5913f1df4fa6
SHA512 db8f9482293e946d24fb685a8d3f44a842d96bcae7bce17fd9b923a1cccfb52243e57bfdbe6fa67b0d584e0a82952fc1cace01eec37d9f2f5e53b91f7202b067

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 0630ce5d824aea77517c0333a5fbacb0
SHA1 0e982f02fdc3452952fca8642959b454b95c1415
SHA256 bcf3ecdacd3bae327aacc1c9106193005840ec9eb97cb6121fd7f2c85aa74cbe
SHA512 0a62245731b77ff3fbf067893cfb8e347e0e8698f59fd95245a63a7c27539ac74bf2fd9967eaf0e47be33302bec896775d59602ae5579046714e13b778a80b8c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 5215bcd0e6362466ad3df72d8c182f28
SHA1 7f88c86932bec8baf866e0f518f48789cf71bc66
SHA256 2208b2bf739ecc5a1caba2a173220b0430b8a185d745cd90a609b511e0627948
SHA512 3768b28191878de09056aab0cb2a64af7235214bb11b91be0c8623dea6d38d80155a0b387eea4ab0b389e383c77460455b97399f55a4d183eb5a48347f4230d5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ad89510ba51a453b6a0c6dc70fc093ed
SHA1 9239ac806c51d020b941ef3cd5e17c09dd59cde1
SHA256 b68f8c3c5d375740a85a04d9f21cfb6199567caa492f4b4f9acefd454896e099
SHA512 6ba7d105b4dc545b295ee4fd3996533e6967287df3f52352c972ba0d5480394e21333593dbccaa09b8591ccc3421d2e11705cad85ed0ee65aa50a25864016406

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 78a3653f73cd9325a54eff6deda4c6b5
SHA1 2c18f0b1edc43b6f95b98541c22d1d9dfac56cde
SHA256 f26c455d86a4114e2e1ffe7e92165e5edaec006fd803be0150260c0a78b97ffc
SHA512 ea7870b3366dce2f920d4fcf5b284ad428cd170c079a682999d3e591967132908cd324de82219ef481b4943022d37d5c830699d1c4f8a508bb9f193f99a6c0fa

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 bc3814ecf1743338ad45357427b44bb3
SHA1 568da5177095e8cfc37ca5f4146a2553f8841f8e
SHA256 841df50e15ad613164acc35f90c62af8be6e06c489987af9942b542537131fd4
SHA512 9b5869cf8848182cac0c3c6b0e233141d040d823123de141519396ad96c51e448013b47dd288d451979d24cd3c143c8c66d26f3bf941c74fea96339d87ef2cfa

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 56015742b9b43ed12a4423378b917a22
SHA1 44a7c4d69da0d8479582f3625971bd16384cafb5
SHA256 53b53465c55499bb5840a730fe10794c93e6b554cfd2bf90339b81184b620dc5
SHA512 f783eebe6b3000b1c87811ed9bb2590f4cd80818ab300c16dc1348f1b56f9b7e7103d461974b6447e1985ec5149fe5dc1520d3541eb01d29594c2cece9c78da2

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 1e0e556f15c7dc7b5e376421683e26c8
SHA1 04af967c7adc212aa704da9dc203f9abb9620d35
SHA256 b0bcefc79a443eecf100004843e010741cb1a5af81faa335d66c1d7efa701dda
SHA512 6fba672978eeedc0f698fc2da6b571ec53ecbaa0cd276b5925bace9ac2aa7b283761f4c81051174bb9ec1511975e5b01e17bf7a45637b7480e2b1f16f2674698

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2f70ee642f4be2e411fb9fec0d6a5c8f
SHA1 00c971c9bd4b27498544b82a7c4d2616d7c6e522
SHA256 974fce5e397c45cc1574e00d7f6c39dd669259a735bf72babe9f95301faad53b
SHA512 4fe10c5ed08e101597208b9de4dca27fbe15ee24093a4d5b8203e5c68561377983aba6ad4e08ca1322ddc9f04f025f5bd9cf80beb69a2e90c729b1c445f76e61

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 0b863caaee968fde95003f1fb29af9c5
SHA1 32db34d1767f584a7be3051b479779da90ee0203
SHA256 00b90fa5da2c95ec4f284059d15b72ea2a0bb1458bff0e79b5ef2cd4c743e042
SHA512 ed4597c8f7cce0dce1e4a3e0e8e6182ae545f3ea001c095ed4f4bf3977e5417135475724de7bc2038ada18e983f0de3779845b6e20a3011c4a8abd832e7e2858