Malware Analysis Report

2024-10-19 10:43

Sample ID 241007-c2p6xsvbpc
Target 1b00466fda879c94d956c0c1c59ec790_JaffaCakes118
SHA256 52f01a2e8797ea96fd305aa5c4167c80843db8e3f8b718fe6c4b686d7c9d8c5d
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

52f01a2e8797ea96fd305aa5c4167c80843db8e3f8b718fe6c4b686d7c9d8c5d

Threat Level: Known bad

The file 1b00466fda879c94d956c0c1c59ec790_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2166) files with added filename extension

Renames multiple (2165) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 02:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 02:34

Reported

2024-10-07 02:37

Platform

win7-20240903-en

Max time kernel

87s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe"

Signatures

Renames multiple (2166) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\CURRENCY.HTM C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44F.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\es-ES\epgtos.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\drag.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-3.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Savanna\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseout.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rss_headline_glow_floating.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gpupipeline_31bf3856ad364e35_6.1.7601.17514_none_5a5226e685faba67\DissolveNoise.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_h.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Wrinkled_Paper.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\en-US\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-18.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\401-3.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_rest.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\1047x576black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\setting_back.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_disabled.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Notes_LOOP_BG_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked-loading.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\405.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\flower_trans_MATTE_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_1e8c88df3830bbcc\TableTextServiceSimplifiedShuangPin.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_down.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-14.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_it-it_227e33fb04382aa3\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\NextMenuButtonIconSubpictur.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\15x15dot.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-5.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_VideoInset.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Notify.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Notify.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\logo.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Garden\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gold C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe,0" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gold\ = "KIPNJWJYXJVVHHW" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 33e39028ee59373486d265e7ff1e0a2b
SHA1 40831b17941c19d8a60c9e34defae33547b26fdd
SHA256 733fcaef5c61be956be52596e713a7a08ac00769aace3c0ee759afc68dd9d8ca
SHA512 28bdaa59527b1d1b57d37bc7631cb4bb3449bdbb3cb1b6b4d5faf5eb7bb355cf5892af6ebe8171f5ed0b1077c1be4c162e5788fe0a69c1b70a8210a2467104bb

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 a84f12e838c75386fb7a8493f3cc02e6
SHA1 02571c7ea1356766b3e6738c24913f34f72f24a9
SHA256 9d3d7a5b584a5ffbb2cd0648a969e243e1c9f3077573713c479d4e06b5046347
SHA512 9f31c975c89b0d22edd9b2a66f7d1a20ba730f32a05f8d2d4e8eaa5669bf8fd8a0429b1ac1d20fa0d19f9caba609049bf82e7670144f6bc78829bd2ab8d39c81

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 8ea25f5c5c7eec4cd3bce35b13661f2f
SHA1 989d7f07b1667aae561ab10b3a6d98c03daf504f
SHA256 d08473afd02d2eae941158ae77aeb94da88c3030bee65237d76fe97101dc2860
SHA512 ae8564debeff4bb0f3862d727d985ec32c5e14ee6c39887bdf7fa38bd98b64ace5e6638880be93045ea4ae26e9559f9d75f90c7232ac562a7bff0c1347770381

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 2d75a2770b49aa06a1c5a171879bbcf6
SHA1 d3e369d319ce1cbc5fa5ef458a7036e6a2e1e517
SHA256 bb0cdf36c785538712659165d553cda1b38a92138a9b0f82a4f19ea09301f7f0
SHA512 386b114a11bcfbcebd3f77a0389ba986e4f6e80c93fdf15cf15e5cb7273fdae14f7eaa09e881d718422446cb883c57c0a503f046afbfafd9281dcdd3c4f7a5d8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 24a43ebe019d0b0cde0dd12eff58315d
SHA1 233aba74bb1f072f167693e7f37425c115042ca8
SHA256 4bf153aabbdb99179b31e693c6124076ba0bd38d9fb4e6cfbd5ec1f754622c9f
SHA512 900dbadc14cbebb04cb034105ae038a6373322ff4b2f51461afdf14beeadee14e50abcb4ea264058f9c828c5dad0df6502763a96e131ed58c15b3a05f0496f61

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 39a3395e5d1c21d5c58ac9a6c6960653
SHA1 a23f0fe57551babd3a1e1eb9d958d217eb02a442
SHA256 e7215e77c942f2acd638ae2f59ded907a8b12dff6be47cc00533e911feea624a
SHA512 f81cc5023963b008b574b288f2a0681ad0a3acbdc26cbd506aef863179d64a6dae9089e9f41e1d6d200b2d3d34d0e4ff4421b93018ba115d1c590b5fb3d94701

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f5966d2c58b9b34e2df78ba0d111de81
SHA1 7c95747e1f078e8d3f9cc37209a3efc6b4c6d641
SHA256 521d67da3a51344ad60186fdc75e7ee6f430785ba765a91c0b025e212b5698f5
SHA512 9210acce126522fc92c619afa6b8102d592fd9793823ce6065fed966965312c0f8e95bdda5904e5361a78a8f45454ecda380201c4e33cb30f2bb263c33ca2069

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 03307a2ec27408518c86946757bd9922
SHA1 5ad6c6aee6a3ab44eb80c8b7871418b1fa1d0853
SHA256 dc515c44d339fed78cf7c30035aa336c08cff5e40143b19c7c7d392480988d94
SHA512 a1d07affd4e905a5bd66abc2a74a049af78b5e9787ecebe1ddae1d87c940a2b1f74dc055e6a8098d4f4f99eb4dfe0657ee61e9bc96384a07c9525d71696031ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 5fe9bbc3bb9f3cdaed9ea769396b83bd
SHA1 c0e6c4a0b92f72fe0fe46bcb6b99cad918f0db41
SHA256 073c9d5d95d520fcb69a33dfd536b979984f854fccc0b7c961ae1e44cb1cbed6
SHA512 f1b65aa300e3116878897c73eb0e0b13e688cf022e2db2ba35c18e6ae7978f7781f0884044fa064b1a3e2ed840b97454a405fa04578a5fd7e74490270a6911ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 0190bb604e8994bec01e24555f84491a
SHA1 c67e03faa2c7d9fd620a1cf8bf8ac66600c5ced8
SHA256 aab0480b7682162e830c4f6d5c9ec37689d36ab5cd9c5b90eacf302fb2bb09dd
SHA512 1201f55dad551c92bd39ad3c89bbdb63e540776e7d7fabad1c61405a4ec611ae6882d1de497ff8c4f1effd2a39e856a2ea36196c0cea0634ea0802e68e54dcf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 ed49b8b29a797e457ebbb1adbed2ee12
SHA1 77e843c71376026aa26c8624b969e6f8c992edd4
SHA256 1958fd8a3b4644b8b91a8942aa5b580956687af3bfe385cd7d40b43758dad264
SHA512 7052696f799c2d32a3c2f889ff3bcf5511ef5e9b7cd745316031f42f2e45cf1cb8d8069649baff6660d5f4a365c0e4fbb06bded66e493b7e99d6d1dcc29948f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b1dbc912f35a050f03009ef4d6e80706
SHA1 31631590bb05684ce973ec6a567ca9159325a1e3
SHA256 c1dcf7f2cc91a59162c4e6e62afd884cefe6e3100c37c2442c300d266dfd0eae
SHA512 a42ff9b9827d54db89ab4697e860afebcc01816dfba6c83b8cdc05dca3255c41ecd5ef5f1ecf756dc8150e6f8067e346878d2238ff147837b85133f7b13a20f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 4bad641f38b72b4f189c9c4942c94918
SHA1 3d39aaa3a291b6648dc4fe3e65844752307541c2
SHA256 5b865ff004dac15e276c78e64ab428f2ff2f8be2d9bd2930ae946f555444fa3a
SHA512 515df4331bd78c0729d772e7194729ad7fdba0cc900965cd5eab64dbf968e1f225c963d99e67d0a7df50137bd1c9bcbdab3540455e55ca08eee51e6c7db2ee76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 f58ad8ebc5cb04525fedd652b47e6ca7
SHA1 13657da43d2f840f774afa39687b88550e4d1335
SHA256 1c7c310918c88355a447a81c154291aece130b17382d07aee1b09a6d42c51022
SHA512 de9551de7a462ffebb5837fb9e4daeebd60edfafc97c8e49489509c7daa64f9febdefed67d702b87e8de60efa7b2c5d6ca406e2233b28793902fda5ee75bace8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 08e286a485c4716af742e0cfaadb0bcc
SHA1 d92fda05a3e64badba968ebcf5d9e4572503e547
SHA256 471fc9c3afc2797b79e99a391a6f39874e76f3ba888a3f957b31b393b2ca1e23
SHA512 c2bafe9130c2afce982d15cb884cab50b758588f5a74048d79c0a2999930058a10494ad42ae09c0746c0eec513490e4583d27fb0fbf6b01a3d641911bba18296

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 0011a99a1bf50fd591fd18be9ec5bbec
SHA1 2f6d813fbdd418b6f631d047779d9ca8a179bb13
SHA256 9273889a51bbf84a8a36c5ba6cdda49cfb7470bf6be465b67110086031e800bd
SHA512 a078dc1e50aaa4c0f83a5f51238ae6f67972c2605ab4eaeddd86b6ec2a0669c5d3e3e9fd181ce5451090cc8a96f36c81902d941fd69f9cc6196856c67d61e591

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 4aa057194cfec81e7ff9c6f49d999e4b
SHA1 9297659f99af554ebe3ac2bb2cc51c1380a7ba05
SHA256 dfedd75d7aa1187367590052307b4e2061a42170ab3ce3fbd42df75c27dfd375
SHA512 ea2dc436ff10a851cdb5a3fc287805cb6bac1d1365e9bbb51469479777866a206402b94f90560fd8d66c9a929eb07c7da49f70c43b3b244da1a52d28a2605dd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 afe2b1a41bcd6f1cd09c40f2cb61f5e2
SHA1 8cc1b06632af2cff961002768de2757571d00edd
SHA256 cc4a75dac278e504f995b466a13ae1eb9d01a0de7c4de712109da4c1a1e45db0
SHA512 7f6a6a9bf75f0d68635312426b48ebf5694aa8af44d982b4ce45ac2035a3b58abe8e31776e22f9fc22a43078923b5e2990aae2bc9efdc5f7367d4a683d99a240

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 1dbaa5da5daf0c1df53f52f19af5cdf8
SHA1 9823e5fd1a661e74a979ba88489ac8c192f871b0
SHA256 f62f9eed93b329573f0b8223c0a8ed50fd86690bdb7eb3277aa53affb9ed73b4
SHA512 d3aa76eaeaedeebe067c907f9f2d22ea646259ed3cc0761795d8244f7879b465d3ffab5314b1bcefa10759b5c4d77fb0908e9c3d719d619434ac7c8a19b0ded7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7869630898fc37477d02e20adb04418f
SHA1 8859c45f299215f11e96a0fb3bee6a2cba4d392a
SHA256 ffc16e415fc177c8b651f4402d7ffd969fd38af2c54258831a8d6839417fe337
SHA512 93e8d7266534ff044b995fcbc8d031a8f4d0e30431307751231b95e7421c2c82d88d1f727c642db3bfa2eaf91a073404c4f3c38b5576df4dc5302df7ce0f0f04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 fc9d2086951672c0f3556f958cd1859c
SHA1 4ed004603c969d1526f03238dafbd7dcebfb3fd0
SHA256 6f24a4df262f0d9a36b0942fa1e8555236185f3dc731ac55a0a2bcddaf182683
SHA512 76b22c5b51c1a9c6977032db86acb101eae385ce20a812be17eea53d6d528323a5ec06aaa33435af02558a2da89dda1f4c3865676b928a958e2bf82a196fac58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 b5693d6f2261f7a36d7c1a4025b3216f
SHA1 47f8eb9f55d69df63e762bb29b5befc3f9391eaf
SHA256 b7c5735dbf9e9f26867c48ab1731bb8c8c92cd13224a8324e2a97f8d4256fde3
SHA512 2628dac5a75634cbfa069e9d58dd0d26f3e87fe603b97f799d0faaf56d9cd0a12c3ddbfae27fc08bda3418ff64cc103ea209b62cc04092a65f24b620ec4958c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4f099b3446ea5ca39b462089fc35d6c0
SHA1 54b347432d712c2c7fe502d47a4a56066785138e
SHA256 c4a2845b1265f709b3d5e35ff067ad4cd7e5f074b47541ef48db4270d1a1e57f
SHA512 14cf200ee9ad364d1ce8bf0c528dbce1a3ba22dbb9e1f008772963ef6ccee253e304bdef436cbc21f6ac8a0a63a67d27850f18882fd7e9d93a86958e2c4043dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 ff979b8cf1c7e6cbff2d2c38818f3cae
SHA1 b68a977ba1465b89e7b22a63b58d3b10e27d33bb
SHA256 b78bc1f8dc6ffefc5965f27197806a83c7d300edcc88bda7f3d0a1d8b6e1cbfb
SHA512 369d507b1c532f3047cb6c9065ad001f52a4595a13b3a53ed5fe0642b9b05e89a56925cdfc2b4aa86535849dd7c3526fad7f6e0a7cf24f43581b850957c17702

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 0203ef7dd6d52bf240e652a8177fea7f
SHA1 5a039056cefafe104fff044c0a942de4cbe957de
SHA256 851a3674a5056aa2d604fd665aa338867abeb864ff16be66cc2d5527adac63f7
SHA512 f66a250d78907f51d3f2210947afb382faf042c70643d87e6368c4f4200b55c60c8bb378e89bb8f8eb0592e1bcb3bdf923c0a21790dbb5f7dcf11e968da74f29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 78c9d0097d1383bd0788cf8bf5ef4d13
SHA1 c18762f5e217aa0b893257d275f5f30ff20f2a8f
SHA256 8e5f104c424fb57535d707876e421ceb364db5483b963eb7c4af419a38b4bf92
SHA512 3794874bdbe278174c3f92ab4de0dfbd3ddad00022688e59a669e869e2cde581686321492b6677626397d147ac3f5adc4479fd67c884ad0bf636c1b4a24ca134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 f8ff67ba0a38a4a8e3eead0a5cc7aae9
SHA1 a775f3ce8fead27d565937a789e99420b4584619
SHA256 3fc7895878debdf84bb073fd54668fb7ec5818c920f7c1596fc6252e1ecf552e
SHA512 891cac9587ac5200f7eccc5ed2c28e8563c72a8000fc5d3b09c2bc1ae4bfbbdbb19eccd5b000a6e146f1cb52b7de6258d1f767d636b05ba332f256b223b0902a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 24fe536b5646ab3653c8cd7f6c1dfc7f
SHA1 a147316b9f38077daaccecf9bb7113436c022da0
SHA256 16a5078fa19dca8930ea85d56ac58f19a5ebb12c540c42d0c7330ff6a95e53f5
SHA512 07c29bfb71e10ba0eb70091df45f65ef02c7c22fa9a7e0a7d6fcd738839b701e5a88e4ca7712916f76e2c9203135716d20372af46f65a36f98645be1349a9fff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 031d608fd381eac4a56c8b87e0ebeb27
SHA1 3146f8ec81fee743fa5878f6d63ff520ef76447b
SHA256 b643f98ea8daa2bdbc6fd885244d768d4b86d9b25000ec30a2552de234172970
SHA512 f17ab5980bb83a653cef4b5ecf0f175e10a28b6332c24459aa483c7297f6bf1fb072bf9611c3f96361f1aeaf262be16f4dabadb731ed52defd34dd15663e4f21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 30f5e225a0d35edbc72e560058ac1c85
SHA1 ff431dbed8e18532fc30da305c671afe347f2309
SHA256 f5b1bdf2f3e458524f288c1fef14e5520d702e03662ab4c96b95c510fc8a3839
SHA512 55c5efee3da963dee4b8f3e33572acd10da7ff1c18b036d8e8806ce647aa76fed7d2e8b243026bfebe1b4073d9dcdea23bb6a305bf50a569e0e5d2dcea30d9a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 8a4fea0cdf5120296a77d3782e5e4e7e
SHA1 132c4aca55e6edcf8d1d74431d18293c073ef70e
SHA256 c392b3c76f1a301f502a9c94c4dcf7691052b180e712a037b5708238a56dd20a
SHA512 5bcfabfce6232e19a8d6bbd01ac701a4d814d9cbac97032c2dbaea97f3b5d2347ddf83474984a65a1cbdc0dd65b1ac18e8dd919def2932a5847511bdc3ef59b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 ba4f2204bd667f732b724c4a99af26e6
SHA1 e88601bf488ce5e9164167f499d93af55178980c
SHA256 6710408b2e2fd0468f37883fbecbc686b5973fb0067b8c49b64d36e209a8ecfb
SHA512 8d76854d17d7456b25ff361995421074a25707c85ca3e0a3054024202bc05f85af559e5ddf64a31140c812b3a6bc4e67fa66f45ee2dc06f1fff8feb79d55d327

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 3fd4f3dc25445aa134d8050cf6d3fa55
SHA1 f565dd5f27afe5b47cff436e4bee1facf743ab9a
SHA256 2dce0fd330aecd628ce598428bbca11349fd99b824db149478c28b486e487c3e
SHA512 a2ef57a60b65c7956af6dad78e42dc112a05fcae8c7efcdd54fa96654188d1d81696456c0fd205770636cb93477b6da9d8ec6550080842ddf2651c28a3b2c2d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 b2346f171d7a0b042693423775fb9586
SHA1 ae8c256abbb56899ecda12b88fd5e993c51cf09f
SHA256 3fdcf1428197b79f4d4841964251d0f56b1e89c0dcbf17efbde1240059990448
SHA512 92c46c128ba726158d1d37b7e09c611542c8c23a1a9f8e56d9018f838dc3d5d204d095e4bf9014872fce39ab4f62b47e8328c74fd48e99a9c991b25765b29c6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 3efc89eb0a172e31b8e215fe9dc50fc0
SHA1 93551241c7e0f165f9118e75d2a0f74961c66eac
SHA256 71bdaa4aeafb13ab8705cade74eae24d4d094806f9b9a0ce7e7e0bdf45c4712f
SHA512 5b8a43c067ed25ef4930b2d28b30180c35867647e1c941d7589e1b5dde061661101cf0f80bcc959cb9a479a39646f55f980627685e2f1aea988d9d6424c490c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4cca0c0942de04060ff6eea75c87d53b
SHA1 650f2f049052a53a06f8568d2fe3e86c79d04e29
SHA256 311377aea58a185a296965e60ab76fb7ab311c657f61092014587953281d0ea5
SHA512 f7b045a6873077108c8ece1e085af9263191e134dbe52685ed83307e471cbd5d90d83b147f755de1223a982c963aa61bbfd50c7f76a0e988aee0762d5ff64b3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 0e67fe296fc98e9dfb066576438b3d56
SHA1 6b2d4b31266e740e6780a1b5bb7db3631d366ff8
SHA256 7d51a1815a35221928adc3e65800326a9acb0e2bc1e9ca5f0fc1a4125251f76d
SHA512 7566dfe7f277641025d248e478a299da50fe64960683be517bb4b72b1bd56634797506c2d3603be19dc9d4d3f0888aff157fb3de2a13f23bb9de736bc1230c9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 a083547f7dc7617768dc4c5ee7a9a4f2
SHA1 1f3452d2a392734d880d00350fc3f998f1707d8a
SHA256 3fb3200de5096f9ab9cd6dd8e1ad24d6ff28af141fc86fe5e18ca54bb555bc6e
SHA512 627524f267609e3fd4648ec41fde6bd17ecbbcb4877bf20469e8362818a4d90ac2f47ce5e47ceb45cb7039ef830478cbafda915dcc619e8bcfd2cbf17a883d0d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 d32b72c614a991e5a4aa60f0d1a58020
SHA1 d85f7a1e0a3bd94960055291ab6f85486f6c517c
SHA256 f61076fefeb4dc70c5da815cb967f3937256577aba18f7711d0b87309d9c4742
SHA512 f310275c156718da7619d4e67afabc27b24b376b7dc112bf49f0dce51c7e592b7a28abd0cd41e90f0d109143c7cd9dfa6e670934c66730a40a22f622da435790

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 1da5151914331c370d894adb937e5b9b
SHA1 b84e1b7958565ef1525a2763c6e54fde80f36387
SHA256 c26fb50973c3636dd7cd3ceb6aaca87f59800d729b039be13edbe58d2bbb51ac
SHA512 5bcb09b1d0da5464da50fd0a7e0311b9c3b68de9aa97aba696d67c57b45296f59ae4a52b46bf174cbad9154436147b1ebb9ad0a340de03c8508d3733835af97c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 f01a1ce223080a38034a983ada981934
SHA1 58ad934376d254d456c142dd7e62ccdebab417b7
SHA256 c3cd10666e4bfcd573b823627efa244cb955e7c489c15e0b7c4d66a56aa52c6d
SHA512 793b3bfede69d89b033c61156d2ba13fe12ea1f7b699ecc6dc4beb9920ba4a230366f1d7a0fc3da5521991e398229ca10dd6b2f4f0eec55e108e0fac7cdd0328

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 6f717372043e2e16fbfc122f67e0c54b
SHA1 06f2ba21b22e02ba9ebd8e0d2bbf42504003764b
SHA256 64e7acc66418b70b126c9442092d96c5e24ecf1d8f95d6e1af28b3aa2de86a02
SHA512 2830a8e1db055d61fe94255ad928123a5503f78b3b1e8b049df68b4cb15979e81efb0fe7233905ee12196f6c885959fe6951f51c3e6c6929824df1da8297d8a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 88989a2606bc5fc9318a427da96ac7b6
SHA1 b24387ab22aecca9ac4d0d036029d4c6ac278f4a
SHA256 c08d1fb60b2c490ad7ce4b2c97da03570a799a8c96368c6829349bfb0fbca762
SHA512 8db254a7fd513fd6567a63e78a522f21d0b0a5d88f1460900205853c302ff861c6f8e082066e6d38a6f0581c65e62cb8cd9dbde80a1b4f649986c32e9ee5dad6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 bc54e2deebf63c19443c0a2e3d65f540
SHA1 280a42df306d12ec3e14c41a2ca2ad0616ea6ca9
SHA256 139e93973ad4809c13e13ae3134a05b031a8c89476027379a71d6610cedf889c
SHA512 461b459c496ef6dfc555431e6c6a67476eb752cfd85c44363bb559efcf2fa0d5b3bf70bc339561dc8d429d9d867c447d253eec7a69eeba82eea00f82faa84f7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 7b33d069a4fb7dfd4e24030352486871
SHA1 0785461962c1a5118d577851e7cb1083fda54d86
SHA256 b022ae2e4e569d9d4d6729528e42235ae1d4e4e7507391a1c5f3801dcf04d248
SHA512 fa08f798f4872f4e4e260642af3da5278316fe2a6122038d06bc4948125e293aac19c6731ec71e9ad163ae125aa1de771d1b1118c41efac1f9824f39230c6859

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 b56715dadfbbc7ec46ba1bee380df0b7
SHA1 8d1ddeb01d82372dd4643770582f5050420baa54
SHA256 6635274cb5ba7766de9961c69ded8a2073fa988c62d7ad5cadabe69984c90e0a
SHA512 2ca3c36d5a890fe40ead839d421ec3e312aebc42941631702a0f6e9f17f29f541c198c0f7973fe7f9e51f7e95d05e3abb2092827a136b4b6baca4638c3e5c174

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 7b5e94b8812abbe159f866822de81f25
SHA1 ce02856f5b23a22c1948c9788c391e580daf099c
SHA256 15cbd6061f8b18b672e07d7add16badc0beeb46df6090a5348614e33d030ca0b
SHA512 fa065ab4af05ba43db3399e1bc1a4d79006d7164a8fb5cc0ca8ea3deb86ce6910694b9f6d54d3ef2aa9fcba0d2af430919350648acb2d86dd1c9bae6a6ab487c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 7ad0cd26bada66c646f2feeea541c5f2
SHA1 053d0884d614f608bd8c4dedc7c2ec93843208d0
SHA256 d69b82229c8d688b9d487c84ee68f2e279b6ce146c50d79adec0b6e75c4b736f
SHA512 7f17e267d502322aa082aef2e7714a7870701bfd9142caff0dbee7aa39de6fbaffe1c0fff5490b390c367cc04f2bb26669cd1f47911d00b3f85a15fe8e7f26f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 17d1ad4bc9c1a8dc418ba22b228a5011
SHA1 c2aaa9f1c84a03e88e2fd62908ee840a44d23d2f
SHA256 40c6516683c22a08a9525d800084794a043abc519c41ec80998976ee477a1789
SHA512 d60d34df5ac00e4650baf86f266b700f9e0764eb0f012d58a45d67d1403f265318995356c8f68c4d2762cd72074e8ecdce110aba80230935e441b05c45e05cb9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 4c6b46ff256d59130da1e3abc88e7212
SHA1 fd39dd4b1963ae3e015213014d3a792ff1c59d89
SHA256 81c5dc5e23bc93fb9d37fe474d6ede88d08f4c7eb3012348d7f0476966af2640
SHA512 7cf7900964ca289da8c417c38c358af6d8c9f64f61fed8fc05b3ef4880ff943af1ae813d673e39f9218a13c3fd892ca63e40c5ba27ea4e45346421177abbf631

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 bb475d28a851719a776966dd501d1406
SHA1 0041827ef2e3152650842f48a0f18b9209e6f1b9
SHA256 cf4a99b48479f8c73db23521aa92c2fb44c5cb128648efa057ae97e7ee52b019
SHA512 d4895010753dedb5dcf22afac791bce08d53f5d00bfc71c6d22132d8a3b136f6f904762cadeca18a5316391337c68a2e4f124542e5e74e246f80c9f45a4ef123

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 da1215361817768d9ab227bd549159b9
SHA1 60fa5722451c3213d8d266cc0c85e52bd4148a2a
SHA256 4c29f1253179b02f8ec50df7f01d4dcdc55b1a7dcce93a09500ced496db38239
SHA512 d794fa5c6f3f3e314a9950cfdac6641d2c29fee5fe9c6695f6f34e650eeeb28d5e874ba6a9008649b47449d7de0aa48f828cbf4a8cd77d3c9418aeba9b22bb26

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5d28b6f44cbb775976b7628b904e9a1e
SHA1 0cb7b247060bff42a8b99243864e49eba618f5c8
SHA256 7a438aeaa82cd3879d15a6d475da32d381b075f3cdab2257b8d5b8ce9b18c9d1
SHA512 214f2712ebcd7afcfd79e38c112d9fdeffa5e472f0e3673db33f6e77eb75ad1c0609cc6375e4d360cf6c944f37297ed618355a4c9cd35ac9cd7cd392d83d793d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 1a5929abf35e68f4f81c133d86112a16
SHA1 450ab44a12748b59db7ba5e234f60ccd1183f9e5
SHA256 3a8f0b450c76b0b096d3ce2ebdc83dcdc628bc9ac972efbe83dedad0543d76b2
SHA512 f87b3004238ef7121e2e1507bc98de65f6c15f968f0cdae9e160c37d9147efe41d353d6dfcb043557fdbea3d70d99351a648647d4a9ebc2c41baa7f0df9ec16b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 dab8b13e430036942a2d3a3081ef69db
SHA1 3888688c3b729360d150b29a448fff7606884d14
SHA256 ee1f2df5e3245772e178c09ebc18157ac1c9475291e6ecbdc28882ba6d8f7a8c
SHA512 d1cc02c1127f90b35b747de8e405fb58e8053888407c50254d881d463dea8833d85c870adc7433a04f5d810cf925c1edd9d115886db8459e172f179740467a93

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 03a7a8a988493c104aecaf7d8d5f8d65
SHA1 0ef8ab99a9fdf2340db34d4271802c3ffadd7a95
SHA256 e3b447d7110248c5c085549e41ff6fbe08512053f306fb423dc1c566d821037c
SHA512 29b1e5ddf3c6676360f1c3606e3f7adbafcd6d9dde37dd514ebd5ce71ca838c8f65af78e9c881749123b6d5f81001e3dff03941bb111b7d9aaa9478183202298

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a72293d1232a05e8f7bcf57ccf7ff87c
SHA1 f6c37d4817e6ab6fa6ba6d59a28320b070fc0cc6
SHA256 12519c7e0286a11874ea864122dccb89366bc266dacbaad76a88d2b383ed0734
SHA512 4e0cd506fd0154363b4a80ac4e2e720ed05b8a684a0e52564626932d1d73f383d385f8d0b90fbe120b2d2da740fab1be211b3ce97dc8b20c23037e6406ab27f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 c5ee6ffbd03345979563b4ac701b327d
SHA1 705f9ffba7c14bc9a040acd9bdb9803b7433eefb
SHA256 923aad82a47732ba1ccc427ac824ad80b756c108e3643a682711b64c344b1aef
SHA512 825dcb99b814422c7f6eae5977a9c2b580e57671d00cf027179a2f7082d70e746868ff18d9f2ba862d07797f82ead1548117da555f89d9c627ace5c9f0b47154

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 5df307f6fdbe3162b907d426c116b9ce
SHA1 3b1cb6b62411d6a54845d760e1320f47d1bd8f10
SHA256 ec6419f758b6008ad219210e5b5aa97baf7812a65480ed5bae450b6e286ec455
SHA512 fafe1dfb5f188bbab82dd34463cd6152c351cc87ecb6a78bb564f11aa6fcdaba03120f3c08bc266ac3ea95c82acfc8ec8250596933f4f01080844fad0a18a09f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 cbdcb26772e124220b8dc527475f516c
SHA1 f95e0a621669cbebb14dda9503910c7608171b51
SHA256 487456fb5ebbce97c56b4527a1f20e6535c526d6b2fd831f536d9733e79474e6
SHA512 5332361d09a3393194a10658fc981727c0ac967bb32032c4095aa72ab51c0b9c64fac8fa0d4fc1c045057de077941c42e578ea2d46cf211ccae4e31552ba8ea0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 15ae3a6b39fefdacb19a0a6b4b9465c0
SHA1 94dee4a29bbeb98ac62949dad8bc673fe8c53d42
SHA256 c3ae24e6dcd552ef28706cd4e75a25eb9abe8e7e8474dd9ed200e6f52218ed0b
SHA512 1521b3731d2cd061e224edf7b18505dad1f953ed81940dc394b75aea677baeb790540272aee390ed02e0d481f9d7b386c3b9571b054baa9d93b325fada4c98f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 a4621ed67249bcab7c6d0bcd74093563
SHA1 10c6b8d69f60527800f629d862522bc8ec81e87f
SHA256 a6d548f348db9409ceb7c03f37b5df1570a2dad7ccfc68bd5e78591fb8c01c66
SHA512 cfd3948c941df8baec706b771df99c9b4d7f2c0c29b2fd33b564969580b1e3090dda249e5c077df4f418c68ee3b695e168b558871ad59ff796f2c02700882120

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 e9435b8a843e14865ff6d3e3a39bfe49
SHA1 a9298e61c4cc9b93308fc88849761e31218e846d
SHA256 03f096fb9ad29b296c432bd8eb702ac4b4142964280ef05f8cfc5c4ff9578721
SHA512 32c350ab303a2d7ac8d4b318f4650cfbf4665cd88440bd07ca9f79443e9c6b9c68f4b92785406ff074c96e8e7b6c35152dde96dc3b0d311decb1910e9db58d29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 2093c91bee90de26b0db69e1020e09c1
SHA1 87e977aa62046eb31f12fee13cb30ebe75933afb
SHA256 dd3d116759f1fd7a63c4531af139fd15c3ca30d7d424d59120f7ee87e538d18d
SHA512 a18679f9d643d91f85f54988698562be63b78af023b1c96245d81cdf38f01748c4459627c18b879b0458d6fd851bbc8bfc33498fe5c3f289f6dc6fa0d4af3c00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 5e0d310a982cd51bbd0951d520724559
SHA1 3d9a2960ccab6574c2967b38a4c7ce32ceb00480
SHA256 00d63ce9b9d3c3ec378a83c31fdac9aaba1778000370bed59a0f2a25a1a4a8e6
SHA512 4aef9e7f0f6eb08d8f9ceee4714cab98ecb2d9e1327782f682f736187cdd0564ba46cf4b15ba36b91b0ccbe8a27d34d367d649b2fd0383d825fa064436a55ed4

C:\Users\Admin\Documents\ReceiveGroup.xlsx

MD5 1b8e18750e52f94b40744aacbe4d8d1a
SHA1 1718e14b754b85ba3200221f1a591fa7ddfa1cab
SHA256 2571cf09da6939d4863b84f11b8e6451ac0e75f82186f3218f5252945761d352
SHA512 fff073687700c2e1377ef9e68952f692ea2799174c54a1b32a3c387125b5f1f5e579ff805e83542fbf12bbcb6e0833f9ed82e2cf8e7501d8edd19fb6d7e98cdd

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 dadaa810a7e84cde09075c241ba606c9
SHA1 1b85a8774ed899efd6ed901ac94d51e359b90427
SHA256 ea7c430de997082628eff2d339d4f766106b79b9f523075d5798e78dc239f9b4
SHA512 e655c77fc199315498662980a97fd1c517a7b3f127c0f035c192e280dece464c17f6bca75c5b03bb52d25ca9bd2e1f9460000052f7a11d8d646ea866fa513c2f

C:\vcredist2010_x86.log.html

MD5 69b8894b027bd8c957a4ff97c57e68d7
SHA1 aeb7c5b3a46cd5f7bf56b18eb9f7a6d9caf46e09
SHA256 392c70875a99a0a0de51b3e17ecb884a7e595f793e34b092e9b45d96e2196796
SHA512 3d725f5ff925e945939d64d2a3b428ed79a54dee5962d259a0ff7639aa1b74f1b1353c2b4ffe0e6e3a9a3510935f9c34b83bfb40e392ba4e521cf9310a0c6113

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 37f498676c6a5830cd2a7a6b874e3388
SHA1 534c0fd855646e28762d441a2b076d74588e4b31
SHA256 e166e07923b560cf12a18ada4884c601be22d6ac50b45562ddec8c49aef1ecf9
SHA512 c582a4f9817af8557c0b872496c4a6f0d75eb81f27e87fca60ff386509d4739184137afc7d734db0aa0903d62996a1462d191ac49e45c899cfae6ace056613ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.gold

MD5 9d288cca0f385a2b00bb62142e9cc9fd
SHA1 aa62a4f321db20948beb0f7115c2f8e1901765f1
SHA256 c06d368cee7b026853a434f63f176c89c5c634f19434bed823f69a1d58d555e8
SHA512 5ff0b30363ae21ab2c2b63b1d3647bc0421f54366a6b2ca5c00d44c26c374a057d7ce0a3ec4b81cc60dae5133cd786059419b315b5cb39b4ad00fc5bf4792159

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e4843a44f83e0026e204d74d10bb2bdd
SHA1 d59b3e643020a73cee73db5ecd42a8ebdc5d7509
SHA256 6ce47d3e94002e3b7ba76d726ad40b01266cd58e36f189f354da881d3f243e0e
SHA512 15dafcf3b6a6739482d6c0b74c76b5988f04c868cc2b751434ea371022e08c1fb4a0cbf59f8fbca4e5747b6659158e9fc8066eeb58ee8fe11a3c9891695ebe7f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3b522aff0453d2fce672a6714c1c0440
SHA1 ad07a9893f8dc2c761292ad41215ae447f19b212
SHA256 400e23e961ea4571c1fbd51bc517a3e8246bc602c68c2e1fe1bc0058868c5fc3
SHA512 9fe24ecfb7112951d0e12298d5941e00ad163c91fb02da12306aacf1bc19ea17661c12ecb4e2bfd2f7398518df234b1825c2ae709c31adacf37e8f739276df16

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 de61c7cb19551430f96b44a68dcb84c8
SHA1 8d2f830eec41fc384427f912717cd8d0b1b19696
SHA256 a7561377f6aba8245ae67cc2a4053d0915d3b3fddf3ff793e93e04f75c5ce115
SHA512 e296c4bd1ea4b45960fa60fc3014421ca11f0b468af0ac39ed76d0de922027a14b5cc669a41727ec0de1757d6cac04f9708902917b0fe0d6c0c03a554475b676

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 9fbeca767fdd21e3446427450ff7543e
SHA1 39c7ea4fa7b28ecc79978e31f7913f4a06749f09
SHA256 4b0b1050baaf025a9c8a7538ccee06dcc5664ab2c41b70ce70ae7652f5ebd28f
SHA512 37ed79ef26637d36625c155c94b0bb4d3fc551be19fa76cc2744916665fcad35bc228f5e2ff87687c547544667db7476a4e16392a9f707f1412d33b1f1aa3d37

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ed3fac456cee619f72114a158de87768
SHA1 7038a013adfd7ca6ccfdf67015c6475d0e2b021c
SHA256 c60716866550fc745ef3994cfa0296775c73bcf3d1ee906b9db5b0cb592945e5
SHA512 3f710cc97e6fc598db05b83d2c4672bbe6b47a4d52583322cb4b716c3429fc2c353e7dccc9526908346954c51b5181cc271846df7a9641cc7406be594878d80a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 62b85af76fe5be5b10e91254aa10ce44
SHA1 5d9715e9cd8af42fd9dde33ac71603daef1bec1a
SHA256 7cb808507fc5c57d70d9e16877b0ef8a6a225c74f12d12e7a7f28f61300c9a84
SHA512 a6c4db88d651941f0dccfcb0584ed57f9213ba791f5e12a33bc4a32353418bae96a927aa2930fd2c1712725f1a0039baec430021bd3ca23ea1addfb291710349

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5f9836e0e1cbb7c23ff76aebea3e269c
SHA1 f1d2dbf6838456850b468a8e57660919fcdbfee9
SHA256 f9a32a55c5181914c886640c3fca288d73b6de9af8b2ed87787c78c8fbce5b40
SHA512 f4357f87a2e8429e5edca1e90d6e90b2ce49aff6bb5214473a9a6161c043b8d56ca7f9fae87fbb36537f5e0f0106ca6111c839b66ad4af9eb5dcb24f669f20af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 fefc40f1eae2150d9d4c31e045d33ac7
SHA1 dd6534dc22c2a00b2cd30c91c7f2d5910979259b
SHA256 dea2b053d069259fa1c902e81d874a1328f0b71a3eca3cdff1e918e5e230e732
SHA512 a409a73e48150acb8058eee72746c6152a9a1deae21453d59b5c804001f86f46ccf29f62506b475ae842cc86b6055831ef4d23fa4a85086de76570f32ed8699b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 da239758272b0f80ebeb3b711a9e7894
SHA1 922fdcf9f1b6065e19f01ab0bdcd3d8b50fdbcf3
SHA256 a991608fb951c406b306c588b36ef2471807a1583188ae5cf4cecaa7291c0538
SHA512 20946e08e2e2bea2c215b50fcbfa2c16908657271a2eb28c6044555b58c02de0f1df6cf9cc3a1d379f6abe85b718cec99fea517ecf3d952312dd54a102f98ef4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e697db535aee210f23f71ccfa0649534
SHA1 ded0891af9e3d696006390a635665a7384298f6a
SHA256 86533c5f7809f221f002bd6171015a67aab500ee3d59ee1c028d37218e139ee0
SHA512 4e1233f32ff8cbca15ba4a935c63e46cfdebf25b3c4679c7c2c77c390896cdb10ec28b741ed23f112ea5bb0017fe1f9d16da864bb19069f0567459c4b28e9c35

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 02:34

Reported

2024-10-07 02:37

Platform

win10v2004-20240802-en

Max time kernel

95s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe"

Signatures

Renames multiple (2165) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCache.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\ReadMe.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\3.jpg C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TinyTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\search_emptystate.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlInnerCircle.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons2x.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SmallTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\README.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7734_20x20x32.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d0.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\404-5.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_table_options.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.1_none_c3bc3dbd94da3c61\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\OEMRegistration.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Search\Images\logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_error.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Alarm05.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsCloudIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_f12_context_chartselection_clear.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeprovisioningentry-main.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\DefaultSystemNotification.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\Breakpoints\images\addEventTracepoint.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\togglePrettyPrint.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare150x150Logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Ignore.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Assets\WideLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\TabletMode.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TileSmall.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\501.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\403-3.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.1_none_01072daf15b480b0\Computer Management.lnk C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a673a811fe1122c1\default.help.txt C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\WideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\SplashScreen.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_bypassServiceWorkers.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\dnserror.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\nextTab.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.1_none_d1fafd8eeb2a2637\Speech Off.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-bookend-cortanain-outro.gif C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\YourPhoneCallingToast.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..erymanager.appxmain_31bf3856ad364e35_10.0.19041.1_none_61ab84439fac4697\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\startfresh.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\oobe-footer-template.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\500-16.htm C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Alarm08.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\Splashscreen.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_9d61200c734f61dd\SplashScreen.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartzoom_in_disabled.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Minimize.wav C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\breakWorker.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\common-toggle-template.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobedevicepairing-main.html C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_filtering_options.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gold C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe,0" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gold\ = "KIPNJWJYXJVVHHW" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 33e39028ee59373486d265e7ff1e0a2b
SHA1 40831b17941c19d8a60c9e34defae33547b26fdd
SHA256 733fcaef5c61be956be52596e713a7a08ac00769aace3c0ee759afc68dd9d8ca
SHA512 28bdaa59527b1d1b57d37bc7631cb4bb3449bdbb3cb1b6b4d5faf5eb7bb355cf5892af6ebe8171f5ed0b1077c1be4c162e5788fe0a69c1b70a8210a2467104bb

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 9d931bfc08eb8ce6669d232d853c7450
SHA1 1459e1eac02d72dc4d5451e60c8045ee28d012b8
SHA256 39907db660dca121171a0adf50fc555650b04848630e6214d9401338afe3a0f2
SHA512 51b100165a05f6e7021a5ced7a8924cba999acb9df9b1176bcca53c632bd1c13dcdfdd3f85528c60fe3f0c325b9489c4c164cf72a2b0a9f734fbdee902b7b135

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 ffd9118a3d7a03d95119fb5e667179b8
SHA1 38b6e7c3087d2f2d8452be18b7dfdd2cc769dfb4
SHA256 4be29c493b9ab9c4bbd69512b1ebe8a24af3ad6d19c92e3b17ac3db3f71370c5
SHA512 285d0d03a03f8cf696586c731fb4ec106c0ebbae7a21072bdea059add2165c86e399e7a178f81b4f9dfe1d6665d6fa92ca1ffefd9bee86b9855b6208a72bf537

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 ccc77ef49fb252d8f1d4d147ab9a9ac8
SHA1 d36e4ae86b360521c5458a40661b1568c44ea362
SHA256 ce35b74e282f1df9193035cd87380e48b723e805cf3361198c869903706bd989
SHA512 75121cbcadcaa5d257db0c4ff031af55199eab9edf9eb43f83837beb5e5eaef80734ee853675ca900c1ed6be173a9a9636c57d92c1df61a01416f80e3fa12dce

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 2e3d5eb879c906ecf0a97bcd23e7818c
SHA1 35438ecb01457c3e132ba2ce55c043d902aed691
SHA256 a7f8a55ba2c20903eb94f5134fb2e535fe8e01fd02823154f4b6cdefcaf464e9
SHA512 390c5ff4ee9da4d87c60b454709361573ebcffabb93946fb7f6f367fef51b3ada47ca43da0da825613154a796112d615bed7dfa21d184fca663fbaa6e22f0543

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 857d424f76881a2b19067c59af82d12b
SHA1 a95b9fed1b66a59ac9bc07be64ca7f1b8043a223
SHA256 722723a0812349371dda82ea9b109a6fdab9a7551b163f55b3cc070d0cfce804
SHA512 83f6141860b791d13fdfe91e22b9ba238dc60dcad8e76278bc6b6e231ddaf260cff484385e23969c4f3f580753c4311b1ecc9513dd9a41bc9dfab5ad65214372

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d64746601cddf9e49a8b21c65be20d88
SHA1 1b392f9cf39464135b900f38c7849d1913aad4a1
SHA256 2bfee87af0298442d53e2a5ca98bed4b2cf7558f69ed17b0c82c44fa293139f5
SHA512 abf216ea283b8831b327f6666adc6be4a420ed1c9378843b765d0b6e1c4ca8c0b54eaf7f0d2533bce45bbffab3a476fcc4985e7fb4bb0841d978754916392002

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 a920fddbc52e3ebc5f80f618a765ed28
SHA1 c024a68aba57b50b9b4a7d6c1413c4e5ff05575f
SHA256 ab27e52b49fd49b4221fb26d95703974bbb07583e24904dd0592449678b5cc12
SHA512 110c319788943db11e26d3f3b8c7cd25d1cfcac046f0ac5da44dc94f092e461eda794b36f887d44079ce30f81436b8ba8b60a1b61b996435ca4a7edb57009b8f

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 b66d8f2828bb1c2b0b8cb5c414752126
SHA1 96c185099e30a54ce8cf29bfed108f2ec93e048c
SHA256 e1e2041114e7c574bdfa5899ec9b6aa408ddaedff0a27cf9260b65235afb8e18
SHA512 86fd37ebc7cba04183fed62ed0fbb668fe503c2ef8a8ccaaea76ec55644317a69ce6ca182e8e33c2c871bfa6aaa326fcef1c706e2119400beaf7cf50af481a60

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 93582bf3d0531b791c55b869c9c9e9ae
SHA1 09a911ec71ee0fc60fec5017d772dbf1f4938140
SHA256 7972583bf06dacd3c67e1e29e0862b31286da79dfbcb5fc2b2861dc228d199fb
SHA512 5ec2cd871893903c53a664673293c35f901907f6067c4bed6417bcba6322b43c1df035a4b159c7dd3d9caa3353edea8f388933750c837311f8057e9cc9d04f57

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 9b3ee81a2a5a6089a56e103c98480c05
SHA1 640595783155de58f2f615dfd3aa7c6996209a4c
SHA256 95cd9970992d7a12bca6c932ab2da456369e6fa91f30ceca56b61965a74b3047
SHA512 671a388a3b6035ee502db4cdbe395e8f8749f402df5143a6ed2df0a703b96655e2d951eee58ccb43c8089ac9863c87437bd58f92cb2b12ef55ed1a4d4b0bcc66

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 df530de5cc197f9fe8a33ec30f49a793
SHA1 85e5bed85d56d5f7a8d8c0007a9aa4617313d74a
SHA256 c5a77b6c5e1db55a646f58853b11808418ef5a75a6b69c79667becfdd1beece2
SHA512 88bd1df0b1a97ed91e0a6a09c8c2d10f544697ba4c9280f348bad35dad6e886ac0896e5f9ad8e4f93d98e8d69e0e11622552ff9e2e8f4427d888a61184e88073

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 495d039ee409111a4c07048d6b4debbf
SHA1 b3d3ca137148f94af4a349e6c2ffb8392e7bc0ff
SHA256 fb0df4989a881bf245b835fd83aff19bd5e3b1c4228e50b0f8e4babdaa4bb222
SHA512 0a48e8b2fd6fec297a3f862d89ecb8e2160df7ce0eae6d9518a4898f07968122e0fbc9888c1a5a4bdf310007cb920531a185ed12cb05028aad770c94d94c9a05

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 7ca3f27d58599ce3c801852f66b09207
SHA1 7cc77c81d6c2b7c1e42de14695b8815154f11feb
SHA256 a1836e4c800a34ac3a5063ceaa4d4e73bd2bf2a9321a885df5ebe4749a0bd439
SHA512 48bb3aef28dd75643e3837f9c0927f6dcbc8af5f9aa1c4f893febb873c983d30352a24bbc3c3187b9cb3ba72f25c840a9ea9e9a41612c05f1086d646aeb1bf25

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 73d7be57ebc665cfd81b9abcaec63ab2
SHA1 d1e0728513da38bd2fcae19bb808f1ed70fe3233
SHA256 c659caa32bdcf01f37f368790000d28859e38c1849890c9e2109929d04ed5f02
SHA512 258dcc31acfcb735250520427576e99a290610722609377506bf3b8d34e25353dbfd7b904195d778f9db0d484d27df5103dd7f13345b17e8196cf7677b3c27e8

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b53f20361d54da9fd820df860185f92f
SHA1 8c012222adac8f904f7d3337e343bdbd24bbd4c2
SHA256 2fd3465276ae777a3a4702e47781e45b2346bf66b8cefcb946c897ed6e7ce3f8
SHA512 37ff5c8346a3a85830d221e805b9d127479292b69c22bd3731ae52e8d0ebec402ca096e7c65778c91f03caf4e9c8c22051780d991e404d4d17ef3960e05242c6

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 dc2d8e43d7738bcefc31ce9c8c0edb9a
SHA1 a1683339e91f82eed92ef8a4f0b806f1bbf61f73
SHA256 7d524c4e4e6716ffb8809d63e25678c50b66bd614e53cffe1d2f6e8c6a9e8030
SHA512 009c228ff533b7f01dc8fda8005835ee07051aceaae94063b4a73f9dffa7f7e49857ed24ddd40518dc32be029e9196891da4f385ed76dd1c9c137ff93e5a9363

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 5fd84380440a9f7931843c1176d770d6
SHA1 5edb02bcbd186df180914ccdc9636101b3f7877d
SHA256 ec773b90efa7ba28917a9cf1c53ad62e5df79a286305d079d9a5997090ab14a0
SHA512 29938e9637289a2a42e7ef2d364222e0cc0721a7a0b4dd990c95d5b35a889bf05b5006b175c8f9227b8ac3e0affc160cdb2fe13babb2888319d71277524b7f5a

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 a952f0002f0e71950b046734ae39db0d
SHA1 b1cc843a2d8087a52c69d5f994e3b9762197d9aa
SHA256 1c9c655630ea3a96d7db13c67cbcc1ae76a492de959e51a965020fde20076284
SHA512 f788c5e900a81140c710d18ab1d2b8f0b7a4725a1199408c69e99ba43d59ba11043bec721e200854e534f3add46bf888daa3c5dd6f3f7ede0f0a3f59a860793a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 e0674d83538f4401a8237467f627fc73
SHA1 b1fb6a2d74cdb2f7dfa5ae1e1305ade76fa3df91
SHA256 d39b4ef5eecdf6f1115d1dd3746c50587b3c732632864a1051721ef563288204
SHA512 12343a72d255cd1e5c37ee8f8a97e392e64ee093dd1b7232ad877b3778aa99494252e4040260ab2099c794c99165fdbb2a036fe89e2c89fe8c2de1758101e05e

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 8107a47358455eee2417262f1c5b4bfc
SHA1 56c9d0db9cb157090c79e9660cd1643d5fa25050
SHA256 0605cb4536e8c5d314c63d578a37b17d6417a738153be2ab041d67551b6692ce
SHA512 ea66a76b2a00a849d17266526c29d6b4a83a033493c169ac617f31d4e8c5c3b926d42500ae39a2e225b7919c246a961f707f3a1c1910253f24cff14aed6bcc8c

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 caa95fd8b26ce0711b2fd4a48bed8619
SHA1 5acce0f889394069e6cd22fdce28b77fa14aa1e6
SHA256 d5031c990d48600d949fc927ffa1e2a0fe1bbaf968c6a3a354fa0a85566ab20a
SHA512 a10b9d67c772adaffeca113a2ae50b1544c0af9ae842c41a0f69395abf9826f6e877e8afb20b36ded39084f66c30f30e481817f96d30cef10f4609d8d3bd15ca

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 16edf58c349d1d0f0ee569947692b99f
SHA1 362be8dd50a5d045360e7f2c5838d6f8eb4d5ae6
SHA256 4ffcade4c31bea03b79b523d5d0b40f79366eb26d51e8b57990a232c4a7069ea
SHA512 41fce321d38b69b34a39fb0ad16670d306dc4d97bf77bcb36347e84d28275799ec4f0ce91d3cb91f7d13f50ad3346cf755e4423aee4c3a0fbae5d5fb5e37d2b6

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 85dcd022a819cb7dcd55ddada26b07d2
SHA1 88cbdf43bd8d8edcf919676ec84ee41bfec053f2
SHA256 c063bfdf45ac950c54a703092c1be4bcdd14daf330d73fa76d1b633d093bd931
SHA512 54c893cdaaaad3e2e96d2a2c9d98900e55b2ec94619e5d5bedf397f8eb112a09d35faa9d0aae7c48410b4a353305e5eafc9d738d89db8dbfd2301796296b9dc8

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 50a1de221d7b046650a623facb6133f6
SHA1 5627199805b553989b0ce6d6ef9c5f29a89eac3c
SHA256 9a4d6d7e642e31b83355d2a8bfd0d358bc0bcfedaff31f989b52614209552543
SHA512 598b76cf10712bad89a4b339ede66ce94cb096d6b9d1f6e7c2d4e4fdad83e909ccbab8580bf14c50ad917cf49f5dba4689b38dedbccb4073cca8291083cd74d1

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 5fb71e92ce0c47992ada27f3c73b0346
SHA1 d847dcf0c47e11ff8d206e1bae67d4d9febb0239
SHA256 20222146148789cb786ccc5619e33a235e8df4641e592ba2077b3b11b8653612
SHA512 64844d5925c028786931b3229d41987091561506e9d93dc0864972d5c1d9f3cd5f124a818dfdb659b40ba68059afa6c8f6aa5d5d350d2664fd17ccafbb675406

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 1d2aff026b44be1c9305011c1f77a68e
SHA1 fe5ea91951bbec63f53d52a565a49a9de9edcb69
SHA256 3b8c1d9d3227a4413b470138aed19192596a7549f13ce7587b33f8af8278d101
SHA512 5c58c04f48df87dfd1822077b34d165f9ca24fa5c983a1300e853f62245be27bbcbba3bf904518c913da29220980663b84bf91ffe9851ed11101e3782e6f3e29

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e0bef5e1877ff57854fda608a154fca5
SHA1 13959620dfd89a44bbbe5e55e56c7741184169ca
SHA256 d48d1897bb77483b382f83efc6058c28693e6e53e67867dd6d252d44ef103d1c
SHA512 1f71985ae1242790f207a30adec77446f5d5304d3fe3809e91327274e8a71c84fd1b97dc9b6fd0b3d5305e09a4813a867e7c20a94efe71e761f862dd468b912d

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 d177239826525bb2e8ee564570d176dc
SHA1 e5405ab6c123d74ef89f0f98f70e0ff643e1ac12
SHA256 d5e1749166b2c320288fb54dda3367a86f335fd6a50ff3b1bdd231a42019ccfd
SHA512 9362e8dc28719fc6b23687e18ff792cd8acc6d3a277950dac4f65b6c83c2f72aa5f42ad9972073edbbec82bd9c8dd93c8a2733023676990c218ee787446520e0

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a69af9e8834b8100cf787a024fb290a6
SHA1 dd700bb41e7db600e5c44015557cc9db0e811ce6
SHA256 e33d7f39779e5212cddede3b905868795e31240331f664189087a11c75521167
SHA512 538faed5085f3ad5a32d971f43b9ae6b4d73a54615e8011756202bb8148d1e8b00afb9f5fc0015dc338879b5e4b2512a97bb0ec99b735e48b7c7a5f1ee541f11

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 bc6e56a36a119085db36ffc8b62b8b71
SHA1 c5e4ad07ccf8927924274b5a72aaec3be700138b
SHA256 c74f7914f3940c5cfb7ea7e56f2dcdf5083be3bcfbe75818d931b6e591ed1f91
SHA512 84746d0ecbb28af0fa8cc0574f6026a7cb69ff4d4a9d187f54a29361a80991dc2bd31d97b1db04698244c3d1fa31c42721ed1ae131b103214b876d3c2afb0c2c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 42ad1af3d668a7f9cd3077b5b66f3104
SHA1 2512cf16904e2c8335240a6a7f777c90266cf7e5
SHA256 d92b0690b7295e73650282bd34a655f8f79cdbbf5afba53a31a54aada39c7208
SHA512 e60834b6bbce86a418654021c57c1ffc30816c15eabe8d339189c8be3a36e02eb22898e7fb7d64502e00060cf278ade67f35bfae9b3d628256b13c7dc831f008

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 d9f404df0619e71ac1fe32dbf9694b2d
SHA1 5ed48eb67f5345e8ea5169d882b020b59871274e
SHA256 5318e4d1700f8f95c2eb6b370b364bffbccb0497d010023868c279c281f79614
SHA512 346fcbc42e61206e6187625a0c06cf8d82145bb851c8178d6b9b0ede51258dbd068a8bed86ebe432a0c35d3fb489a7eee7c7bc5a5149ae86f4dc5ae090003f8f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 9747f0d19793c34b73d795009901981b
SHA1 e2d6502f080562627878b7dd087d8d090ebfd88a
SHA256 d0d96ccbb6467e478cb43a0a256163cc60cfb83acd4c5a8d811ba6421457aaa4
SHA512 bbd552ddb8516c769e7e793067781eb4ae7e637a4b6d8a3537600d1bba6d8eb8f71d83e3213ba9db5c15ca251d49abe8f48a5c0f17a50272d920d81b16dcdeb2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 48644f1da89fc81a6bd64b6b2307116c
SHA1 0d5f645b073e5647cb775ae857c10eb7b81a1ecd
SHA256 79d45f93a5ce3d891e9f488c4a4338fa49b302e622d21b8170a7dbb0c65d7763
SHA512 3e103b675b7f5d02093e505adc5739f602c7d5a5951628171f8dfdb7cd8dd08a7226ea94b2b19d981d3c0fae312749ed737a5a8d04d2f024e391789cd8702de2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 1963f441b7fb93beb954c94eb41013bf
SHA1 50fb460e3eac03f9dfeaa78deddd0b815a20a8dd
SHA256 6505b778494525717bb0680406dfb613f7e21dbd7a2ea1517b3109299ff2a801
SHA512 4572f57ac0b1e0416ceadd17dda3d0f8267c4bf89108e0eaa5ba8eb1bc252feb09b40cadc8a05a51d7dbdb5b66b468430bd2a11260e9f36b531e480a5fac0f32

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 d553aee9642720214ab726c9843333ad
SHA1 e8fe93a5fd42d3efed3060309265982f10ed7aab
SHA256 8175f6e6c3bf7e39ef975daa5620351317ad6a1ba05928b097d96e8f11c5f4f6
SHA512 ad30567cdcf50edf10f8136ccffbd2cb2b0aa20c960df98c60e8b0e3593fe54e9267731960a716de249b6912e51ebc492c76c61ba13736a2bee8a0ee232e9263

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 9de46e20af93301c007f1aa843e5a980
SHA1 ba1a484783146d3d72aa8f5a7a1dcb9c3c669810
SHA256 be1389762db0c0db7127e933fee5dae094c2cec9c95306771290b1f8cd1dd052
SHA512 a306f3afdf32f22755a11992360bfcd1e079d1bd66ef6c1fba7a97380d8019d7be6baf5ce453d76b5b9b183521606606a2c80b3439b47c174297f5c16b9cafdd

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2382e85ec993d68a82e0ac727572f5ba
SHA1 a7385b9451f5a3a9d8a61dfc9b588e3b6ab3d791
SHA256 7b24f44ee32bb2b2a58c226a5d976ee549f68aad16430389c839dd7b58033d4e
SHA512 210cec24b2a277692aeb867ee50680488e75d0cb8a8e0d7b225cb1411e3b7f8adf6746a4ecf55515913b26bd7f14a1a4ea86f289c751db4dc0257af434d9a0b4

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e471cf35afb2639af99c318bdd36ff57
SHA1 a80695cf1b829cc44956326e9dc214e5e2e3522c
SHA256 02d32f4217f837f2a0d9cca63db42e5ce8b882f0eb248ab22159b722aeed25e3
SHA512 ab12ba6496e23d7c40352fd367ed4d661e18227f19cac17a311634fb35b576d7ff61f4643486aecdc32a724a58915f831ca9de58a1262a110e0cd601cf298539

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 a550c4592a681de0217e0b55f0de2487
SHA1 fd97ddbafda2e5855db85309bacf09950a4e9548
SHA256 c288ecd89640d1aaed1ce23f03b437aef4d84576279cf8ee936bdf5ba450c161
SHA512 6d11a53c191e4d5e801712dcbbb4fbe722603550d99987ee3c289912b7346995c84e0758520f88ae2750c42f5818f2f23abb13a2257aacf9b493d23dd18828bb

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 d889710e3718662daaa1554b0b08ba24
SHA1 28598c5bb7edb74d439f08ec5909d216b965b0ac
SHA256 17e4ea794b3114043a7f5ffb2cb1cd6753fd0e4296e96deefb3c97172a422654
SHA512 48ad0dd5c9190055c8451f912e40a666cf9e70d2fcd331bd3e1717a377a3893ba943323952bb6143b7ec73c02b6be849d9a0da588c868f9183ba9c739cde7878

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 31f30e3e8dd554d2716a105ebf0314a1
SHA1 0c0a14a7844df8e7dce97ddf27505eeccdb28e90
SHA256 2a80e5da3a9c0e8de4dfffd60915d270cce8205e20f35b95e3bf0da218c05e12
SHA512 542467f00508bef364d952ce362859e02f6ba6f86867c6b23641e96642d6fe4bef432a96b697f70647d6f445fe764f2a3ff33d40a5a51dfada9de82c4aa9761b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 cf19a1478b8faa0ebdbf1ee338bea04f
SHA1 d90475d829cd78b00bd5b393cf2b5e3307f3bced
SHA256 a5c369359c7802db4da13f52c4dd8fda202c4b9d020c2b188e54253a6674e195
SHA512 492fb483fcf286c50b7a6878377254bb21b21b69bf27bff507765f8f0f1c9a090028c49a3fd65d8471d9221ded168314745f44dcac802631d6e736677429117c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 52489e23dd21dc07a69b8dcb89a9b6c7
SHA1 6c8575485d61b6d39e83cba35a2ad5abfedfde0c
SHA256 5460287a4d66ba5a764547de643df72faa82cfad4a4e50aa7f2b5dd3e1099b91
SHA512 1caabd04ad061a0e4a1d6972169b1d177f3c0606356724be9c90a983f07ce894d6f2a2543e8c8943b342631bf80423f4ae55a3a4d6ac2d0c08e30507844ce843

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4bd478de548b81da2cf76ab330c1859a
SHA1 251356844e46d54b72168cf4bf61ce6180f24277
SHA256 d44be246aa962919034f1679b2ec0f0f82116c0bff22a9066f36b0d293c7aca4
SHA512 d6b972b9bd5ce9453deb0b45fc0c3ba679f4fbb966ceccdb012940e7c8c24b3ebcc900649037412240d2b0b121a82e3942ff36db45fc11fa126e9879f7047503

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 909d91b987d8bc68a23359d70d1dbab4
SHA1 d9bbeebdf5f1a459a1bbb89597a1e43e4b9454d1
SHA256 d6edee80a5299d06f735b93eda6088634776918b4000bf7782ed0eddd233d87b
SHA512 7c6292ef2e6445a1f84731cc99261fb923b5c87afaa9dbec07d8a3ade16a46ad64fca37428dc10910f46d96ce2ae86cf5e27386bf0a7cc3ef9718bed60366d55

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 1ab8a023af6abc6973d3fd348993974e
SHA1 1eb66a9eb81f5db46a75c03a56205a2ce2a7e4a0
SHA256 9552b714ed87c5ca05b7f30d369c3e50e302a5ec11ce159bf4a564557843d9d6
SHA512 9124ce33e792bb6d2eb5b05b6853e30845fa3356810fd27b96456410049467650bae6ef3f7122aebdb75f2b6c00f68d1bd19d4f8e1ce295413172ab1df9fa8d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 af753b1303fb78abaf1c93aef8b34b19
SHA1 345e545b7a6ce67bdb8706704cd3aa5db174b328
SHA256 b762cfae5fcb0944c6cb53dc126f0daae5353e51f740add24ee122d0d6dbfc41
SHA512 afb72d7c1e8d5a857a99e362dd0f7e022cecfc8199f0f7930d7c773ebadfc30027ef5d8d08f1d59bc227fdce0e9b92b84ea3d773ce8dac31777f4bdfb23ec771

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 c65566465b86b3071028adfbc716f13f
SHA1 189cfe2e34a0b9949d8540f802846ca4f7ff591f
SHA256 7d65f3d21e03789d76f2f961aeecc03920969343126860be882ce93e18db1cd9
SHA512 38aef6ecaa254bfd8fc34d9f347575cd0e1f3d6bd9966dc2b24a1a48dc9313c613caa65b1ff6e5c71789668f755b56ed9e6abaab433cf9356e698f979f0b9a3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 a1f1c4dbf644e221d323245d0b7a9d61
SHA1 feef889f4526a46bc51a726ad41ef3ada7a193d6
SHA256 6b25547720a1d5595181dadec5d60a527df52bcffceaab8f588676fcc767f7fa
SHA512 a5cfd8b2218e5f3c0469654fb767bcc5cc039ca5aa076c7f4f59add3d8ccec5f85ea2feb09209d7449800eea45f2402e91ef4d1c25b11fc18848487291fdf1a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b2d2565e74f0631500287a593540aadd
SHA1 f575ddd94344e6c2e639c50a7393228e74cd7eab
SHA256 f14b2bcb2a0edc5662d33ebd2f2d1cfcf17c8dbd4701acc73e72380b5ab6287c
SHA512 22f41aa50287dc89706a7c5ba0a6500f3ad7d1ce3428a1691313082cc47e62ab6dace68f85f014db1d49d67c76202852417841a3883710ed828f4ffb135d91d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 4ef3cfba4a4f045fc172b2f6c424e923
SHA1 8cf4970d566505a3606458a995f86d239ca1ad0d
SHA256 c6ffb3825d5f1e8bdae1d96c0ef1128ab96cfe26255c30a8b2a94757bdbee8f7
SHA512 f4e734526fdaf6074fccfa227e7c83a47cc8f3577f6c727c0a76c6c05f12675cc66137aa4b1668d63c7114f0b692a5c3e5fe78dc1dd6d5277d0feaf9f6eedaf8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 0acb18aa3ce91ae0f189954301c95cdb
SHA1 a6e2e35472e1e193815df93f9f05a0ce003b3720
SHA256 b5f31aab639bac9a97ae370aae8449fae69033de33878ddb401e1049c56ca8ef
SHA512 45fed336d41e9a3385137dbef19e3dfe0b51aa2455ab4241905a426c96085b310fa50d6cbf21973e44d6978ee799e0c028756c8257207b21a8da0beafaa525dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 cb7ef4645264b0c6807efddb737e36ac
SHA1 2940c0b020d46bcd69f8050b4ac2066cdabccb87
SHA256 076da3f589dd11d4a7639df049bc300ffd14d54be421c92801e551f958d4086b
SHA512 80df1a91b8c0da16670217d269e847a9dfc0d36acb8932d735aa0edeb7ebc111ec86bac67e08d1a1a3171bbba40d5676438b698df6e6c7f3b3b789669f4bb7a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 0bb53965b90fff7f2cdd5c392e324c1c
SHA1 79ad9d27d5076a5dc9f19c4d2ddc3598334ae94b
SHA256 3a289b2cfc28f5278724f65e584bff9aff16539f0ca125f965bcd2f09e244699
SHA512 46a667af1c9dbecb1a1d48b2eb2211cc688a93b559503c3c1879311d848c50965ebe97381354ea2997070fc6e33cdf7148ba566eb3b787e7d47be44b1f2be4f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 076cb14c3727c7903d4c011d73b0977a
SHA1 f714c971435df6af8ae16be5d5918ea6a1fa8513
SHA256 2b309ecbaa2d8a8a96500a2bc0968e5c3a8d3a0c8ea8556f8a7d152ddd356a0e
SHA512 965781329b956722656ff4539f64daaddc3682384646e395497ead1d90acb22dfb4b60d79849dc6b07ad18a9e6a2e28bf5ee537f95edef25d852d62f34b14f45

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 b08a6adc3f9e6eb53c6476dd3d95f20a
SHA1 b94788aeed293cfef20e0dfe0ebc24389835c1b7
SHA256 5d99e3a7ce733310131d330db8543634bb009b53c011746ce4bcd1a008dfa1e8
SHA512 4fb113b7b4c7bf7555438ef2ea991f77ffdaf57413aeb0ca59ccb4e4a33676126fb08f7984043a2453302b57e0da101326c7337344c4ef8a04c97af078c2d155

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 2d236d3b2e17c0ef608d8c789d2157bd
SHA1 532e224a0350a3acd624b76b2e6521636f6f05db
SHA256 015172fcbc0438688ffa356ff7b5e3e28d32208f5c54ede0852731724756e623
SHA512 fb4efad9347d36794bcd960c548311f26195bde468c6c931294b4e9ba2623364bfc15daf11bf52b4076555ec77743855ef5de4dd1ea75453af0879500ccd77a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a0079d43186d340db044bf83bf3ecf1d
SHA1 d97a3826d45ee79badb193e5787d3c7b797d3635
SHA256 e93bd0be32b7b2a79ad4280e8f61013507fad9974cbe1cea4989bafe01e24b7d
SHA512 dd5007ea57956ba6698c06b582d93840422402ad979c89264b3d81c53367ec243ab23517604ebe5866a17b94e9131ba261fa95b9a11fa027144725c485511f85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 e04b325710b0262114544f4fb97eb826
SHA1 a6018cbb57f02f2cbe851e057c545259b8e8f014
SHA256 c2179cd4462f15857d7609b964486293240dea89ac79beda8a3b02d4d7f3fac0
SHA512 181e607a727fba466dcf7d783681e8eecaeb026ed3fc0b6948ad2a1e3a63364db6f7a4000081aa6e0da5f05c992ad57653720574e94924c55c5be6959258c29f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4826ba8d594f69d07dde042bec9aa91d
SHA1 ffcd3c39dc5fe3888c3e741566a0e56fbfa0e4be
SHA256 18130ad7e8e835510f3905daf4ee432462e0bfe9ae6bc3cc6da38e68b999706c
SHA512 9b0e52db89af14bd2ff3b0e7214f6b988e2ff9c4c31a1724fe39c53925b06a225904ce2760c1a532aea0d8b3c2f297914badb0b8f509dd104a3e9b19cccd3201

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 08d0e3e279272ff7480fadc8f0395731
SHA1 561aeb3a2628c0cd170746e69f0beabfab8deac9
SHA256 ff2190bdffe983a9c84943f098bae2ae300ab223f66ca2d95b2157b5dabf2550
SHA512 f861ad8d42e60b9e276a63dc411a7726e9da1d16b7d286e2e90ff99cf5d9bb1bea7ea0d3219f1d8f38da0e8a672816e16c34f38d95d18fa1857d39463cafa7d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 df1da18c09354e0eb5f34db07ba96a92
SHA1 20a17d95780cb51829d89e3adc53bd338b4b1b82
SHA256 4f189586408770a1b1fd1d923b00518a39aa6c3e5ab486d95a9fb0e0a9de4aa8
SHA512 ae97e1fb3c03511d8b22dd1bd36ab01463f9999315d9d3af045d59e9940daa670ef6d2b613e5a59e9984e41bca8891de29c22dc6a047ece27f349f6619794310

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 8ed3406398968095983d3f4a46381220
SHA1 ae18c60d6258908ba5862c06c95499648dde0f00
SHA256 cf88816bd4d8cdadd6390725daa27c702697b018f02b4243fccf6b684b0005bf
SHA512 7c96b077340dd3ec8f03e599cb857c84829c752112b1131df574fdffc36b400791408f241c84299c2b28f4e237767011cba21f14feb07345f53c461fd089901f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 74cf8ab97644b6459a072676349971b7
SHA1 1b11aa7469b2500229da7186a2c9896eac05f0d6
SHA256 4a8874e0673483e8a710493f80d9ed4091044b73073045df2d9a754dd9456153
SHA512 c5ce2401efa0c41f7621af1e334721e72cc0af2dc8891d6ba1594c3e5daf4c3a2a793a4e5edddaba71d7cc8116eff16636a4cfe174e6aa4435663345a9a6abf0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 c802b515870be64a5f4d491a79f0961f
SHA1 53d9da6d069bbe130d2c60132a4de761d69b01aa
SHA256 12fbdc726c3f9961104895ef0cac90fe4cd8de7dbece871f5d4da64b7509f658
SHA512 2ea8b4704b90b2aa371ac85eee583490f1a2f15c383bd4a93b6adc0f18b050bcf1a05699c23672b23a35e9ee3c02b0f1fcaaad04dd258ec519ca07ae6196e2bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 db2e34c60f93ce38d50194ed0a898164
SHA1 fcb9ae61e1bb03c53f0da35f95c1d96b6b54e85c
SHA256 e0b6b7df6e714f65e4cdd58e85e2f4df1082b89e8ff30eb1a56f1a6e2cacfb02
SHA512 a72b8c6317ffefc13f34c151076ef9328277fd771e027cda18ef7d143bba6f61e0cca175badaa03fc308398e9edd893c9571d56e8be404081274f4edae683b89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 41da8487f402c16be9ebf9d18db79a70
SHA1 f66e80d0d3a929224244c1f2b18cb72ba72e35ed
SHA256 eacbe66e1114fb1ef0506a5d9b8a6c8982e9f1d614b9e652626e1120e5616c3c
SHA512 61d2cf178159ca469ec51a0b8763ca39fbd9932e07b62bc3f3bd28a270b3ba210c2a4a41ab927fee1705c0c51380f02559137ac34222d74bb07d648184a92349

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 200e4b20011b7f13ff334599da071492
SHA1 75ebed7e2916dd7756a61d8b69b9632c969a78c9
SHA256 fb19530ada5b32f0c2382c26ca4b9347e388706062d1d25abca51fd6fdd1fa6a
SHA512 94d09faae237deb193bf1c8dfba7720de4318d4324a5d1497db4c68d1000b231ec4f0214dc3364a4a06c985a56cf5381972c488f6f8e5a1ff6bd9da340d20c4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d31a35204046b0ab99a88c352acd2ba0
SHA1 b76d69d521038aede9db29228646ac5340f60a25
SHA256 c73bff4262bc791cfdd0669c1e5ec513eef8ee31eec67ee8b7c39cd8b523a4c7
SHA512 c55922324c770fca5a5ef39a6a238f28425df8e434747be8b796e3174a892713b8b28c6ffdbc317123fd08d3275d2b507cb679badc680d6d8e1d9673e9f3964a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 739fb74d170bf5e1fb9cd3960561dc12
SHA1 1e2ed9a3b4e1ef2116654d9378478c31c6304901
SHA256 d8fefd4449be36d26d728695ca4f2c0b54cbf30f02bf7288afe64a65cb8cdac6
SHA512 d480dddb3d3c99071f11c70841b38a0777fd2dc2b24980e3eb7399795d440184201596382d2462e33954fe33936f69122c216477594deb5977d3ab2e5fd524bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 2ca38cda234ec38e0c33d0f6ec53e723
SHA1 1cf3b67f64ac3c0d1346c5bb0fb71222100e40c0
SHA256 75dbfa8dd368cd912ba543745c5ab2b8e1ad20146196b3fd9d58faeeefbe6378
SHA512 41fd2a7134fa4d52d45f721422dadde18f47711745c7e383b9c3484664e31638560a5b77eb178ffbb9cca70588a40569fa2d7d08506aaa1ff096ae520b43cbf7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 a878d0df4e47d33be8283c1db3033eb6
SHA1 f18bdeb0ac49c66239f29b79ca8d8354464702ca
SHA256 e1b2efac570dcfbcd24571fd2245cf18c95b9a14668a7e8bedea840f1e81af90
SHA512 03ea3b71b281e02557ea9167032ec1ee3bd81dacc3ab04904973de253d331fb7bff2772a919852564b84721a4f85d3e62f52e94e64263906bb9950897346ed3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 227cce1fdeff8763710d6c9b9bb98c59
SHA1 f33cb765fc1c45f6a50b8038f2e234e232c53f71
SHA256 e549984a659d496d7ff54a39c55782fb078c7b77cd7c0edd9a52aee24beb481f
SHA512 775d367dddd28a9f02f0c839c438bf70294dd0e5d322a71f7c25d2725ca9c2af14b182efb0877b503ce0afa83cac6917d09077504c1285b0ba6fadfb6b060f45

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 0e90cbd3d4775a6372fe471cddc85ea0
SHA1 48d1099aa66215503c455a3369f009667a7879eb
SHA256 1b8a48708b6fe9dff21b798e1f39df785cb3e276de25b7ae50cffdc93897882d
SHA512 25468b747fafe26101d0561d5459688371dcb0e43c9513a25f937b06917cc4ea95a6b8588024bdd726737616b647529e5c6ba4474852566b69f4cbfbeac22a96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 81e25b24dcbfeb5e0ac85d862e6f238a
SHA1 9351cec1b187241de97f4de7f293e31c343d13fa
SHA256 85beefa0426fc2b85055d18debf2ab4d25d10077934379d9ccd9f9f082d3a496
SHA512 140348422305f888b6e76fe2f3cf94d1fa3a4c71796f140cff940ce14590a74556d32dc2fb983581c5cfc4592fc5ed79e9d55de0e2d91df791552669241fc54c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 a5af60688f3a6ee37e5b81f053bef1be
SHA1 393ce0a41e8950a50101de4622b5683360fd3a74
SHA256 f7f88f2de1817040fd5461d346042746aaea69053d63762410259d6bc4303263
SHA512 8db16bfa5dc8cb98c13e526d7e53bb07233200e316fc05c64a4885850730f2227bde98c66fe7e1ae02137335b2c31263d9c2f138d465c499df1ae3bb244b361b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 29db5a1c58d570bd09d7ec061712bc3b
SHA1 7ece029b0eb7a997b2cad6800056d5274e6f3987
SHA256 8841603eb5143c0588f41aa6b7247c52ffc7902bf061e1179d70aee152ecb63a
SHA512 a4d36ee6284b3edb32806ab309dd44cabaefefb23d8384159a8f3a8cbe444a921ba1d3746f0002b6c7c9c75eb84cde448ec007feadbea553bbc8b93178acc50d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 2caf3046e5d16c53c18cc2fb1f2f2580
SHA1 7716923f4b6fe1576672e8d184dbd12b1d45c968
SHA256 42542aac0c16463d68b1a923b9448ef2bb432f275857c3aa5a60bf9bacdab0d2
SHA512 a2b350bec3dcde978c00814e3a42f9d3e3f6bc11da927b35d3734e929b0a34298ec1f61fcbe1421659f8a3771182cb93f60498bc568c5f8481f4c94e6fddbc13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 4f877cb43f7ecdd6d1730abe338b7466
SHA1 d7cef676f6dcbb875f204062872ee48e40fa6d83
SHA256 615724b55c1c4eb5d10e5c24910096eed854160140d700ad4df81c7d30042290
SHA512 a3f72ef4500e5fdc1df5da8c019a6bf9e04e80aade78ebaf6b56eb229c373085c495b4bb16dc7f3ddcac94367c92e06bdb05b6ee76e90a2385b9cbb1991b1499

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0fc0df474f658fde07bfd39db88e0f7e
SHA1 d5723e23c0715f8790d749af475611398bffaa7d
SHA256 e22cc188a3389831ea89abd36f79d788b3a985b5ce739210c0aa4b204a737bcd
SHA512 66d7118df09edb52bda4bbec1ee5c43260f4ca335858441da07ffd11c3945e268f341cec2c0e3b7255fe3e5fee0bd69051b47f1702e418c83c7877c68d8b99bd

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 9f469ef98805e30dae5d2771ba0e007c
SHA1 71b632e7fcc81687e7b103376ccd4174d5ec5437
SHA256 2a5bd8653b0ffb4de5709ddc8587940aac0b74bfc69bcefbb943c68d7499faaf
SHA512 b0257aac5e9fface628eea672f9658cba61f3fae2a8e0c480d0ee527f042f9c6ddf0c083b486094e0d92333f43d9fde685de66aa7406d747d1d86d22052ce26c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753904038769.txt

MD5 6a3c39d96345d2a50891360e2b99580d
SHA1 248f2427dd53774564391d7e8bfa9686e4310dd4
SHA256 08ac476c1fe42471059f413b4624930c15657d328ad411eb72ff06fa7dc5a73a
SHA512 9b0d8c1f2e9f299042aeba45be6a4e35547d9f497e110cc3fa22b53694add631c3882aa7787240a4ea833f6872a513f3ebd6b00d14566ea6788bd0a6dc441f99

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754799667567.txt

MD5 c504c00ba74b68dddddad9248438226a
SHA1 63e95b8e4c7db834c5bdf9eaf10208fc7a7f3f23
SHA256 4f2b85a24539d5f570b4f68adabdfbf4756d7e53a55fa2b420216267def3b763
SHA512 c48fa6fc9dcfca5e8cdd33c7a9e9b2ff9c6df26e0cfc1ca5fbd8cabe903d4740130d63731983e51683cc8618d3d1325249e4ff19a2f339b46367ef9816af2f1b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761839928108.txt

MD5 711d3b65b34a7ff47764f440d818203f
SHA1 a73907abcbb9feff07eb4c0a11c4c7c857a2c352
SHA256 1f8ec97a5e16dace1459fdf1386a951ed5322fc1aa0adfd3f80bb1c73105ec6b
SHA512 560689c89f9606974610f7139117b910625d20a53ed0a23dc2069a8d730fd09cd67add2d33d5a1b67ec11e698474af96613dbe2d3dfaf48cd5527b351d4fd58d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764416908406.txt

MD5 63f73e4395093b513eb5ce0d16c351e7
SHA1 d9d9279b53e1b62d59cd38ee9b696234a4457270
SHA256 b82260e56efa7d25ed8ce211ebb00209ad7c2a91fe577a3f66b71aae9fd2d973
SHA512 2fdadd360671e3a53399e3aff65511b7b7b21667716e95eeb0a7539b7ecc3359b6b20ec054730739e624691ec2fe77b95b314ea2ae55277ffc0856e80bc1296a

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 46f4167f304fa1dc82b406d388494519
SHA1 a52c5b12a409b6cc86d42517901042eefed6dbed
SHA256 bd6387b6155f97727d67a338d136d010497e6222a8373944f3ac585a004f02c0
SHA512 5cf13ac3feec788b55932f1c3d480fcc3acfdfde89992dc9c16bf72c7a00b462c2ba2845dd1d3c456d3ab74f4d06ce0c0ec71bddd6335a3de088bac61ec50e27

C:\vcredist2010_x86.log.html

MD5 ddc54c50ba3a18182b1de5980f6a29cd
SHA1 4f01deb918eccaccda63bd33771c194596bdb3f5
SHA256 49ceec2a52d1ea5bb022d52c82310ea5d2b14ba95f329c153503af1c25bf6841
SHA512 555d611134be1c8f697f50ae3582e90103d235d4b55c0ffb2124905ed843ea802a0be2c48ad115303392e909fbbc6939d5ac40bc5cd6626ef7978033481a2a6e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 37f498676c6a5830cd2a7a6b874e3388
SHA1 534c0fd855646e28762d441a2b076d74588e4b31
SHA256 e166e07923b560cf12a18ada4884c601be22d6ac50b45562ddec8c49aef1ecf9
SHA512 c582a4f9817af8557c0b872496c4a6f0d75eb81f27e87fca60ff386509d4739184137afc7d734db0aa0903d62996a1462d191ac49e45c899cfae6ace056613ee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 9d288cca0f385a2b00bb62142e9cc9fd
SHA1 aa62a4f321db20948beb0f7115c2f8e1901765f1
SHA256 c06d368cee7b026853a434f63f176c89c5c634f19434bed823f69a1d58d555e8
SHA512 5ff0b30363ae21ab2c2b63b1d3647bc0421f54366a6b2ca5c00d44c26c374a057d7ce0a3ec4b81cc60dae5133cd786059419b315b5cb39b4ad00fc5bf4792159

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 e4843a44f83e0026e204d74d10bb2bdd
SHA1 d59b3e643020a73cee73db5ecd42a8ebdc5d7509
SHA256 6ce47d3e94002e3b7ba76d726ad40b01266cd58e36f189f354da881d3f243e0e
SHA512 15dafcf3b6a6739482d6c0b74c76b5988f04c868cc2b751434ea371022e08c1fb4a0cbf59f8fbca4e5747b6659158e9fc8066eeb58ee8fe11a3c9891695ebe7f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3b522aff0453d2fce672a6714c1c0440
SHA1 ad07a9893f8dc2c761292ad41215ae447f19b212
SHA256 400e23e961ea4571c1fbd51bc517a3e8246bc602c68c2e1fe1bc0058868c5fc3
SHA512 9fe24ecfb7112951d0e12298d5941e00ad163c91fb02da12306aacf1bc19ea17661c12ecb4e2bfd2f7398518df234b1825c2ae709c31adacf37e8f739276df16

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 fefc40f1eae2150d9d4c31e045d33ac7
SHA1 dd6534dc22c2a00b2cd30c91c7f2d5910979259b
SHA256 dea2b053d069259fa1c902e81d874a1328f0b71a3eca3cdff1e918e5e230e732
SHA512 a409a73e48150acb8058eee72746c6152a9a1deae21453d59b5c804001f86f46ccf29f62506b475ae842cc86b6055831ef4d23fa4a85086de76570f32ed8699b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5f9836e0e1cbb7c23ff76aebea3e269c
SHA1 f1d2dbf6838456850b468a8e57660919fcdbfee9
SHA256 f9a32a55c5181914c886640c3fca288d73b6de9af8b2ed87787c78c8fbce5b40
SHA512 f4357f87a2e8429e5edca1e90d6e90b2ce49aff6bb5214473a9a6161c043b8d56ca7f9fae87fbb36537f5e0f0106ca6111c839b66ad4af9eb5dcb24f669f20af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 62b85af76fe5be5b10e91254aa10ce44
SHA1 5d9715e9cd8af42fd9dde33ac71603daef1bec1a
SHA256 7cb808507fc5c57d70d9e16877b0ef8a6a225c74f12d12e7a7f28f61300c9a84
SHA512 a6c4db88d651941f0dccfcb0584ed57f9213ba791f5e12a33bc4a32353418bae96a927aa2930fd2c1712725f1a0039baec430021bd3ca23ea1addfb291710349

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ed3fac456cee619f72114a158de87768
SHA1 7038a013adfd7ca6ccfdf67015c6475d0e2b021c
SHA256 c60716866550fc745ef3994cfa0296775c73bcf3d1ee906b9db5b0cb592945e5
SHA512 3f710cc97e6fc598db05b83d2c4672bbe6b47a4d52583322cb4b716c3429fc2c353e7dccc9526908346954c51b5181cc271846df7a9641cc7406be594878d80a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 da239758272b0f80ebeb3b711a9e7894
SHA1 922fdcf9f1b6065e19f01ab0bdcd3d8b50fdbcf3
SHA256 a991608fb951c406b306c588b36ef2471807a1583188ae5cf4cecaa7291c0538
SHA512 20946e08e2e2bea2c215b50fcbfa2c16908657271a2eb28c6044555b58c02de0f1df6cf9cc3a1d379f6abe85b718cec99fea517ecf3d952312dd54a102f98ef4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 de61c7cb19551430f96b44a68dcb84c8
SHA1 8d2f830eec41fc384427f912717cd8d0b1b19696
SHA256 a7561377f6aba8245ae67cc2a4053d0915d3b3fddf3ff793e93e04f75c5ce115
SHA512 e296c4bd1ea4b45960fa60fc3014421ca11f0b468af0ac39ed76d0de922027a14b5cc669a41727ec0de1757d6cac04f9708902917b0fe0d6c0c03a554475b676

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 9fbeca767fdd21e3446427450ff7543e
SHA1 39c7ea4fa7b28ecc79978e31f7913f4a06749f09
SHA256 4b0b1050baaf025a9c8a7538ccee06dcc5664ab2c41b70ce70ae7652f5ebd28f
SHA512 37ed79ef26637d36625c155c94b0bb4d3fc551be19fa76cc2744916665fcad35bc228f5e2ff87687c547544667db7476a4e16392a9f707f1412d33b1f1aa3d37

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e697db535aee210f23f71ccfa0649534
SHA1 ded0891af9e3d696006390a635665a7384298f6a
SHA256 86533c5f7809f221f002bd6171015a67aab500ee3d59ee1c028d37218e139ee0
SHA512 4e1233f32ff8cbca15ba4a935c63e46cfdebf25b3c4679c7c2c77c390896cdb10ec28b741ed23f112ea5bb0017fe1f9d16da864bb19069f0567459c4b28e9c35

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ee39cf40a04af9283f9ecfa4191f9adb
SHA1 9f95040a2abd658ad2137f7d14d4cb2a61298e6b
SHA256 78cafe4f1b133e2b928e83068776cf53e0adefa48f60db37057f34f404b2a32c
SHA512 f9edd5fa42d40ab3998bc6f890de4b4c97dd11214a56ed917e8ed8b8403b2a3488eb05ec64d455f36bb40996ee6923bafc25a4828da3832b759009f118e3ca28

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 96d73302a943ad552023bee603f6993f
SHA1 7e6ee05199971d1ff1e2b9852337f062aad41464
SHA256 ae0eb8574f1812f88bdb4f605c59a468c10ac02a99e3b8a6211e6d963eed5370
SHA512 e2ba059072c261f830f373f9be8d557e7f8d26fa239080a5693af8bf0a76a94191f11dab7e1537d862bccb98862bbeb1a4a713631352d94c5aad7b0a658232ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 663329b16b807ebbc7a72ab2702996c5
SHA1 26614c1eae2d1e8513e7c138b508425856a6b15c
SHA256 74d01838656f6a234cd262732311d1cdc8da0c00eef03fcbade77ffae24f6e9a
SHA512 7ddc3d212130c174ee37ecf76bf79a81bff1aa7c6b85115f7e8b7059ef49a9e4a5e0a653aec3765e06ff33b7dc097e0a59b0e7ce4701b3503c87816d8b09e977

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e8c9dc262317caf74d77151464140fac
SHA1 f6e47a12b5b361ce1c428e9ca3d3d4e739fe905f
SHA256 24bb19fa05725e7f3b5da29a25d246cf67a3a4daf186783c9ac150cba7a02ac0
SHA512 e0d730ac32e33805326966b19d52d91c441c83dfaf91ea574d850c3692c4c9ed49b5ada60cc1b5700a0a63c475737f2eecad373edfaff249d601c150362cc025

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 cb956b9ccf3f2e9c34af448cd19a2b1d
SHA1 47f296582b54f9c1560722d1341e669a5fd83d0e
SHA256 5dbe40703936ee75c90befc94640f92f3e045f2795d1e045c17fa77219a3c00b
SHA512 c262cdfca5a865a3bc62124a5950faafaf701afe242774da50273c208412281d1da8b768221626e1374cdd36ea5054f19d855bdf05885c95337ab29084de2ec2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 7f0fd4e0e3c5752c434e15c28e14f22e
SHA1 7bd9b675b31d7b4927299d6bcd006e2130cb8b6a
SHA256 e446efd92ba653d579ce44fd4e2ab1287df4aff9cb71a30177d8253d28ee2fd0
SHA512 c8c63e3f0c6a55fedd47c3ae90e654c0b6c3decae106eedbe42f13306a3e27c9c882bcc5f0b4c42a0f56b977f058edb4737e251c50b94c019c55b1c42ad9a386

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 da80c4fcc9dbd6abbf5abbe017100f53
SHA1 5305a732e5221482f13fac928c00b9ba811486e4
SHA256 732aa2031d3948f1d04ced5241e8188932c15268f5428f24035dfcc9d1c7d202
SHA512 67d715344d0b2fb26ab586023b067731d6757b2ddd5a945c3af4939c43122cf842d24abddfbf658cea4f247bb59129d3955e9d5964709856cf6630badda09183

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 2ef97d6f27f181f2d4749350aeb4e62d
SHA1 aff1bf960ec358396f1adaf6f62c8fc9b5e29a5d
SHA256 664443edfef28eb1588e9146314cde6aa9b3ef12ac927e63fb609cbe1c4b30a1
SHA512 05de2898c44793bf125dba510de3a6183d3122b5134ec1de4465cdb375a4c4ffe073e8fecf5bbebde3f01ca62156ab8b8cfb895f8911339c43ae51dc8d79d3ce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 bbeed99a47f6e06a26567b08a8e03f36
SHA1 a057f6add5baf07450614e7f1e9445a4b6d2b3e4
SHA256 1069f6d47d800f2a04b820a17194cbb5ccb89063317b500495f939612754772a
SHA512 d62162ec980a3f2161ff385dff1fd695e35fde4cf5ab4a1ebd25e7119eb7dc6a7f09f83f80dba184b1744d58bf7a4982ffe6355fc24c48f044741718719f9518

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 56deeb003d42fe352ef855683c2581fe
SHA1 3efcc4ec687a80dce824ddafca9116e61f9b8105
SHA256 fa8a056c43f9c299995c6d6f47b39d3dbb8ee4be2c9c6a7ff2e43c2e20c9597a
SHA512 44082ad30cc91929e964ccbc90f2678fe2c52482742cc04bea78f4155227492f1914acc1f9693b36ff29a262dfc887342a1e55c87e2ea87dccfda1f09dc01e8e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 1c5d70db71c8a7f6d5ed524ba1864c93
SHA1 d15c26f825e262cfd505297af238b261b1e44cae
SHA256 b06c927fb093d8fb5c06cff6bc63f4f3a7182a94c10250faf0c77edd7d667e04
SHA512 1fb35509f29156cb97d32e90fef71cb9afa4c42ea59a1f6c98b0e9ea3abbcb17152d698dbdf3ceaa29c035a25f67770beed25555981ecf0264d63791e31701cf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 5987549ea5cc4db9f6c75182ec2f5e43
SHA1 ebf31f9b983f157a080409e0bb7b6b7013543b7c
SHA256 85b73d95500d3b467381998d63918d4a6879fc100b4182c5d329282cb8d8eae0
SHA512 388afce8da0a4e3b7ce8de9ee01e519aec91cdb4671ceaf156c6c2c87f12aa541fe025283e3e54fd22c6409808fb8df41f3c3a254a6ae6071098032de36bc927

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 c86ea9d7cf9a4e0aea9243a44db16e87
SHA1 608e14bc5f04d7fcda4ade2862900a01d103f7e0
SHA256 84157fc909f160ec9df1c9ac1c8a69a9825d72dd4d83a327eccd659e0dee1558
SHA512 383f4ab448b0700707af8eef63a3813d994f9060e644c85b54c2c6197d887ecf59b81a176c8645f6f2c3053513ca9a1006ea3166dabe75cc572810c76511ee5c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 c1af94c226374315b48b7ec5afb329f3
SHA1 3750fb531f18753edf38a7f478648a86e7f8ad7d
SHA256 32ae36b4f4c997cdee49ce03865e363b260ebb64775859a5eec84aea7eac5471
SHA512 60da2e1b159d3918f3da6084e86bab0be8bc30cb129f08dcd9f97f20a6030731d567e2a765833f71a31e497ffb4967f027d8519b41684d9702644b30a7844da8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 762309deb9e45b3592d198748ebfdc90
SHA1 e3b5602ee64f7ae19dd093b839661973645e1e04
SHA256 87f5bc3adfc940226fc44926d712f072ca0add2d907b99d2aa333e4b18804302
SHA512 e482bb74a1a504d44d2384b2f948d68a36d266c0b98ff70d369e09265ee9ed15bc516b3faa99a109a2e1174bfe6bac93a8e87edf9d95d343fea8d967597d163f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 fff757cea4c7b7a56fab271e3c73b1b0
SHA1 bfa2e01efd9d04afa9873f3dd3e8f86c62eea864
SHA256 e887f9174c6f028718d365750fe27360c28ca90a09f069797853ecdb6be154ea
SHA512 74ba27bebe580c75a1bcdc0ff83698a7c3ccb8d396665dfc651e22b520fdeee7b906913341eb6e347cbe1157003bed07b3e405fac9ec23c82bd6ab5362dd2b58

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 c98eb02b749216d165dfcbebafa08d34
SHA1 68ec1b7e6696a46c73ccdda1a7709dd8fa67d199
SHA256 214b23d6ffbb6e124c8fbb03ebda4e8c959dcd517367402127852e7da0b6c332
SHA512 c4ddb92e3e365c1d79c8e5203424f122ceb0303a8d2dc04e7d7220062e6bfd3afdf0b6ef8b15a7a25aebb8d2c3f68195f91892c74c5101339125ecb328ed10a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 e10bf13b7235904d9074a45161e37d83
SHA1 5ffb4d9387d5437021c7dee39e4829b70c6d1e88
SHA256 9a8e48efad0c13310bf545cdc3a3392946383d528715b5f7af728fd22fd489b6
SHA512 b0c4fe72c46e6c3532f6a2ebd884e01b733b6d5029562d4b436ed9a57326d5b151ab40fe4f91e24c7a7384c22758c2e40e8d41df2e9a95fa6bd916567991ec77

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 dbbf1803928f59a49d3e7c844e45559b
SHA1 8d687e9815d6028a396d92407ad41ec54d0082bc
SHA256 34abb6c3bfc178b2bf39ac87ab6a9ab1ca2d46360c1fa4ac9fabfabe3dace703
SHA512 70cbeb2a075e7930ab422c07cb0beb2374552ff05d93689e60522a5065d3d938a5c69e05add7d0d7ca0b77c04a95ac3e645a96d34b7dc2f04442973a6da3faa3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 47abb8b5a97b69a85ca5fe897bf3c9e0
SHA1 2cf9691deef9a0350f74cbd5a82eb570f60bb3b5
SHA256 3f3357ded0df3e75a07644117600b19a8955e65e3bc6d2519c5d13b316ecc70d
SHA512 df4209150e4fc9c3069da8b0015f75a869ccc2c8361cc124156edc5e84d3371b6abc64ea82b169964fc024b744dba4a0a8b649bd552b9b01492f224fcce63301

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 dc934036a752f9716c15191265452927
SHA1 6c7353059589a9b23db40a665ac0355790d3ec8e
SHA256 7713e1b4616814388a2593e6a9e5ba08415794e17b0c01aabe1aa629d9030ac4
SHA512 b3ea0bc763e42b08fa666e7e477ecd555855b9f8ac96912248747259a077268fd9bb134e3702df53a7023d797e4401354fa40d3cb94ddfaab6af232bf3d79c37

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d02bb6ada85fc0b6fcd1b03802b6c38b
SHA1 8067390664e54f41fc8bf294b801423ac91a10ff
SHA256 93b25d7240f36b9f16f014c6e96e64d47c5facbd0a592526fa4aaf79c0f582b7
SHA512 1a13d2500c130838f843c76c666624b39045df644f58e6fd1ffa5d2e7bbc2c8607f29157a092df861bd225ab58066df929462f651f7828706a912d8c9965fc6b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b6dc6ff236dd43e2c58a7aa8bc788c10
SHA1 737f54650271d4ade578278660b11abf72f7eb89
SHA256 14bf91d425bba5d21548706665625de5b9a74272b38c32d2100c10ad064e2141
SHA512 b71b0e7b84ca32349096c5c4e5ee1aa42579fbf93c25d3a0b8c0cd16e7d1201411ab66a3289d73c16ed15ab1ba69a33b0a82551c16a020e0ff21a804dea5b5c4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6fd0687d283eca78197015405094916e
SHA1 00a0b7d76764c1698f9ce2ebbe3a0dfdc99592f5
SHA256 6b4efa59add1944ff1aec52dacfcb4a480a02b62d368243b418923457ce74b8e
SHA512 be930530174efa64554c317d6781863424740ed9ce19a7bc95562e012cfceca166708ff7ca4be48f87f70467644ed76a7d5bcfc79afb090a4e0aa03e2dcc21ee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 80247684ea12a863b125a5f3f2a502cc
SHA1 cd9d68e32139b433b18d0ee6295afdebcd121120
SHA256 274a523b40026390c8c144ca00a30cd8410a6179ab349e09509e29ab69954f83
SHA512 3f0fcf888b2ff9b2aa8917bc9b40574c5b682f0c7340999197bc5f084340fde03929670ece4b45b2c0b2272b7bf271fcff68ea5d3ddc0d945fb502fb52e2b48d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 6f58d6c81228a9d3875e16312da359f6
SHA1 802841ce1b63a064ca67df18b6337ab16e289a4e
SHA256 ca5144321c29ed2077283ffa641e972542fb9d14e5a8ed3ce843ac7457fabeac
SHA512 06a2171cb73a766f4bd92272dd84405a2561b07fec021b2c2f2d7e3f1eb64326763ea607616bec24b3a69188f85511b6e8887a2d792a9fa1a054ac751ec4269c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c8db12eafb60586271b6cd2bf212e9d7
SHA1 d2301ea247bd90d35e59e03d8f36a5270216510d
SHA256 45d373ff515a980120d7360ff2dae4255f10d9fa53eb4495022b7567c3a21919
SHA512 7960f1a8bf966bfbe0d5ab63c0a9d0c6c51a1f229b5470b43fc30b8e6fb42dffb0e5dd1651c76666fab936f0b380ff6850278e2687dbf1615dddae7d4f3e40d1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 1999df41dd41a349032bddff7a7b69f3
SHA1 5098d7f3dac0490237fce9dfa4845273df549464
SHA256 4f44d2e3177331369b8d16795875230b325db118dc825f70243e44058f574bdb
SHA512 557f078374c5106fb27cff91418c73660f29298d5f3f9490a489695388b4e1e8c20c70e94ad2ddeffb75ad4083334fd9189930e564ce0e4c7cdb9d991395a718

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 abb9444922d9e39dcdcbf6e96051001f
SHA1 0b6f744a8015300fc8a1b07f108cea1418049e1d
SHA256 f524aaf8f8caada1e39c7f293bf06e89e919c5935baa4f99075eb0ea7393f96b
SHA512 cd2a5f549fe9561fa9bc1afa46fc4cd47340c5ebd08c3697f73de6473555390fc5f0e34b5fe591927bf5e555cb8a1af91a732d206467741310d1d35befb80cff

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 4a5c06de0fe3e70edc984de0533a9f97
SHA1 27f27c4fb726bc216ede925f7c094cf0b7f25c71
SHA256 50ad0570a61cf5af4c18f29a1144f03e5c5dc43eadd1cf29ef1ccb5a95e6b20d
SHA512 e5dcaf03b09bbd97dd9fc80536813075da91536852adae0a415b95aa29b716ebad2d428f711f060209d170c16fb1057248c57d654ed2747a67e92621be2f7bf1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4f4bc890b396fbd6b2412027adc2fe8b
SHA1 f07ee60e150473b75079c3cbc4fa0ba2b582bc3e
SHA256 7b828d781556c6159030701af67fa5d5abd8d0fa1f6199975d4c81ac4cb3beae
SHA512 d414df862d2ca5349ab66e2b232e7f3bc4bee46c851d215858a03ffe46da050e732ca045951ba30e1e015b8132c2ad36b4fa4d1af242692dc09c841944f57f7f

C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

MD5 01462f76bc2c9861329ef37d279baa6e
SHA1 a3de353b0f9684ec9ecc6b7f25d87546dfe4afe2
SHA256 7856473373861fd18cf060078163d0b51ca6614fe72cb490727bc3bf1e50cc66
SHA512 61f4dd5931f19a5b2b2485be065239e9f0b0f0d08b06bfe1e14b3a2512ee4473ca9fee2affeaa77248b06dfe410bb2432b60fdd6649579edfbc5d9e2fa888759

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 ff6d3f244ef98fc43315c348b6cee600
SHA1 ca2a7772acbca7c90068782681342b0d25804495
SHA256 7e68ea79d364d5ea83f249f8c7f55c768a20099a073349689477aa9773c3a05f
SHA512 f15f99ee2b9c02d9eded701696573f938e084555c9f27acc7231d78b6f8d64c16278218c62e3b0aeedf7eba4cde28e5f4d39b42c753a3c3df022ed475f9b3e9e

C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk

MD5 88b9a8f45baf8768fb1b875aadf43155
SHA1 c7e8a7f16757ff4f7b9b9af62e92e87ec128dc66
SHA256 75ec00cd9f7bff4f118f66d96d3b3314e3bc91f71e6129a79271e4f2fcf48727
SHA512 d0b2b29ec454162394bbdb75f711cd8f51e457cd6b3587c94d455e1542291449b4686b16986e670c1266d43d558024301d205bda558302511c5e5410018c3017

C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk

MD5 a670cb07e196a39aa7c933c917a73350
SHA1 1b2061624cd163f385f671cac16dfa4f002a3dbb
SHA256 e33b42009460c8a38ae20cd9f203bf5c95d31ffadda9a2ad43cc0628924a41f3
SHA512 d63ece5d161ae7b324d5207d00e6f8479ccf083f3e5101113c6e74c7d3047fce94b99814cde962a2970732fd4499b198303fda98e33a56a7d79763a1468e1e7d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55ca7cdc06f0f068e3c060f447602365
SHA1 05fc0cd8c8b1b8e4754d7e54cbb893122b8c36f9
SHA256 7f91dca3785450bceb41a10ddb968b78717d7d0170b5bffa76655049e62a9abd
SHA512 bbf3bd365dc05d698b10bd8e337378bd4fac199dfbf335454c3763898b2231760e029a7ddcbcba6c3d4fc06545a9874015aa6ca5cc73fcc0f39f0ba5269d80c7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 120cb34431ca56bca29bd73173afe5d6
SHA1 870f119828e340c186cbc35ad29b8a4130f10f6e
SHA256 63c2533b48d947708b28bb696d88a9c5ce3756dd18a8f8526aa083e7836bded3
SHA512 1a05de9238e930992eb85b2f35a8c825961214814c6dc0190271060c5130ec6d74a3c94c00fc918202b04adb7458573cce8bb31ce8738cbf285c85835664efac

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 d52b9ff7f391018919ce2b3cbbd8bc69
SHA1 c0eef5b6c9b0ae070ddf2e4b8d54a12a86c66fdf
SHA256 6b8616dfd910d2654fe66e544c696b391716317725db6f7b4b6f1c16cdde619d
SHA512 46d0d20c69472f2b94648d11523d9d8269ea7f12af753476fc1b84ad140cb74f4e35bf26b6abf61dbbee089f03a219684c15aacae176b1cf651f2a997a94bb20

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1_none_e3ab86b70c430b3c\Wordpad.lnk

MD5 265af51f771aa1d07f99a514396a1569
SHA1 39e376c3343dff0a948b650258e881ab246fe4ca
SHA256 4bce8b5efbe6ab79c273fbe4b8d9a3a3af6cf689c655edb6167eee33f74eb2e4
SHA512 f366f1fa30dcac4cf2485aa93bcb94c32bdb7e3f82e58790a32355874844b52bbd540ab3539b467b42da210d0fc44645b6c966d5682d4f007e31e149d8d6f139

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 0ecbd0b580bb05a766f0339c46241b4b
SHA1 5900cf3dbc49bc8aeaa1e316024b443741bfd917
SHA256 c6a9c7929a05fd7ab6eec0822c33eb45050e5ec183374f6eceb089da08e3664b
SHA512 305b5791ce53a712473be6957f46a86b19c48162609a214df22d35c6fef4b62b6323290d6e652c44942e312d6c67e4b0f10569cf2fe2eb90b0681b9418b3578e