Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-zahzvstcmq
Target 25072c88a3a9820ed4496db76b23554f_JaffaCakes118
SHA256 7a7ff70232ace931e089caa1a518439fb7d8c696f78ad962bb727d75ee4a0da9
Tags
discovery persistence ransomware spyware stealer xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a7ff70232ace931e089caa1a518439fb7d8c696f78ad962bb727d75ee4a0da9

Threat Level: Known bad

The file 25072c88a3a9820ed4496db76b23554f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer xorist

Detected Xorist Ransomware

Xorist family

Renames multiple (2200) files with added filename extension

Renames multiple (2221) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 20:30

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 20:30

Reported

2024-10-09 01:56

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe"

Signatures

Renames multiple (2200) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-white\AboutBoxLogo.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\reduced_mode-2x.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square44x44Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-2x.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\dash.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\RunningLate.scale-64.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\MediumGray.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\8px.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SplashWideTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-125.HCWhite.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\bun.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileMediumSquare.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8041_24x24x32.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg2_thumb.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\PaintSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\wide310x150logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\WDSC_Illustration_834x834.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\DisableAboutFlag.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\DropAccept.scale-300.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile310x150.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\System.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobe-light-contentview-template.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.1_none_484e61e96e69ac70\Wide310x150Logo.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\help.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\403-7.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square150x150Logo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars48.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\ContentPRV.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsLargeCloudIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare150x150.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\WpcBlockFrame.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\Assets\Splashscreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\KeyboardSystemToastIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\401-3.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-15.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square150x150Logo.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-125.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-t..nkrecognition.ja-jp_31bf3856ad364e35_10.0.19041.1_none_86616f88bbb9aa3e\ThirdPartyNotices.ja-jp.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartzoom_reset.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\security_watermark.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\Assets\Digimarc-Logo.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\TabletMode.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile44x44.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\PhishSiteEdge.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\logo.contrast-black.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Notify Messaging.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\perftools\images\i_usermark.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\500-18.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\BreadcrumbScrollRight.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft.powershell.pester_31bf3856ad364e35_10.0.19041.1_none_9478227a478f23d5\CHANGELOG.md C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CENTEURO.TXT C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\cssfileicon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\CellularToast.scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\UKRAINE.TXT C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\MediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.19041.1_none_d910ec4e86b0552b\WideLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobezdp-main.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\AppListIcon.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square71x71Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-100.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\nointernet.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf\ = "XVFHASZDBSERGJE" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe,0" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 55aa628a07550ac99de252ab78306f61
SHA1 1fef9dc3f77821bf750bce42ffb1f6c892f74572
SHA256 839eb695666f96062e1ded9d6f1c97056f6fb6dd78d8f265e437c48e9d0675ca
SHA512 2e1e0fc7de510c92aefa23840cfe5e5e14fb98e597aa626cbb2f3034294d54d6cdde51dc0bf5a76dc3d40da70a5ac3f774f0db9e450c17d1b416607795643715

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ccc131df801bf333f5f4631dbe8c3a3b
SHA1 d67636f233ee97de1c623fe9fdc4d3f632b359fb
SHA256 b01caf04c1a14f7cdad47c89be51759d2eaa555bac81c7007cf1c80a5b6a00de
SHA512 51ebe09bd96918e0eab0414d42f2940d718a539d16b7e68d97689ac22bcce8247ccf1983ebe74152cc9ebccbb69a379f24205cd718022987960fe75ebb28352f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 606a9b0efa7483827aa01bf177d8024f
SHA1 23409f7dc3ff12450ccddd323b24d34f59018ab5
SHA256 d14d88923a7580ad2440d18c67b32da74e89a39ef2b122db5313d955c9d67184
SHA512 d0a8380f0979e74d15c0186687c21702574f374f9d20c0b2abec6e446dcb0056462379d55528d450a2890c7eb6161c460956d9da561c5dd4950c6dbdc25b2a82

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 1ff199367da573ed4c6fb38d411d4625
SHA1 175576ec8932f994855c3df81f1874ceec6fa524
SHA256 f2797bbb7dc2650fc16f937023ce495578aa70c5ab68592abe5adb9687498a95
SHA512 2b41287eb2f0b7928ea3fdd92dde78016197184e61e3d8ec5a615510160a7ee49d4e4b4bbcc4888301fde17eceaca974c653a34897608e357dbe357c81c35b6a

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 1d5dd1ee79629a666740b06eb392b122
SHA1 5b701557cbcda222fc0b469ab575494554296186
SHA256 61e5bb49108bb3f31c81d5f413fbddab29ccc1f68850a258340458b779e42632
SHA512 d1abb407ab94d831623a869df1cbb7ab4d486d712c4a1f8960c161e192eaf5a8a5390150391c60b90a10dad8a41a93580473d043677da49c8107e8a6bc4adf52

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 0f3e38e7bb6e9873204d78d0cba2c294
SHA1 17a4a8ff31c323dc9afe0f13238761493ff59805
SHA256 5bd8cf5e03f994185e859ec2cbb7f39690da5ae5ef2937edafb0db11b603055e
SHA512 0b12ba91cd6954b03f31b4d899f4080ecaa70cf764df172de2491c81cac008f8131a3dce0dca00e13c61c8632f312bcb700b315a0d6ebaf98bfc7f0c901020cf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 8cb56e534426d743785c75e9b7ded477
SHA1 c7cc01ea8138b000b24edfc12d005df276542ed0
SHA256 f83c90c6102a31d93f5dafb902c2cde7637076c423d7158bacf3c64ca562bc19
SHA512 3bfb8abd1d0b5288a1965a0fb66e56235b8938022066e31e387502b5dbe0998785dfc1f87852eeb24ee8dc125b6ff54052698afad7e7342e7501bb2db002a249

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 092a3c49101095e6c52115dd39a8bd43
SHA1 fd8dfe31a379ab8137d5e64efff24fb49c6e3a84
SHA256 ac93f3ce1dcbd52142e1d58fdc2712fcdb52ef5f6a1bf6c4ad9b8809b574d49e
SHA512 ed65c3005983b1675be441df63ce0a794bf1e423857566ede5c7cf1309883e189f654be61162a7310985cb261db77a8c84b8e826d436cad664cbba6dab7c354b

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 1d3ea72f5c89f31ed6d545ec0fb8149a
SHA1 7737c42dcf375af7247f42bda6f41426d4b7a60c
SHA256 a2ff5afd90a9dc932d186ba8d7f6b037c838915a5bb0769d1cfe2fea45618e47
SHA512 9d4c6a4384a88fceec4a535ec90f8b8978d88408158b76920b63d15e81da10f13f341a8d96cd2bdeca3839ba788abc7eea5606bb52c134bf01ca4a176d3082d8

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 02fe66af1fd5081c8111aad6cfba8b9a
SHA1 afcf728f7ec60aa1b073acb96dfd5ed9f043e139
SHA256 11430b383ffb1965c337ef6c9f501c771292296f2747dc1c50c2d454c206a909
SHA512 b51400465aaccec8d4ec8a54a9d9c00f7e6bd662a98a209f3f5f598e7d7fd20ad0004208d85d57533b6c4d49b2d53de0c687a5afcd2ef2e33c185a0f1eb5d537

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 505adea0fc0f9dc905c73392d3487407
SHA1 c9f3663a3254906da05ffe74780abf426a14cc0f
SHA256 fbc25d29cb3337f01d5aa95d823ebd938be15c742ddda6df3eb2ae137b4eb653
SHA512 dd8a0c143885168508fcb5820da19347700d261dd68ecc7607754a1a722460ba8834242f0b0cf3d9966e0bd67c19cfcb6e07df0030036b6d8afe8809f0a7752d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e105d8c6fcca0d7607bbfdae2353e3e0
SHA1 0b0366bff376cd8a1f0fd66df40185af890eed7e
SHA256 70912e5c9de8b95104a6996aa414ce6297f2812a67e061e59ac47d8174f0c356
SHA512 7193654d46936f31e803aef590725439fdc85a5e82b9908fbf0d5aa77d9555677031c3237d537c5246519baff18434383792ba3065cfd2746867f1b57e4a35eb

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 8692c7cd9a2a275a03e828fdfb3dfe7f
SHA1 738fc3d66289c0c895ef7eecea4667fe83f8f2c2
SHA256 aa17965450d2b3f7a14e7892c8605d9cfc4e1c9b9a731b6403412ace5f7705a5
SHA512 b44e68b73ff221e032e9747d811c9f72664aac14ea80c8525a1cf5e33fffc4a298bb02e48f0d53ad4518581edcb60fbd1e34fe421d9178e8b62af8140d5f2e41

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 afd643ede863e443551b9e51fb32c08e
SHA1 9b9bd692c60adbbf678e839b4228fa23f538e6d8
SHA256 03a165b58f028756c91f5d6d6e5fbec0351e334f86340df20a110ffeeeb888a0
SHA512 acde75dc1599c5f43216e216a0938bce57d3d071e46f469af6bffe034be4dc90a61b4f759545d7d32c296d869f072c77e9f761a829c7e9221eb11e5bc976b44e

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 2840444241b0332ad43e75bb6f2b7019
SHA1 21c370e2384c82a6e46d610160b4b9b07cdc6cfa
SHA256 d97034af58899df0b5b3ede888cea3916bbcd8cc4a1fb9711864220408202b1f
SHA512 fd453cd56585d8fa62f39f38fe2ac05e79433d03032b588f2798ba2275fce45080685da7583e17b0826ee3925891bf9e45bcb74e4d87416462061078d238642e

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 eeff7b6e1340b5613daecc32af93503d
SHA1 9558d97ea55d57a3985752acbc77e631a80bff29
SHA256 028ef2ace8db6cc8339e17533b8a5519a168861ce49a6088e16f519cf1a7126d
SHA512 faecab64911f2a26bb4ed4176b95ee5e7215a8a22326ced4119c78f93dd7e4e91d1d2cbe8ba0a3a84b4ac609022031640286809aeee4011e7e7b9ac4694ada22

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9da3aa4058cc1dc56ffc6af5f07cea0e
SHA1 a70aed13d90f8f8b3938228765e9f627abacfded
SHA256 95b67c666cd48f5a26ab9df197fdac44c8ec115608491187a2c22f365db6e383
SHA512 1e28fa62cf0d2c105f848f1ace72acf3f60eecda9259cc80b8ecdbbd0a567979a5e6519512858f6e3b8ba08163623347ffdfdf9617aec80c76293ecd6dedf14c

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 62c61a86e3796ba2af1162f7a6fface1
SHA1 7352ffcb0f598fa2e12cf6c40e6cf00897dd9e09
SHA256 032b25690199953de2211996641e05ddfd11f5dd0020cfac3bc5d1b7a83b6234
SHA512 905b0e630f00b415fdb0f3d541a34cb0525b272a94a2012b9abc989cde10e0e89ee6fd0e8cf00106dd74c1190f1bc3d18628ea60fce42fd7ad4463b362d6f7e2

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 8919e5f4beb4e3f60d2c3b3d1fa95179
SHA1 58c51940ebd93d6a44ca87e9c4dbbe67f979fedf
SHA256 f8ca68ff5d7b6b269fc11f6af160e0a1677ce27fc0662a3629f283c0cd0231cf
SHA512 e8831184a49b10e9ca4eb115dc79901f21e99b0c32e5b606532056b82b8bfe8525849d7a6130cbd5308706e4b23c5a55aebd1fe0cfdb92b8e64b59003b96b4c2

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 bd406600677e518dacf0c17ed3c21354
SHA1 e0b3dfcdc03480cebb31df0d283ddc4af0a076e8
SHA256 d0e073e13c7e3d3ea03ee4d15aa7b2aa7e541ce96ee332b7cb7191095e10ebc1
SHA512 891c8ba636885d8f714d1526a43fb20f27516ea92efd2510e52454b3d42cb4d562daa226fb8416147aec5a99f12be255f2f68a68506b255cc39f7b8453afdce3

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 40e89ec454f1e5bdfe66a174035f5dc1
SHA1 f56956d550a785d24a69ae8aac53b83773d283f5
SHA256 196b82b5cbbc8df67da126ac9c2d729b6630cfe38e5a76033f1af5e2aa625f3f
SHA512 0a9ccc6c89c6227f10be753ab42473e8d8225f7979c1cb01c8c74fdf860ac68090db2f9320d0f5dc2d645645daa5246802c6757351395ca80ffa7bec1f91ae85

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2e2f5f69f8bcf5bc6ec96c80fb49ed96
SHA1 9cbb60718d244142d77bc013c688d995f2649194
SHA256 6713a43e31e29051aa3f76ad293c7baadca0c7b0b32d68f76a81b1e4d094f532
SHA512 3e548606d03d922a6b17c54baf8f6f919ac29d78d5351e80a7f4ef1fe22469bbd126e7141028c6a70e96708a6ba8af40e52e25752e03601b0a36a2916c7cab66

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 09b1cfd58c7d2d64e932a7ccad1f6d83
SHA1 8bbf995aadd8ee9fe961822b097875ac1dfbaa5a
SHA256 a65f0f03041d43bd0f41125162668cbaf7c29c020917617c415326618c989f00
SHA512 4232f2d60750d0ab6766a0d567bbd633816356e0076b5d8e52f07975685e90d54a510d33e74562d65d85c390d03ef3aad9dc84b56a83a7397429490927f1af4f

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 eab1433ed69b23510cf7dae18e523fd8
SHA1 9c279eddafc07d194b2dd48243240a4c4d083f6a
SHA256 edcea884d8f052048789dfe893045bb6a81b592bc9a5438f6eb54fcec0b2d59b
SHA512 282ad7cdf1d90362edd67042134f6f1ef4e90e0ca7e2e1da26fc3c1856229831e58c6d3cc0cb32e64e6fe2767cc26a53123a23b2f88d422e5fb2c12f4063f6b1

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 435de340e5e08087324e7d971738e37d
SHA1 3f56dc7297a504efe3779a054c59174451d1e783
SHA256 c3348f1ec3b4ad916737ff9033ee2b12bd3925281a499b22ea24469a03fe97a0
SHA512 8baa9ac6ed9cf233db51afebbcbb78d006ec0624c45d8ab42975888f4b84f93a69ad7323e4a5fd2a6dcda5302834b2c2d2d061ad557aa33fac6387eef93418f3

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 bfe811ed0633ac71213aa886fa170358
SHA1 14c2c1975a89c1e49e474b1ddb89ab3348d34767
SHA256 0860cb662b7eb7f44b2e175c4224409364ac6a368cc3eeae1253440db7c85296
SHA512 45c93f3efd7c87fcd686d27aea9a7c7144c53d4f15e24e01ab3cb4aba0f598d609e757980e8fa6b03f440a6699e5b3a850af4b56854500a2c3e3d194cfd51cbc

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5e9ce88e91a1a10bee6bbfbe8e2cfd09
SHA1 108e0c2d29ff69e3d56d412e224a4a9afacf07bc
SHA256 790c3e13c11ff53e975144cfb7688aad3a4b0e055d9c0e804358da4263624388
SHA512 f34b6f48965b46e374c06350a02e5c0399fc6d2724afb40a97c09b474c354c38cf8dfd56a309ee2ab5041edefd5c44f9ebd3aa8788f2a29372d5d623f6898680

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 2a557d0c8cd66eecbf1ff1c2f18371d7
SHA1 a34add0beae4259b2346bb05a9563d134770fed8
SHA256 db94fdfb72b03d3f7561c1fc696177c7fca41b8712999a613cde61490c85cdc3
SHA512 3ff00a444dae0dd97214b52f8fc64a84854366dfcd25ea5359387ce65f4c8c69c34c411cf783fd48e57854f88c37cc9bc5531341345cb2dc32d49c0600e1ab30

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 25aa5e12a3d0a7cb56e3d4a768f5d7ac
SHA1 ad64ef46452e3b086fa2b3404c93f14122089035
SHA256 c30150a8c27dcc63e06e7678800d2f583246ca9293bf83ee6bb4d69845a529f7
SHA512 f53c8d667a362c75116d5d9181260d346016f6091f8c2dcfe8affb8d37bbb2b2f583a9518ba3dd8e1a0ca527f04c0e60a81a538c21f2b3f44e0b36329d61af7e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 77595ca1f3d8fa44453936759ba9610c
SHA1 1a506afd095685613e6965dd29b183b837816cc1
SHA256 e81e94aabe5f91822f20a303c14f77a751381aa8430d12a23f135bcbc2250516
SHA512 444051ac4d8672f1b846cc0bcb4d718dac620b76239d5b8e2f6fa6c1dbb4cceb0d76b567b91d48e50ab7e368f1c565d06c1aff92fa4bbdb051115cd399e259d2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c5be1db86faf3bc48aa760671f9621c2
SHA1 29ea39a3cac4e2e8b2d5152d0ab0df47c0a95137
SHA256 1c563e89afedbcb5b23fb63070c6037dad690ca92e3641be60570167593d671c
SHA512 0a883f64d065f241d7a08d22d13faec918b3911e55801d550b3ebd859ecc56a104180cd3a2e3e4c621c54e3e6c16abb5f5c9ef79c8f384b49c43fc125ea49e00

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 d0bb369031fab801ab26ff0f11a8297f
SHA1 4135d6ac3bc8dc27105828e8bc830b417439a66a
SHA256 c657c1fd07c1eb2a0633d9d4e0fd516740bfd74effd8b984152158ba0534ba95
SHA512 f9e0c5ec407f6168a9bb981c6ec8073165abdc5b1d8c41cbd719187889d165cf0e8fd894861040913286eb38eb44fe51585aa508d1380aaee50b3b7bc5272e30

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 4ee0902e8dfe0592c1743c81062ee045
SHA1 4090d2ed7ed7e0938a9d63a1c34def54d14e7096
SHA256 c2260974e4935d3ce7e179687d57354aeca90218d93691be034a07f472a325f7
SHA512 0d5c99ff635b66b5cf2208831c74c2472aab5283acd96bf439bb0b7426e73203a12cad192e05e1d51a6cd048a223956f92715eef878a83d683b65499f54c6793

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 b821e714ec5fda174bb7ac4bc3ea7c7e
SHA1 9148c3b3153e33b57a6927074c4016fd6925d5a2
SHA256 7a485cbd2cab9158dca010a33e1870226f6f66288f3b560f2815237669b344e7
SHA512 0fb43bacaa5e23b9841777cece5c6212615705e165c8820b356ddd80033aa90445eab6df1a8ee384bea2ffdada3d553c6b1faed3ab4b819b9f7f5beb2276fff6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 8323076034a6c39be754accdd29db225
SHA1 b1c79b06398ebd3f3a368de9a868d798a749c4e2
SHA256 f01cecba4a8650f1955c628d2046fb6ea7effdae3f36918efa74a8fe3afa0f1b
SHA512 73e159772a8aa8115c9a517a195c25be021ed9816c51add53177a3190ebbe8f3f6d50a6056d9f952e3303bd98c124ca8ee9317d8a3d1478630f2c6ae03253616

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 04f1945661dc0ee496e662edd1d29767
SHA1 95ffb948f39f82b1ef8783912ac68479f2794d47
SHA256 9384c98aa0cc31e9bd147eb6741d5835e1bc091928a4de941fb90021fa10594c
SHA512 ce37c4b00153c7180dd44d51b93033f1c58688cb8e041391ce647615a0c85d7fae91fb8d73d8a6a03fcd25a247c1650e168c932c577cf2aa3980d61b2faf7cf5

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 8ad8677eb2d463a35404b78b09ef29dc
SHA1 68b1866091160a115816a0c8f8dcf00a42873b39
SHA256 7b41fec8f5e6fde11fd6cc4273e999c1ce05678d17c063539c5d20630e1a9294
SHA512 abfaa8e052446e584eba684bee7194aecffe60167c6b1a57129ade452a661f410f8e949508576341150326c747720e653205431af6d449f29852114f4808ff3f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 3e86e7411fec3fb4a8f368aed909465d
SHA1 29c59443bd71eddff6d6f7a6bdcceea18cd458fa
SHA256 c91c3db5afbd2a06b3eb237f1f5d1c4b3f6a4330046b60c3409a12141ac4f596
SHA512 f543e250c3b9fd154e729d74946836b6f77aecd4f659d51514e6553f18fc39cdba2bb7d05e47e820eb3b9d99ca8e07b117c88cd8fabdc1b2ed8b414586b9d566

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c75d94410ca0a147bf5ae73d6b903d9a
SHA1 9e1f350e3b428d56a208c526adfe4e35b413a0c4
SHA256 5e6a350266eb893a91482bbfc7a261dc36cf50db0b0d06c2d43f11169038a07c
SHA512 3cf023f09776aa2f2a193752210292a171ed081cfa4639cbc70ad06c3e2b21a8b5d2d1daf1d6794d27c13e5ba4d0a6837e0da8e2c2d8a1d2256320dad0386c60

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 0a87b5ccedcc9443cfff5d9c6ac52282
SHA1 b2cf1689933b2ef7203bea5c9db6ac4f32ec2a35
SHA256 bf5236fd6867592aeb60f283ddfd830370e158834e8ab20a79fd4b26fa2ed268
SHA512 8f5a01308907a1426cc3781cd28cc367881aea5886e8b40edb1e3e24902ae938d14f0410166b87e8af8f319a33a4c5bc8750ff73b6540945b0e850eb53e5fd43

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b547dff1ef5a7c8a4c2b658fc4cccd2d
SHA1 5b9769712afa778ff98c6ec62a62dc44221c9a91
SHA256 5b9958fcbdc147012b5d49325b2c5730d8b5055781ec17803e464214ec312d99
SHA512 eafefed7fc72ab6d3979e724744901a3bf580135373215ef1be6a72e5bfa5d049993ac3b671f12512d0a657ae6d59410a685fcf9d03248998e4053454c7b754c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a98c73e4c9e878596bdeb25faa120223
SHA1 33929f10a9acc5a3dbae7a91fd5920de8d3c2f1b
SHA256 ffa4f1627a1c414dd58aa08587f370041e770ba41eb4216dcac8449b570e5361
SHA512 5c9fd68abcfe6b9704431db624c9bd4d52f35de609bde56b91e07524e5dea76572fdf5d38bb6fa50d0a63ec6df922c9e0e142c3e5fdf97aece05fe9c8c58ad58

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c145018c6b47e995bd0329d13cc581a5
SHA1 7d30d0e6b989af49b06d1e02482ab38e8bf72ee5
SHA256 27c69d2bda0a20559f4e4182b4468f3b406faea809c934832f844866568510d2
SHA512 71deb1e7bd4e3a6f7066399c896d6bf76e3204dd83bd50c6ca9005bb27f150983d66e9021a12f616f2b9960dc5d6f0659791f2b189fe928532828931010b85ae

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 78df9646789b40c521e0c3b0d64a58e2
SHA1 24564d5aac92d3e840331ef612a7f7c8ac2eda13
SHA256 b5b1633b23d3be604c534960b0fb55bc21bb94329628e2a230ec10a21f6c0e03
SHA512 16a4e0373ec2512b5d1267d0b5a08640bef358ccaa686916f7efdbdb5a17fa3c8cc10cfbcd072f482c4b458cbd827f2631589901776aedee207c3e08fa96d48b

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 fa50f1f6862281fe8c6875f9bbe00930
SHA1 40bba308bd4765d6ada23577225f08184f0e3a88
SHA256 c4e9d86b08143c78a1f085df7182cc200e7eecbdd5dc8a77e67d698897211522
SHA512 48597ce1f02cda0f0231f132de6f5ed02358e36e9c3af058f347dacd76c0a1d94ee2c5ed606ec4eb6dc358145d53e876b8694fc68029331b2f64ad5d3bc53396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 7fa55c0668e355fcb0eec02e69a17f01
SHA1 198e71453b9667c8d5cae1999bc61c064038a1e6
SHA256 b84a61a07f00a52f711774eafd82f7db6a38930ade257ef5d28acef7ef9e89f3
SHA512 563835679590c8f5605489677fa3fb7b0b2710804e0235a82c1d56f7cc74a6705439f6d3f8a9b1703435e08806353f882bfbacc7521229ddd3ec7b482c8ff390

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 495288751e1f8e25b57e8b0ff1d9b5b7
SHA1 8f5e765c500e572065b6f5c140c0d7b26e635016
SHA256 bee7df88cbe8658229940347df80f1c3853ee68185ca8615d6c4aeb9910fee39
SHA512 281cd5765874dabefe6f8a6a9bd56127b40dc96d3883a5573c11e215ec1693b668cc8d26ad506acf0f82ba694b119d7be0e7a279cedb5751ef867cbb5856af6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 c23adf92555876d41c9eb2064a615935
SHA1 cadfa67645d43c1c6d898a126a872e83375767c2
SHA256 2acaf4dddf489e0fc82cc5d34892bca9a7d727874c4e337fccff2e8883c5cfea
SHA512 6238124a2d899a2c4b3c4a47929f83a01e82f7456776ce9a95573b2c7043efbbd7654ae33c81db33e47418a2fa8cf0e8d0a07347739e769a57603fa999fde75a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ee344a341bb1a28a2e94753eee0495b2
SHA1 c39204fb4b8edb2e15fad45c3e81a3385078a6c1
SHA256 7fd80cca1af347d35b8d85aa672dbc6dc834a05f8386efbbc6093ef8017813d9
SHA512 68001334ad10a2d5ce6d73a88072d28b4d90fc68041fcb3e2fc6c10e108e756ba846d9a968e97f856c640f720ce97c87d3a7bc0049ec0868c8011a3dd85279ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 b1409feaf6fcba2c82da216f177168a3
SHA1 0bea360c4232deb10b87dcf4b2e9194662d94e5e
SHA256 2dd5560b29c1132d5caa3060f1161c3b2e9aa8edad30cd62dba977f07c14a563
SHA512 74cda09005a9ab20ae63db82811bc597042542609006ba096fd582738444cadafc9c27ab8663f84d191913e5f6bc4bcb8d3ac513d9a80fad4dc75f74cdeaf2cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 2f86b962eca754437620b7b0abec9b94
SHA1 1c9d1edb8951db9e270bcfcd32c19e8f24c71cc4
SHA256 18c96c939c6cfb8e755c0cb980017f22c355d5b3e55b83c66e66443e345f16b6
SHA512 74beb85128608416eff1b997adfcac264290cacc5c45831fc068fe04167112a6290f67be724ab17b56474edd881301863567a46f4e26a8e8bb97ea478571defd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 cf373ca4a3037cd536cf5658d1c552fc
SHA1 4981eca43b578c7d5db1c119e1721dac3661e912
SHA256 19b22c610d241adceee994a68de83945f66d25af34330eacff4d72c2ebeb2dc0
SHA512 6e60e52f49718149fb9f9debb50d616bc433a7ac6c7647eaa1c688da02aa366f762ffb6b0013f4856314971ca4e4e0f3079fb39c20cbc4a3ec83cca8bcb154d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 d389e519510e020f11cd0ac610088655
SHA1 ecec25e87f50a9d2becc5815560d16346514d728
SHA256 7ae4503f1ad27a5a3520a8adf748c690205c9f6d67b459fa163c0aaaee977221
SHA512 f583176a0480239ea7c3bbf288cc45f3efd4d461f4701e6a24ec81ca80908701859dcf222a277a9c76a133c6bbb9143f170b414890afe1833e3ab4baee5f7967

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 a049792af483880a85d012b4a22ca473
SHA1 a50e4268fd92579828595567d673c83c301b5839
SHA256 f9514ccdcd2b5483a3e3d787e966f83ed9cc5d8de287e4d574f4d323be7bf076
SHA512 de77c0b79eec0c41e2401fef3e6570056a144e5ef724059a2bfb482db81dbc21c3ded98109949f6700ed231646ee65f39d2928fee66af2d64df05c738c032662

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 dba444841ed6d644e707927b40648cf7
SHA1 19a3ff05ab839dc3be79f01fcc6ea581c05142de
SHA256 5f1c3bfaa9e0eba7f6f4ae45d5d0f1cd7f63a043541b7c562b7dfb902ca4f309
SHA512 65bcfe971341d19b32dd47479d0a7875d1e050bebd931da5d421aebcbcae6c54998f6ecc39dc51a53874598be71ab1b46aa65b620f4b34957ac660ff759d7b63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 35f201e651baa8aaf2605edf362871ad
SHA1 582785dc1e78a1e42f06576d12dc416396dbb9fc
SHA256 9189baff99e7acca6879bd5c2798d0af06c8fa0393a6cff21a0a63ef369c132d
SHA512 5894160e7f28a025bbbb6ecbcaa1a31e613138531beb84f09ca686e95fe28e7d0053b7c310061abaa90b24a6c0282cb27c9076813ac73aab2f2c7b34d2d2a012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 41fa14768424d85a993d675f12eab25e
SHA1 c3f04f0558b6827e4218ac151512ed9f77e880ae
SHA256 97dc66cde818562dc12e6acd9e4f70f47356df2da914e3cbb24cf4860debb3f5
SHA512 792c93855d222ec4c3af906e9cac549d625c5cda11e9a42da68ae895d285ee7e402b2e4410adbfc9abd5563b5fa2e58fe5eab24ff98ec9f79a9e9f7be987881c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 93741d612d9358917ac0c339e5917bc0
SHA1 da8c8bf2d2094e1ba1bdd1fa5042b9dcf5f67b9a
SHA256 982beb9780e9ea5faa9a0c1ad05e9eedb02ba084aaefaf8a2bdb2b660d1f98a7
SHA512 59aae67327742d89f4141014c3820e6b2d304d379a16df6e8ec5c437d49c2e268d502e73ab703e178a56b900598ad4b126507803792965e73477a431bcd0dfd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 cb6736f2eaafca94a115efa39931a7fa
SHA1 03e16fa7454d33200f9646bc8d4c043b93739983
SHA256 31e0b145ae48dd35a2a2bb7dabc41fcfc674daabda30e0017992e7de87a88873
SHA512 39a8ad1b007fabc193064a3fb01a5209f86448d0837864644f1b94a4cfb75a7fa85bdcee36b6ca0f38ba30b9d3511e9339822baae5a8032d29c87e67f544d85e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 6c38ac8cc032bc5a762117d7e7a91d93
SHA1 3beaef356a126d1d77ca332bfd76253e5445a120
SHA256 4c486b9d6b4c6e7d660e0ab6cb8c917a91fa6412bfc3b7c443478cf2ce2f76e5
SHA512 873ba49e053cc911e1c4eb2d29db51086d33f59a17f2ffeda31488e415a323ea7ba6172d853f8882073a2d38dbae529500c297f7b7f8557d5e6aa0ae8f61d681

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 141ddb1ad6cf0eca0e32330e910230ba
SHA1 61af7c22c2370654be117600116e84bf1468acd9
SHA256 82943d06f8fa17c1003aee7e51c98d473a80420507d8357b6663caec0c026497
SHA512 ab09cdf39df45cdbbc99ef5b1f938a9983e35e4d06abce5914db44ed3365be7b97b965b1f28a487ee1adbaf210e9322d63fac12df29bb8880dc95fdf491c3f81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 66de01f3e224236c8797e5b1bfadf6a3
SHA1 99f9a1ec9561f149dfdf0f5de704e1b1573b8600
SHA256 139adde9de9f6b39d99a07621e8087888e3eaee11fa76f3c81783b03f6d716bc
SHA512 43a84a1489f7a099e79df719213df112f30d8a098f002262df77136b609bc4f5060ece3c357a0bcae5af96a7ba85687c3063de182d5622906f7c80e56fb825c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 e092b4deeea4f501b6b704a253ed581a
SHA1 69c8f1cce68c983ae7ce5c2a993f8d5a26cef6e6
SHA256 4a978508aca13ae4068fd77c868e4bd4ceb007deada1cd29f1137dd88b01e13e
SHA512 d0e7fb1670a88220b4d5f930a765772f57d799f18e415f64d76849b291f7f152b6e65a48d8716a72ba949def739256771f2c8923220fce2485eac82b6125dadb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 9f46178a0e5c10e32d0a01a3f51740b4
SHA1 a9ef4a8c5536fb9f185815dde3e02ee01171070f
SHA256 38a773e21db00421417b127682786c6abbd3bfa05dbcfca2b9ecca439307d852
SHA512 b605e0d887762697f4b1dd2f6cb6c22d8733aaf76f3899e1432339029db786f748dd30a0835e5e48c7d87337f4ed94b54cf4eb2151e659bdd3f31df1473c010c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 e44aa0b0782f339204670c4011498d23
SHA1 85118f637146829636cda66da59560c85a69b937
SHA256 5dba50102405b5c790bc8e91700f9ab1b2092f19e05f999f1de7adee676bf2a7
SHA512 63e126c1649f3e2bbd398b00eb4e95c78be081f4870a3ac17a5eb1cdb490f81945c19a7c2cb954af2b9419fd00818de5aee7e2b65b79120c146b2207586671e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 3ec8da1c05771a5fa4c4f8510503a72b
SHA1 34894bd79ac9d0341831c9b98e7b618685c8848b
SHA256 ea128a41027a42837945c216a684954a065c2f3f9ddcaaeb6a730353387c96aa
SHA512 6b1489cee0f776fcd1401c475abd3624a150b5a13d664e304c22bf091379df43ca54f69e4660d7b43e78ad550957947123ebdc9a2b4b8e0fdc28483180b8e7dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 a8d5f5947f2dbd432a8988a915d1dbf3
SHA1 4846b4f25b4bcef01b1c8f42de49a166b11eb782
SHA256 e7ee334dbf15bfbf47aa6245b99a1e11941cd004164624406b06ab1a970c480f
SHA512 5893ad83f0bac754a9fb6e9b7b1550cbe74e977dd6e63e316c480417bc61e4d589c10fa91d6acf0973c67b4b5b8a4e63eba434bf6223e45403f544cea2e57dbc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 6e1138004cf1b5a92e0743b79237b559
SHA1 c1c15458bb3c7af9901c817ad971a707c62fca7c
SHA256 eb2a01935ef06d1ae72961ab8e44e7168d4b9793d057c85f4a5fdbf9fad06fe3
SHA512 4de56629201d2e3384b2ff552ca58d16dc33464bb3095233b4a511657de60ed935d080935b206933fd27e611d6c3cf76ac2514a42645c58e029b2e96e5954d43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 f771b02dc59d12b2bd07dfd1c3d90f84
SHA1 4282ee42def1bd0233005275a87d13e70bceb923
SHA256 9357f904e12c1c29aef7db544dce1bddd292dbc8601a87c9a11c0dacda2233da
SHA512 e4ec0667d81b6c21c2e90d3b78e7c6493805bf45e354195fd41b2b93482d47de08e9b7f89dc3ad2a8e41d0d42142d9545a2e47c948b7b40439b52a7da72bac7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 29a1f149f7d0a07ee1a96987d66b19ce
SHA1 2092ea0584da6290c0637ffd9782bc45984f9db8
SHA256 c0241b7eb39915fd54844ae540b3b08ebd0a159af21be2665ef7ef344aa28e88
SHA512 ca052bae54f1604ae228b7bd84590edaf12a1fc43215408a1f9d7ea94844f2e8f5e0c7c129d0c08542ce4750fd122dd9e01bb73aa2f3602045b7789d81167b2e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 47d17ff720b62872dc9dcb89f2119f06
SHA1 d27b6c9ce125ab10fe715895e165fa4afa5043b8
SHA256 1feeed0c60adf748c763ef4225da570afa2befb28b4b93b7d7491973f8f1a300
SHA512 05daf1b0ca3485e97e40914d9589a0847f40c7b26b1900ed13154ab7c87cfd1b3c6b144a87e6928d04fbee4e251d3c5cb387b7c85b709ad3ceac23a7b8b4e338

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 9aa144f6723f5debc69334a7452c38ed
SHA1 0ab93856c23e1dd326a13ac9d40dc4952078238f
SHA256 42b334b32cd22caee7cfff4934689ae8db5c12b36deaea8dd409f8ac36b99df0
SHA512 0110e25f0f86f142c54509258a42c496d37661cdb902d3b1337f4c1c28869661bd8b063e2a11c377e082fa853335e51a85abc70f91aed7f7583c4df0aa2deacd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c9e834a2b891c427fd6b06e2c31bd324
SHA1 d4cf76c7d531bf529517248f7d8e521687c43e2d
SHA256 c28298ddfcae07ccc6fb033a43f74bbe8b047c8d429d5ebfe6be6f07f284030a
SHA512 40a8b39e88bef2373f7388d62e12d5cc8510246ff88c1a6b0205132101c98fddd0b178b8cb00bac4040640baa3c044f2458bc7663e3d2ed4d277dd2e69e96596

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 b49ead4ef7fcd48f7859291c3cece8e4
SHA1 7fe6ae243cc4ec72a6179d339796dc25eb685427
SHA256 c33456296b75d7c4e87801f81205bdc3498405de266dd7dd4433f5d9f5913d74
SHA512 4a67aabcc7ddb5dcd14a076ac8d6c6208bf881682de73652bc81070dcddd0d634d17c17ee9b3bbe59a84d5c5013ea784ecc91e33d907cdd3279b93d298caf7dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 56f62e2cb16a8fd31385d7c383b9e3c6
SHA1 ecdce79b4f9f3a177bdadb5b7223a3cce696e24d
SHA256 5e91bd053b7f83499e064949b8c4ff2f49d5ef4d6a446a1911143b19142105cc
SHA512 e8655a7ad4cedfe2930cc312ee50e7a3bb9d729212f1f6e18f064599594389e14449a97be5d774032f2b15d956cf2917a32fbc4e519e0b47727f48240ae75a8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 b4fb91cd86d284240cc0fcbf22480158
SHA1 dd3d53a14312f08a912b61fd135564d7cc2bdd84
SHA256 1ce17ed0478298f3fe72ce2f02495e08420403eead00c2de999e0fa4e80beaed
SHA512 ac389228e820a051587573d6dd8441cc2a6f63e465c8a1ae0bc8221ca7b1620861b6f113f2ff10a3de9ec6f572cd240ab89210759c1f859f9fc15f5a9b425822

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9b6d9d21c6287ec7a8efd4a4bb863be5
SHA1 0c0e02cca8b4df635f048b7997cf7ddfcb287c47
SHA256 e7a05746f140ec3da2dfbe53f983f8de093089961a19431403a93aeba618bc28
SHA512 28e0d1fd26269100f040f460bcc0a056a1021ccbf2ab5b1816239c3140404e1243904e8afbe5e520fe2020af40ffca9e72c6fb251212d89a6244ab39fae6d7e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f9b0181bd8ccc0cf5536163670c55913
SHA1 542f14e68071eff88ddfc9a504a03494ce7ffea0
SHA256 ed8339834a0e332d2acebd44069017a961a317bd4751f5c3d6e63cb2165e8051
SHA512 eb2163a4379c363b617b9b3307d04e3cc9ae198b2dada8db7014541f82c75ccff26a2bbefb0dcec1799a0c16bce1001642a5a91f2fc6b31d4fc75f30664bf1d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 56633bfbf611061058ef4a6f0d7ce8b4
SHA1 9892ccd118d38e3db3ec12571960e309c1fd8962
SHA256 823e4ff6d47f1458f89279f98bbaca4f6b2daf8d43ae6fa359560bcb030ed6e1
SHA512 59221a2bb4a5f9c7aa4b26057d33383020e6d1ec7f0a57b7918eabdf6004d060dd14ec97a5ea1a7fecf15ea9970b73490af22cdeef2c34035b577d97b7fb1ca3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 339406a8805d3201ef492d3d1ddeff90
SHA1 54fa18879eaeb40080902ecb13d06bff22c02313
SHA256 91029186180c0becffb8487ab0fc0156fbc3fb451b7f845947595f4794205fcc
SHA512 5e5a87d24ab3195465fa234a6ac29cd9ca28a60c9ecd65b5a016bc1891207abf10f3fa772ddc211747ec1a4de2d34702ee5bc2ea68b2666af43b8cd89aad12fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 930bb880c04de5cf3b513466f48ef2a4
SHA1 8cfe0984ffcd8cc46246908bfa2568b9cfb8f5eb
SHA256 7217a9537b03399140b3251513cc870a92e6ad5a486a54b4819cfbb69a8857d9
SHA512 51896348fdd4bcf8336ce30ca922618e303e296b762efbf7501c752fe85f6bc3102165ad3526612f084b910a373d10d9145b25081ad644c7a975170e3f6f3e46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 fe5ce1bcbb8bd188664d3a27c28ba088
SHA1 43fe1d3e6a9ae5657ba068d311571b0687773ef9
SHA256 6629e0720f36cdfb2b8aeb94bb3ede6fbb75a9fe24b4ef6f682965cfb589a208
SHA512 e8422ddf27ae73f41092d252dcd13a566179e9b02cd3c57bafe63c8d60830f40b23aff89d5693670e4d0121632e023f3df352e634d9c01f371fd49cff5c65bb4

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 36cb1452952f0715f3f012fb9660c763
SHA1 6823862aedc0881b7913a9d8610fdda2ed28d3bf
SHA256 def1b3e66a59256026c89967e34cdfb869b642b58601e3fabafb8b220d6b29ea
SHA512 05dfa480d16234ec0aab8cce7d44be4f2cdfcc884c0663401bec5240b6cf50f4e889ef3fc750395d619bf3d7247eeadacff6b8496e7e378d83e22fdbbdae5fa2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 19882e5bfa66c6352d2bd7c7bb46b054
SHA1 c8492886ead1d27ef7be076a89513b60e9871487
SHA256 42ee4d7caa435c66473761c499fac03586c9eea20a0f24fa5a7b1fa671ace4e9
SHA512 d9c939c0f74bf2ec3567631128e065b2333a781e66816b1318e19bba9a3a0ad5935ccc3f5887244e7454a950336ccf2bf6f7bd08ba97212b3971ad7e24e8a556

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 4ed40eebf8e740aa89aa218ea3d9b243
SHA1 b33e37b7aeee2b9668cac89be6aaca2ab458c43d
SHA256 fe7c76bb3c97bb65affe6da46fef2b7141c837b60935b3acbddf6ea7b12eb4e3
SHA512 e8a75b9bc3f1164a9421d73645bf5d7e535ec315eca724b37dc92597e6e9c5dbbee471a8386b35095c8a40d21673a0f8c0f9c0d4a54d2ecedd8e5f30b8d48170

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 5788088f276855b8a07b66fec65f4737
SHA1 6c99af9520a297446106f1019bad8a50010a7c9a
SHA256 d3eea70c50a40048b8f3990d389a31c7e4195257b1f7c10813d4de936a8520a6
SHA512 49ea5d86dab9c025e239ac912642ac9af6e7a11159b5ada37964e9d6c72a5899f0c87b044a61d86247ffa52c6f98045e19005a1e6529c7a5aca727c98feddc6c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 911f70282ac1e69b5c9522bba2643fd1
SHA1 5edec6b585fc5e8d9d0e6a3701fdaf70090188bc
SHA256 facdb761cbf5a1c46b9fb37168ff523424b410c4ae051809bb2f5d5145bcdfe0
SHA512 b6ca5c2fcb7e888cd6168827fdb36bfa6286b03fb0976cc283ab46d118082256db96e75c9126f571956b0eb18b171aca0f5d79bc316c245ce4047c6a7760d728

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 931b5a3f8cf61515219431347c07ad77
SHA1 b649cebf796669ee9d39652b3c4c7b0f1b3e304e
SHA256 123f3335e52d9aba2fea1f981b993352fab05e1beedd5ee8e2f8a8d648294daf
SHA512 250dae98790e1392207afbe6f7e4b462c0ff1c9048289e5637cc24fe58949bdd9b6393c34b10c52800c14dcfa67b93afab22c09f550421303705cd692f30a379

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 1bc0708738f800231c2f2fb48b3b9509
SHA1 0b59fff429f22e8cf7f885b327e48041281b20d7
SHA256 78b881ba9e3b61685fe049e795f829792e9debb549c3ece91a2d1296f9fd71e9
SHA512 a727108ce70a2cb117ffad9815a14a5ab0aaba637ab7cc1969c8d20abc721710fe1948ebf2c6d594a706436fbf58e933702b40a1f26c2c34fb3a94b9b24efdea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7c9bf5da1c349c270c334f553e9f59dc
SHA1 470555da3fc3b416035a9ea6e76309cffe700603
SHA256 5e8b1ace18acc03e54ce8d7950c1063ea0cd962d8a879cd69b16a0b49880d800
SHA512 4590553d7cb465f7a6b0151ba8c073aaf99b63d3e311a5be5987c682bddd58a6f253149c0f5943dd78a282bafae429b3b3247052c3fa7ff0f0d0158df4aeb187

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a020bb28bd35fb03f367946b4faef444
SHA1 d28c059f65960f8a812f08906bb1b75662317004
SHA256 6e657a8dcb8338a48860a04a7bac4f5fda6f4cb67fc7765032bbf394d40c95ff
SHA512 8f1865a86250c2de1dd6959e61d23fc5904167d97648aca558d755ed93f13124b5a05c2679382106bf986452e3c78704540b511a37985b6cc0d5973c022be5f2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 36a3f40b0a1dd2196f4acf3deab70a24
SHA1 afcf55ce3ebe2ef39efa816bce8bb2b7b4ac7ff2
SHA256 54f57a6d0b84f50b0985689a39aa5957d05b95024fbd052ded5985d4d3de8ca7
SHA512 e78e7108673257c829bb92896cdde4c5ce1dd34543c725cae3009c794078023e0f8eda84ae6d6265af5304b012b5b820febeefd4dd81800ecf8862f11820f644

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 86e6c0fe465279f0aed32810180900f0
SHA1 701b620cfe8fe50b41901b2bac427c4fa2780816
SHA256 7f6edeee0bf26373516d03c513dc5d474cb0609f70d375a431b9bc43659f1993
SHA512 0d43ca0f4eaed9a122f31147f48be2ff5012751725f699e5a05d45e8389ed8bd387a9b6b1c38e263b93fa7d33da56c9d2b1620a998fb6e563fb4779d5cc8bcdd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 60a572ad1bde9f702c5e3c9335ab09e3
SHA1 5f7e8383a934762316d1d41888b3a7394c4dd085
SHA256 448e5d4a8adbf750840b3ac9858369583f0b4f3cdf0ba41a8fbdcd16ff3d97a9
SHA512 d8630e023068e0f277187f70fd1446cfd9244a5e49e3268b9037966411cb451b49e3cf9dafbe363456af1f9a604cc311ab2298736558315a589e8ada2c65f6f3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e7c9c85f5f4d62c65c31acf49842320d
SHA1 4307d892d4255939a79ec70865e8d4230ea6e9d4
SHA256 8e12cd0290d025231f50646753ffbcb2a436691ca3ded8550cce1ee781e46cc2
SHA512 2086dee0ce633ac79bf4e8cf8fafb750f1f119f4f24635bd30475b3bb581ff5f84c28991d9da97edc1299c7cd186732f5a09ca757c148596115da0f9062dc85a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 773d07547f47e381629d2c3a41b6947d
SHA1 0f36939f18bb6c3b85dac66027e84ea9e6828a38
SHA256 38ed93714e8b54c12ad02210bf47a15a88d70c71c987d81a1c60d79aae4b65ae
SHA512 042552c3ac84c8c9bdd273a8f90d5f6d46f7e65df192f916fb049920f5bc0abbfe9309645ee2aa838e79283ce2fae6060282bd3ec88c880ca0263ac0af688087

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 efb0ea957deac176d69a9b308b74b4e6
SHA1 3d777c666f8a5b0d9935cc4eea7e55400325e035
SHA256 2e93095604d6b1231d0a5246af2e9703ab604e85b6ff22a8ab16fb85a72fc8f0
SHA512 5a1f26641e911a17d3e4e350399e5a026be73bf03ce6bcd38ca24f25652008a2acccffbde3d5e5e0291a56482e20fb2c95dd62ba3ef7b5d36b1b433433aebe69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c18e42fd079450d9acef51832f19c807
SHA1 60f113a0600c0cfbf896db2ed982562337126e23
SHA256 2e3ab0f306cf390afbd4c29b7b173d24177b657efe9d1e10f129893b6eec22e8
SHA512 cb9a0bf0ca20c656f00b34a23a01afee12fc8078586d20f6a0dc78c39182155f821a917a14ef9756882c79ec27c86801612aa04a7ea0d7bfd7afd9d26daa14b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7a8a32d97111cfa2b1d4c72cca943636
SHA1 bf825267627fe94aac445673277ad6d40f31fafc
SHA256 055348c654b7ad120831d2c53c0d260e28469f099b70c1e47d0465101cfe2833
SHA512 da5393c8e10808fa8f05140958493c063d20ab4058d38da83b841809b9673bf13bf03fb2aa06d131f89905a671300c6b82ba5641e4b99a45de70534947845f42

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 803d54daa282f21be1152996aee9a2cd
SHA1 ca4fe19b5632d669f3fca3eca7335c94f66c2bf4
SHA256 17b0a4a0f1657872cbe1a3118c2d62f52849631b45dae43be4b9f692f58db8d7
SHA512 6aa406e34766a8e9ee635179906b55a3583b6ab81a44f777f64aeb5b3566189f443cab6d8ad62ae16cae96b52be62354f43bbba421b62314f636bfacd436d1b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a004b0668d0ebface583523e6d7ad241
SHA1 f3e1fbf9e6dca294aefac7d9e34b53966f2681cb
SHA256 662e096be08b8e82e8aa39e6deb7b95e1d52d213ca5879178da2226a74c5b284
SHA512 3569a24f2b3a55bc1f68ef80172a007c9f6ec4d2d51c9bdaa6b9e1e015b7145c56a643611c8b4939ba4f50d6d1a6dfc72d704e70c4576be489244f5a05abaaed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc36c0eb353da99d7bd74e50d6936c28
SHA1 ff3ca9160b56915fb42cb1a38a368126715e9e72
SHA256 217347c58c413ce4be41efa7be1e68bcc94ad12b608ee44b3dafc25a6ecd455e
SHA512 6964926a8512d3d0d4cd633eeb6f784d5a7ed544699ff331b6e7f80eae3b8e26875fc72a89c71b7fb1428169f913e20488ee2c74a50c09cd0157c41f731cc031

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 180076facef7816ce6473b3060f825a7
SHA1 ea1d8fb79e96c42a6251b1435fc746546bc50a13
SHA256 56336b8c7c5624c4ff6807ef754431749a8e49dc506247516c92294b8b6009d4
SHA512 4805edbebc66d89bc521560ce2c2dbf88023b608a5274bf7b05a87b20e0c3d76e150cbbd3bedfaf166089f64b42a27a65e85c628b05d2081e1de7f015ec6b099

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1460db39e48809697d3ba5e675e44aaa
SHA1 3a6a7954c5bee8ec192cac49da32daa20b68ee40
SHA256 b5bf8bd3be1ec2ec951a05dcd0a3b830365aa6adaee9a1bef4c4636b996b7ea0
SHA512 8dfe019557ceceae9a35175ffb38152857c532c15617ba1203f379356d2e8e43918f64cfdd575c7abbab242851b755a28d22deab04631393dbbbfeb90f9b7b8b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 2dfa1c99a049073a4c9505bd935effa2
SHA1 b0741e17de03f1764d7f2f32aad41d19484f834d
SHA256 8a84304686f35c24ec6b46b4a8ca16ce003dc2f38a13f75c0660571ec0ce1cec
SHA512 d7491bc882643a5fe7dd6359599a2505ee53240c600dcb8f24cfe9dba14f87f6dea3842c9cebf7e07b2675bb6e12b7d24d5e56aca84c372341f79b729189ec5e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 cbf19257d583410b336eeb203273acda
SHA1 0118e2952b901132bc9b9c1211f628c9a0ff6adb
SHA256 13ee275b05640d6db78114d6634028b7b4b2bb573f45c304d8e96d537c87b17b
SHA512 01a3c5b838aeef1f38546487202e2b6cd2a03c845ecbfb8e3bc29f3c983a5f3f33396338e1d809ff96315ed87c452bcb68045e32d69ba27a504715ea59831d93

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 09541b880b28fcdbe91fa78b2e26e0db
SHA1 c0ae4c3b10b65556b8760faa68f8e149cb63933a
SHA256 a859f10c6975880b2dd4830513bc1084b4eca069a9a8ff489453b703973d5d7e
SHA512 7903a75c2604c00cd2de9df38d74039272076c6939fc241326b52d4904555820d58eca5d22a253488e01e395f1a36c38edc739c41429bcc8f04f85951983c12a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 67fb765610c8abf76888e7495ab06336
SHA1 a5a84df7407f11cd843f1c4dbf6454d9be957c95
SHA256 8422b56e579f6e042c2797ecde2f90a309b1b9bdb7d6a28d68c17b9a12c03cb3
SHA512 c73db2c48f17a5634cbfee81e879138675dcfb7ab23fe6e8ed7535126dea2decc7a8707938419c8e0a970525046ae92a633534359a1c8a578e19fb2469c14c46

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d4795c5698ad24feda0e59f83d580b23
SHA1 221a6ceb847d7f70b14065eebf1e510f62bda8c2
SHA256 6bb30eb5f649f46f86dc29c1b4b55243ff4fecf5920dc804bc0f77759136da2f
SHA512 cc7a6619e2c0d603467f32bc94845fe5276d60b700698098e3e65cbc42a7dc13054cb9b3e144dec35519ce1031f7b7eecb341b73ea1f3b4afe349eca120abfad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a26905f1803d640b46f11df11bdce796
SHA1 8738620276cde66a037c41d0d87b7052c30e87ea
SHA256 6068f4efa77101ee6104cd6ab52b457989502d304fd39e01a20d0dfacacb24bb
SHA512 c38d3a3f0f104b061aa9935fcf4540a47301574a8a54d71b5479108943d1f9124e44a6096b5c4964aea46b165418dd4369f8d930d4ed8a19261da965543a0419

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 8fe32e98f8d2132c8c36503236ccc2b8
SHA1 7be72643a99da2d872a8b52f87255b51a7ba600f
SHA256 972bbffd1c99bd95046c5f2e0ef7acfad80576d410aa09aaf124b63a43092e0f
SHA512 0000f4e4c9b8d808aa922715e4d600841b3b66c389c5a488265015f3c03554ed44d414005045fcef8d9b880529ae93b9545158797d0179dbfc0a7219e443ac01

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 730293fa614bd4ff96df3fdf39206506
SHA1 82d4a127f6ad9f5fbe06e1d3e4bdb5d3046861e8
SHA256 656c262863f200527ebe6bac5046de40d3480ffc7950c42f9a19a9f0c88d7710
SHA512 e9aaaf75df9225140243608ce6a69c79ceefbaa707861b990362540d8f475660a154ef9e37377ebc686211e06a57f0300d16a60859474591c23cbf7badfffec2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 af8888565653e17b69eec6e395c89be0
SHA1 8165395e5af5b9b52841eda5d57782dcb6c16ba2
SHA256 d45ec3d74f2362673ecc4cb716d6ad21f3c22f7f9d57b4a4fe2590a5b0945bda
SHA512 8e20f3f064ab74928dc93f29895777bbc906be8a087638090cd1386d12f3bd75102ab1fd598c64a584912497ed3a9992291c2eebc5d92684f1c7dc7ce0e4464d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4baa8beba8773d59c6cbb06ec59bbc21
SHA1 cfb7a0b1082e136734815fe157226321603d331e
SHA256 72b0284327275beb55cd47a13891038892f9d7be2e3103869957c6a8b2afdc28
SHA512 28d609de4603a43aaca35ba5ff6e72516386c96b0d21c9fb7591b6c966176dc1025236233e76e34f890c80be93369bbf5042fdcc14f7c4d5db6f0e9552f64061

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5831d4dac6462c97e1052c6b41cbb7e0
SHA1 d980a979578b296b4751314b69c5d46566f839aa
SHA256 c504aba448c8c7e46d629d87136b8cefdb1b2b7badd5498eb50795bbc1d717d1
SHA512 254137c1259eeb957a9be5d01b90aeea436a968faf86fad4c96a671ba8513d1f76a0920280fd443d8a8ec9a9750ab123e469f9d874d3877f9d3002a134ae284a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 e9bb63ef18aa61437f9d4370f584d84e
SHA1 922c764dc13100b0653baa005dc77715d1ffc1d4
SHA256 69564e8415e742b9caacc5dcf1e154c3bdfba3b9af540aef43e48dca13a55ca4
SHA512 26898c5467a7049638ae00f8dbd8a2e3631cfe62c36366e6744af452b907f33a9a9a51a052fd199628b40ea7af0759e0239638168c05dcef02753a90cfe8b180

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ea99ada2b8430a74cc74ee5d4d00e5b4
SHA1 59f61995b7c242e43853e6b9b525e34a0f19ef91
SHA256 2572a3807264bcd6c60fc7823e3db9f4731c37a0beeab8108ef78d7b203df67c
SHA512 aac63267f81f3a97d9f696c24394d3e0179d91fcff797c837183f9bb48b1540857eb1b350c3f8a3681a5ff94ff2f314c413093bc5f429ceb5caa6ccf625e571f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 18a6880d38349e4cf239f6092f7a01ab
SHA1 00a1f554923c30f4bafe01d86786bce78f10509b
SHA256 b3f5874f162acc49c73f2065ff536f208eeb5388702b85d2ae7fa37f602a85ef
SHA512 669fefad80b3ce8bad7c4c4bb721cb0d51e2a7ce32f6320042bef3a07566e968ecca13f1e18f29f902a32c244c20e4503d4f760f00982ae3d3003645da66216c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 0627e4dea439a0e845a98e4134dfa35d
SHA1 472e7f13b83c23e6d503aaf3f4a6ad389a93a58a
SHA256 ad3694a81e05f8a51aa774430b816c6acdf0ad06b6855dc68a688d818eb2317d
SHA512 d700e666cfe682c5ed281885c4aa7f3501933d7c34c167ee3af8f660c898e5a165ca17cb3a5b38e1bdad6a9c928a9b742e86ce2fe48ae1d9c8ac6d6d7ca0d87f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 51cae131d462b7d4d9540db45a02c24d
SHA1 b7ccdaca8d1357a222f818510249952c83e40293
SHA256 cbb957e5717208b1e8929f0eb240ba518630bd37f516eb910b954a30a6ac5317
SHA512 ca5ec067dcd25d65909f7efa73af3c6f184e965d8b896c1d2778b82bc06f7fe4dae1931e040f439d159166c5895a43b87e29a71fbd7eef89b34a6eede252bb56

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 c692b92d86f139d1493a996470309961
SHA1 e63c0599b05dc0563a761b1c0d1e4a17042894ac
SHA256 8f6fcbad2e220b96ad387bb04fbd2b2bcb2a81b504febfb308b1a052a8b5444a
SHA512 3b2d47ab7ca92ed61ed59968e024a3bdaaa934974e4b869be063e7dcd5e0ade1222969020908ea99e512c5d81a5a497b9b6f418a141832de8dc63c063d257cc1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 18d11185371933dadd6e8fcd7a154968
SHA1 0da206fe00b352975fa3b6e6ec7211e2afdd8975
SHA256 2626011e601a295d3b2b0e2f8efbc24b65e2c09c59cb52491c3c526a5763bc7b
SHA512 ca4c57a7f7157d3060dd825d725502e709894df7f05e3eb742e58200e6e689840876ea30a5bb35719ce3f8fef6b5e60adc3b2ce5478fc49cb8f6e010f470e3eb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 8062c02b7c75966213203ce394588c3e
SHA1 983837041751f32f08de1c0c27f4c05757befb60
SHA256 6ad79ccc1b40dbbd12b9ac5084702fb909f7847b96c967e3d8e798bc1aac1f00
SHA512 2074649531ee1d24f84d8132e9383c53100e1350716accdc84343a37a16018414e2aa7bb580b353aa8dacec91b1c2cf367568328f176930ebda515d5c47ddd06

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 2f0fd3743f89059397d37c4880ff614a
SHA1 5d3cf51e8a9a1d1c8850edf3471d0814a15e4924
SHA256 ae847d2b764e281e256a7ca988b4352009aefd671488a5787d506e7141eb92a8
SHA512 a3f5bca61d14b742023946205a2575bb6aa7b444280dc71ea39d82ac906f504a3e28847d510fda815685907db8d03f2e2cb8cde28f00e3117cad701008befbc9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 d05a20aa0cc2db47eb2ba1b5c6034fbe
SHA1 19d7ecb96fb8cf57d75c9e58f48a32af41965743
SHA256 c22bb48d4cce235fac4a2cb26c91ef72a00cc50c5b95a92d3e477f0b9fcee1ca
SHA512 5b11ac475b917a029047a4c8e2552823940c392315c2cb86d25c95c18481527af24a55cb8afe3a3439133fb87187e13a7fb375dca7089e31a0bd6c4df7a04e57

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 54a386c3e677cec704070436ead1f0d8
SHA1 8f7f9554c0cedd87934fa5dd87d648b2f6293f25
SHA256 ed2ca8412d96c456903754338cb385bdb6c7d83c3bc5ae323d95e6b6e4091742
SHA512 e2780b0f733c88b86968e29fe251dc8739356f5d66acc45203f989159574145cde7054485fccdde8fdc43b84de86b6403a4266bf45535f969336e4a9a1b3ba3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 76b5d780788230cf587bae30cdf3ac7a
SHA1 8ad14494243f10962a6c125a25184cd144c17e95
SHA256 21a8c8e5235d54458100e84d0a6e1a7222414fa520ff5faebf2cf148a6999035
SHA512 4d26b3ae0cfd426f23d5330fa1fb51678c86cfeec11cd370adb65ad326f9791782488d601486dbef79a98f10d27f187dc7ba54791a384fa01416f26f4cd99e68

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 8d28500a1e2948120e3238ad1b7b49d7
SHA1 ccdbd2c86c32d301fbcbc9ba599138cc9f872dc4
SHA256 a0ca13503edd32db4a313e552bf4c2c7173afaf5fbc9a28771b9cf9820513475
SHA512 39268ef212faf6fc160022044ee7a39337d87dbec2cc00b9a8d993e6df640fb1337cd03fb61aa0c58a5453256a55a19e192a8cb13881b496bf46069736f77a40

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 7ca41d30cb174a1e2ad97032d381479c
SHA1 95a5c1174690032955384741ab37cf8513cc675f
SHA256 d4b39d3deaf50e68cac834dab8d8bec4fa5e26ee963db8b892e1c5b0c51fc0c4
SHA512 27fa32501a0bd0af37a77e3c1e9c0a8c6c19c457fb2c617848db728d9659a1d52e7e57e138e24cbb11f73e80446901662b682370f62e881147cb0ab9a7c9bafc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 8670dbe48a40f4fe86d6de8a2f8a607f
SHA1 02c0392087810b488a35b7ffa7a8f24d2baf16a7
SHA256 5bbc099f120a8a8b7c3094791733ff3fc2bd3c6e1d22f7c037cedb7fe1734273
SHA512 95da0fceb44a3cde052c31792290536b73338a7af6b52661fed7d5f3198c3431253dea1aa1ec479f7a319d5625a98e4a945275076fcdfbcafe71cac3583467e0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 83be4eb1c8a55a7803da9537bec33bfd
SHA1 f41bcdc2aefef239a811b6f428ca87cb357c6e77
SHA256 19c6eeebae31d7879cc81c0d6476703290873a506ab55be0691957add80a8a25
SHA512 b37230a6c080f580c0ba269840bb3d161f82a61bc50650c5f48530264f0c3f118947e212498c1c9749f9e913dda1217932537132d459ae5db169ed0f1f2814a6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 295ed63b2badf18df085c503d0832d11
SHA1 0561540f0d2aa3d60e157c761808a7ba1ce723a4
SHA256 c33fb5b624e68905bbee3d69d75b6799b22a2840761936a0946a83dfa7253f68
SHA512 f605f0d524a5ef3082de626b7d3e6e68abfd1ba23c57e41bbc46291d2f3577c220fa3fc5f2bb625d2afef85ab978069ccca3db3fda6cb64affce1b89276c4df7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 ae227696476800ea187990a61a670da7
SHA1 3448a701212bda7bc3879985ff830d158c09a845
SHA256 b5867226b4c21a7c0ae0339c231e33206f2d32e5fe4fbc215533c49feba37986
SHA512 77a48cb69d3b83a082f60d87a7b6280a6b325a6baa8a94bba13638722474864bc211bd93e4dbf0d80941c4ee03c28adbc8e8db046a4ebfbd4ee45d6522edd29f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 180c702c5f7adb5f52f9d662114d587a
SHA1 638380c1c728a5c6132c2ba997f207542f575dcf
SHA256 e694b845cf49d21dc126f6eef3107913f34364f2412cbb10b169e82796080669
SHA512 d8287879ae89a9bfcbf3c0d7247542738d7a2dee4251c2a5190300b4e0775d34d9628ceac1d17a62fbe4c1e935f439ca4c9800c0d99a7b7d4f609b79235bf262

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 10f60721021cc3871034542ea0ea9bed
SHA1 459195aa25ddb94cd7658b497a975b00238fcc58
SHA256 74dd1eaf9b603517100d3a938f532594fccbc221f4ec0a48f69b0c4dc108ffb4
SHA512 987ea10cf3a43bf9b401b21ae64765f277048894efc91bea3e45e7566cdf4cadf3f45a02ca4674a89e278e279eb633239e85e7df4d31d79b5bc583abc3864f7d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 12578fe16ca13a510855feed234c3445
SHA1 1707ee67f299ca27493135fee6108e5885a1a4d9
SHA256 ca1e1751f4f2aa3bd4a67b0c495b1c5b52e999108856e1d5ddffb746613cdf6c
SHA512 788412d3881be585e7d9c3d0347f18c029da21fdbab08a1d1a4b65e7d2b40c54d4e3c25cd2d39127cd5a082be0088df2ce8d2abd642caa253fe66b5583697db3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 11411fbc729d2406d0abdce47af9c254
SHA1 725ddc512bfd4232cfe58f1fd1d69f35f09ced8f
SHA256 2975ae8b292501e07359005693d6f9195d674ccf41bc4719126c2073bf735d76
SHA512 0ab068f36f85ba608a5078b0721ce3e0758a5f94dfdc0cd20bb8b8b8371ac9e153b273392034168aa1bfe7a49c923bae4315ef1b88778f820e3c45339ee656dd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 5fb7632587949a9710bb4d501ccc34d5
SHA1 a39fe3a4c549c85a0fc9f5625d9dd7ecb996a676
SHA256 7d55477fe1b2d6f6342b33150b561b9c130d882a1a6f1b2db437b96df41e0ffb
SHA512 341d422dd3017fdd1cdd0fe3f83831d974794e522cd6609202d9ea8a7f9a789673ad8143561a858b623b2440b35dc3d8d045a8c552e670729121621d3a12b67b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 05a73553a577c977768f72af54b8a3f6
SHA1 ab4bba44edf77132f5a22ef0014f49b4d74954cc
SHA256 eff4516d9e432fca14878e7ec6c649c98f5531d559d67779457b6b793a3301dd
SHA512 d2f22a296507bc4499159698cae599058491b7dea1294963b689209d1356b50fcfbd1eb05c68983751ee00ce43d948d4b6cccbcd3d117100eb6c1e5acd8d934a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 71916c2c4bf76151fe42feaf701b533a
SHA1 5890ea199c7ec2a1c7fb4bf0717d4506b837e39c
SHA256 d560e465270773c40ccbb1bab89730642732d79cb5502f1183d8469c9b6751f0
SHA512 d3e81ee764539b4a9ddfab910b7f7793f6027c66a88f1f104e09f8038aaca076347dad301d83a4e2a79dfc1bbd680bde2fa85421855941b7dd2e108d1ecb9583

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 0bcd387e90f0fdcda71be68a059607c1
SHA1 21da8d5341096b8e312769e89b689c4c66440302
SHA256 704e62a770fbdfd12e9736e79b3a18a700c54f3acd3de705b643100330d2d400
SHA512 ddb0c06a261cb88fc289e7ba8ddf7c445898f3275cc689a0e734932f816814436970c0778bf1a9b9c4de837fcc239d9fcf12a76c63ab9072415bb3cd42ff8f58

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 65d810709f4f24a05b70f0024fc15d87
SHA1 9e86cc4232e9db520747ad4923ddbf58819ea002
SHA256 bf2f548da973a8e80f6d75ba27fa01795a6913020cf257a682f465b823aec598
SHA512 bcf073bfc07f7452a673c6ad1987ea85a3793220868f200f3f71548039607b2cacd5c805b085f816dff4a82d77fbf08ac00e618023c7c13956524f978c481e89

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 84abf1443aa6033971d38f6c547b0d67
SHA1 b96ba5a5fd44a651d36d46eea2cc1b843c628dff
SHA256 5f0404aca15c6197c8b6101b84decc76aab28a9136b2cebc9142eff390fd6fd3
SHA512 271a7424720b880c95b51739269867c40edad4db030c4ea13ddd46336e708ee6129843d9ae97c95d93aea60ed7e54f2b7db3142f9a481ee6ba2dab32dcbb0932

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 25013c7f376aa7f8d65cecefb1e29dca
SHA1 3833eb0c7692ded3e9edcfcf6452bbc9fd188835
SHA256 783c63a12f682707463cd0eeec972f00ef616a210d03aba42f47c39d45bd56f1
SHA512 7d2c2ecbb9e44dfd05fb268018567133847a473705d806cef01a43bef36c534ab914b92f02a31de01efb34c00b6ead77f39f000a28c98e54738296b71f9dd5b3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 32a1d1a0040ff6232ee842cd9dc66e16
SHA1 c9113857a12717b8accfe87dc76bb706b8e5a9d8
SHA256 67a691f8e9104f06e04401bfef17620f67f8c801e8dfe06ea6e50412add5f47a
SHA512 1656c1055b92765f0c4fbba1a96208609f7019f4fc87a753c6292bd93b512c0d8ec8419a85d7b666b87936072cf4115cbc1380f7fcb6312498d4ce2f5bef6346

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 d8989a645382f483f78b459dfdd464c3
SHA1 d0f9751c453b00760ba3c6ac4fbfe40e63b9e4bb
SHA256 c6b8a058604e407eba5be2c63d167d783c899f057eceb6e89813ded29ac54769
SHA512 d84d812fdb19d0202db97c34f1f407d6f95006e13d9e560a972a7d61851290fb0652a22eac62f9da026f666537ce98f0bd0f1fea9a615857b1762a163ac72534

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 20:30

Reported

2024-10-09 01:55

Platform

win7-20240708-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe"

Signatures

Renames multiple (2221) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\erofflps.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341645.JPG C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR3F.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\WHOOSH.WAV C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Media\Characters\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp5.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\Passport_PAL.wmv C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\reveal_hov.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\modern_m.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\43.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\Ringtone 08.wma C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\daisies.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-4.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\35.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_windy.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-2.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_close_down.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\45.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0098688ad232f281\cpu.html C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-9.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\16to9Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\9.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500-16.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\img25.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile10.bmp C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\default.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Battery Critical.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Architecture\img17.jpg C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_frame-shadow.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\background.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-5.htm C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Title_Page.wmv C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\photoedge_videoinset.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\es-ES\epgtos.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Landscape\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f087cbd507d8e79\erofflps.txt C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe,0" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf\ = "XVFHASZDBSERGJE" C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\25072c88a3a9820ed4496db76b23554f_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 55aa628a07550ac99de252ab78306f61
SHA1 1fef9dc3f77821bf750bce42ffb1f6c892f74572
SHA256 839eb695666f96062e1ded9d6f1c97056f6fb6dd78d8f265e437c48e9d0675ca
SHA512 2e1e0fc7de510c92aefa23840cfe5e5e14fb98e597aa626cbb2f3034294d54d6cdde51dc0bf5a76dc3d40da70a5ac3f774f0db9e450c17d1b416607795643715

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 d5a632a41d602a4eef588ebeec89aa12
SHA1 34df371469031d9087f2468a9ce0e88308eaeb86
SHA256 ab3ac6b6cc56ebc63e65dfaa1363bccd598608bb0fabf5549470a205ffb2c937
SHA512 7c3e2e68c1a08df580f1e261ac111265f40e28be3132b23802ad563770c13468577a1f16fa2accd04b0c6b1bb29b49322d4112bc2453a2ff75291537256edf25

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 4e1670acb3a2b78b210a839ba54a7107
SHA1 c314081ebdba5e9b4f34903e139d8e677d18192e
SHA256 304f123c7a70e8965f62addd8ba5acc5bf2c9fa0ec2400e218cfeded28ccb2a6
SHA512 fa391e26ce105668307eef1e9eab540ed82d3f0dbe85bda1fef50f2d0788e5547651e29d5bf0fd44045695211638f335ca1588e8c703df8ff370abe76af355ff

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 218e3267e227b6bf183d122aec8f78f6
SHA1 4db1510aa06eb8c0a8547ec0d0b13fb2177303f0
SHA256 9bfb36c85186342903fe7b458cb6e28db1402ec8ec6da30db4098575da7e0007
SHA512 1cff54e7380010fb85932b4911b5633d15282f21c830ab70e12ec83b15fe36f8f6f051d9f671973fe14375dc771948216c2127a3daa4a64c6913fc230fecfb77

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bdf7f015bc99980e0848d4374b6b1afc
SHA1 550924804be4e77041db599216a570dd82735796
SHA256 156cc06ac9a324896c98f8f3e71f86a6203128b8634f20a00dca9ec47304d1b7
SHA512 ad875f6252bdde6c9f9764f1444af074fcb0ce96f270def4f6d337e6a4bdb3837a85f595eb4dbd82a761cbc8a76be59d1499cc89688a9166c69e6e53ad6f0d1a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e84954bc75eae1dfa4fc8604dde17d23
SHA1 2db0a0cd0933ad0f49af4c614b28317d7b4ee3dd
SHA256 5d5cf3705a5425f9338e1d026827a1270a4d85413f54c1fda312db0dc4145fa3
SHA512 214b118670d67dcf2886e73409fecda1c6614365b6e9a05ae9caee9a5dcb655702e8750731cd65b47e35723e89a26317ab0add0df23485191e07807cbe3ee7dd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 63fb355044eab78f7228b87cb6ef5843
SHA1 88bcee4073a7c0f67e01e442bfb51f8c72fcb68e
SHA256 cfe458049dc5cdddedc47b37cefdbf07e01d7c8c891dce72c9b52ac7f8858097
SHA512 8e0e1523846c5615b8718475d9e58a256882c809ec80ff52029923e3b15fbe05aa8f3769643a36a646bee86b5e20addda0a1ec32a1c020c0531495f9afe24732

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c209945e7abd939a4c66b28fc2770369
SHA1 7a6d688e5f67b638cab216dae1bc990ace964994
SHA256 419f51687e494e82bd75080714c218b0ad607e8a13db893866cbcf4161acaf69
SHA512 7734296684a24db56ccc29e6094ff7f91b1032ea8f50de41676f63568cca9a67612bf43e703b3b28f6d8cf2c92e8b6d348c7de4dce94af7e014ab07023719cff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 804b11374b18e7fec23dc9e9db731961
SHA1 b917823728809bd46aac48753ed7441204f9738f
SHA256 b1dbe8db91c4d14f001927faebe3c046adb54eee64e4b56bfcba2c91015ba7c9
SHA512 9b137c4fac47ab60560983f55cb6c2a5416a012c50f1b84e9d9dca58f29d07628e724c39cd4f03d14c1743b435b89838156a46abbbd9a2378c7d9055e5a2f672

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 c4f6fc695402d6e4b857f1c792f39ffb
SHA1 6bbf7747ba8a3fadfcc08403bc321ccbc5076266
SHA256 4fff97b2863a4aee40cd15ec7cc2e1ac9eb5107c383d871856c6517f00b56cf2
SHA512 726dc19f0fbfd6f4e1142346155401bc2da499dba56864b17be640c2ea0fc88048002e00a4b490b72989071ac5a239f7fa653e7c48dda800fd3d80367bcb0c30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 abacbaca84d831b28f5cfa8696132fe2
SHA1 08f75c589a0885671439259be6bd7ca5cd357d59
SHA256 ccf4c3d9f48bca70bc991414be843c7512dcde8a0090f8c5faa0b9c4e603f9ce
SHA512 a3448f42d66fe99621a481b6d68aaf99234912834ff91511445531f0a47117c6ecb22275a4359c9b8e244119ffe8a6615fbf0deeab42c2570295044d86da52de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 5221ddd6b588fd6593d91adf42a79d41
SHA1 27b3ef8b98922b80c1583b46f050db035fca58e5
SHA256 2e363ab337ba3675eea1bdaf200e8dc70c06f37e0105dde509d050800f5381b3
SHA512 d023b5873ac9fd6b506c810dd8a5191dd8249274966e6fb37a3d33dd6912a596bd8090f77447091410c1c8c5e88aafa4030d67460ec4a6d0efae680dcbe19d03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 1956ad0924806a5723b2603a5801b03c
SHA1 3ff68c5102b809d0d57d28c3428af41cfebc3618
SHA256 2452e9a54923a33d93362ee9c5bb1a4d7ced03b62917ac0937db5ebca4d0f91b
SHA512 b64e3887900e263f60be694ec5f4a7ffa8f24a7e2a13588ec5d4eb9e8299401c8c710e166e74e727c877c2cf7f92aec9dd2dd5e72c6307134c4a629d4518e660

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 6edff3271d50a368fd77849f37b093de
SHA1 54574aa232d046b400d00760a5641f7957802931
SHA256 c7a4adb1dc6ab6540ea3cb9197a7c3564010ae818a6ba8b9ce266995528dae89
SHA512 d7ce0df4d3246649882ab3612ca670ba996a5f77308c2dfcde67d874eaddb8605e891066b10054d88b2f752fd36d32e5f7d58db4f5904114961e5474a81f6dc0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 2953b650ce2da9c51e6f1ccba46e6d75
SHA1 2d450b8f2712a64a46c04af26ccebe22e7bdbf12
SHA256 4a8cf872a82d7e4fd55fb319b92d50f587dbf8405fdfdccbcf078e06aa5aaf4c
SHA512 90e89d79e92afd35aa600c2fc3e391ef3f2dc6389430e70125b3c44bd0cbe1a5fb51de523e7a06c8ab4e72e190680c37796e8e47f450d4b0b5d8f9fed6264648

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 1c55a74c690172876e7c4c9daf7acf62
SHA1 1fba6396b24d79fa3b203f4179d82ad9b1d55061
SHA256 05f7019744aeb4756149408b379fd98c5fa4924ccd910a1c39281a6f914019f7
SHA512 aa9bb0660fa7c3a5b84eb90835028d6fc108aebfad9e307931036fa52016f2c277134d69f988fc6238558ace3383102f5e583a1b24660ad7da6c8cd189f349ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 0504a31adbdd527b8a08a47ddcf061bb
SHA1 5928fa34d8000d2b8c6288910a385a33d4eb969e
SHA256 a7d8ce549c608624bba36db4cd773710e48bb24a970dcb960dabdddeb2d32d46
SHA512 4bb533aa25f6c6c26b1c9819b4d88a821e227d3df5393354aec715bd4f3bedf029657ca204beca211164834b206e4a7b3757575b5a9ff9682718ba43d1908909

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 80cd12d97dfcced8f03b61ce920a6706
SHA1 7e5be17ecbed9eb07b53d712aa2e0c85c36e9302
SHA256 c68b58f8d03dddd486b04393c019382953168ada6f6f59585d00c1fd6fc197b5
SHA512 42f6dcc51985c7c4cd51f7ea2f8c55e4687155a3cab8d12f0e12e3d0017408e776347b76601ef68879159af769f7402f9406583c9752e3310b33a53a8606b046

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 16b72641b26fcf8b3f1e2930ab3f43bc
SHA1 58944ce2f6c8f8f0bff4e732377717066e87bd2f
SHA256 d8eedc8afd6135f1b4d0d477f3c457c31dab8c50adc227884a3982a32c8ec371
SHA512 aa67d08dd72cbfb4f96d6c2ca58c2dc216d046503f039dd09edd1e8c5cdd236c4251331c04902592fb31b9b3e7d56572b7ea8e27a8f2b718d0fa8db62fde322b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b0d5af152f74899ee6cba5f9ffd19c5b
SHA1 5606f61d26508234fc2d875e1f57c1ec8417663a
SHA256 71ad94cfc618f7905d0589ce7a5003f1eacd55cbfdc453ba0ee59403fe96cb81
SHA512 45c83e2a89d80054db251081bef9f101b1bba39e9d89f035db0951f4b1c67a6235876aacb79ec9fcb4dd0bd17cb940c5907e3f1251717bbe586770955e4c1c27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 361a9c52a997040a4becaf3273912f4c
SHA1 5266ef57ad838e48f6cef28514b41e450b121692
SHA256 b5f9546ba6f95735064cccf6322f02caa0d0c6658db7c0b9d1addc2fe007cd4f
SHA512 6dcb6c1f06619cef1e51c74e1e817ba4d91257bb481f03ed1eccc9889ba015c83b5bcf31051b0804d1167ab60710a9ffa0f5446f89fb84623e124114ad90c0ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 1109ff57ce47c72b12b4b6e682c0180f
SHA1 31902e8510a4fc9e5c8c382cf23379bea8e8aed0
SHA256 c53c5318da56e8add364c1f24d66e32337d77a403901282d372abdd21d0805f1
SHA512 45d55a0073826411a7f90c0e81b9c3104338ed14b5679ed68865c74b4212e9fece804521ebf4d5bd670f60c23195b71b6a2b23173c7629ee3a24366cb6032d35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 29c590f07fc56acc37377fbb605199a4
SHA1 50ef0ee700072738025cf5ba65f2f42f2f1b7538
SHA256 e39c70c5d1932f3e757799d0d9bddaee33fd98cc421a04fa9346e5155108563f
SHA512 1cce21b9503f1d5f6464f63623a34a92c7cf5c48c2793d8d64f2932e1383e6de349ca59a4ca25d15a11f9799d7ec8e9541239ba987ba32708b96c62c42c48a63

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 53929e0130d6f6398102126dc717cec6
SHA1 84ba8c6af90f8b54ecf41465ccb92dd5b5a0b8d1
SHA256 e0533aa9cff2263b2252a8e5631e65fe8e171be71475ef3776719b68253d293e
SHA512 46cbace0a37e7391a52c508a09f8e559cff39b4b1d860d69e4c7514a6bd16551c59b763f2b9536ba11165db3217e31fd2750d77afaab84171384723677dc7c30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 c9bb91fba64270406a8e131cfca0d536
SHA1 9463bef19e2285332710876d21ca6a2f5c33d202
SHA256 e94d1811fb2cd526ab493d6849e5fc0746c0b1bf3b9ffacbe7a14c3118a6b1f5
SHA512 47af41b46a76ceaaa01794e32889bc6618840d6bf5517500da155ed1f1115b4d1ae6979da308d9646855d53ff8f7985c4fd99c126d54c97e42c8e4ebefcc658d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 309a25780d3f5ec1aa268acac4df2bd4
SHA1 a93626908bbea2963edaadeaebce6ee158238ca8
SHA256 61551d2acf4576d84f5ca9a5acc129f06316429a9781a597808dc16fed6fa985
SHA512 6ddd1f0074b69242eba30e0e54f0fc71cda63f4d4586d0b3156fb219a57a7c0346a51860c1a14e0a44c4a93dd32e39fa87acf0ba6dde2530c4ef7b2dae6ad97d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 ab26cb367babac79a2358bcbfa4cd3d1
SHA1 1516a09132b4ba077249d17a9d108f6a6414a5fc
SHA256 0a6edb1facc916f0bf49163973fd263a6265ff6fc3d61ba9b2f05ca7bd04f8a2
SHA512 7d93b71be0e53cdc5f29c4a6cb41f6ab3108e0527046663279b472edbfc05101f45eb80b9c65bda579a75c34a9a2008937a32a271d462092e39bba88de5a8c81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 2a7311bef1f35398897557d3f457dbc9
SHA1 739433b7474464e2789afab3ca148519a64dad47
SHA256 523affcdc401f959822a190561328e62a7166533c96d946b8e004da0fab7d630
SHA512 f44019115ccac3392ebc0cb3409506add0fdefea03866814f30f6c695fb3d399261debfc68192a57a448f58179f3c5c5afaae152d0f081a1f637037a70da35fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b7105fe3d152f28d3359e58a2fd54171
SHA1 1f765f46c40bf38665b760c9806f0dce32cf93ae
SHA256 2a5f9a42c2cded8bade329e3e7892d885a3efda6a30b5ab0179a07571775ba05
SHA512 8c4fbcd220aad8bfbd1d7f6203d85130495f7468f4246645d713da4a675e313565b29a9540b0267031da998e9886690c76520d47b3ae62138faab00a72e027ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 84ddedc44003e48c2609ee237b2f00f4
SHA1 6f818038b19068a2cfd138878ef4d862c3353821
SHA256 e4b6a5385c572d20c09bacdfc8282f596049b6fcfe55dcc6e9af6bdfc214c623
SHA512 72513cdaf6c6a58323a2e888db0f984a8925f9fde1f141c0013ccfdad675b536e55d3bc9b8c901acd9f06a7afbb7029af372ec1cbec69a7762974f34c5b97e9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 35b47e3ada60863e51dd6446034501d5
SHA1 ec0ebadc7fd64a69a1d353731f9496a6339e6e5a
SHA256 daf5109f99fa0f8e98e12caf7d27037320fc120382accf5d3b4a93134acc0cbb
SHA512 72454f1453b74f84d8e9a89ece26be5b256b87523924c10127af4c17e69971d52179c074660b0da7076438a3451e39989e8d3e392ae7b8281e15da7981869e00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 2505094bfa9c91cd5d0585e61ad1c7aa
SHA1 2627964a78db5722f800d8a4ca6bf67960da1f8a
SHA256 1cfdf84fc416ca1fc051c62a48df3e54dfc1bcc1e41b424025eadfef6cefe28e
SHA512 010a760050341e6fc7e7fa4d6d67c795726930664a4663b4967701f9ccd304cf384cfd34b4b45c43163597a96ecf3b7bf4e1592ed77d13f95cbfab285a3e71dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 16f49d8ede5dd812660e27249384a113
SHA1 c06d9a9e8b43cacc91268fda10c9231292a4737c
SHA256 490cab4893ca5e75efe20f6b77ad7689a6adc48e55c6aac16931ec3f6f6f568c
SHA512 c12c398e71db454dfaf43163a47df82a01b702e7a95fb9739713ffac00943f4cd27d25509648554281d1ac46f6add1d4ab43c83ae3e02e8506142acd799c0476

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 dc92660c3339933ebe7a143388ec54e0
SHA1 427c92dcb648a7504bf4670c9508d0719bfb60d5
SHA256 72611d457f28be83fa97147213cc057ca573459ec64d50f039b77321bd983780
SHA512 82ef57875f3cce66aefdc29dd5b86659c17c63de5736a956c003997c78b6b4fc7fadc087acc26d43dd1a7c4b604acc07de3bd871755d0df07eca26e6bb4a6009

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 246d69e01cb77c9a7ae3437fa84a1d2b
SHA1 9eb10b9722f42339bce8ca8c3e6c9719c3b069d6
SHA256 c3d274b247de1e44c5e346398bddee19e8ce9469d681fc714db8b2e5378d4326
SHA512 75d00bfe84473ce27476688ba3848f930f639c98535af32c8e686ac78b662b16de26b7befc000d21d61f30e58c03c0a1940438a7074f12c6005d18b472cc5332

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 9301d80020a2c1ab4c04db0403787ba4
SHA1 f7d35aca4d87db2e3f95a981888a7f02b3bb219c
SHA256 a9a28d7ff88fc49f16e314609c2b8e937994d60d6632b8f12d4f184aba297fde
SHA512 5a1c4db6826ad7d31adf3453b34bdde37cbab6a123929ccdf4eea74eb76a236428ad38d93d4967e551bf3af14787d3e0cac2852f50e74994a1a917ac55ffc54a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 476ec1abee9625e31f4aaff98e4a2ba3
SHA1 e1e1251feca8186f5a7f21c670891d08a5d92ad7
SHA256 cb21583143839ed786356638bc4707bf7f01e798e8281ebb1a9cdc6c22a8eae0
SHA512 1dea4a028c02258d9acd0428340670a7dbeea5f9b8315a348c8f94e16039b3987825f33865269fd34edb0d3292d1ed7a5abad323c15e7e64c777844fc351d8a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9db731cce3d7c8a1cdc6cea6c3d9ceec
SHA1 5fb9903ca876254a3cd4719d663079a14c83b404
SHA256 ab0d4d7f8a5dce11557092d04af1c58de3ab19dc6ef58f0cd585b0df9cdf241a
SHA512 086066f477ce3ede3068cb696b3e9943c35838b443360540df46199918703e42dffc5834ba258ea5e5cbf7a3402ee7d87803b503fd1314eab5a8616c5180a990

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 3e155b23c56155158e04eee48b451f62
SHA1 f873ad4f6a80340e23d0ad869c78b9b5a6f91fd7
SHA256 d7599822af408e37c0451373c04787d101c3d9ec009ff9a2376c1b3a62f71a01
SHA512 fdc3c3965d8b73e531fdc7ba78f77ffe6e7a3c9d313ee8752fd11e78ec6d65acbe88c7c7afefa6e776fd263e241a1d22ec2f40501a5761b0073ebeae3c317497

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 1c9ee1f57b1e493825244315cddab61f
SHA1 134bb78f48594ad993efebc23e14e3656f72e3a8
SHA256 43b9bc2cc860b57334dac3b994fee43aca38aec7d902b3256efb9b444f4e41c0
SHA512 bc1fe31808d2b45624475827e5cb5c1cfc92782778402111c2aa2949c16fb92491275de6d8a66ee4da7a1b87e4400c267cc68247bb0cd54f3b47b54b644fe5d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 dc33745404f61b8e63c1495d5e4f105d
SHA1 a40491bfc3509de2da6a7d8613e703c8808cc48b
SHA256 af8c29bb6e9809a450170d76607ff6bef266464072e7c103c49ba8e05f5cb68c
SHA512 3b0523aac88d294c0b5a3640d43bc63d42152b2b82b5b0bbb501a6aa9556aa816228879341b1dc1cf3a6d18093e8888c91076b927d7aad27c60beb963cb2f969

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 26a2f64bf1da4869406d4cc4d3f6de1f
SHA1 30d13ca9a6331c95e54dcbbd1a01d667470e1cfa
SHA256 1e6184e8a03f2ff79ed7db2fcdfb2b5c037bdbe8bcc37c5f0ec4cdb7654fe16a
SHA512 6f936463e1fe8a5626dc80ea217e3c6a9e2f1a95c3d1626e8109359f5186f266741f6f7cb3dce1f8190e7703921c2f791b3eedbd5bfdbc940f3de21d099a9c4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 11c1db8fabfec691506126128063bd8f
SHA1 54e7d5d9234d2bd203dda022a94d3c982c50ec60
SHA256 dd6a633e01653fc0a7056515b2db9e233b07d2aa10cf179c24a20267b92cf76b
SHA512 f87920d5cd4a6371877e74d1b817ea3f431728e4e95e208f96c4ce8f667d5da9bf0c825ca685ae1d12bd7654e266c71a1fcff83dda3da809b022ba4293fbd9e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 181863d0c28be014e32c9143be3936ad
SHA1 b9b12707c10554ef21154b394043e68da4bf4899
SHA256 52b1691384d7bdf15feb37ee5baf8a21aae764149c255b46f707bbf63b906950
SHA512 255a9c8c309139c453a3cf7d670f9b13b21f853f8144904c94b1fd9d23d31bbf50c3ebdb1d5398c180ee29eaec8215bbb799a5929f534a653f6758e9ed415b24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 39453ef5dd82f6d2e5d6fc0e4433433f
SHA1 38ed635eea699c59370f4c34eb6ffa2e86cb4ed6
SHA256 ee582ef56abdad439fe781a45d2ae02f4d3b08195181eba746dc851190e85003
SHA512 a85ed94e18c58c42d2a4b8f77cf1e55da71d96cedcb31dd03f006c502b0a0ad8c112ad27e27379f732ddc000c02a6d68006912513dba54b227c1d59a164e25d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c9a1057c9b495f6209384083af936a8e
SHA1 aa069e51fff610daf2f9f84d34a1cb4716493f71
SHA256 44affc00affa0e3e9ffa36f5e647637557da51991e19f7b9ed7644f82835f771
SHA512 82a857aa004a4433cd26fe5a037c854b4a47446c597c6524f2c38acc7ae8d208ba4d6663940ec2008c779a123faaeb4a3c118214b292ee20272c195b8f3c140e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5da4fb0a99b6147a4f2a647ad4a8723b
SHA1 ad363c76bbc4ef5c70cbc226d36c5e5bde1ce818
SHA256 b3f05f6092a3f1cf692f108426b4ce2cf87d8311ffc2d5783b8d0ba14e7620e6
SHA512 f603bba865953a94a2af20d1462f2f6d5bd6e312f1bdfea843de67500274e5b50505c5eab2fc0262b81b9c1a8e89b61967599fc2afbf904ada848d32005aa430

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 f10ac68b0713af6aecb798432d3185dc
SHA1 ef17cf137b2028c379ee366e8d8bd7ff79fe6a67
SHA256 ad81e7be0773b24fd8d1ddf58c1d52531db6b49597140bc9a308a325937555ae
SHA512 8ae29277e2c7f0d5e55cb7c1bf23de01340ba45adcd9bf6d5db55b975d901c6718a9c9ca6801d060f16e36d588e1d8298e28a895d644bed655e520299ff19c82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 1156b38788aa73b60593b54a686cffbf
SHA1 e33711691226e21d3f10cd00c80420fa0036a6c7
SHA256 49d44a560bf2636f6c6fdb0fcb5423f6fc3dfe5d7ba4183f0b9636e7a93d1586
SHA512 254453600772382cdefe0e30592c8c9ea42064bd59fb3224657caebcb8f1c9faacace7f5664cc1a544a8e4a08dc9da926a27cebd10ef9eb83b7102fac4ec35db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 946900e769f05135619a773df5fabb75
SHA1 ebf7433a157187b7ea1c9e5d208143226b3a7f32
SHA256 351320d06d3af27ae99a54170593930af63657513cec0dbc0bfa343f51274dbc
SHA512 1f63d4682d4b252fe58322e4c3dee09bf22bafef2216646959552623d3c6d40a56461c506e4bdad49ff965af36d34149a28c6c5495ca985310ca1d4a6415b803

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 ea47980acbff36583183903534552158
SHA1 575aecd34eb0625baab30dbc29f8ccef3cb18a09
SHA256 39a2498cc8277455ac5bd6699835f2b7850a1327a9d0c50cfa65f9de407270d2
SHA512 10b6f3eeac961ef4daa3d9cc669463494a9a8429fc7652a5ccc15bd1e726270386d083a0ad6a677b2e351559adf815c2862d9f15b1c2dc971aeb5209ebd92caa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 63a1e94bef1c9f7fc8991f96e03b904c
SHA1 57da748ad09ee91a9b9acd60a519f2e542680989
SHA256 8d66b86977d563fc7709a2ea2cbb300238c6aaad70622a02477be53afe4a037f
SHA512 6920694ebb8ac74c6f2a1aaa1bbd10f0ed0b2d2c2cd10b6dc504018e764a2179604cccd12a443fd2f7ae020af1c6220055526921969fb4a5e9cf2f58c95b6f0d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF.kmbgdftfgdlf

MD5 b91906b88b0c7c64ea47c03abf281258
SHA1 368bfdc3812ec2065da532ae816ea50a9acebf32
SHA256 7bcddfb44d9ca2811684634b06f183e8b2102110fb289f81734e373035818f4e
SHA512 726d99af71ab286b5167758ada1ccd8d4f9e24cbe3c4992b3a03ce7196a6244971e6fde766b84b37017e92dd3c94cdce049e5690dde6141346412bb12ef19c7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 8c64aa39d46deed64de232d24ff38600
SHA1 b0d23a9159847a99845db498521a149fde5e5627
SHA256 0a416717b57804b6f0f34921ea1455cf4064f37e070bc2470dd04631151b55b7
SHA512 94d9df128f23e27190fd6f2a7be9516be0ed454461a0dfaf449b23425b85397868b22d3a8f23e7591b1398c251976a5a10b8e2fe09b3926c9e61f88ba40b8b02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 bc8e6defbc789bdce70c76a28b7194d9
SHA1 15cd4585b3d43c8ac9d7fa2c0f29af523a07efe4
SHA256 f99083f6f7dd18c34bc3b6b97c8749e55de4da64a2327b8bc6b7ce86db85ff83
SHA512 11cb9b71839e5e3b847b63aab5d9a02144bd31732f691c4d4a8e0f80d68c0041c87ac809bad8cb6640115c2cfbb538672fb1078c15f6eeca856b977ad14860c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 e173dccdc21040c79ef90f7d0fdac82b
SHA1 54ce97a1597df336ee9aae2900ef9e48c9ddca45
SHA256 5f50ab08c60d731e682914f7206aa89ffcd426030ecc281e2bb43cbfb6fbb777
SHA512 5b23556a1001a9b17921fca1f627c96da1a072d04149fe6d33f7bd372fa5ad3e46c441afc25f875f054ef1f4a6075a0a503372429e13de773b7c1a9d235e938a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4db8a3ba2852b6a152c4c37a1235ddec
SHA1 d32baf71d309a933155428ece4b270dabcba59b0
SHA256 5c9f56332d17303a7ed3e0114e8c4b526075be6809d2e287647c5dbf2e8fc7fa
SHA512 663d1dd60cba48a1a41bd7096719c139d0bf7e0bb7d431cf6d33dc6b2f073f3386db7e1866db7c918456dd39d5d4a434c7601b1e5b57abb4f7318c240f3e295c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 5d24752abf81fbaf26501ada700d3995
SHA1 8aa5cc633f20e97581380b18eb06ce13edef68d4
SHA256 7d5f3212face35cd5b95db0ee9136d66ee715e495691de992ab143e589b80896
SHA512 e038fcc0cd0eed70d9b26fa372a3174cef4ae05f29f1fc0aa3dd358d5ed737443adea7ab3b641154e5b314d77cbf2614649971a5a35fb5f28e1792474001436b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 abc85a50f1fd66681555b214bd5120ae
SHA1 3f64eef2a1386137fcbc21f281c63e0b8849a05d
SHA256 565f29a3d830fbeb604c03963c2d334ec33a5b877fdbe2c202d24a9f541eafae
SHA512 6f760430f6ef780709082be8785ad710b1982e007f5ebbd59f87dd4b82704ce8907f40e66346afa3a4a5bfe3cec64b9624a8b917dc151f85cc3e5aac3e54ba51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 96899674c5c75184c09886b11365d194
SHA1 f0e0a61deda257e556cc05bcba17e238e802ee06
SHA256 2e4a0b528ae223bec0c445dcd186d30783595bb75170a393a61b03b73b860fe8
SHA512 0bbbee596a375bda38be078ea63a1be3e8697ab0f1675c66fa5bb0ef95593492658f31fdc819c54668113046a118a72c91528d9401232bc1d35fa39be448dabf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 9fb30195d6baa480c32a940edcec339f
SHA1 b0994ecf70ce4621b0179923b2b9c9e0e741b206
SHA256 916c56cfd288f72b2379c6cf62ba249fbf8fd79dd9f9117006e62ecb56169702
SHA512 e44bda25e10e2281379f088388a1d7e95ba67bdb0304a686a6e62186a54aad0d86c9d0beed5fbffefa122fc7c4d69961f41d9d2f51fc2c59323ddc53b8f992b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 832842f0444f27c05f15789de8d0fe9f
SHA1 1649262a4ec2a319012ed5fc0eb15dde1ec88369
SHA256 dee216b0c0534aff117280e3cbb76356239da0c3546deae2ba02ecdc1f37db3b
SHA512 c1d8ad1942d09b1ac708a34558c6a97292ed0d5a0f93bc35dd142c3aeb241d7c1f04b9cbbf2ae5a3a3891e1e9cd0411dfbf78c840abdd281183605d3db2e0d33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 a2b5d636a014c9a0a84258f0ccf98f46
SHA1 14277de2722b1cdb2b62091fea0f4a81bdfff710
SHA256 f3ac26dc19410e95e6cef93a6afd7985a8af11b07c23c01c83cb746a6822289f
SHA512 48c47ece3edfade5f1516b64e40c3f1edadba51ee52f0ceaf070e81c4df2d176ea206281e92ed69303371510b16929e8d914780c900ce015e123f8730a261215

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5218c5259f89c6e57e8f40ddb91fc737
SHA1 dff0cb2a6d17baac2f64469d25b9c8f0783b1964
SHA256 cc4250ea237ddba3102325116873131e2baed30643c070fe9aa12d9d5c65f42e
SHA512 2ee879685b9777240c475f2c7919252f663aa99c6ae7681361158083da4dad144905a65bc8c4f672d39e6c1c685b0bd4d9e56b629607d9f301cba62c4518e4ef

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 a18fa877bc346c2d6a5a0ebecaf582a8
SHA1 a62cc7d2ccf7cc483f6afadcdf7c8018b7c8631e
SHA256 f247084f30876e748a59bc72ae577ff3429e89ce3fd9f9ed8ccea05f278a916e
SHA512 79ad00d1e81de217dc922eac792c7f5764b600883a493822572b8ff86efb3d7fa9906dbc1094911f70c40b390c3209468c95060d99c632836bbbeac0721f0491

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 1bc0708738f800231c2f2fb48b3b9509
SHA1 0b59fff429f22e8cf7f885b327e48041281b20d7
SHA256 78b881ba9e3b61685fe049e795f829792e9debb549c3ece91a2d1296f9fd71e9
SHA512 a727108ce70a2cb117ffad9815a14a5ab0aaba637ab7cc1969c8d20abc721710fe1948ebf2c6d594a706436fbf58e933702b40a1f26c2c34fb3a94b9b24efdea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7c9bf5da1c349c270c334f553e9f59dc
SHA1 470555da3fc3b416035a9ea6e76309cffe700603
SHA256 5e8b1ace18acc03e54ce8d7950c1063ea0cd962d8a879cd69b16a0b49880d800
SHA512 4590553d7cb465f7a6b0151ba8c073aaf99b63d3e311a5be5987c682bddd58a6f253149c0f5943dd78a282bafae429b3b3247052c3fa7ff0f0d0158df4aeb187

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a020bb28bd35fb03f367946b4faef444
SHA1 d28c059f65960f8a812f08906bb1b75662317004
SHA256 6e657a8dcb8338a48860a04a7bac4f5fda6f4cb67fc7765032bbf394d40c95ff
SHA512 8f1865a86250c2de1dd6959e61d23fc5904167d97648aca558d755ed93f13124b5a05c2679382106bf986452e3c78704540b511a37985b6cc0d5973c022be5f2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 86e6c0fe465279f0aed32810180900f0
SHA1 701b620cfe8fe50b41901b2bac427c4fa2780816
SHA256 7f6edeee0bf26373516d03c513dc5d474cb0609f70d375a431b9bc43659f1993
SHA512 0d43ca0f4eaed9a122f31147f48be2ff5012751725f699e5a05d45e8389ed8bd387a9b6b1c38e263b93fa7d33da56c9d2b1620a998fb6e563fb4779d5cc8bcdd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 36a3f40b0a1dd2196f4acf3deab70a24
SHA1 afcf55ce3ebe2ef39efa816bce8bb2b7b4ac7ff2
SHA256 54f57a6d0b84f50b0985689a39aa5957d05b95024fbd052ded5985d4d3de8ca7
SHA512 e78e7108673257c829bb92896cdde4c5ce1dd34543c725cae3009c794078023e0f8eda84ae6d6265af5304b012b5b820febeefd4dd81800ecf8862f11820f644

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e7c9c85f5f4d62c65c31acf49842320d
SHA1 4307d892d4255939a79ec70865e8d4230ea6e9d4
SHA256 8e12cd0290d025231f50646753ffbcb2a436691ca3ded8550cce1ee781e46cc2
SHA512 2086dee0ce633ac79bf4e8cf8fafb750f1f119f4f24635bd30475b3bb581ff5f84c28991d9da97edc1299c7cd186732f5a09ca757c148596115da0f9062dc85a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 60a572ad1bde9f702c5e3c9335ab09e3
SHA1 5f7e8383a934762316d1d41888b3a7394c4dd085
SHA256 448e5d4a8adbf750840b3ac9858369583f0b4f3cdf0ba41a8fbdcd16ff3d97a9
SHA512 d8630e023068e0f277187f70fd1446cfd9244a5e49e3268b9037966411cb451b49e3cf9dafbe363456af1f9a604cc311ab2298736558315a589e8ada2c65f6f3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 efb0ea957deac176d69a9b308b74b4e6
SHA1 3d777c666f8a5b0d9935cc4eea7e55400325e035
SHA256 2e93095604d6b1231d0a5246af2e9703ab604e85b6ff22a8ab16fb85a72fc8f0
SHA512 5a1f26641e911a17d3e4e350399e5a026be73bf03ce6bcd38ca24f25652008a2acccffbde3d5e5e0291a56482e20fb2c95dd62ba3ef7b5d36b1b433433aebe69

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c18e42fd079450d9acef51832f19c807
SHA1 60f113a0600c0cfbf896db2ed982562337126e23
SHA256 2e3ab0f306cf390afbd4c29b7b173d24177b657efe9d1e10f129893b6eec22e8
SHA512 cb9a0bf0ca20c656f00b34a23a01afee12fc8078586d20f6a0dc78c39182155f821a917a14ef9756882c79ec27c86801612aa04a7ea0d7bfd7afd9d26daa14b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7a8a32d97111cfa2b1d4c72cca943636
SHA1 bf825267627fe94aac445673277ad6d40f31fafc
SHA256 055348c654b7ad120831d2c53c0d260e28469f099b70c1e47d0465101cfe2833
SHA512 da5393c8e10808fa8f05140958493c063d20ab4058d38da83b841809b9673bf13bf03fb2aa06d131f89905a671300c6b82ba5641e4b99a45de70534947845f42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 773d07547f47e381629d2c3a41b6947d
SHA1 0f36939f18bb6c3b85dac66027e84ea9e6828a38
SHA256 38ed93714e8b54c12ad02210bf47a15a88d70c71c987d81a1c60d79aae4b65ae
SHA512 042552c3ac84c8c9bdd273a8f90d5f6d46f7e65df192f916fb049920f5bc0abbfe9309645ee2aa838e79283ce2fae6060282bd3ec88c880ca0263ac0af688087

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 180076facef7816ce6473b3060f825a7
SHA1 ea1d8fb79e96c42a6251b1435fc746546bc50a13
SHA256 56336b8c7c5624c4ff6807ef754431749a8e49dc506247516c92294b8b6009d4
SHA512 4805edbebc66d89bc521560ce2c2dbf88023b608a5274bf7b05a87b20e0c3d76e150cbbd3bedfaf166089f64b42a27a65e85c628b05d2081e1de7f015ec6b099

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 1460db39e48809697d3ba5e675e44aaa
SHA1 3a6a7954c5bee8ec192cac49da32daa20b68ee40
SHA256 b5bf8bd3be1ec2ec951a05dcd0a3b830365aa6adaee9a1bef4c4636b996b7ea0
SHA512 8dfe019557ceceae9a35175ffb38152857c532c15617ba1203f379356d2e8e43918f64cfdd575c7abbab242851b755a28d22deab04631393dbbbfeb90f9b7b8b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc36c0eb353da99d7bd74e50d6936c28
SHA1 ff3ca9160b56915fb42cb1a38a368126715e9e72
SHA256 217347c58c413ce4be41efa7be1e68bcc94ad12b608ee44b3dafc25a6ecd455e
SHA512 6964926a8512d3d0d4cd633eeb6f784d5a7ed544699ff331b6e7f80eae3b8e26875fc72a89c71b7fb1428169f913e20488ee2c74a50c09cd0157c41f731cc031

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.kmbgdftfgdlf

MD5 a004b0668d0ebface583523e6d7ad241
SHA1 f3e1fbf9e6dca294aefac7d9e34b53966f2681cb
SHA256 662e096be08b8e82e8aa39e6deb7b95e1d52d213ca5879178da2226a74c5b284
SHA512 3569a24f2b3a55bc1f68ef80172a007c9f6ec4d2d51c9bdaa6b9e1e015b7145c56a643611c8b4939ba4f50d6d1a6dfc72d704e70c4576be489244f5a05abaaed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a26905f1803d640b46f11df11bdce796
SHA1 8738620276cde66a037c41d0d87b7052c30e87ea
SHA256 6068f4efa77101ee6104cd6ab52b457989502d304fd39e01a20d0dfacacb24bb
SHA512 c38d3a3f0f104b061aa9935fcf4540a47301574a8a54d71b5479108943d1f9124e44a6096b5c4964aea46b165418dd4369f8d930d4ed8a19261da965543a0419

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 2dfa1c99a049073a4c9505bd935effa2
SHA1 b0741e17de03f1764d7f2f32aad41d19484f834d
SHA256 8a84304686f35c24ec6b46b4a8ca16ce003dc2f38a13f75c0660571ec0ce1cec
SHA512 d7491bc882643a5fe7dd6359599a2505ee53240c600dcb8f24cfe9dba14f87f6dea3842c9cebf7e07b2675bb6e12b7d24d5e56aca84c372341f79b729189ec5e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 803d54daa282f21be1152996aee9a2cd
SHA1 ca4fe19b5632d669f3fca3eca7335c94f66c2bf4
SHA256 17b0a4a0f1657872cbe1a3118c2d62f52849631b45dae43be4b9f692f58db8d7
SHA512 6aa406e34766a8e9ee635179906b55a3583b6ab81a44f777f64aeb5b3566189f443cab6d8ad62ae16cae96b52be62354f43bbba421b62314f636bfacd436d1b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d4795c5698ad24feda0e59f83d580b23
SHA1 221a6ceb847d7f70b14065eebf1e510f62bda8c2
SHA256 6bb30eb5f649f46f86dc29c1b4b55243ff4fecf5920dc804bc0f77759136da2f
SHA512 cc7a6619e2c0d603467f32bc94845fe5276d60b700698098e3e65cbc42a7dc13054cb9b3e144dec35519ce1031f7b7eecb341b73ea1f3b4afe349eca120abfad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 09541b880b28fcdbe91fa78b2e26e0db
SHA1 c0ae4c3b10b65556b8760faa68f8e149cb63933a
SHA256 a859f10c6975880b2dd4830513bc1084b4eca069a9a8ff489453b703973d5d7e
SHA512 7903a75c2604c00cd2de9df38d74039272076c6939fc241326b52d4904555820d58eca5d22a253488e01e395f1a36c38edc739c41429bcc8f04f85951983c12a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 67fb765610c8abf76888e7495ab06336
SHA1 a5a84df7407f11cd843f1c4dbf6454d9be957c95
SHA256 8422b56e579f6e042c2797ecde2f90a309b1b9bdb7d6a28d68c17b9a12c03cb3
SHA512 c73db2c48f17a5634cbfee81e879138675dcfb7ab23fe6e8ed7535126dea2decc7a8707938419c8e0a970525046ae92a633534359a1c8a578e19fb2469c14c46

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 cbf19257d583410b336eeb203273acda
SHA1 0118e2952b901132bc9b9c1211f628c9a0ff6adb
SHA256 13ee275b05640d6db78114d6634028b7b4b2bb573f45c304d8e96d537c87b17b
SHA512 01a3c5b838aeef1f38546487202e2b6cd2a03c845ecbfb8e3bc29f3c983a5f3f33396338e1d809ff96315ed87c452bcb68045e32d69ba27a504715ea59831d93