Malware Analysis Report

2024-10-19 10:43

Sample ID 241009-d1dl6szhjr
Target 29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118
SHA256 04415787392af016733a5dc1ee307d9295822db1f1eba59c49eaff8e54c63c2e
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04415787392af016733a5dc1ee307d9295822db1f1eba59c49eaff8e54c63c2e

Threat Level: Known bad

The file 29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2204) files with added filename extension

Renames multiple (2171) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-09 03:28

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-09 03:28

Reported

2024-10-09 12:12

Platform

win7-20240903-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe"

Signatures

Renames multiple (2204) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circleround_glass.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_h.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-gb-component_31bf3856ad364e35_6.1.7601.17514_none_92d51a492ae12096\GB-wp3.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\1047x576black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-1.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\heart_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\logo.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_1e8c88df3830bbcc\TableTextServiceSimplifiedShuangPin.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Hardware Remove.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\mainimage-mask.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5e03773a5199eaf2\currency.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\10.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\drag.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-previous-over-select.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Pretty_Peacock.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c889693e4e0f25f\clock.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bNext-disable.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\LightBlueRectangle.PNG C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\icon.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\dial_lrg.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_WMC_LogoText.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\buttonUp_Off.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-9.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\1.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_Star_Half.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FJEEQNHUJJIAAHT" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe,0" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 226b755e3a22543c61dd9e979c3ca67c
SHA1 4c9eeb20d566967e6e91c48cc04ce5e0a431dd5b
SHA256 e5ee9ee0b0a5b452c273459d0a5a6e66fefd7c2184095200284d7cc3b5f7f2e9
SHA512 dd4b92b4d6cbc85e78b734ea024d382d59661f3e47e1c8c9319e8f57b64a77d8f73effddc4a9e33de4bcde9390003e2517f94d5b7686d57fe78f353859a7cf01

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 2ea5d2fa9820c905465cb99deabcf91b
SHA1 333be621e2c2f71297696817fd4d04ff32596b79
SHA256 9640a3ce8b056c21b1fd547976bda587a96eef350fbde44ab6038083fa0bd846
SHA512 ac0b6f7505fe52d5ecd26eef9bccde5fa3b0b59bff8139672cc6c16bf908abcbd8faaf5bc4c2f8c586719d341278192ee091e943be28d7af41a3a0f69a05a6d4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 cdb1c556c46c1e176943efcb31709968
SHA1 90ae5d5a703f6e2a3fcb71a8d970c5af279043fd
SHA256 b018859480a3b3025e17e05d1e7d9705636454af8e8780f260fb5cda4cc6ca49
SHA512 496af8ef234e22436eab9863d4ed848b95626a63d323f42bcbc4c7d255b8e4fb0cdceb7d429b28085d84a774aea8025d1188d69f8d702b9d9f56a565a0e61359

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 92fcaf4921a92b5b3ac26d8bbe3d465d
SHA1 ddb56ef95f94ad8594e0cdf3aa2e234904d90440
SHA256 7c2d4150a9c186c9f138eadf7f968dfcd8403ae58ec99f3a4ae3e8075a9a3f5a
SHA512 8e6bf8e385326e5bc4a8f148302a18dd5a1b79209b9040424db1dcd3bdfaadc0cdaf1b1bd70ea648a2ef3f626b24f7bcb82532240873d18947961e21cbced1f3

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a5a8e803650bbe1ee0ff25616a49bea4
SHA1 e3ff5e9b549e6e465af722eb2b0b9cd43f32f3d3
SHA256 d43c7de68cf9c242ffff833c03dba495a7aa9202d2a46872f76c03b3b19dd3b2
SHA512 910262b2ca36d0bb52e5751bb0044c6dca1bc24ffd01f449884aa851c88dd62e0420137f14d3a3bdff55f9d4ade410de2f31a8bbd7c077a533eb4c471b37bdd6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 bc48e386a25a81b5a76119ca94551451
SHA1 661f3bca59e46a26805936aa174198f2e74044b2
SHA256 e62c2a33330db4a63ca2efd904700cdeb2ee17b3ab0396a8009d5118a7967b6f
SHA512 633ace3d10065457a678e172e64b9185e8b9bd276a0c685368689ad2cc1fd9ab76474b8b3c07541aca0bc59166655f599cf091c14dd48c24dc48d38ca1a9a255

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 a8b57a2b427b6a6d99d95d2f1a4ccbcd
SHA1 307fc0e597c56483ec128de44246683002c703a0
SHA256 46ad97123de0d703eb4dfdd346e7e411d9989a5493a98b8bed3aa1157d5fb829
SHA512 0d2e2c23a3e32a4caab404d37607a14c2e90b9ea03cc0ff5f8727c1426c29ac9a017c15de15636ed86a0e235b5f80b790c94402250eba524a542c793447edc61

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 08165a7bc7353260c041f9c5b1bc68d8
SHA1 83057dc45a5c25c0a693e82ca563480ca71f0ffa
SHA256 b57e04a3e3b575a5a6c46e8a6e59fbe5cf27c2fe6d00fc9a2b3dd841498ea482
SHA512 97d0ffd25c28a2cff8e92e34c6eb619f66895e2f065ee9575007ea6c40e1eed9789aeed90a29a86da0c5146ceafd408df30b8e36cc136ce427bf7a1bff7641ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 983897b536aa8029d100d0c69c057bf6
SHA1 cbaa5544b507f432808b7c20dc9679ec1bf12764
SHA256 7e3b80479430ddce6b5acef887c47a9f95f9b1e75fd5f0e6a97d19a97e80cb2c
SHA512 a9b1aabd67d63fc1129bd4c186692405da9176740b07edff0c4b35760935631063e4faac4c4b05b158eb8c64d3e9da04c1e22723e57774f3c03728e61085134f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 7d97c01e4b9ceb977f03c58f8c700482
SHA1 7827d9044d7971423d4cf2d71d52422827b9dd80
SHA256 115cc8a889f592f79510f87a4f48e0aa73831000de9c750ac7992857690b890c
SHA512 cdc95b7eefa7bffb5e062cfdcea22c14c9aac53c6894c4b6f008f5d1180717782565851c0262ed22b668263bc47f789301be1c17d32a8b6c3fb41846e9a5adf3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 01ae917812bc39672c2d42a2eaffbd0e
SHA1 4c3027185d269a544618500f6095abd5f51296fa
SHA256 7b6020122a05b1428068424b08c7258ade26ac000f7f838f827009a554cb208a
SHA512 a76d7506f977746ad1310d55cb84ae569a3921ca8269b2fe9a24728aa2724d8dd49cc27d396cc8aa37b2d61643b67c0fa8694d7073ef62e2884a54f7d4ad37a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 511515ad365c525ce8c0e6282029d29c
SHA1 79c6192aa75272efbc1e1456bfdf3f6f09e6043b
SHA256 46a88f4b747c9bd170edb0f7f158f5e7bf5de84cfbf93102a6ddf43b721bab0d
SHA512 9f076b0e8aaa0b6ce66c61fb299cfdb0f7ff64fbc137f32da3b72098d315d1c711e255332b92c16f77aec39f7cc547a507968e1b4a250335cb47ce53092a89ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 90ae99d7887810331d4406883a961893
SHA1 c3967d37acf293948fee538b68af6be18edc7fb1
SHA256 57ddf634a8b7f16708bea9b7beb6241f9218420ba707a4363b6dd302cbe20079
SHA512 9a18ab658ff610a408486e95f6d0c77b983521f4d8438eca5fa72b2441672b88e65e6acb31b769d5fd646664f97a8d15df0f6ca867adcedf358523a10b001fe7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 69b24eabfbbbd67432223d4f66921ed0
SHA1 cdc144f6785925c1ec994462b2df951f8f05942e
SHA256 077c57a10e45a1ccb00ab126c1a10d203ecbdc6c8279bb826eb575ea8cc7ec79
SHA512 13fd1b745b80f22bbb6234879163c87907e352fb2be62e7ac84c380dc6605ad0748c1f8718f84bce85ee93872a148a2ce46ed54a6d8d2ed92eab33fd54fc918e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 ac5c5b917dc9d958d0c4f2311c83aafb
SHA1 40bd944cc18c42f92c6d315aafcf9f329d13f3ed
SHA256 fd3e9c0526063786e890609d40f8ce0c6c9a39836b82141f7a3d65e9304a10ae
SHA512 2bd83d9334dc8512e7851d82e5abdb8fe567d4a66757113353c70549e1301ff20664821b84d17d87e30d405833d3adede8c3ad81826789b409e6d5998f1f0af4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 b2eb95a42438828c3ce3317f14615a1d
SHA1 628dd8398ed7900f628d9e33a2077f8c0848c63f
SHA256 52a1a531ae40cbd082482766320af431ecc35553365ce452e91d160e3b7fdab5
SHA512 3b79f4914be66130a478d002d03ba8f1c0dd2a56c86d2c6839f3951e2fab379ca198bf95f5388ad80528f2d26ca1cbc4b491ff08371ff14c34b685a1b481b77b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 c132fafad20158dc6520de97bf008181
SHA1 f7b5f8ccda48c797b0493efb74fabb78cea43bd2
SHA256 3508fd6017c9d2dc1556cf29c05b80786cf7bb1f4530dcd30254fa5358417a6c
SHA512 a511ea659f9414d7798b66e5e029f73738f33f0cbed62e7bc5233d8b35717632eaeeb4a959d9c36d617e1cd273f808a56bfe05b57baee0be99ce9524e36ac619

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5ccd01826044330277e957ee072621a9
SHA1 8d4f84b91f1ad04151121bb69757e30521e3f66f
SHA256 fb73eda26bb18cba191cec76d69bb10d134d7a636737b0f870e0e5ab24ab94be
SHA512 c2dfbd59ce51d88c8726476d31d7ae014c529871958fb4194efe9e3c6e74e8211f1070159ac2faeab43544b834ea30a9ee45697d6daf641abdb2a4e8d392729d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 5cd26cffef917adbff6af6003263880f
SHA1 f590a9a07b55989194400a05bb7c420ca25ee989
SHA256 b7e473a0dc93feeacb76bf5b4cbb861946aa9563d328cd70247fd207dae7cbf4
SHA512 82bc140dcc0df9cc7de2f75392dc86ebdd1df234a12626c75ef44945eedf1df5b6c6de26662b6108ed4ee2968ebb0eb99f01de49ec946c83419d15201a748799

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 665a54cedc031da5f4a916c8600eb58e
SHA1 10dea1e8669389c3a3ca382ddf59a116bc3b3246
SHA256 0005c9228cc9a580e8e494a02ea4a786882dc025af5d1e5ab6d06210c8cedbae
SHA512 c1fd84200be4afd5b40395360e18ebb42d4e9468448b1455bae083f4710bfe3a291cfe1a5cc923eeb3d2e0c2d21e3123212d825d4985b4f4a2ec1c26a0db9e82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 1b0c132d41c0ccc196aec943009e09f4
SHA1 be123e06986a9f2904c404a0d2b9f2c1a2cd06b9
SHA256 cf637dc16013679a3f5a15d58b93502ea83791446acf76db38c180429dbf643f
SHA512 fdd71ebbafde10d8719dba27eb374752412787e8f432bd06821bd8238893af88dcdda64707722342c33b069cfd61e132c850a6e24481a90decb5053e18e0a675

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 b5bb520706c32119f2eecf560e18822c
SHA1 842dc7b100c4db581f196b5ec50de9c64180f11f
SHA256 9b50f2b8bc876311a584dcc564b400e4f73fd1b3c0cbc2e48003d3c2539b5870
SHA512 781bfc20825d75ed0fa5dfd8eba4268f7b6534cf90586e4da16fa9d17a5bfc7f498112eb7cfe8d32fe4ca90da87012f43ec5d23823dba89926d5a5174283d2d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 04fb301dac1c6abc971fc088a108abc1
SHA1 a5387462af81bcaa56b53bdc9c2da17e41a51cb9
SHA256 f2ca5f66bcec36f81f0c3a4d46a030e8765c09bd53445bef3940b4de152e017a
SHA512 7a7de3dfc2f197d56a40cd329ad5e0e59ac4fd4c225a72c91248b7a668e186a975bb2ed5653aab28f254322ab417d20b89d2eca9f6488b5881bdd4c619bc897d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f7d517f14c56fee938a2d020b637af6f
SHA1 9c21db2fe76d7e3cc06faf350161521e1a33fb49
SHA256 1e46db8f7054385f708db5bb6120e2c5cb7c4237d23918c6a3da941aeca19051
SHA512 7eef4f312a0f8fe7128a988cd4284871c4341d98249dd1c2e948ab60c654b77e2140badf0fbd1ed5231dd1bcc8e3440fcbcb568b37ad79d01e0fe9dfd2b90b5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 2b89cb3aea09e7aa516a07522b31ce9f
SHA1 58ac38ef8e94a06f5482b0a96162ce398b63de47
SHA256 558854c0039124b6dfb45131e0a2a39b560fbd8120064cb09a59ded117cd3200
SHA512 43cb228493e2e78e5c44817519893231ad0f0edb7e15e30f0131da651d0fa5aff83cd842d48b5fe0215def76e55662c8deb798af0af6f6ddb952e8b2a393c805

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 3b1f8a29fea4e05c8c0b7f2baf6a2d0f
SHA1 16d19bd2f8f6088a69adb429b452a7f6ec8bfa62
SHA256 dbefe112b03365d303b3da320c98d7359e6fe4c5f976c3a55cd32907964c4958
SHA512 1fb18a408d6f6a794d3f7ae10a49d660fd5c21af00328cd850131ea512bb7368b903857dfa9da5600f2f8525eb7250f2f859dbcaf375e461bf94a4cfff18188e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 5eb7d2c3c6d1fea39a37900fc619f646
SHA1 079a17a718d324483f4549e48ffb8febd7729ac3
SHA256 e5b3736db78b15a53e21542a67198137ece5561abde27ab1eb180e5ca2e820d9
SHA512 26bb1204bb63577e8bae9966a970a5d31b8fc87e4b12a461b2b793eae63be66c4d654fadec8bcaad56bf3ae4ca9fa8d910215a89139aad47829f76b2a7414d09

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 b349c959347db51a49027dc0c8ade360
SHA1 b742a14f34d6fc5d01cd3c42f5358bb163c86009
SHA256 25eb682659207ceca5019f9483392c98f7af108a75e38f5e5c452f9cb0450495
SHA512 48caf8ff5db1f21449f6711574e2e368f6060d651319f73761b5f1f488c418e193d9d263c445941fe8e03c46584b372bde5612265cd2dc6c014e7a0c18697dd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 a29528eb240a0bddbac2aee69a9768d1
SHA1 42ae36a24ee5a7c131339da9dc858314a35afa6a
SHA256 bc8b9e878e355cf580d2afbce47c5fea69f76aa65edf629ca44624d4ae27dfca
SHA512 4c7019ebc86035fcbd13752f166e6c049cab76efe32f63c7968b360bfa7ff9999469e5e84b596ef8b0eb62832e7c32ad1a3f40d14d0c9228231fc612dc88164b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 7848c41479e0bc64339eee1bd53fff92
SHA1 ee6e562950e1a113e9b8411b4d356f53264ccb6b
SHA256 2b8981d8adb2f34230a291fd86b2743c650f2ab8b4642d0b1097cd86c15e3820
SHA512 0b911e7f9edc04cf95bbde7c375045e34b036d4ce0dee7fe68b0748b105244a2527b9aa1d24d8088ca4d2b8ea433cbe077796a5c4622af268d22d35b7ae8e420

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f88c44bc62f7293ee6c608d8a93bf44b
SHA1 a6214229dc00ceaf629657c06ea5c6aa0cfb339f
SHA256 93fa4c74baea0f989916b8f0dc3cefc9a8b7394fec25bd562eca781347f9a77d
SHA512 e59741037685771e7fe55a2ab1237d0aa15090bc92caa13da0a4377ba7a15822ec1a8b61ff0d5470c775aafeec684d1745a181107713b8f71714e94765bd346e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5feffd74acdee430972a7ba3feff6d24
SHA1 513be736dc98b56bdca3d29701b20d47ee7bff85
SHA256 5b97ef92cad6ae256a4db6bfd9162fb07ad58c9d534564e1f10bd84dbbeda6a6
SHA512 878d9df19a241dde4e5d4d3f1e05337875f2ba0f84df3a66858cf161668b45779bf60a6c66cae4d725555174a2272202df1c73aaaaf08eb9274d85a7521e52e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 d432ecbdc2a72beac979f2ceb92ae25b
SHA1 52c6f54c607caf09f1f0127ca24f21375eaec3de
SHA256 54db2999c3fb51358db8a4d9b1e3be79885d1472b4b00a84e4a7dd063ea70b99
SHA512 04786ad06acd9abc9b00eef2d175774ec3e4423bd1bedfc9827b15f7e693ffb5a363f6fe5b4e05a2ca2ddb1a8956e5ddb0da1bd8977924e0fc700f44bdc8f560

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 74b66d29ba895660c1a4bd74b0e8db97
SHA1 4d1dff7d10284dc298e2e37adc8538a603dbbe2d
SHA256 457181a3ef3dcc30eee93ad65af854aec32cfeb6f2ad449e11ff447701af01ed
SHA512 0df9b40ba2e53de405191bdf953f0b18f7ba85b286ca964773e47bfbd98781ebd239ddcf306b46c999a203c03ba00baa06e4a6ba375602e287a7c20204a1d59d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 d17143983086dde355167e92b950e21c
SHA1 9960f7ca98da7eb3e01ddb0d59ada6cbb4a59fbf
SHA256 f8d1362a5702c6cd65738afd29a29f26efd7d941bbbe843d915819d2b399db18
SHA512 0eb663b6566cbe94ce158d957f46b4bac15554be58ee7142e795a938b31340503f0b8ae00e80aa5a7a6779643e37c5c73806141a4348402d57546165f22899cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 5b477a3a9c2c61c3429329b1d7ae6c81
SHA1 16f33e2d22974bfdbd4ba2b602d7862272a1d591
SHA256 868cf22eb6f979dad73a98d4b35fb3fb6a7e7a83eb9a1a436e4765ee8b5426b5
SHA512 cd170901fbc39cb425054107bcba8230b0802e5cc9a0624ca2c536abf4421a7b869e79617d09f5eeaf7fc3608b2e981acf4ad681693909aef1687a640911c470

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 cb0e93ce2fcb901bb1fde97266726d10
SHA1 d89f7a81e08f934a090e4c26827334c8ecdcca89
SHA256 6eae95d8b80534b1d3ab25633b9b22281003d7f34f5d365327f2eb5ed1c36279
SHA512 59cacfe0eb4e00851898bd6d091bdf3a9d1e80d634af849f30352fa0f9bcb5829b35b7cb5c6b2bb5c82d4ce7cf2a6684af2e6e6fb760eff01fc3fa3e86ca8c05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 450318f3eab2ce6a4a04bbd6212fa9eb
SHA1 ca118d30746a7a111b83537f6072cc8c8b6fcb58
SHA256 504a24c4c782b88b6bea1eaa6ec638886c7c14c7105ae4c9f7f88ae8255f24c2
SHA512 c017c5bf77d82e6ff861b6ebe249036e3a975f655852a5e5bbaed29bf0938825497ef441217bced82fe561c0bc0ebbb4d1e0e63441dc5b5c564afab5d9fb3d76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e4b256df6b740fc0a6abf21eee4da878
SHA1 b7818e28034dc335d3283924cbaf2ad566d05410
SHA256 49a2e26f234a5afc0e1fddca3375564d32a7485273bb5e4cc6edb87b0332bc18
SHA512 9cd8c596f1a9436952fbff7613a02d2bc77caef150a5a3f7750a1c6cecee2fe793196f00839f9864ebd2d768f3b205304c6362deec6c28f88723d7b5c3b61cb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 19e437f4077561918fcae537f8326270
SHA1 21fa2e7f2a1fc53bd1044f88cd601670095b152e
SHA256 d6ac3d23dc785871eb2b7ff606e5bac8158bdc9184c2e127323a8a6cc34b71a2
SHA512 cf3d03e484336d7c54f600eae10987dfeb31e5fb17dd6abfe1729902153e561294d8cb7d3359cf8571d50ec9cc12ceb91a4c04dbefd6a79299fab4269bb0fce4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 3cae507e24257d306d1b84d01d0772df
SHA1 867a09282067bc40edf70eb187622e5826b18b27
SHA256 9785b9160bb99bd5c23f62de538d815bae994a7ffebbc29228e53ec069e51197
SHA512 14fa1cfb51a0650ca0ccb3f1d47fc3edcf3a2e060c1fcbbf3d4e4d623ecaffce1a9e8f7768ebd11dfd61e765d9f065c4ce39f27b293b2934bb40b15fa9f88f7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 9559ed8e2abbf3b0531e04f94011476b
SHA1 502bec8426d94ce356d6942a9d133a08a63f12e4
SHA256 cf6dc2078ca34e5c212d82c84539571d452d36ba75b64804933c560ab8a36b0f
SHA512 8cc8eb2b1fb30af3ebfb99c643a20dba310bbb995f6e30f54c59b1719022c444491f3c8424af518fa6c65721bc076c8498d090f08dd8d629bb5a530d6a7e2b0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 6d0445ac8fb9b4dd3c7f3fd22c020afd
SHA1 6ee22c0f9821d62928f0e120acb9c4672ad044d8
SHA256 519c2f3dcaa513b77f72df1f6ff21c23a41313f3c33e3258fd211a7de6e7e7bc
SHA512 7f6518980becf26dd1e500251d505632413c034625176442546f2cdb7c43e5a6ffd23feb0334e93ceb322bdfae5ad9412782233baa0bb083c360a4ed4db65e27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 c4b54db3c868953d53c5cef52a9fb0a0
SHA1 f92024799713b98c2ab9a71b0d351c3856c72023
SHA256 91e605b410a5dad89ca4e05b3251569e430c324a40fd7a56a81b08b803b58227
SHA512 09ca92b41159114797afb2158bad56896cf1736e832c02ebe3225504f1219ccf33bdd03ab5a6b3f4986ca2884ebafeb24ca7bdb79aac961d9f683caee784d075

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 a844240d45cab5185dfdb1d8ce3a3c93
SHA1 65b7282912928a33bc4c169ccb26714985fd2326
SHA256 6cf50ab024c766c7b9f1fa2a56eda323420350ee220727de3cc0221ed6fd015e
SHA512 c8bb6a542363e98415d5169e6b7e81545280fbfefde43ac86d8c4818112f0f0ae8cff2155360e00d191ccc7565158de099f84cd12325b51d233a452fafd3d99a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 cd220a3df6f2bf03430fd48d8958b833
SHA1 8ad556e83aa221e82bff02e5479a4f573331be52
SHA256 1c4d922f433aabe18a9e2567ff7ee66644d4b6c5177c3525e8b557ac7f35aa1e
SHA512 f19c16d000429b07f584e98737a59c1718f2594d426682d6d2295ff2ceb4fc0e27450322190adbbef5aac4f61cfacb3921dfd53e99a156a59d9f08868cc26aaf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 2b92b0beec8624c9daf6127f668b8191
SHA1 60b4fedf82e17214b22f0615064be67e109387ae
SHA256 869d254bb7b0580df740d551db28c0acbbf1fab34ab83e7bd00d86bddba25481
SHA512 20ae8e0c5a30ff89021b0541ef3b4ad9738d3a9ec6464a0fd7a344d6f57d5f51813fab4e984cac5306cf36bdae3dd940e5ccbf97dce8c89c9ffb1d79314c8bd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 873531fc4ad8dc2346b4817f85a7497f
SHA1 b81a06b9682ea2d687b1d8f222dad48ff9366afb
SHA256 915e22a89d268b3cb8f7206674700dbac2b7f3dbbd6c4ec92e049ef086ebecf8
SHA512 1f456db29191193a1713ba4de7a551d315c6207f541424fd253f00f3286a8896a64d3572e805a67af4cefbab9d7ca3ad5abeeda7d01bb46f755268eea56a9e03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 86e55c95e408f010d46ea6088219a435
SHA1 7c21e8925d4dd5df333f669a8ff5c9a1d560251c
SHA256 b31bf242212ad33c3fc7fc87637e264099d9db59239f6c5c0f684a2254f12df8
SHA512 4af6ac10f3937dcd8c18e6bfb58724d1216f06a75b912b00950c13aba5652623e28f64d21ffc04f5328db7bbd7a261caad26199c20501f8e42d1d6cbabf8bbda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 7254745c5198644f38b27a4f342cdb4c
SHA1 eda4e279304b1f60d842b8ceac813f20dbf214f8
SHA256 a57a929254b8e3aa4bee56c7596bb1360b59af6e71aa21b1f43801b4d602a6da
SHA512 534f32483c17736ed32926cd5f5ecb5622f41d3d0e76ccb8a530dea074b2d16601af43d37e5a0d57f193b28c6cb3e036ba4e9e6d8714349308ff8cb1c086a13b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 b6aedaf03d15ba120a60f0664ff8ae51
SHA1 8ad8e33aeee1013cc089b01646e9d247c469b042
SHA256 90a892490760e9c71f697d0a98bbbb72fdecba56f058a5fe4b0569c14fb9f2a3
SHA512 487de79557f2d8d5a68df9738e320d3cf31ed74b64ea666b01120b0d3f409d06a3bb10b07b60eb575de99f8abc4fc1849d0894b1ec31542d2859271c1e625e14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 ad32c7c8b1f38bbc91efd62d576e8d92
SHA1 c2d5c4fdfdee45af3d0619108a3f2feaa63222f9
SHA256 8b94402e41cc72b9a47a20950ab71558448b2ebf2e89135775fb818aaa000194
SHA512 c5016832b6d2597ec5fcc75cfadd4b5e2354c1b7de49ccc83edffa9f91ed55ac7d59187be4209b777bbfd6087678133e758e653a29c1f1a6f2fc1d3bdd4c945a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 9dc9a730755d79a51cbc526fab645878
SHA1 3fda44c3762e4f6bb53208be583f37317bc54d3e
SHA256 c2575e962c3c7b864186f6d421bd488ce6c0c596a44a1557e65bc5615f9a141b
SHA512 3555e97641bf551747d076c84e0c48b81a05ef14fa1dd879fdf5221d28b9bb24ebe54cde8898a8db47baa105e922eb2fcbb2db66314c3886d56dde635b3ecbb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 8fc9d749d635aa044bd081e7913b8ca2
SHA1 45d10e209c1753982e82ef124179269c0df0f47b
SHA256 85f95aa1375770c0758f7c0e1caa72806030728f40e075f8e3d23a44947648f3
SHA512 31fc31bab34db44943ddb064c4490cbeb6a24e714d96b6b7df22fb091c31922db278fcbecf2603957b9e4997a0c0b69c22f032d9f27ea04b4758b440678be925

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 590cb382974b250de37cc34e6857cf9c
SHA1 f303f372216a5d319eb713f7fe54b843e954eab5
SHA256 deeb4f439f69cb768dd526549e58bcb9c95f7194f478b516ab9fcf33f9630ff6
SHA512 31a20b57b4accec9ed12572abec7e8381265c4c8b2fbcd02b8383238869cb4f5fe9f8d6fc0fb80b8c836101904565e0095d99d894914e8eddd606701a683b111

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 9a1c3f9207f1aaf4793ee40994f2f443
SHA1 271035612a619f91296ae9b9a57f17ea8857aa16
SHA256 95b4f2be4ddbc6e880b07d06adf0fbbb3888718c0d78b6a610fb41715b55e80e
SHA512 f07e3ac4ff5be1d93aa08529c9e1bbabf6aaf73beadf66186c185cefb6976ad73cc289bbaa97321b5a25843b701bc7bca9ea06c822ec34d8106ad6cbb462de48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 dddb658173ddec8753138357884469af
SHA1 5ffbb4f7e113f4f8dd5c8ca5f0c2f2f2bfc2cf4f
SHA256 a3983758dcd923fd5f624709802a039b36e2117b86547c739610309637d90ca3
SHA512 25e2a2393bb9adff9fbf14e0ffac028dc81235e1c1a499588751a0b8aefea48c0ceff34edd7346e11badee34c08a78218a308f3759bcdae40fd6ed29aa99e6ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 90c6638fa25674f2c7b90e088815664f
SHA1 0165e906d2b89d12619def4bda7d692fead4c353
SHA256 7f624054c781f47737fd552003bdc4b1eb1919398864ed35e2d67d2f88eae6e7
SHA512 1a65ae3aaa1988fe37a3f35aeba5122248fea2b2c20d274b1cf465ba249a89ac31b791b1005b8fa8935670f050deb0b24c52d04e266102fe7aec41337084fe10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 39d8ab1148bdd639cd87db437cf2f530
SHA1 afb957e3875565d7775445adaf119e6010b649a7
SHA256 60ec4d32f7356d0ba51533b4956ce6a13ae52aedca1579fbe67b60be985cc5c4
SHA512 04dbfad2b9b9486906ff87b9eb37b868e7215d2974ea996913c28a7e9fa6573684c44cbbe56f29c8663cba12230add7f1f23f1bf2e985e5addc0c02c7b538bf8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 4c0a5d7903ae5148b7ff5ba492f4b5ae
SHA1 3b9e532bb3461a01b92d7ca8ab5634412761a67f
SHA256 7680f457050c4e9f6a5e8cce63e1c4755a10d49c1487f3bb9abc2834e7fc5e23
SHA512 903b41bd16f96f05464ddd51816057237b77125c371ba2a5fe3147e7393232e2c9c2d4549295aba165043ae8594ab770b7ae221c2056c350f8bd91d0ff7fe6ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 821f6187b6c73e07252c675c8d6357b0
SHA1 4f79c335dc7432ae6492a0320b99d752bb8b838c
SHA256 b34b697d7b50380da7b324dacdd4d7146649d6b3473b2b2c6aab4d7ba967534b
SHA512 ba1897a025ae72864b7fbfce646710112344f890c906f50cdca8ec34bb4516a8053bcb6e33b1842506ba85dec1ec7ab7a60bc49b2980f639ffa4618134c5c2e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 ce3792a2ffdc033a4ce05863c7423e5e
SHA1 6e4e9e1b890f27e699780db7e417c51f749772e3
SHA256 8e08b86d3615d1dae4909d1e11b77ed00b6760c2852f6d18da72b7aaee0dba40
SHA512 fda3b31f34a6fe675477d92cc042fb28d6ef72190a4d7bf7f3a8d14f2d9b51a91af4bf4d0bdc48df2e171cea1f44696d5d0e7896ca77880366a9dba6c91472dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 94e5439ba8e9bf9c5f53056d35a8ddd2
SHA1 035ca5bf4ae959ee5acd5718e9c0028348625389
SHA256 8e77563103531c75c2d0e921e4cc85bb10788ef2cc3680be97143948ce7d2d84
SHA512 bc3627e87ba4b66732fcb8dba96fc855f82275872b04f5d0c2b9d90896afe9cd6960224b07317915b80c94337d0d50ba975c4203ec93d35ce78d7cfc70087e92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 b71391bd37d0a3a096822b0e9460d2b5
SHA1 6a4a795a36918fb6819a3901d60efe7764496e1f
SHA256 a4267fc3e1f7f71240547f6380015e5cabb10427b41473f135bf15ac256a8c38
SHA512 a3a8e9f940d2d0a6b39525b50e49e3629d237247e500f182733e4d0227a9ce03975e901db82f85745467a001dd4aac7615d5205533c2b3a273cdc3f8eb1cb971

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 a8ed08a74de9e7703a5166887f16d5bc
SHA1 9d06d11b8f425b7e0f3db57e9f39c7624a4a691b
SHA256 ee7b67db5bd2aee3ba7a8bb1186b58282508eda39342ad0397c667ae11f31299
SHA512 d3246af4ba9246418ebd163866769e8e7fc4f33d13a31c3067ef7038851fb877ddba17e42f67abea61e90ad87309a6a08f6952938803b8eb286f8fd69e0aaf23

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 441e6cc5a06e3a79f458c1ff680f1df2
SHA1 4b6c8eabb69fd3cd580ebb23bf54b2400adfad95
SHA256 9bdd4b98ccd649fc025227f6a4e87a8ef0569ea582dfa16dd64bd30da134ec09
SHA512 80c599bb1fba6de89cc7ad0d8d68b393014a796c6ef0888d45f767ca11d0a6dec229d4ef8b6a900c4be65e1096b53864d113ee370a86b003530c8424adc37af0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 98231924992936d417b4eeba03f4d59f
SHA1 6825f6f082e30b7f4b8d127565ae2abd441b5ea4
SHA256 89bc89a90a3230f844582d5860e3da394449ad62c48225dfcb8a364684f2912d
SHA512 56f41f38ef37c402774c62c4ea0a1852268fa9819b67354564772ff866ee384b67f725bf89c4a8a63c468d6f7172ad3eaae8429e0747aefce71f5f137fdda256

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 305e687c2d5123b20e5058992b311322
SHA1 207b2e04766420e4572f224013e68755755127cd
SHA256 a9ef5d7e94a7384dfa8aa5f1b9971945bc6e3addec4c3d53ab407585d1c2284a
SHA512 09869e941192ef001d07f84d2321d7c0fb7e0253288993c6d15071f67cd18e0d094d649811b65d882f3a6db2739ca97a6982ab9e621d0aaf36afb67c3ce9fbb5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2febb7e20d0a08d224d5083b9f9d8ffd
SHA1 0322bd11fe6c7a2863965caac691bf8f8a66374f
SHA256 a709d636398c00fb6c7b90be571192e75e0849271a884184960f9997e89ca88d
SHA512 638343b5da62e1b41110582c0a6f27173e1e737d76495a0f9457126e8da5b38032aa80b1c2961e227c76d7fc9d9aa5e259d51fd3c80d32846cbe8ab6e51c17ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 7509789983f5cbe385c5922795075785
SHA1 b3575db78f2c6b996a9060a6d643fd98cb88b405
SHA256 2cbcae3f53d1652691be57244ec79b75618d448c66aee710a4d9a85c04c11412
SHA512 c5f4a87f41e2d1343c54c3c6e6400d0e7e06beb4bac7b990988d40310e7c5f72650c142d571966ff14c14e6cfc458efd323f12bde37b68ed011a25b64090ea33

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f6c7c9310822faa59e08a288dafbe7a3
SHA1 f52d0c0472577b3065782486c6580ca99d90aa1f
SHA256 f7cf1b57483c34c1ae03d680a2e2a0be7f250d2cb4c8ddfc2f64e7b63a843ad4
SHA512 68c4972245560cb59cf4a4dd5254aec4b43944050a7b364e591b10373b5cbf47d47ff5334f244be3d73e51cca8a7f1c13d52409c95d02b00c1f9d9e0a8fba912

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 57453f65c2517ed1817afd9fc4b95ba3
SHA1 e23aa6cbc845c87743a3f05ac20382f11a85cb86
SHA256 2011192eddf4ed5e05148c85b62a613b8d0b709b6a8a57561e5f3d482a952d8a
SHA512 16b13eca81c29edd8874c7c9f7a7a6c75fe2d5a7fd6075d3471f449490221763ad0eac54055e68cf92a2da19cad803e0b7dde3bae487ba65ced2d96275a19388

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9f1b8ce2b6fd3d7f875fc926ecc75244
SHA1 f6f9283244b1ac940070d8c3a2654e793b2a07fb
SHA256 f186a78942afd678a5f3f45f4b3c490b13fa5d3fc656dbb6c22decfab58ccd16
SHA512 e226988b522d44cc06d493bc6e3f802de84a7e7d5226dfe16577fa19dbd37ddfc7b39b865fd3d676ca19ff4731282ac490abba82dd28f3e324e047930b3d7f61

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4b2f9e15aa408ba4f24ef345834bb493
SHA1 6f8ca1e97eff223e12fa1a6020695e7039510035
SHA256 8d385ddc3a3e05c23f7a6798fc6e7aad030ae642f2d5199a4add1e1469f642be
SHA512 78e2dc732187e9b06199a00ad6166629b49c673016339310d1bc625b0c42c00af8b7b52e62b4c8b46ef1110325fa231cd511169a77f5d585b9d29cb897253bdd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bd5cfd216a418613587866bf629267a7
SHA1 44347a22722dce2c8241291e896b74bdb3b72563
SHA256 8c244172cd38963f200547f5faf3d9d9effbc6a554053ed72d054bf23c04b68a
SHA512 d4f844eba3f9c04c598f45e0a8d63af2836c58f5a26c7a6ffd5ff391448930789b54042cf1000650c545071e70e726da0f69236d0a91757ba932297a233d896e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 2603e406d853d137252a2373c4047a2a
SHA1 bade16cacec59bb053b610d6aa1f2a253232e5e5
SHA256 70dd3d28d1c06d43892be2637318eae821b8711c6f537317c979e86f65e78677
SHA512 a4679b7b440a04b89c5a7bd3280617a4b65020dff7f500be4a8bb5ef27e9bbfb0cd2d131bec96c3296650b055028c7c0c47581fdb6659c3373cbbfb8fb883037

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f26462ab94450a4cfe40957bf8df91c8
SHA1 6609a981dcc2f653f6aed333d5f6f1bd6449ab43
SHA256 526db618f80b3190ac973bfe5e44e2c7c6587d00c63131b50f19842b81b3aaa8
SHA512 961aab642ba61e36c49fa0ac81362da3c609ba9379e07b8ee3cd515a747be1939bf0cf04819ced991f73f7fd210c1d87025731fce62ed2baaaefbf04e2560d46

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 530479c4c53d033c5d96e1058b0dfd09
SHA1 63dfa22d9eda45ae750af8097969d02973335b48
SHA256 f352609174f11c8211745070eb4d6370dd0eb72b46c1c134b8ec2d4ad451a8a8
SHA512 73a01ee4e0397f37ce80c1949e2e6558fa2808eace1ef27599096e05685d11f8b67879ade30ab0418f78fbf8e1983976b79aea47e2e668348ab73383fd44805b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 0443bdb2d1b41f567eb7ab17a355c97c
SHA1 b1f48d7feb454b2c092d86bdc3f4ebf337d2a32d
SHA256 eccffd17490722eb12e016606c1af12329b2e86f8b9718f970619610ca9647dc
SHA512 8d7283a0859ac560c59912ae9259ac6b3f76d745f9151575c9b68d8f203047dcfd1ceb72a7df87a8d72b88c399ce8c702b80502534cdfbc01af4adeba56c240f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1dd5b890947e05f820bc23c2216e60ea
SHA1 ddcec80c975691b316a9493527219cf697eb2091
SHA256 935b2266f1a4c52dd23155faeb21930ab73c4eaeadda15c5445645f67db6f0ad
SHA512 1ce9135e6e1fc8b9e812b7d8219c7709c60a436cc3670b6784aa7c3202b1fe679f34db7d8b088127fc894aa9d70eb999131278763c2519efeb1eb702a5d70806

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

MD5 eb8ed7be66f1f109bc4cc0b971145177
SHA1 a35feb5a7dfb5b16b2143a4cea71923f03d69667
SHA256 5b2dc8132402cfdf15a809babd2a57dd670b4815b2569d8d5c56e256f7a97bce
SHA512 d2454d66f72ad384ce0642a4ba9c0aed692d708bf02cb3e2fbf708facf17d9e7b37fc1f2639f0c40a9172d21a059bfd61a3ce0c0ac58e33e23b97b1cfe117328

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 16a5243e0d27d8f0f8708b4e3ddf0ba5
SHA1 c716eea5b3a034e65a88c7caf75bca1a440e38b5
SHA256 0dd84783ce89c55cac538bffb2afb53789ea03c7f59890ba45715f1ad002be6b
SHA512 a7cb4e43db4e1e6efc57e05e75c062450fd28bc8015e3ed6b9b38ab48b0d295daf292876b97fdac29c75cf23195e57f759d8525fd032ef27e68ba8aef598767c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 128ff22f5e93563bfc279c51daded192
SHA1 b9ace17654d545605b87356ab84537a40f1b765f
SHA256 c84ea3af6e19fcbc83dcc653da973b0d485cc30d13428f1cabc70cd06873b1da
SHA512 739f366a8c6af0a0b37d945e4e494937f86e60321f1c6bbede4bc4d30bf8961307e645aec7b0c1ef55565cbddd71fe88aa3eaec3bbc0a9568def820f2b7bc4ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 74215118520a1539335aae464cf2c86c
SHA1 8a9614b77c355971c33d22b162d3f83c5a2ad6dd
SHA256 bc617e751b0d94ccb5f7595ee42a304e09400d539f300a0a2e67b7e789f57e58
SHA512 8744e0335bcb8d2fb397f849945b92c3e79511cecea2d9a1510cf7130bc135aff41b3213d52544f156be4c145d0fb04f1fdba2fa65d6fa44a669f3b617f41733

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 529b5e6140754d6a0e886931f6a3d5a6
SHA1 7b18adecbf6aabb7e6b0b8eedb56959bda1ddb1c
SHA256 d207e6e8648fd4707c9993a8327b7797dd3faeab332b756f872d8b5e300e6072
SHA512 ba2220dafa4cac40614e25e052707edd846b86a7a45220a1ed2f96267f146aa8e9def3db817b67171f9ff6bfbcc4478a5fd92f5299e9891303256570d55a07e0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 71032553ba00949e73869d1c270fe267
SHA1 1f0ef3e918f5a0fc4f747299042fe404e40a7e53
SHA256 ef31afb1cb8a7ff111cfe56eda5931f972dc2f8b4083586d2e80bdbec7fa00f6
SHA512 bda45b85e267f40c97a4a1edd5e1eca3bef46c898f9ef2f5d08646b6640e4efe5b16a848e843d49b5bccf12dcea304ffee3911c22933f303c5cd245db0fd6bbe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 fb8730350a2023a4c7cd25ce4e1e92e5
SHA1 8dfab2ef5e17d0e9bba3e6e205068a7be6d2a2d2
SHA256 2fb92888f1ddbf2452f7e55335c33a9ff90fa35998b09ad0b4425384fea1ed23
SHA512 d29628a97fec460ea1e98ffd1ed3f2476d2e6128a83f3dafc36343841f4ee7e431330b2ac59587e1c9d4b1cd8b8c6915d71ec1d80177f262db99dd99571cab1d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-09 03:28

Reported

2024-10-09 12:12

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe"

Signatures

Renames multiple (2171) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\ContactPhoto.scale-140.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\guest.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Images\fre_background.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-down.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_20x20x32.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\x_2x.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\LeftClick.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\pdferrorrenewrentallicense.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square44x44logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\sslnavcancel.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\LocationIcon.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_10.0.19041.1_none_910333b84fcf455a\img0_3840x2160.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SplashScreen.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\SplashScreen.scale-180.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartselection_clear_disabled.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.1_none_9fbebf8222c20a6d\ResetDriveSquare44x44Logo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare310x310.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Assets\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\@WindowsUpdateToastIcon.contrast-black.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square44x44logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\412.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\AppsRtl.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Ring01.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile44x44.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\AppsRtl.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Background.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\Assets\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars30.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\KbdKeyTap.wav C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\wide.Globe.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\Assets\SquareTile150x150.scale-400.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\tlserror.htm C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\AnswerWithVideo.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\Square150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-125.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\Breakpoints\images\xhrBreakpoint.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\default-frame-template.html C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\ScreenClipping\ScreenClipping\Assets\Square44x44Logo.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\perftools\images\i_checkered_background.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\NetworkStatus-Error.png C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\help.jpg C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FJEEQNHUJJIAAHT" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe,0" C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 226b755e3a22543c61dd9e979c3ca67c
SHA1 4c9eeb20d566967e6e91c48cc04ce5e0a431dd5b
SHA256 e5ee9ee0b0a5b452c273459d0a5a6e66fefd7c2184095200284d7cc3b5f7f2e9
SHA512 dd4b92b4d6cbc85e78b734ea024d382d59661f3e47e1c8c9319e8f57b64a77d8f73effddc4a9e33de4bcde9390003e2517f94d5b7686d57fe78f353859a7cf01

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 76b097e3f636e531f826ffbf871a9e9d
SHA1 c463ef81e38d1deea67e7928202684cb042b9c7f
SHA256 ce5af019132c58a82f84cb69b107bb7cb7d7292e122787579e5c01112173e1f7
SHA512 ff1e3ef9e9ad57fc128d25347d532d1b88daff43d3fda1d5f0f2f93d5e7fb398bbc85db5468f1f23969ad5e9a5b0fc1ea5d8151b32316ef8ebe76839563cf683

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 0a1e8e4dc486d5180832f4ff313bddeb
SHA1 1177066ce82e37ad216d7e94e44eed87524a2622
SHA256 02610c8092643ef692e94d32ca78643dc3dae250d733ce72d31d8a654dc9bedb
SHA512 1399ec7c1199d157f66a12ecbf55d40bd8865d4227943835d5a2da7b78c8c668e71ca2ea3d73b17facc9b0bc8bfe3b69327c92ab3996c95bd5c66308cf9b4e36

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 4e64fc5ebbcfd466203d22a6c6e04a88
SHA1 6fef769661eb4c37bde14f9216a9ba9139ad9aa7
SHA256 1570fdcac8e3b501db6397b45b66459eda590b131402f1b2982c8a96cbe7942c
SHA512 db2be64191fa319c85e97b761c632446c69e9375666f51ac8f847966979006114e77ac733b4927c7b311964e39de0cced5773ed27dd57bf34a196415a6af1baa

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 b15d98c82e8d506cb9d0125e2323a03d
SHA1 11da0b2b6dde5deb9bfd161008ad1b8d58f33cc5
SHA256 2ed06982772a68c42d80a96ae974035c9daecfb080bc9fe027445b471bb9e460
SHA512 4fb1a61fc5595b725d9b2afaacce8593d72926ce8b71be3aa3836c35cfed8bf8088f32644cff400d0805889b5976cf262b64c9900db919a8f562fa6891cfff80

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d75e215e768252a80ea2092b1553820a
SHA1 530e9ecb25fd7084a852e3db3990d35a35e85a73
SHA256 bfe5ab131876245a17651203f16340d11bdb53b4fc3d2013540a6325e1489681
SHA512 5cf5ab74320d24d2946bb6213a5fd1c2a0fb814469f3e95f7295e305a5c35718f35399a3e4f6f6bc6348fbdf0532a0a1ae370c5e39e132bd6a65387ed900c7e2

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 a8f8cfc007283f0a4ecfc6489403577d
SHA1 5c382e8fb31533261bc940f29204ee59e6103734
SHA256 bea732459228c8535c7badbf9888a67dc65af0c49172fc71f9566f48d27839a3
SHA512 b9155ea904551eb9d13740e05a3e64e47f3774c5b49618bdac6798476733c48968489e33b26768a6915104a89d5f076d9aece7bd99d2273de9dcbfc53a7539cf

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 aeb0efc4942d1575beacd675ceb06db0
SHA1 a7a516136a803a43cf668668a2335eaafa4991a1
SHA256 e46b4eddda857092368b9b94c654a62b0314673531db39e407fbc3b13afc2db6
SHA512 036b2812d64e6f6f32217d9367e7e22f269bb58d1f5172bb6ff7876a7065a7e2d7c821c2c79b8775c5a324f3cfa2902594cb8a697eda37c527e1f608f218ae54

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 315c4c991076c95ac238dce40af6bcde
SHA1 5759ef55d5ae555b2d22697c6889645327ff6169
SHA256 3b606f7a695ec9cc15c45dd6a335b24989ca1ebfacb6bbaba278c2760d53e6c3
SHA512 c6527d027c8bb9960edff11be066aae1e04d3e7558d7b17e1680ea4b12b23c523e94d3919b5c0cdc11b41a10f1b3186b0e1535d905edaafb3958a706d5d87468

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 a5e136f75af8cc2bc22b74f5c35e741f
SHA1 0071d32fbad09d0dd89e762444f017549566afa2
SHA256 fbc62d2941e9d97049964d38ade6afec47851e995697e8bd14ecddaa67045231
SHA512 951350e89d1b77a61f975152e88c1e52e964a406c2430a58d9e5cfdb49fe19b60d19228e87de5710a7a886be05991edf1fc67ba8207e03378c65401731919bc3

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 0d71a949bddc4ec0cd202e8d63f7b3ec
SHA1 14f79458b92f2c6a77f90a118a1c92b22f78bf66
SHA256 6a573bc8f5b0aa413a0f460da821299a51de36e3a4be4e5a16aeb2fbfa241f39
SHA512 672f9fc7f88ddffce13ab02e0ce6fe55506ad1276ed9ab6fb49434a1ce52447442e4a7fb61ecf16b7f3cd73cfbb12c10210f1d5830ce6e94ccb1b596e6889a94

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 53742ae6ecf3b0019648d7d0398051c7
SHA1 f550f6ef47cf53efd658d5d631d661668d228e30
SHA256 71d2e18c0cf15b77f2174134ef9a5b814f56570c74cd2aea26eca382840a4422
SHA512 294dda9736759c02dc111c2e233c5c9df9abcd417ee4e7194253378c096d9205e6a7f5e4296c45928045a34af11adffce0a2982b91b674d54985bbbdc92dc0e4

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 1520c694d92fe960900156fafeceae5a
SHA1 663ff267cf9ac94b826e0270e4281d97646cd6da
SHA256 27218946042d63ebd3b6410129cfc91de2b276ebed6dc49490efbbcd1f9bddba
SHA512 3895d09f23cd6dc3a5499b1f4df5c302239f377ed1561fd11dc62f423a205254314a2c58a5660358231e2d9e6e7b1bda7ffd3688df0146b9958c6a7e63541491

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 24e7ab3149f677d5a8fad10c58c0bddf
SHA1 4f5de42c6c832b0e5b0e0cddab15445e1a9c7356
SHA256 364c7be945fdddfa267c54f9391873eb98128b0a01caf5949091607fff2f5b5c
SHA512 1db1946d950e89dda2503df1fe745b6e7c32f5f0cc3e931be5a582a803b7f4ea78664e281dd2e6b2aea1deb99e9fdc6d4363431b6843478bead392d723c7b0fa

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 809f09016407776ead707d29444be6c9
SHA1 5cee5ef63dbaeafd46a4632ded0e7193839e24df
SHA256 d23d1135c21aa3796bc37b51a62462cca261d32fb516f2624921e5a380fe4438
SHA512 2fbd56c619bbe03b7773b17b999e46f01ccc48d680af90193ca429207af4dcffb2a7f6d0e0127f38e92a0d82c9d18315b4f470f95f74d8d96d1b7bac1059ab08

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 4eabd71e75e1f7e75c6d1404a0ebe715
SHA1 ecdaddd8b0a382064c894252948b9eb20125247d
SHA256 2e3009781274370590ef5c9d4fa24002bc974f42a3b0cb556d1b233f262d259a
SHA512 cf86eba64053dd9475c700479878185c3cbe2cff8ac8299099e72ff8e96d0ce2e3a642458c7c1cddd37257e231a6d1e3357762ee26ef57873a8619bfbcedbf13

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 8eb8d1d8ad8feeb60d98f7183fb15419
SHA1 c00fbf55b9eeda65c8b2aa776f19817fa1691e9c
SHA256 e00bd146e4b33936db7131a3dec634956d993a86a432aeba85dc849a8e9d82d7
SHA512 fc3d653060a5cc005e8ee04488cc9ee41a44140b8c1142a8c7e0e3d66da79be6f9de3ef58c9e3b53a64990cb370926503b5a674feecd993a8616f0865e3096d8

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 032e71f24585296c4f94958c8c1c4d93
SHA1 b18dacd454c360d1ff06d2f9085a3acdac947764
SHA256 ee520ae023c7dea2ec5de5fe7643e19ea296914fcbd39e5939f443f533f3d86e
SHA512 9f451102208899a76f951edb10da30f9b4797edd1b9319ae1c55357710448dc8d518461887d52f211664028f8b5a54d49d5777d53ba765e938a7a110de4dd794

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 f1ec2bd257a5843102c01a8da906c667
SHA1 6625243937d11fe297b750c4e4583a4c8f5a9610
SHA256 cb577d831cab16c6ab2e3e315696948a3ca927148d81b8d0366461fd28a4c2ef
SHA512 f4f37e50ec0ff35b84edd9f295ea9974891e64a98500940103f2e9d9f0f52ad4e56bdcc7171aa052fd876576ad170ab5d80b513a30dfdf0e97e31f1593477989

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 74daee57d8c828876b2ee63dcadc26aa
SHA1 60e46d0ab414d301c297d67600a9bc6ba8a6b10a
SHA256 468f1cf0e2d7abc86f4c4b809d58574fb43ee7b5ae418937c882ddf5d71aba02
SHA512 fd7199ec509d91a45ed4a7aaaf61e99a83880ade2069327f3c8e69a1edb2f81d5aa55ea26e1ad1b2f5493e9863c8646f8b7c24958ed89e1c50fdce7606f10e4f

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 e62118bd26fdcc002520a4197cb8f50f
SHA1 16faad02614850616aa21bf27c1772b6a1fbc0d0
SHA256 45e6ccb322737c68689ef7fc928270f655288c91541cb6f23c10941f1423f0e2
SHA512 16531aef25383168f794e7ede3d378325418e01878a3a102843347de5d3f39af40abbd4f6e6ef1a0612a00ccd1ab50c4a7642355eb11b8b8d66777af17ebd754

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 60d0ff7dff45f2517e6b162af350ce1f
SHA1 b6b30a8b92fb26451918ff5d85310ba455f8a0f3
SHA256 6a82888413a6e48fc22565725e4c0b54792dd4a7bafde8d57ace06662873ce53
SHA512 fcf842c884725dd4d283136e92bca409c647a8bcb89db10f32bac9c3d4d3549060572634fb557f934b49ab76d8dd7d92d9206725c97676316f21faf16219a159

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 59b600c33394dd1f3b221f508a0664d5
SHA1 724068a985ae9ed2d3ee4c4843359617b3ddf495
SHA256 61a0ca4c4b6e0c42695d0e8f2050abb9fbacca33a607c379bee0245de2132ee7
SHA512 930b0fa9b9e1c00e8ccd99787003f658e1cf526dc9f505f9ad5557cc69b2bfe5e6472ee3ae15fa620360eb5836dadc89bc66f17523e15f822d9358d24229c61b

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e312f50c9dea69f8e1be6944744edde5
SHA1 4eff939b79edd4fab076ca8068dda167ecf9bc83
SHA256 74fd35e6e974a01ce5d188acb9854431ff0dbdabd57408f2fa2cf7ce62fbc3e0
SHA512 3277ff86b0e924be1425928271c280759d17fe5cff50b4ced77c5aad50d0678e27e5b6ab0599da542e824ade21b6b1b2c76d3209154980d9d1be00a0af0efb3a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 f89719aa7ed49f83013947990fa2bd0e
SHA1 1e9e8c39338b392c964643f3dfed85d9d2042a16
SHA256 fec213ac80e5b672d7c8f1215c4fdbf3f08f00a7c538fc23db6e6717e2aba80e
SHA512 68eee9b96947a09d64fab7f9d510b68da392e0aaa4342d74ec18200fc96bba1bb7c8094262f1cdea5b67fbe1b5106732bc56f8058c8c5d9b65937cbf5dc73e82

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 47035f84762c6d993a7a5fe8c3805b5f
SHA1 a75ae6f12a5d168c1b0263cb0047b90e4d826817
SHA256 d31f24a32154ef449cd03352e51485cf7d7abeb5a75845f58635e48ed853f7cb
SHA512 24fc6bb244650e2707e47933736d03bbb4ca8ce41dc2e807d3cb833911fc9ddebfc0219b66f00b010b4fa3ec8faf3f98837dec6b139188745e1c28880d28bfe9

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 ec5df30220923c27481efe2529aba48a
SHA1 54c1367671820fd2e720abe1054e97628d10f02e
SHA256 35073d617fd7b73a3a3e4a40a973e6801b9111661767f62d30a90e84321419fa
SHA512 09dc56977b2faca9d55fa370dcbb941d1b88296799abd0228f5795e11f481ef97d95e8c10167757129075ef9161ceb7eb16a2c484ec09205cb5ec90f02e0bfac

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 146318287c2b43a9602a295c00011443
SHA1 1a7f0da5898ffecf602968c04667eadc63da6f01
SHA256 89de0642956df2c17984c273ad14b0a4eb10b80ff135413e8649514b981ee852
SHA512 372043e066d0e2e3a4f0a25175dbdcb700834d8339ec14cd450e8dec5fff7017d3d15be07886bfcdffe470f38be458372c2ea34d6a5257e4b0aec6933c9c27b7

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 54d5fd8574528203514687f06c93b433
SHA1 0772947d3235602ff70b554e2b02cadf30dc3af5
SHA256 218a17558dcdbe3b4a493bf62ea13d942cb8b1c8f5c5d1a93f1d0d2e6f137590
SHA512 387bfac779a55336b818bd621863c07dcf41eeb5fc2f7a7605771ab41c29e8e686425c125ff1d55f177d9d9745f39545fcdea505f4ded7a7ed61433e730a5636

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 810469298bd11425267e9c19d6ea132c
SHA1 c3c9391b9149be943c7d000acfe114e8f30f7014
SHA256 0b25097eb8691332cf763fa1ba053fffc5e005f2ec9a86a8d02173f8f45ea0df
SHA512 ba53c581ebcf9b805df068168919b5a52260cfd19850bcbf6fed26386975861181a68718c504ab5c02fb841d9ea1a44b0e722bfc1faba5e42745b7aaab3899e8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 b29e543cd752d623544cb9255801a364
SHA1 80b6d5b53a516494594841801f52278936e29ac0
SHA256 ef8b8b1bad60abe105518da4ae61e6d39cbe0bcc7b229755f5651f66c29ebe40
SHA512 4653b7cd5ce579ba20c112cb539d42ff70155bc45e80722b5c7d3e83d210f6431381a0287beda448658901fda0cb96fd6ff910c67d3070b246f0fdb1bab35924

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c94e9a24cdf3ad6e63b821eebf9481eb
SHA1 186f7b6366e10b56ce57a826ebd26b0bc16ac1be
SHA256 37aba09f200cff02c9474b6e5d70ab8dad606bb65c4a2a160846c86d0eaa43f0
SHA512 d549a7659c58e6e863cfe3b7d124beae76103faade49f6fb8399f445efab771d308d4830116169015f71e0454428974f05a806c94eb9c9f4d1cea41b0115d296

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 cbfda599267709e94e704e2e8d4243f5
SHA1 a69de32a962714d09decd1459a590d3b13157eb0
SHA256 835c22cd51861870b5dd684b844f59531e9b789debd43a7995bc19d48c6ef905
SHA512 b21cee47e3d8768e9e93e8c0b0747c569a99906161dc8f1a8f1593e4bffd43b71bb5f8ea5eaa6fae049175bd614f9486791d1a83376c3ba0d9fa98a025c0858c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 60acf34c9fb269f562e33caf09d9e2e1
SHA1 784d9d0b96a126f1badb5b5e16f8397a80bf7107
SHA256 3affd427bc2df0dbcad0bf8c88090c0f7a644512cadb594b79a26559b701172d
SHA512 5aad93f75df44ba9afd60eacfbe847c74ebc0216dbfdb7c3dfc21480a8f9535331798087d9b5a897e20bc5e49901fe237473d875301c9b8d00abcc5b536f731d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 598dcae057e65559bfdfdb7569b7a9cb
SHA1 09d5074c6a52c7f04b01bea8eeef1de2dab30591
SHA256 08697a4e849c3df03d428e610f01edb2ae2bb29a97a557f67e0187a20d46bd16
SHA512 1cd512af9b3c166e1ec0caae18616d66d5ef3e61d17b97d4d857c07186989366abbd0d26276edc6d3abf2732c7062bf664b368ec520a0bf018090e84e91f44a2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 81b2e14b07731411d2319ddd83f52b22
SHA1 0158a8798d6bd3253055c9081d369e67a0e65674
SHA256 8b820a1e7eb84004a545b49c37a6d2288370f1febdc142a288b540ff40ce4f3e
SHA512 0ba5c6891b0cf5992c75f431cd93eff98c52ecab1e386460e25d7ee7df4cd9301579136e49204a0db5f1398534f8598174a2525593c206ba31ad24c9a07696eb

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 7193686de325965e9454068bb0405d1c
SHA1 8f783d9b157c30a22cd375260018da1fd5cde31d
SHA256 87e82fe0ff6f4cbdd1bc0437fd9aabac3e9dad036f47923d4245b466d1387ba1
SHA512 e8aa50de28fa695838c834f89efd6aac9c2331c375dd034ff208fcf04d4d5d878866e7f251c4980a4bef096f12a2c935d2fbd8c2446204226dc374b9984229e5

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 9c586407fd868e45966d8b4602c380ce
SHA1 c4898d601798b57ac85917ce4bf0b80d1bbea417
SHA256 778e6c093170e2e5d5a9775f914fa1a1d2ed825909ea506566952eb29ec7f5fb
SHA512 a9999e25065a9bdb1030565f1b0c095592effa529e512bfd7d34149e6c0c35765be31ac335fc6ed1b02deb8fdff748c64bff8a8a73ad676f9068cdedbeb4e5f6

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 fa227eb3daa90839c4d60c65f3b6fcd0
SHA1 553c6e928e0a670876e80600765d3c03b067f41c
SHA256 163f50cda0bc93c2f99625ce91f587bd36885645553e48b4aed6c75d42a12b9a
SHA512 d0a3c524f6b634dc11e3166480766280a6c129cf53462face2a5805ad6a98c46e385dd0c96a6b835a4143e8665cccdc542e6f765200e2bd7b1ba0988fa6791cd

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 748a26f9f4e53eba9e9a7c25167b473b
SHA1 8a674029331202890a3ae93fdff49f6984296a44
SHA256 990310041864381b69f90bce3543a9331ba47a70726cd0362a8429721429c8b3
SHA512 00047bd9f18a1e365d9304dfbab0cf80dfbc36118a8c3bfcbd6e994af45fad590b55914d48e65bd8c4346d3f5f0598afbc3448fedef3530b3e05e179bce0ba8f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ba0d4b031d7eb2609637e7ce39960147
SHA1 e4f9879b1f376fad73d3a6882d30d7e23d003346
SHA256 404674425b715f589f35dbfe686840850ef3950a3f306a8d47ac1ce574a68c19
SHA512 ecba3792cb0bc2a721c28644861f150cf8fef965f192d64d4d5be1a9e0ca546308c58bdddb169460bff347a181eefcc6ddb4ac87c31b3ed690a60df77bc4e13c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 026871db4fcd2fd5aa9491302048cc9a
SHA1 b5db5b12448d4b4b26f6d6fbc219f40990f6077c
SHA256 d191c67168b5f9ba65ebeca2b4a3a630ba7c906307227e49518e2a144c6b3837
SHA512 c4f99444939d0e4776ff84c5a21c9aed266a09bc890458453fc97cd49d1c78b04214e2cbe8a44a4812dfd57abc8972b403718ccb6b6a7e69e03facfa0cb87b37

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bf5a59c9e718f34f8adb323102ecb332
SHA1 1250cee340987bf84d0ab62e226fa61b69bd4d57
SHA256 21180bfdad1c121308544fd8f0ad9412701e0dd783ffcd1b265f48e393d6c9c0
SHA512 c92a38558961b336ceeb13cfc16464ff63e541eb4e8ce4af625d459e448d5ba0eab1c4ee2a4c0ebdaef3860ccfc5e24420a26fac4b3690c6c7c9918386e0c661

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 32567bf25f21a9b519fa129a5c6bf549
SHA1 52d484db44b40d2ef64a813939365136404697f0
SHA256 60899d714ee412ac084fd531260142be4a6df0ace7abe8f0eea4c1bec559c637
SHA512 7201d9c919537555297142c37011c1838bf21e6459d80535b35b3db6abced69d346488c625acec67fd03f922fd83b8a08813f486c8f8abc2ef43b2f1e0f594f9

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 56aba02fa512af1f8ba9742fd849acf3
SHA1 80d056c2ca241b5846132d410d964038d48380a1
SHA256 4ad8069415b38caf3465d895ecd9a7b4a0034677dd26da82b41c776770a16022
SHA512 725d4ed4db85b04b195efff433c8a1ba025bd631e6376d2759b7ee0fa6ce7f45b8c0d24f5a2613e7afb445409343c735f02b287e15e7944c04398a52a3931290

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4cdd379ba7ddb890ccecda3d8589db41
SHA1 bef6c64ef0d4f86c3078fc85d9153e4f10137604
SHA256 a163794bbfc615474302ee97214b06d9c5e111d0f0d52dfa2a0dbc84595ebc5c
SHA512 65b8571b3582c1eaec5b35b73b297619e618533796a0d228ccf7b82ec48394f05ee1a4cab5df263ba00fb4c11bbb3d196e0a265e0337f0719043b626cfcb7feb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 6b99e07bfa0dae9fd051d29888a7a1bc
SHA1 13f87da16d3c6b24742e7ecd37c1463d6ed08238
SHA256 9ad4026b453df4ad19990a7c395e8e1615ea6e24d016a6374ecf0a71959441d1
SHA512 2ee24369c401850ff5fa85b310ad0d7f9909fef62acc8226b547ba95ff7c1b8c1cbec6970f16af0d371a1a6016aa1957a72fb91a069c03e87ea8a083e1cea806

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 db241ce53805646278079f96f2247f52
SHA1 f966ba341adef62495a38f2ef532b0a20be57d36
SHA256 b0ee256807c74c844f9a89d1d86489e964c05cc9746c44f7ce74878660372c3a
SHA512 d3c316198104589270307cc094dc8f02f8c35ee676efb5e2481b05859edb13405e083f8d5d314e0826c99719a4424a9dddaa3803be8d1e4823690fe4a26adb7a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8345e0722f277477b51e1a3880fc9004
SHA1 8ac1fbc30ade80f823d74526d602b131c0ed294c
SHA256 4dcea6b030e18c5fd4c92b85dafd8e0e25e87c3e6f1d26baad4701ee90e81d4b
SHA512 996246a53910dcbdbea25588109f1e67954781668e6a971cad5d310a3a4d9c0bd4a2ce37fa72457427919d393f944aa40665fbd0e2bb09cd96ed062ddb51ca51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 599c95129c562fd653590e3236a4abf3
SHA1 c3bdb1769fe2d7e9a566a5258e85e62141eaff65
SHA256 a01986e03f5beaddbcfa6d0d0311298171abbf85f77315ae08398237f783eec2
SHA512 005c52908048669f82121533d8e8aeccf4e60070e0ffb97eef2817b7df6093a074198cd77781234438118b56cb3857808bdae1f5687884280f32fd0a319c8e71

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 778432d39cc4d9407b57c422e58c692a
SHA1 bf6381e6ba08db6a1982cc19893f31a4a6e9110c
SHA256 1052f2ac1b360d0c2deec1ae568a84c447260e6213226b61f9ac63c37b262475
SHA512 5742245d92d55a52f053964e6e04aa04370bb829b2bdd294241d2f18f4acc26d90e1ab2b9d5aeb2f94046e3c016fe2ef6251f606681b48c689942f9414ca97b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 cbb608838b1cdd81799a5b5568bf3f30
SHA1 8bc469bc14df38363678d828897a5b8a93bf4887
SHA256 7226676c3fb1046fe252ffd00189c655acb2f82595717b776247531163b8090a
SHA512 aa130bebf68c98e3af7a1118df977bfc93b95b89d0f096efe82008beae1bf9147d6fec7df91b1d1e32e51350753c84e98a116087f36cb89dc4afbb2e62177550

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 291f393298798ab6b8c2bf0594ef26ad
SHA1 c85e3ef62654b899089ecdefcd4668cd27d2f524
SHA256 e575790edc9e7be70e4024cb6c930b9f97085d7d4b7bde015eceaa0ddce0b8f7
SHA512 b31756b1b65bb5d2f484d2f6d79c3558c4373db28945a7b4798b6ddc71eec77c8cd509927fc4d6b0283724eaa98fef017bd7eb560be3f07f47fa734f03e17c61

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 926fff033db5757716193b3a3a2fdda9
SHA1 5e901491401b79112da24aad977dd5b7707a441d
SHA256 ebdfb8faac5b16a9e840086f951f63c80b0c141df5fe3e782021c43325d37073
SHA512 1a6f0a9a598940443b51d6e4ccd0f7f93e0ec22066e4b57b5439cefa76495a34a46d0a5880b16440c24e8cb283b3ed9b3aeaf13b8ae6f33a27f3ade525b60668

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 3c7b7902dcea6405f9afec1a6d156c46
SHA1 24116419b501fec76b8c6f9e54671d1cd026236f
SHA256 ae3c0201796f0ed1e15622e3be2dd79c305652a2de4f19bcef6f216b65ca18b7
SHA512 c3448592a97898d953390328d5e06576be2c8d25e0c451e0de9270fbe06732863f7ea130ac3323f5dc9521c51ea826b6b658544af4e88772c540be47066d5cc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 71b9929204280b4f624d1211ed762953
SHA1 8f8161d1e0d99bf1dd850b305d93286e4f905f6a
SHA256 35dc319fe102ccbd519d3989443d88e0558f92f7ce5a230b9403fd7afe6d39bb
SHA512 356c1fd6762de26c215612ab9ad3b34dc27dcd08d65f132e4e01278a84303670dfb5f608d28af60ea378bdfb32cd0b4a755fd3df3a04114959b7cef9bfe41cf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 6fae5922df4bc99184d8e295fc61bfaa
SHA1 2891f780c282c501cc2d9fc709278e4fdeefab95
SHA256 45085a78948003256606f93809e3e8eb989e5fb3ea9043508713ed6d7e6c9810
SHA512 f66337f73efc5836310e3f57f0b6910efc235d2712220df6f20180b7090fcc3ee5f621995af6f40a7fb10281a4f8cb1856746718dbb50d7ef5f03a89836db367

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 efec588e05fbc78339417ad39d199af3
SHA1 fa3b55b061f1ddcb2a6bd6949f0ccc4b5fca6771
SHA256 3f374589c27fc9a3f252c1b594fd822880016c51171237630b5f55f35db23d8d
SHA512 300f36412ae1f6b4147aca6313b2739a6addb8ca6d4e5098bc7be7090345bff50a55e36e723259de532e79b1af9f91b294bc45e81753993d8ad2d6519a3b54c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 1e531148387de145b3d6814b1b5e8732
SHA1 be33001515b80414875429c0d02217fbbbba0989
SHA256 f46828bbbf875dc428295c7a6ee46ef4b38c40f7ab259ff45d1875ca7e974174
SHA512 a095d57b0fe48d084537dae50002569d9f8045d154225081c3fb8b430977b8af1af08fa8b9fed333be2d3785824d95092b35d1502c79648d53e3d759ebee4bc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9bdb6be9d90270426d7d945df0edd1c3
SHA1 9f74e43e6edc80a44b88d1c096668d9b22e838a5
SHA256 4a7766efdfb6c146219d928b4fa41017f396963f4c07a988743187c8867d4922
SHA512 6c185e51c97413a13963522a4be645f421dff3ced44e6c6b58ad1e5c95eacf9e5000aa67c533d8f7703af8aced922de396dc2e02350628300e004d0999f66d5d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 11312edcdd8a709e95f6dec7637f1025
SHA1 ce6eb268b1c31419d69b8295d968845e45e9b51f
SHA256 9c3e64eacccb1bc1d6ac1274f308dc35325fbe7767c9eb1e76069dcd0c4a2ec9
SHA512 d3da5fcfdcd315587bba6450ce18a250213ce6498a46b01f4585675601b59280fa2da65db983928753c0f43a014c582c8331ea76156b3e1c2faed1e3240ecc0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 0fef41c43206460f9f3ea3d9122b0844
SHA1 af5ad1461b95d57efa130b08cff8d4a3a7a90caf
SHA256 6e770eabf92af4a4ae57a575236084b91557bdc1bea639993f0c74f3913bfff5
SHA512 375c19b6088b738b0ecf0751d18d3d3557b93ca0f274901ba2d6ab3fa47837c6a0e4b5932869b0d567393da80f5747a452e6512df93449d0fde5eb1139660fb8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4724d2a423a08c17fa0d1a5b9f6d23b3
SHA1 03e7abdbadc4a047828fe7b23105b48ee3b946ae
SHA256 3937c8f833ea2effeb12c4c9439a5735abc5e369b5ff255a162d6be0c51a32d9
SHA512 f095995c512958cdd8f413c974121620e1bba0769dfa90968474620f2a5f9dca51aca0ff661739d241a0ffd313a523454111d12615ac0d4a5ad792b0b67d00f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1d08dfe6b27859c61f10ed64bf384870
SHA1 1b62ed7df3f2f11647dc13f6829c6b4f79d0d431
SHA256 86b42892fbcb6662ada58e62af581360f68a475bd3669c8ceb816f2fd5241cff
SHA512 ffd26974643306929019414da7a836d966242fe80359d4c9c00e4170b32d8db8b32466dd560f0eed03bdbd86ee44007521ca475e104bf39ff31f24311ad47e46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 0944479fbd968bfcc2a5dbea8fbae6d0
SHA1 1bece589e58b7df067824fe53ab9d8d15e470f68
SHA256 25821edb2572d049ccdcc30e1f536625bb78d8079e3a3cecb745764dbaeae572
SHA512 6cb3ed16f72c784a0fa208a4059c13ead299a80a1a4f40154a6fab4ffd5c16b709af07766ed84d753d2fb8cbd8019c2f25adc5dfbde071fa3c62c1c3c92f817b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 52b5a8992a174ab95bace6d707f5b81c
SHA1 813c2593f387526e40863d33bacc5d240cb44267
SHA256 33d2dacc48e538cbfbc652db9cd0c9142761fbfec58aca67773be1895652c709
SHA512 f8ecbbbbda0c3370bfe035155a77e74e59c4b276326be7f08a45a910a92d61d94805b2616e08537bc4e128ee008256f185407e4f9c8a54bc550f6133a25711dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 26a93b4350e8a835fe8b80e55d31c785
SHA1 1cb9b7257aac608bc17e73af9139221e7ae6b835
SHA256 443eb740522b8ed4ca6b7c5c48f8e26f5e856a8e37dca106ffd53d0d1abb6081
SHA512 8b90df14c6e9cee965a396f855029bb33262e55751779209bf430c8e5becc7445d04cb1492af51d1b003c32faabbeed8896847faed4686aacfdc655a918db288

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 cc5a6f961ed5d25eb725d6a35b6d47e5
SHA1 488b459b87754e31088c4621b2aeb5a2dbc29d38
SHA256 1d1944369578ca7f75abb8639e7a5ad884d45fb957005482dff3e070d0ef422d
SHA512 625f51650abe93cc6feefce79353b23c041e9d4ab1e0489f8c8de785ef1379fb83670b3aad4d9a7e3e86ac029bea32ed580b1c142a9f22f817f1ba24bac8d3b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 0a1f6acc9769cda302c16fb07f4e61d3
SHA1 8bebaa1ccf12bb01d234173f75d6ca5e629996f4
SHA256 5ba82902420a720b49b5853eadc88b542514a77e0e593f5f0639edb8eabeb738
SHA512 e2587798fd65109ae2968f8c84fba43ef2a162f0d7b7bdaa3038742a323a4eaf33d868327333ee262dec37712a410f6f25cffb10ec7f1d9b476944f28aa4e11a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 16d99ec2e72d1cc2d3dbc9b312436197
SHA1 f872c6849df2f391aa3188170d91afaada74b1df
SHA256 be4a60354a362fb56f2c5cafd49ec98c821e28e1da183847bef5f6e57a3e8533
SHA512 d3b35f029ba6b050058cd6f29e8cb28a0554d66a38ff58afac5db1a8e8aeed905918121221b89843ab34d13a25a57428b8badd0b6f3b6e28526921c09466ed55

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 da0079f63e0abd3fb0f62d47129a08cd
SHA1 cef6881ebec43ced12db37060107b3e7408dd55e
SHA256 431b315479f9cef4d33ad6e53c7a11fb1bef005370ecd1b41cc096c557849181
SHA512 c06083e0349bec09e74264478b600c486c2916daed8235de30bea3ebcfd8bf1e0bab1a6e21acb67ec9e4d4a2e91e1096253280299a2f4cd3c043852775ff62e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 2527f0d802f5ddbda64bb59b2f8fc9dc
SHA1 d3cd1ce66620e226feb2a825632ac8ae1d40ece3
SHA256 66d4429e6284f1ab7d12f6f22d4a32c572c6babf1edd38b7ecf43848c28ae908
SHA512 787f2e174e7bb1e8ce9fb856a6c480f7e81fab0fb9d33825e011c6111cf020d68e4896f2fea382feb4b896a4c815908b5d8a4bcfd8b4a984dff824526e4fc92f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 4fcc229d04978e6697ba0085005b2395
SHA1 b49771d9aef72ef6862b4c399c9de86bfc171482
SHA256 c2afc2c1e286efe604f03979e3b84d7f15f6be22797435f0208736d9d5126dd6
SHA512 9c1590670342808b222a623d78fe5896344fe3fa34fab5e39d6490a699c82fb70b4fd676f2ab74f189281316a7b17e9dc68e09e544160b444fa7b8fadc24f242

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e991a3716d21d4ef668094a8115fe1b2
SHA1 67829e82b1a9877e4b3dc7cfb6140d4f0e7a58dc
SHA256 8e9dc69f0876819a9621bc42c92c7ca360dc4cb1b81d58f31d14c80a80faddcd
SHA512 990044092bb65996d35794335927eba12237d876a20e3f6a30c82b5bd416cddc7afb5fc7ccd742bb704eb40da3edddf129d1c9a622ac593534ee4408529800ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1c090101c08633d161435e317e7c748c
SHA1 a8bfea005cbefda30b9c96b9eb5e622942411320
SHA256 f4f6ef9235037918923eeb807c6fbb470a97b59089fe2ad552a0500a74afaf9a
SHA512 544710abe9e7742fb4a1b428c35e01c4849a9f7f919bb4159d8cffde03c74711a65254ede2b4a44ff0be85b93658abcb419dadd568095a93a8bc82755fd92485

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 d9d4b7eb1ff10f6a5d871ddc230c3b31
SHA1 9b53cef135030342904509ff27de763abcbef778
SHA256 2736bdf57287d8daf04bd4aeb81544a7436fe1bb334b7276b2a5ab06c03a894e
SHA512 2622451f759435d299bf24492b5383925b3c8e8b012060f784829b0cd64a63ffafe020cb3f848365b210bc02b2953b10ef4d2a7e2379840d02d63ae33eeebeb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 8984a52e85070ed5627ef155ee668d80
SHA1 706963b20c5c3569b9c065a0d223c9bb41b89b58
SHA256 b1bfe3ca967eab194034915350dd7d33cdfe8dbb76c1b4ff1594836e6b58eff8
SHA512 e4a56f804381228bb316ddb9c24dc0164cdb4049f6962ac0f57abeffa3d5081c8e6a140d2f1a8ae03f37ff5da5cd5e0c6e63bed1df535e7ef660842064c79088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 bd1a81b379af7f688a6b143834d023e0
SHA1 606f5481316990c8f919f252c036ab14c71bc7e3
SHA256 d47e653a8141709fd1b4e90b5ebdc44fdb1f55821e9b842b7d5f1aaf07ac041f
SHA512 ced20e3a8d3ee39345ed7aa6b91f7f19ed3e598015ce10e7b3bc81eb0ef9012d469944cb9bd8ee552f0b46bd3a00ab0152e1a4ae9b3645e0fe46fc569003559f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 926e56be3f1155b01d85a187444730d5
SHA1 3840565dd8062508b0310fe10aad20c8a2e6c4d5
SHA256 b03543a61174c31c1d85502044b4df39a6acbd5db9a3410f91af79eb7c9ce311
SHA512 bdd6d81eb66e993a52cd56cfb9155423d97a74f5b48980ce28ff367e0eafc765e2c7939717cb87e17d37ff6d11be8a73a145beeb04df2d912793f9c18d018934

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png.EnCiPhErEd

MD5 13e82ef1fb3cfd5ca7da741ec2ffe65c
SHA1 4f5f0079e98ef9f6a1669be955a438143b233159
SHA256 b1cc60f10b936db2272eeb71344aa2158ae7b31eeb26aec263ddcc75249415bd
SHA512 8c39a9ce163d2e546504bf8d0594b867ab896f3dd2ee26f6912e78416055ec9befffcc96b267ef28a0a530de86e29f05fc6d0029a52e8664ecbd74a3f6c3cb97

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 cd9f780b93d1ed249757ca13d59db799
SHA1 9d26bbe7af0172666daaf0860ac96342189f12d6
SHA256 f8ecf7fbd25e24c6e27c3e899ce760ea869cdfc328e31c2e22ecae84c5326d96
SHA512 19a1849c1ed9b573e008fc6b68d166218aa99bf4565083183f4fc37a270563aa426dbd24ceb7fe69e9f0c221211f153ea1d15f8b36d26ea7a04736177794e70c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 452d989205ff7c2b5d389657bddabf42
SHA1 9b8759fdc68a9e9fa7a6b67374333a837c52249d
SHA256 48e34821378a9f2660b10e640ed13f1394980681cb7dff8b81cccf0c6289e602
SHA512 07cd40d883bed9cf13ff767f5acf2b56ecfce08c2bfdd6922536c894bd83185f32d050020d37852201ad3c4f1d6aa62fa4fbb57dd217e2c8853ff08fc3423cac

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 d3b4b3083431ca220ef1635997ec26b6
SHA1 63ee90cef4be7cc666dcaa4a03a423d0bfe9537b
SHA256 972818300033a379ec8a6df73f0f9b37dcb24f6789accc45daaf5904a2513d91
SHA512 40db7ff8704b048c1d2b22ac52e7296fb948ff2b7e9c7cb81fd7c1d3d3e2ea31b48b04e66a0ea3271c9a8f2a904b48cb50b566ab1eb235be5dc74cdeabb58ece

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 705e3a8f13348deb40695924f8536fcb
SHA1 acc4a6343705d90f1eb6df79da70af45121d68d4
SHA256 7e56ee7dbd25ed2300248be4699506009447679d38115f28d89b3372979f21ed
SHA512 768909a8e40641e599d4aaf3dc7c905f45de0c229feea4907e3052fab41f1312b07544eabe8cdb91f14a6a85119e839d4095813a547512aa74121c84eac6951c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 a842e784b8609f47cdedc43cbd59f8d9
SHA1 52c2dbadea6004032e1c8922f15c5600821c35b9
SHA256 fcfee197c54e956e14c8943ea2236db0d5f29cbf9a82b2daf7d3e577b8cc1a12
SHA512 ea40f1b6eba8adf2c94ed5820a8f16ae7303f61a78060b180136d8e1fa8089fec425002e740f52d9707073286d0a1d8cd065886f84e0d54031fe2db23b2a6ae4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 914fb1afaece9e1c6a9ea273d8201cf8
SHA1 406f02e2513a253d1aa698ffc712f25bf961591d
SHA256 a99dad9bb3f889c22fa418bb295c19a877adc58605703eceaa7e954dcbdde10f
SHA512 3d85b7152474ad51a9528448adfa7e6a696e9c5ff5ce92dcf6395debc0b380ce316e32b73d30f5cf011957ed1db18ae5d7e096bc94d0b498ecb19c79c0ec1604

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 4e166e34fda9e26e530614734c7c076f
SHA1 c13d7a55af158bb9d1ffdef080e1f9f6156d8c15
SHA256 6ba924bfb21cc3f61f5b31e5681eab648a5a050d95f98d5633059bd9ca3379ec
SHA512 11231f6e4cde7723097022731a48af9c6bdf96ea5d1a1e292640743ed05a956cfe36d9fa1723c128f715c3de8c8375c1794f9ba5585a8f4bdb5d2bbd4ac70459

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 d3d02c51c2702ebef13e0c13d20c9180
SHA1 398e43ee07f241595c84f0c1df36c8b3eca3151c
SHA256 c5f09b5da0057cbea137f5efdaaa6a00713a9be3f357e9627305be75d8e2c503
SHA512 b17ba02c5382c36510775d36e2acdff77f4874313aa261d25056e27f65135cb065f1bfb460235d49060fa2618625a6d1fbe00f4e2a6fdbf16dbe1abe59ce5da0

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 441e6cc5a06e3a79f458c1ff680f1df2
SHA1 4b6c8eabb69fd3cd580ebb23bf54b2400adfad95
SHA256 9bdd4b98ccd649fc025227f6a4e87a8ef0569ea582dfa16dd64bd30da134ec09
SHA512 80c599bb1fba6de89cc7ad0d8d68b393014a796c6ef0888d45f767ca11d0a6dec229d4ef8b6a900c4be65e1096b53864d113ee370a86b003530c8424adc37af0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 98231924992936d417b4eeba03f4d59f
SHA1 6825f6f082e30b7f4b8d127565ae2abd441b5ea4
SHA256 89bc89a90a3230f844582d5860e3da394449ad62c48225dfcb8a364684f2912d
SHA512 56f41f38ef37c402774c62c4ea0a1852268fa9819b67354564772ff866ee384b67f725bf89c4a8a63c468d6f7172ad3eaae8429e0747aefce71f5f137fdda256

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 2febb7e20d0a08d224d5083b9f9d8ffd
SHA1 0322bd11fe6c7a2863965caac691bf8f8a66374f
SHA256 a709d636398c00fb6c7b90be571192e75e0849271a884184960f9997e89ca88d
SHA512 638343b5da62e1b41110582c0a6f27173e1e737d76495a0f9457126e8da5b38032aa80b1c2961e227c76d7fc9d9aa5e259d51fd3c80d32846cbe8ab6e51c17ba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 305e687c2d5123b20e5058992b311322
SHA1 207b2e04766420e4572f224013e68755755127cd
SHA256 a9ef5d7e94a7384dfa8aa5f1b9971945bc6e3addec4c3d53ab407585d1c2284a
SHA512 09869e941192ef001d07f84d2321d7c0fb7e0253288993c6d15071f67cd18e0d094d649811b65d882f3a6db2739ca97a6982ab9e621d0aaf36afb67c3ce9fbb5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 7509789983f5cbe385c5922795075785
SHA1 b3575db78f2c6b996a9060a6d643fd98cb88b405
SHA256 2cbcae3f53d1652691be57244ec79b75618d448c66aee710a4d9a85c04c11412
SHA512 c5f4a87f41e2d1343c54c3c6e6400d0e7e06beb4bac7b990988d40310e7c5f72650c142d571966ff14c14e6cfc458efd323f12bde37b68ed011a25b64090ea33

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 57453f65c2517ed1817afd9fc4b95ba3
SHA1 e23aa6cbc845c87743a3f05ac20382f11a85cb86
SHA256 2011192eddf4ed5e05148c85b62a613b8d0b709b6a8a57561e5f3d482a952d8a
SHA512 16b13eca81c29edd8874c7c9f7a7a6c75fe2d5a7fd6075d3471f449490221763ad0eac54055e68cf92a2da19cad803e0b7dde3bae487ba65ced2d96275a19388

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f6c7c9310822faa59e08a288dafbe7a3
SHA1 f52d0c0472577b3065782486c6580ca99d90aa1f
SHA256 f7cf1b57483c34c1ae03d680a2e2a0be7f250d2cb4c8ddfc2f64e7b63a843ad4
SHA512 68c4972245560cb59cf4a4dd5254aec4b43944050a7b364e591b10373b5cbf47d47ff5334f244be3d73e51cca8a7f1c13d52409c95d02b00c1f9d9e0a8fba912

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9f1b8ce2b6fd3d7f875fc926ecc75244
SHA1 f6f9283244b1ac940070d8c3a2654e793b2a07fb
SHA256 f186a78942afd678a5f3f45f4b3c490b13fa5d3fc656dbb6c22decfab58ccd16
SHA512 e226988b522d44cc06d493bc6e3f802de84a7e7d5226dfe16577fa19dbd37ddfc7b39b865fd3d676ca19ff4731282ac490abba82dd28f3e324e047930b3d7f61

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 2603e406d853d137252a2373c4047a2a
SHA1 bade16cacec59bb053b610d6aa1f2a253232e5e5
SHA256 70dd3d28d1c06d43892be2637318eae821b8711c6f537317c979e86f65e78677
SHA512 a4679b7b440a04b89c5a7bd3280617a4b65020dff7f500be4a8bb5ef27e9bbfb0cd2d131bec96c3296650b055028c7c0c47581fdb6659c3373cbbfb8fb883037

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bd5cfd216a418613587866bf629267a7
SHA1 44347a22722dce2c8241291e896b74bdb3b72563
SHA256 8c244172cd38963f200547f5faf3d9d9effbc6a554053ed72d054bf23c04b68a
SHA512 d4f844eba3f9c04c598f45e0a8d63af2836c58f5a26c7a6ffd5ff391448930789b54042cf1000650c545071e70e726da0f69236d0a91757ba932297a233d896e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4b2f9e15aa408ba4f24ef345834bb493
SHA1 6f8ca1e97eff223e12fa1a6020695e7039510035
SHA256 8d385ddc3a3e05c23f7a6798fc6e7aad030ae642f2d5199a4add1e1469f642be
SHA512 78e2dc732187e9b06199a00ad6166629b49c673016339310d1bc625b0c42c00af8b7b52e62b4c8b46ef1110325fa231cd511169a77f5d585b9d29cb897253bdd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f26462ab94450a4cfe40957bf8df91c8
SHA1 6609a981dcc2f653f6aed333d5f6f1bd6449ab43
SHA256 526db618f80b3190ac973bfe5e44e2c7c6587d00c63131b50f19842b81b3aaa8
SHA512 961aab642ba61e36c49fa0ac81362da3c609ba9379e07b8ee3cd515a747be1939bf0cf04819ced991f73f7fd210c1d87025731fce62ed2baaaefbf04e2560d46

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 0443bdb2d1b41f567eb7ab17a355c97c
SHA1 b1f48d7feb454b2c092d86bdc3f4ebf337d2a32d
SHA256 eccffd17490722eb12e016606c1af12329b2e86f8b9718f970619610ca9647dc
SHA512 8d7283a0859ac560c59912ae9259ac6b3f76d745f9151575c9b68d8f203047dcfd1ceb72a7df87a8d72b88c399ce8c702b80502534cdfbc01af4adeba56c240f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 530479c4c53d033c5d96e1058b0dfd09
SHA1 63dfa22d9eda45ae750af8097969d02973335b48
SHA256 f352609174f11c8211745070eb4d6370dd0eb72b46c1c134b8ec2d4ad451a8a8
SHA512 73a01ee4e0397f37ce80c1949e2e6558fa2808eace1ef27599096e05685d11f8b67879ade30ab0418f78fbf8e1983976b79aea47e2e668348ab73383fd44805b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 eb8ed7be66f1f109bc4cc0b971145177
SHA1 a35feb5a7dfb5b16b2143a4cea71923f03d69667
SHA256 5b2dc8132402cfdf15a809babd2a57dd670b4815b2569d8d5c56e256f7a97bce
SHA512 d2454d66f72ad384ce0642a4ba9c0aed692d708bf02cb3e2fbf708facf17d9e7b37fc1f2639f0c40a9172d21a059bfd61a3ce0c0ac58e33e23b97b1cfe117328

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1dd5b890947e05f820bc23c2216e60ea
SHA1 ddcec80c975691b316a9493527219cf697eb2091
SHA256 935b2266f1a4c52dd23155faeb21930ab73c4eaeadda15c5445645f67db6f0ad
SHA512 1ce9135e6e1fc8b9e812b7d8219c7709c60a436cc3670b6784aa7c3202b1fe679f34db7d8b088127fc894aa9d70eb999131278763c2519efeb1eb702a5d70806

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 128ff22f5e93563bfc279c51daded192
SHA1 b9ace17654d545605b87356ab84537a40f1b765f
SHA256 c84ea3af6e19fcbc83dcc653da973b0d485cc30d13428f1cabc70cd06873b1da
SHA512 739f366a8c6af0a0b37d945e4e494937f86e60321f1c6bbede4bc4d30bf8961307e645aec7b0c1ef55565cbddd71fe88aa3eaec3bbc0a9568def820f2b7bc4ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 16a5243e0d27d8f0f8708b4e3ddf0ba5
SHA1 c716eea5b3a034e65a88c7caf75bca1a440e38b5
SHA256 0dd84783ce89c55cac538bffb2afb53789ea03c7f59890ba45715f1ad002be6b
SHA512 a7cb4e43db4e1e6efc57e05e75c062450fd28bc8015e3ed6b9b38ab48b0d295daf292876b97fdac29c75cf23195e57f759d8525fd032ef27e68ba8aef598767c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 71032553ba00949e73869d1c270fe267
SHA1 1f0ef3e918f5a0fc4f747299042fe404e40a7e53
SHA256 ef31afb1cb8a7ff111cfe56eda5931f972dc2f8b4083586d2e80bdbec7fa00f6
SHA512 bda45b85e267f40c97a4a1edd5e1eca3bef46c898f9ef2f5d08646b6640e4efe5b16a848e843d49b5bccf12dcea304ffee3911c22933f303c5cd245db0fd6bbe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 529b5e6140754d6a0e886931f6a3d5a6
SHA1 7b18adecbf6aabb7e6b0b8eedb56959bda1ddb1c
SHA256 d207e6e8648fd4707c9993a8327b7797dd3faeab332b756f872d8b5e300e6072
SHA512 ba2220dafa4cac40614e25e052707edd846b86a7a45220a1ed2f96267f146aa8e9def3db817b67171f9ff6bfbcc4478a5fd92f5299e9891303256570d55a07e0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 74215118520a1539335aae464cf2c86c
SHA1 8a9614b77c355971c33d22b162d3f83c5a2ad6dd
SHA256 bc617e751b0d94ccb5f7595ee42a304e09400d539f300a0a2e67b7e789f57e58
SHA512 8744e0335bcb8d2fb397f849945b92c3e79511cecea2d9a1510cf7130bc135aff41b3213d52544f156be4c145d0fb04f1fdba2fa65d6fa44a669f3b617f41733

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 fb8730350a2023a4c7cd25ce4e1e92e5
SHA1 8dfab2ef5e17d0e9bba3e6e205068a7be6d2a2d2
SHA256 2fb92888f1ddbf2452f7e55335c33a9ff90fa35998b09ad0b4425384fea1ed23
SHA512 d29628a97fec460ea1e98ffd1ed3f2476d2e6128a83f3dafc36343841f4ee7e431330b2ac59587e1c9d4b1cd8b8c6915d71ec1d80177f262db99dd99571cab1d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 8c338385148b0477432da1b45a7080a5
SHA1 5c3223dee8867527e391d0d41205367b9653959a
SHA256 3d874fa52001d84cf8668ec2409032033c2721aa32d058d2216c0d2978d2c471
SHA512 e53514bd0898f4b25d921a3a476854172a82db542ab12b8145f94c1dabc10f8e5b1e6eecde7fdf425d766708d75924e475a169c48a28b2c377ccb9b19cd97bab

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 8605fa1e351a19bcdf50f21b4ceff6f8
SHA1 367731dc7ce2bfec46925fd419d25a17def3f769
SHA256 09dec5d385aab57ee72dddd3bfd8f1edaba9701deee51f21aadb30e2f899df46
SHA512 793728fefccba2262f4a890bdb12ff4a53f3085b0c39214964ac765ebccaefd58edf147d1cbb82f79a495833b1504c8837825b90dc11f0be7e83194f8e26b050

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 09572d262a49a64cb5433c9191f61ee4
SHA1 2969c5095d331a6b7a2cee8af1dce8d8ebf26241
SHA256 0342b82c6ff25cd09e84d6334d003c56d978eadab1a225c6c864a1cbbc20e945
SHA512 d09a1c6ff02cd58d7134a5429db0414d8e76cc6a94dcef467181ff88822e06fed802665466e76cf42d24cc81f036f0ff7bf6195e3d61304090d8475b47f8b9bc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c0d1897ac294250dde0773d510d689cc
SHA1 abbd6fa2bf9b58294d7cd51e0d064cc22858e3e7
SHA256 1979d8947b38c15d7277917b0d41ba2089333351d5c1a4873d55cc792d9abdf1
SHA512 02442d5b34fbcb61e3e76d198a3f6393477f7d5b978e4e37c162584a3a0d684f4095c5888e047725afdbfb3fae96ff8621429561d631d8e85f6a1fa4e659bac4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 98ed6d376b7846be01d6513c92f52c56
SHA1 fd516d9cb8e6d74d3c6617d18b3c380c17475aae
SHA256 5b466d5d378cfa2bb7d1701d584008115d1af4e8226d43731396026081df2c16
SHA512 7f47b7f0559b6b15a40438f9f38180fa280e99ca6d27c435abe04c9ad219f52fbfad19411c1b1d144d39774a610fd992a08378fc41c2a2dcc4be978d569320a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 9bd5d59eb1b6ff81e89a0565d8252af6
SHA1 0aaa48017aafbbcbe7bb80af9294d4604857273f
SHA256 13cb210bfb3c39c7a08878c4da5dcc4cccd60ea23d39427a40c4ccc0c0f73fea
SHA512 4654c370d3269068b7936cb83303c7b67f4c11584de754dc043ec5dec5916da7e3f341aacc660505423733086d85dd26e818f49e95bcebab19efc749a8a39fb1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 0145af9d293d8f3cb04135414322fece
SHA1 7d2be7e29257dc7bd256717aaeac90bda64a69a2
SHA256 3ea9d31550c2b350664397a845a9fc1c49849ec6ea7e595d9d7101196104df64
SHA512 4e8a193c320475f13dd553437a571175316950ea930edab72b9c95562b35b31dff1f2a663250d057ff79e7aa040d3e1eb061daaa24cc2ba1072e39f68adde1bc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ef5a900ee5c8fba751eec254a29c0a67
SHA1 a39754a1bc6e791c162d85a81b42786451f05597
SHA256 e688bae4879054b16f7b5b4c64532509c3d0ab220fb5708cbc3baf10a929de6e
SHA512 574ea4237e3c4537e6f2a35a01a7f039164834ffed217602471b271c967df0b4643b86cf8ae6904f6bd134d7c147ac5a4ccd42d455c4382178c040adeba5b91e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 06dbe891a50ef216ec524cfc6cbcff12
SHA1 7a35786f8df2317b26dfaf58a775c6c71ef15a39
SHA256 286b10ef9ea9a449b8208c78841d75c3aeb282acedd49e2121922a9c84096264
SHA512 70d57caa367269c5386dd253d0de0c9e6aa443440fb7a5e669a6c267c632eb31fe52320a9952ae30a54999b419e438e2cea5c95881becc43bbfc2af929551485

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 25222a32968004ce9338224162e67a0d
SHA1 0090ca2ca0dce7510a7256afe7af6b455643edac
SHA256 39c3fe763ffcd56165ecd8af7bc4fd6f6dfd2d6898e8ed5f983b0d35708fda1a
SHA512 c1fccbf345be9e1db164c17480c23f799f8b671e64d73b992fe826456a3dbd9eae909813fcf9c0f211cfc9ffcf43b58ab3067894fc8fbaa1314959c2dd1c2c01

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 8633f26f7a24c374c3c9b0a005c6e310
SHA1 0051d04c21fd35cf6230fb5208b0124556348502
SHA256 01c58552cc98fdbaf9405e647dea1a3ecd4090503b31c6f7dfef28a917106005
SHA512 1d5c992cd4e90503476a0247990a7c0cb75ae0ef51f5ccc8a2a3c610e5276c77b4fca4314768ad7fd427d7b611af637ef8ec492b7f4921abad941534ceeb55d1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 ac94a39465b73f8c29d8d8c8c5a5324c
SHA1 95789263a8246e70e6e23a9721223faab70d746f
SHA256 7e2634af6439a087ce5668081604b1a7d66afbea27841bb3a6437f206971a858
SHA512 1fd5e1f9b98368969811d6731344d5c55ee0fe06aa41661e669e0814a114ab498e63b07bc0569f1b4e2ca0cd37d5938881a68ad8e927424dc7cf5d21217936d5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 ca8c26f8a13b97ef208786c2cf8d0c62
SHA1 8a4698b7c547ac0e813087a68694bc1a95bf1a07
SHA256 586f0522e9b419500f1038ce3f7a2fc8c9af44c3f0773ef2f23aff5fcabf5f94
SHA512 cf9ff1ab8713c593c5935cbbb3ca1a935dc1c333027f4c1819ce3cdd3feaf26a299dcff7b421490ac5ab85b65dd73a24581da9e67c06d8a38d54f4991a2befc2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b523463f41e83e2ec1b2688eef8245dd
SHA1 0fd55327d93eb9b394fe84f05c0e2cf2da358d75
SHA256 311224283d9ce01198c7a94491b84a8b62615008d48ce97a96f0f679c4b574ce
SHA512 a94ab9ce1697faf4b7d150bf009a5c5bd4e7e758f9d8451eea1bfa11fc451606db5fc4423129207168d1a1d868a1459538098e3ff69f38b9578cc7cab72f5583

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 57dd1da9c125dbf6bce2a9d5e8c11361
SHA1 cb15d8a6a9b92cad19a0bda8bbbc66cafbced648
SHA256 d9beec8712554071d4481cd6c3e62918693dc73d19a98109cfab40dd7cfde388
SHA512 3a812b8d2b33a0f33de6b3846af3cac88c4c78f391e7885afad9235d3bb68cc74ee9a4b7e6ad5c8bc923eb8892b4f6259a9d41e7d604d919585e3ba84f0eef7f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 fe25b046462a285fb94dbe21c93bdd0b
SHA1 2cd7e25f3fa3beef3e96c5ea5bcee3bbfa5ff3f3
SHA256 560269eedbb3d4d689449e6392b6d0e3fe1da8faedff14b7c08312703be311f4
SHA512 38b630ef0aead9d82b6702407f60a0f7ad3cdcc3801ad3e0af193562dcee970b7ad5a1ce1f861a18d3c698af1a6a985d00819d1ce10a70bb3f83294a43c4a81d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 076c42afc01341b918fc5a93f3281713
SHA1 e129daa02f78f0b116a26b762b94b089761c183b
SHA256 9ca5d44c753dc47d261652adf6afef172b89455f80e0c50c56400e1bd7a6776c
SHA512 99a9162d846e7502819f54539a1ce7711012914ca92d584b7e28ec469aa53344cad6fb3cba0de2279a1e2754aa64a8729f4de4a7ce2c46f5913d5480a7369f70

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 2867ad96965f2a42ace62e062b16eab4
SHA1 11b6fde920d51a2aab2cb81c77bd567757f41c28
SHA256 f67bff2fd8d73f9163b66dc8f68a327081e58c84a1525f50f4c0467bed92617c
SHA512 021d9ddbec202a263ad6e37b36d727c518995471fb4a53341b27ec85bd191514282fdbee8f24194ce24f7a1c2c70b435b6565fccc992b51c54708b97e2d92b15

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 661cfe37a22550efebc1330700585878
SHA1 fbba63bca2dda1108a2740c764f87e4e08ffa9e6
SHA256 e2416d5842d6e12d3cee017e5286a17abbea89ee183fdeae353233b8887c951e
SHA512 fe85258062eb5b9e64768aeb69b7f8e1a91cf2b52c1ecb8adc7e888f6a1c4291a51c10a18740e99e295a1756cc89a60db5704baffe98908190b45346fa0fa8ed

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 d48283b66995c0940c6b658832a85f23
SHA1 ff5b92888f789ab8ba79faa8a43d94da24a20191
SHA256 5a97d124224aa02b6a623a641373ec0c3906b90254e7c0bac3cf8d78e02d49d2
SHA512 93bb8b849764bb36cd365fbf8d94dbb5a9fb83271e90f0359d698ca7b99b914de388995062bc3003c39cd37b2fc2b62661213c60238aca4b541093902c8d2a33

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 71fcfd85b60b8ec4eca0e5fda8703f39
SHA1 22710b0d75ed88679f5f844b9cbc01f00ffe6233
SHA256 2178fa5a4f5b029779c983526a7f87d0b77cf8ebad29d98df5fcd12b0be60bc7
SHA512 ad218334f3c292d1d80ccc1b2eaa754fa4dca5adc663145269386b761022fced85e47e7725f477bb364cb11ec5be00e453e73234cbd905ec084d2b7fae10f84a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 4834ae8fc993725560c1fde54b3bc7d7
SHA1 4a9677d0fc3035d04dd10f4894382262b36c91b3
SHA256 24d4bdee5ecdacd66a5c713e61c05dc7580450913b6c6c1f5fe462a0b4b2939e
SHA512 4f989cfebf4aa043ffe9d5abad51987ee9f2b2601d245de45516d08fd54f6ab3c1411f782aa83d1e4f7a7a92143ee8c0ca3f18402c66d911368b5fb1efcbf478

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 e764625682ec5a1df346100900f6e2c6
SHA1 06720109fd09ed2e1be3ed92a642e929f83c13ec
SHA256 9b5980d92bfafaf66d0c8887aa3f627cd205a4b80f9e25174ef4086454915ca7
SHA512 d1bc6d8b22c49017f13ed52f9eb520bb995d9271a3ef8cafef7d72f1f79a970c5dde7e383298a434453cecb86aa9a01617aa549a81ddbed4db95c1fa0b2dd1bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 4b93a8fa63aeb3a33ed6a625bbc89f9e
SHA1 3e2888004bd3d1374ec711e0c959c30c30853c15
SHA256 a69f879041c8d65f552c2f428bb67c949b93ee0f8b3ffca2ee1de8ea2304126f
SHA512 359db021535b66c795bb1e6e1f31e50b4491026ab0bbf8bcf6ef4dac597ec416a495a8542e02ae279085b2a8b94c7c6ed52f68245776635e68c59188b42270ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 0d446c0d9287889af0a6d56633b5d48e
SHA1 7cae181f5a63c1f7c9f35229ae0473eacbacbd79
SHA256 72f42bf049613210669a7749b2503422e2e9ad8eddc62ea1ebbc04b5327b8bae
SHA512 fee2d79f1b4164cbc1c25a0f5e275c89071ed15e6262ba1d1ed74f0e8b457e7343d0755e02cc2853338541c72fbb51267390b64c781e60c65aba60b02df2d3a2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 1b10d2ed5098d1929a467c719b7acc82
SHA1 8f1ba11c9573324fb07137a9af6ba85b569ca56d
SHA256 44f01b1c9a99081117d1894c2317713e13991c090378ea9bf70a16c48b1da3d7
SHA512 80f1278148639455be43fc387306f7d2d379ff67ba0e6ffeda6aa984a2e9ec85fbc1fe7cf0bb9eae846169a82738cf44b9a1743b6c7377e59a64fd57673609f4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 5ef758f2da333c9993e3ac7d112fb9b8
SHA1 6aeb4eff8ab913d71b3bf81d09a8ecc11f606904
SHA256 dae3ac5f388bc7563d8897184a62cd8572a30757898d7bb8f224aa22a307ab70
SHA512 a98aa8e8c03f106b78accf247de1f2b4a27b787c3ebeca2971f9ecfdca33a34a1287839645668a36405e559f61bec70cd60c6354d21189d01ff19d00f205c185

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 4564e8f70680a6e25935abba6c2ac53e
SHA1 c37ff7ca2bf3f0110f75c0c6dfd4766b358f141d
SHA256 630c32b0147e88bab260dcab729e142c8467fa1973cc25733031c0048633c9f5
SHA512 8975f4609dc62d0fd52e86cca430031a5a5ed651502a17d807e0c7dd3e262e6ab5c97c8f7c80dee5c7abe55453e55fe8d7616fa1c905416d7d6d296b4318578b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 45967e31352bccfaef64181379237178
SHA1 b042fbede3e13ea3885680235f5c35ddfb7b1bff
SHA256 9476d27884efc5e96b96e95e00ec4de05a3b1fc0b4d0ce172b424a49cf76a76c
SHA512 69ec261afb6ed9b4131d8844992256b4899c460e155db35cdebc54f3aed9342dc26d0b47480cec9c3e8f3648b6ae2f1f0b3d3ab9ed211f8803ef764ce63833d6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b69f9b338617ea8d46cc7820169756c8
SHA1 c3e1349c465e7c17f6e4ac827cbdde4206ea33ee
SHA256 bac409740793fa821fe50aa32b33772eeaad8da6c8e07cd96a83444f44b40189
SHA512 b3e68d6181a9ecc140a9ce7d8a1619c7e2ba22d8ef2c1838673d8083fba001ed49f6ce87c7c84a28e15d8863aa3476c6aaa634c8f49a7a69eb46a8c8cbe92e78

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 92397110a6fde3de5f7705788a99a64a
SHA1 b4a0e2a76cd93254d684e130f8fa64cca54ebdcc
SHA256 745843b04e3168eaff3baed6f247206037f74c11e689c27856b0b102f33cc008
SHA512 6646730f82aeb12d0f3bcb94db327e217c931e1b65a5bd96b862e64dab8c5d3499d78a9b77c4617bf0f7a731e2cef7f29b9ec42b834ee8d79930b55ebe3a662e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a847d4816988e46c507252f6fe9b414f
SHA1 83f873e95b2ac84c7fb5602f587edeb94c1ee403
SHA256 356622144177b15230fda10c26a4fa6ac2d69b1700210b378627173a1d9950b6
SHA512 4a0122e5c717e6fa59e71ecf716c38053eceed0ed60d4b910dee22643de958f16bcae0bf666ec361b0c0a0d5750cf5939210944fd3b7a5dfcc41d6b444d8bb16

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a06d68ce89da7a71f5f05355fb2bd34f
SHA1 852155035175e33cc9cd5bd6a71062bfe90a04ce
SHA256 15cb36c03c88e3420ff2645f9e236a3b2e7d5b66beee56a5dd14475a6ebc3e6f
SHA512 d7e2f28f7d0225b6508f053526ae0f0ce3e4332d5c6d9a858f79241811a2be0c5f59432c23bf1783bcece5094d4c408a333a8de5136c635a48ff19c8b42e36ba

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 70e390d39475fb51a7a79d0ff744e08d
SHA1 220a83ab89b9b0cf05585f88e8d755186725e0c5
SHA256 0b2a406d2b3f07e43bb8eb733b9cc603c4bfabb9abc5ba180efb29234111b977
SHA512 108b67e8c6c7eff2753f8812d1ae6a66d6270abaf26ffb3cfd4e9c3ee996f8949bd4b8080d84e333933dda01afc38a4816837f5c45a8ee9bbaf242e886d29068

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 da2caa3f0273f4ac7c103a40b9277420
SHA1 7792ed2201cfee0f8d33b6447b6160a4ffe264e9
SHA256 452472faeeabe84957857b3aa754cb83be6240836cdfa32ab202faed5d04677b
SHA512 cf1cc059a00eed894e850a5e3dcbe9f4df36987b1c02983a780f7c14f15d18a5dd1b49bab9bf0d7d918e49a56e143be9688a8d80c6fe52d6a76efcc84cab5f9f

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 054be8884b485ae8e656a73fdf073a3d
SHA1 b280387f1036dfc24e272dffe4a608296313220c
SHA256 02c43fc2319e4618fbdd9f5665e0b4b9887c57c55e7142d47b01326b07b67c2b
SHA512 0b76bdaea4db8fbfca45081b274820aea59f17096e65bf4a8765cdb96677c8c7b2eed4840aad55d844d603d3a02fd6a17a64fcda2bd13d87646d7ec91bd3b09e