Malware Analysis Report

2025-01-18 20:39

Sample ID 241202-1wpj7s1kgq
Target ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118
SHA256 31bb6623135868e94dd21d8850f79a132cba87ffd70434d4ec06359276f1bddd
Tags
xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

31bb6623135868e94dd21d8850f79a132cba87ffd70434d4ec06359276f1bddd

Threat Level: Known bad

The file ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2189) files with added filename extension

Renames multiple (2208) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 22:00

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 22:00

Reported

2024-12-02 22:02

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe"

Signatures

Renames multiple (2208) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\erofflps.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\splash.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\DRUMROLL.WAV C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\COIN.WAV C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115844.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR39F.GIF C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_59f90b40a942117e\erofflps.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp1.jpg C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-8.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de44258d81747ce2\settings.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color48.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-19.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_over.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\trad.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\icon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\11.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Default.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Delta\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\item_hover_floating.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_over.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\graph_up.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Festival\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_MCELogo_mousedown.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-13.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-14.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8dcb8bb83ef0bc47\settings.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp6.jpg C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\graph_down.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-5.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\28.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\weather.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\Ringtone 05.wma C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XLYPOgkwnmeI0m1.exe" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XLYPOgkwnmeI0m1.exe,0" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open\command C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PLWFFSKOJSYWZYV" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a6d5f24e69f91d9f3e4c3efed189c94e
SHA1 ee51780a545203ed5ccfffbcd6c222426afc5962
SHA256 25a82c9d5b8c79afa9d1d9b1b898a3f954d235d4a26e3052a8ae9aa0572ddc14
SHA512 d9f1677954903efc9921c3097aaa16a255d140dfb7e0a8cc158471a2f2da95820e01e079987c593e5e706d830302b64aa0c555648e992a5ee654ba77d83e328a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 bfde56200d70c7c58a956336caa2fbfe
SHA1 933120101d74baeb5f7658a63510f494076b0e5b
SHA256 0142d401b47e49a580ebe1839fa2d1346ab1158b541c6e765d8c0071dad231a1
SHA512 47066c69e259ccbd5e7feb0f8d579d9859adad8e556c34510918bf1c5e44ffe017ab2e37e6169b447545b1fbde93e33b0e9e0de739ef620d623b72419261ea3f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 11564d5b5c181bdcf8ebde05c7ebecb6
SHA1 0676fcd682d44fa17a6ddc5c037a21bb554cdd3e
SHA256 bcb73305b2620e5c9a16de92264a6e983e83668c6d6330642e13f1f0bdf1af10
SHA512 cad77136f7d7adb4097be7eb722b41dbb85672f652b4df93d6c541ce0782acff670cb7040b3de70fc353263179f91f378ef37e10328945dc17b0d730446cfcb5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 7d7c14cbc0655abeb2149a853cb7c848
SHA1 df82d89a9a21493b21fca15738d000056271f44c
SHA256 271496c032b714c984f7fac695ff521e2ff9f6be9e80b9055e1a0f8d976f5361
SHA512 9c9ba7034ea5d0462e3b25f6ecb998bbf16a851e31574bb61a5c0e1905834bf19fae3f4bfa7d0b733fea9fa755895d54244bf32dd54d8da12ba422231338cdbe

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e8276ec7c6c87ef144cf6dea70b2d310
SHA1 1904a9ca8d4e181c665ee94665e635a1d81aba46
SHA256 5802297dfcb8113414a5b9674377dd47458e48affc79b29cb4cf8d9573bfdc08
SHA512 1cc908abb6f0723c47b70c16042480f14ce55dbc46423693d82f8366ecc097837899868622188059e52630cbcee7209036ca67c518e8eca41936c2f30790d174

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 fc7b6d1c976e2223f187a34c94317799
SHA1 4161b28657510a28133219c280f905dccd76d105
SHA256 cd197e8e018960c589bc6e4dd73b5fd5c5d6a490bcc377edfaf724c5d61a1f40
SHA512 b8f4a912f9f56a8b11e113b2f49a5607f62accf318b0faf000d51e52afda07a25927a8ba823ebbbf44b745fe1b4feacc11e95d7d3537f5e3534898aef4a83cd0

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 3973e13831cec4ba689a9c550a450b03
SHA1 fb359e109f3fea5dfe3a2d47de22da7057bc7b86
SHA256 43a64f1b0b02c86874851eafe1682f22ec1ffa801e22c558074ef0fc072404d2
SHA512 e6f29762c487dfc5ce94a780ead98328aeee5d70c4499d7d0bf86e9fbf73d6c93595fd198070744df885d5ebdee1de5763e4c75a4f5c1771a2ada313b1d5e46c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 8aea000ffa12c63de9b6dbf8e44b4ebf
SHA1 2eb4adc73fa1e91b41b4cdf50e85ca69f1df80af
SHA256 72558ade1e803fe24057c20a98df5fc18787ef309aa36a22e97ecd82bdd69c48
SHA512 98cad45da8367c2112c3dd8b050c25f6e005c120de082df8ed1bb58ccce03aa8d83f1db8e4dea3e48786c9335a27d2515e24a093020154c39583247b96b110e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 8ce69f1e669d418a7d41d78e34a075d3
SHA1 3c619d3771921ff3f043edba8630ba845458c557
SHA256 5e432cdcbb3acea7fba5e5a0c07dd5fc0cc39fbfafac8f2e33c8a30f91755e9b
SHA512 10635eec5975bb1f729546030241e7c706f118cfcd412aeac77b0aa8a06956d16d1ab9a367110927fc1950780c0567579ee4b38942a164cdb2e244f85dae786d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 18cace66d22c30739676a32b043c68c9
SHA1 ef80c7ce65a966c164dd88e15cf4d5b52cf22185
SHA256 018ad838c8c93579087dca38edf8b0c2c758262fb941da240f18ebcfaeaee7c7
SHA512 e0e87d909d67be657f0f70a7bc303fdb78d46df4fe92d53bc2b62a7add102fd86b3a573d07996674c405465b83252e667825aefa35b70b4a2988ea6e4d2f2a48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 71d00fdfdb0c9908e4766f373e9282d5
SHA1 e8dcf46c038269f641a1cfc2afe51f261f873b9b
SHA256 542cf94548d9adf38a7b4fd66f371388e68714f0f2d76239462c726515820635
SHA512 f3fc504ebb0cc5f6781f9ed2074bb131dc2200be227baca90c5072e20b05d120a6fe3d84878ba4c22a343a836c58db665a5ad2cd7a779c873777052dbfd79a04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 fde51d87d84642de018c9aaf71c05e8e
SHA1 06d79fd2d6d8d4eaa7eb2b33bb93c3740f3c8d05
SHA256 af4de768106cdfcf32fe84562d8216c6f0177c22aab790ea7266721b9d1467cb
SHA512 77f93c37d7c8b039fcb3bc0aeb72072c1c4b486e9372065778fe83a498bfec0bd9016fc1723dff60937af518ee7b3b66ea79a88ebccccd3d0e38ffd419e97c2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 f03cdb78c259031867a63042d18ddeba
SHA1 fb0e4c79002ae0827745e9f4c62d3a8724440d7e
SHA256 a7ad66e6484980c3b0f7039538fbaea033e665079017f8a64c6667599e5728c4
SHA512 d750d3131196e2edb8ccac9cdfe31a35394818a5c776cd6a8ecb3032fde62a580368cc861d9e8d5f1f340098d6280968d0e82fff84382f9dc19e09c4df2d4d81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ed68d141ba3c8c668da6cece217fd0ec
SHA1 3ffe798c7b07f9b86f083016351b77fbea446119
SHA256 5e6f4b34bd0e6179d2b6770a2659928ee162e4ea756ea8e1307c0b8a3cc93536
SHA512 cbe772f20571b9a7423f53a88b33ab3f0f5d01faaf607a5a3086cb6f9626f5a92744a6aa59c0005affd8140fbe5c6f150d4158f463174092c014eded4fe909e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6b8db187fdbcf656cf1c4670e99f4b3f
SHA1 e7697bf1d5cc2097ff75732edf37496273c7cb12
SHA256 e37ac19dce48d8f374549f5272d4d24b624eea044b2bbcf5a61b55f55232ba8a
SHA512 8f5322249a361714d63ad343b28cc108b7edb3a5c8bfd810294aa5fee6e55299fa9ee1ee3d38d84e1249de1cd4fd53cba82f6893a6a10d778bdaf64b5c6085be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 87b5461b280343cf64ac9ae0901b1f96
SHA1 ee3d7cfe48556bfe057964bd11a1ebde202e8a3b
SHA256 354e786af5e5826da949d330bc7f70f10a4ecfd3f084f4ffe37f723ddb295220
SHA512 53a4e0b8418b04c6e3afe267d3a8e08f5dfbab32fe8bd16035a69b1643fd816640498724feb1486b6f1fe311340a1df3de909c9e2dced75fc5ec24c610a6ecbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 72a19d6f59802326532d2d411621fb54
SHA1 1076659a94b3b19a3986beb8a843c800e5f41047
SHA256 0f021770c58bc8e7cfd2a383d81364196862bf847f3d736e69010ff04f75630d
SHA512 8a8012056e5b143b28cde03df1e927b07811eb3a21f2c974f48a5ea411e73d2a742b64ca0ebff61b453052820dc83ba67b3a73bf8d07470c9deb17fb1aa59482

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 682a8eaee497e75a25385507974d6ce7
SHA1 7c4acc6c268fcedb83c86551a937ca7913e1879b
SHA256 e1e19e69be626d4e74c11bcb947ef04151fa04aea8d12e55b70819e18d53dbf7
SHA512 11dda2d71f7b2b0abbbc901fef18dc398a7b3945da13592ea736348d9ae8f049cb669599fb21b4b38d6a180546b8dbedd654a7a509f27f4d0dcd888422f465a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 21b3549605c87e9b7145b3bf4a1bd0f1
SHA1 bb545e78f2fc4e6069729f49cf84aaaa0c8636cb
SHA256 f7fe710a08747028f2f23b1ab8742cc96972b63f8eae9a7f11b4d1a650d13971
SHA512 8331344164de338a8d23c688c547e4c7fb7568a233e1bd0ca742cb87de33fd87a693df9bc20e22720b94f6e1d359b5b3bc270bced9743a5ce0730ce87cb5a050

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 f2bb1a1b01ab3245b31b638d50c55f75
SHA1 175d4897881d2b7327a990a509abaa702cb47ce6
SHA256 7fc6c54e5c72de9f29a1ea69a8d4322930f377d9d78d0f363d85b5b320500cdf
SHA512 c8c02673c3407c67f4b9883f492aa2dce87e60f33475031e5874f961c8352ce1e32489ef9f550439855fed5025526c47a8d9b743942f1ae9adde98236eb44fd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 8c8e1506b9aa296cb053cb928870edd2
SHA1 9d82bc6cf53e9aafcf92ceeee5066c0617c4944c
SHA256 6fbee37cc1a0b3fed74804a1f3349095a9f298f804bea2073ed6ca2d67cbad3e
SHA512 c056cf375e4f10e028c05afe1cd3552c6eac76102f6ad3489f037c221f2cc44c312d935b27efab3698689faa7b2cfa64b8ac3bde97e559973bc72cf2e976a867

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 93645fb370e515538e2a3598b64b8d04
SHA1 a8245dd03811d4e3e904db7b06b33b2aeb68eb2e
SHA256 8d2720e68ef8de77c6c53d483439597eda5ffa6632b6424849e287707f72970b
SHA512 3ae4bb66204f5cd5759736f0480b535fd21275135e34c27a1951d7c42390f7388432e6030e2a7900a461b83893ccfd30e219c5f10971b76fb915d72299c2c07a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 e9041eff0dc5ed5271ddca431508d905
SHA1 b1390c1eb89c910a51cb6f5c6b4ce5db1aa14ef5
SHA256 f0315e9a646c4c319780ba3367f49290f76c4d10816aa821b8e3c68d58a47e38
SHA512 f4e3cdeb771ce4bae7b3174b460db55c675fcb532ba4e576ad77104d413adb9cae1b6cb4a34b12c500651f07b3405223f5e34c03f5577ea82bd830f68d3ebbc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 951f32b0616e945a6b030e0b40bef010
SHA1 77ee72c1f9a2995281dcfc61e5b034ae7726d483
SHA256 c943704ccb8ccb0d969ef97a51288443b923c36bb1d9742c1c501d5fe8ad4833
SHA512 88418daa7c9a11c4c24805c4e0d28e60498c510c2245a22ace48f81704635a30d3e463d2d17f75fadc7e321121002a5d577393ba97ba8fae9af8774a69ca788a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 7574a82ecfcad2b45e43215cb6fcc10b
SHA1 b7177e3f9484d1917366994dc59e2c3b35626df1
SHA256 9fe541b13bb17a0e199ce27791285042c79d1a05ac33b83c3bf70836a06be65e
SHA512 8e4814e1e3b720ee0f9e63840f44e3668c9b460e48ff0400f2fa44eb25898610800e21ec0c4139417ba78538c855a297ab06e1bd7d07a7339d466a8b0ac63642

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4929acf371cde7759fbeea7d3d4918f1
SHA1 356845d3e9ef997573eb15c80ba3bdbe81d620ba
SHA256 6708ddfd9b68d33d70359a18915f2afeee3d29aca41ab0ffc3c6735833f64a0f
SHA512 fc123d5a2ec4af134d4c97b62450ca6a1b402af11732b7b0d0b1f79b15323f023154c86213b3f8157efe2ca8aa69204c364f0a4d559e78139049d98686ae4ab9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9d06fc72652016bbdf78a1dbf59c2961
SHA1 061a2037cd0d884a7fa6e682c392190262619030
SHA256 ce268ba647f24714616dac3708b4da887c2ebdc752afc51fd9804a869fae6262
SHA512 47b0d823304700b7866dd2ce0ecc7275bbf68d35d65b71793d3ab4fdf65401821d669a5f1b7f058e222e3e5b9f2930d499a2c5f5b753217dbe4a47b22d353844

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 74bdcb543e49b437d432059e9474004b
SHA1 bc23a7cfd8d5ef373000fe818f0603a9cfe80fd2
SHA256 e2cf5032726b6068405da8465d785f874508ff3851ade1d73c2695121917f8ec
SHA512 9e912f2afd2dfa37ddfd81666590a6c2996d2f1eb6427b4831746f7909fbe94417db4adaa4b5eb410f5926f5b3b9d7e43b8b9d31b0c8a3616fa4084de5aa04eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 1dfbff0e453784f005fb40b4c066e3b6
SHA1 b4ebd7081d20b70cd8ffa9eb364379771fd15027
SHA256 53eaf14c271b4c98bdb609c761bce241c0884cc0d101e2525102b16861492459
SHA512 21ed3fd9d98d1ace47eacd986e0981b46e2912e2f100076487a0f85c4e5923031db243f6c1a2dc7b3664f4e2b023c5738d16a306d08568756ce05d5401c0cf5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 ec627771147a0c2186dc77d35e1ab067
SHA1 32b9bb4e6a983efb48c8e9178b8b8efcd9f34efc
SHA256 39c13a8fe07d4c361543f250697a715271b5441f8b8917d39889010a4fde300c
SHA512 5889e4fedefe7ec2cdbdd107f71f2e738894648e0b640f04d599811c1f90e9fff3d322be12a9a10cbf4c57fe52e4a3979eae2cb22e7a535ac5a2c2833ce59e64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 80747cdff907ecd66d80acbc99759a8b
SHA1 d88e594509e60fcc723bc299a59b20a035434352
SHA256 17254949ef765c70ec8651a1cc219042fb697beb6a5bbd0bcf7bb5a14fea2c9d
SHA512 a1502319a7821184c67db87aff32b4f7d89f124b4996d82ac7d5ac62fafb72d82d1b3f0ec4f64b0df852c6cae6ea7f7f19eca2a73cc7cff92516119425118efd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 be5ee5e41754cea9d00556911765e4d0
SHA1 2ea9b3b1268398161ef87e2fbb3eec84f174eb04
SHA256 4e42377a0d96b03af239b0055aae3123931d2f713bc24585243f7781f8278a60
SHA512 e1d6c34d5760bb960ea73a29c318637f62a1e5b873ac836e2c8859a456ab78cdf68c209815d03492eec596465d9f5655963ebbcb751451b4f102b5114ec66290

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 cea05d9454e9a5e3b2f3629008b7745a
SHA1 13d77b4f5ea7ea6a21c87a69eccc012fdcc909c9
SHA256 e8c79c12106b8c62974d1d36a0328f32d5b188859d2083db4a53a95f24274b76
SHA512 496d4dfdf84b22500aa8d6c9a94fa0427eac4d2f6e650d597f82a0e7397785078c455e005fb41ec117139d4d63011c4d3a25345b1f47d6ef532abc5da91287dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 8250b747d62fef55d971141018210bfa
SHA1 43bb36ca5f3f19a5e7f002f907672b333cd08da1
SHA256 1e3ec2236a66654397d4bddb652c0cdf389c9866e7eb92fee904102433d3e1f3
SHA512 790996d83e5efd63a59e54adef5480fa57ee3763e6d3b9c59e4916011fc7ab6a74631397086db5d15539d6d2534910049062e7484016024353f056e6e85f57d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 0d73b0c28dba940928f24c838a736044
SHA1 451371ccb25bbfa849bebd61a7375df727a5aabd
SHA256 3a4a5ea2c95ba78ba958bb495a7a99b8b3153a59ad3cd347b27522d10d18a787
SHA512 adbe11f947479c275aefd3c46279372f043086d77cc139e5646431e506f12cfff0fc5bd9b646ff3b665246f301d89a8a8a92caa1b526466c79d72ff1f8b20047

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 30156e1db957a15e0070f7178e9cdf67
SHA1 a4da74ab081d56f81430a3b7b546d9d4340e3fc1
SHA256 99eb561705c3712d8fcf73f66054f5d68e837338fae501f9aa0ba3b7c914b69b
SHA512 d0995c2e6381581fc2caa4f65b9f785dcfccba0f2000f4ec60f920c3e61b2069c6e645766e3dcdab36dcbbbd0b607983a725ed2068d002ff5b524c1e62e57459

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 9e5eded59a0371b76e42f75f45715bc6
SHA1 55e3859b498d8747d8a041aa5ef1880c40a298ee
SHA256 2153e754506a6c84c54f0de46a4773e90b62ff0f037a4b3c342bb2314135379d
SHA512 a5f53187c733df05fa95788e652acc2bbf3f835a8071d8c2abd51f6b8c7c9b18f23580cf6eb9280471bc147001990a0f6afe74481d07862dd04cc8914bc175e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 f150ec16bf94209de12e53085a93391d
SHA1 b04b6f70a6fe6b404821c027d89f11111aff703a
SHA256 2419faa0e5c7f57f62d4aebd03819b511f40c8818b3cd9c187bf1395150e36d0
SHA512 eba7b6f99d9dc4acf093509fcceda548b30e21316d4b16687b0fe6581ff3f34679593e9df70adc8535a4851d867acbacc708f6bf6251f5e74c6a3be4935d53a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f73c66c2b37a8cb4e49e8ab6532da26c
SHA1 130a85a5ede430c83516757c957227df7dd952f6
SHA256 0cf1714059bd5d69a0324b8a54aa8ba217a4d096497503df41e622d5901f3505
SHA512 60b449815aa396444e8b382f203201236a164bd3a472bbff76280ccdae76c594c7f6efbd3c981b0afd38e9d29497c59b2ab516f0817a8644e3acd63c8467009a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 f9f2b5112b44fc840bfed7a335c6d8b1
SHA1 ad7717f595425364c3d2a8227eb3d2873d853158
SHA256 2b506e4800d1295457b0a160034a932949252b8f37aac296f78b5d3c61eb9c5e
SHA512 13d18a882b11e1a7d494dd41d7a808e3864efbcec50756454526caa59006af15c5cf4ca8f2ab6dc13d6afcba3fa6573a7e039d498afa97c719497b9dc616a2ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d0d8a3d91802c545774439e5a060e24b
SHA1 e487c7eadc08f4dfbd80bdb6cd1f05776392d1cb
SHA256 544b47c78ff60870d25eb684ff451d7a848520561b984304fc3a1c1aa7c92acf
SHA512 8e90250584c2b36ac3db30ba73cf126faac36729e384fe02124fbea27707de2ec4ca56e9b5ce04755f68fba220289bbbd31eeb1d710871e9fadc45fac346724b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 954a52532ce7629920276ff1aaf664cd
SHA1 ca311280ac5bc9f70481506f8f25b665aaae3aa3
SHA256 eb4ec0f4ebe815b6454223d46c92178df32a250344611716e94330d9da4ee0aa
SHA512 9d0cee90669d29d13106ca6b7626b75609deab6cc8a21bd877603a0a4a11742ace67867b5791a2f8da64ff9073577ad52a45b528836c00fabdaffd13115a89a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 cb13731c4e2fab5f9c7eef614298129b
SHA1 bb14aa19ed01c8e2424410b8773a4ffbb72acf8b
SHA256 20ea0bda516f8870ed9af071f450b14e6b766a23ee068788c4a481634e9a5901
SHA512 a865cc40bcbb166bd0f72b6254f305a75206a126e7476e13dbc38da3938e520b8c91ab3ac18a84d05072777b1dd2517b17376a7298bcce5b39051ccadd066b58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 1837a0455ffad6400311db11c0ea8dfe
SHA1 d709125e522ec4c0a347fa8cdb810166ca8b7133
SHA256 2e7a7d3b4c09d5dfcc6505792927202bf296c0574d2a990975175297a6dd9954
SHA512 8c93b79a6a931dc7a166540bcc47c4c0672b7b6b70a96c5ab7aa5a9ac16d4d7e17cd69de30237bba258a28025619208c162eb74547e218180b0ca99c8b083e30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 554a8a38af1d9808f7216d9dcf5e2396
SHA1 af8def40e8f65fca6be4f9df4735bce5293a58ac
SHA256 ab9bd62c07f3a196a875e89477debbf73638b550d1f15a27d9e69ec460350011
SHA512 789977ab7b8b38cb07a5361e5cb4b4af06ef3d6c966e2ece79c1f0ea647399a500754dc24df8f1b8dac31ac38d34787a4f932025c93089f8f099edd231dae862

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 256bbec366689647eb13a46f36773ff2
SHA1 604c682432a0cec18d06476b1f07ccbff6e7a0fc
SHA256 ba4aadde8ec8c9d4acc42edf7f51486de729a62a7e26437acfd7c39604440cc4
SHA512 c1e29398c5800513af2fdb80ec09c00b2bcc2a2957448ab712e9a97d4fbea9aede6ff527fa90b16a448bd491a0199c8b0b0692b37afff14b100b57bdf10be972

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 729ac0a0b366eb2bdd0d21a701df6d3e
SHA1 deb852afc138c1d9bef39140fb26fc202d9ab9b2
SHA256 e843ad5f663f6cd288656cbadff68b487e5b5a222389b8c37ca524e02bbb342a
SHA512 b6f4d46484f1af896916f0f17f4bdb4b782eeb70ff595e1cbd2edefe60ba94dcbcf3f6c045f38fc7f3e3849ba845c6a202fe735f2d397919e2b14508d818677e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 de026ede7e46774692a24743cd767526
SHA1 d55a51ca0922ae4f66911f8b861a32df85a86293
SHA256 98aba5845b7afde5b4bd2307addafb274238c42b1d52a7cff62ebdc9de51bf88
SHA512 ab70a046fb4ef869ec14fecc655ad3e8b98fe75075e35c75b53c031789033d6b9c73a08594241f7a8d584576c819ee4ad77854113b8fba7ded2bc5bc8b5fcf66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 ff37b845cbb5e44cf5875c5a2af9ed05
SHA1 a70f64cadef3202eea277cc5e69ad25896181e8f
SHA256 94edae4accffe42aa68560f3e449b68c0810f8432c6cb5fd5021a370c993437e
SHA512 11e31125b647e7506fd5cb14df809b6f4ca7d4b8c5f162a74c9eb3d4a61e7ef2ce2b896c03ab59d79aeba3a54c8cae1842cdb006f1917b0bdadbab4299978fc1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 ffdecba025c15bcb9910d952b5f21b32
SHA1 d6bd1b56267e5d2be66fc2119a293df85b56e8a6
SHA256 d6a5691456e76fd34fd3637f7c75d4d83d2476f0758a488d247d27288d7d4f65
SHA512 07d88d33d057b1fdddfc64a6846c6a821f6b3a2a1fb58b8953868d85d74a68bf0d39dbbe1e92b1029aab5fdbed6b7e0408fa170401a328932ed80187ce46c731

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 883701a3227e66137a27aca31a173aa4
SHA1 d2918192fa5154cd11aba415915e245b5cb8fb74
SHA256 5e0a12b57a84faf01c5a49caa79a6deded532bfac07accd52b2cd9d6e5c292ac
SHA512 d1febc658c2c912ae3b84402ce9b9c0f49b1373f44b5f8e9afb8fe1928ac9ef2b14a9b15507629e4139316d8bd3599c70f0f75c37b4ba80d00475e1cc69209e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 682407f3e2d9f7569a9a910c4dfc2cf5
SHA1 25dbe0b9d8838b57484f3318f78a5eab789971ab
SHA256 de2bcb7e52f34d82da0c730f798a54012fc474754f5e630084a46198e414f31a
SHA512 9a0b70c3a0ea11b905140b306e32d3c04fe5a4a8619055075fde11880c42bb6470c4543dbc4435dd7e89752c3d24d0c6e5b6c2c4caced1c24b285c4902425f3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e975641e36f88fdfd5f496e9910abbec
SHA1 39d9074755ffe78a26ff3561683cbaed62c39b9a
SHA256 2509fa6f5ba18b664b24a96a35e797aa6c40e616423116bc1222108aa59f2e86
SHA512 4edcc2d0a4d20821ffad81062a8e1692b71d206da83aacfa892b4afb0a5ec046acd768a74487c48749e8a527953e47b9fa32cffb054519609f7c235480066a96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 a141aec1f6e7974e231f6550804d5f3f
SHA1 2fce1ce32119e7dedb5f1c9d4eb28c87b5984042
SHA256 37b1ead64e554d67ce1cfeebac0e82f8ffe880b4c48acaf9cdcc5dbaf86f8880
SHA512 f88838cd5cb36370ecf9971061ddc72336635a1622f9414b663a62a2019c8edaf6a1db2cdf845d2fc8248da8043f4276c71fc6683f24a63a8ddac4904975ce32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 49a16075c89c92e6da2f64b24352087d
SHA1 111592cf4c627e0c8b6553676ff15e3e6736b61b
SHA256 b4ba1fe406c2d3ff379b584793702a26258f43a338cf76a0bd3ebb0efdb6b85c
SHA512 e239faadd2e8a85a74f751c24ae4fb4ab21bd0fda739afebb1a9b236c2eab861c55155112b3d4fc91af72a0c432140906ada0a2504d9314a332ded68c9dcf5cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 9bf59b15b9c173f03ac4d4a27c7c3ad4
SHA1 ddd490783a4d36dc85c3b8fd4a70d8b11a24ac31
SHA256 526fedbd60b63148ffba2634c9b376509112f0e3ef6dcfc136ab66c84c1ea077
SHA512 ac98591508832ad33032d3c97cb3af5427f624cad3eb56c37051909db9bd43c3d1b9929ba0cca51fe7d674ab7d755c6ebbfbfc691855c99e42da7a9af88d1b13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f0d93d8f91f1807b9157500df19855d8
SHA1 c09764e312a3a1ac8a7f93611f1ac66676157cea
SHA256 beb83fa663776101d413aa74f2ec8ac43c13f7f2cd4d9d8f493cccbd6b6c0844
SHA512 9f5ec0e1c28d74a8ac6e156df3df82a21038b10da569fd69389fc3fd875344c32f16e996521252c329eb0e4e4cd6cdb229a3370f9684c9ceae0a84c347bbac7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 d03cf9e4ad8334fd93cf7ac11b940570
SHA1 0881ac14309c4a0c30a63b17caa5b025fd058979
SHA256 57a2b0086916abb463d5d203a34b11bdab1f67ee7279b6cc38a5254650dca6e0
SHA512 fef848988f4fdef81b494dafd611da51ca4fd7fdd9cb7d071212f10cf0da90eb9dc9e0b3e06c17bfc5d41622acc75f24d74b3ed1c8765194d81de5e150f978b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 42b84a8ab97a21302829f4851f6558d4
SHA1 bb91d4d8e2fa4d0c72c38b3172a38be6fb242366
SHA256 ecc71450cbbcc097ee075dc5a3c861f9d11f7828683b694eeaa6ce13d8ddf4f3
SHA512 2fda74825edb7fc89767f4144d09f529e8c4e602c7f510ed31c7c058b6cadcae4a3552bc5b458b54bcaac28f5f327c99cc72f93d07b370d083d7b7a4d345d033

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 6cd64562529845122ac933248bf2f85d
SHA1 91e4307517df5054cf30f554bf0953a82327a01f
SHA256 cfd61884127f2758d6bd020db45e0f8306c73ed1882316973d106b5a762453f8
SHA512 c9e20dcb74615af3c0dfefdb4b3d40d54ae3546351c15ec874fbb1d93ef91d720cbc8d8bbaae02d80ce6d1f39f1ae592f8d9331b228284abe07601ddc8ea0918

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 16cc244c8d679a9fb2032369b704feca
SHA1 b7c57b9cc50317805c5a25a98823048c9101f96e
SHA256 bb2055f99d85b67c0b2c7c66038f2e9c9ffc6b8c10fa49779019fbfff5a9014a
SHA512 fa469e14c3b0d56b7899f6df277b3332f08de659f84f0307786af37580089eb8ef49ddb386608f93a5c95f9ea078489d8c5b2ef81a5ca02153cf1c25e216588e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 13bedebc18e769eaaa20ef8667035aea
SHA1 ff56f922c7cb166ad12de06aa1a55f3c740d95a8
SHA256 72e9032a9451e06117d9303154de2ba0f46c5844df5676479350414f42b5cb71
SHA512 95de4ffa9b2032760393b919127b74cdedec8419d175156c441b52941095d1d635433f5e00f6ceb740766e15ce231437e734a44796ec42a841efa0f9e017a898

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 3ec6098a2914f1460c8bbde344303211
SHA1 bb07af5799e622f39e5380ae4005822fcdaa3644
SHA256 c3fc52eafa93cb308584ab47e3364c992c7e140943788ebe00f4ae02f84271b4
SHA512 bfbe621523499db9039d2e40044c26db76e49edefdfa06afb3b5367f2f3adaffacb553741a0bbc36b94f68127667f4c59a78cd0ab4f99ffba51ba7abf3ef3e2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 7daf8b9bace08f979d43a062ad493550
SHA1 0babf2eab16bed14c50f075430dc6e60de0515ba
SHA256 ce196cdb240425d74f1a359aa25f5be0cbe3d08cd312b9b0f59c4e8983114170
SHA512 e19523a70beefa212d22edc3f5fcafeb242fbb170674c02f4c7990504764b826ddf7d5a88cf06f32e028f1af2e7e98442cd9b407f3fc1de2acc95900d5cfc065

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 6160e582f11312e31f9e41964109d92a
SHA1 a1d724a871a8c8eb625cfff965579739a7b30d67
SHA256 ffd06444a30ab245a1f86c93c1c74826e41b6778c33a9f13dba479819ca878bd
SHA512 9a5681631c01246f68479639fcef43a322bab3067d0c975b1e21ea8786380648f9e211b58233b7c6d37f67fd59126559ebf29cc9b056f007e4e8e174d9018694

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 bd680b0b05a6689ad181ef060134efad
SHA1 af4db4f7953f3dc54770b0840b7e9b26c6c9f6cc
SHA256 d71cb316ba7c728aee612bf6254b4f6b57d984383737082993a7626898048edb
SHA512 e6b14f9b2febeefd024aa8dc196147e1a46a234469816c0edc2be302de6f237b8bd835f9316f2981001bac2cfbfee9376720d9b230d60e3ee17245d1f9ad7a96

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8726395d225de45017ce3ef8ded4d556
SHA1 9c6c99b1694ced8bd066ec7b8a85273b8d546d2f
SHA256 df3465807a7d0f6b8d66d37d0dee9f35cfe41f4cf26b5dcb666316101353593d
SHA512 687342fb233f030ab3f1438b02858692150996e27d5819997601ab733b9944214c3b29fe646a71103b7d485e179a829df225f352fda17d89b365565892679bdb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 dc0977f93841e4032c18f270772a4cf9
SHA1 33ebda87f601c53ffc68baf8d6ba18bcd7ddbf2e
SHA256 46beaadc7206812a6a536eec5a7b51cc32198109f41cedacee01b3a1c8821f69
SHA512 7ca83096d3109ace1733557274319be1bb71588bc2099c74c2a6ff3a8041b2df2f5013a02dbdf885c9cfb2bfe431d6e9f282de334368391e21a8f75137d38166

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a922d97d3f5268ece65d8e9dae52edc2
SHA1 b5de818ffb37c56271cb3a801ed583a8f78f5e13
SHA256 82d32978fb6f1304a104514d1173e12a303906deac5c6d6c6ec2fed62a2801aa
SHA512 759738d6e99f0edc2e96e38cd594dfd6cddafc823e8109e9e6e7bc065fea896c5c8c3826db1b393a6c2c6739ddef308cfa6ec6f7be5fd9bc3efccb1ee8024c0a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 3136ba3729d85a279fc8bac78dcbdaee
SHA1 bdb2cead9db03737eabf4739012e385d784790da
SHA256 a57f0e9f387dd7c4286860a68f7074d5040057cb10d92ca06aefc3eeb3a4beb5
SHA512 92b23a249e78681861af97ab4be386b1a3cb3c3f65542356d949b455915826314fc5120949741f1f39f1ccc1ba1fa30ad1a8db269c6ea64ca9c5a90819ba9fa6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 80db7ffd6770acdd8e105b28ccde6ea3
SHA1 175ca19948ac4ea3784f28d9b6c27265104a2136
SHA256 be0ac9b32e31d818f97554eee02931c67e098864677293b5ecd6eafbf2ec8423
SHA512 bf8b1f259f56ef5af05eb1760774b362966e65491ed98874cc1aadbe40c5ce384d59aa3f8e40df65799f403ada7357bfba067839cbf9c2bf252dc7e1915c5e12

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 851c808a087e68885b19c38f6e18eaee
SHA1 2ea62e80daecf15d7b59564023c1cdc544e02395
SHA256 e80accfd0994d3ac33f46c267cf1e2ba631b40eb529888d315a18685e87ae9f9
SHA512 40e92019648183a5203dacd879917e183435041a8a78f65138da41b9118bdfb4ba4b0679138f9d0ed97c36e12e6c109a09ab916a43412faa05faa9a279bf1403

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 507f33795f876683efd2b79fed05401c
SHA1 c47b83c85da56cd5df3d5ed60a3104f98fa30d91
SHA256 6c721210f12ad015ad82418acbd2e0facc3f332840c795b4e83e8038204e33fd
SHA512 c219544af1cfded170511df26577ec57da2a17e3787230c58c12131de105ed6a890d6f8716881b5cb38b547195b4c6540b8ee99f31a8b6fb70dae03357906de3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ba5baa818a6ac49574bde1078efb77ef
SHA1 4eaaef8a9c55bbcc06de3c9ecea9dce30a449268
SHA256 34cd5140f21735ccc28e111a5d87f82c49d7b258668008e6db42ce25cc76f8b7
SHA512 e0e33727a1dc639f4963d87690355903eaef6a9c8ecdac6a9feed8838d040a85086928d2f30fbae48553516be55de03a9acd7738aeb74293106e7bf62ac3e779

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 710b4493be29ee061967285f9910f358
SHA1 1033102ba510d19b054f3019dbfc46b1a6cc8479
SHA256 e81bfdcbfc615160e9c54cb8a7733398a40c26fa904ab105ef5a393a04be63dc
SHA512 48e9d2481b5b66f5aa6b7ebf3ea624453ac0452b06da2f462da7e307783f699d8b1ab80ecd6d44dfb2817b050b200bd5c7e75fa7e7ae7daa2de5244320a81153

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b73109c001bd4a8654ec61084ccd609f
SHA1 c0ee3a4367151af70b92db1e8cb372ec0ce0b7ae
SHA256 0d766f7a1ed604ad8d82721beeee001d1e644b279adf204098dd09fdfeec2502
SHA512 417e8c38fa5243b7facb4127aef7325101c5f56b5bac033cdb2cc9e0c6385f479d8032c173f020edd7b23d2bfc8bc1b97882e02e062bc363cf0237a31f75d5d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b054349d66989c151032de8e5f8d465a
SHA1 3a8fb9beaf12910d2720c46c8df13a5f0aecd785
SHA256 110e60dbb8f12bcf2bfb4665a1f0673e3e5ca955508d8c15eaa5d3dd55ee9b48
SHA512 301def1e4ffb153e4b5408647ce6c1b13c68467277defecbe799b769241f8fb869fef9885b8caa36c5660b50c52def767f410e354134a0a6131c3a3ff8edff0d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 dcceff16183f8183df0ea74427dacf47
SHA1 4f9f430ec5617cf5a290fe3ae0871f67e17eb2b7
SHA256 b3af675a9e4e34e46cef80ada7485c91d88dadbe8c3a7b2ab9f357a646fe894b
SHA512 859e24764e85dc4bf9011e8e3fa09743c31402ca6a4986d307fb86e14c65531295647e1fc94c761160c9a90cc833ebfe93cf6ffb2fd5ee1f57e0803973c2fe42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d3b253f8bdb780d99ebb64aa3486dee0
SHA1 dea7fa7273c3c88bda2f75dbd5ec229e2ed639d3
SHA256 5feb70eaa08c0b0a2cac17598ef996ce02a043b888831c5ef42e79671cac6b29
SHA512 754ac7a11ffb61e047b42f14511d354bc1672879e9409fb687175d7d9c4cda2ed209bd49e4cf7406c3d90992a0be0ef19c2641ea6a1fcca6435ceea2601f8b4b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 88fc6c84135e1d23ec6bde4d79425105
SHA1 a3ecfc8d5c5d8cb58700f56a0a8b7d9c462514c1
SHA256 7d0af975f6e0c5680aa01d60978ccd377f515736c0c31d46f9ea26cf09c5bf1b
SHA512 91e267964914bcab9a3f9f8275d32c4b011750dea72c14c460db1e9dfcad88b43764f83cbb654751b3a975abed2e07f230ebf814fbb18c7a96dd00bd0a656faf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51c4426ed1576c1042d6899d87c2ea11
SHA1 1a9d464d7d7e450bd6744847ea846638e3c433aa
SHA256 2636f0499dba8afa0ce7c3112e71fa6c4aac58aa863aeebd409c4bb9769a7591
SHA512 3b1a9c2dd26e881f67b2f98ccbc747372f590eb986724333818d043d757cd653d3a4396bd25ec64364935c369979468108b9ea049dd121d7b918c6cb3226e838

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 321ffc71262914aa6a1fb088b5a53745
SHA1 346a4adc27af5953aa8d5e7dcb03e2c8f003df3f
SHA256 7fdfc0e567d70b1528f4028f02fc20730fc9a3340ec25b319c3e5f44f4ecf672
SHA512 3f811fc2feae7241906b718c3af7d26979f030b4d73eb4482b6b083fb17d9ce290c4370a0f4bece9a1a2a91cae6cd5ddc9ad7a2a719d7a628970a45ea32a051e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 bca8dcbc2f808c34dac98567ec294991
SHA1 87d80d54aae31b062f4bf7fad9052359265d6809
SHA256 23937ceb8c00d10ed53f14b0907d4308d1d2ab126b313f3732c87b068aa05719
SHA512 e265d42794086acabbc9d8aaf8e2c91abc3f844902b90bc834bf80481eb8dd9b7bea286f89894dc7336d79a6c79534f97c33cc089994883d8530248ee3039467

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 717baeaef12377a0c109faf899d61fde
SHA1 0381a6c59fb08d9dcaf2c6c6a4b27601f926c073
SHA256 03632f2150e7bb0d283e7f941daa75e0a6f79c849a2846c7996bc8f5f2194550
SHA512 b19e8019ae74a8f60fe8dbf6d0ce342c1190de7dacbd14f977bdf6142e21d62d75a2aa940f8ad4a65ffaa74bf899254956bb924eb77f6550b6e0015a5dd4d5b1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b8786c863b30cf6253292377919a6fd4
SHA1 e321e40d797bd0181261b66040dffb678f939ae5
SHA256 4c41bc1c76c5abec6f89ad9ee9752f7b0efde3a638f311e734eb8457422b21cd
SHA512 9f8d63bf03d751e4bd0c69e1e0a1d21677d7da3bad3c5e6fbde0169f89b9fb10eac7bcf0c6f9b1c0af365642f8beaabc386b8ef44c935e264be449628a15fde7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 351ce121839ebc20d6780bcd499cfaa3
SHA1 153e1ead29c32e62968ad21f5ada33aa3bbda098
SHA256 5ec3cf1fdd514fcdbff9fe44e1b44372d66c176c07d65a93cbc68848aed0bdd7
SHA512 390216dcdbe09c59fce1606985c41bbf8b94531ba8731468fa543a0f0143395afd15a041d0e3560b7bbdea0716fe27804961e13b9040e085682b57607e502902

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-02 22:00

Reported

2024-12-02 22:02

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe"

Signatures

Renames multiple (2189) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\businessbarclose_16x16x32.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_super.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\shutter_button.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\torch1x.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MarkAsReadToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\LogoDev.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\LockScreenBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlFrontIndicator.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\ReadingListEPUBImage360x270.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Ringin.wav C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\http_500.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\DefenderAppSplashScreen.scale-400.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\404.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Assets\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\wide.AppsRtl.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\wide.UpdateRestore.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\Windows Sandbox.lnk C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\instructionPointerGlyph.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-256_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TinyTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a673a811fe1122c1\default.help.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_04959f34117554a3\ODBC Data Sources (32-bit).lnk C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\WpcBlockFrame.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-3.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square150x150Logo.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\hueColorBar.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\http_gen.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\LocationIcon.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\TextReply.scale-400.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobelanguage-main.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\BadgeLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-usertiles-client_31bf3856ad364e35_10.0.19041.1_none_df86f0e7b84bf07b\guest.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\MediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\servbusy.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\X_80.contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\LocationIcon.scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\PhishSite_Iframe.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Light_Scale-125.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\unifiedEnrollmentOnPremAuth.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile150x150.scale-400.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\pdferrorunknownerror.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\conditionalBreakpoint.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_37a8fc596f462cbc\3.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\BlockSite.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-14.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\servbusy.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\SplashScreen.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SplashScreen.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\Temp\PendingDeletes\ac21e33936e5d701088b00001815341f.VmChipset Third-Party Notices.txt C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-17.htm C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\debugger.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\nointernet.html C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PLWFFSKOJSYWZYV" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XLYPOgkwnmeI0m1.exe,0" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open\command C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PLWFFSKOJSYWZYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XLYPOgkwnmeI0m1.exe" C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ba5fb50a27e431b58ef992b9404b729d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a6d5f24e69f91d9f3e4c3efed189c94e
SHA1 ee51780a545203ed5ccfffbcd6c222426afc5962
SHA256 25a82c9d5b8c79afa9d1d9b1b898a3f954d235d4a26e3052a8ae9aa0572ddc14
SHA512 d9f1677954903efc9921c3097aaa16a255d140dfb7e0a8cc158471a2f2da95820e01e079987c593e5e706d830302b64aa0c555648e992a5ee654ba77d83e328a

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 5e82f6e7814057f0fcf3fc5b3cc9e3a5
SHA1 18be7209357a21eb5adaf7de6ee763e16e849b12
SHA256 8cd4f63efd7f4656a66ee4bc2bf84a7f5e543ef2ce4a77242995185b4ccaabd1
SHA512 69e379f3fa59ac7a7bb186d4581a4c4e712778518b9ff20fd2eb1c5333dd6adc85c97b2ce33d3c2adaa49b3c7e6c8054f3716b8e6237191b4b573665baceaada

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 b8b07e51fbaa6c464808bcbc50a2ff76
SHA1 cf47493f885178fe9d3f5754b6ac38f30357a130
SHA256 45aa4410b49302f06bad9583f687d2faed89b941f883f2862da65aee670b703b
SHA512 282355a41982718efe2cbf5b7fb1bc8200ae36587f5b20f17e16fe189daa689b5876f4aa90d2f06fc6a05b710224e0a4341c4fdd02bc0408c75f45f0b3493fc0

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 520c42e4a84792088fb02794051909ef
SHA1 64589e150c84f55fbad7d7c91191be236662d5fd
SHA256 5e0e2fb8f7fdf21f1cac5636f2d7a31067852f7b64c355c8cc25fb28fac89377
SHA512 5d69f5e106425300255321cd7fd5321d682f5eee40d7e4c7012c58101a1caa4c3e1b8f46fb389b713bc94cfb89f6f00244d2becb85bb922aaaf7dd1dd3abb910

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 11c7697e2ba1ebc1439cf1e1e2d03fdd
SHA1 45b82dae078c247073138162f2c9b2c220c0e4f0
SHA256 1690d4a3228bfa24c5183ac01d491a9993f7e6460c2445d720a60c21ece1dc32
SHA512 dc2cc7a11bccceb7d3b6408a4740610113ef9db22984da21b324442ee8c11cf0e3efc8ae680c2a790c3e32b01a33fb5e14f810336e1e9800b9d4c2feaf253af8

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0316cdab21c9316cf0b807ee6b21ad62
SHA1 d95858f5fa527b8b6ab7b748b8b84ec3819ac9c7
SHA256 23f600a69dba5fe1e3c83b4088ad9f0a70a52d9a33a10dde4f5082f2946bddbf
SHA512 e884a8a252b4ed557a0be7e136932ef315550ea3c8058767d2cc90b9cb6b1d1321cb99753b76452f03e6eb42d8679b5bf00f19e10ebe9ffc38cd9485c9adaa11

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 520fd8724719a24e8349e2cb200b45fc
SHA1 899978e86b1930367293f7bda490e4cbed653544
SHA256 0056e8dad24ffd58b0344ac92164ba396d0a913b87833ab7c45cedbaddd4c76d
SHA512 6d9e9f316cdb5978fba6583dc65d0a90c5b3c39d89902bd19e67bc5c4843b5e51f0322cf45cb2c3935bc90dd6f30f4024546bac0ca674b7b7d5c3d71d9d96c4c

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 b494aea35d0998d82dc11763504226d5
SHA1 bf3111db3a906a56c140c321fe75c218edaceee3
SHA256 9def82b570ae004f4012b355c68c84fb585178d3755be6d4f93f28d17a2ddef3
SHA512 29bb7c4029862acf9ddbbcf991b3d6e116f659945fc59212819bc1ec6bcad153d6d65bc1c51426a52c10f42068195649c0808f081153e79e3cdc77d7f747d8b2

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 bac0572904a63599773df5320b415e6f
SHA1 dbbd3e7a990bb91fa72741a78310e4037b6b82a8
SHA256 9b190ff44543af5d965d51d7ee6d3470131636236c6ee9c0d7b1e516b63811e1
SHA512 abd4a58eb8b3ddc44d9beff46d7158d1b58f823681f57449a8d5b7646731b4467aa3533e203dcf730423b31744584c50835873ecccb0904ccf491cc8137f6c2f

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 5b5d3fccb431c3a95ed1ff080fa3840a
SHA1 e9ea23676a00595ed662000b95e28c285e50c830
SHA256 4e171c02f91eba2e6087ba0c6b5778532ab581187d78d08243efe560f0b644d2
SHA512 6447f2a63adfbc9e8b83ae888cc95cb1610cc3a080954e0d32ff58972f84bd5f2fdaf23b613d1ebb205acdbc05ae4863bf45ad49c49b19e188334a66a57e765b

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 4b21ca2b90dadf96ecb587ecf776f26a
SHA1 67e40500011b85cfffc75d248f4e8a51a5e416c0
SHA256 3dfe5f875ec452a59d092ce7631148aaee9a3580a52d5a39079f0360e1a9db78
SHA512 e9374cfebaee4ca9a73e56a4a028357b71c6f7f5e43c8427ca8fe3cb75b73dd8164c5f1915310646abf835715a6d0896544645d25de5cccfb0ec66adccdbfa77

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 97e102db78190e0f1180f28936527021
SHA1 9e699466d34efd799e2eddd2709c47d9fceb8807
SHA256 ac993ff8346c52b9b507172426797d4fe866f06bcb09ab421eda51fbd701b5ad
SHA512 4d2487a8576684b7b514d35fe98f644f152852c9c0834093976cddd428af66a40b6754d40d87dbd4eb196cf6716fcd51f715b85c0ae6e302a2a3f5bdda420ad5

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 8bebbbb9e72d5c0fcb7b1fc39516427b
SHA1 68d82448ddd4c2f954580cbb73b8a446a95e355e
SHA256 f370aa2cbb36858002ea3f222a2e0f1381c9ac6faf1619282c28bb63d899e54a
SHA512 b30ded7ef5d94bfda91312c1d0a6b38f21a0ac7910b0a57d1791aba43cfab52037233eddaa75484be9438a07b8614cd202d181255d30eb15193cccdcabc28f73

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 22fefbf35d84d160ece676283e77962e
SHA1 7c5fc4b06d60b086fe6742be8beb2dd55eca2e17
SHA256 f500c663d87c11c91e44beac31e944e2003f2ed2bd972a97f5020d27bf77895c
SHA512 523e72f553531fb1dc2ecb1cae4b4239c1706ac30ef6a458875c73e3a768a0d91113bc219c1ecf638f28680df46b1f84be69aff5032c2a751e8f6d91605d87d3

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 38347eec6c4bc4c69e4e03993c3c5336
SHA1 5f2410df226a74d5b87eb584ac771bb963537f6a
SHA256 d74d2c6d3fe1a25c06cd49b6b1a6b0439231fa5da85e1e6643fed6b22be63f7f
SHA512 fba13ec130fa70cec28254ecc51ff9bd05219e45a950ce2f20450860bc43dc4fec9db169bbef64b46e5493d26955a0d6e377c9116439e8577a9c95780b8b3540

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 50f3ba869ac72d49639c507f5781c5bf
SHA1 d34e348c1a66795fe5f42992562ddd6de38fdbea
SHA256 e30ce1207eb0eaf1f0617f76d107b33561ea559273e9dc3c1b26bea8b2a3d708
SHA512 e79746187b34aa7f691b94c70e223adbf934ace11627978c04a0f438b2993c7ffdf76663ccfc557c3ecaa1a5a51df931a473123f8430b5c9f55195ff4a193ba1

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 599695b5403d6d4c3475ad945235460e
SHA1 53264ef456cd9af107ca88df1f4f9d7e487a470e
SHA256 162f153a5286f3eb07aa7f4f34ca90337d3002c8af140a656bd234c3c3555303
SHA512 05269bde65693991f2a15574712607a77f522172605e577511e7536f7e35f5265f4c8424959cb311ede24d64b3864ecb50c98a8002fd1cb26232bd1906a4bf10

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 7b98af32fb577c62dff801d71a933333
SHA1 5b002ca838244ee5edfcae62eaa163550cb8944f
SHA256 5dbdf79efc9a0fabde5818859d8cdd9349955a2853ebc816bbd003c4ed8d7e38
SHA512 b99cf06bfdac0573a72b2622b81ad7563c6a9cf7a54cb6aef2e9d0989d799d8a7939071295fe61f20bc137894745526e02bd8605ca69ae28f83e32c8743c85c8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 80b5e0895b87d161cff626cb68eec48e
SHA1 852fc9bce8d3011d11b640c706dfc6f17e791a10
SHA256 e1d504aa1efee8db0cab284e0622577ec1bd6c47a640bc9e0288de2fca130fe5
SHA512 1c43e1e754e88e01cbe08cbf01913107b960f500f403d0b9abd89d884df5477da9b693a17328cac01177dfb283ba788141d729b2680424503f22adf517aebd30

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 a1696927d8324c316a996d4ca7350e73
SHA1 c6e651ed7cb0babdb07d907f2fb254739ec71934
SHA256 526bb41104473c97524c3239afe2f87b85c024200ae5618e0cf156d50457058c
SHA512 fc3d4480734b91d83c6fe5241497ddd5ede4749d6979d9d31215d07858389eecdfbd04faeeb9d193ee5c6b6362ddd3c2bb00e76a27c774485f5d613aaf0783b2

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 ba2fadcd6d9b0c572150c7a6f26d4f5c
SHA1 95ae45c2d6a844529dcbae541b2a3fd4cb2ac699
SHA256 cd4436c74712e720a3f6d2cc71deb1b26708f7bd6d047c41f657493d7705c29f
SHA512 38e9521ad0ac1d5b309250e4647e685115435eece2d40f42bc8c58dd0a5c687ab1784cf0df822754327e559d887115d1f38ea5d1724141ff5bc7c577abfd7e07

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 99fd4d01e0510ffc3b39d80b2426d470
SHA1 6bb815bd2aa2849fc3758f61c563f667283bb46d
SHA256 476ca643f22ef00135bdc146b46695c98449b8670d5daf3c74058036a1f60dae
SHA512 7d69fa8ef4b94e690863fa15646fdea34b8dcaca66e2675559415e2a5df29cb9ec821922cce02b1318267f8c38145d8c329950f5982d6340aa8b8c8e7f0b38ae

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 631fbaeee5fc95abe0e9d104cf0864bc
SHA1 56e0376cc6544f1fdfaf651e5015b08c47481fbf
SHA256 896dac27ac9ef4720d345e5fcf82254482031f1625e6040f52c4aa1bf992185b
SHA512 d236c41c5ba22a3809723fb373ed9c9b3bec83c098134058e6aeb9f42a1aebbe60ea13d78e244d3f22e5dfff48df3d8f531938c2443f7d0209e6d8e4c1172b82

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 b3107115737a849a034d2d931fb30def
SHA1 c80c35256abe6daafb6a290e697e7d29f19ca26e
SHA256 5a3fd768f53be5a33077db69563bb42cd02eb3892eeb9a5e345e14c5d2387b88
SHA512 b58cfa46de13aa87e9eb10bcb83bb8f062579b5cadca344dfcf8cab8b2a4a54683ed8e492138fd0499a5b07e6430114bc652df211198ea547a590d2124febb7f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 0f0b20df5672fe5b412c6c7a779a771d
SHA1 88f31676e96557faa0942e8ddd72c5dc9c45b9a9
SHA256 93555cc692f1d06beb0e6929de70015a95f93cc4fc4ab035552ccc1324bda042
SHA512 480b9e301c7f0868278a7960c45a375b30ff0dcbad2064cb788a01900d45a753c18faa7a607de2eb525b8e67fae7df80d12be70fac3d5782b7edc3a7b386c411

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 0ee97c6d89854838b76e9bb9b6920f5f
SHA1 05e031940f1c67774227db73e5a06999f52f8e6f
SHA256 24ee2927260beaf28aac3c08a43c5b7cdf4f293fb0b08aab451bb905c60131ac
SHA512 5846690c0951c0ebf021d133e9ec8740663d623bb134a881dbff960cb4d5c904254f26bfa3a5fd68e585435c7512ae95dfa8e1d7ea937b0baa622ff8d4e0c10b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 34e4816bec0d938cfda31f5a702e14cc
SHA1 1524750ca289dca0036701f26462912bd62261e8
SHA256 7af824c2d2907062f4bf0f3a0d9b9763025ed0ea040b9fc87186e858237ce9a1
SHA512 1832d4bd04ed0fb4731f30e46bcaf8f65f202fe858274b27ee838b3ae287f258bc49581af967aa1350d31ad247c99f7b7d7b63a96069e982ae67e92b9cb16ed0

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 be2d7ebfab44034a0c91467dd0edd2f8
SHA1 8d9ed055c153b7693a7d4554bde363d4fd442195
SHA256 79b8c2726df672d43afee4408afa19a484f1b87e7b27c42f383c24db46a5bb71
SHA512 5dac934618bbc42b47eb13f44cf217518846f19119ff46c4caccc60702606dd1e9bfeab640fe84f44ea52fcb9560fcb63a28e639603f5e0756b96c03c319f30e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 29a2c4f9102b9163f94192e308b09324
SHA1 7fb3517a695d13169a5a71da12a027152c36af18
SHA256 3d9237addc4c317699cd49a049df3d2e9fde91e6b6abfe483b0d323cfdc17fd3
SHA512 a755a532012fa74d07e80b46b57bab039b505d0b71bb03fcaba6b9d3f49e02519e4912f92a196eb3ce9a448957af0699b22045627d1fcfcc38ac6b26feae2478

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 00310eac747d02606926082b3b0d02cb
SHA1 9ea837657b3fef4f1c95a2e030f589ff2ca100aa
SHA256 f67d7c266f22a17f4fa77ab40d43f33851a3f0a81075867d23220c0d1fda1c35
SHA512 dbe33cb3aebe41478b430303cacf16d1230648d6b99615c2c57a255b8c556e01e9817b0aa81486bf01f127683d4d1d100d88609cbf5eb43266f77e8c97ddbd79

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5f468af3f831eb7371b8bfedcee2cf04
SHA1 d7b43c609442ad246313711ebed424c7300a4a23
SHA256 9343e4889f7a64c33b35e3785d0c44cc8e1890efbaf67c355bafe6c2f99480b4
SHA512 3af0c0560dbfdaf5ed663ee228b72e14bb924d14367c24a4137294a6ba7ca611793c4bd05b72181748d4e61ade4e99214842c0b6e84842e896eb7b98e910eaaf

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 75510ccd1b9eebf874fc660dcc067677
SHA1 58aacf30b4927729aca236727b3dd0bfe42f0cea
SHA256 0edb411eb4d536e0467f979a12bf7f373bc2107dd319787eaa47bad9136f95f6
SHA512 e661e35e5a15520755ce5fdc91928a296a0f29cb621f1bac4888f7b458f45d3c0ef2bf9892cf9d7009bfa4b7ca099bbbf0d65972e9245c0b19c8bbaaff2535d2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 45668f3c93a09b0202e214c1d7d82f65
SHA1 e95dfe7ab0063446f2decc8eb4d50dff9eb6fa09
SHA256 4c16fc70a046ea031db630b2fe44ef9be2ec556686b7c4072e94475abf472f3e
SHA512 3e5be7ea935edc8ea73a97383136886a1ab90ae74b0a70a726d493e9a84fce34bdff1aa88bb77f52095b4f0607dd0fd9ccf38fd8899c602ad6e22b98fbeaeead

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 beccd7989d83beb5d86a9b08f41b4879
SHA1 3e8b6cf69514f8c972a9e8dfcee6426c6cdcb4cc
SHA256 c8dccca0eeb9a56ef63a2698069b385155cef83dc38dd858bc60cbfdb257ef5c
SHA512 fbcfb57f29030c2341d584c0c970014c9fe292c5d4127d67082742b2659642bc0b1dbbc1a1f780e47341a7b744fa36cf8427ea1f9706c5679c0cac0b19632aa0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 f4e1e91f7659dee5950768aa50723da2
SHA1 ce72b5fcc8937c1e6258359b371747371cea2d1a
SHA256 b243c336a571d10b185f8f90aa14eb197242833c7520c2019c567a503d592784
SHA512 da7454c4b53afa4872465023828f15dd174a2dc4aae3e4aac5a0922095c5f3803e8f2485973b3c6914f059df9807eeba0ddb4cd9e506310b1fe9dcd38f7bf096

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a55ec8561cb6a2d34ece24822f181898
SHA1 d72163e02799750e4f225a15d8c368f6905bd3d6
SHA256 7d80d0e2cf98cb7126ebf16ee6a418e86920f6f37658284e375536a1a02cd609
SHA512 ca69d19dd701502fbe9cd5c7d26574980866cab7bbf070ea15d238c4af577f6a5200ee336ec5280e33f912acfb2bf97b07832f21632e9f1bee793d07cd79ab62

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 4c442c22f851e4fb290474bc278abb0c
SHA1 a4e6f1243b40292719ba0d4b469d1f6855ab7587
SHA256 ce2a761850380c4375e112720bde398aaebb5543c3de9625c22b2cda7dbff2f0
SHA512 c927fda67366acdeea5ab25563b41ffde40699c91f364ec750aa74245a83612e2b7178fd4e1f500fa5ea8e47a4d26e3031f9ec1aeae9a044281f7d14cfceb306

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 01f061c37a1ca074019703b222339b1c
SHA1 e82e456f2e99122cc1bedc9958ebe228d3c75dab
SHA256 63da95610206da820208d249e91611ed625ad18a305d65b3cbfe0ae43ee02ea1
SHA512 e1c652b4d95ce52d72898f8f03d445478e2ad81c993869fc8dd09352072d280990c7e2dca666e1ba62dc4234fb6a0e5f619f126e66245380b6b1bfffa6e5bde1

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 e4c1041c817e326b5919920430e64e02
SHA1 faefc505eb9a6a1b870af877cdf125ca499acb8d
SHA256 49a588af4495b1d3b62b0f59c8b774cb34517ef5389b9ba3b0791cdbb02af7a1
SHA512 8e223654f905dcea27cf2efb03af001727b8686bb70e3fabaf1284a2f1a5278002c8f3255be1d734860b3f56d645e851464f5b6cf1f6d8db5cb9845480eb612c

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 44f1d82c4ce6490deb3d54ef2debdb07
SHA1 171bf01cdce14424fae90112d566ac3080d16611
SHA256 a79c6e1e60b13b6c51083c38ecb4cc4ba028bcbf374fa468a434018df46236e9
SHA512 cf13e4c3ea8331f4f5f9d0916ca8212935fe6b155cd413001b4c1bdae8570141ee8512c589d1f381778fa08d5b239c12c88b9602e1f4556b370cdd288d3daabd

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 5015dbd980ae8e8a51c5d4d48e94dbcd
SHA1 9f24629b090756eed94d84366c8dafa776aa1e83
SHA256 923f3d707495811698cb422acab0ded4aac0c6c5b90577f346a62242882d78d1
SHA512 58f1efa1377d34fa2a60de9d3f6daf341fa04bdcca85b80fe9a228016af3937fc1108ffc5a1979fc6c18db35389290ec2fd691e82938e7784ebad66166d6c415

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 deb74ef692bb55ca19bc62f3f9c37d09
SHA1 01c07838477bd24059a1f76d5da41990ca9776e7
SHA256 cb1a6c6e107c517c01f880fbfaa68f4551a7addd4ae182f34aa3471b09981b21
SHA512 caf48d33b2627de07fec9ce23333b8592162147f6e2f668964a74f1a46f97d60d8b180ca826aaac0f130bf956c44dfe94e0d6b5409195588660cd87193bfe3fc

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bc91fdee7d1e40b51177a105c37356c9
SHA1 848acbe655de6ebf2e1566ef2cb97d1d61e5c831
SHA256 7f012b644c083a2c0c395a1439b7c85d65f8a23a2f61d55a8b41bf05ed2aa829
SHA512 0b5786d1b2f78ac2d7bf2f37520704c5254134efb74f1c4cff62bd01a592b68e4ec406930c085e93a4c5edac61c39f3e260b15a7ce120776108b93741bab48c7

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 87befd6ad8caac8b3cf8be805124c255
SHA1 ed4ce21aea77138bc9bc219c51ffaddd888d43d9
SHA256 092416ef27bf07ff453b742c791b84f9bf2b4114119dada8c04a4a9bee63d21e
SHA512 b07b957997a92a67dca680a3147fbc58e660e7b7b52b3e0d65832916b214ba02b2689a6df91b7a52e151fd10d0fa3539d27538983d1c2148f57d33d4d675d666

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4ff5aa62caaae38485d6093b259b5ea5
SHA1 1a80ed24f1099f9d21347c86fd33856aefaced23
SHA256 2ef4d49e1c366e17effa40541d9c6faeda97537828b6abc33c861810dfc70545
SHA512 9d7775c10dc0829b779dd1f51070e2684eef782377ae496b2e3e8870bf303276244f1419b76211ff45a59bc15d3ccba2c680f252da0a87613ddd6cc40d3fa502

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 7263207718c8ab33ba66d9268bb948d1
SHA1 3c2c10cf2b3b4ddcc9ed8a5a2ff77c68461a2622
SHA256 32b0f1da61c1a43fa601e63d275dcd497cb4c59f0a4e17654c55ebbe75bb94e2
SHA512 ad493fea72494a8b53c7b58f7bd92c3dde63466bebd218db8887497303d8751c36e136386f9c8b5932e6ed96bf79f84381d0798e36dd44fb2568723fd6345d0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e4c122579e9feaf0eb9d9a7f6b406afe
SHA1 15cafb3b11b8bf6d7186d13fe9d68eef89e20f93
SHA256 d7fde586e334f56f363f399e236071eccab8f4bf90659482b09fc6fc033f27b6
SHA512 d44e9a784184833180fb46f6a4ed3bf674a38ecd917b2021a62f1528cadbc2fef9551ddf51086f867a41155a14ea01cddb95f6af27cca011d9a4e4c4b1efeead

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ad8a995928fd421b46bbb5c57ff264f4
SHA1 daab32e7fc1df768cb1dd23b4e89a614f5075d71
SHA256 c3caf6d1cc0b2a719d13e7d8de419c7a7beaab3af9f78cf2a2ba3194971e3182
SHA512 5c87fd5144adfcabc3dc59c26ea228d2651a733cb0045ef9a14336cc08bbd9eda2f93d74f9ff14200ec85113927fbf4917702a7b15f0dad6cbd8120f6a826c5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ffa056572a36c2934a685596628f8093
SHA1 01982a62e04c3ea9b4ec82b53b294fd87bc18977
SHA256 002fccb4383c0fd5d439f2d2ac3c16088347125117b4732030757acd71ce20d8
SHA512 6b073150321131617f07d645ccbcce3c98e0c693ad7702112f6ff90b251afc70e886df8fb1db566838a3a632a21628a067106582af5ea8dea321a3156f66ed7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 022bce3f00532a875ebf4d0831760988
SHA1 c771ad1589ed2e30b0aa67be332f98f4458b05b6
SHA256 57012834feb7adec043af8bc87604b16f30e5a2ac4d82c9610de2f7f08cef026
SHA512 8b15d74af7f8c63f866c649ea34ca2fd91ac36bb2de3e7b94c5a59ec2dde6632f67b79433f4139c9262e9c22039e47b3bed51cdd190b80ff5fd5dea0d1a0a92d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8e0f309f8f8ad23b778f8a892a9bae31
SHA1 4fb9d2f25d66860ea482d0ecc0cb90caca654566
SHA256 c50aa2d9df3322a4ffb8e0fa1a470f15fa0fb89e4c0be230bf1572d3142ddefd
SHA512 49ed1af826c0b16612a988744836d014787b76b65de6b7db38d2aa85ec8f98af21406e56aba607c61e31d07d714cad1c870e8df0e9329d2e5f572cb1596a7540

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b38bd05f72aaf0f9691206d5a739d551
SHA1 f4a36319e9c9887632b9eba0878ffcaecceede2e
SHA256 9b0da2c063a2a25cc32d802506e329537b37de1b2c6ac71df0e3dd3f91c05dfb
SHA512 24a1956acc1af668475e495cd8361eeeafa03eaa60db8a08e9018a195ad00f75ad516d87dd0b8931449a2dd74794e6945d261c44bfe0445dfe502778e80f9171

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 acc26abb85d58b8f988d013f4e102b37
SHA1 9157ee7523e10f218cf26c8fd3bb4fc5102c5a5a
SHA256 92e23ae62068890388a6a4cb852d5dab24efc9c800c428a094a5bab07c1a1353
SHA512 613ae789b078ffa1c21ff17e6f478e6688d875ccabf65dc4b8851676e0d4a01fc922d7688834bac6b6b1887a7c26ee5712dbe6beffb00abbd9b3740391ce235b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 d2354a3fb145da25f18522027f8aabcf
SHA1 916a79ea0f72143ce185c221525abbc2ff164e0b
SHA256 889048070cd49ccec4ea6ad0dc1ee027bbafe66a0611ad9f44cb6e8446bf0fc7
SHA512 bac7b4565cc3aac121c2ca236c9b403fcf3a8b56faeb9e2cb0cf8b1b97569db6b1b10d50fdb14ebe203d6b59017322eb1333029ae1f8ba95cda763ce9547885a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 9430f051d70deb1e85655ba6a340e0d4
SHA1 a7f42db3da5bb3c3d2126a837812af368fdda4f7
SHA256 ae519090fbd81d2d96d62d14533581564782f02437007a76b7858638256849f6
SHA512 ece92ef1e286f46c087f65dd5334971e1c8a90b997c994295407523eadc65e1300c0a0e06baa027e7eb9383f31e705a1804a30bb7a1a0c7ea8eac20f05a6393c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 e3dfb709230282f27df6436ee4710065
SHA1 b7065df719e7bb5db68f071ca91664d0d40e5386
SHA256 5dd7140fa2c63536ed32dcdcefad16a3363daea25a3a40eb4ef7cbf10af354d8
SHA512 c52b61dca00ce40ae6731b02a44956b808fc3979807e89fbe279b77bca72f66d7ead34ceb6ea1658454af4ef2c110062e409066e670c2da68a67c102ffeb06de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 98ecb08b8af816101a857f64423856ce
SHA1 b97398c674cb024d3b5725401dc9c3bf7d2b333b
SHA256 6de5850c1a4c568ed641c8099b63cc279c3259490f268cc96bae12f16629e87f
SHA512 ac8ff8173c8d066b5966ddc0d710c82c6fe6a6d0caa001f808b59f5d2679ae356ff018344585df14dd8fe0824b67847f1fe3a6a8f07e0e8e4db7043f95f591a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 67aa7ff4e9c493aa8cadaeec180a47b6
SHA1 9e742ad03525a1106f27b25ba5a47b01ae0323ea
SHA256 4987175dd2e5a9f8ad69bfdadcb00e98e8125d69ebf3356b161791c2cf93baaa
SHA512 ac8821ed783324218140346aabe6c10ff7846e3399f67f68c3f36fbdb1858b9fdff3d04b1b0f1213952d9527fc838c0a7dfa5ff68c43818dd77eaf3633b16cbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 1cc8ed802c5ee45624cf813b753672ad
SHA1 468ca090d1a22e24bc1de3367258c0f55a2571fb
SHA256 f38fc774c3c576b97f290829e4d587d215a5aea69e9c9b03130f6cfb1de84b38
SHA512 98dc359277e7cf0b9e69f0352f0191a4cd9972f224e0779966a4af9f6356150fc0359a2fe6a9ba79b404822edc7b5a3db17669e1a95ec79c784e688fde2c6a3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 56c683cccecd2fc4fb552236d4436a7a
SHA1 694cf727db6fc911e6e4d118d05e9e459dea99ae
SHA256 ab537b0deb015889d8e54bdbef272d57fb755d47a05c890a74a6bc19f5b9b66a
SHA512 4c5af9c75040c4f419459a1757458d58cdc6e456798e3638c99d70b4618f04c64ded44198c5479733453e69ad675f8d792b7fb9003ccddbc3d5e01c241015223

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 5666e4d7d79addf2db3e8de7428a9790
SHA1 b72f4512b1ce88c1baa04b0c8a5216be765f3d7c
SHA256 3f6b9027fe32ab132dca4085b8c905a227322991f181a92cc31a1977f6d649b7
SHA512 4d5836a76534df1e41bc5a28d45b943fee698592445118988c4f7e10975dca976f488aad61d80cd0e83b79be9b5ad69741a00d0c12a23cbb0fe7cdff37b87c84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 ffcb6c15977e6ca6b63f76c4a973ceda
SHA1 8c0d4c8e50a9281062f1f71b8db749671fc3fdb0
SHA256 7ee2bcef65134bc16aee6eb0f0785c9875b36d3b19b32e7af002fbc1b05bb94a
SHA512 8ce5eae43e41d3b287e1194cc19d55382348b7c088ddae9a8a47ff560f9cb3cd741566cf23d6419ecfe195cf46b3fd9382362a3ee478ff0b90870f0152fe8bf9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 b45fe95ea64537c0a40ed22722e4e372
SHA1 798bdb887bbcbc984ef4d8b3e0682116808d474e
SHA256 834404e1d025e14ff0445896a5432fcbc615cf2ca787bbbbf4ac7862a0a36e73
SHA512 103de89bcf4635f1c81d9ec9c3db62fedc58dc98caee69d6f51900a0319a6dee5f583c9f6ab6ce1136387bca9a6f15b10bbcb5dcb82c72f0d401e415b36d9af9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 ca3b965678e2ffc1b0ca6be7356e7773
SHA1 1c678d8a4c82ae6bef3a053a45e9e7399a36acd2
SHA256 014ffb3016918ff9c5bdd3026e2574efb0c4c8e865391f22f271d7213938ef76
SHA512 987a5af725ca0a1411efc9d2955f5801f733e0fdfca487b5706779ebfc37aac9d674318f45b16ac27ad844f3f8be10bfcebacf941013fb1971e178b48857c1b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a2d48a95a874323476ce94378f5b1951
SHA1 8512498e448c8e7aab6e081ba5f862cabe10c1d1
SHA256 2e8951b400f9b71e41809e95542dbcea017b2804cac3c73f27b83329b21dbfe1
SHA512 51594710de5cf617fd812e687558fbd545795fb9a576234aca48a741b751020a747cd237f2057895655e70936341d4a416d7a1cfa5bb05d1eccd852b12adfa15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 eaadc5e855008ab84dbec7a7796dbf42
SHA1 0aaced13abaf920283cd9b5db2e5c9a412dfdb65
SHA256 9525f6610bf6c8295f0f63804676fdce94c38a5c4340727e307694f5cb14dc6d
SHA512 6a240ac7774f75cc4d0c272b0aa72776be3d572d50de984a68cce8f241a91f0540880e58f9999d91eebe7e702d1de87ea5decbb2ab3de3a0e01c830e558301d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 9d1f6243cbd65c7389dfc45e5ec02d1a
SHA1 aa71db3864290330dcca763c2122657a2848f89d
SHA256 73efea70a27febfa397baf3e5d9aadb1a3e58f2bbe4afed5ee86fa91a8df0bde
SHA512 62495b9b9c3ead9f08280ea189dea51e427ad5edf7ffd88af28d1222d0bbd3c26cd089b70bf371c89bd8e3cfe2708a560a10ab90b7614de66b4111955b4420b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 c80c03bbf986264064fff5a087b066fb
SHA1 3a35fbddd084cc2f13fb4a86ced65e528ab327b0
SHA256 890c5eb31ae8dd1a025efb621c3df4834906d53d716caf51656482f9ca0d41ec
SHA512 83fc333a98239e34422f253ff5001a41c9636fa6b7f08def2d9d2ae84aabcea8934a2288001f245129d2d51e7d6aaa8fad4cc859b0af04cad093cda7bd8650cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 718340dd074aac9045c572c5b0c9a930
SHA1 3cf6dcf10b4cfd20a458b905c85f2e881e678f52
SHA256 041a191e2fde6242712e6f619f86054c9ac631992d45e9c1e17e9096faa415d3
SHA512 9f9b52e5a186ba4814bc9c9f64660a7828d76bd3d68c51e6216fe8b4e604fa38ca6351d10526921716af7a5ae93891e3019f1fe684f99465389f299c5f072e95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 701444f8e931bd5c36cf7aa743d6063a
SHA1 49bc29640e154eb46ce7340a7b593aff30647936
SHA256 b19d6b32f541d7d2a95acca8facdd8a8a3a10c36510680ae7caabaea3cff24c8
SHA512 312485e470b8cf6efb7eec77ba6f7cc2b9724c5ee44b5ea4afb81621eb726b164df82d1c05368f29d12bc23fe7df25751334ac30571aa92e7767ff50d68d7832

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 d6dad4fd9bd3fa80d680a2ff54ebd891
SHA1 3e504020dac27474fc415aa233ca583145c6b239
SHA256 53fd36ad0f2ae9cef74ff9136cfbb5f5cf6fc2090b4375db209190486b9a7ec6
SHA512 8d698052a23e0c582347a560c1459ee651310df80bb5c6e656e822f6bfd2b569c13107b8e24880f51b64d85f44009777077db01c43c69671b8d3bb1baa1bdc17

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 88d062b98bdc2534ba10a3a6eabc0a07
SHA1 5c2f98b36ae513206f410cf4b2bf90b25fbe333b
SHA256 6d7fb070363bb94381ef216cd8bf16a5a03bf37aa85ee05d2bb1481ff0b65584
SHA512 c3823ab58cdaa1d2b608ae53f6524fd1077389c49c5c61c09eef4c56c47dbe862740527495a81136b9afd7f3b30571fb795e0dc4fd4cd8aa1d1426443d826601

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e0528fd300a4fe3ee677e117337457c8
SHA1 bcde56b12dde1832656f300609e5525d21e110c1
SHA256 6b3519d5bfd40529c780e8856f329ba096ed33e93f0d8c4e317cafad7b549883
SHA512 cf6530e7baa16580b090d3473adeaeb7820e9b6251d6cb3a630d1264f5fbb0397b7554f34f21c17c260741d74b30b055fe5656a38501b3251df49d2e2c4a015b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 3817dcac81f4a951e94dd2a8882bd5d4
SHA1 2682b4aa03c9b3865b9d2140d73ba0d6e2d20592
SHA256 8b36b681a23e2a8ff61c1ba610adb1925e4c6c4135a3a48f63c72d3172a2b4f9
SHA512 ebdef1a7362a7bfd9a1f2319d3bd280d092ca300318a1171cfeb81e4d949ece8baad5fe436cb0ed660b73d6d7479f142c9b1ad869fe3005cc58fa60d34e03e14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 6739cceaea9a9ff2155f2da8617b2681
SHA1 720ff203c1eb03d4f58bfcf37c274af64b0a7aed
SHA256 68668cd7ac7e41533b43e7a617ac2cf378afc76a88b0b92b19b5568fc0b462f0
SHA512 e2bfd1156aac23b0d49a2d826dc7496ecde8b6727a846a60229aa6eba0e34dfcb76e1c387f329ec3411d2b3e554b93e6ee5e36c752bba1de05cc88f4ca0fb26b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9c1c57d5b0c47b02f65086d71486fc9e
SHA1 19e9e991a9776bf69aaa563a6d6d989939387982
SHA256 2ce6c28d73b928b8e313e9ac9c3071a00009e6c8708469dff2c0f82bc0d085dc
SHA512 84ae3987114dfe6355bb90a06bc9f37a292a2b7b403980f1b35ecdac416f03b7cff7ab031eb0c82ce0e6ca916c02adef72e5492b87ecba89ff4ff7ea28f4b446

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f62f8928f8b09138902ab6758cd70dbd
SHA1 616b08866c1c2b0fcf4293deafc294256ef56309
SHA256 74b4e50e87ded548ef2e5c218123510551b69a6711237ec348666ee76f6059ca
SHA512 7ab62feefd59576ec0479184289bcb90dcbc1cc76eb09a27e5e5be04210996e60e89df3c03a5a5eb0e4d42e7f8d034464aa19e2183ff5bfe914c07cd0a9ddaa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 fda0088ed8451e6613778feb7c84bde2
SHA1 064c80c22382fc994f897a7c0215d53301eef971
SHA256 f3538973be2cb3b6b307908c344e2ad51e7b16f3e198a80c6af928ce0f994c7f
SHA512 16caea1d96b3977bbe43ffccd1b27d2cca818128fe88453bb43b68dfacc5d6517a07584964ab28eb762c8dd8e83195b3725165c854f828e04f9f165809b0543b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 ed7ff4e29c9fb7ef743e19b563c426ff
SHA1 c6c681e7b923e83b14c42a701f015d694cab6f1f
SHA256 01a0f8b8bc641d4fcafa949a86ddb3f8c3549fc156e88ad902dd02ba015acb3e
SHA512 c9baa93e34561664d71a6629e0b927711d53b62a916bce8a306a5e02b4b73fafea4ee8fd2388dd6e85668b981b74531354e10bdfed15654268e834064f2787e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 e866e8ebd6b656dabcb199aa5fd8290c
SHA1 906cb09929f4519614015169b5f1cdeea6679d4c
SHA256 4cc8a69421882fd17ab044f0247f384fcec30fbfac2c0219981a2f6434b3bc8b
SHA512 5228911605bc3240e3b8f7e8711b2e70a5d5536dd62ddee59a8a6c6e110ab4c8c696807dab2f05c78af0806c06663f38f72d8957a8d32a52b1f5a7debf915bf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7d235ed618f7c7efed4f15e18824793c
SHA1 ceb52bad283a04f2d8fd1b9310bb08c80d03108b
SHA256 897c6190fd39d34fbfca8b3278ab41c1f491d3c556e6db9ecad8b87119fb21da
SHA512 2271c95bf0a0e336f86d2c107f6b07bf0fb16835da38c3063adcd9eac441a6e26bb33a7243702af50f18f61ad39a8bbf6f99debadc22e57df0e38a7d72b4837b

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8aaa9f6bc9450a7a5a677c9792f6a987
SHA1 af82f3c20cdc9bc43314af3893c58c27f33bc966
SHA256 864d00f24fbdcffe7b02114c60f236770fa4e732ff06d1b3fc72dbec2d6f4aea
SHA512 2d71b6323034942134d1784655604e743d8762844396f19ed549ad5c89b84e088aba5f0f32423bbe23b13d622f8485bb0745db6224aef04f96384b041dd9d2bf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

MD5 2990f84ed6c950f04fb6337db3ff9a8c
SHA1 29cb046bbff9d597b519da4777dbb53140c550c2
SHA256 e58905bbf81f8555d0baba3c70e113ee73d9ad13487756cfdfc8c26291350a1f
SHA512 884fff8c0318a8db879578b795d7732eac15fa7e45d4890b191ad7c18971c1bd887f26a2fa14c90a54eaafd6de0c11f55946090ebb7b3bccbf721fd8bab68a14

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

MD5 0ba7dd3f72e0b0497203ac9017a63a64
SHA1 df938c020020b5567c8a6f1c054fe8ca08cb609a
SHA256 7bd7a0db953f00f2f2c6e4c600f43a564f87397ed9c076c604e5baeb99e443ca
SHA512 065e7df7db7da753a58376a0aef2e6338255c73e4ddc1a20b5540fe5d3397773a674227b42d03fe0993bc163a404eccaabd9e35ed6b32a7541322563743618a6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt.EnCiPhErEd

MD5 879e1bd23dc86829b205d88742a1acce
SHA1 11c44b9e961189e156bdea1195cdad46ec110e8b
SHA256 a4dee7af6c35ebced2ebfbfcd0f5090573cf270218b453133f3d3c0a5e798405
SHA512 38c3222852655d210109198cbc2e3966543666558521784c5f516ed4c179baaa14dcc31e47dc478e8d585854274c4bc917b8c7b72eed6633cb92e01a558aeb65

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

MD5 294bc18c2b3f4a14df09eccfd484602c
SHA1 7a021612859c72b36f85cfefc877c41e0f5be0bd
SHA256 10dbb7df979f9339f9ce0238eeacf2cc9be2d787560817fd5d0b4ee88461d1fa
SHA512 8c28fe021de9b431bd738145face05d707e95440e4a6744be1f9296a720ba79ce1942d65936d12160bccc867e03c3a291c976348d77897f1b5e4c398c62b26e5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 9780bdeaaa2926f6dd49aa3af125555f
SHA1 eb105d003dc9a954a3e22c2af80dabce1c2eb325
SHA256 d7342baf7456ec556afd6711a7e677160e0be4384e89db6be168558c9ef342c6
SHA512 258928aca6096d95d10878e8f661b17f664f5161fa64fa38d9bd4e1f2335b876fe481cd4af5604c52a50f6acc6002fb8e0688492720a082139035e167c3fd4f6

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 bd680b0b05a6689ad181ef060134efad
SHA1 af4db4f7953f3dc54770b0840b7e9b26c6c9f6cc
SHA256 d71cb316ba7c728aee612bf6254b4f6b57d984383737082993a7626898048edb
SHA512 e6b14f9b2febeefd024aa8dc196147e1a46a234469816c0edc2be302de6f237b8bd835f9316f2981001bac2cfbfee9376720d9b230d60e3ee17245d1f9ad7a96

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 dc0977f93841e4032c18f270772a4cf9
SHA1 33ebda87f601c53ffc68baf8d6ba18bcd7ddbf2e
SHA256 46beaadc7206812a6a536eec5a7b51cc32198109f41cedacee01b3a1c8821f69
SHA512 7ca83096d3109ace1733557274319be1bb71588bc2099c74c2a6ff3a8041b2df2f5013a02dbdf885c9cfb2bfe431d6e9f282de334368391e21a8f75137d38166

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8726395d225de45017ce3ef8ded4d556
SHA1 9c6c99b1694ced8bd066ec7b8a85273b8d546d2f
SHA256 df3465807a7d0f6b8d66d37d0dee9f35cfe41f4cf26b5dcb666316101353593d
SHA512 687342fb233f030ab3f1438b02858692150996e27d5819997601ab733b9944214c3b29fe646a71103b7d485e179a829df225f352fda17d89b365565892679bdb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a922d97d3f5268ece65d8e9dae52edc2
SHA1 b5de818ffb37c56271cb3a801ed583a8f78f5e13
SHA256 82d32978fb6f1304a104514d1173e12a303906deac5c6d6c6ec2fed62a2801aa
SHA512 759738d6e99f0edc2e96e38cd594dfd6cddafc823e8109e9e6e7bc065fea896c5c8c3826db1b393a6c2c6739ddef308cfa6ec6f7be5fd9bc3efccb1ee8024c0a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 80db7ffd6770acdd8e105b28ccde6ea3
SHA1 175ca19948ac4ea3784f28d9b6c27265104a2136
SHA256 be0ac9b32e31d818f97554eee02931c67e098864677293b5ecd6eafbf2ec8423
SHA512 bf8b1f259f56ef5af05eb1760774b362966e65491ed98874cc1aadbe40c5ce384d59aa3f8e40df65799f403ada7357bfba067839cbf9c2bf252dc7e1915c5e12

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 3136ba3729d85a279fc8bac78dcbdaee
SHA1 bdb2cead9db03737eabf4739012e385d784790da
SHA256 a57f0e9f387dd7c4286860a68f7074d5040057cb10d92ca06aefc3eeb3a4beb5
SHA512 92b23a249e78681861af97ab4be386b1a3cb3c3f65542356d949b455915826314fc5120949741f1f39f1ccc1ba1fa30ad1a8db269c6ea64ca9c5a90819ba9fa6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b73109c001bd4a8654ec61084ccd609f
SHA1 c0ee3a4367151af70b92db1e8cb372ec0ce0b7ae
SHA256 0d766f7a1ed604ad8d82721beeee001d1e644b279adf204098dd09fdfeec2502
SHA512 417e8c38fa5243b7facb4127aef7325101c5f56b5bac033cdb2cc9e0c6385f479d8032c173f020edd7b23d2bfc8bc1b97882e02e062bc363cf0237a31f75d5d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 ba5baa818a6ac49574bde1078efb77ef
SHA1 4eaaef8a9c55bbcc06de3c9ecea9dce30a449268
SHA256 34cd5140f21735ccc28e111a5d87f82c49d7b258668008e6db42ce25cc76f8b7
SHA512 e0e33727a1dc639f4963d87690355903eaef6a9c8ecdac6a9feed8838d040a85086928d2f30fbae48553516be55de03a9acd7738aeb74293106e7bf62ac3e779

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 507f33795f876683efd2b79fed05401c
SHA1 c47b83c85da56cd5df3d5ed60a3104f98fa30d91
SHA256 6c721210f12ad015ad82418acbd2e0facc3f332840c795b4e83e8038204e33fd
SHA512 c219544af1cfded170511df26577ec57da2a17e3787230c58c12131de105ed6a890d6f8716881b5cb38b547195b4c6540b8ee99f31a8b6fb70dae03357906de3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 851c808a087e68885b19c38f6e18eaee
SHA1 2ea62e80daecf15d7b59564023c1cdc544e02395
SHA256 e80accfd0994d3ac33f46c267cf1e2ba631b40eb529888d315a18685e87ae9f9
SHA512 40e92019648183a5203dacd879917e183435041a8a78f65138da41b9118bdfb4ba4b0679138f9d0ed97c36e12e6c109a09ab916a43412faa05faa9a279bf1403

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 710b4493be29ee061967285f9910f358
SHA1 1033102ba510d19b054f3019dbfc46b1a6cc8479
SHA256 e81bfdcbfc615160e9c54cb8a7733398a40c26fa904ab105ef5a393a04be63dc
SHA512 48e9d2481b5b66f5aa6b7ebf3ea624453ac0452b06da2f462da7e307783f699d8b1ab80ecd6d44dfb2817b050b200bd5c7e75fa7e7ae7daa2de5244320a81153

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 321ffc71262914aa6a1fb088b5a53745
SHA1 346a4adc27af5953aa8d5e7dcb03e2c8f003df3f
SHA256 7fdfc0e567d70b1528f4028f02fc20730fc9a3340ec25b319c3e5f44f4ecf672
SHA512 3f811fc2feae7241906b718c3af7d26979f030b4d73eb4482b6b083fb17d9ce290c4370a0f4bece9a1a2a91cae6cd5ddc9ad7a2a719d7a628970a45ea32a051e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51c4426ed1576c1042d6899d87c2ea11
SHA1 1a9d464d7d7e450bd6744847ea846638e3c433aa
SHA256 2636f0499dba8afa0ce7c3112e71fa6c4aac58aa863aeebd409c4bb9769a7591
SHA512 3b1a9c2dd26e881f67b2f98ccbc747372f590eb986724333818d043d757cd653d3a4396bd25ec64364935c369979468108b9ea049dd121d7b918c6cb3226e838

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 88fc6c84135e1d23ec6bde4d79425105
SHA1 a3ecfc8d5c5d8cb58700f56a0a8b7d9c462514c1
SHA256 7d0af975f6e0c5680aa01d60978ccd377f515736c0c31d46f9ea26cf09c5bf1b
SHA512 91e267964914bcab9a3f9f8275d32c4b011750dea72c14c460db1e9dfcad88b43764f83cbb654751b3a975abed2e07f230ebf814fbb18c7a96dd00bd0a656faf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 dcceff16183f8183df0ea74427dacf47
SHA1 4f9f430ec5617cf5a290fe3ae0871f67e17eb2b7
SHA256 b3af675a9e4e34e46cef80ada7485c91d88dadbe8c3a7b2ab9f357a646fe894b
SHA512 859e24764e85dc4bf9011e8e3fa09743c31402ca6a4986d307fb86e14c65531295647e1fc94c761160c9a90cc833ebfe93cf6ffb2fd5ee1f57e0803973c2fe42

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d3b253f8bdb780d99ebb64aa3486dee0
SHA1 dea7fa7273c3c88bda2f75dbd5ec229e2ed639d3
SHA256 5feb70eaa08c0b0a2cac17598ef996ce02a043b888831c5ef42e79671cac6b29
SHA512 754ac7a11ffb61e047b42f14511d354bc1672879e9409fb687175d7d9c4cda2ed209bd49e4cf7406c3d90992a0be0ef19c2641ea6a1fcca6435ceea2601f8b4b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b054349d66989c151032de8e5f8d465a
SHA1 3a8fb9beaf12910d2720c46c8df13a5f0aecd785
SHA256 110e60dbb8f12bcf2bfb4665a1f0673e3e5ca955508d8c15eaa5d3dd55ee9b48
SHA512 301def1e4ffb153e4b5408647ce6c1b13c68467277defecbe799b769241f8fb869fef9885b8caa36c5660b50c52def767f410e354134a0a6131c3a3ff8edff0d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b8786c863b30cf6253292377919a6fd4
SHA1 e321e40d797bd0181261b66040dffb678f939ae5
SHA256 4c41bc1c76c5abec6f89ad9ee9752f7b0efde3a638f311e734eb8457422b21cd
SHA512 9f8d63bf03d751e4bd0c69e1e0a1d21677d7da3bad3c5e6fbde0169f89b9fb10eac7bcf0c6f9b1c0af365642f8beaabc386b8ef44c935e264be449628a15fde7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 717baeaef12377a0c109faf899d61fde
SHA1 0381a6c59fb08d9dcaf2c6c6a4b27601f926c073
SHA256 03632f2150e7bb0d283e7f941daa75e0a6f79c849a2846c7996bc8f5f2194550
SHA512 b19e8019ae74a8f60fe8dbf6d0ce342c1190de7dacbd14f977bdf6142e21d62d75a2aa940f8ad4a65ffaa74bf899254956bb924eb77f6550b6e0015a5dd4d5b1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 bca8dcbc2f808c34dac98567ec294991
SHA1 87d80d54aae31b062f4bf7fad9052359265d6809
SHA256 23937ceb8c00d10ed53f14b0907d4308d1d2ab126b313f3732c87b068aa05719
SHA512 e265d42794086acabbc9d8aaf8e2c91abc3f844902b90bc834bf80481eb8dd9b7bea286f89894dc7336d79a6c79534f97c33cc089994883d8530248ee3039467

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 351ce121839ebc20d6780bcd499cfaa3
SHA1 153e1ead29c32e62968ad21f5ada33aa3bbda098
SHA256 5ec3cf1fdd514fcdbff9fe44e1b44372d66c176c07d65a93cbc68848aed0bdd7
SHA512 390216dcdbe09c59fce1606985c41bbf8b94531ba8731468fa543a0f0143395afd15a041d0e3560b7bbdea0716fe27804961e13b9040e085682b57607e502902

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 3e3b2dac28d6860dc277a5479585599f
SHA1 91f37f61828356f3a81e6bc5dc6c9cd6fd19fb35
SHA256 d61911647dc7961adda2bd8a26f0f4e35923e774ec256a201749e1bb77f9f5fd
SHA512 81a3fd7cf44973dc56be871f01c297c23efb1a86532769ea31165e31eae59f64525d5231b9bbe84fb4ace7f493207e2b2541199dc36942b8955110a83365f363

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 0fba36638e03c07e41b3e3929b80b2b6
SHA1 c3bd63e1d1b56cb4b7f943f74d0f562dd725a7e0
SHA256 c47e8d182b68893a26a636bf0f7a86d0774c6d8277374427355fac83fa232ac0
SHA512 0a63c62976c745399f19ab77efe2fe80993f538b798081b4c103d865aa754dede93ecd4ae8424a68adfe9dc1a2ef60ab2752b1c61a829d96106f48b9844ff631

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 3dcb147bc6127c98716a8e66503ccae3
SHA1 21d49f19132d0b6c453012a2f9a634ddf2d25ebf
SHA256 597293ba47c0311df4df8b66ce8eba506cffb155f21ff84ef2d60caaef6376cc
SHA512 d493264620eff74fc55653b8ea87e2c2d56577bd6c42744a7a7a34366d5d0c703236913672e094e1032fa133a49f4477164fabc306e19411c8cee413d6848b05

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 9cdfca7b42a21f700a606304895ef8fb
SHA1 f621c22f14a4f7e5790254fa7c8134bb627674eb
SHA256 6f5ac12cc4dbc28aa7625d0ef795bafafccc1ec6da6d8b9e9530add721313b89
SHA512 27edc62a02238809418f6e01451fe7ac9dfb1c03c2972b24ed3a70bb79b5a58f175971e7b12937989376c3e377f0c5e849b507da29b14cdfd08f7fe3f4209132

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 dcd9c5f9b997d139248dd42e880481e3
SHA1 c8106de45db659ad38e7acee595ed19250d83cd5
SHA256 7125768b32983b5b3b2020fd4ba4f72e134f8fd2c8ae74eda66473e3f3a3f8c7
SHA512 fd60e93f6e7c563c3bdc98533e742e772d1282c4ca7d416b2443291cff1aade88311ed9edb0e8d2c906f4bfee1be6ef8f8a2470ab628a1fdd545cebaf629ca32

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0b4c47800e53818eae9a2b334eb3fe02
SHA1 94f41d015f2ace37b65b16e991abe7a3abb42817
SHA256 2164902c551a4271226751254955479207048ee311324d66bb2281a70ba6475d
SHA512 3c2407507d7d114b80504250ae7fb428ba4a3f1ff57707da4ee456eb6aa763ed3e6f8e62b002a0324e601b8c9ef9260a37182cfd12ba66158f978d9f95be3724

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 611776034d6138a6e67fa011ab3e458b
SHA1 b35dc4b41fcbc6c6ae62d0c02c4c3b84045d9531
SHA256 6e3f6c6ac5bc078f6876a25ae8701580ccdf11bb60660ef3e8d2f78c62001a62
SHA512 b042cb33d715cf193fd5462218c1f0a205e28ddaa07b8341b99378084fc46161d507e33a10abcbb3c5cb77fc2d326e56344bca1d64ca8db5745b2011706b59ff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 51ba2be821e1f8117a9886349c971bc4
SHA1 d003ea8493cc0ba34b3bf26849d02bfc9ab3ca96
SHA256 047513358b8052c69666cc1e015df5caf1f2cdf4a13090dd1750667afc7e7c3f
SHA512 4d065d6c418cfcfc95e07efd9ccae8064b0d267086d78a034db21908d5dbd2559a48ef945e92619a0ef1718d6fd31316b75a6da90e0c337d902cb62801e60b4c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 22397c5139639cbd62a3a3ed656702c7
SHA1 7c707bf815787566277596046ca711936bb02891
SHA256 3e0c8c1d3658af4df6111a0161c70d8489a485d422bea58271d2431e17bac2c8
SHA512 c8225266186a902f57aa050b8f6ee4b1fe41976a9b174aeb65589fac61b012bdcacf4a9d3583ebe3d981c2ea179b2139d5f306ab31a8166b966a90cfe086d597

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 70ebf86165bc67077a9222639642502d
SHA1 51e85607779ce7b6ad0e25bb61ec100fc3842299
SHA256 f5f94bdcaa5b47a55338067d29b521fd72cbe636f411c125cbbe6291215e2363
SHA512 5f3e26aac5700e177e26a56feea8b445387ad13012348afc41ddee258868fb0c16380abc5fb734003f102d37512b5941922149e3037b5985a580aa16d568a409

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 52b8b92d2b4a108b3c702cea136f6d7a
SHA1 cde25a5c0cf88f20efd227aeab1b44c701c2752c
SHA256 5977d91e68b44ef1fb06a8953229ef0083a660e6747be115bc53112c8c9f4f8b
SHA512 d7318e2ea0e53e220b49d47c3ea6becc7ee42206df9a77ae47a1f8f9aed86f5d21bad63929b50b22890e15203482fe573dd9025bc117ff5e7b2fe6e05317f08a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 78b775e08814fd6639fe281a6d4948f6
SHA1 3544c4e6272c1347874b4901e5dfd7033b81f233
SHA256 4b7389ba71e6f38da8746d6dd4a9c64025471b882ec7daa3b6acbebf7ab768cc
SHA512 59f6aba5ea3e04f34a3b574a7e4631b1d8a49f0b91d13abb07260a01c09b2876db97835db57b5cf7ad42a5380339d82c1363f5feb65871bd92d7d2bc658f81ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 bb0a2f2ffe00b6689b56d18e5148c5ce
SHA1 1b4838a3c2f34a9a3de7a07bb81c1bd2a3b584dc
SHA256 d9202b66893ce9f0709346d21b9c165e922f0093c7b7b178c64e609e3b36213d
SHA512 ae73a463c3298fc5f6feac5894e4514db84b9e963d966d7924aee4cc5cb10b416d92388d83b4dad0c718e4a5554d0aa25b64fd64c2c2d69357081bbb4b978cfc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 3429e9c2cab7fea28103def1de2f025a
SHA1 ff28c3d0473294ec89894bf7e7992b2915e0308f
SHA256 5a037d1c219abb9d026d90325dea31a1f5b10b13316333317a6c1d09a94ed8e5
SHA512 8b1d8b925bce12db1893d3a18aff3ba018124250c45ac4563768ff2fc9aa7a981db5f65f535ac6bd9e2e44a126e57e6f74f6b8375fe573b28c49ef17a58d1267

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 622228f1e68abeb5283e97f11af5c9d3
SHA1 6aaa8b59532f741d64b4a753bb1fdab6827813c1
SHA256 7ec4f69242416b729d49e41d243ff01d56a64db875072f654da69491dd87e0c4
SHA512 af394e877885369400949d03984926d516e71b8231caf5c276212b05565f63ee8bede063496618d08d1be8c51f60eed40b6999e320a8891ca54d180623931d2d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 2abaef6c396429e476b3e3c32d3d9e46
SHA1 1b599314895d6a60b4106de9f0172c46bca94055
SHA256 ffd4a56783e265111cd13f205c42260ee4f42103deedfcd42cbbe1375de66692
SHA512 aab687365d6556a6211033eff4f373ba0e172d775a6626fa05bf8034550db7a4203c45956434f5b0ff751594b223e204717a98583785c33f22d3f50844cef187

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 cde834a4c53da97560ac7d297e41f3b7
SHA1 633b3dae5d2c12e1b7eaaa173a6c2bfe44f7a5da
SHA256 661e38fb2d62a516b3c81c904b88c1bf37e62be222d8a877f0206c77c2594d62
SHA512 9620985de9ddc26aa0fb3e0f5a15660f7425aa0685b063db4fd16c4ea814646dd6838137825196e1f4302567a2b1883733bd7c84d2ab992d06a16a904c70e3d6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 e0ef1a5fccd9099139c586b74514c6e9
SHA1 8d13dddd4a122dc70b6facd140b9126c8ef872ba
SHA256 e0fb40e1361c2723bc88db322e1cc8bb8eb21e22ae5470da4d0a616bd0b130d6
SHA512 213d598ba80fac4d2f82e496b29934840d7e9026675d6c37d787ae90cb7837e0707dae4dbfa221a105ceddd0881d0dee229245ccb8179b3680b255c51fcb97ba

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f4b925e296c6a1aa623d20ac658a755f
SHA1 11bd124ea22966b59305e9372857792340f11f00
SHA256 c82e8af800f12570f53aa332c957c36d85aaaea81a5f4da7d30fdb6de1eeb348
SHA512 010bbc90a0b84e68e1c06c1df8ec90a1d17fad8fc6424fb2dfc904f609b39366f89c3fe85d94f95756fa0456c41be2385b1bf44187c10b4617c3c5c0b5596ac1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 4d67f7e4c3a82ef40913fcf219a38975
SHA1 72ac13d3bc66a2da6c2919476432392cc1d93f37
SHA256 a1edd15c14a5bd4006da71f26ebe09aeef2b144dbfcf06fd9eaf8e2ea673263e
SHA512 a8850c6b35d2abd3e4bae465ce8af3c8b2d94d4ad8908744edff104d2837a7120cb21c099338dd19ff25a55eb1047592c59b2598f4204b9a380fc6579937cc54

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 aca0a1e0944ee379779fc82858051005
SHA1 646afa9741edc9c3862142c64f143bbe46125960
SHA256 338baf73eb9835971d184fb135865bb635a78259a2dfbf9590316926afc78520
SHA512 68566c57364ee9c4ba8ada22d37876a17934e6a1939d7b181c7bf6538672ebbedb5af03bd1c24d911705e3ca0dcf3169951c37827578acf5fbb3a8a428fd9cb0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 bc0dad7e59741474ec0ad3e0f1bb1db7
SHA1 b8608c427375366de1ece0e0a11fb0f21a384965
SHA256 be80c8f446bd6151989b630b22acaddc5d58fbeb83d455e3ed460b40718de545
SHA512 d1f5a5e12d61e094a590add533ee9b21ca15f32aafabe9e143053ce75f9464dee8ac86354dd7fb73b73953d05783c4ed9f7a5fd0a6815000a4a2ae7d2760beae

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 e09ce69f322e342f9cb354cf3c0c500d
SHA1 8440854e08a34af173386e7b595d0437da28faca
SHA256 1b79b2072c68f463979a9e928ba6e2426805e285ed05ef7b57c16529a626512d
SHA512 4272e5d34f0abbf42399cb04c486f3dc6260a1550a288fa00ad973e1971bf29d7dabd9b1b8cf633349e57f1b514065be89a30e3a138643a3de05e9a86d301646

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6fe1cd8b25e50b8236f0825809d12a09
SHA1 16fbd865b7a404ada8603afdecd7dc3db548aab0
SHA256 591befd8bab41596ce3fdeb36ef63c433b5610066c625df5185e2e98bf1921e4
SHA512 d61adec0372d031b15a57ea507b6ea63462972b344ce2299aaf32615bc9489b03d5f4d06424eb7a795c4d9a79a180713e5269431302d062bd81a563d0a9bab7a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 07056607cf148240cb42c3aa6e304d86
SHA1 7073c6bebe68d3a602a0049e9940606caf2b5e7a
SHA256 df7bb5d9d9520d7798bdac8af0b732aaad31863bb0919c094b104eb16ad8b5b4
SHA512 00fbe615fe06239a7372c311992d43b0661528fd019e6dfe91b1d96c84d15d518eba16ec8f606ec7cd767a37ca33eb69248508b9376fb95acb1450e0580ecd14

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 14de704ace9ddeee2240ec266a71d9ec
SHA1 71c2f457caad843417c8bd69441176234ffdbb0d
SHA256 7b2e1b276a9d5d6a465aef707c05a4b66ae16c97671d52542125944eec9fa0cb
SHA512 4dfb4630249aa81a3e4afaed95533b9a7d57eab2a11969200f65bf90f751f4ae314d70e0b81f7749c366047fb2fae05f78f23015d07a5e90e8a8eeda92b6fced

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 0d7454bdfabdcb79541c05d9afa49bef
SHA1 0ea249844339b1fcb481cc588c7bf9419ad7aec1
SHA256 7beb45ff8de2b97561b11f899ec7f4e3fe7acf042374791a38f9aef647722099
SHA512 c20477f0aa942cd88d42e6976e9e61c26412b841495a6b03e2d5a44f5e19bd8e0a83b9059c263b229a705a5b17d6afd26e1fc5c762880818bd7cd7a1c8deb915

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c0f01c4f2917f9d210eb351d6f1af942
SHA1 2004346237986715369ce49b308e2ef61bbec9e0
SHA256 c40cfe05682d61254b0cf19d132dff54875369cce0b00ef31b7aa255ee203360
SHA512 f0e0c3e4f11b005c9243f24099886c7ba448882a8c340ab13bf07b6f1323326197c637a5f385c1fcc9e4d0b30d232a7f1e17e0223aed11d6a730b4e7b5251bbd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 598f58a690abe9adbff625c7dbe9f357
SHA1 d8671b4207ad77585605ba5f8a2d3b8928fd7375
SHA256 12c2854888e95e47e9f6864849f046161e63ffd8722a98fb3bde1c31696b9d89
SHA512 0407a9808ddcf29ba2269c84772f404a4658f49767963230cdc9c028284130cb7ad222cc6e07e3539fd6e2f40736c60d28e942456464b31d18096207418f99d8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 108f8defac917e9582bb90c3fd8c5f66
SHA1 fbf39e923c408d2d5f2be82837c3be1a814f5647
SHA256 c9f5941335158f3132d0c4170baf9316ebad15c8d374a19ec69640293716f594
SHA512 e30618227c7e277e63acc875ce3195fa10f552d793a54d2649a90fa3fd6732c8ee5f1483bf7e1e8003023a966dd7aa40dd7bb9dc70b610eb34f11f7c220831e7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 2f8161caad9d0a8be7fee65472f264c1
SHA1 acfb191a09f791fbdf77c065026bac24f4db3c9f
SHA256 0cc2932b01a16bc146c1ffe1944860ae89d1e9c12b419657787728bc7bc9d321
SHA512 f142131787997ad80e03f3d22a583051a0c32cac352f49137233ef722b84c33c796f2f9a8a4e96eaac61b24d4b19cc028dcb49e8bd6fa6d8ccad4852b7d10136

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5ae4076d5093146a9c84fb7e38dc6c5e
SHA1 7335a6d4ec3c1bfd69dd2427953b4ddb11285110
SHA256 a977b95a4e7ad72c6bb92f062aa1bde7ee03a6a355a4271943a4a8f779eae5f6
SHA512 70d5115459a9d1e41cb25fdf0e03185891f2676095b690a167de6a60f7defc6e1dfaa3c044104d3029d5f05ace570a1278ed5fd09c0a5981494c6ef8dbf395ec

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d9ba4395f5283e84e8f0d5547603849d
SHA1 777327f5e1d8440c21cce4445664c02cb37b58c3
SHA256 a274b2c1b7d04a3fd31a4abfafa2fcbc11a0a15f44c0e0e1a5df7f36b047d7b6
SHA512 45c272e6d6ff1cd995ca1f6c5e20ce7e36c7f312adf4a46995cda2ca99bad5658f660b2c3c7e8b0d837f47c1aff0e5415800964f360932365e611022adb1ac4a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2fa6d2303e7e87294efdcc7fe19d5069
SHA1 a072f10796dcd689538d1668f8de23c9dcdb04fb
SHA256 255444424257d3c958010cc42bb48ed2adf6607c1ccfc5cdeb91d42fde9040cd
SHA512 6437202277b0c62492e389b3a496d580a2cd8e16bc97117045f785b166c9dfc4e54da7d6e148a44320edc6ade23d864ea4ce75e42bc0ee9340605da091823dde

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 38a78e5a589bc116e5728b83575bb420
SHA1 1bc3c40cf31af2f6f2079cfe86b7b361c1ac9d19
SHA256 caade7ad035271e2cf3f4e6e1f511adab66dbb41d78a70013011b4d318af356e
SHA512 a756183cfbeda955a6d05c58f3d476e0b266fe5d3c9fc61181e9a38346a6e0e442126c251f43f84c4a38b9280004ec64bb37b43e55f15384aea5c29f8c0fa0b9

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 d21aba801dad301d51b3dd70cab1e0f1
SHA1 f7cac1fab9f0c570bbfd072f76d313a351c7110a
SHA256 02b3875a4cc83cc534b6223b7f14d0bb4514dca75aa95828f6fafb8296131bd0
SHA512 371407ee078cc71d72b27e5e3d48449eacc570fc6874f6533a75c6ca29e82e7c951f6ca5ecf1e51c36e9a420934983976ca26aece4676554302874b3734633be