Malware Analysis Report

2025-01-18 20:39

Sample ID 241208-k2q28atpdp
Target d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118
SHA256 7238a977cd928a62fb7979092573daf2f0ae471d58dad1706e684a7612a8e4e6
Tags
upx xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7238a977cd928a62fb7979092573daf2f0ae471d58dad1706e684a7612a8e4e6

Threat Level: Known bad

The file d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery ransomware spyware stealer

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2177) files with added filename extension

Renames multiple (2212) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-08 09:06

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-08 09:06

Reported

2024-12-08 09:08

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2212) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14580_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50B.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.HTM C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_m.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_355dd017d9254149\settings.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\1047x576black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\item_hover_floating.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\Speech Off.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\30.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\406.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\logo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-14.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Garden.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Battery Critical.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Performance\WinSAT\Clip_1080_5sec_MPEG2_HD_15mbps.mpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\PassportMask_PAL.wmv C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\buttonUp_Off.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\500-18.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Title_Trans_Scene_PAL.wmv C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-dock.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\boxed-join.avi C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\pushplaysubpicture.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\SportsMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Architecture\img16.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\passport_mask_right.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\CreateDisc\Styles\PAL\Symphony\Symphony\Symphony.psd C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square_s.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_bw120.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qeKCtQOxWv9095H.exe,0" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open\command C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qeKCtQOxWv9095H.exe" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SRTUIYIUMUTPWSH" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe"

Network

N/A

Files

memory/2336-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 aac6dc631b94e509ad1265e0e218aef2
SHA1 38f7f71d5aa0ba644d33ceafc2b26db63f2515cd
SHA256 bb10d003200f2dde6ae1cf915362f0696a3606c5c4f2d075de1ca06f97a916c9
SHA512 b6e6ad88ffbf70f0042e00ba034cdd3793e90cddd2ce4347fdd67eba0e5d978fda06398483927ebb8219b9ebabb2c7fd97f6f05c217f31a6cfa497ba2df3a6dd

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 5d24a3132a6d4ea2e5d157b7bf599ddf
SHA1 a580cd1ed4530737222d3b24130334d7f8c0273f
SHA256 7e1d374e6caa4b4f162edb28d76d3f1a3c46bfec9cc003514d7a80dd1b457f46
SHA512 8a34687d0e1ee58ebef6c5d1ee02bbb0665863dcfd04c6e905a3a4d121bd1e5945a90c87fed38fcca7716cd31a1ae5178276dee887d4fbec6ab85dd689a1113f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 7a83aab372defe0991cc8f6c783ff207
SHA1 012d60b62a0902e1100814b1b5af9bf77b2d7213
SHA256 5ffb9a03b5d8c0d2e08eefd5cac469c3ea08954b1efc87ff52afcbd64b493754
SHA512 1df542534785576fa9e1fd217e2673e40f734cb367bd11a3745935dd81c6621fe8c599f986f850d57733370af75f3edb8bbf67b96e6753a4120097b3b8035c21

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 9194d645acac63f4d5d4e8c3e2a4212f
SHA1 6521133f07dfdaa515e1cb995377c03c2447c08a
SHA256 34d61905c3466739ab251ca974dfb43b549a07dc8ae371710a589d5c9a44effc
SHA512 c7e6a6be5dd193234d8c64a4f38b5b54e5bceafbbc2bfe454756b73ef0d8a7526c522415d52dec8248047431822d60f8edf4631f6da6abcbddb54596c4c28deb

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 162e7e79c200990033dec46c7f2e3480
SHA1 88a1ba550b5918fbb56d6d041ea271499e9df6fb
SHA256 988456335190e781492afdd08429f5e72dccda2de08b90a8c0eeb9a2f5d97e66
SHA512 5f4db98afdd0f1eb6fb773730bd3e3f8d884feb4c1f66913b919519055c24b06b55dc8b10652678268280d8900863841d9847240965c28f00e4bc4dd2c1955bc

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 939e1633bdcf318d017aa5d97b09b320
SHA1 2ca73cb7a4c86964dbc7c12fc69eb91785127ff3
SHA256 39fa39cc8f1d3c4f17eff1f6566609b0c2e6ca64d0bbff76106a1b0c18ea4a46
SHA512 e26631e6a869019ec6b4b61c597630f8adb3a7009ff9aaddec748bd51965910523c6a32846209a98a9f9de9559b08b7163ae0821a0c4562c64b84aaf3440c11d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 fae29237f2d54426976894b11ef07fca
SHA1 5166dabe22ea696f26bf5eeb500928125ba00f1c
SHA256 7869e80fedc9ab2da80deec3a85400fa494db20c275742efa8f48daa47f73111
SHA512 91dcbe9f26320d28ea5fa33744cb00ad4288b9a3dbde6d06631f593c8449c2841811c23e30645c7c7cf30bc52a5836cba03c47ba1a773768e92a569f81d08236

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 b04549f9c53162457bd127371e7a3338
SHA1 1ed2841e96815f1cb40799c94a0ad10c8a82f613
SHA256 4af001ed42c5f1906494b0c656647dbc662cc4dc9456a0fcfcd0e3e1317562bc
SHA512 13e335ae207f84ed07f8821aca1fd542e1e416c4e5f16d3728747aab2fa02c3841b65f9f77eac920fc3d0fa6eb04701c88fde5f391d3f54deed0c511b7c490fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 6fff9cd80855bca5f14d611e0e1615ac
SHA1 db29d2db303236a8fe51446429d4198bdc7a9863
SHA256 56f65a59dc1e9090b7fc6f18fe3d089a0935fed13492162f5cf2811f4261b53c
SHA512 13c82fdad838db96b2b069d28d29f6846cf03354b5496109f796c10e0bc24914aa938f819b9ec50fa6dc61b0568f1f279a2821b502bacf750fd8d9be48a72218

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 5b1fa0f9f1d2a991c6f345fada64dd83
SHA1 62e40de582e06ba3bbb09d29f53c5fcbe3058dfa
SHA256 a86ca6356033a76dc0dabee80b4cf530f2373a9ee99c3d42eafeeebbcef8c866
SHA512 f02c31220d55fb5540da8efe94e81ba0eab11ccfa3e81fc2e797b9935954db21cf3d480f40af7900f5fb92ac7574aae829266ddf634c9280ee5839e1c0266fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 fbcd068c4b8427d0f8d44ed4887041d8
SHA1 05bc3c064a1f6559a9266c2d4f9f2adda01e7b88
SHA256 011fe8ae4819b5b18bb1558f31f8958c78644e12d8e4ff9cbcda51e2005af888
SHA512 db0186c861f2edc252ee8d0f24ffe727e38f8313823e69d2609b33f847005d3baf98c4b980e5a397db124a7bd0a0d677c4734289f19570175d89ccf540c1d3b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 60ef0d0ec998fb1fff6882939b9e414e
SHA1 dd25cce3c7c6e0850c5365e69512bfc145a7dbd1
SHA256 76a87a204d68900bf71a1882330fe454feb6fe0e18c88c90f23ec5eeb414a628
SHA512 b422412eb9115b566ce4dbd9fae450584d25544a7252faaa9b7210a8c5ea1545f186a3d35af0f7c184996258badfbf613e217729c82db18b876232120c0a6d57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 4933eb75ccd894f3ad54cf0c7f67e495
SHA1 48d5250eccaf9b67c40548b1e3623c34e7e82ce3
SHA256 adecb532fc21b5a7378bbe662cab1acf2d6c50f86ccda28180a2757e8a918f7a
SHA512 56565eadaac8f81a691e82d831924805e35e687de59031e6fd50b77ae32b301dc3691d8729c7ccc7bd7a3e7cfc39aee94411a8c2ff90cf95fab38b49166e465f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 7be06b9da8fdfe03f74d478dba16e673
SHA1 81d2c49f46eaa6acf3c595137f1dada9e29cad65
SHA256 995b839c82f14f24520cda23229c7a9278a53fd6245a0e8875dca4fd86320f7e
SHA512 fc1fd71a11d3e23f28b600ed540ba1809413beb77601cc678e3e8d348acc3b7ee7e596bad63970498ddf68eb5b5dd2620271e7125e94dd0de8962672b633f866

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 ee83d0a0c60790cc485ef3a456073263
SHA1 1006da91758556113171b6aed1ef2c1ac135be90
SHA256 c9e440610d1898d82462a949b4a95ef2776efadcb52e76988d62c61071869587
SHA512 47bead3a8bee2a8e1279d0859b0061f9b3641aabf525acab4f6b176d85876529a2eecf64981103a8e389b6ece97c51017c490486db6f415f72dbd4f605792e34

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 fa41fa08cad3acf1b8ae6556b9e9bcce
SHA1 536e758cdfd2fbcabcc65782431cc7414b94f47d
SHA256 46ff3cc3b0c7120c4fa43c4a2a3144863ed9774a8c7cfd4adf5f2fa63c53214c
SHA512 783b037f0360d5ab776acd4dcb240442d063a115935c6abd00abedcf3e49e2c28b7f809cc741a2cf8951716088b37f3f7e72d881ef4f5ea2ba0b2a9538b3e988

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e0a8d45a92ecb2581e564c01acdba092
SHA1 c15a0c3e6c32b52f076a07b253782cd8b70365af
SHA256 36a38a12aa23bb141a14d4a66162f0fbb714d943fcadb2dcab04b2851e097580
SHA512 521a31c7a6791f10ed3d8c8ceceb5ef5cc7f98ae937bdf1d8a92d81503b9d9a1351515ccb7396cdac79af98b8605589cc53d979b13ae41b881661f165eaf7610

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 6f44c1e5ae325ed5471bdc977359fdb6
SHA1 a75a3e4b7b73e82a3e46a3f3f129337fafc033cb
SHA256 7338075d9876ca84a1b0542192674d0f7f25d9456a32d8b8a699de569d5ba23e
SHA512 4e6ea04d1ad17c82c9f20144fedc1dfdd081851e3558ceae9f970da078f27a97573ab948f08ec2e27a20780319c0e223ab44f63aeea711595155687b7d8d7a0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 fe27aafb15dea7b27d9990188908aae3
SHA1 e5d57429e8c80d802f8ce2dab338db138f530e5d
SHA256 e8b97da7b0913d0126a024aec031edcb949ed3ed12e436e636cb334fbf3ca31f
SHA512 338d17ce815a184749496376e184481f6da0f0b8e35d8a8e1155bc175b704eeba714ee6719c799446d1cbfe54761e6d88c87fdfdf131defca3ca5ffe1e2d2311

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 1b32dd840fe21fa7ca244b942ab7d944
SHA1 c6d8e16d92cb13bd269b3cf4580730959ebf2021
SHA256 1fa319f6bf7a575e89e0572bf9f15b135e7a33eebed40b0c8f2e98ac1074a42c
SHA512 17275719dfc349610b374d4771f6e8ac20a26afcbd4f225b7f845d3c3c936c77c07bbdbaabe542722855deed5565bfd64552099646908a0da2402d943d0ce58c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 f5b580a738dbd4b0d69fd8556cc37838
SHA1 aa5bfc080dfc49236d5d4a2e16081b006c2a8899
SHA256 afa02bd3591e8dec3006fc73ae0eb4a32225db28d672af64786ec9dac4d3a420
SHA512 b5c799c816207cce88c98c67e298fd432e43366aadb6fcd2c6bf61fe0017596eb546242d2ccbb514ec3307864bf3fd88ce6930deac059d1215b79dba3e2542f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 4e6d3418975e65de9498124a3f4880fe
SHA1 00e981a154ac7bb392a98bf5587363ec6015ce21
SHA256 4a1f1ac394394c63e5bf2fc3c7ef7888433dc9561823722bd69a50a1db728262
SHA512 9ad3ecd021921d4c1dc7eb24d1f50740fa5fc2f0f62543de0fd86b0a7e39a2ad72f0d3956b574cf98a24cb88603d3f387189f665e46dd1d30a60ed1f8d6798e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 59cde175f8877fae0d3532b7418a4d9a
SHA1 09b2487fa1982dc0a32fc972933d250ff7f943d5
SHA256 025fb8820dafd7eba45e2004d0cf1acb5617a57c125c5159f6b9499f88d64c15
SHA512 ed18e45acac6dba1e0e832088aac0269741dbe4409b8c9754e6bb710beca39b3f0f46c54e95887e44e1726c65f5cb8288e610a28b5d8b928313840d98cad9fb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 91d854a71344752183e2eb95ac2ac2c1
SHA1 168dec05b0e826b2f738d84676f2af5d3c0a05c2
SHA256 13cd8c8334b99f4a4e110aebb258ac1b59c71638654cdd7a57cdd3a9db0d48c4
SHA512 03a94ab08a6bc16d4fd6561473464b18512e1a886b237f9fad1e0d5a5bc863c6ba0bdbeb9e995ae6298fd4c869bcb37aaf74b0f80af677822f2b7436a0f7e410

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 9570703bafa8f543c765869272d5d5ab
SHA1 e93c4c58810e4a5626b14993555e01b8c63c150d
SHA256 6bee7f9f52d5293ec7dd0ea6618f3cd457affb5be6f6a5ddb13bd20cf7eba4ec
SHA512 12016acb04d89cf0dd90d8b40a6e4f13df1f3274f425c0b02f380ed18857d89e3f37a43421233c2ff21bc24ed48b7e56af40d74515ed4b7cc41fc4beeceadcb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 07aaba9adbb0bf380e71ed69730df061
SHA1 c7e8198e6cf51166211592945970fc685ba83205
SHA256 3cb6046f612a3fa9b1c056e301acc1c82b83a51a9a55518ad4ade0027c45fb1b
SHA512 23e35d5ece907192c14eea2f477a0fabd4b5ca687b47d241b2ee4c8db5fdb6af21687ba8c8bd943ed7a3c1e7c17370645df4b5a1a20e7fb55349e7ec788af077

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 c10f50c3dce3c89bd5bacf5801dcb603
SHA1 465d5d5d4daf45ead77c8e31547c1b1cc489e7c1
SHA256 f850a4f27642bf88494d95e9888833b95a0c044236e223c3c1ac0215d486033a
SHA512 2c2cd69785a85d6e603148d2b32c332b3e63ffddca480433222b4f6379da79d7fc7bc7cdba2b253977daa90992ff891967fcc0b655449fa10c1756bd3d803b74

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 2d9acd6944e20f2a132fd97148598072
SHA1 c1a70f8ec56e0e17b9067d7e3fe1a3bbd6ac18f0
SHA256 a9afa81ef9576b4eb2ea1edafd6049a01755bb04a5b162a77ca34f92283de8f0
SHA512 965dc11da904139b3b0c112b0757fccf5770930b55893dfbbf9f2e334ce6ba10b6ec609526aad540b948fd7f37712484b14145a98e427fb9a1f7a2dc96c7377e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 8f3abc47d5dfaf4c795e6c5c74e76fbc
SHA1 0b5984ff07c9bbaa3fc1d94052332eb85697f4db
SHA256 07ae0ec0e4ed6329593ec8d54dd5c114bda288b38e77a5ff78940d42e60c07b1
SHA512 a23c86b7f89abd924276b673813a1a34b9296d3f7275a90a785841bb8626fd19b3b70077a87936025d2322c0aa399822fe54d04350a240cababd1e37bf4011ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 bd8dca2496f4ab49944795665aee6872
SHA1 647fb91d240fa00018c530472e5ff1ba8e07407d
SHA256 019d33386e0df1387760789e4be406264d4d6dc4aa7310b49b2cfca38f7c712f
SHA512 29d3bd2313fde9c6f1f694df3c7acc22a043018a4b673f5ba030e2ad4829dff4c0952b3d457fd6d0540b3cb969874efb0a22eea1eb60a343902d3c6207d5ca2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f6fb464fb82aa76e8d5701bf8921a310
SHA1 e8f75ab55ca7088835470233d66ae2aa39cbda66
SHA256 f4eb3f0117e3ccf8c88ed9e8a9520b8bf60080da817d20cb06d579351213028f
SHA512 0975ad79bc58cc2a3cfe7706584df82609918dd515c8541683aad8843ec276ca735b5a63ecdb1fb7f74971b8f58579b1bdb8ddcb190294f6fd761de61312a39d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8ea3a23ef9bd1b35a48e5f55cca008cc
SHA1 4880eed8fab40b7cc575382d14ac448e87d496e1
SHA256 535b25f2ebe5319b4abf0540e1a287d37e2f712e5915489e62abc77da46cb0e7
SHA512 137b29235cd84e39ef50e4fb43d526436c05bd4e3be6cfeb39677a8c6246978e59215a5a89ad5f9b1d90382386014f8f3b8e9e0c79cf3860d3a7a5c50aae55c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 526aec80491c1df17c0c80fbfadcee87
SHA1 06599b2aa94f8e0d72ddba414b13077f5537a56c
SHA256 dbf64d0eeb0a8a19ec4738afa5ea3c5a2216d5c562bf9030477b9e46e46f25c8
SHA512 2a110264985ceacfc6748dae9321b4c4393c2e970e7ccf0bd7708de95d16a077a02a24dfb96618b4a134f2391ce49cac0dec0af97200de9d49a57241d8bfc9e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 26f8a0ec2698cc2f2f4c8fe318480ab0
SHA1 ad54c522ed549d68eb77c6a416a57f02127190f1
SHA256 3039b791aed33206a215be2c04fbc31ca7800d47f8738552ebb071cdade9d573
SHA512 9890ffca9d3202eade384db70d998bfbad336adf3f6eb66427090b8a64ce890f3d98fb8d517f23b080802cb79f651a9b280211bdb000b9ed1b9955e52014564f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 78968d5b93959f3b9355ca23affb1b37
SHA1 8cd783288945f5dd26026ed99b74b550d67f5c6c
SHA256 e6d12f9737c7f5896c68c1a2c59581c2be6113126396dfdc857cdd57df587d1b
SHA512 fb0980b9c83fe03315bb3c88088e92ff6548d362076bcac5c25fa2874e2f1f3d99c2a98c4e1d1f9eaf53e92b80354bdb4181cfabb2dd191500c84554228943c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 daa82d325f2e9ae9dc0f958bab44cafa
SHA1 8d77f8f6c76ee1bbdada026f1b2e895589039d39
SHA256 014547558f9419a7c5256185708301df34d967d05ba245bd8c1562ef668cbf72
SHA512 ab52605cf9ba34f5019b0717aeafce0725083dbfe0bd2fbc5a34a1c9208dca62eaed82f571178180cdd12d87525048b27ec6df517088f991c17a9e959d90eaed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 196ad7767d10fdcff64a049d6b8917e4
SHA1 e05f242cc20143954b3f6e7cd3044e5f05051c1c
SHA256 9703cfd9ff511e199b474e95c6926183165bc6e2440a9cec60c33171dbd636a6
SHA512 e5b3d74b0dc2de46cdc4ae681db64c2f6446ef04a3047385148f54bb67c77b58d14d8d982f87ed8fd0e859399b3ee31292f609c76a7ae977f76b19fce77b8990

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e89a67318e699593bf9f087ab024ed47
SHA1 fcbe49890bc1257b604238cdd44c9ceba893ce65
SHA256 4cc31ef1b8fce268b8cd9f9e0b6629684fd8c44ecd64a01bd20b1d221da01885
SHA512 ad585d166b784df890df600eeb982605c03f0761814ae90a3db8dc5381dd6ab921d4b3821a92ee5c13c83d0937b7db89afaccba6c25f60cfc0ad4dbaeb9613cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 ae083521d7cf862e573621f9916cf2d0
SHA1 f5efb1b95bdd71bebc5e401200d7daf73c61cc31
SHA256 459edd621702c3ddfc8bbef42be6bc29d40367d4fa8c3410601e729f507a75f2
SHA512 9b8713d12b548bc3c9aa7fd29930e63a2594b2e267393bf79b22a3ca3f7161cb5c3cc4b4749f20c17c6b9a37978ce5925fbd004860645cfab8312b0f22a63c14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 c981c75a7d3c8ef9b626c9850448c8f0
SHA1 0bdd795a64c1756a850d3724b40f2467654000b0
SHA256 b78e8559e5b4b896c088a987cb3505e749f485e10e7e23af54679d0d8d38db95
SHA512 640a124a83ecadb7238efeaf9c63f6020bfbc073399d22b143da3239b7ffddeb90c4d5f9eb10590c5b322d6cb33b73cf31b2085546bfa7bf70a322d38b5bd96a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 afc2c7e2d9cacc26121e81a567698d05
SHA1 af9489bbf752d6808a658fb8c33bc49fc8b7443d
SHA256 eef7223ad8393268c3874d8dd82d4209fcb2d9d63d3a841fb4bc65bdce3bd9a9
SHA512 5af0664a7bd8b3577a48b9bae669da792fbb1639c6a71a352613b2d81ec4c4613a7411d11f7929d25aa3ad64a29ecce33dd9528127478c2563773e1b23edbc2d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 46392285b1c8d0b067ad385022994af6
SHA1 7ab042974540671a9a0efa6777af3ed19daadb7c
SHA256 feff098f3de8e7acd5a8af2f8194eb068259432e7034e6a81c7b25d331ba3c0a
SHA512 f1f95812ec41647892067864d6f9754d556ae08eec8ba5606874354714fb6b7d7fb3225eea8909f596f90717493d9cba0f6fe37ffaff242ac2b6dc412ee4726e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 3309e79ff09a00a74410ef125b7debe2
SHA1 98cf2bb7dccc716cf0137f1b4bdd1857d7054bbb
SHA256 7e57dde5410746d0dcf338630b92ac55b48dc20d843250bfff9bb8d22832920c
SHA512 29f3989550a072ab631ca83445558803b567fb28ae7e0b881cf21514a1e265ba914f3154d26b1b922f4684ffc910dae204802dd9adba168bf31555ecce7c9901

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 ab1ea6e97c1d2c7afa76fbf8cb9df1b1
SHA1 84861ce48bcb8d0100be8c4d4580a061abf3decf
SHA256 72f8644ff238cd5c851897d983cad7752842a198b3ab46cddcfc74adc6bc43de
SHA512 5684795b2860de904012dd52f7a99c0624949a3696f5d1e2fcc26dc9c8e4b15cab919064fad4df9e0ff0a3851b2bad7b48ea4f7ea6b28255a88a7a9d413267dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 f5afcc651c240a278a4b5da4ee781158
SHA1 a7c58e11f22e0152a8a8844bbebfd1b24ddedaf8
SHA256 7f24719a532d253b20279c1e0e7d47153108cd5344a550c3a97cbfb40765372e
SHA512 8bdd9bf14c67345ae50fd88a5c907c99e3c6370798af23574c1e0135cdd08aea5866b2036b028439d1a493c2a6a1228a21d105c0a462dedcfc76b705024dbe18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 2d74059f1538b6f756dcc6721975b3b2
SHA1 4f98d5d459f4260ff0609ead2808648c32c4fd46
SHA256 a9f40c5a68329d8151bf89841ea76af749aa83e276de6c3ae2d399440583cba8
SHA512 76168ef37920214ab35d86c106fe5c9633414710a57a5b9d72f24c10900e7e955fd6b4c0efbe51f51a2824e2723b1e741ed72d42e96315267683f21b236c0f65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 156f9b4239f74042f61be295d1cf2fe3
SHA1 6bac277ebf04331238fa20b82dadaa3dbb236a11
SHA256 a0db355632dff7eaafa260787d47163b0db2bd87943fb5ed4d35f0a71c328eb2
SHA512 a9442679fbab444bb271a8af21d0cccf2d60762a045b06bfd4e890bb1285e1177af83ccb8d8600b080842867158dba31a99cabb84acca907e85cf984679591c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 f075c911e422ece5a463eb1cda5c0da0
SHA1 af84b00c9e7dcccf37bf93edb546bb8eb9f19020
SHA256 25a5bd764dd32ffd93c6595f0327a680914ca42f848125a01bae166dc6802c7c
SHA512 9382e025b12490626f0772ce9134b69975ed739519de22bbceabb816413c07ca44ca229b74db4c6c55f9655d0e2b6ca0a538123c28d791d299afe60a4d825054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 4a44e196da65a05c219568f53befa217
SHA1 6e0df6e7e7dc2a2398ac955ca0bbab0b7907bed3
SHA256 4dd559178190cea8873581eea0688f4141b0273b3faf414a23edc51ec756d8e0
SHA512 405842604fc3e2473972df9eb2eefa58573af2e2c817df720841499beb3e8784a6819a64138326b7fa8629b2ff3ec1f30c9bcf412078ab17a44b286b26b9f88e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 8dadf2d07b255df4ada5795dfa7f967e
SHA1 f222462d4814d11630ce5173419fc779fc72e286
SHA256 62fa0b68095f79f2f9c22a95e915ac6ebe7e15928e3d7efc32f00e6466c4b88a
SHA512 b648e0dc415b4705816b4b3d094c3037640485d31efa5fe40cc48db81a3960b45b61bb470c8fa57942659aa115c9eb376cb1e46a37b42e0dbebea6aadd32d229

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 f8d5742cf8ba2342bcb9da4fe0265b8f
SHA1 005a21948eae4357c61f52ad16c921b5ffe958b3
SHA256 3b319d302cf44e3cde43d5b236323ca32f7c353d6e5a6ca4ac187b5a4b8d53f9
SHA512 c926215204e94455b78492b15693172ca8eb40c2f73f5046a7497ce202be690818d7d97008d82d645052c9534ef9be77294e7a44315f3fcecbfccc314f90f5aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 330048ad29c8f52762395ece3cf0b671
SHA1 6eae69f561e0ba0650e6c4ee194d2884427488af
SHA256 224881b950a53f676f56208a47a203115576f9d254c651b3023eaac15707b0d6
SHA512 345a2dd1ed6e4104985b5a6e21252224e36602c817fa875c6254be1f8f16ff97b6927ad671bbee72edaf2505aa5f504205b882b8645c0246850e3bac46621fda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 b4b1b61ffa9e56fdb20a5abb91f9ee9a
SHA1 5b70179e1a5a7c395c92f7c5b6a9e133df4da612
SHA256 c07afe84ccb69a82268aeb58b0aae7e0d27778c80ef1bd7fc6fb78de16956f68
SHA512 0c80347f34f86c76a78f62671c82314466c6f7ba1e7f8085120479e979a2d2986d1ba489f21e77d91a0b3df2c0d381a34a4aa3267ad50586fa84c05314e8fff9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 3704b174a30d2d13192643521636b175
SHA1 1821dd80a59d360b40c89dcb8a219ec00ed76e76
SHA256 8ae77cc75f6bac67688c4de7aad402ee7fa2b87597be57234f118767a44c40ca
SHA512 0bd1ab14101691f9aa317d565ece9d7cc95391e32c7e333706e7f2ac5904eff6741a489e45bee2b272c434c5d16ad55b9d5a57f92586fcc06bd7b5379f8d67dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 422e997f14436a62f3930dbdbd538bab
SHA1 e8f78b0967a0dda7386bdc13c343f0b6050cc47d
SHA256 1461a9a846e081c8cc01e07419f3ec43c676ac8a5afb743c0c712895dc577f4e
SHA512 1c1712c8e5d783455394fa4fe775d5da1c62eebecbb4cb9e20a4f0ece532ccd734084c52ea5c01720a549f76fe5b6ac12d50d580bcde838478e08f479d5408c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 bdb067fa46652ed48c00eabf26b6ee9b
SHA1 2479835e89cfa1c7bfb6c63a20c25ed8866ebe5a
SHA256 199e19ea5d84ed8fc9e1bde5c9dc88e25e8883287ff1976d66da6fbe99e4b4d8
SHA512 3d1c01916d415ca6483ae761ade21c7e10293d9f0aa7ac889965d37452d1d5b71e87566408df51a624ec293c5ba6cd04a8592b30ea8e8a66a126f1b0802aabcb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 b435eaf1cfa9eaaa80338f5518e6968a
SHA1 cffc577502c659011a11dea850fbadb27d8a3426
SHA256 b13a95117e4698f6c4dc5eee0b47f5736734d4199cce0419d7077666c4e97087
SHA512 511916ba4410f0a5322554bcbc9fb47a59d7ea0de8973d2d0d370bea14f22533b75a8f9dfa05cc00fda284e94a09349b3f53750f73af6b34b161a806cf1d5d78

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 aeb90935ac86e280217b62560c8e641d
SHA1 f6e7c5d5b556cb56f352fafb7d33661a167f4427
SHA256 ad56f4556d08fecd127869d6ff397ec9919a64ed574ec7f2a78665a5ceed315d
SHA512 6e4940c35b42061883c59262231ef3ab9c0b4ff02a7fbf4e792a0bc8f205d187239cb3f1414f27a1aa651df6b68158b1cd67dfb0936acb6e5659184d3ca0218e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 2178071c1659d2c5bd7e9b3667d4bc2f
SHA1 a1a31fe204cd54a67e6b15c8f02e17bee9fae346
SHA256 a8c43375495ce750d4a264a18e8560ae78774b4fbc4e5cbfff8756d80829cacf
SHA512 bfcd18ac746aa216f29c852347f61efe43fc8b7e14597ffa55aa94d180310923256ea56cc9c6878b091208bc727feb51f0300e6d3f2729a25ae5456dc70a6102

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 ea3ab8c86d7967254ad8066b3832651e
SHA1 1f69db22563104f5c16dcd96c9f580960bbdd223
SHA256 db6d07d70fc4104c5409cfad862e54c0440c73a6e1b280eeff0d84c9b1fd0f36
SHA512 15dccd85c0d7b5b5b12297a2d9dde2396e6c29396e5bd43ba7826c496620b9e59918253591e28390c1591ffc43f2b3d7db0c68a1ef100c28b757496b0fe8b919

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 2ba99a99960154e550ae8dfcf905fcde
SHA1 d022ea06195dc4aedd806a348d269f3c4f227851
SHA256 6a6ef6e3e9b430f193bffbd62367d713a76355edab3a325b47c835684411280d
SHA512 3e385c2f69ddd1eb583761d58ad095b2fa5bb6ff2aeacad88647e6413333a9e37692501f33e3f5e2b060bd516b19a0d7d45d23d92d2447b182f7f748c1472824

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 2e23376acd25f12268b3014977f6cc68
SHA1 f020a8b95e63d4b161926da85e330f9883ad037b
SHA256 ad8f49f30fe7c342ca0cc019df56915690a3f22186c13adf04645aceac3b16c5
SHA512 d1feb7772531ebe513a7e70a1307a4d89d2497afb0beb95e8832422b7329640bcd277d8fe5928f0b3e96440a18a9c680dd64c76ad181d7846e9991051aa3cb15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 302a25754a16510ab08e11fde77fb83d
SHA1 5b5d6022329e50edca0ed76d7e7830a8214a0f40
SHA256 d02028bfce378ddc89bee37173f698d4eb81256b63eebe13f704792e0b82274b
SHA512 50368cadbfa9cf8b7fb998e6f411873be997e914f66032e4994a0552648b4d8662caf3c312ef99c1120525a7fc5bc91896e82599672c0609720747d4623bc1ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 cc4fa183c83f4ae5d5f1b162833f70c7
SHA1 d20c572b80478cf77e6aaf3d4289883d3f9f8445
SHA256 74d534e283594ee7f59a500998a7d5084a121b9ff57ef162cf81e8de63806907
SHA512 77d8596475e763103b01262e361005641d2dfc173f950ec1240f0c9accf127b0a523a519f25d6c0c9461e72e7559cc120bbbc6ee23295b5b955c18858784dfef

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 cfa03c001ece8abdc34ee3405a3695f8
SHA1 ae01f89ebcdad8cef5ecd0ff16dcf08c60f1d895
SHA256 1944806c8348764de103d99e904aeeb4c7fb08a6bb7ab72eaeb1270cddf96914
SHA512 b5486de744d097c97778c5f692f985292dc203ff1bab571688744ef8c36a81ead7c4dd8068b742219da307a541d76be425e5b785305878e876120a5117d7673a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 db03cb7a2f3679e11c9915c1f28b60d3
SHA1 ca11a5eb8bb4fc8062c2237ccf4214759aea587e
SHA256 b52f0d09c6ee08c6f77940fc7c49a5bad551039e8f03858a0021da098a104bc6
SHA512 cef5db909162fdc99bd3ccec498ce54f4769d61c648fdcb6fd44c3f46761549e1588eaa4973f830aae5060dee914687d77515249ad2512babdf9fef58d6e2180

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ef47d9a8f92d3fc6d42b022cb11ff63c
SHA1 4d2ee6271a1f564becc3b50861192b9bc2d710a0
SHA256 57dea52e26cedcd53763497201d385ebdb9eba88d36cd54270e878141a79570a
SHA512 6305f37501d1f5748a17f29ab2953ed3e2cb2c4aface362f787f02ed67eaaa62a710ff71506b926e611574c998c446a665cccc833f53208fce896fadb19b221c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 efff91ca01701e4f25cbfeb1a2667cee
SHA1 7a9caa9334c9ce080a784ca15c74cbcb6fe2d2f2
SHA256 e0bbe01dfdec5809492b1f43a085667f8a71c8ed55af1077f01cd520ec7da227
SHA512 a121bc55fd6de21c40e4138787967d26eb120c075c536be924e57dbacbbc2d719fb1ac51cf9a7052d748262aa31d1a9194368988d772599c547768f0cdad1514

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 ab40dcab51b2955480c2359277733de6
SHA1 6d137c44f1ca24eef07196241a56571a3441d229
SHA256 51d045b6706f69945b66690986a745ff8eafe824911a4fdaa7e2f0e177cdc279
SHA512 804cc62a3cc0c3291087f1a4f8394ae1ba2c5e83d25dcc81f0200328cf203a89fc38f36b4df02b0c1909b4e3aa13643ec0d63703365aa0770e343ba9471764ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 fec828a807f4564f143ff76ff9fd8483
SHA1 7a8bc21c407556215d7a1615f22b1d361b98bd49
SHA256 de680d50f0a29a5541273cc9f333dddf59bc62370443ce89b0ead394f606dad3
SHA512 247260c1db8ffacd02472c2b92c198bea141899aae5b7484f1a376e9f8f20a49ff049564ac1bd89b6c94935a7f18f0ffc65d67e872d27e311ccbdb336a46c7f0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 5758f30cdf8028468ad333b219c01191
SHA1 53b0adaa8ee98d84e17384fc4796b785d4d030a7
SHA256 c777af9291e223b55cc91c8ceeb296765ecaff33d5b7b82933bc272b71bb851f
SHA512 72382b80ef56524cdfa0c4185f453aafc496480f399cf7eecf9b51444225486dee076ed03b9757834485e5ca3cb2ed29ffacf3a435e68b8d5391d73b69bb17ce

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8157f7a7e6171f19f751fffedf37293d
SHA1 3c86dfa7a8b8e4eb90942aa193d94d59df299879
SHA256 d220e46cc014861720bd786c1a120988a79aaee83eb619deefc0b9296333f8d1
SHA512 c9d06fbe004c712a28a97402265df6d90ef1cbcd5d7e3f44be4aa15932382ec57ed733d1ccde4bfdcba7e345b2a2eff9c47fd9b8c2fa23221a528653ee5b5f0f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b93933a186bace5a563ab13f28eed71e
SHA1 fd357936ddf71fa05689b51680130e8822b5491d
SHA256 7787f759658a421945059c389b32e8413927221d6355aad04d9c4e6ea76383e4
SHA512 2d48bf6d622201fad0cd3800cde08ce9a85ba1321b458493e64205eb2fd8de3051a415f0615e40081219e2ccb9c8572e79a87b27c4964d9300b41640c822a4e2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ac3758b250653dbae200614dcc20054e
SHA1 423fbc008577bcc944451a828fbc188eabac7b48
SHA256 1e386fff514d86a42de994f5ce0cef721f2957b90ce6ea90501f6db62804c794
SHA512 e546a28af7417363fe426470dbd1078671d39b75379619a3ad0b0bf849aab37c797d95fcbfc815d22f487f904cd708712c11c78a3616f00265f89be02152104f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 54af78b9059c9f28072e97e18fd1bed2
SHA1 4cec7767b7c64bf093fb171d84cfeb4c9288d6f1
SHA256 f8a8cee58f82b06132c5fe3d2f3f0be9281d164698f466520d70b3dbc44137fd
SHA512 d8354446f3310613c3dee955858c482e648bb76222211d1f46a01067bedfa3fcf14db2e43d3b46e614030eeaf782ee6a8f9a5825abb0f008439ef1592b78f880

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 48f1d6594216b62f99b03a5fae9040db
SHA1 5f45581aa01919b55028ab19e82476b15fa66dc0
SHA256 41ad552daa57f9ad077442ed67d9b4e2a1d8bb43f62d1e079bbdf390ab348caf
SHA512 9a417e030378b1df0db2a1b02c52d0b12a5167ddcf959e437fb09dddc70a0dadb20ee18cc5905cddbd188da5e2ec8b60693f8ce7f6bca0057327dec6a915c9cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 68db958b9a2ba1528f02f1b92af973a2
SHA1 f718b45b45a8b0bcc5f0a053721522a74443c3e2
SHA256 027533ef3663fc5f6c247a04fc98d1df7d8f0bdca1972c1967c9897028bb57d6
SHA512 f66dda6d5af085311152847434da98f5c213425dbb12aae4bce68bff0662a285d4909ab0b13f9fe0ffc05b6bbd86d86af8f862456d6c72487177df57eda9727b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 8116826c10a0723e5234a660b33dccd3
SHA1 defd21efc7b0ec9f5ff635a03a3bace1e5729277
SHA256 d8b286b3ee984a9d8e55f8501e4d0a72d7ed8bbff6bf93dcc197a971d6106eee
SHA512 9c9b15ef51004bab9d86d467a9b49bb8147c54de559af11d409fec9d42f78be2456dbe8312ac5057868609a5faed13eef5efab3b6c02dfa2fe874f346485adb0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 05c3b5222a31ca7823298c839c176497
SHA1 107aaee28137f4b5933bed34c41b80d7f14d8d99
SHA256 8d68c1a562b375fe773889d534adce635f45c0d323b8833e9c6a132ef0ad54a5
SHA512 ac852c390d226a849fdf0e90c038188c4798198edb8c0515a2bb37eb3e91563541a0e75e062300509a849eb4cccb804230880a1b26a9fc99131c1a836af7d374

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e788c6a63e1234886f973a984c345ee0
SHA1 ab96c1c8e80b63b58d2f253452dd5eb3df9a05dd
SHA256 c23017feda98bb6393bed24cbad02ce61b7f4b2ac4326d348090cdae6c990e5b
SHA512 9e8c1b03193892149e08ce07f935e673f12514961bf298e0fdc3133ac3323ba6f6b6075c028199c25418aaf2f3fbe18c7edee9fc4069aaf9e53dcb2cb29c715b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 6b5dab2eaf8c484de58283691f665b77
SHA1 971c9a8140c2c14ec436d84c5cffeccc79314a46
SHA256 8866463fffe6d23f3e2dd9998949b26b90a38f04a13cf8d551daf6c8579079d5
SHA512 aa54cd40db1834c70d0b41ff6f7a9730540447d4bb6aece7db94cf9f9e3e9d3201de80cdf63ac68bcd538cc792ee6f35e5c7791050e594f43ba424eb7d26f96a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a6459da35efe3a6d45898e8c205ab015
SHA1 3cf9b43b412a75202ed827351e2151ce972d5abd
SHA256 2a8e8a056a9d7d42b19ef25e0a7ea173c9b43b0ae446fb92e61350f1afe1fe8d
SHA512 25e269286b0f32e376bec2468252e3dec85c1bc33099919165bdf1b5fa25dd9e9a6c0c23a562f8f6c5c1adf44ee663db33690c38023b4ff8fc96f7691b041fa1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 8fc4b733b6f15dda24336d67ac01665c
SHA1 7c845edd1a454f7300684711918f519f8d6d54a8
SHA256 5c92bf70c385ce5269137ec3005d4621813f5ee7d8e2f1234612227831167001
SHA512 f1acd926645df51a19bc68c8722972a011783702191bd19bf0e1b9f9b8c503bbe08d513c09d2877e2aea9454cd69d8ef858aaba753079a5c894974130208a2df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 4adfcd10a54f66b99e0be581cb6e7ee0
SHA1 20b5e3b445920d113c722e0b1abe22a9ebd349d2
SHA256 8e2508dbaae5044e7a309c3005962158b59533b26892f1338e0c5fdeb09cee16
SHA512 0fcbfd5444ef47e3b68584a2da83d87faddea0ab0c976786f32c84f940f6b412c4fdb91ea1909edfeca7bf4a078c0a40e5c7d325a775e05fea9ba260e271716d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 e0f5968bb5921d0b18a146f8da5e6cbd
SHA1 1ad771c6f801e8f094659c3485f21a1f41286641
SHA256 19f61530cc1ad1104001c85a8c28c79d04c9c98efbba8eaa92a3508a4150b134
SHA512 274a76945f1be8a342fb2c9088e29fdbc7371d958ded4dece79a66eb6d6a649bd369714c4b2ae05928e35684502f829b28470491bf6ba1fe8a4a5d8d93ecbe74

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0e5b3695062aedb22410a37517b5d320
SHA1 74db0ce159b35a3e43cc422488eb1ea7a663f19b
SHA256 37dd44d673663ad74c5ee96e4aae7bcae6233ea02369c49a6a767680b8724fd4
SHA512 e7824ceb03883f198a1fb24a2712eb904629d8961b7bc52897f62241f7e7fb868c81aaee0ca84fafc9442eafcc964745f7691e81c079969e9a8b9cfb64159afc

memory/2336-4393-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2336-4394-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2336-4395-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2336-4398-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-08 09:06

Reported

2024-12-08 09:08

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2177) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_MouseEar.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125_contrast-high.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\[email protected] C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_pattern_RHP.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\core_icons.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\3.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateVertically.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\profilePic.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-30.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v2.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlInnerCircleHover.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\7px.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_32x32x32.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookAccount.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\PackageLogo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\nub.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\50.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Mocking.help.txt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\5.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Web\4K\Wallpaper\Windows\img0_1024x768.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\404-8.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\columnmove.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.1_none_51facbaf4051768b\Performance Monitor.lnk C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\recycle.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.1_none_ce10e80fc93afe5c\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\DefaultSystemNotification.scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\http_410.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\pdferrormfnotfound.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1202_none_d081f9868ac0a804\Error.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\405.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\common-header-template.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\alphaColorBar.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\deleteAll.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\http_501.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\ComputerToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-healthcenter_31bf3856ad364e35_10.0.19041.1_none_614e2fb703320228\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Wide310x150Logo.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\cursor_default.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\unSelectedTab_leftCorner.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\TextReply.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobelocalngc-main.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.1_none_484e61e96e69ac70\Square44x44Logo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square71x71Logo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\SplashScreen.Theme-Dark_Scale-140.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_83b794e5516730a0\Square150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.423_none_62aeb4079e61ade0\n\officehub71x71.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\servbusy.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_27faaee495997877\help.jpg C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\sspr-frame-template.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\RestrictBackgroundData.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Assets\Square150x150Logo.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\KeyboardSystemToastIcon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsCloudIcon.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\http_400.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.scale-150_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\500-13.htm C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\htmlfileicon.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\needhvsi.html C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Light_Scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\Snooze_80.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.1_none_44197b0fdd55f562\SmallLogo.Theme-Light_Scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_edda8130b19d4286\Splashscreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open\command C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qeKCtQOxWv9095H.exe" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SRTUIYIUMUTPWSH" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qeKCtQOxWv9095H.exe,0" C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SRTUIYIUMUTPWSH\shell\open C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d64442e8a7be93d9483ed74af2e9550f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/3320-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 aac6dc631b94e509ad1265e0e218aef2
SHA1 38f7f71d5aa0ba644d33ceafc2b26db63f2515cd
SHA256 bb10d003200f2dde6ae1cf915362f0696a3606c5c4f2d075de1ca06f97a916c9
SHA512 b6e6ad88ffbf70f0042e00ba034cdd3793e90cddd2ce4347fdd67eba0e5d978fda06398483927ebb8219b9ebabb2c7fd97f6f05c217f31a6cfa497ba2df3a6dd

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1cb5fc74141b5e7e382cd64c0ba05675
SHA1 e456e9f2bf02d877e418d3d81e7e9775719929bc
SHA256 b013b4b7b4c5c9fdda293f4b3d67517c7fc87e765a8a3664b19823e72fc4ffdb
SHA512 8cc31d461a6c745735321a68663b21cf75f7b9fae164393e0bc102bfa68367622b7e0b1860548f4748f331f7a710b6d1acbb3109c0c204cb1b0dc989dfe9f1e8

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 a774048b08c45bc1a9c78506db63fdc6
SHA1 92c88d197a05d73bd857f375f6483231f35c91e1
SHA256 bedc9a91c189fd9d5cff25b16a6666c5cfc0056791f826cec22534b912d1a67a
SHA512 eb19588fed056767049e13232119c1b7ff6d17e3d4e1797f2c9ed5058197ad59bba1f93e8969ec973cb75b12ad58842ff71b5130597c614fad9119d1b1c16e33

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 13d6748e8c7a907c16c01ec13d2550e1
SHA1 497405acd555e9bde04fcc94909ef03e0aae37b6
SHA256 788d59bea4a00178f33a80359240af24b91a1cb5c9f215f1324e2034afa8ab11
SHA512 6ee248ca17eb3f9f4cebb38929058957cffb3d80e30a79b5a5ae6c2503845b63953e7cbaf7cb1e087db2bcddaff7956befb969a330543f09be8e34798977fe3f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 ff384ec0a4f02ab8eb042fb0610db2c2
SHA1 139579ed2978f7bc3b14b1872cbca186382881fe
SHA256 616b6bd43dff8150e6409d8d8127cea75c5b9edf267c520b84b6a42cf46fefc8
SHA512 9ac31d6e499277cfc190de82c4a95df2d91510b1d897e6e47ba4051d97baffeb973a1cafe2590b2d9fca821f69d0645a92aa46937b1e8dc22348f2fa3ec0d108

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 5f608d0fc447891c67331ea22d34b210
SHA1 3ba67bd79c155f90c17a6539050281a79270face
SHA256 6287964ffadc072ca6a6081ce167e2e73d8cb1182f81f80cf907eb022ceb5d6b
SHA512 a0d8ae55e4c635c923a631db09cbff75dfdecfaad2ce891c7ab66ece73c69f8e6fe9e3152d9eb29ad3662afb74cbe22a87cb96fa2200e1e96b5098bce02ca700

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 37204cfecac071540a2672d33bc4901f
SHA1 3932f7a51715b276a624a9ce47afa873c0ee29a6
SHA256 2c13e0a3574eafb37afd51bbb49025f540192a4f1807c2487d06c63339ebe1c7
SHA512 b70f7300737df1d4e2493bd8f5c30e85bf9f616a92eaa65d28bc83baf15a76ee8ca9947cda016f99209a9958cdb440448e2dad3fd4e9eab353f652087c6c2346

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 7fc57945abc3f52eb219f83e3ffbac8f
SHA1 cd5ef408431d8fac0ca584e7aef392fff060b556
SHA256 da5fd1d68de1e9f10d5a0b3d0fe349cebfa3ca9e2748048d90ba74a3504d0a21
SHA512 c3718c4625a795de863fa33c99a5d7be4a3f26e9d46d91de1576094dc23fc791d846ca9aef5d99de1711e3e01b230e2df320186098fd6f1704b3ea3819fe7eaa

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 06c774b01dc7b534286cfa90a922094c
SHA1 b0e1183815ec1360f7387bec4abc0b4b204a107a
SHA256 6d809898c383b9c95188f40f7fe982b33f909b5cd2adf231179d864baf36bfb5
SHA512 75eebee91beb8ff9bb3f01f5d41bc3e995e19219c66fd2c039e0ff59b0e23306a9dc8ed35c6dce958d3bc951bc544cb01cc15441c894dbe19ce3f323230a81c5

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 864d73dd8c1c73fb562e76340c335a06
SHA1 62c4da55e88c88ae9e40653e3f92dbc871f501d6
SHA256 45036b84a191a4ef509ae18afba365ef34fd4c0e612efdff4ad5628ba3f60b97
SHA512 2f1826ebdb58ccf8feb3eafceca004a976a8813bccdaf1061963b0a2182b23d1757c53cde43b64c211c1c588a051e85fc2b47141d1de3696798bf2bcd92e1efc

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 55bd47942013f4ccc62b31fa5fbebafd
SHA1 ddc621bc39d3889bec0e93322a1fc6f1f273fce5
SHA256 63f7ec13447ec8ae0d020acdf8ea486ada388d30d65d6ac28d3909ed77cec392
SHA512 9702eca5a19da508e85fcb5ea571250e4deae2cf133f22250614eed79dbecb8e37c50d53b8e923a43f228d22f80c26c30e43aa8bb93035b1afc0c3cd3cdce9df

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 daf92a1ce14881ab7d38fb31fc0bab4e
SHA1 a0ea9c51bfdd8fc499976f774060eae675c205aa
SHA256 1549260c2958a862aac0998a0767e241fa30402fc6f139f178245fcf8b4a6208
SHA512 33d4915998259f03c21de77e2952d5649b05e71f7417599fffc48efd76d68493fcf8f9c2f6ba9c2a9c80c81e5e7115370ec02a8290ebff2ba0b325a30e2c7688

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 b41d9d7d77751f48507b24651ebfeac6
SHA1 351ae36bfdbae2ac83f8edbd21fda8dc7baf0063
SHA256 d208d79572a5aa0d4a1653bbcb03f24764518c2470d7ea8291e38651470f8978
SHA512 d56c0a2c1fe863b34f6c1547fee14f9c63e370946db897e07a0ec9cfb9c1124b4ff026a41adf7965f4dc0a0b4358b249c86832d132cbe604ad22e349a6dbff2a

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 8fc361269fb93fa04772e6686c63a596
SHA1 90310126ec93c854adf1d9950b87333bb893bb36
SHA256 befdcaae594482b5085ec0add7f56c778e8f7bb984882af5f0b82b9fe4c9fd0f
SHA512 3290551903461b61c0bb159e087995e47426f67b6b00f96d530088dc60cad35903a54847ef080ce921702bd1bf226f6d7b316fc6195fa4e7f5cab7ea156723c1

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 811b82cc65f9612a08e777be5e75330d
SHA1 6e137e579d14892d8848165d43eaea493b2b1b62
SHA256 d33cecda974dcb7a72de0d51fe0da103960877aeae4007bd9be27761cf9ee075
SHA512 8fbe84e0bfb609b96d800f66ca7a9023ff7ca7f2d04bf98340ef70f6df4d0a6f99d46114d11b6005e92654957b755ecea194c490d6d2ddae666b89c75ad7fbc4

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 486c5aa57e1e23285229d07ec48891e2
SHA1 cd991ba934bf747b2c3750da44c4af8da6d74cdd
SHA256 16fd79bfd9ce7797c1af683469992bedb4a9eaaf9f40e4769bf9d1ccd8850870
SHA512 c2f6d097fa2037aff0a64bd7e3272fcb21f4ef7fcbdf1754c7811a9bbe85f4a5ad35a343e5c4a791fb943a6d9a49b5ffc92c15b0d83006bd535558a20ad140d8

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 9de94a19b611833cce93aa28ae6c0312
SHA1 abc16993e02c8a85032ad915bf93d764972c5930
SHA256 6cfe940bf42ceb95d49439e227eb0841f8c79f11a6f2f9019e51e62fd813a801
SHA512 b9ae0f566419408c9449a98b75dbaf68bf51688adc10858afe97f23b98acb146347e96a0174c338bd85b8bee4d03d98071cc47248336d03b4f3b0fb831693695

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 95daa205b909042302a84d82f969f448
SHA1 c51d66936a90567832b6488dd6f22306d0c79289
SHA256 cfbbe35a71b5e909aa450b528f6043f72e330cdeb8012acba2718681faea5305
SHA512 4782cf1984836081fded31ac8fc2e03b28ab4a9e21f7af409a46952cf6f2d11e757ec05c9eea3ef8bb9225bb84f79f29432f3ff71ad769c2c5daa85a2963ec4a

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 5c28e6e903c28a27ea2f79b4f8ec5c42
SHA1 e2a1e6cf57b9c9982f596e98aedf99124ab85147
SHA256 0764fb7efad9e73857938bcebaae5c768d1f98d682eab647f36fa69bbb473fe8
SHA512 64451833b9136ad934f98404d05022f4b19b16474edb540ada432aec71f30fcfe15f9e9595e63aa0c58f2286974bb35de0f14fa7f4a32864134852f5b9f11e83

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 1eb63e3494255e185be0fea57c9bb32c
SHA1 516fac537793ab452821e3d9e73aad3e033f45f5
SHA256 63beb712be5e5dae34bcea373dc3b88637f0c9d98956dfa19e662dbd8985d733
SHA512 ee842b088057c5afe54f42535c2bd79ba0d68f214beafce4f5b912b4b31f04e9aab31ec591be24e45f786d84500cbd0a4b15e4aaf6b9938f1e84afe3f5132d0f

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 bcedcadf7a3de0e690b4fea4d7941529
SHA1 1991ca5cde367c4f9f50fdeb67d2724395b00aed
SHA256 894a4758f2e17b238374484fb8080922cfea3ed42287819f2b7771023955137d
SHA512 020af8cdce7df3bf9e2485c0b8f21154ac17653d1ba94cb319eb125a8b5f6664dea20fdf614b0db3a6f50639b850586bdc8369d9a1bd274e6efa65fcb9e4e04c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 905263ede143a7439dcad47d30e4862f
SHA1 2f538af6d3c7981c1c90d836646abae9c631d8c5
SHA256 a6501229083be492a7e5a8d92e6b4cc5b667fe19e9351a8e20fdd4ce433b272a
SHA512 306160be64a8166d311f423d2a5f24e8aaf1f16394bd39a2807aba3174fc56cae40f83e0fdc12d47b3fe15fac6f88f57a7a2d6116fb1616c59c92de3607b9167

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 c74e70b9aa0ccd4ecb1c42ee64849c88
SHA1 0a0fb60f9534865ab797509be9c19fedc09be252
SHA256 de8bf60f3b5604e35359ed677ace2255e8682eb1a2942ef72e8b6debd1a65005
SHA512 f69f337414a7ca1243ab4a6651494aae6c52fb2423eec43e290ab4abe8db7719faa3695b37e394130b1f07ddf50fbe43d72020854aa1c1411e65750b31d4a8b8

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d96352c65adbfbbe598bf54fb143e708
SHA1 b621904f7abca5f23f123d4e1801371a9a4b3502
SHA256 0df234759f7c51bd091354b0abdb7d4f7c748695cc7e7c4407b10a717a5e93e9
SHA512 919dfb730e6a782c942627e4ffc41f952cf1a259e02985a4786a33f8110611651a4c70ce973cb15c2b1effc99f07bad8eb82039d47840a0bc39eee6727aad651

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4e6d76242fddc73d3d4da91aabcc7bc0
SHA1 b46740af2531fe081629483f8467d00153135ffb
SHA256 0188e68ecf33286898d7dea071ce322abde8578d0c6ac2d5137155d9fd82adce
SHA512 75581f9995e9bce6835bf0856ba77a11f443e6907ad011d44265f3c79711e6784bcd3fee91fef2843bdf6c2d1f8111dbbaa34f81bf589fc3b6606d353f2df90d

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 58c7f148aa3eb9c23e53060ecf64d755
SHA1 e07db72fb58dabee01eef95d32487c88fd018e03
SHA256 b3b414b54dbec282be2ac8e68fd3806fce35bdf62f681093609d3feedf5dd47e
SHA512 2957b00a722b156517486e2879cfc2b67b0f869b2d9bd6550780de2801f6900474d51bf5f37b368cfe42727fda6bc002f500e61595aef3295a2794be43b4d162

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 b35157fdab9638edd66533818eb4546f
SHA1 df33fae4304d2c60f3d0e6e4f561f94069bd3436
SHA256 1a3a40095f403bce8b0fa33b638f00f47ee387cdbfe8917613f3eef7d8470f50
SHA512 910ef564267e7fe23109d132f7b7cd4970edf02e28a378e3deef3bbabd6b3e5337a76bee587d3c7d0ad171db78a6d725462645acd67fc5817c6cffbf1c526e72

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e361786b5d16f49965627d2af70828c2
SHA1 b45dcd71afa7aaf657384688eb9cf566fea2c30b
SHA256 a9687490a80882da01eab4a6e7223a9d5edd2d1a2ff4c1adfb3abbd7ce8cfd7b
SHA512 f88a3a7d1364e1bff9caf925bed7ad199eabf58cc66c4e9606056877f18cd9a3744549b030be5278e88aa9c3ff2a78dbe73f1a2898e4c1272ab68d8e662b3caf

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 e86aef0c5a9ac414343162f334fffffb
SHA1 7734de5c5504ff6dec649113e7f5a36519f62b73
SHA256 2176556ac0a31622b413a9bb98e5219eea427dacbb0ae109b7b2aee883d9c55d
SHA512 775bf557511868c83acd731f3544c59b7bf94dca4629bf458b644209d19390d2c71a90000f68249fa04c3ccd391e43fce75b93efa10378eff31813f1f478e706

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 06951848c918d18094bab40f670ad882
SHA1 29a2a94765996c342c3c8a28b7d45bf1336be488
SHA256 3447b7932f1906778f85691be5f0226de3cf0067e15a898e2932c9e72e0d67a9
SHA512 4fb75af9b38c2c4f911a4d64343a7007b8c7637afb24a66a37c29a764fe9de10e97c8685d6509e4494adfad7fb08c7974b45ba4aa3787035d4e431845cef06f4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5eef9ad46ec6af73c80ba15184db1ed4
SHA1 495a1b798b03a7574f5d5d37a6c64d7ed8e11cd2
SHA256 0ae4831887352d1ee65f057ee242b1e335d17b707c24fc88ce489207f8bd7ed2
SHA512 3120ccf5d084084d72ba4b90d048a1b29a9f2f9af1e9c1cb9c2911dbda4cd0535727e2345bdc52d4f03cd195ecf685bbb576195d510286e7bd0a461cd640b329

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2155bd6183662a8acf1265a2744db432
SHA1 f221392842d90ac57483ff9548b783ce409161f0
SHA256 c188fa0d56a5379608bf49bc5c194a32dc1e66e16d507009be3336b62745cf98
SHA512 73499850fbaebff79dba437650fdeb9d7a2211bd344b5b8541c529e1fb8448a2b95528aac5e4ae1f02805091d7c1901e011bf1532f29a0bd533ccb05a3a17ed8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 b13bf30adeb105c5306e277685191a3b
SHA1 cb76714ad62c2294eef1fd8d0a03ad58af27090e
SHA256 c7f7d700a67429569cf011ecd50a388d5519449110fcad7936bccb29ff396202
SHA512 f647c063676453eff204b915d8db410e9558038b6a7280fa93fde0b8ef9d71adce41b20b6f85f28504ef84acb9effd7141d9bc2c8134c97f8573c4c00a1a731e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 17a1607d3f90d94dc3345ca3a3e685bd
SHA1 a73ffac3bede74b9fe848b98ad29bd5cdd04a50e
SHA256 96d7d97dc2b840a5335c55484522597377f48b1d4150ab3274fa10e68c85538e
SHA512 b76afa7fa329b5c8a81f6dd7715c762477f5427638458a9ffe1a9b55ec22264d586adad567b80b023f090acd63934f39d5780004684a691859e4d700eccd791b

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e7b5e197492e106c1f593b1d24aeb0f5
SHA1 f397f07c91040549528c8f4b6408e16607aff1a5
SHA256 688d2d0c3da2525f6ceec6ec3940012ff8c85631138045c3ca82ff83ededa7d9
SHA512 9ba5916f95db4c0809c46dc7ee2c7420c531c61caf93c06b1631de42ee4c1f4d426f1acc3b91b8d487b0e7de327e6c196c332a494b05114f5301803b38eabc53

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 49ad25cbbbba3247f06a14bc5bb5fdc1
SHA1 40c2211751099584f1030cd02768edf51ce09d38
SHA256 b0f8325875f09e2479e4b3fbe4410f6edf29fecbb11a7c71a90f1aaddc56114a
SHA512 b8dba963ae91115a4b11959a05c2a79a96dba9600fcb78a31f7a8ad370f5cafd8a87c3b90cf5d6afab8ef74fd2801a63833899b8d3392cbdccc5568cbb7a3bba

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9509353f0b24e6a16109e6c9def47528
SHA1 88e49af0b85e540a38346d936a52ba728039f3a6
SHA256 a883de92b5b9479c98517b1ef8bce97fcbe16e76c50e3521e5c51e114b20247e
SHA512 2cab80684072cdf9ba410daf16bd276012de78cd5a94e49347ca225107186130e2de0910e7362305949d17582015a4630ff09d57addd4f3ea1c0e96c836c49f9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 0cd38829797f9a6f6ad2ebe8769e3c7e
SHA1 f20c5bb66a39a23366c45348638ac92a9d39b523
SHA256 92ca0004fab7eec237a6adbf868a323a491e7cee9971a11780b114a57f0345c1
SHA512 e8079f5d09fdfb2850d2b0dcfb6c000069e01c50b52b8bc880bd55ad335504f178e902f3f01bb4cd4f31e052c6e153780b38214582ba7775ad78a7ecdd6dd3f9

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 301f6cbefed2fc3e40f29fbc348f222a
SHA1 27c93d863dac845b3828a9ec66d5fd48573f57a3
SHA256 ce4f5ab69b91986003ace554e061a64d74e9ec3883225182f366752bd4a91a62
SHA512 419f71abfb127290f54d57767754c398ef8ee68f9d0a2e15a0f773c0452253da8ed05ebf22bfaf4d9ece2da5e38af29232248f74a8cd4a48b933ba7d9fdb9ee5

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 69b7418adad00da4ef2d1381432dfbfe
SHA1 3128e6550b82b0510e11806f0a6d706b66ca7a44
SHA256 10d8d591255e7e0866590c84ca164af59794806972c5599b62a6b5c795a82d95
SHA512 380afbc155489a49b7b82f501a6b37b5d26356348283bdfad51a9d8b9d93f3c827512cb10f804ab1ae52b8e7d48f1551c19b739941795497236c2705314f431c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 446d2d8e941c674a2afb0b31acedcf77
SHA1 71ef97e8a6f03cdc545ae9f885f1c767c3087715
SHA256 845db4bdb7cf9f1878b9b34eb826d4fa5d655ef22e1ae43daf190085cbaa0d70
SHA512 5e72418c9d65da193dbf6140d731974e5e88407569afb4db4fb134f721513df861bb5f1cf9197fc885b8faa0355e25ecbb10aea9b4ead8e38ef99f32ef1e5065

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 f559796b2cfd9f045d851c26eb80003d
SHA1 9e4ca8db012732f2920f6db09d4b6b27d17b8e76
SHA256 21b845c4b87225d8d296a6934562a1ffc41152895042b9f6e0376039e3aaecbe
SHA512 23128205b67c72603596bb33b02c47b962198d1985a6fe61ab1e3a03b01d75dae460a4a352b9f981b74b8dac5f453a562f30359d7e0d1605bc9531216d035c41

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 be9986bc694228f1174151cf36b58485
SHA1 54bbe0680605285ba98189243ebdb956d9be586e
SHA256 6172810945610cc382fce7c9b035f7cb9844c69ed4886c0fcd7886ab95d20ea6
SHA512 5dafa696d29dcdce5cad58db4c6aef81f8a9fac3cbe13d3c0b68ba3eaa3b3765a5b5e11105ae51cd9cf9836838d1f9ad1d8583d95b7b62109b122c545487f6ab

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 74a54fce1080b93f959daff8fc436304
SHA1 4295e2b6b5851df2d278f941344e01d1cfca494c
SHA256 c03fe4a7284271a6d791a56498b038c034a59e715d5f4c845b6c55c99887e464
SHA512 40f0db75e7e9930ff76af0f793903b0e5453a90ca0cc84017fd253c313b6f0e3c84186e6405a9fac110a6e3e13c68a077ac6bcc3be7d01bc68810c6f8800df0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 afa5c7ea2e61542ff40e9c0d9afa0c83
SHA1 e0e87a9749f2bda23a890ebb04b4eb2793412a49
SHA256 48633378fb5b1767b2a062e60d4db9cc124c19093b029e1fd80042b2a20368e2
SHA512 d4ed2502a91e37712b71909024b7075a0450ec347afbf1254bfba0207c2c70f1da3670d0bdff69f17f9924419f7e7579268622fdbc3dd4614fa2d4c4babc3fc1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 f93cc69d0bb64f419ee2b4e1c3e13830
SHA1 2ff58996458ba44d0ad90642bd63f80d6541753a
SHA256 cc2564250f7b8c5cc85cd56d434ff2776c458ce76bf87adb445223a5e5e7748b
SHA512 c7a15fe0ef46430d50f798a8e856c213b719814a32a182a168716d61bc3157915be662209a1bc65261a4824e145c492f7552680596563edaf66ac99fd6194902

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 7845bbe10bafed756b05c4d575062d4a
SHA1 7e308e77d7c6078315aae06204abde23c81d464c
SHA256 7835ed666bb440a6da29e10a7c44b384028dc26ddbd6818f2fe9028f375d1376
SHA512 87c842faa2ced124c6928dfff815acdfb07fc1fa2a8939dffaad43bc39cf6deafe04be3d0a8dee9d02162a82476935500a1e8b298bf703e01cf7525493712a0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 3a84e6814ce8b6b24e270a3bfcb2228e
SHA1 95d7657cb35104de84187f53b4f05f7c831e5f35
SHA256 bbcf3382cd78335b3023bef26252bde42c2f19d673db28e55e26ab998f232452
SHA512 b84adaabdc62dddfc5fd9213c19499e33ff11aefb36774fdbe0fbb3486681185f35b0d223311b921febf458763a0ce0121dbba7adbd1a7d0d85b9f0033de32e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 e9da8076d2a0738ab528ea7363e3d9ea
SHA1 69be9fae1f73770f80e1b440ddb4aac11017fd81
SHA256 039ac4d8c4462c2cf2424b261602c1540f647c290c49e402c4429b064d503296
SHA512 b570726a8d85c6eac05bf2ab72be838551a104dec2db5b477ffd539f6d8ba010f6546b53948ad41dd9573927c6e7c7c14d97fc080e6264370265bceed267055d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 58e4e37349d40e699ca9ab3eb4d75209
SHA1 47a18e174212b56da103b84d475e0df854a35d03
SHA256 ba8a184067bf9c33fb996873ea4ea882c4ce603a34aaa364187a62660bff5425
SHA512 5d7f9ac7f8f51e1d1b675060a7f48a1088c80a43bfed0d0ff6da5ae55ca9abc193bfbb7b649881e991cfd4d979278e2f49276118249148ccff41ad78cc11cc31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8087fa48f627cde21b514d3cfbdb4cba
SHA1 d33197ad846c8c397066145a2581389a206afe0d
SHA256 371bda661a211a01272a9a4c2487cf8e35b1741001d9f1b5556cdea5a352c691
SHA512 310669e60035f189d560d6a0db592fdc8fa8ecdfc183b1b25daaeba2277827e1dcad577ac04875fc9ca7355574d628dd2b2a527c7164017fd564b8775801ba2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 7d5f04e183a9645fa330b5bcaf8abaff
SHA1 d355c6a1a41826e426619d3a697414018cdfd5a2
SHA256 ead16ffdbceb3e38ba23b346bdd145591a3322212070916ed8eb086ef7503b83
SHA512 cbbcc7c0073f61f6dcaa6e226f4035de07e2a3e839a1bce0f38c59e6b1ebfbc568d4b432153c3c294447268bb665efa32a19e5300d92d4ce2896cab5fcd85ea7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9391d7348f6f69e7aca096df92719fe0
SHA1 8fcf7e325937d2715bf7a097509fb2c565feb95c
SHA256 3b7e479f47995cb96abd8154fca1b61967b59ee190a19a4aa7b234ea8ebcc5a7
SHA512 5026714c0e8d0d7d8cc314c89d339d82e12cabc2cd420c842c9926fe1630215e5bb4c485b4e9a954807a64bc373ec2894a7532b6af832abc1acb616448270ca9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 5dac213d93419776774e05caf7ecdafa
SHA1 db0047e2e4509dd076d1a240aff27941ac0ac295
SHA256 31b5592304474dad6314e8bb5e1e05da99d840062d2d5d57a4fb29d1f04235a8
SHA512 084527bf4249249db9a71a595b6a58781c78382afb5f23a56863ce52e6629e2c9c78abc15e1dd0d1ad0c43807a9bd34c718794be52711ad625c66f470dda94e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 0eab0e1866c81fb2a1056866e67c0e4f
SHA1 aee3a04e8e6b6dfa5fb46f92c82a51dd6552b186
SHA256 bace40d47e16b7ac4574bc66c4d635275b73b2a9315e686f112d4fa5dd0989ac
SHA512 76255c1573d3a707979c47d71db742347513824621335dad5303a2ac5789314f17ec5494dc46683efaa605f722bf9ba49cd1366a3b2262e1436b6bdb8ee3a487

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 fd560d2efb97027145c2cb4dcff590aa
SHA1 3e9ecfa80d0f320bb8cdd9e2264abaf41922a5d1
SHA256 2185c98859f3c746cae1125375b376c947bd9b4a3c33e9a689301d5de9b141a0
SHA512 180f456cb7ad7cdc543120828a6532ba96c95334f1873ebe0b3abd52dad10c27db6e1f05ed7340f5c81a06ee9e2c1b4774e07a37f595313a6a691e4c198efc67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 260730c379a2e2fc1ee9da9fa9004d7b
SHA1 1b35660f20fffdfbc1fc277ddcc7c3e3a546841d
SHA256 fbca12bfb5f15c0220c3a4e3b6e1ec071a3233eeb3318f2d9d9d522c282d297e
SHA512 c0f35509001ab777ca0e51ae923935012fe1dd732071f9957444abe574620bad16eff2f0348634cc977e8ba9fa9df40357b41f9adf6695c499681ae1a4cf051e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 981f48726bf9a3e6129a4e96dd345f61
SHA1 8ea01f7ab46f9b754a23b72a5e0769af1ac05a7f
SHA256 7fe514ab5b4b9c105636c25df0c3ffc61f155e994b984d9ed896185187c80d29
SHA512 db5c28a46f892f8c65bbbd335196cb9ebfbcb093d3a7ed879005c505ca4609a75d03efc34431cc04bddc61c80da7dbe101b6cdaa6ae702aadc9223467ee8ddde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 86a7a289710129352924b8d9bc9bf72c
SHA1 6f38bba6502c1e11cd482a793c880bcb025d8bad
SHA256 29465420f576892f913ee1d8e1013a95a1e934e41fe46295e609b24cdbb81aa1
SHA512 38689853c52fcf22e91fe8f1ddb0afec413cad397f1deb844ce0519bb9d647e27d4cad66af316611d6e6019666305f7fc3ba879c0f6cba99e00f2ae8aa04be98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 647fcf982ca77be86160396000b20eba
SHA1 a72391765b09e984a952926bf4c2524f641147ab
SHA256 4f410d0dfe74a0cecec09be60262175e1f2bb6c1ee46fc4fa85ec9c83fd3554f
SHA512 632ac0fcd90faec14b431896584a4aecdc452dcf92ad719a046ac9d36a099345dbbcd48b452e748362c76657a50bf43a150d52bf472498e040ff1fe4b0bbf395

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 2fdec2dd13dc0d34e9b2fdb7fa68362d
SHA1 5de0f23744a71d47eec80a10572dfcfd9a349f15
SHA256 af2ca1bf16a9435393c6e10b277ddd61925bf9ad653372b0827ed81136a00db3
SHA512 b7581759ab103c24251e6acbfafd2bd1187ef1b59351e84663f250468fec753502c30d5bad38ba81802e848850fca5fbc0f1e12d7ee1d58191d68085144ea8cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 1bea61dfa7ddf826a388d399dd562fef
SHA1 80d99376cdd822788d513f6d32b8313589513921
SHA256 028d2a3e3afba8c04bf3b9fadb1111b511cafcea8dd10abc22ac94d728c868ae
SHA512 7b517bc6ecb95e6e9a2ba834629f722b43392228eed0abffd175c9e45d2d01792184720333d1adc90df1b64c8580d927515da993a4259cf8b1f7654e324636bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 da24975427461a508435c53b51a28ca2
SHA1 354b1e79a9a78bc5ffc02c5777151d0fe58f4466
SHA256 68013abc2610472938f393b3177c172ea07d6c87018f472a834ca206cb2d67b5
SHA512 36fbbbfa2c190e26fcbe88dfdd98bc46765b41cd78f725edc6c888228465df682f12f74cedaf6d2378973837dfbc97bfa4ab1cdad2f0e40d9ea718375056ca54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 11943da84cc8f5da963094e6b7681b01
SHA1 4d0a875aa1bad0b5053e91a95ff561e381b52284
SHA256 85e5eb093c4e9959a7c795747c556c2a0986bdef860778c160103c81bebf36bc
SHA512 7373b2d68852ef450e04ff542d8f109cdc1eaf5ad36d04345460f031a3cb292369fee0e4fc77d19393088a7d10c6d65102668a1778e388b992ed8feb62890bbc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 88208234a48257adcaefed8ef090157b
SHA1 de713a2d538de37c79672d04a1b4cbd8a7b0aec0
SHA256 8d672a41b41a35a16b553904f62428eb422bac94615c86dbdc5485bd67ebf954
SHA512 97f6990ad8284cd251f77c32b4787135477902af71ebf7dea64a9b35db8a527b0be250a4f64f81e05e7f0f4c6297a17524d11e21b0555143488bdd159abf3044

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 a9ffc5003c7e2e838c781d3c1c506ca6
SHA1 f7258e1c1a4e9a5e6a51b450dd7f0867b29959ec
SHA256 7d911a1b7b42ebc730a941e74fbb5338ed813b560743a588ef34228b65cd50aa
SHA512 7083bc8fd7a9542ecb75242924a6a79a1a28e0c6a069dfa8132584f951f8461d70f2ada2691ebf49e72b1f410c44b5cfe3aa9885f75292663c93e19532723b74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 bcc988c6ca106396220984d27f6903f2
SHA1 a86ecd80c6c6db2c093a6a17998014f010c3a48e
SHA256 9863a939aa48aa7ba08a2c9d53c619cbe6304723986d31529197fd4a0fd66827
SHA512 030df92d1e37858e42d6f7f0dc7dfd8b9ea6001092cff639f8c30519f5ab99f56aae9647fefdd792c112c4076da7dde5c27dc38883adc3cedc81a4e5256bafb5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 03977076e7d094cf3fff71f614f9a21c
SHA1 e8277799c86c93f3ef4cd09e6c09b93c1f438d38
SHA256 786a924339813135846d149e6f98195a2c601b8a8fdc7b918712046cb0b41037
SHA512 71f16975e9c53e7aec86b7737edb9673f10a0868305b69120a8cb51819290ab0fb41bc1dc5cd6a2cfad9c33e67dac2d077b3039a502ddded3dd1099f95d1f72b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 cf18f22a728af3cc5a00a01022075a1a
SHA1 c2b1d47053c6cb56cf9b20a1a66856f7ffd309eb
SHA256 68a2a38005ca0a68795d68e5b378972f6439ef8cca57f39723dfd10016e0c58a
SHA512 60a246d29a0692b62206d077d39eda7369e5bc1c018b9c1cca88e178080aa8413ed59b389ccea5c709f6e1ddc89f343ef8b50fd1f7b5a07ffacb93eba0ad1666

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 710e40de6fe7d6ad0d8dc746718bb943
SHA1 8b0ce8bfed15567bd52a691a07233163c5fb4a6d
SHA256 8e447d96713d21a5527664a992ac43e1a551ea4ad5c8648b29d840e5cb12c9b1
SHA512 6b3dd6098fde4abb4d2bdf9326b919d933deb82cb3b614e39618e2bea72756a26d867291b92b17258a0c468af8b83bb4cb10cc7de482a884f21a286c2a042d0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 6ecb2b5300051ae21f498d214aefcd4a
SHA1 71d9c2d39d5f493339b9e0228be551db6c4a97d5
SHA256 1ab023ed03b5b2ca3626d537386901bde0ec5f8756814250ef2aa74d9781fed6
SHA512 12d91810fc9414deedc9bf1c4fe89156887f9d283a776ab7ee5d3f0c8f92d6c4cdd490477545356ec90d24ac403cb5c5004b3e68042200159ab6e814ff697b5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 90a1cffa9e9c7ace18c76d5290768f1b
SHA1 d0b213e2a5c08a55d768d4807f929fec646d6d48
SHA256 797ca7907602ad64379d392f4bbc9d4184c865ef1ad6ffe30ae06251f5765a60
SHA512 0970d2353abc881960872809fb0a2307a97813824df555aaaad24535fc75c225bdcbd3f8757a30fd14d094089a50c39fda3a50f924ff3bedaf4eb64396bc4a82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 898b13ceb4b781f3eb1ffeacb10bc4a9
SHA1 7ff2abdd48c6ee81c1e5eb6a2c55ca0bfac91281
SHA256 9c4367592b9b8f4527476285dcd90e110743a219fbea49e4845fc45bc5f72a76
SHA512 c4c0b42d0b7edd6caac25a248823d88a1c2ee5449886653d3e4f1beb1522226925f5bc4ea24e9a62de535c184a6989022c73a9b1ab1e23ff3afca22ac7eb5df7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 95a1d9a8894bc04f8d19c815e7afd597
SHA1 9eba465d17f45fb07f40e36f20809fef288d2467
SHA256 66a98fb1cfcad1e7a4801c63ff3caeb502715525487588fed88ea67bac8f61d3
SHA512 1ad24a7472a759a7d2dcec8e8cc790b8391265a0c021a427807edc688bb6ac24e2b5aa48484379fdfdd4fdf5e72c02f11c5ffafc8f902f69959788412b73819c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 7ed2cd226b79dfff744d3aaa44d9e860
SHA1 2491532734058de0768cfaeefe6636380e4e3442
SHA256 58ac229167931daabb3fa80fd8ef763896d00f7a34260f368a97c8e9dc47d960
SHA512 f9b2f746f8553330fe7f6c92bbb2d3d4938aba9bb48436075dfbb49d548c78ccf4a3f6e9cf37a1730e14d9ec527766ae9898040d473164731dbbebbb6c00b4f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 435e84f57ef65fcbb55cba78d3b00769
SHA1 b40d91cb1fba20586c05ffc36f3b1689d1efcff2
SHA256 da78296f7cd2f1ab1f752fa7b5ef43061ecad6e5d4d2e6fa78d108d2eaf79d0f
SHA512 a9a9cbf14715feee1859da2b446ebc0d62c959faa9a275d94a583ae085c5b1d8cd055172900cb770a5d37fc72e431ff9bc1b8b4677efafa46d075b0f99ee8a9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 232cca6e47c4e94725a19a8566632720
SHA1 c86c38ac0f7a85fd383d3dabd31596479a0ca9eb
SHA256 943a91090812edd92d8f1193524b87395568d54234d787ca290074e5f0ed3231
SHA512 712c9db0e9b21dc1a8201184c527f8aacddb7d68a48c4b53476202d8fe7880a9d66845f4038779e2e2ca0238139ba3e3c5a0013c873006d21439875ebe2a5002

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 abdf9243026516eff51618a00bb8b57d
SHA1 7d8e99db676e0214b8c8f5ad0fdc31c0018d8ddb
SHA256 4621ca50f2024897cae3396814b8b419368bdc38243dd63569b66b807ece76e9
SHA512 888881bd83b81faf605065d3b89c4cbaf579a2ca17fb594a976b8c144a9b5645965b92c4c23c8ef3b06a7dadb6acaa859869e6f0cd98afe778bf46857314a991

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 74d4d8b0fcf2c5e4e5467601160b61f2
SHA1 6f9b71eaad12305ff49f81d4406ba9c5e2058ad9
SHA256 a28ecf3227a7ca75dd7f47665f8aa9d5f173909162374957efc56b0a8d394cc2
SHA512 8bd3fa433545a75ad0df1860d149d5169933ccc55b6836068f49036fe839133e1bd7bba93cd8516b294c7b7030237698b999dc0e3a70226b2795e2f7e78ab730

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 15b225ee8b89f36baa558c3141bdaed4
SHA1 e3ed9198e49e08a8a791794be691375e2c0c6393
SHA256 9b3d97dedb7c5a9fbd3dd171832c279f12f57834bc6b9cca8f7c38248ecd5231
SHA512 a3c50662d265d7d37a7a4cc0033ffcb070834f7a28bceea591367b85f008591843930b875dbbd353ce755700e071334cbb89121cabd781b9d59e53d5b7070803

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 81cb4b40e54a75d0b2b616421a694cd3
SHA1 0af95341c459cd154c4c2d65d99189dd01a85d9e
SHA256 f6940e58124af062941254fe20c6e4078a2033cefdd980a292ab3946f06ba619
SHA512 55550280a8dd8bb583974badbe047bddccbc180d98110a48f40e151678c64fe03ef347cb91f6942fad90c43a433f8bd911113c474cde271d800566efe73e39b8

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8a44dee37662169a1c9c8c1406b1c051
SHA1 adc641d0bf49f27b0ef2b46af70b067b0d63c16f
SHA256 fc4e002cff53e4acdca95f16e9fed4eb5492b6caa15884d45cc538895863738b
SHA512 1053993488d80ef1fb0b2f18d2fbe861b858a384fa8f4566b9d9148e30fae4003161bbb0c168d39a18d3f65ace7560671cc87aca68c4448feb4279429258500c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

MD5 f9f6f82ef106a672dec48817fcb2a28f
SHA1 082ebc9d8f74f10b657cf404730c3456702fde21
SHA256 e63c1f172d2ae87dc648d0296b58a950edc91d3c1d0907569801ed4cb4bdd687
SHA512 567546e6b7274f5862b7454cbd0546d7fb7ab6e93d87f70715ec36d01cac3af0c1cd6e1c944f62254732f3e1247ec1cf48e66bbee0afb562afabe330b549c633

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 fec56e829d907bd7054f1564fad294ce
SHA1 85ebb634384223351fe4b689cb5e993b427bdd4b
SHA256 db41751528eb9db2349895f31ff620523f2b6ae7a45752b05d993ad89d789053
SHA512 2e28f9467dd2aec4b2dcbeab32074027cbef48d30e6b5822226533d4f51c7e8dbd13588695cd86229b6e592902dd88880568bc4afdc22cbb8c31dd96d79b7279

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 2b209d3900ac777aab8f27a2021e5bb5
SHA1 e26f8d8e449b99cc07a7e9d30ab97bbcfe8bd2d7
SHA256 abb7c370b3ed9beec3adb8fc1a66d392d94349cae25cf2d4e039277389aef1b1
SHA512 709e91ba0b49e88083bb419ebecdbb7e7ec4890c00fa550fd2963ce10a769d7bd26aca498a3779a77f4fed736e41abb6e8098d2d10ce409ba4bd41d2392c5c71

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 26078a4264442aa8d6c5cfaaa79642f3
SHA1 7837fd8eb1f3644cb463af5a3572eb473b5ebf4a
SHA256 5c665616583a3a3e941f105aad7e8122e2b63576061ac0a494c8d2d42a620452
SHA512 93556851ee01656fa34f0bf3a29b17c154b58e9e0270a014b129515483456cebd5404e5aa93b2c5cfd027d9cfee328ebf19d069d68cfafe01179df5991e380ce

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 cc34a4d0808a83a401ccf31135c72f3e
SHA1 a312ce35aafc566d2b561e2e3de8b9dd5c6eea86
SHA256 2c0c088a0e4249ad4e11336b415e11a8e503092a25a811ee118b24799cc5c17d
SHA512 3e609d6d38d0787bd1b4da307c68a728256a7182f49dbefd170fc76400a6f40adebe5c0255dd7d8df02a3e42e46773d0f8bf74183f4090cbd4fe929817040a33

memory/3320-3588-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3320-3587-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 ab40dcab51b2955480c2359277733de6
SHA1 6d137c44f1ca24eef07196241a56571a3441d229
SHA256 51d045b6706f69945b66690986a745ff8eafe824911a4fdaa7e2f0e177cdc279
SHA512 804cc62a3cc0c3291087f1a4f8394ae1ba2c5e83d25dcc81f0200328cf203a89fc38f36b4df02b0c1909b4e3aa13643ec0d63703365aa0770e343ba9471764ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 54af78b9059c9f28072e97e18fd1bed2
SHA1 4cec7767b7c64bf093fb171d84cfeb4c9288d6f1
SHA256 f8a8cee58f82b06132c5fe3d2f3f0be9281d164698f466520d70b3dbc44137fd
SHA512 d8354446f3310613c3dee955858c482e648bb76222211d1f46a01067bedfa3fcf14db2e43d3b46e614030eeaf782ee6a8f9a5825abb0f008439ef1592b78f880

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0e5b3695062aedb22410a37517b5d320
SHA1 74db0ce159b35a3e43cc422488eb1ea7a663f19b
SHA256 37dd44d673663ad74c5ee96e4aae7bcae6233ea02369c49a6a767680b8724fd4
SHA512 e7824ceb03883f198a1fb24a2712eb904629d8961b7bc52897f62241f7e7fb868c81aaee0ca84fafc9442eafcc964745f7691e81c079969e9a8b9cfb64159afc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 48f1d6594216b62f99b03a5fae9040db
SHA1 5f45581aa01919b55028ab19e82476b15fa66dc0
SHA256 41ad552daa57f9ad077442ed67d9b4e2a1d8bb43f62d1e079bbdf390ab348caf
SHA512 9a417e030378b1df0db2a1b02c52d0b12a5167ddcf959e437fb09dddc70a0dadb20ee18cc5905cddbd188da5e2ec8b60693f8ce7f6bca0057327dec6a915c9cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 e0f5968bb5921d0b18a146f8da5e6cbd
SHA1 1ad771c6f801e8f094659c3485f21a1f41286641
SHA256 19f61530cc1ad1104001c85a8c28c79d04c9c98efbba8eaa92a3508a4150b134
SHA512 274a76945f1be8a342fb2c9088e29fdbc7371d958ded4dece79a66eb6d6a649bd369714c4b2ae05928e35684502f829b28470491bf6ba1fe8a4a5d8d93ecbe74

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 4adfcd10a54f66b99e0be581cb6e7ee0
SHA1 20b5e3b445920d113c722e0b1abe22a9ebd349d2
SHA256 8e2508dbaae5044e7a309c3005962158b59533b26892f1338e0c5fdeb09cee16
SHA512 0fcbfd5444ef47e3b68584a2da83d87faddea0ab0c976786f32c84f940f6b412c4fdb91ea1909edfeca7bf4a078c0a40e5c7d325a775e05fea9ba260e271716d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 8fc4b733b6f15dda24336d67ac01665c
SHA1 7c845edd1a454f7300684711918f519f8d6d54a8
SHA256 5c92bf70c385ce5269137ec3005d4621813f5ee7d8e2f1234612227831167001
SHA512 f1acd926645df51a19bc68c8722972a011783702191bd19bf0e1b9f9b8c503bbe08d513c09d2877e2aea9454cd69d8ef858aaba753079a5c894974130208a2df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 6b5dab2eaf8c484de58283691f665b77
SHA1 971c9a8140c2c14ec436d84c5cffeccc79314a46
SHA256 8866463fffe6d23f3e2dd9998949b26b90a38f04a13cf8d551daf6c8579079d5
SHA512 aa54cd40db1834c70d0b41ff6f7a9730540447d4bb6aece7db94cf9f9e3e9d3201de80cdf63ac68bcd538cc792ee6f35e5c7791050e594f43ba424eb7d26f96a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 e788c6a63e1234886f973a984c345ee0
SHA1 ab96c1c8e80b63b58d2f253452dd5eb3df9a05dd
SHA256 c23017feda98bb6393bed24cbad02ce61b7f4b2ac4326d348090cdae6c990e5b
SHA512 9e8c1b03193892149e08ce07f935e673f12514961bf298e0fdc3133ac3323ba6f6b6075c028199c25418aaf2f3fbe18c7edee9fc4069aaf9e53dcb2cb29c715b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 05c3b5222a31ca7823298c839c176497
SHA1 107aaee28137f4b5933bed34c41b80d7f14d8d99
SHA256 8d68c1a562b375fe773889d534adce635f45c0d323b8833e9c6a132ef0ad54a5
SHA512 ac852c390d226a849fdf0e90c038188c4798198edb8c0515a2bb37eb3e91563541a0e75e062300509a849eb4cccb804230880a1b26a9fc99131c1a836af7d374

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 8116826c10a0723e5234a660b33dccd3
SHA1 defd21efc7b0ec9f5ff635a03a3bace1e5729277
SHA256 d8b286b3ee984a9d8e55f8501e4d0a72d7ed8bbff6bf93dcc197a971d6106eee
SHA512 9c9b15ef51004bab9d86d467a9b49bb8147c54de559af11d409fec9d42f78be2456dbe8312ac5057868609a5faed13eef5efab3b6c02dfa2fe874f346485adb0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 68db958b9a2ba1528f02f1b92af973a2
SHA1 f718b45b45a8b0bcc5f0a053721522a74443c3e2
SHA256 027533ef3663fc5f6c247a04fc98d1df7d8f0bdca1972c1967c9897028bb57d6
SHA512 f66dda6d5af085311152847434da98f5c213425dbb12aae4bce68bff0662a285d4909ab0b13f9fe0ffc05b6bbd86d86af8f862456d6c72487177df57eda9727b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ac3758b250653dbae200614dcc20054e
SHA1 423fbc008577bcc944451a828fbc188eabac7b48
SHA256 1e386fff514d86a42de994f5ce0cef721f2957b90ce6ea90501f6db62804c794
SHA512 e546a28af7417363fe426470dbd1078671d39b75379619a3ad0b0bf849aab37c797d95fcbfc815d22f487f904cd708712c11c78a3616f00265f89be02152104f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b93933a186bace5a563ab13f28eed71e
SHA1 fd357936ddf71fa05689b51680130e8822b5491d
SHA256 7787f759658a421945059c389b32e8413927221d6355aad04d9c4e6ea76383e4
SHA512 2d48bf6d622201fad0cd3800cde08ce9a85ba1321b458493e64205eb2fd8de3051a415f0615e40081219e2ccb9c8572e79a87b27c4964d9300b41640c822a4e2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8157f7a7e6171f19f751fffedf37293d
SHA1 3c86dfa7a8b8e4eb90942aa193d94d59df299879
SHA256 d220e46cc014861720bd786c1a120988a79aaee83eb619deefc0b9296333f8d1
SHA512 c9d06fbe004c712a28a97402265df6d90ef1cbcd5d7e3f44be4aa15932382ec57ed733d1ccde4bfdcba7e345b2a2eff9c47fd9b8c2fa23221a528653ee5b5f0f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 5758f30cdf8028468ad333b219c01191
SHA1 53b0adaa8ee98d84e17384fc4796b785d4d030a7
SHA256 c777af9291e223b55cc91c8ceeb296765ecaff33d5b7b82933bc272b71bb851f
SHA512 72382b80ef56524cdfa0c4185f453aafc496480f399cf7eecf9b51444225486dee076ed03b9757834485e5ca3cb2ed29ffacf3a435e68b8d5391d73b69bb17ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a6459da35efe3a6d45898e8c205ab015
SHA1 3cf9b43b412a75202ed827351e2151ce972d5abd
SHA256 2a8e8a056a9d7d42b19ef25e0a7ea173c9b43b0ae446fb92e61350f1afe1fe8d
SHA512 25e269286b0f32e376bec2468252e3dec85c1bc33099919165bdf1b5fa25dd9e9a6c0c23a562f8f6c5c1adf44ee663db33690c38023b4ff8fc96f7691b041fa1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 fec828a807f4564f143ff76ff9fd8483
SHA1 7a8bc21c407556215d7a1615f22b1d361b98bd49
SHA256 de680d50f0a29a5541273cc9f333dddf59bc62370443ce89b0ead394f606dad3
SHA512 247260c1db8ffacd02472c2b92c198bea141899aae5b7484f1a376e9f8f20a49ff049564ac1bd89b6c94935a7f18f0ffc65d67e872d27e311ccbdb336a46c7f0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ef47d9a8f92d3fc6d42b022cb11ff63c
SHA1 4d2ee6271a1f564becc3b50861192b9bc2d710a0
SHA256 57dea52e26cedcd53763497201d385ebdb9eba88d36cd54270e878141a79570a
SHA512 6305f37501d1f5748a17f29ab2953ed3e2cb2c4aface362f787f02ed67eaaa62a710ff71506b926e611574c998c446a665cccc833f53208fce896fadb19b221c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 db03cb7a2f3679e11c9915c1f28b60d3
SHA1 ca11a5eb8bb4fc8062c2237ccf4214759aea587e
SHA256 b52f0d09c6ee08c6f77940fc7c49a5bad551039e8f03858a0021da098a104bc6
SHA512 cef5db909162fdc99bd3ccec498ce54f4769d61c648fdcb6fd44c3f46761549e1588eaa4973f830aae5060dee914687d77515249ad2512babdf9fef58d6e2180

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 efff91ca01701e4f25cbfeb1a2667cee
SHA1 7a9caa9334c9ce080a784ca15c74cbcb6fe2d2f2
SHA256 e0bbe01dfdec5809492b1f43a085667f8a71c8ed55af1077f01cd520ec7da227
SHA512 a121bc55fd6de21c40e4138787967d26eb120c075c536be924e57dbacbbc2d719fb1ac51cf9a7052d748262aa31d1a9194368988d772599c547768f0cdad1514

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 a3be1dc3f78ffa071bb78711091e649a
SHA1 65ccbbf3d4e95e4d47bd8629899f510d6f772b16
SHA256 5251f997cecf727241a11774ce259ce5fbd93da9803d94a94f60ad14d353dd7f
SHA512 b353325e5bf9a79b4aa7afd22527eab9f9121db81439ff2e63bb206571a967d3b170b0ff331aab4b6644592da3421144072255d131a305d3ef3a35af62f53fd8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 f18e05bf49b6df8150c9da1a9ee2724c
SHA1 579450dab3c3ee57e7fc73047e4733fbe4c2554f
SHA256 f7eca95cec09741ef8062bd234150f511630219475a1cfca391ce2fa363dc4f3
SHA512 a3abc4e8f0dd21aaf536bb119c50f9c5baf6d2c9ec3e472ca07ccffd2f1e49e8ba91a202d3503bcebbc6a664191cf7365c360dbf632acb0f4405bbcf2fb88700

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 184c6574e1beaafa7aacb6a6ba4a9b6e
SHA1 23c1168b8e8662c54204567fd7c8065c800c66c1
SHA256 11e489485c8c7bd3f50d07d8852ed2a7fcf0ad1150038a55ee9178372cb48334
SHA512 5f69acdf95ace2b19b687489f22a0a92b2e92ac94833fe68d19e5333471ab2eaad8a92a08072439938438322f5cc2735bebcdb990f781eeb4d838b5abd2415f2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 1a6041793a06ecca0dbcb41d388c568d
SHA1 944909c6323edf40dec8e3c24d2a2518c239fc02
SHA256 70a4f84aa87bee0f41898446cdc88c9834ae1ab384304a5dde225e521c538a72
SHA512 99e5d51f674f37733ca4abd26cafbcdce69f41f551cb9025836a5f75736c1622be2d2e546cd246bcdcbcecbcf085f1b3fbedda8f06d0aeecd07626ab4e965d77

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 0a42447b4351e814cf1fe860853fdb4f
SHA1 bf744fefeeab9ab4118e474c9c7f85a3ca4b00cd
SHA256 7c051f845cab68ed98e9599c4bbf33d88cdb13cec42c697b6e26fbf0dc3089d9
SHA512 2c821688b6467f88af6ced043a31c3218bd5621b57bd744617cf2f74e831ad61b9e96a232b09fd87b8de72420a4e109a6e4af9089ccdd0cbfecc306b48b02b5a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 6f19825cd68b67f9a73ebdbac1ebee5b
SHA1 5956926cf6fcac437591659cdd065e20ec9df06f
SHA256 d72185ad18d40f4fe95b97b3f773e5c22bd5b1ff99abca70b39a77dac0095666
SHA512 399be5a020ee21f480933a9c7dd6b00d163855adf745da7b85d97fb54e87718710f7c3dd09d7683ede5b5b6685731e3afe69bcb2222274b073c57e04198707c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 75550d13772c1478e6859439d0f5205a
SHA1 2f9b025f9c621141c9554029819d2b7d1a77835d
SHA256 d0baf08793a0910e6df0996dc293f3102ce54eb4d7b4808bf03fd2cac81bef1a
SHA512 f9aef1c2ff788bf89a8ba9f7905b3900ef93ad2c59d73bb0dcffa0d63d4f6befc30a9d4452dc476c5c2f0891f0dae7bcadb1cbe37f65a5af3cca6a39d785fd64

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 6c40c9ff405cb97084022df4e4a5e56a
SHA1 9d98da6bc698a332affec9854a2a451c3f29363e
SHA256 8334c52c5998a12fba5e8eb75de4ed163679a2883900fb01ef6ecc5128cf983d
SHA512 794610619667f4aaf9597dd8785d18ce5c3b737bb8ed16ce08da666a00eddbf08ffd156f374953aec2e92dfc135f3b985b3be8681924450bed61502cc47bb393

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 86e09b199b7ded86dc9bfd09b1a2fc47
SHA1 978f2d1624cfadad1e6e37a5377ceb1fdd8d761f
SHA256 2b9aa6ee9a066a22b54e36c69782dd4c081ef15e2a37397d754e1e7f7c5bd74a
SHA512 1f160c55472c404246aec3dbf9d3ddabc80019dc38ff94d8bd315b7f625119efade331de16018e659d4ed59a65e2c32c7a8f810d35eea3f1a855b458c9876311

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f360c007f4aecfab8cb3a44568ee1fe5
SHA1 f6ca42b1fef797deb43fd0b5da319b46fb2e9021
SHA256 4fc70ade59e09fb19e6f28e4a97a8feffa598fa38762fe8e4929f5024cd381a3
SHA512 2b77fbc06fa9f37e7c3d12fe909fd20512d67fe586c4401e7f4fd52b29904424ab58762432dc40927deb23920f944261a49e39dfaa732c20dc4f3016aa198322

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5b66546b7a9e79f39840c04aa8e6356d
SHA1 830fe3a0d018dd480e1a8986ba2ca0f263632067
SHA256 cfc7323f86e45b81c652156e8b694bb4c7fadfd57f1e574a1eb7891dcc6d0c75
SHA512 2144af28d301d9668feec4374d908898929915c20ad376c26af3256cb32788210fe188d29865b22f0beedffdf1db04b9b2bc79d7ee7894ac210a4da1c6ad6c25

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 db81667cc59e169a3aeb971b85e8ff0d
SHA1 91467653f49c0dea926b925a03794bbe7e9c21d5
SHA256 d824204574dd98cea2bfe275da852395a06b6bf02a749b14a92e9936c5d3cd22
SHA512 47a6b7cf1b01337d886ab66f5ecd334eafc43feed5afb6d57a43215e7298cd848d158866e0e7fc264f3c90cc54e0e7f1bfd1a19ac7fe4115c47ace3587ed12e4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 24f15cb00903caca810657a07d1c4c39
SHA1 9bc926e70834022176ff3616c881059705ec1079
SHA256 34c19bf7e86c4ab116a661720861c3e6722ef2584689d63b4ef52d8bf59c493c
SHA512 245e8370cc69a44210b4f0df22de8cf700b4b8eb8bf7a8bb3a77d3a7033864d674438ca23a68d7d976072538b86a06b76c6bbb63afee031eb53b9f0e8c31d34a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 3e43b8bca79d8500a612afd5421c56e7
SHA1 baf51270a7b08d4bbb3d747c206e635f711376ae
SHA256 fd73a6f0799e2ad68f0d14435024a4d8c9f5bfc200a0d2e62db4cdb0a548a0cb
SHA512 7a934107e2bf9f2949adceb4c4049ecf8b2732bca59d59afabd801413e288cf150b524d0ad711619cfce352e6b9393843c234e3a797126ec89b30484562a9382

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 69f68356a132a80fcfc0405c89b48074
SHA1 bc17a0fa45e026ca06f5c507779a53e421532215
SHA256 1395e98b01d967cab19548c412f87eea366f75594ee08b5f891e5c2d8703034a
SHA512 1e21514b08ced5b4b59a73430231b2f7fd4d933249699a070ab50349135cc7e7dcf493665b3e5c3273e7730849ac953194b507f960a6d73e7f3241d725556ba5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 50d4238a9ce30101bb2fe9037f10b458
SHA1 a88fb33b3c951af236a74f26ed5852c9e4e391c7
SHA256 0866528136d1825012094111e045982902e3fdcb9014bdc4deb7d851f395b5c5
SHA512 522ed86b73b1cc08bd4288b4fed651a238b7d0dc854cc8916bbb41cc848e5079eb4b3d4c38109ad0c2bb495b18813773d2f1b0c7e6371043ecd3462b9f723588

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk.EnCiPhErEd

MD5 910bf9444e1723c5286246ad842714f4
SHA1 dbfbf50b319e469c0c2c9982fd25ac411dc60582
SHA256 44020aaae0aa70269e4650360585b3af7a72f17aca7445ba1434b24897ac6c97
SHA512 9b272415847bde5709d97726bab56e10e1eac3fd61d2fa0b1fbbd33fcaf25a1ad967ee347c7f01bc5ce612d11a90e7f73299d16436b499f58ecb06409de1373e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 f21a738e003b83c34204000bde030e43
SHA1 fcfe38cb85abcbecb69880ee0f47ab2bb55d6654
SHA256 8294feb67a9ea2dccceb6f19a1a6f22d2e427e6ee38b3a459d2981f1f1d53ab9
SHA512 8d4b78e31d11cdc5324cd571e6451aa8fabb57ee08800e220cfbf31496c4e5e86009bcf63d0fffacf3c1f5b357624f666babf5086e687ef46605d38fc53349f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 60a3c8614f35ca54059921b2c9340696
SHA1 c0aeaf9a2a3987f82bb973383b05199af3f6a98d
SHA256 e5e61391a4c4b5f67cd29b625eba6200ee99880809ace12830ce175bad599b51
SHA512 cf12b7bb03a9f92c0cd8c9eb42f513cecfa9a1b45169fba083a12b58a4e58d048b0583f2768c5519b98aebb5e9c1282038035b64a06bdb827f22c8732b1f4e7f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 f86bf1b8afe2ca6d0f5974fb07b09f2f
SHA1 2703def8e2524b4fbd244f63ff39bf90f8e1d30c
SHA256 55b2a403c0b2dbe1c0b19c0684afb31d8130aeb74a66799f9f55aeb3cff8b6f5
SHA512 ac424435527a0e2025f15dab0e992884a2ca6ef019e7847082f67bfd2074374dc1a1a581f445e4ac86bb707c0f5755dfc83c45f0f076523b6e4c0599511b768f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 f281b9a19ea1e25b1727da09d658ea79
SHA1 536c052a6403ff846c57ef7d51afb66ee7c518b0
SHA256 7b1039d2dcf08e4ebd6f72dc44e752d05213f67a93e492951df512acbf1c6281
SHA512 4e9960d00da380505e6a82335644e68310e5c62561a9a2707d94f60f38e5b7ed8123c2daacd1a5310666b4108480483393320a3af485fcb3db33344f3cb78f1d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 356752e4d34e8aeb46ac7be104af2861
SHA1 27d39d5c48ac934d8ebe722a06a95bf1b315ad23
SHA256 dd581c40220f95b8d6c2ffbbe24fa7165110a9cf621d69c6a45dec363b3f7f96
SHA512 31c4a74b974ab749dc0c866bcc1c170a3b0c240d93093445c7bac476e715509fa667ef2c5665d86e800b74dcd30e4816a21d09f149705640735a8bca378bcc9e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 b96a9b5ee99816601efb81f766f7b404
SHA1 8ceafea2532a95ee112708516b25b922e841d79f
SHA256 4f4a3bfdb8458f83ea2e60c2179406d3cc68a8d27d15ae18ecbea1c2a558430f
SHA512 d3189088f37ca8fe3866d6c0e4403577c59f8fd41338193256bfae4247617fac77446df1aba345effddbffcb3041dbfa398e5727895f45485ea81f78508f4e83

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 2c96705493cdcc09352475afb27d694d
SHA1 d3068203b7f0f2c8d73c6ecd49d80e81adb46807
SHA256 b3e59fdcf0bc70de7a8ede680548a573a46aa6cbdc501abd02ddf78ae079743f
SHA512 59a46e667fbc4f31a55e6e9732bd67961d62eec85e481696b006145644c6eff7a039e0591ba035e6e922db3aceb26e6ee1a094f43d7a13c3621bf09dd9c8063a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 99d5b10ead67b8676aeb18d04b83b7b3
SHA1 1369d12aca4b5930808ca44cfa9de15064b37a28
SHA256 9a40097edcde0d5437bd71be52c29e9ba5b15ef98ba0b71e50d67e90ebe422da
SHA512 ddaaff20158eb36f35e93c2d619aac0eaaba821a1e0743809952270fa9737713fb6608c4a93291293a552e5cfc73ea1dae08bacfc0c1bb98430a6ef58dff77c5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 dd6c038d362cafc541344a42887b7ea3
SHA1 5fdfe6e2d899d4de17d27691df0b9a4685bebfc0
SHA256 c3b681408b112741c6643c417e6467dc04b0bdb0951d9cb64357af6af2712b61
SHA512 6a3d58b140f9424f9cdbd7bf441a8cac6a86d1c48c1f477e66537e4c278feff31ff8de13c6df393ac83a819f3bf62e035a7432e4cc8daa7ae950ebdfb5fbfdf6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 7f8fb5941c52ab9747e411713a8c1698
SHA1 3f4845a175514b2d40755bb584d6086f5028c6ab
SHA256 f590d604e5d59f2972f19a7bd54222a9399fa3228070303593b0e7895d382c1e
SHA512 a388464b96d75859105681b4cfdc6977d725342e1a881cbb0a0c14683c252ae6aee8ed03b3a9b5f45f2b6ebe01a5b841a782ea7ad17fc30c31e22cd9114fad2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 9370353dada470f7fa6f36e9725ee572
SHA1 8ee04b4b55a7c378b6b7299890aed3ad5d5fa920
SHA256 33b0840839146283865c27388e974272c14283bf9c71931a7dd62279ba31152d
SHA512 6735f6fc2f7443ab3525434d47bf2a6999cf5d42ec5831f2371940f7890b3a1f12b2e9f1337b4afc38299f24e7c7f6b2026811656c7be0fa686fa6e1fc19b7c6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 1b48e216bd07a4fcf24acb1bfb2b2057
SHA1 f8641334a544e7b06991a9b367bef14603151b60
SHA256 082c2e4b5454cf756730feba52395e56bb2d6564c24c566bd6d26aa31a191b37
SHA512 09e541cf9d4fe68a53fc5b441cd9cca021c33a9b83a272edf4c2c5ab5567b18ceb4510046025fe0ab931d054ac5cf8e22c799a67f8a9786c45dff935393fa513

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 73ed55b0d19c54b58bbe8e310ad2c7fb
SHA1 65a4e9231b4ca83476e4c5fb0c9ef5ffec51085e
SHA256 87384e4d425d9561e3fb5374abf166e845d056d86600cc4fb523e312dfcdb9cf
SHA512 8e518295f3a849b93a151d888b5c94f690729a6a7d8608f52d5e4e77a472a20187138e87ef60b271df47c9e638bd2b60e011d6748421971b508f26461a5cb403

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 9aebe9911697aeb84e31146417e6dc9c
SHA1 99b35bd77a3a25cf8b0ee3d27a007d4116549cc8
SHA256 f2dae57a56cdc823750c567417f3582580a135082219e20faf198cd117ab7d43
SHA512 d5ce610ac8226b313e448a109baeaf9cc3e6d529b40929fb62771033db913abfe7773d36b2abd8bd55edf0c1b058d40d319a33356ca0f0394b149fdf320b2552

memory/3320-3923-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 dda3a55fd3f10e52d6a4a9ce48cba603
SHA1 5a5052f78e88251ff989c79605bc95dc145a536e
SHA256 668533aeeb6b76e94b1250b2327c8df82d2129c01237b5ae091cd6025a3a9044
SHA512 ab6acee80b4623d1da9a8406a21ecc308e276558bd7623514f840e57c808504a07622d80c1c79d0dc859c28ba89eed731c909f60943dbbd02abb060c73be4d6e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9ffd079789ac1dae84477fda19555528
SHA1 471fb87ea3374a3c31cfd247d0ed8f833062e0df
SHA256 3d4c8dcc4330ffa2ae210bf8070b6ffb16dae652c132444b4b203533afabc807
SHA512 26fb5ee7be4e7a6bb5794f19326c453c01f4febb302eb223f8df058e6d7e764295e4e19ceb136224e1dcd19da00cd0e0fc939f4fcd5090a9fe5de3ef9ffe7947

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a658a5339bb9c60f63ffdd1c12464b16
SHA1 84ec9e28e9e9dc40a9371d46bc7049e36fecd1d6
SHA256 6cfbd6ec3ad8f07d74b2c8f240f35e58b07a78ed8cdbb367920a2e7210177c01
SHA512 e6f14d4c1ca18ba289352b7c64179b409974fc7573a96ddc2000c7905ebc3fe4adadb1140576656e6a332d0ffe0f8623e68da157764bf334966a5631bcc1cfa7

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2cc16175c8c8484784875d5cdf0f7750
SHA1 bda4017363a1df585fc0a7e8e3b6fb566ff2ed9d
SHA256 e888215f887f6487fc6903cf86fdf4b9b7389143be1d7a7e457b4e31ecb0ad86
SHA512 31d4883234c2b47e3f748c0f0f1f0575b45ff9cca41f0a2821cbd8b2f5e105b085c05eb855a038f7309069a7bfb82a532a2a2ea81f6960f9747b5587af3bd820

memory/3320-4298-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3320-4321-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 a4dcb8e305d0306712ff142aa8acf70e
SHA1 18db5bd8cd20ddf3730798b92421a20ec6193f02
SHA256 a076bd7ee66391a189dcce488e9cea5820f576fdc9a14ddf7261c9767333f0b3
SHA512 a043ad866979a5b0d24908970cc01879ec953e6b44b382803eeea9fbf57b4e040ea90ede3da31ef21dbbf3f4b49e875b271a1c088ec7aadfa640d5f097395505

memory/3320-4327-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3320-4328-0x0000000000400000-0x000000000040C000-memory.dmp