Malware Analysis Report

2025-01-18 20:39

Sample ID 241210-ckmpgavmcp
Target dc87211d948e14a32558129345536648_JaffaCakes118
SHA256 5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc
Tags
xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc

Threat Level: Known bad

The file dc87211d948e14a32558129345536648_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2180) files with added filename extension

Renames multiple (2214) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 02:08

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 02:08

Reported

2024-12-10 02:11

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe"

Signatures

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\catroot2\dberr.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\ZA-wp5.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-2.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-14.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\15x15dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square_dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Notes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\icon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\alertIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-18.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.1.7600.16385_none_f79af98021986eab\TableTextServiceSimplifiedQuanPin.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\401-5.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\btn-previous-static.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Remove.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\cpu.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ThirdPartyNotices.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\aspx_file.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_dot.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_59e6a839753b16d1\flyout.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_down.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-11.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\title_trans_notes.wmv C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile35.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rssLogo.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile15.bmp C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\drag.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\GB-wp3.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe,0" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HQPJXVFOZRYXUFB" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 30883770f0e1b85be83484db85ca75a8
SHA1 df45a077c6ab817b1a4935d8b33a574715ffb09e
SHA256 b88069b671b8cac359edc1afddc82204bb54836923420902a950b7b005d9574c
SHA512 fdf733776b21c61f3cf0c4928efbe5b011747a9c513e838484c608ff933d6de4765ba83d2794584122ce5e82e52f2717a6e55a656cc94d0b469c551f73427a94

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 b5099add7779fe12afc8bc9bab114d95
SHA1 f24bd5334a7d0d01e7781a854cee1af8efbe0133
SHA256 19a885e9079fdedce26ab87b8002deea7e486c5c4bfcab3572e1d3ebce8f6761
SHA512 399623012c67e897547670935510a7064a8cd49d09a3ccf9909e33c5755f1e6dde927ec3540c74ec8c32b2df26c4815d8c234f9f0d8e543237c04e73574442dc

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 2a649f033132c756889b76ea0fbfd051
SHA1 a80dde898deb46067e1e468172e9a3844a7fb5fe
SHA256 6f84f3d0751278699fb71b48562b55209264e946c9fafb337cbc399bbc120b4d
SHA512 324b1b0b10f39675646586f64035820543bb4e0527e1dbcb63f8b76fad4362954aa08da4d762c5a548a558469ed3396a669f24e18f131333e925f163d4f517e1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 d4f3bc8955f98a5b4a4aaf3f18e87749
SHA1 2c0146065922a0f85a839adff8beef61ccc11afb
SHA256 a16a23a6956606103188afe19cf39ddd9224ea5e7e39357da12684a4c1107e9c
SHA512 a17e053b1d70aa28461671de0acae8ecb34033044962374f2cca518dc06912583fc6587f5f391502c224aeda45a41ddf3be76997d7bc69cee84e94f71173f63f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c67a2b064330d239186c1c29fec60b5d
SHA1 b02cdc176121ea39830ebb7ace78ee964aae30ac
SHA256 3b1c327ab9b838971be4eb18274d8105dddb46907f1b6429c0c68c1e656e0846
SHA512 ce185dd3bc4b0d444185316e029a18ca80302341ec5a6da76178215ff90f80d01aca7a6b03b64911ce2762c9e74906181012f019e9c03fc5aba19329b48d9d1f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 957dd7aa0c4d65f41d96c5d9ad057a56
SHA1 10e29bc273f97af79647f6d9efce9a9b8c491fa2
SHA256 e3cf2685bc22bf78fd6cbc5ec8e72782b672209a5bb8c6cae1fdc67ab3ed144e
SHA512 9efdfa0d9169000cbc1821a36e0a8c8a3eb883dd5e3e1ee3bbbc59bd9ed5c9bf2c6ef334b2e23a0f48b950b2666e2b17af4e8d1a0aeca5bcb4b986a16006bff3

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 1c874de73b5b9e46085f53c9306be1cd
SHA1 9529ece25572881b8ad667f720e7b63bf41782bb
SHA256 9ce63b9ac3ea241626abc470dad9d65fabcdf42e41dae7db8c0836e35f053ec8
SHA512 b0ee2e21f4761ac6954d3c618ff781b4347fe113d0531ef4f1afaa5dc9e99b062fa9a1e1773f0c080c3d4461077c7363017d5ae5c40ef15525de90e71b6b1474

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 c40c2829e138b832847e3291ac61e3d8
SHA1 0ff26cb333a412fe0e09ba0af3f603e007ec452d
SHA256 263495c03f5da1ef8224ed1227c6b95dac3cc6a894b6d7066627d51dd5680bc0
SHA512 2489c47e9207b3d7ac15166b30a1fd42c594ca51ea349eb7d45317a82ab73771ab5aa9eea4cffbeb0b95adf965dfb6e91e5c32042278ae50662968d1c3ca9753

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 99d3458d5e54954a8f223d2c23e50264
SHA1 ac84210e0eb6821861a65c97d0426b12785b2520
SHA256 23fb885ad707127aabb1632aa795b89d2f0ab49d0323406749e4df50186171ac
SHA512 7d30a9ef124931d259f2a5c999b68fffde466568ea4f4bc47fedeea8f36a7da7c2ea05391cf31a608e1b84503e693208dfc3f6e3f2d3362e61a507401da42e2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 0b0bd26ef72700cb46d568fa1f472052
SHA1 64fe5824abcdeaf313ae1b1f3efc40e40018614d
SHA256 414dfb56ca1dcaa23cc184fa05819588e9547b84cd3f2893ea76184448c92b3a
SHA512 be028586487aea159684f74d4d208be56a668d837de73d13c0bab2a6cfa73542c72378398966d227f4e6710951813cedc46679d3b0fdfb4ed949be987b6144ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 3638fdf6ce1f2b8f7b597f6637e4a932
SHA1 84e00372895cf6e9a0bbb6d02df0320ab9234562
SHA256 2b0088411860eaf45c58d7553feeb1630adc5c02fa824f15cbcf8e32379fda20
SHA512 d6c410d037f73274b50051c53b19b30c3256936d9e2392e3fc6a8f8d0840cdea32dce710c3ae92b398e1d9f108632476d88921dbb7688b171adba9ceb6e36af5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 792d1b23a108c06e4b84330369a1e634
SHA1 212b72efadc2fa6b8133027e72a962c3de0fb38d
SHA256 ed85795a74f34ffea608856aa8ab3e95ee607903230d04802aba661de6d45bfb
SHA512 ddeaf933aa2da763036e116c49441965ba77dc8f1fab41a09bb5c14fb7eeac3c720dba66a8ff53f54b5c7865f6a82d05b84b341071f609a69b90b6d25a281348

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 e86ccef7213c76d3832e147645bb8835
SHA1 499ad084cd981f43dc8d0351ccdca8bb01bc12c6
SHA256 17b58efac1c8cb646bf8557a1a6f1f8da08296e078effc1d9112c8fd66597323
SHA512 41db7737ed4c7ac0cda4b7f8fdb2c171a07496c8a3dd06e931ff2fa03cc39e133ccb39b1bb629212f577fa08b82bfcafa0408db327d29354145737abdd0e7d5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 83cee398b6addcbedcf0e45ee834c627
SHA1 6924556d0080a12aabf9a3184e8632993576c712
SHA256 760b1ed2bb85901fa8fbc6113bc00587a46aaa8483373cb98d8014001966ba30
SHA512 5844ad6a81e46c82cbcd0aaa5e5e65f8f259f300fbeab5eedf5ad70769329d00b3cbb31aeb69db2019b9075cc1c999bd3dd1739f6e0491d2f048b55db1ff0417

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 f91325cc6f472409ae248c1f16be5bc6
SHA1 87841513352187af946f9982668d9777c374f46d
SHA256 44cdcf9bb1b9a35ff7e0fe558092f7b3ea60925df04b2d9c0cd530791e02d68b
SHA512 3fdff712f535b3295749cdb18c5e49e81f9482a25a23e34181adf70925f0c634be1e1a33a58bbcdc0f1838035c28e73f5bd0655a0d8ffbea21321e2fd42d6ac5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 009164701db44687975306023acfb899
SHA1 f56fd4eb827520d29774da883d5b7e6c65a01eed
SHA256 91316edbbd97c00f7a717ff2d3e3466af0d9f031dfa220ee317d0cb0b5bcb42b
SHA512 1ea82c301b5a643b170c3e92b0319a5bac8a884de7665235a9ce7df56f7d810bdf469111554854eda1462951b1ed7d9a609af5742a3bac0526bc26f254b0ac53

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 b75207b8e5fc595b50335ee4313b842f
SHA1 e03cf01c00829df3f4534c6143079a459cbbd9c4
SHA256 09662dc685d87dae190b3bd3f87af6dca0b4d2be45cd1dce2b5f992137380f7c
SHA512 3b2419a99f17b0e6ffb41f1c8fbf38b7573c562632f77cba9fd8d07e3f83e0b253526b7ae0315fab8df0aae50f6b0cdf926bb55eba1685637c9dc371de57b5a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 083a9ba5033fcde80e0c4f5119045b76
SHA1 4769d063a0274200c556b7b9211d967297190d90
SHA256 541d3b5e2b7eb450b34ac601f02f6a78bd6ea6d7a3c9ba5d347616efe46b9cf8
SHA512 108a15df2c87ae8d08fda6c6f5ff0512b1fc5847432a126117569a8d2cb36c716cca8365a8b41e7a4d3faf9f95185c3a201023a7a1f3f9a644ed64e23bab89d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 1303a26b87e8dfe63804db81dc3108c9
SHA1 3f8bd30f813910d27af92cc636c7282861c0a502
SHA256 6816f273cb9571058c9f6694f98b240a76a4c39a855e17427f56dc7dbb98ba55
SHA512 91187d74a31a42e08a5d89ab0eb36ffe34a21e8269828710d77a26c7e8298cfcd47082baed69232a0f957bcc833d2790cc961d005caf7b1c5876943fcd2f12d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 dac2c174cd7d7fa17b7cd08833487a3e
SHA1 a77b90900990b9e25bbfb4f29cd2b16eb48c8e25
SHA256 8660a207d6e429a1c2623167c49377a36d4d6fe3b748aa6e246a5269256b1dfc
SHA512 7b747d4087f0698e18e828da627506db0ce478c0e447821ae333b959728cd951bf1083609574f97aadfe8424a3c9502d58cf5aab5b6070fc9cb9b9073120c500

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 877afa9482d2cec89726c363532ee354
SHA1 438b51fa1ae12ea0f28ccfa5b2748fd17b3397ee
SHA256 aaaa891d666ce2ac386f5a27f997510013e763168a0e5b7a20407d00b6af4411
SHA512 af82abf7a73bba8c11b168e1e01ba686bfd0c07b070600219476a4be14167a3958507eee3718473bf790fff94ceca45d9426078b63dd7a83ea1ca481326f0837

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 628e0af18becc28041254493ba8c093a
SHA1 b50668ffdb1538cc4262b2464172657a447334e2
SHA256 b93e3158975fc8dbd5d357544a52224f3847de39f30c04fbb51f0303114b16b3
SHA512 a82625846f3e705d2902a5f70133125bc0f8d9d5ecb137f436a8608e5b9a23634f926229b62b8a221f99b71a9e532efdd9d92c26adc4dafa8a5923975c13da95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 586dfe6a3bc131e0c1aa95e4bf3bba98
SHA1 28b7bd0d3fdc312d74232f144dcdb9e5dbb7e303
SHA256 79ac17de8694370e0347dfc33cce7036f7439e45097303f73fa73c4e9289505b
SHA512 2577ffe08e43177ae17c009071580c06850e3dce9a943f8aa4863d65be94d85bb271291a828da3425c95885f3117a6026c6e5b961ac00e77a1d84517821d74ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 becdae4619cc87c2be0f514a9bf51f13
SHA1 06ddeb9fb8c4adf81cfe5bc76638d391705397e1
SHA256 3b149df0e00478419967dd8d6d1cc49cb2c553f4f1c337cccb9420210ca52935
SHA512 3e5e6cf6bd2f8df50933d4a4bd186343a5cb83cbce7c2f45dd39d144ace8417f2bb70c3fbdb4f4e15403397ce321c1dc2d638a113585d69ef282f47f5c9f6679

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 329bdb28f5babdc87e82bdefa8871269
SHA1 40ac56086312041dc6e88335c328b2cbb7b1b02e
SHA256 37ff1c08157cdddf508d30b95b8d327b1c706ffa7234f3b059fe71420df93271
SHA512 992751c2aa0dcf17ba45669e3bf57f609a6c738615e2dce1b4bf86dfe5575dd124a8a3f922b78851450b1092c60a7fa0b72049f715bb5b60000bf527c5eb859a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1c9a2fd5e4e83ff317d15c7aa9049c11
SHA1 71fcd343243f168475ab3b78ac4231c35977bf3d
SHA256 a20a22ee6c3bf227cb61cd40495a012d359ad04a98d8bf87a2f12d09690b2535
SHA512 eff3fee95cd29c9f16fcdc059aca818bca568215a7b8dc413e896fb257f366d98ded7dc3483857b79495c74168db142b870caccf47d7797a930dd5b37dcf50cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e68255ba7bb2b2b50cfe54437d2429cd
SHA1 cdb562d42163f0428c44087350be75c21bb3a9e2
SHA256 caac13466375de889d0595697c7a1cbae9f3b3e25aea24f1d734fb458f0a1a80
SHA512 94873cc21ce9b6a966a868cb06279e46a81a04f7ee95dd51eb4719412ebef5ca2873cb53280aa5829324d77c6e5dff2e820de0faf735968961a036bb2680d6cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c90437efaccb8c0e113e5a7f5ee39b1a
SHA1 ecf76e71ea45e7a28db09eaed0d25915167c7b6b
SHA256 865de92b36f8cf299160e53d039e608532d2559a3fa32234844cb9fe19eaa715
SHA512 c20e0a92683937f1d367f4ae24c98195a0408bd750cd941b83033693ba39f17cbfc9fa85ad5c724e809abdc7a49c295881b661581640bd32b7b5a3efacb70de0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 ce8012be9f599aa9e6afa32bb31dbf98
SHA1 0ef8ee28091a579f6d6374e7cf77102c7d1e3d6d
SHA256 a9d1cff8ec385993dc4e405ea8736edf4cf7912ff253e5b5a564b27ffa463f9c
SHA512 f9b3dab3a067d79cfe0d7bb574ddff84db9cedf9bd399351d25d03fd97461865b7875762a3f4bebe42d4842510f684bfa957c54591625e98f0bfbb4db32b6cf0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 4c4daf33098daae87104a5a6ef1ad4fd
SHA1 11fc9fb29143ee8185944bdd880dc788e643bd16
SHA256 a0d7d195eada09a66069697f1bebe91f350605dfa511032781e02041a7bf21cd
SHA512 9075aca6750de9b6b7953942c4d42821721a7190f854373eacb4b25d724be5dbee4c549a3012a7c4488b465502db1e5908fe768c783dbfcdddc63d87ae1b7549

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 a367123e7a54336d12fda6f97fcc426c
SHA1 2c07af7329fe43e20d4f59b9b8ef30dac9cf29d5
SHA256 54b7d8dd8f77d384b1cc419ed6d6c7aad2fb49aaf7d4c937b2fa27d30bdec6ea
SHA512 5625a3af9205b4613e1ce250b632c90a2eff3f7897fc0bda64fc34296002ba1b11fceb324eaebac7801cc0429ea4b6598898d99f87b497d59d1560a4cc13449d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 6fe903641654eb4fa8942f4c6dcc8662
SHA1 cdf40aca4a558b3bb7667d79285824f8ce27ecae
SHA256 24109a83bf8edac00131b8f9743a1d4bba6f6bd133c276db38a5fecd2283ef1d
SHA512 ae01f66570d9bda8e69e59b6aba5de1a74937996fb87374972187034773096627e0e00166205f3f8e56569e303ec09b2c1d91d0002d005c76d20d648b947ba30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 d1fd10cc108572031721f2b9f67475b7
SHA1 b350e41f26b6c5c4f478911ddafc9a0048b6cfa7
SHA256 48e4e0ddffbb98a2ec5dece563a5de1a274274d8fd0ac40022c4bf6586786448
SHA512 5332e2d47c3adda604f69ad5d5dcc218f21c1a9aab4f5a5921eaaabece9539d526f47f30a2fab2758a7420146cf62b4f0ef1f2ea7bf82319449a1026e64c4746

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 abd0ba76307c997864182d3128c0d797
SHA1 893f6e8589f991af2592c90d51b328f8264d334b
SHA256 52d91550055ac9e54d892c464fa496da645d27cecaff9b71509ee510950c5372
SHA512 68f14931a53fa9637eb1df0352a700abb4cbf4e5e842455f3855aef86ef5299f0d4ee0aff1d333651ef69afbe3851271417be8fa6cb23a0c56f627b916cc0894

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 e729817f61fad26e4f10f875dc803828
SHA1 4f3437f34273382a0c3d53a564320e17ec40e539
SHA256 84ed7306ab11e16da8e59318ba38298fa93d444c185e809dab3c585770e18a76
SHA512 5bcc55f5206c33ccc18b13aa234e2d1f9ba8a32b2b88c269592b695b2c0db6ae597d1d42207f9907c599d07c1bab83980aa4e4dfca7108f1618ee9d203dd3751

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 2332c2a67ca1eb35d3cc617a4a6a8d17
SHA1 e3997f774a25a92d77414081123673693a3980db
SHA256 be701f0bc7fde031e30bccb9968b83d6c2a8fad6a1a82d15eb437fc1a17f50cd
SHA512 fdede10bef4cbdc51af4275b279277daec308b152f4d3252e9fe0e283c38ef76eb50d5621f1b918e364dd45dfe3121bf126d1228dcc6c9ac0b65190cae174822

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 3d0f99bd55a5fe74513f313bb4fbaed3
SHA1 9c49aae84a7ae1cb6b17735c7a3b56d1f76ee632
SHA256 d99b31b43da79b37a5c6d70887386be23044b21c22d168a6c5a9d0c55a5f37da
SHA512 63ac4962debc593926e2196f92253f58b4f11c0bd57c33f074c19e3be680e51c867b51b4cd3ebf18ee09d9895fc2fc9ee69b1f08c5bd5fa9d04797fe9ff75018

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 9910f615af9f960c87e31b821414d986
SHA1 3682880dfbfb83f1ca74b0f8576bf379ca465c3e
SHA256 61bcc24a185747912ba365a5c88f56359509bbaf897e5a4f45cf190bd758b4bf
SHA512 ee8ab632ecdbd06e880d839feddf6cfdb543f5d397a7f3e09180dab5889ed284d8bf7208ece68564912465a3455d846c81ac7953823c41d1157b4e9e9f4fd4e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 c21eaf3f7dca805bd9f8b52ab0b7395d
SHA1 21b69286c45199574222e7fc57b9be80e5b9f4bb
SHA256 ccca0d32a1f55eaa6b3ea37f9a191254be19609f0a6faf50b39564b660d3424c
SHA512 96a00f36e7d07c8ebbab1ab1fe73c53a44386527c447f8723861ef87afa26494d9706b2e6f753127205d1a313ce1f029aef61bcedcb36ea1dc1c5ab2745816d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 d29181af55a0c87ad059966f430bc8af
SHA1 e5f65dcbc97884e4012a5e41a5a8d25053e6fdec
SHA256 3f7026a538aafad2aba7c000bb040cc793dd80adc0b3a1b6688ab6f4c4b1d5f0
SHA512 996d53a0bea334bfcc3150ed8d33a9447c3e566dd01bf67693b4a2f6a631289d47f4b80e27c2fe6bfec63f9403d515b6a188a04e6c8b7ada015b10be957a1b3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 2fb52a1757146ceeff0bf0c8e53bb56d
SHA1 d5212949ececba3fb4879b6bb938df20da9331dc
SHA256 b049927fe9f78b71f8918898662f2d8ad9e26cdcfe4dfd97ffe98e7e8c97e352
SHA512 b1172c34d167217c366151adf0acd8d8912d3e59b8875c9bc38f06652a08f9a157e28591e510679597a00b0d2a7459fd3c370e489986406969744021d71dd09c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 afc1cc53b2254abac77f8e9adada5fab
SHA1 6ba047b1763114fa601c2e8cc9ce7b8a40f127ef
SHA256 9f549c804a4098cf0936fa09868b8bbe1de31c573deeb3d29fc2b738c4220941
SHA512 083b750e2cc36c3ee00a1780338722efd6bdf32e346935b950430ea7f976b5bce07e6cd0050dc5cb2bbe4fa2b32c68cee0b665be8de5113dfcc84be30932b3a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 2929f996fcce892a04b2a0cd33442874
SHA1 354ba64975ffd5d72a907fe067870c4051c907eb
SHA256 d3399c7a3ab58d509324c050044af75926d1ce979b877cd511ba842b58f338cd
SHA512 07562b43e0f2b0c52f41f42277a1f9a02a5144f114e40afa2d73ec54fb19d9b371a1aedb5b22d85f97a1e01a2134d0378b7d14d1c74f6b0878b310154370bdbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9c30cae2d4a77c0d5cdfc0734c0efddf
SHA1 7cf35df3628e40a9ad8ff257730b3f0df2cc67bb
SHA256 bf7907f791709805bc5fcfdd86838400b0d0e7fd4566dbbfb6a90b6046d112f8
SHA512 d047ea1bbdc192a053d96b6a849b74b1c7e2661c38455522a60cc1e8bde99c7faaf5b20028bb22d47f930258f2d1c63c2cc6b1306e15a573777b573214a6983f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 63395ce3b47f209af3ce0ceb844f2499
SHA1 fa1180cefdae9944a5515a88bc77186845ac18de
SHA256 a77798f5ac17e6cc45be94024c7d8f5618dd6368fc81506448f0b9a35c1b393c
SHA512 883dab68e1643d82941e82c35c4c0e3cf4a42829ddfff7576909c537e11f733030156636ce882735ef43c80c171286d0b67f3c219efbe2a454c988f6a2d4d945

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c9a94450175b5c0e59ea971c3550d21d
SHA1 613043e12a2ae2a09c1986efec8fd157c5210fcd
SHA256 22489e82fddd0029070a861f0b80e6a0864711c11065ec81ea9611c3e7d5928a
SHA512 8b47d2aac2e6c98d19a39c12f17b8278f992367bd03e217eac99903d49d57e1a389520911a1c4ad6edc69e67fbb229d0cabe484345925acc5e5d1e80bc2e6d4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 724401e0c0cd55efefaabf913ed566c3
SHA1 b325ad7000fc0e11de7c0864857f7fd9dc40dfe6
SHA256 995fd36326a0212b448b238a7953934a1cd9c4ce95939b372ecd0ca37233bce3
SHA512 6b08967837a994b781ac372c4429aa9fa72e486db3c6bcbdea37f555433c3860527b8e52dd68edf381319fee597fa7a8d8df0ee5a1c71fc49b21859642e4b65f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 046102f91ea08a1f9635bd0adc54d41c
SHA1 8db2fb4510af33c188fe686f77c90554e7223d26
SHA256 ec7f50f2c853b3ee72d76f8938d84bf756fe8b6a5b48034b711edd89f483c1e1
SHA512 a02185442cace3f1aa09c425c2b62b76a57b59f6e931562910169a1eebf874205a25e5a1f64a0881e9fce6bbcebc4c2964cedddbcfbbeaae52e95185cc720b80

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 41f77cc8e2234782ff8c0c282a8936de
SHA1 7f7797587f8c76c88f0cbec8c81c4df4a42fad05
SHA256 b1a15c24d1984365d85188e5cd9c9e909f3432d916c374d1abebae0d1e1e9e8e
SHA512 3c7f65eacc7f988d3c803f02f6644c1769c97c66acf4748ce7ca3552dfb5119f955d60adf0d972d09606e0261589348c1c4541618571cf5be35c8a4984676ade

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 fc7b0bf14529e3566e9b9f68194453c8
SHA1 1bfdcdef35d3c06c8a4745e0b449d3fd4a407b35
SHA256 51c4c07667e8934d4ef4739c6fb9b11b5d991d97a17ce49735c67c33fd97b8ff
SHA512 8f33657405e02922821257be4b1ea6bc6e21462086cda90f8dc3376dcb514987276f128e420623604dd29a884c4df88ab630bcd9277e04211e941694289fe828

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 21a90be58ef1a439ba9cad1eb15804ae
SHA1 f6ca641100503c97a25a3a9b52a8617fb064524c
SHA256 6c55babe06fdbf2e6bf655bac0a268f14e92ac2798d4627c3a5d29b58356c40f
SHA512 fe21909fa2436e1a68cf3d42761de0553b756f74280f743ff60b3a859212ae5d70f5f4f6e71c762ffd1586204fe89c16675842e6f359d19a80db6edb92618982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 75edbb553b45ca74c82245c5a29a008f
SHA1 f463fd58c5b1ac936c7d310de9f91602d6b1f513
SHA256 a50721bf171568cddfcf7cfd7416715dafcd093b2b269eb105bf4985f00e9a8d
SHA512 c34af6cb7f760b9dbdd837e191f8dd0372168a3f8af106b283d8d02bad3294b814f310bcce9ee45ba75c3756f2471fbb117d17f09e7cbc1e13c07b10139deb51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 85c58f00eea44cb69064d4e34f35c3ef
SHA1 c191b465634a7d262863e15350680612a39c8f31
SHA256 eb5d3ac02c16190079ccd2532e669b90e58addb1d007d8214a9a7d636f551c72
SHA512 7caa2b71ca5a44ee6da711f9c5d5cec3d13ec661d0e97d9a9776caa78911251ff25e925382615ca6718a503800e1706989de890ea7ac4adad19a41bcef96604b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 f42a61a52b32fbc92ef345fb89108d89
SHA1 0f8965dd333f3c7c6d847c41980a3cbd586da811
SHA256 918717992d4368de9882ddfc5d5fbca64399d981698e30d6b64b6ef882e6ab99
SHA512 ffa44cc117dbb0d5165368f360147c2c716731a58653aa8976de929860f6015dbe5e1e70b3b21adfdf5f0303b87a2cef639d681cf48bb3d03b34070a08b18a8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 1029617ebb259596f8723669cc213004
SHA1 ee0382533b1bc99fa8e5074a30fb3fd1d2e3d4b8
SHA256 830e597348ecc0fcb476474a74cb81cb34c69c1c5bcc72d6a459e030ee14908d
SHA512 491b48b6636075335a9e6a8b238c7fe8d2efac2f494b302a9b388ffe3e01e697a6752727f39614f9d900da597a79a799b0c9cdfb525a2b0eb2ffaabc9f4bafde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 d287b2c61124cb16effb2fa0ac032c4b
SHA1 f7744d0183afd154b5ac59a63191677022cac0c7
SHA256 6d3d9204153c184f98c31274eb402dde049e86d856abe7e8ea2e880e316b55ed
SHA512 ff3070a191bf623d504671797bbf3442ed8c46a7da98f8d9a9c55e76d8da2accf52bcc68bdeead24994e2eafbacc0595c5ffb63da7dcf7156130f862bd05320d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 54d2975ddb7b94f80bc47ea93d5aaab3
SHA1 13d6c9dd5839a2483359cb596133df32eb9d14ad
SHA256 b2abe06e0c111de6b551c78b791689e32ddf8467e5c939d2bcce413f956481de
SHA512 9e72571ce8a26774d5478a11557c05926d205cfe62fdc2b2256bee9c2fe471cf19c8b2a3621dcfabf38a1ae7ed5faa04efab25258c27218c892644e8f0bac68c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 607c813c0e101e34de5c38d72f496324
SHA1 7b5de1998c7ebc65247903a61b811c516488113d
SHA256 5193895d90f9f7e554a8d7e76cf19731cf3b70174a2ea814c28f81b65b4b3cbd
SHA512 e1ab1baa98cd84ec4b598ce922ac1a3809bda9952b75068fa556715d4d5a9be104eaf673f0e6c02c1b1096931162d96460eac5b9b76105e2ae7f097e67fcee52

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 57862a0c27436a6abc80bccaac1f0eb8
SHA1 9781d9c9c8484343dd8feb6f660b40aa6affd2e8
SHA256 c4afff5c5f6c63a994347a63681a66902567ae90f4b953819a59c539b233a367
SHA512 e8c95b506985edddc114f68565c597244800005ae48d28569029f3702ec1f51f73fe7e968cda83e61884f32dcae5658a5db15ea0998ab7a8401815c2b337f21d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 d2455b19177445e32d7004db6d1c7fb3
SHA1 35f12de8e472ecffd26f322784ec29e46d6285ef
SHA256 9b1cda50d3e20202fa17e8fd7909fe0babde9a4cb385e91a1a9c04444e84a65b
SHA512 977d57c17894da18930efd65a85446e0b264582a7bab5b48bf7a0f348a7fc3a8074ba03394ba47492aacf67895e48a859980962109fdbb7d2cedc88c99d62736

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 c10cad5658d31ff22117e8f2814dcf2f
SHA1 3054802fee846ae76d0ede68f88c3238bd6f5028
SHA256 893833e2a33e5d3f8937304023db950f926dc0837aca22b9bfa96a8db3d9dd44
SHA512 44b2bf83efc1eb5aea0a3e08598304a319d02960c173915329cec44a1d0c9c5546efc129e19fd84d924505285f0d38700d7416cf1f9fb1e44d49f331ab961d48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 e27f230a11dc803e61e14ed5d2b8776a
SHA1 76db247c9beccc9597b227e741daa37b142a654f
SHA256 3e03ef8291ab3e6b68be741f73d67648350190d6889e88f3ff217830a8563ac8
SHA512 43092c670912a4b4420a70be33568bb6df2ea54d339c6885d45c886c5603cbea4286ff21afa607485bd2eea26ebf960c9fd863e07b1268011db061b4452f9dcc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 df2803e5d0eb3e0c41d093b614d1f953
SHA1 eb78241e62ce8a6df83d28b6de408c57ce90e0be
SHA256 a0865a1bdb4a239cec9467977bd27c256a2ee12d0e7ce77024fa92837807be4e
SHA512 5a8e94d9f6e80550a0d5ab64e29466f59bd0e5229fb475b3523f37b61599115a26327136f48935b7d82faf50312c38aec67c8e2cbd5c92a574e1c1f3fac9f267

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5f640453f1dda1b9f55af2bc271d71d1
SHA1 b1fa7f5618773e84e0369df15a36a5107c06fc96
SHA256 53fd433eb267cb06487112eb53b465a92e9e5610e90b04c1db76f45f6df88738
SHA512 0bcad3ce2604f2f6f6fdca8798c635b20a0dd1af4318480588fbf7e7dbae2e401b2709eca690cbd863321903a12290b29a3658cbc6665226eae618f5290f6ab5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 e16e86e90bb634c1653ddaf39192ab17
SHA1 298d4cefd87d691d441ef19d12443d60075d8ffd
SHA256 6b9ec44c9e29808d8a24b80da6edd481622b4032814a0cfd4a4e378ac16f4015
SHA512 d9e8487fad8223f9b80af48b86a053742a201e9a5d72302934eb900b7772136575780baf2f1cb0d451f552cf9b180bf2b9f5d6e1b3fe8a189aa5f130a9bb2a76

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 006b3ee77fe3444b0b122773a7aa9cab
SHA1 d20888ede89314151fda19cec58455d92889cce0
SHA256 35de815cffb44a4a0e5156f138b0097d1d16eceb6baeed338e5ad8b5c9efd165
SHA512 9e6eeb2f8452d070610b6ad44ffe09cd30febc635ef9befd228b7207f8fd822051f9c19736ae436c51b26a9153c988a5541edd20a246853aefd015cbd8df42fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 bae356a53dd616e2305f3d35bf86da74
SHA1 3391a0b8a405695822a9637325bd6d91a2139606
SHA256 6d3d34c95db7b104db9171432e8df2c22220bee7a6d690e5a8a434080bab1505
SHA512 76d4cf2680db091a7633ef9c8889739162ab0635b0cd7756afbb4cff0e64b4e6877514b4703d4a8a53daa590aa410974a56c152e25614f29650c31bda589925f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1585c34aa27122899f042a6939ab639b
SHA1 9dc13348d55dcef9855cb06734cf0282ee7c5812
SHA256 3d82493b651199b8895d4861b2a591b55d6408b52723a157a4162cfb10b9fbf7
SHA512 bc87fb0d88cba610b924bb056d20e4c5edcdec6b242750ead7855b5afd0b3350e77d5e66750707bd7201d5b30304ddba1cd486acdef95c016cd8d7f712bbc308

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a8b3ce8a4b80c309f179e28d49c7220b
SHA1 ebeaa9aa064dcece8474813f0b5e832cb0832d83
SHA256 ca98da6f83b744fd59829d25b9f852a9f789a76cc1c1af212ae9609539546c09
SHA512 72bf307afa99e846810b80b57b4585314e24411874a7f86875b8a0c97be0768b1734723c4cc8c19bfc0b39a5ce007117c9d5e9412400ea2785df680ff14693ae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 46ed512cb90f7a90ad6aaa3c51ce9309
SHA1 4ff88cacfff33df528345689e69744ed9dd43579
SHA256 d08764eba562570ab9591b8d80a5fc14a946e3743eb4cf85b26643ebb41c52b6
SHA512 0c4a0f3b8eb12f58f3fa74ac5fcd03bcc08e43b9fc14e9ba5fd071fcd004b79ec8e373d923e65b6f4d302f9f69b8607fb0dc00b2532f3f892e6483ad907cd881

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0b63e598a460707ca49ae49666e7ab81
SHA1 064303db4488dc7e5191bc7fead2ff6b996fc4b5
SHA256 860ca6292187c1b08be29b1b6ca976b4ec22ab49f60dfeef4b6e493d4bed716c
SHA512 3fa5eefd4410fc91cd8e96c0711bf51f3c9361917344f8d6226dd48ca77653c1ef1f07d3675d0f25a7f56ca0af17cf3b7791483d2035c21269bddd7fe356dc62

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 d8ec9a3ffa43f24cd9130434d16f4211
SHA1 442e38779590235da0eef7e7feacd0fa2c575e88
SHA256 e631ffe072efa27d130762914aa82e47e9202991c82dbbc95e4a763e9352c5bf
SHA512 854d269e4d57a4204f7055361e98e576584e3e79bef3d315955b97c0214858410dba882102025ec41d51fad8566563ed740b1a2fdc568ab079da247ce44b19ca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 26c733452e86360378e1c23a44ffeb9e
SHA1 706ac4f12586a5b8f03ab769ec578118cf1e1584
SHA256 0d4148a345635dc5f2dac33a6afc87900bea603730ed4b7b2f1779fba3196a2b
SHA512 af6f1eb5a802533047ce0073e2ad278b4f019ec08311da208f4df9f0c82222a17c89e37d35441562ebe5b9170a3681dbed9a5a7f104606466bf9d14411e83e82

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5e06e867120e297439ebd00499ba414f
SHA1 166615c610d75bd602e8cb96f26bdd27223aa73b
SHA256 5b4eb189d2ef00e774438d6f5e5af8568bd6a951069e8b288c993ea9444324ef
SHA512 2173c89fc6ac7716d8932102d24bdafe186796eab51a2b946498641bfe21d86320d86ade8088476ee948bc06ef79ee7b48a2fcaea1dac7bc787d8a6a55e8de6f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 27c96ecd196a152f9a1bf2fed186ff2c
SHA1 ea545044bbfc7c8f8eeba9dd520d07a8fb1bda47
SHA256 23a9917cb8100bd4fe32beec29651205db8ef47857eabdff06652027f24ea25e
SHA512 9cb41725080df0bf470940d66ef804c8387c3324322512bff4fe6c7c1fc1374c8710d29a99e1fd243e403746fe1a7c7c41f97071aabc6824873d2c245037c521

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 61fbb673e97a2ce3626ab12c77064ea8
SHA1 72b53951d51b59f41e79a958c66d7d5d9f98fc02
SHA256 5873383f47bb38b137ee9f49992f9ed36dc800b29b031486e39f24285c8337a2
SHA512 eb2f0acc956982054c8de8feb7d94c3a5facea1f65c3ae78a839e9007d43afe340d91340de48b7c745f50215744a28df1bfbab81ec9242becd8ddee561ed7d60

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d0830efeffb74e5531ab7766909315df
SHA1 a66779a791710915bf4e78687d197c67bed558f2
SHA256 6adf1b4827a82f016565138c49a0c6aa801c052a78f91fcf729a5fcfa1e24684
SHA512 f52a475d4eb2e722c3708bed45d2ebdd665d133b856e004bb0bacf4738d949071a0127d4fd80bb4d395b4ea8a486b3bfcd298983aba8882aa5a6f9ac68dd7000

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 7bfdb742aa3c63e82f0b43d408c71c2e
SHA1 549909dcf81624caa77285cda7c03aa7869a50a6
SHA256 c7dfc32d059f12482e2f262a9e9e8eea420224ac0c3ec50c29189e7b59922893
SHA512 90f6890b967eb05da3f62129a1830511a90e5fd310cc8fd3030b069c8ce411325d970e3332d3a951baa5ca93a667acb5e2c98875d998e6ab724f01ba3143de13

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f9a8900f6f13f8f875a10c913ea85eee
SHA1 5b5191f404b16472b994caa87a39e2d690c2ef12
SHA256 0be0649b16a000140a1cb3ac82e24dd4114106decbe711e57e4934ff72a6323d
SHA512 79a306d69176847f274649534f887df9810cd98500df4999ec9937d9261923fd7168cb0b40e064a0677f1817efdca5a44be7ee149ea555b37b27c549a61a6642

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 7e4eb644f9e5d9667781c6971b6506d9
SHA1 b32f27cde88f4eac57c2d01384e0998dc28caf94
SHA256 bf607f18b22aba724303df5d1edb58692adf0d4d784224303681c3890a24d066
SHA512 e55e26bd4fdd68e3ddadfc661f58b44dba4d0debefc59d9b082a6e4012b46d3a338b0741ca1be877ffdb7b09c8f171b079d46aa6444d5c5e253957748ac0b5f5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3658770f0aafc68aeb15a0e257137ac3
SHA1 2acf8041297a364dedd81661912b91152d5dc2d3
SHA256 1601fd892f6820e012e08ee0283b7d9e1aa6db8dc7692f9e3a3a0e6ac24a018e
SHA512 6667ea885e56751136c1e8104b59d4fc17293f25f240a43e01cb156692fed8c03820a7c3512d519a0fc1ab93d0609f52065f11d843ffbca4fbfedd0abe0d406c

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 02:08

Reported

2024-12-10 02:10

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe"

Signatures

Renames multiple (2180) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\core_icons.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-150.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-20.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\LogoCanary.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200_contrast-high.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_add_tool.mp4 C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d6.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ShareLogo_15px.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Eye.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\shutter_button.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-250.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBarNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOn.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars46.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\previewTabIcon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\pdferrorneedcredentials.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.19041.1_none_8554f027e5186b5e\services.lnk C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\gradient_onBlue.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\DefaultSystemNotification.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsCloudIcon.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\navcancl.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\BadgeLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Light_Scale-140.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\critical.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\404-7.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square310x310Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\LocationIcon.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\wide310x150logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-150.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.1_none_ab0246b6c25f7d5c\logo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\unifiedEnrollment\views\unifiedEnrollmentOnPremAuth.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\phone.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Wide310x150Logo.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Ignore.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Proximity Connection.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\UKRAINE.TXT C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.19041.1_none_d1ffdc3927836528\MultiPoint Manager.lnk C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo150x150.scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\WideLogo310x150.scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TileSmall.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\checkmark.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\LocationIcon.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeeula-main.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\tokenManagerErrorHandler.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\UpdateRestore.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\405.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\tokenManagerErrorHandler.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headerminimize.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\defaultbrowser.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\breakWorker.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TileSmall.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\scriptfileicon.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\HCBlack_Search_TraySearchBox_Glyph_100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeprovisioningstatus-main.html C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SplashScreen.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Light_Scale-100.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_3b03b28c788655c6\splashscreen.contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\requiredBang.gif C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Ring08.wav C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\Square150x150Logo.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-13.htm C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\status_heap_increase.png C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HQPJXVFOZRYXUFB" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe,0" C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 30883770f0e1b85be83484db85ca75a8
SHA1 df45a077c6ab817b1a4935d8b33a574715ffb09e
SHA256 b88069b671b8cac359edc1afddc82204bb54836923420902a950b7b005d9574c
SHA512 fdf733776b21c61f3cf0c4928efbe5b011747a9c513e838484c608ff933d6de4765ba83d2794584122ce5e82e52f2717a6e55a656cc94d0b469c551f73427a94

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 7d81df0b5a0cc26611180ff024b6d63a
SHA1 96f07b6dcbcacf3be15292f28630a2882b0013a9
SHA256 0c8d072e4bfc3e7a274dfa7063ff62899d304c2a60bb060937f3174bfb266ee4
SHA512 1338dc5fce1185fa5b3af7e81d06fa41896ae9277a8bf8fbce5267eeafc71255bcb4d8342cc486d231527e1c85b832c59b7ee6173b53dc6c54b29583f65ee1e5

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 b3b66d0ce4b3b3404b1425990b06654e
SHA1 b3281b438144303f23ed9a5bea2b20a6d35f4012
SHA256 d6a1547daec3698d5db5ef23c6327c7e29f22ed31d4705c02833f54448bf98f2
SHA512 5fc733cc1f14002348a13686edbb7de0b24c786c160d6173d91ed4e5a8d688f0237c970d558666b955b8bf3e26a11f989d0f5762b7b383beef42846a0d25a95e

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 61e15aa864300507e0b0a832d8e28504
SHA1 930697406d3c53e3ad10d5ed059a0f5a42e01231
SHA256 b5d0a7fc5f8b06abc04a5843be206eb2224738e11a075388f5a8d2e4a2cbffe8
SHA512 2daf38e66452d18d6420febe843dc7b776dcf3c8a711cca500e2bbe0c07f1fc03c1d9d079725a990e26a8595cfc0f6701a66b7ee32483c13633f89ecd3c03e7a

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b6e177d6c26d67d4b9ad529db2747a7c
SHA1 11af47711ab2b89d760e3ca5e4185c08a744a478
SHA256 b64e0b23f45acd4372f281b98fbd5c9631ff48f26d102bdc15f6d0d680188a5c
SHA512 13a6808f57919ba1bb82a38f1e2a28f1658a9b07ab2ef2970f7618c3d72c082fbe99852ab2ff9740830262e648a267c3189a9f63cd41f718c48386eb3e95d8af

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 d18c5627fd24ace45e764ffa16e61148
SHA1 529cf53481637ce710142a60d9fe432042c666e7
SHA256 5bc2859af92fd9701e4e1aa0ce320a820c9d5ec2eb4875820ab3e3b6f7696c4f
SHA512 463935cb22c9064c3cf1b51cad303a4376fbce1c1e1daaa5337741a91cd9ae77f7398acc5fb535330ee2f22e0cc46bbdd70b291cb1cfb21e059536bb8758956e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 f0e18bc4e26dedf0e069cdcf8df10b74
SHA1 0e375e0e502d65ac8b92f85beed259798c18bacb
SHA256 8f9e2d7a9e9f1c734c05f33cb298f276244889922812a0481f147eff17386383
SHA512 132a1c7e7ee00ea2b7d662cbf495a85b98dd2fd05cb36ee021f607dcbf092b9b23716c964f14afaa59dc0084b3d9fef0fef9fb7dd91ae72e39e45cdcfbe71b08

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 d0b754964a5a6ef84f37a041de37b993
SHA1 627197d8c4dc2873d88a96f7c779bf48a850161d
SHA256 75628710cd98764c15531bde9753533e45b16ce3abfb1aadd6371ee0be2e8c8f
SHA512 189b2423272cbbc24d54beb248b3ea252f665655cfb3befa58600babaebefd539885bb980e3c38167e64e664e3e64a50575e841c19fa2496844b98c81edb9ee3

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 647d7eb03dcbabfe00242d85bb9482a2
SHA1 203d4f8d0398970cbcc7d5bdb88b24e861a0f518
SHA256 5eb460ec4c5376a75bc1f31c01918892c923b3a7d1b63a04577398118d8f646a
SHA512 fb104d9156a72e4753cac4ad628f80a0bed679f3d1f8cfa4db305a1946fd0fad10381fccda0b971e22ffe52ae201daabd352c60930d0f1746ea5f34f5899c741

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 a3946aeedc92ed6b1b7f14a743395c0a
SHA1 78efb5d7b9a48452fd3bab2f932aaa1b108a3543
SHA256 5afe9fa1b5dc36a2bd5bbc6661469dc524f532bc5dca441440937aad5d757194
SHA512 decc1613ee5113f859b7f62828bb25f264b3c63015431ff7d98a53345e1302289ea1fe59bd4c80f5ec08e2aab7d4f9de9d9b2e791a1a06d54e67fac7f994c201

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 dba422763386e2c70dd5b8ae4ba5ab28
SHA1 4350300cdaa32b56881f42ab436a2fce5d828746
SHA256 8ad4b1b4dd9f1c20694969475b9199fa7a064fc5c1d72367ce0a6e346d442a82
SHA512 26e703a39be3030f892ffcd2358d0a43a1becc66dd24d958600c737ff4d8f1a0420d581614e27169b6032b5fe5f9a584e58e2ba31abd388047726ef5c8e3df03

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 57ecc8cb787eea7ed14771554dcd1e5b
SHA1 b1530a0aced83d99d24ca1c1a61c58cdd9e9b97c
SHA256 38c84b3eb481219bb12bd7c4bb21f75a4dabc8afe496bd57a02d2922be94e0e6
SHA512 9f14f18b02b1242c89b105a00cbe74c60ddadf110aa77b38eceac59d27c86eac550d4892c22ed08277353c158901c2f4f3119e0f9540c677f62d614a25bee548

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 42a96652cf63d5acc843f77881cf044b
SHA1 518f997fec270f958a745d29bddfe2633cc40f1c
SHA256 7fdfdf174438ddda1b22af49476a72dc80893e5ec754f984f72af152994f5080
SHA512 e89ccfdfaecf828ae5b3f3da1fbae7b1b3532bf81e8543e629f79559afb0ad90bd7bd6a760019213cb1a085c36ad0740b124ec07b480a55c5bc169fe02330f91

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 7c771ffd6ad36ee977cf7eb5c9d6c255
SHA1 0b0c9007876a6f65c5d54a918224b66f82a28710
SHA256 c4878400d804b41acbea8f37603a5261388da5593c07aaa5b24825fbd724bb93
SHA512 0de8e7839b66bae2698a32aaa58a9d81ee21749ad302413c56a2a3da374923871c4f36fb76d11cdd61620d211b481ffb2c0523c3273230ccb842bfb69be44f52

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 9e5242a21aa17da307805c32110ebef4
SHA1 2b37ff16bd78931c443c0501003e298c409ed713
SHA256 27faeea3e40a3a227c7db75480bf1cfed50d48aca97525056b669e3c14ef3ab3
SHA512 0778c1e461f5b0f8df7c433ecc98e490cf8bdcaedddd60d9e9786a4140a852d0eee3c0b741571d72867709da0d624047c4934b5e7d8615b697bd9c09428d93e1

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 69baaabf78ac7c4a4a3f676e852b3e04
SHA1 d73546a5fcfd3122a482e886e1b3128e1d648aeb
SHA256 5a30a0d4ed369ccc821a6f290cdc82c73ba1878f76cbe6ff618e36309d9bd018
SHA512 154e1a828a4f5af12feff82378f9b612397ecd9d132f7217bd7a4308d3f9b5765ffcd9872248b4b9cfcf5047980db8e3ec7892e56593b4229507f4b77c918e69

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e9ae872069e43f0d0bdee6baaccf0f41
SHA1 92a903c1f8c968e7c7aa8d13fbb4e2ec3ddd97de
SHA256 2931cf94635b63ce7a9bdf4f405abe7cf5c6ecc713ade28ec86345d2bb9db6a1
SHA512 33408f7162bf1bed9f3da16b2995ea15a1fd83733d9be5e6f398c86be33caf8ecc7e39f74fe35a53aa6e1fce50aca8a67df2ef8dcbfcb1668ccc216652d18e37

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 c2389e2b3011a716a6caa6d8b6eda314
SHA1 2be23df43a4192ec88d823b519c2b783c4c4b642
SHA256 969d3a296c213de6a8511d08a827f8a10335fc66a7e95626afc4e8897d6d8c17
SHA512 69839160f56947ae2ba2fa05347080ebb515c3ee86d85e0b41767d851ae515babf721d7fe2759d4f58d2f8b7e7e2195f029853928a1b08724c66628bbe43893d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 bed8b6abc44526be993218db5f13c294
SHA1 fa5c748603eefb1aa4f1a08bcd20342123b35837
SHA256 7ea7b53b7ca3dbbbe39b7d941d0c2756c2859a2e82d690ede93b84ce683fe5f4
SHA512 86a8f406614a617589a6b99d26951355d714ec67b463ef8026f093363123b10ec5ee108bd6ab9a6766d7b45f194520eff77134d0403ad3d3cf185783f20038b3

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 33c62aff8db07688d454cec685bc7ea2
SHA1 014a0a48a1563dceef2b1775f7752b5f060951e9
SHA256 5a873a4999edf7574775119f4bbd56db2e0d9083601c39c69914f3293c05422c
SHA512 baddfd92e91be847e358144dc5e6ace9f789daf2ce49ed8f1a516e64a9b60cc5e06692a63c43996812d28c3fef5efb7d9ee3edeb55074923f1f5dc0d399f8f4b

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 7f8f8759c1c69b8a680346a751e96396
SHA1 c5b5a6e047f7fb323b4cc9a7eaf476fef36fc5d9
SHA256 042bd03ec5d19ce5af74834a189020133ac41b45cfef42f8b8a18aed886f5f06
SHA512 8ede6d964d4f288bc4b4866041aeaf2b4aa0097946707868754187e28e210dd00705951ef8db1d7b7cf85c52a3bfa14745a22434a5bb7c2870bb9bdd58879e65

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 7d859a94b74cd9e1e5bf0ba5a7366de3
SHA1 beb2377d73ae1edf08968cde9819bb1ef1d7ebba
SHA256 8c5d8e3ef675aaa02788d16fe6996a57c782d5407c209ea400279bddcf995c5f
SHA512 b4be645df237c715fab3b82977e73b1eda108204556e2de3a6da968bad69f104d7e87dbd8ab4e6fdb69708c7034ce731cdfc10f848b7778e5b2bd4df5d10a046

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 49b62938d9130960e5ca40f7238c3049
SHA1 d66b797324d6d21c2568f749327855e9936c1962
SHA256 136ff9f75aecae6b41427bbf737ff50ca9a83f63786188ddd9f85702d084eb54
SHA512 07f4c6033f6f13ea68b524b1a26465613698697407c4c16406a60b1a7e402cc1697d2f1b63d2fbf3cb2a3cbd903f6ed6980e1d724347fe1da2f52fdb8d633da5

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d3a3de37c592fc9c0c82d59d17b01100
SHA1 60ff9f5854bfd6253549a40a0b243212b028f173
SHA256 7c75dfb2a62be46e851472f9153ab14ba0c817465ebbc5a35b3d75140ad68d3f
SHA512 40df2347dd0c132c4fdc48877afbb200ad41734dfd9241a1b3e06030f359abb41bc7ce30f477f0391e2d706d6aed0291c1de13ff24fd92286b338cf12bef3af8

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 ac9e41ef79c4efb302105fa5b19a6cc7
SHA1 acdd38f0408ade9ec59d25fdc7322f255c5b4977
SHA256 23b98805ed26067a55c942ee3f592cbe23894508b461d7651551b3079d6b5b59
SHA512 5fc975e8b05a7611b2ec44c126a07e8485a328c8afaa86c03fb7ead6dec4a72a8afa6cc1b535e814b5e09151a3f28d4e4cce988cd48c052bacf3622752bffcf1

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 96b46fdef916760636f0753a35086b89
SHA1 806ec4c2ababd1307487c3bf28f6c87defae01e4
SHA256 7ae4e079a29ac7b2fd8954bd74feeca5e180684154828a61de744193d632ebf4
SHA512 dd7937781f33ea375aa393921e357d629bbace6da13800c8140d6e25eea2af9735aed160a435c842505f06ae47a8eba16cc29dcb45ac48ec0c39a72fedbaaa61

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 a67645e6d1a7b49e2df69ac017b2771f
SHA1 34a94ed8d4b5bc0c1c421042d544517c86e0c3cc
SHA256 13398d77c47eb7040cdc53b43c8b8eb9f9a1e5a7b025cdd76c0d4342fa81a83c
SHA512 9007e78eb31d047cd4fea481a4784ee07439d846cad2636c4bf0a574402fb6fcecd0d31c9fe479241b68993c339c04196445c4f9fae2633ac8c15700ae84f4b3

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 19772ee2244269adc6e67f55ad8f03c7
SHA1 d4d6cf7d778a8bbdf3a1f270b07b2636b8db2992
SHA256 021b37c901c95409e1f2040f4260773075e74520a120e6498577b50bee3148de
SHA512 bc7e387058a9df274047460233a963bf5d0354899f24368d3e2b7ecb47d15cac95a70c9024cf73a987fc0d88af0f9957b0289308717add1be7c8f6228b30922a

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 127cb47adb25174ea24f0f893ab4b64f
SHA1 a57ace4a39d851afb453c6ea06d174a3af53cc1c
SHA256 1723c9d983394f1a9c4c948e28b6634e35b610672a41713165cfba8cbb8c2c8f
SHA512 a52ea86f302b95119e4537ba50e44f0a26e777bc646d3456e9852ec6a3cfe53d77407cc0bd6c0a7c83ba90f0d870d3fe3223185493836697f44b35b7d300a060

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 90bde531c8051db324d409609868a40d
SHA1 02fb8a374c2ffdb5b74b1ec804bea4402f2bdba8
SHA256 456c7b925760d8d2369b4ed26bcb72a54ea2d07d644ca0e66be28577f0d2d709
SHA512 15a2ce61c86ea0d31673f5af2169eb3fffa3d412e0f106e528120cd085f2d513fccd6f22b8c10fc4b6ad5cf766c736ca8d57d73b1cb189b4ee647623d0c23a5c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 9d10df9d04d9a553badb4f53c9c2932a
SHA1 66733a382a1c246244a4447de5e7037bdd9ae70a
SHA256 9190678ec37502184cd7d64fd55d153132b394ab3809f95ad74087faefff7e64
SHA512 745be38c49ee7e7ffd064af1e12064aa291afe3e93e332528ca12127eaa53a99b8eb43dfb102f04a21dcfac6acda90104e6b67f5f8b753388b98e04346995384

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 70b0f425381072790242cc2f43224a88
SHA1 3997e6487e12fe1e4ed819668cc6f09e1693e2a1
SHA256 d11e41150ca70740a88b9bc560d1a559350e3b25194c715531444370ec1c0f16
SHA512 dca9912126db6fe4bab57d1886d997bb4ac6cf1c744a010ce885c18d024eeb42d12fd8397acd26d1550ccba340f26761b942daeaa01a0d8b16985f16e301e7cb

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 b6fe9d44cb68252005f1cb0df3048129
SHA1 2c286ee156545b5ea61fff87a5c5c897cae2117a
SHA256 dc6994232a3b6e79494102430080a27784f809304c68b5791299418893b46deb
SHA512 b85a5cf90b0ef44c8c5cf3f2d69e5f3aa9aaa9c573798bb90487eb59138153e8070ca08304d09a86ba6f28abc3062eef5961a09a4063b4cfc0a6559130eaae65

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3af51b6522be4b7db37a886ea6d747a5
SHA1 025e6efe6fbcdbbaadc15f7679a5e641e56af57b
SHA256 174407322e102ab8f8f9c96150f88df8dd7c633a715f91aee7c916d9a22d02de
SHA512 426d3c39645e6dec2735c257c65179208cbc778e9e46915a3f767e821f2d6384248715844a1b7c3116902dca44392dce5ec54e377f13192558eb1c05df520191

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 91f1c63230d517b96c6b52be459530cf
SHA1 fe8505dc14f75ab6ed9ad095c7fe32e79f2dc74a
SHA256 9e682d4276227c8d0924e6fd81043b99c0e40531a5a52c5a863c937b60041677
SHA512 93661a6292b1570f181555c574f210fe6bd0ed385c6e135d2b7eb5ed820a08301c583bb0c0d576cf53b767eb0242170a294af6e69f967b2fdeeeab6efb737a20

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c27324bcd3eb30bae330a5f8cc9d3513
SHA1 4e69347e903ab7405371a587392512cbd53df9eb
SHA256 759cc85a4de46971d2904594adec949f2d153246c85cec564f6fb4124ba9dae9
SHA512 fda1b40d09d6d30ab14e8473b98cebf1b245fd3ba93c2b360e3079c491e1f0d7648538cd9941a6506e0c4f91d2b2bd3779b606759b9b24d5b24eae9ddfd1f3c6

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 d36c045f13090e45c09f15d29ba721b8
SHA1 a79f91299b5a17be6bdf82516807cbee1d160dd4
SHA256 8803bc5325ccc8c01b152c36cbf736d5b7e9f4cb5a472bab2d55ac23c99304fd
SHA512 2aff346fdd2f9fe2ef10a1c5a327e290a07be8cbbe9a3150914a1b06361b3f77ee69638109c7308bfb27baae3a07e537312716f1f0ce42efeda94eb88264a11b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 93503c97be02817251251dd0c2e0b590
SHA1 893d52895144a1a708496b289c96348d1cdea4dc
SHA256 5deee15478186662b620895429a3af902befe70f495ba4983f926d8ff41ae15e
SHA512 0fa810c7cdfb94679520ea8a8f44f08c7c22f9669fc0391ae09e8bdc1209a9baa74be90d3bad24461f07dd6db30856f0a40883fc1474d8a0dad22b809a0463f9

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 00a3285da34303deb609b653f811371e
SHA1 7f0903d3407255e7ee8d9218a2d2ce46f8af9568
SHA256 1aa9b3796481bba7a99777e5d6cc95fed6e5140ab4815becf55f8a4047fd1114
SHA512 3e5940e55991d171d5f41c453288aa5a29f3ed1fd6f1de554338c4ec2c90c2a0a65a122a7a750bf5d60ecd02b580836a9d4f27a2ca0516d855404fffdc8dff5a

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 104b0a39083ec4f26c14087e962ddc40
SHA1 875559875e72f40b567ed6b7be403625c432943c
SHA256 86b3983cc84a612d22e5703779d083fb1beb29829995cd340c94dec2a89ef1be
SHA512 b951df6392c160efc9220ed8f88963d5055f924bac34c27c73fec2e45d50e7ae84dc6e855504da243fd24adf88114eabff8af73c68e295e9a5acbc014f3b7571

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 0ad2d6919c23c01c908db2921ed63c9d
SHA1 5ff870cd0f93dc66d1b14e186d0691391088fef4
SHA256 aea1b91120758a080fbffe231eb2c70860a4c67d970ca6d1d23561f328e6e2e4
SHA512 a5971274acd7d62c91ed948c7398f092e0b83f23b77284aa67b0681e31116ea75d1388a703cf95269445ca696cf32e70315d28a0dc2f7bebb9404fc89170dd3b

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b4f0e87b24d2516355ee81edcff52837
SHA1 53a5fef0f672c8d8d446bffd897c1d82a0bf2dfb
SHA256 a9b831a21455e321165812e643159019b3c02368ad9d0d88aecb75efe1f4e015
SHA512 14ca9e77fc0f5a7a797f7dd4291d09f2450608f4d58b54273c9f57e552f23f06df5d0c87ef4d1d914860d1a013a6a5d35782e126bba77fee36e9ddaa86ddc804

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c3b4abaffc2eefd0795276c020231ca3
SHA1 c7af238fa2d8c306a5bbef8fa34fbe9f37b0c197
SHA256 229563f5902c2a9a783cae8d1de6c29cbff659b78de38d79c924cc4d91f5424e
SHA512 b7e5c85cec8e43361453b78492cf42cf304afd71827f507f7142ea0c9359b33bb00bd84072cf0fa10c090a9f84958e1f0f51fd0bb190d15df2ccaf2e02bb82bd

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 c22abb656240a7ead724ab536e5304a9
SHA1 7a2f30169c839b97d7a768753ea368acd60177f6
SHA256 4541ebe7f06a1746e8c945ebb50e21e38b4d8998bab8a01f5e41f8bae3552bb1
SHA512 527115b12247f2c9e42ae8f19e37c88e964f2eee01f6e5f01ed9a48c00f4277be188232966cd0989a7bf83f2ab20403e12e35365d84e406e258c7d57d7848293

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 f0ebfe9cc46a010fbb47e795c396f2c5
SHA1 f0a14f07bf27037b0b11c9fa54670a68dc2a900f
SHA256 a879190f47cc445c1b882cf689c13ad384d7be1c6504cf0b8ab2e46f3b42cf1f
SHA512 164ccbf4cde43c5e74b4ac3289ce6599d3a8e0949068572d69184cbfe7e37cbf4bda0c7d5e8d7a15a0e4348b04fda26a237e5640a13456a8a2ee58b8da42e931

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2218a16c614071aa0e64740808a48bc5
SHA1 271092ef0c18eecd76548af14e37cb997de830b0
SHA256 d775cffd4c0c0944f07ab5a3504e732e1002dc798c5e9b975ab12cd4a230e678
SHA512 23202b005f5514831c07257d07260b68be2c01be9b075b5ec69bcafaa9df998b7d41f7c9e27291937f864ae5ac9e5e1e63cfb7affe4987879bde19acc55c3b01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 2a88966407ed3fe82e28bbc03ff764d1
SHA1 04199856189aecdd7936df8bafe8b63cc88f852b
SHA256 a15390bfd52a9bdd3289df8cbc69b61cdeae8c49dedf3ece1cc46f604b4be2ba
SHA512 c1f947cc8c577f19a98838178a1150d6fa0dc24b86de5fff6a15ca813f3d541d7a2b844d57ad79573a9c849afb5e6d517e97f3ef813f7a907538accf013d2eb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 cf3ae53b4e02dbded9f59a37c40a81e0
SHA1 20b386f7d2f8a93a7a2a7d680b107ca4dcd40645
SHA256 529f188fdce935a54f3527ea755cc12b9e534e3f939aa7454a64499c44800697
SHA512 c802932a11d2464ade35cba957f7416bc1fd73ef55ea5813027cf500a5228c1c2fc4527cc789269218e26007a995bb9e273032a34db0eab7a27d1daab76a09be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 0e3943f917021b162b197f466ba071cf
SHA1 1e5554d919df3561edd6a2b59c7c19bef0c78ef3
SHA256 56599ac99c62a66982b78de6e7f1d19fd14357f8ca84d612e4a9e350c7f12c30
SHA512 380c99a3e9af45eff38f352ccd3ebdb4c75fb0cddeb4ca10d9a96fb3eff248ac8b82705a13cd13a4cbac59c6473934b176125fc4f1635497b12314903fe3efd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 c2f99bf977bf1f2e38172088feb7038b
SHA1 dab720578f70835eab0e1d9ebc095d6e32a06007
SHA256 24b0c6c3964b59c766576a417e1b54f940a793d340c5eda97c4fe3f46072488c
SHA512 16c2aa4f1d4b2c46bbbba28fb2354ace478d273374045f86f9c135ca9a8970496c4bc5b22689e7d9fa25f855a0c14ae614cd98ec81ff1f8a78b2fd62401171e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 5e39f1c3724665893bb55a085e5281eb
SHA1 13edfa659ebfb9cd774d8d0926b56bf62bd4fc8d
SHA256 dfa3d639aded1af1b6a0a24a3fb98c76f1731a97f677febe6348b61f61f7f71d
SHA512 a5233096e5ed413ca0a91d8be721ccb91d987bd7ee5d589ecbed08f45a93a04a71349b84c912063fa19feab3b097819e05125390091fa3f5edce4ed06641f753

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 02c71f734b479f4aca4420fbc0d0a20c
SHA1 a8f32095e0e697236aecb58b0f29f35e70980914
SHA256 ee5672fa7819c0154cc15f0c6b4decf5ee13e9edc51721f42963a86aafb5d4a7
SHA512 9bbe4b61251a50f4b01bd15f0a668709524d742e90cd88293e6138b3fff9359613532d8da261c704a3aafb27aa893c647fcba0483b79dc9840297d55e15061ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 26be882b563d616d413ae3f6367a34f3
SHA1 1f7c00ac557bcd577ec2ed998ba243b159624586
SHA256 6cf3b8abf70c14f2c48b138559959d82a71cac06fe4db28a43da315b89a8758c
SHA512 ccc13dc492f9640cb9b1cfb9bb7fabfa5f8940676f728b898de5cc520e9968a5d8e80d514832ea1f5d2889cdb5f8683bd1fab58be2818908d5a74f564f253e08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 287f6aa56c3a4ae855b868d313d6737e
SHA1 48aafb297feea0ce7d177c844a399951e71bc856
SHA256 38c36a7a85b45eb75b4c55da1a402dbeeaf9cdd0a04814870416ac37cb6f1093
SHA512 3655a1a76136dc27df5760842faed1e0467e92bdb68226b19bbf75f8652be560f27ea70e2c5ed58c61acef3ddbac85e8e5e2ffe9c3a689509278217db832f24d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 0b9bd95889ce4f6ec28e8648f688d2b9
SHA1 9ea4cae3f7d47c2bc0d986cd7f1dd5e2b4751c25
SHA256 24d69aedbf502be2d5243de102ac317e436d92155339d92bada7be513e095d8c
SHA512 9d980415483e88d738d1e8f4b4fbf35fdb3f8bebfb12e8bb50d422497b54f22e1f32a3e8ea40a42d139075b3c5099497f57d7f7c6d0805860d386d1b91f75f7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 baa21da3931d2d096d5560fb7d40a810
SHA1 754d77a7e2d112713680dd0a20b67a2dc630dc9e
SHA256 4f9b5d0514a5373f921649eb7c13cfc0117470bc8e940d60f7288895f37e592b
SHA512 8a5d3a372d970ffb55b86fbaf3b8ca185cd325f1ec9578a448c0cf7fe66fae0cd25ea5d36dba9bc0aa2433f55e8211b4abff35dd06b85b6b3b990c470c0b575e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 c67e57d24cfb4d864689b6006c1705bd
SHA1 a3501636513af4225e9f73c3f87d846ca7438230
SHA256 4e1a6d11583b648001f3971b4af1db1e2997502149c0cf3157dc4d01b61786d0
SHA512 d91650a9909d394e6b40495c1503d89c9fe1788658053efaa84af4bc8fba6a95032934a00c93ef44184be7ae8469fba3e7acef9046352b861e9c9a9dc62d2074

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 4281c86794f8e611a48f469eeef2fd40
SHA1 22a4063be2c747669bf65045afc4c24bf4c230c1
SHA256 0320de8c01ca4f5096624d5f3a7503c54a2545ca683c7f203e8c84a25d0244f9
SHA512 131066cd243a51277c0d1c08ab6597423c99efb8c151811ab88af43eeedd64b022064799907857397ef708c4e2b6979d6d933ae9a4e3f82c3805f21ce7871fc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 146262da53b03d9688415b454c66e4b5
SHA1 b43c2db1661035c02a5e6e8b2c29048df242904f
SHA256 975c274cbdc59c0b235e3ca001a08954ded0ff84e66667f30b26bd25aba95440
SHA512 7825e0de19e777b3b7fd3ab61781e23c28343c4c029b00f88093593c1ca8748d9e13a28174a24ec023e678f39bf2641e8e74cb65b4b7740bf1c7351ca39f667d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 56a6f327f07d67fd3a656f76083b0d0a
SHA1 40762df765bf3c443b935d1eb7bebfa8350dec89
SHA256 690e130e29b11452ca54fc030c3458965ec02bd5372c1b3fb67e3c89d15170e3
SHA512 5629e10e4e7d3277be00724311908b3b18df9112428fd9f480f4e4b90051fe4e32139e10045ae6a73edf3b0ea2961d3d643d16f62a3c20ec5add2bfebab00318

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 830914a7ea27b124f5be864b5048163b
SHA1 dad04ed98172fd50da951131dfcc7f9e81ebf76c
SHA256 a2527878398b5621af07ba09b361feb46f6a5497d49b45bccf0b8143bc7b2812
SHA512 145eef9fc218abb4d656286fcd397c5752bf57a36682058082143f9a1618dac9bd167cba150d251aed1ed81a319d510899e55286c4725c7a21bfead6a1c4abf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8b808404cbbbb9088641a65ed0118499
SHA1 422cd36f5a0badfeb6456ce50ac6e94c7b4adccd
SHA256 4e3c32a11fe687f62723f2285537dfebfcdbfdb78405c7323ba4570cfe9f508e
SHA512 149a74893e833226050df795c4f5286462ce321f4243876df3267260fdfef7b1b4d7474231c7aa8c5a7e53de943b8b33d4f99c05e041abfb0ee204aedfd88d2c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 c74593234dec059faa3eb29352f980b0
SHA1 a3c99b1138a50b9e9bad01e63d4ef5cdd1e52050
SHA256 1492af17ba16b11fd7cbfecd3746e5a30d2c0b847d6a2806db93a162ebf63d1b
SHA512 dabfa8622d7d8354b46f7feaf6f55d4549c642aa931c10fc7ad4a730905d087cbe20159739179afc25c019d9945caace54eda494d29f9b5712d275816268ab8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 b007e873515388566c0aecb5bd2a9d0f
SHA1 1790f43e95044e0482d1641e66c1f69253eb4ca1
SHA256 35dc1790ffd4c2575af7eae6862e5bec72423e3103a07c5bd1841fe7a9d378eb
SHA512 dab576e92ca5cedbfeeadf07623d1f01da3fd1dad9f345f8aa7aebc4915be46fdf350ec925e306ef1df41e62c01b405a71432307e73f4fc1d419cba66e3eb722

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 9d9f9331d4cba981013b906176255672
SHA1 655a4a8b225137fe457a8db25cbacde35c45d667
SHA256 34b8edb8e84d730e0746963a981ad6b0391a65504740b107a06f7349bbc62a72
SHA512 ca26eef7b37536130177b61259eaa4798f96f826df6814938edb54112d6d3b2ca2e92dd98732d223bc8f3106b2ec4edb81b774b837563317d431f096fdb5b1f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 61a3f637c8e4224dc23ca6d59f324998
SHA1 0c1f4bbf9bb04cdaa24cc291b0810dd76b6833b8
SHA256 318d034e5fc3152130558b2cb0986ecd2c1a388de2034e5f77b9177959c264a5
SHA512 3731a5181124c903619c1d3fb08ffbe0cbde9e6e449ebaa4fff87cdb6939192997cf51a4f2035989880aa97a006cd44d867e53b0e1a5e4dc881bf4399811b932

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 9660284aa7d93657c5e474f574b8ef56
SHA1 ed8dbe9993a64abc928ecb2d2acab824fdae4edd
SHA256 317311b724b4c9a125b08d83fdc67ee95326d202f1fdc4461dfa5bfea8904381
SHA512 90f321983052dd3f3a0de460a7a79a61bde790a049ce0f07eb9943eb8239070e8e825472cb77efa0b2287f111ab650b65fbc1502facbe0af0a2e7dd4b64b5117

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7fad4b5a08f2a4a28da0d015839f7299
SHA1 893b83e0daf2e85a3998f165562adf2b3acf72a6
SHA256 58a329df67ff891982770043d9ea94b3ad2986f2694b4721aee10b05861999ee
SHA512 5400d9e5112a3293a893d2c908a4ee084bde5ea5477c9c23c4dc7f0c6b2345bbc064974380a979d75ca47954881566a7e1593143d8567cd2e4e75b10f2e8b250

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 e5275cf2cf26856fafc47c040dc8586a
SHA1 9527d56414735c20313978da0e9e70ac7c6fca8c
SHA256 f94e2b7f120c483a4eaef9fb92697fa2bc3b26b9954b1e855fe59438a9384fdd
SHA512 3a73c9e02782f1600d952507ee81e055e7a0b48a27820ba75726c174730d4f78c19c55120ca802ac9371232d9e5894ae71ace39311ff00991ffb09c2a8e87ae9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 bd94ba4d6244a9cf8923fe2e3e0df6d2
SHA1 2b0992360a6a0ccad41e1c148ee7850282edc12a
SHA256 44a19836da788c17aaeb19108cb7243e9a2ec8d2ec58d77c3821456a71850000
SHA512 51308d0b10235b90eae0ffa77c255dbe5821b8a876b06ee5a2a74ba32ad0a60820bc406a2684488fcd6a360a7b8af187b1479255abc9a44dea7cca3bb935aaba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 2e3597bd34b9153a1000843cfd9e843e
SHA1 ebbbf8270fe3b30fc3e17e5c58ba365b83d5d977
SHA256 b3e057cdbef7fd7f2fb0efead377f3903fc00e3cef972384d355225b19e9bd6a
SHA512 d675e2ac95fa6ae7a64f8cf3d6f6fbf5368c314bc5e6171b30de06a7ea66b1fbdf72325a3ce5299ec1b3347b402595f203bfbc59b44ec5523e136a8ba5a5fa6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 a8f953769877f47192fe775780de34ad
SHA1 b0ac78b5e0c040f136ee91ad323fcbc0400ee638
SHA256 80175a3b730717bd5a869f38eb3a4fbc4b51f5a0f98950059aeaf089d319ed08
SHA512 5801621beb88ced79460cd238ed7f3745957b2871c3c89ad4dbf67c8695faccec4c2330e3b14a5736092e0066ecc5eb9a795ef873fc2b5d423ba34c22e07bb02

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 5c9a419f4529126e32fa1148b57b5791
SHA1 7d73b406ec15286349b9ab8c1ed695b32e15093b
SHA256 f818f9c8ff093604c302c3055b63245a28042332c713aa759b7585763637aed9
SHA512 af5308d6256da3a9e58c5fe5bf6cb90ef7d6c7933971402e0a82831f8b63bc8aaae1aea732f036aac0536c5e9a62bc4f95d1de127eebb206f2b0756567cee332

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 9841cdfe72cfc52ab00d913ad7e5ea95
SHA1 43a57077e334c273cce4d6e074a28c0cee32a547
SHA256 17c089363b1696328890838f61e5168bb6d144f04fd6b5d31a20297de071c806
SHA512 bd1d315d691f3c17254b616fecae8f7f6c955fba2f4087439645250b051864fc27808ebf1b798f5e4f324e2737d41b41a2e1b64c2baf0fb6d5aaf299ad5c0462

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 c77684e6394790db042d1a5abb9ef4d8
SHA1 499a22be378c2e969ea6b175c6d0358e72d0e496
SHA256 937dbe1964cb0dbbcbccc0ca04315b2dba7fcf1eb5c14f7d6452664d959e9804
SHA512 e8cdb6192ed72efaec1b607f6b201378893430ad00fbce41d8d5aed26ce16d38ceee7b6e460b7b88a7d09a2bf49fd3074e49aa6eb59aae878feb6e8f3c2a79d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 701781ead7cf137b2beb4d7b16fdbacd
SHA1 0cf16f9650dc226998057369c9de12823c981285
SHA256 bd38da0265a8682a4a73d84c32026b6a6473511e0f92ffe3133c2ac8c9fb3764
SHA512 64e39c84be74ad73434f1ffd9661bb08a853687ca07366099a20ecf1109b2627110fb5c0c4b59484fbab2d20f935e8a5a1171fefcc6744c6ea0d51fbf382d23f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 373aa4668a60b5e62be2e3aeb10a0662
SHA1 c8c74e6c791f320bedfaedca2d41c0dff004e2c5
SHA256 8bbef3ea448b7266847408317b06884af7d4d0e2698677e64772b6fb26fc2fc5
SHA512 3cc9ffa2a8279caba8c7c3cd72cd0750a13ed1775c07ca05a7cda810e2c2c998593912dac0536bcf04920d4a07eb69eea6bf88b222323e25515d0a4227603088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 20812d83a29624a0a3e90df201a5d4cc
SHA1 c957b7862ee1f633eddce17b5063d975149ddbb5
SHA256 58dd578d1aa4ca987ade1ccff983e867aedd67f460eb5e6b961e764fb148ea0b
SHA512 02e39998c14304954db81fe434dcb178e923057db48fb2c87848772d4f68947028c5297c0824b56abed3364817a0429fc862fd6e1eb96ec3cb5e934c7ab0886e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 a3f7db497eeb211041dd52ab6209fdcf
SHA1 f14f764266d5afb7966d086d0d39ec1d4c9ec551
SHA256 18c83eb68384dd142d5a43e294ddb677c2f9967f1c4075a25e8010ddf70527d0
SHA512 0fc541e0bb04b7b8fec56d4ffecead02c0ea875e9f9293be5db0cab1df61e0798a292a0e16636f00b347df6ad7d26791a2414172d508bf2a5280ca360c41b8df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9721e6a39653d8e52d9160f98baf996a
SHA1 736d8d0faa191a15a8562e5e735ad68bd6811db9
SHA256 ec68e64089395861ec322b3eea17c57630fd0febda17b3cec314dee252566008
SHA512 0d1f053d6e41106d5f049c1d3baa5412885a21ec0c7738ea163dc8527a44105ae9920d9268a36bfbb11a96ac29094d7f28ae7ac74a59bd985bd6e0e39cab2c09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d656eca885de89715d830791261bdb0c
SHA1 2b5136c3445187679e2d67651d7273839f5504e7
SHA256 3dc556572f7d32047ff5e5ff185624b6ad350fa9d12050f45ffe6968d662785e
SHA512 1b4e51c92e14d36733e490b2cde45ddfd9cb72d673b2cb2b41f54b94f1d8a5618374b9120234f27618ea725a52f843e644e92ab2b7de16d6297d12f643817c50

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 90611d7970dfb24267f57f93518f72b2
SHA1 2d34d704b8e2d25ce4748e57d845011deeac2e98
SHA256 0eedcce831f77d2639db9ea055080da44a19a01d4855ce79487c7481a0c9c892
SHA512 8e842460ee3d2905c748a33c691edf02ec71a91e80698166b3df49d5b60c2e47f77e985dc9c07b8f15cf89399b5b72280e2ad7cb99b4224e11faf0f30db46b07

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 0beb5a15935be1b991a883a2d2980e55
SHA1 091ceb6a62b6daa63b240aee72c8aad63210b945
SHA256 04923339d5a1b35f5cf6f65b99a2b25058b78b87950db512ce0f560453d6d429
SHA512 d7875a61c22570612176014934bf20f7929cc5a8c31dc3ade29df0ce36913946fb08bf3dd9c2da550bcaaad6494757641327ddea4194267acac5f26fbb017bc7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 173a93a21590ccc92f53e0ad67dd44c7
SHA1 c80ad151a401f98cb552babe533d09004a806841
SHA256 4d026fe0ee505a514c6fb84cf405ab67c252f3a1775db8b089b9da5bf9135dbd
SHA512 3dcb9df5296875d13a60e2c12dff44515a1ef1c8f0c6b4d18aa074581225f9a8be89a307eced8aaa39c6e1f19ea3282498281ae2b9104692b50ef602233e2e50

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 34a96d62220c18276d6b99ec80a9cece
SHA1 2ce78a1836c61bb7480d168ea965930198ed8115
SHA256 09743dcc3e9b5803d48d949c02d222be068734486f595e0fec855487e19fa0aa
SHA512 4642437cdd71447a3b11d784a9ead2733d47ce781b00ce0c1d1e61de11151052e2d9c45e463510bac34bccd66606cb43a76c374ffa0131962ef00dc9bbc4fa41

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 3daca02c6c7cb6ffceab581fe39db4f4
SHA1 7a97569be9a230ba9efe0eac416ab9e720879a3d
SHA256 66b2276514c831742d42fb2a5fe63bf453382e6b507dacf80d0607a5edf15af9
SHA512 5f5ee5851aa1dbd0169ddc245bee833a3eed2501faf8b95699935f2fcd39b11345ad3faba3c78ef51051cf9350eaafad4a2a08b4b1be8aa431e122bb2b1d427a

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 e8fc15e1f178d589f2486eefc4bd2b1e
SHA1 f429b39cae4c18cf599dd9a25b2c19ac43d1d4d0
SHA256 b1c6161d549c6015cbf271c62ea87430c2b75cf38c075665a4f7ca12121cbc53
SHA512 c6139d29683dc26a3eba9d6e6d2386d2cd0e77cdec129e4b871770ead8f91ac7898448c15d2e59a5a5f65feb8bfff14420a2e68d57a3f15bc4b158136234fd7a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 006b3ee77fe3444b0b122773a7aa9cab
SHA1 d20888ede89314151fda19cec58455d92889cce0
SHA256 35de815cffb44a4a0e5156f138b0097d1d16eceb6baeed338e5ad8b5c9efd165
SHA512 9e6eeb2f8452d070610b6ad44ffe09cd30febc635ef9befd228b7207f8fd822051f9c19736ae436c51b26a9153c988a5541edd20a246853aefd015cbd8df42fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 bae356a53dd616e2305f3d35bf86da74
SHA1 3391a0b8a405695822a9637325bd6d91a2139606
SHA256 6d3d34c95db7b104db9171432e8df2c22220bee7a6d690e5a8a434080bab1505
SHA512 76d4cf2680db091a7633ef9c8889739162ab0635b0cd7756afbb4cff0e64b4e6877514b4703d4a8a53daa590aa410974a56c152e25614f29650c31bda589925f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 1585c34aa27122899f042a6939ab639b
SHA1 9dc13348d55dcef9855cb06734cf0282ee7c5812
SHA256 3d82493b651199b8895d4861b2a591b55d6408b52723a157a4162cfb10b9fbf7
SHA512 bc87fb0d88cba610b924bb056d20e4c5edcdec6b242750ead7855b5afd0b3350e77d5e66750707bd7201d5b30304ddba1cd486acdef95c016cd8d7f712bbc308

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a8b3ce8a4b80c309f179e28d49c7220b
SHA1 ebeaa9aa064dcece8474813f0b5e832cb0832d83
SHA256 ca98da6f83b744fd59829d25b9f852a9f789a76cc1c1af212ae9609539546c09
SHA512 72bf307afa99e846810b80b57b4585314e24411874a7f86875b8a0c97be0768b1734723c4cc8c19bfc0b39a5ce007117c9d5e9412400ea2785df680ff14693ae

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 46ed512cb90f7a90ad6aaa3c51ce9309
SHA1 4ff88cacfff33df528345689e69744ed9dd43579
SHA256 d08764eba562570ab9591b8d80a5fc14a946e3743eb4cf85b26643ebb41c52b6
SHA512 0c4a0f3b8eb12f58f3fa74ac5fcd03bcc08e43b9fc14e9ba5fd071fcd004b79ec8e373d923e65b6f4d302f9f69b8607fb0dc00b2532f3f892e6483ad907cd881

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f9a8900f6f13f8f875a10c913ea85eee
SHA1 5b5191f404b16472b994caa87a39e2d690c2ef12
SHA256 0be0649b16a000140a1cb3ac82e24dd4114106decbe711e57e4934ff72a6323d
SHA512 79a306d69176847f274649534f887df9810cd98500df4999ec9937d9261923fd7168cb0b40e064a0677f1817efdca5a44be7ee149ea555b37b27c549a61a6642

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 7bfdb742aa3c63e82f0b43d408c71c2e
SHA1 549909dcf81624caa77285cda7c03aa7869a50a6
SHA256 c7dfc32d059f12482e2f262a9e9e8eea420224ac0c3ec50c29189e7b59922893
SHA512 90f6890b967eb05da3f62129a1830511a90e5fd310cc8fd3030b069c8ce411325d970e3332d3a951baa5ca93a667acb5e2c98875d998e6ab724f01ba3143de13

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d0830efeffb74e5531ab7766909315df
SHA1 a66779a791710915bf4e78687d197c67bed558f2
SHA256 6adf1b4827a82f016565138c49a0c6aa801c052a78f91fcf729a5fcfa1e24684
SHA512 f52a475d4eb2e722c3708bed45d2ebdd665d133b856e004bb0bacf4738d949071a0127d4fd80bb4d395b4ea8a486b3bfcd298983aba8882aa5a6f9ac68dd7000

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 61fbb673e97a2ce3626ab12c77064ea8
SHA1 72b53951d51b59f41e79a958c66d7d5d9f98fc02
SHA256 5873383f47bb38b137ee9f49992f9ed36dc800b29b031486e39f24285c8337a2
SHA512 eb2f0acc956982054c8de8feb7d94c3a5facea1f65c3ae78a839e9007d43afe340d91340de48b7c745f50215744a28df1bfbab81ec9242becd8ddee561ed7d60

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 27c96ecd196a152f9a1bf2fed186ff2c
SHA1 ea545044bbfc7c8f8eeba9dd520d07a8fb1bda47
SHA256 23a9917cb8100bd4fe32beec29651205db8ef47857eabdff06652027f24ea25e
SHA512 9cb41725080df0bf470940d66ef804c8387c3324322512bff4fe6c7c1fc1374c8710d29a99e1fd243e403746fe1a7c7c41f97071aabc6824873d2c245037c521

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5e06e867120e297439ebd00499ba414f
SHA1 166615c610d75bd602e8cb96f26bdd27223aa73b
SHA256 5b4eb189d2ef00e774438d6f5e5af8568bd6a951069e8b288c993ea9444324ef
SHA512 2173c89fc6ac7716d8932102d24bdafe186796eab51a2b946498641bfe21d86320d86ade8088476ee948bc06ef79ee7b48a2fcaea1dac7bc787d8a6a55e8de6f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 26c733452e86360378e1c23a44ffeb9e
SHA1 706ac4f12586a5b8f03ab769ec578118cf1e1584
SHA256 0d4148a345635dc5f2dac33a6afc87900bea603730ed4b7b2f1779fba3196a2b
SHA512 af6f1eb5a802533047ce0073e2ad278b4f019ec08311da208f4df9f0c82222a17c89e37d35441562ebe5b9170a3681dbed9a5a7f104606466bf9d14411e83e82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 d8ec9a3ffa43f24cd9130434d16f4211
SHA1 442e38779590235da0eef7e7feacd0fa2c575e88
SHA256 e631ffe072efa27d130762914aa82e47e9202991c82dbbc95e4a763e9352c5bf
SHA512 854d269e4d57a4204f7055361e98e576584e3e79bef3d315955b97c0214858410dba882102025ec41d51fad8566563ed740b1a2fdc568ab079da247ce44b19ca

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0b63e598a460707ca49ae49666e7ab81
SHA1 064303db4488dc7e5191bc7fead2ff6b996fc4b5
SHA256 860ca6292187c1b08be29b1b6ca976b4ec22ab49f60dfeef4b6e493d4bed716c
SHA512 3fa5eefd4410fc91cd8e96c0711bf51f3c9361917344f8d6226dd48ca77653c1ef1f07d3675d0f25a7f56ca0af17cf3b7791483d2035c21269bddd7fe356dc62

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 7e4eb644f9e5d9667781c6971b6506d9
SHA1 b32f27cde88f4eac57c2d01384e0998dc28caf94
SHA256 bf607f18b22aba724303df5d1edb58692adf0d4d784224303681c3890a24d066
SHA512 e55e26bd4fdd68e3ddadfc661f58b44dba4d0debefc59d9b082a6e4012b46d3a338b0741ca1be877ffdb7b09c8f171b079d46aa6444d5c5e253957748ac0b5f5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3658770f0aafc68aeb15a0e257137ac3
SHA1 2acf8041297a364dedd81661912b91152d5dc2d3
SHA256 1601fd892f6820e012e08ee0283b7d9e1aa6db8dc7692f9e3a3a0e6ac24a018e
SHA512 6667ea885e56751136c1e8104b59d4fc17293f25f240a43e01cb156692fed8c03820a7c3512d519a0fc1ab93d0609f52065f11d843ffbca4fbfedd0abe0d406c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 923d47beb9390c91cfc538049e7b691f
SHA1 988947abced3a73d04112fcd375ac24cbc1f3ff6
SHA256 2f5435e6e91c4f8b1bbea1690592dfb0f94a416c268b24356190b2bd4e43d096
SHA512 f5f250e61b86fe3eab10ca2b29724b5d7d6e7308a782fef6a65b43db17ca015b92c4795a24997508669947101b7eb4f3f3f9981cec2920d36a42bed1064f0acf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 c17792b6fb371fcc976261e1939e9328
SHA1 c5447cbf6bbcca48833f3a2e13d12cc77252544c
SHA256 f4eba9653b0d61b0b3295871dccbcbe8eaec5186eb78b596aa8057ccaed5a019
SHA512 dcf3898b5a7cb8aed6607cd94859f836b9c44312fb2a01bf05be49ab555ffc25b39f5a4b9a60a47cd4e6e3ef930730c75c42bfbff5f84e2774191e746dd81d01

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 b4b4f028fe90fa6c975f975b81c974c1
SHA1 d0275f04373f2cbfd084b05733b376d1683bb440
SHA256 89bc818253ea32ba7e665428c104d0516168640a8c1b9b58d1e86a95e1651bb3
SHA512 eb7ad5e8127811e2e9d17e0b80d8a51d9c1458dc73f873c4b21e1ca0b429df93f1ea32bc44dec15525a17a99909072e6b0f1e05c06a6df79b7f04a2f27d5cdd2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ef2e6de907780a33d5df03490bd22a94
SHA1 814df9aa4e9a0956362e76b9ad76dd6ae4c2871c
SHA256 980aa7fb6d4f4c52b7a79a0325ecbea9232b30f74e8368c5efe0853cdc31ac9e
SHA512 f46496071ba61f38fb466873717c2ff02473eb3f6b6c1073bbe64b76be414d881c66610e3b2a3aacb8a638b6ffed2fa9b35f6f4692d4014f3c395ed8e15d2af5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 53b154eec401a90382ed898cbaa68b6a
SHA1 db4fd9393887ce4668d66f3710f6b43fa07f5e4c
SHA256 b991065ff87d89ad61aa122a9a3fa19153cda144efb46b4776ab453f765414be
SHA512 960380af18b053affe844eda107d53e09860100c75506bc5141bc8933d561f8b9a30ecdd896628e442ded862c6ecc9620ab8bff617e10f28da09fcc1de75eeca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 7173afcfbfd0ecdab5ec8c0674b8aa1b
SHA1 7cbf9daac4414bcf57c0d3f4593190e9c5431a26
SHA256 b55c0e6ded8bae0ddefaf4b02bbba0734aa6d65d624c0daf0dbfa62b10d0fd5c
SHA512 0b1b4e0c254c9286cc1c08f2438bbbfd6dcf7861791cd2ba029d3881993ad1b0018dee158a2f88c2266a809a45423de03e954ff160673d1345131c9a767a2659

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 21736db8048b2a8542ac451ca50576ce
SHA1 9f807adb3f0c4100a4e8f960476dcab8f675af99
SHA256 f2ac80c6c2ecee807ed240170110c1de950e3b30ff2c862b5b01181a73edad3d
SHA512 e43f88a549f8b35ea542f73481fafcf38b14227c2f74373cd21bc19ed3e67ca5e5997aac82040d62ffb940ef354af8af74d98b9b976274c710465ee1053682b5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f0ce4e4a8922dc3a380888ee03e5eef0
SHA1 ccbed4b885f7ff220786eac5c753f6a21f269051
SHA256 7fc04a22085404c2763e22506e1fcb744fde2d5a03f5db6e9931356a4117fb83
SHA512 125d1a45cd8c66cc50e20ebcfe14efb6f03a536608a455cf855bd6d9ea0d1537fad036ff7e604c66be81e5bb55dff0142c33f8f099c3b2e0ec3da454f95efa4b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 bb48474e7524b717200ab81b45f938d7
SHA1 759fbbc7f85f95027d5b62aad0293e5f0a7d93f6
SHA256 da2c0a5d9d16dfc16e81977d1215aad7cd8305699b640bc8fbbd124a362b587b
SHA512 cf2a620b6224b199695c6ea7304593de1b5463cce3ffcec413791b4f739bbc5a06782aacc9543fc1b5986bf82c5292bdd1c1e6bfa96863ca2e755dd461814d55

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 8560ee8cba35d0f9a9de22df8647937c
SHA1 a0038b31108597ba73b6b637fe958ade6283cc36
SHA256 dd066ef867e61650aa6b1f47c6fdbbcf7353902fdf01cb8c709d3287bba7af84
SHA512 8fbcfdff1c0a4b9e74beeb8d6d0e6d75208be311565ae34407d5a88eadfd948553db49196a6e1e445a2f8083ccb94600b338ebea3df46983935f552162644475

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 54e1d3e0ed4404b16aad77f048024b67
SHA1 908962f58c987b3d892ad722cf84db6c13fff3ee
SHA256 4745ab81b89b61430d3d4bbe27ca971d5c133cd5ae0bf63f34eae306dd30e5a6
SHA512 632efc624a93d16c6b430042b7015f173e05526dec10005680d66616075967cc9999f80f5c5be346224b4ce89abbf60eecee745fb89974159d1e6cc1e11e18d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 d651dd163cdbe95f9062f2e7741fa3ed
SHA1 568e5831e42a0fe170fe9c3d332e1237034e31be
SHA256 859f5b5ed8e53a69bf4f56777aa25af3ee937face86458e394bb38568c973fdd
SHA512 72a642164d7fc02acbca67021786bdf4512ec46785e3d57204390f14e2546d8764bc7dfc81bd5e1cbc6a37b33f5d368d508ed51aaffeca15c919a4c4cb5ee62c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 f1ef4c16fc41c4d63f84175b8b46b242
SHA1 d4ac0ef362835473cbe0e25348be8e077e4818bb
SHA256 a2e480c8a2ef440daf86586fbb054188f7956dd06762b1e712fd5fca75f82447
SHA512 0aecedf12e67e8217656c99aa630aeb66e813997eac75fd24fe229d9b58c70721e05caefde567a30a72d64bce41d197a370f483fa9809c3849c1977e714c13c5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 3871867228c44a6cf9fb474044aa6f6e
SHA1 fe2de48b66448216f7d9c956b803a544bbb86a34
SHA256 aa022f362d841582eba211b8bf28f206698818f8afa524355639511d02cf958c
SHA512 1256471b47313d36fb4233f12f9614a3fd8f41f5e76456f0a390f3deb6c42b2e6f2140da812303b17dba09cd8561aefd93ca4b063eabe22f7ac1b844f311cd57

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 808ec2dcd040401efee1b132986d8a5b
SHA1 07087c7ecc4e7337f648c9ad0add66bd7384d955
SHA256 6cfd653a949d4b96db8d701105809bcc46d2e3ccb0c39ab1d7ed6d6199aa7fcc
SHA512 a7d4191c5cb24af02baabd84199a8b7d45c2a4d6dca29c3ab3264a18d60b2deed42d69353f0f49eb99fd9721735888adb4096ddba7241c1709b9d196e7078900

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 8c3a815a637c01ba0b140a96ef0ce05c
SHA1 14007b3df02c9ea5f316d2462c40707c713b0ceb
SHA256 971d537090e452cf5cf9561aa3b548442eac75a7ed31d8238469d53c819dfc94
SHA512 cfc7e470642f2fc9f4e381306ef88d8a356cfaf8eb0ae259515b212c8dcf861b2664562e739bc777fd97477270fdb6dc94c9c2fd0c05d0ed0ef72f1ecbdba766

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 fc19ab9ffb759da1e277093fa4277fa9
SHA1 91046f226cb08626b0f17b5d2e4d482792cd89e6
SHA256 9e6045e113998de047eb3f75bf2f94eca86815c48628b6f0b6c478923c632536
SHA512 1a263abb49b17c4cedd9ae86117dad5b89e4109cf80eee1850379ce029247eb30f50a3bfe81558ac824503e2e0da5c3f34a09728f80644d4c055719953f1b5cf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 affdb3bd2860a7439911950fda0a2695
SHA1 f33b1b8b58fe81ab1e36fc90b229a89abbca602c
SHA256 6f99652c181c1dc46c5649dbc901f9b9f832c2d177514aba99ab3a8894356c87
SHA512 f7d7285dd66be85c7e2b92cbabb661ede8480ecbe7a5ba5975448c9fc341857cc650d2c007654ce330119dea931551c91689cbf215a4a8e0e179174d85132da0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 4fd20819a277f16a3ec3d63800722f91
SHA1 956b1b12a30ece5497e067fdb493a6748ce77d9a
SHA256 6a4f4262030ebcda2587d1d9ee7ba35213e9b9aa186c6b4f04da900361e835dd
SHA512 eaec9bc45c669a2d30195b099b9768dd5ed2e9d8084ee5cf3ed42f1b8c4b86548c5ae44711244e7700abd43b373183a439a483be0716e7e10b45231a67100918

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 2ad87778fcb0adaf4aa706aaaa738b91
SHA1 f2816a27fd493ac4577aec15d0de2a361c1f2b4e
SHA256 4c78233a9df39a4287dcddbbbc83a97eb93f56f302d3fab760668a5ae5a1fbfa
SHA512 78864e4bd3b146b98e9df8aff73dc79de0ac0a23c992036c4e498b5da12d112ca8e07d5fa8e3684a0733a9a11a8cd7558d45dc2a86ad20fc51455f67c088d7b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 2a901a9f378b92c1156de36264c43b86
SHA1 f70140ea77703e934c55950128d38703ec0c49ae
SHA256 c6262d8178655f5700010ad926c11b0d241cd2c2770a1157b2c7aab5e19b189a
SHA512 4ae887130c50b07e379224aaedccb2f295c58c41e282cf9cb661489346cacf98e43350d5540913f88c7221ecfc0fb5739b07cc9fd0ed12539bc70cbbc3c0371c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 e9ddd66c04514c5c50c65b98c1a2e280
SHA1 3124091f16705309742acdc81270cae70ea754d1
SHA256 e295a031894a2c2dc3c2d87d583848b1689126d34e4d09e40821a5fcdd5246e2
SHA512 bbf702c499c4f1ff18d1cd3f2e71b54f64bebe035a1e4e2a054a83b9bd561de539089a1bcd1c28a4d5a1199647aae1b2aeadfeaec879f6ca736f117372fa6439

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 59a13b7d5147edee3375324c562f1935
SHA1 fcbea87be21904d1a406fe733601a2e4f156fdde
SHA256 e6be03ade30d03b856ace872c32fb87269bed5db03712683db6c7acf2b972210
SHA512 f4cb67f08941e635b21aa194fa82ee3f13025f86151c831c9df301ab514ab77318aca32452c529eec04d5c595c03e7a3f8892d8d298b8958901b15f2dc4973fd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6f8cdec2fb7440d6e85255596614d297
SHA1 2da588da90d3ea6f7015137b246e19bdee0a2b3d
SHA256 b43b4b65b352fd6ab319c79add15178d20fad09b5756a968dc231c037d9b2c07
SHA512 0b411fa3e861b817c4a21109e56a71b0e7aeb5fd267a8cea4670d3f459d2352238d092a5721d3dfce5f43a76af309980341686780aa8580c868c32a04459adfa

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 2e247b8d631c69a4383cb7b7dd0be69d
SHA1 5bc39aefa6422c14760eccfd1a2bfdf634942935
SHA256 7d0b4dc9cff1f04e4d00971b0d7bfe465e50d70987ff5241105fee1766d8a659
SHA512 938700f0447c09473dba8ab0a3312000894c3260b0e2a41b41915911bd313da4a511433bd103b918312f300577e8eb090a03192dc8dfee6d08d602467d75ab8b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 2f098a59406a2c04e7dc7e01421a9bef
SHA1 0c3717ce4146d0f5d4652d852bc179b6621ab38f
SHA256 88509aaa25550419877d7baaf3c35fd7cf6776775b83853c680a0c3945ec7320
SHA512 9a5e9d1eb9f144e30133a16568dc818274b35387d351397109846ee2605e85e6dbdc7bba28ebad0ad78bb8d9afa378cb0f4adc8bcb329d1d78cf2f983c31e6c7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 216605f3f5b2c535e84835bd78be606c
SHA1 db83e556686d2fcfa96473362c095a6874f1acf6
SHA256 af04af68c97e93d70f0891fd9c6920ed074235d908471ddcaa8743db004f1ed7
SHA512 062f006c43de192e080eaf5bc98fad66ad96698aa3252b57f0e066a0f5d09e46cb5e628157b7af771d525b7a5cc89b65f050e18e74783b7f625218b23e951be7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 47cc469f295a323f3479edca2e459884
SHA1 0f44e9cb7474b6623b790546e9d119a54976e2a3
SHA256 52b8986ea840c77c3b79461526db28b5031b6c82217e6bd31eb4d1857e6e7cfa
SHA512 5540f68f08ac4d03c2c149592561844a7d9bdad8d4fb4957c688a609e98acad4c107ca25e6a5a10fd73097e9d74f4bf86b2bfa6ae484bc439d0a5c880f3f699a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 d5437e24ea8d929f75043d3263d36e57
SHA1 20fbac15b99ed73fb5320f1baa0f195691d60d0e
SHA256 3f5ee50e030f2714189194d08f40ac3d75e4ec835902220a0323eaa2737ee9f6
SHA512 fd5c0b79a463b871210612429fdbe48865bc769a09525512655311dbacf9e8a8f69cf568bc7ebc12bd3504d47ca34d678d4fd809ecfcbf1a02be25fdceb8ce03

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 a82efe264b908995b9a41aa664263d88
SHA1 c3ab01974bbb918a350b38a12ef96742a49c6792
SHA256 7cb7b11da2dac02d7b5f148f9b17e1170c79fe17ff533c0a7234a69fae687a87
SHA512 18d654867b7645855540309cd3827f7141945bb2ca50fbe9068a986eca14845720c71ba0b6eefd9b9231bc2daeeb59e6100886d22d1fbd8073bc23c796184d2e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 56d97f1cda6ab3a4ba8d335e28ca148f
SHA1 8354f2a0280a7dabafea9390dc526a3beb5d26f3
SHA256 dc987bf66f0083fd8913a39e0bb132a22726a2224bf4096633f0bdf05806c916
SHA512 5994cc3e11af79a43d432026c13f59604a38f337acda7ea9bfb70e3e51842c41eb7319d219ca68b75db6d8d018c5bbaf2b0cb1db0f4c1906b50dad4ff9f4192d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 fcfad7ee8d8144f11bdb92b7da1f4e43
SHA1 8ec12f39b925e61b9888c9ac0350575117c046f5
SHA256 d0b4236156ff71841a6e41f31f760462d678a5701fd754c39fcf7354745377c7
SHA512 b9e28d78b4d2f202ba193d08bb08d2c578f212e9bc4874839187a11e829ae669f7571e5455762bde4f66a0b357fb131729b40ce7824d9eab31c5cf3231a9a73c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3f6027944666b31d4b9768d01b5413f3
SHA1 8943a9fafb22ea419488ae025d91f24e01f6ee46
SHA256 ffc33e7db2bdc4cb0f8f91c61c26ba0f6fe0861201c5bb4580d7a3cde98b6f77
SHA512 8ac93ab65c1bce97691c397c77fb453c5cb1af8c2449aab9dc7baee2bea624361680f7948f5142c076992012a356384fbb74727365fa63f218262545ab75a75b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 41ac6628f47e09181d089ab2e6b5bfee
SHA1 d50fd6feb2dfaab02e7fcefdea930fca9c82dd15
SHA256 b088ef9db5770b1a4aa704b40d3f7087e25aaeefb87d334a405b8e8a28adad07
SHA512 489d7f4e25df0cebf1e9fe8143f589dc440e36afe29264da8b61422c4d3926250b4bc2187729239e24e9dc16cb43ddb2774ba2cfb2ff0b41871619f1da1d4151

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 458ddaaa2bfd662f676ea882167c8e78
SHA1 423ddfc46f530287a679657ed0fb41806c48aaad
SHA256 44e29594d99379179a6aa66adc01ad191e7e1b68909a616617ce423eec6ef5dd
SHA512 c172e0efe3784af6e5ec062a5b7818e8315ccf4afa0e51c14e2b37cb55a3e7885ebfdb3f802cb8653d1766a7b07b2ab359e61dd978411874ba2745ea38a45e22

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 6f80c60792bc37604e104b7d9791e020
SHA1 a589d071c81d330a5ade35948a3a19413f7f897b
SHA256 1cee5192ab0e0bc211d1604eb3b4bc2b6a86271e8fb3abd1152573e734026440
SHA512 74102a75b19cc3e3a27fbe6154364b7dff4edc16cb981c86b3e9f823439487f6be7ce41a4202ebf3e554bf8690383ac65c26730eb9467cdb2e231a6060428043