Malware Analysis Report

2025-01-18 20:40

Sample ID 241213-et5yhsyjay
Target e9d71f80f9e44314a81f97542939b75b_JaffaCakes118
SHA256 a0be3e6abffc484860a4ea261cfd5218b2fec9164fdff1318556b0665afcf6f3
Tags
xorist discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0be3e6abffc484860a4ea261cfd5218b2fec9164fdff1318556b0665afcf6f3

Threat Level: Known bad

The file e9d71f80f9e44314a81f97542939b75b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Renames multiple (2190) files with added filename extension

Renames multiple (2162) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 04:14

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 04:14

Reported

2024-12-13 04:17

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe"

Signatures

Renames multiple (2162) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR14F.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\MINUS.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Media\Delta\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Delta\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_h.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\item_hover_docked.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Notify.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-17.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\28.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\photograph.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..style-layeredtitles_31bf3856ad364e35_6.1.7600.16385_none_4ad2978b8b3ac8b2\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Characters\img24.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\24.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_m.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Landscapes\img11.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Nature\img3.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_de-de_80c638890bc8607e\epgtos.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-au-component_31bf3856ad364e35_6.1.7601.17514_none_36a5754e72dd8aff\AU-wp1.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles-client_31bf3856ad364e35_6.1.7600.16385_none_858ad50b329f70a7\user.bmp C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5646c597a746df57\settings.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-15.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double_bkg.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\501.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-back-over-select.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\rings-dock.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideShow.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Roses.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Ding.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\(144DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-5.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Battery Critical.wav C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\GB-wp3.jpg C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DQSSLSFEDUADBWT" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open\command C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scJwx53779yuaDe.exe,0" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scJwx53779yuaDe.exe" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe"

Network

N/A

Files

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0e33c363ea51f3e279fc0e7656c91b11
SHA1 997909accc0947c80cc3b7fe6234d97519a74fae
SHA256 4af925c2e226ef6419b4cab0d3e8c84290bc9c6b477c6683ea69a883eb7badd7
SHA512 06025c341521bc3cd4349cbcb475aeea6b6a962bb5f9b7537f2a9256c7f03ac9a0ff9e30b4cf7e875fa7a50ab4bca30d7d89c81e9f7b5432d3970c07e0bfcee2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 75df60c9ff5f46b3fe7255d3f46c7c8a
SHA1 faa2fa55f4afd67de42b8e7a42d1beba547b561c
SHA256 3ad5602d3b4a2026eaef4c86291f7eed3813ba4a97f1e868d37a064249804dbc
SHA512 f8dfc406bf12e2879cd5bb76d5e0e2dba362d7f1ad253ddf5b592ebafe37871ec0cd1bc5b9cf460db70ca4989997330ca39fd158042a4538bad2230c47c991a8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 24aa843cae74eb058fae9b56e1ffb69b
SHA1 25f9056ecd85b2b9ba4907ee4c6383ff9b0eebe2
SHA256 a689db92734df0cc76958b81e8f99c33f60a20913f1e33f3cd91bc22ecf98367
SHA512 f216d708b5f0aaae45bfb26f475109c8ec17420fa14c6aa765fbc334ba5963f4fb19cf320c097ccffaa47c36299d66fe79fc15704667672716ac50ed93b9aa43

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 033d3f2e1a2e564bdeaa941e4ac80126
SHA1 701e747c8c1b0d66776d4eea71482c93c61e56c4
SHA256 22626cf54e374130b5a72504bbc2211fa3ad43c0db15f4d603da9af52514708b
SHA512 dcd1c0966b7e0dd084128aad911123e9fe3cb5fee0792bee69bf8063b7b21327213784fd6736598cf02cd977852541fc750a05d852a892d79d7c3508989cd81f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6562b69814cac50c5bc68847007a5ee3
SHA1 f2fc3158a184ae07a722e16e7cbaef5dc214a16c
SHA256 d953155789c331f208687a3d06293ef21d3e7243c07a788d8d0f0d8839543f44
SHA512 76aadd4d07a95d2dde988142b8d4572b2f8b6f8afe01c9f2927a750d5cad98460b85f8e5224f69c59a2c8bd6af26b4ca9751b61fccfd530825944a5eed5f4f97

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a24d7ad34881500b239b0a59cfe4b0ac
SHA1 014c4fe958513c4ed7dce8d2ffbaf099e25c1e83
SHA256 c092bb225d381c903c039cd3322389c487207f5ac251619e1b09b749a699648a
SHA512 30a420aac5cedaa45949ad8b9236a326d2a614246c9b9aa071b3a60f1ab4fc862b50bbc8fc0d888139eeb37943df6e7163f41ab1fd20b9bd4526afce46927000

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 e342950ec7a7de915a8c36b359b55207
SHA1 c71c4cfbc27cc3a6f87089d2ad24bbece509d9e8
SHA256 ea970a169ee3bdf77164259f5463d3285e4e529daa54b7153e2e879d1afac2d8
SHA512 7f298d97628ad6419702828b993f51fc8fad259ed89c290f660f9273a8fb9e5490ccf0c983cc7fbf048987ba05b3e0c8388e326ab1ba8c197b8de3c427241e19

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ad65c6f7993185115948cc6fff071bb4
SHA1 d53cdc27397aae423d7604123ddc5a7ab1d39a4e
SHA256 c0daeab2db5b5ff0de79e26270c449edb6aaf6a67c178cac95d82d28c2498e0f
SHA512 2e2761391838872b7b4c60bf939669eb536573b06bbb9fffa028efe12c6b9dd80152671e8edf38a402f4fca7e081afe9ec4cab71bf6aec92f127dd0b9f267073

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 5b444856d2a2a43840b0a606788fd3fe
SHA1 a9cce61d7a88121381b71bac1651f48de72b8618
SHA256 5b51b26c33c938fba84cf1bd6c63178028fe6f686475c85e9e9993801de39485
SHA512 9c16537bf8c8932dd59b14e167c84495c225237dbf3f951647878305451c0b33d2bd29814c6297cb5d5db997556b833a28b21b58afe3b355e35d22636d8a5989

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 b7c0e8e944efb521f5d8496063356941
SHA1 e17dbdede339a91f798f6d82c663d3fbdef5a7a2
SHA256 1c77a02ebd13e23e4ca5b1baba7ba384455375d6edb1c2de8a1b0242185fad22
SHA512 4bf25fa366ea4dba56965c7a345d74bf03f1d9180f807ab5453675222d27d6060c4418590b49b14a383c8df0b0d7a1cffd6c1cff5b34c3731fdf03cc7e518412

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 52755cac65471c4d3d151034b3884f42
SHA1 693f998b6811716ad598cf863de24e2234d31bd6
SHA256 d316c523f39637fb2034680178e98efe2e07cd7ef839aa12d62887aceb3d2874
SHA512 35d09839ba3ee9b7b427e3044566ab9fafe5f0249cfa74c18592af3e18d0a002c9e7547174ab98454d5d0b396df36b7c2232cf899bd336b1848e183cc480060e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9ec6c1ee40ca8914067bd657bdc21f20
SHA1 083d5109509dee8d2f09d64322e096b94f4d85a5
SHA256 bf49714319de656a83be67dc1dcac5651b2d1938c60ef71a01bf60fd8022f706
SHA512 b7db03a7b49e30b139c273ca29e0fb9c5489e31bdf58510aa17e46b953d418170fb5887c875dfecea1a8d679e9b71985b19d3fc4334581d7b47c760caa596e66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 9ef68ce322e53f85585df285d0a2ced4
SHA1 7779154d7c847ebfdc4ef3e130ef6cc454baa324
SHA256 9209551873bd04403779a2985bff7108b49889fb2e169ffc8efc48efc58619b6
SHA512 70f1710350403c3a10703506d119be9b92a2b88ab0145842ab304bd1b8665a505adf80a377789d819db247430710a592aa6f02a9affeb40d4639145dd3415031

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6b9c2f7ea21e4cd87a8e6507af3dc9d1
SHA1 d38bfeaa1c37559c5cf3f94cf16418137187ea19
SHA256 a8fa6753e3d12cdc1e9f309f89e2c38f8b934d569687591743e0927ae809929f
SHA512 d03e3df786555ddc6d039b1dbe1041e5908937b5ad36b6d551c0502d76eb5d5fa27583b2f8a2ab0c6ee8792d87bf87d620032071f319275a9b0dee3e5a3e3ce9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 7f32266ff19317d2be72f3a90d755314
SHA1 cb1b3a4548478efd2cb351a121bd3476a7152695
SHA256 6f3121d139d5e8e198dbc825d386c204ecc55145f3cafe0c4adf96c5c74a0cea
SHA512 0095a4d492e67d79880e4119444a7e3283005ece8a70b2c61feeeb54058e3267e1f406e83255093a10d62aaefcf15b32d3829aa5187d69512198b24c542ce9b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 156634ef7b7a4326ef69e72706980df0
SHA1 72d8ab6421c05dc5753859bae6349950f0392715
SHA256 173ca8d22736b48fa3152e06d75325030fb25a7d310b2257924751e1b2a05679
SHA512 e43ae3324d53cdf969816b4d4526ab7a8023c3ab536228e7f091753d14fa7178cb3aea3699888f63b960ff58bf79f84f310315f03911d357d686d332419ee64a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 93d6c7414388042b9238b641ee65fdb1
SHA1 430015d4d35c0e3db261660ce4089741f1e8b294
SHA256 a3ddbc826ec6fe6c47c44a36c9134c650ab801b436d60dc95962b881e470ad61
SHA512 075a5d307327b11770da32e1c1c2236189812ef2c1cb08fa0144fb2ec97f89751c3c35730045740ab12ceaeae1a67eb43b2a9119f4ff19e259f377cc2ba97787

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 210e12ebca9e89d6d3a44c4bcd05c2ce
SHA1 7679fd03cb4d77ef1de55a61112edd22a14ef7c7
SHA256 6a6f83ed874e2f7f47910dcdd1cf8187ac27d8c5c110173cd9633b0d338a832c
SHA512 7c2323708d20fbb13251328b198a0a27ba11e869c732c88307235d32f8532232b963ccf0b84db4856b202c72ffff081cc67f421fc82cb17a4c97a94997da8f22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 d5d5ff20b60a2eab51c6210e92f85568
SHA1 34cedc93aaf540bc171dd71733e1112074fc83dd
SHA256 6a52f6b0c10c58636e56b46557208dcc9081a5188b33927f58e66779f734861b
SHA512 ca953551864d054ebfd1ae0254b3c213a70dcab53a115a12ce01e3c9098d0e48d6ca9d41f7f7533b95ad258c6b80feb69e78ea12d8fcb39d2572f1ff5b4eb6ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 04548d7b2d62cc104a66e814eece664f
SHA1 7376e037ec01f0fb3f48ee5fd6ebab7c98fcb7c7
SHA256 eca77f24ccffc58f9a76f64f1567f18dd2cbb9d78922cf337dd7e35366d8dc41
SHA512 8d69a5cb4a780099ccc5367a8c703b55f0d3d6c37788f71c6b6cdcf336c2960e4a06693c6de686c8e7a38bcbabcb655468e6aa094b4d977ad58b45b02cfea086

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 b9a1f6a62956e3c9b7067a0412f82e39
SHA1 c5dd84bfe9d2642b454f13f5458d9da988339886
SHA256 e9545cf7f26866866141e6a8084eee13b82216c130d387cb7b33dd61f3e63e75
SHA512 3945dfae55c5d2ec1c98ff6476c28a637b2264e3695c3698706228783310344af521d7d59476763ae443f7b9f8cc6788f9c3d8f3c10b9536664849a688190ba2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 e0992ec4facf8b4584340a998a1279c7
SHA1 007a132d3b64eb952f55f56bc1b18bd92deef840
SHA256 5e1ab3636507f08dc3bc257300dafd33c1dabd61547a4584ccb44bf3cd0e6f6a
SHA512 6255084972efdefcd39625cae7afc641930fc11a3761a4f39fae70a996dff47c938ec70a1171e1e25304f5ff1866774ceb5094b18caf762d2517f4c1f08029b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 2e747416555698cbfb35618e4ff5d8fc
SHA1 057a09f521de42e18dc9936f732eee4c3f33ffab
SHA256 2cbb3fba4a7d3156de5f5a73e2e0e7b47243011b0a0e8d9fa491d8db29e356cf
SHA512 4caedee0b8fcec84cef1b9b421d5c5bb1ed9d7dd96f800a8ed49dc3fbbeff5b58911342ebae5d536ee484aaab1861a8f59f27ce451f772ebbcbca21a2619362f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 83b81571c86eb367089627329ed2d8b1
SHA1 726d87cd2d9bfe40e43dacbd53679c26f48aa321
SHA256 2ea0a8ce6883005eac0ed95077165174508a871741d2607d0304681f47bca608
SHA512 182fbfb4340a857cd0a70d55475b6fc3b5c347563b66ca4e28427172a79ff0f99879212c6c54ed71410664946db3cb1cf0824245af8839ccecd56d2307021076

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 34654a221c45c65bc85333a6d0b87062
SHA1 364ef8dadc5de26c8de8e661252240f7dfc2fcc6
SHA256 20d4b978a2f7252b64bac954f43c9d8e2c0b3f751e84d9f9b3f60842412efa81
SHA512 b61548d582e6b0e3dd6020d15637796a4b238e5e74698590a173f73aad8b2480b3c02076ac2891c0ff930b8a9e614ad61c50c43f6bbd5f167fb69f3fd657260e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6108eeb28e99bba60f5aa85ba860e03e
SHA1 394862c7b315c927c72c6db9f2c7ee6c3cfeb0a6
SHA256 b3a03dca0bd7002e4ffb8de57aabbe127b9050926e9b1379a929abdfc4719d34
SHA512 a2ec8ad1fbe8ab469e28dd5718b0e2a092dab8e36a10f89936fb925212335200cba80b65371552477d9e2133917d11eb94d10917d562a2bb23a7fdcd24e3e4a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 be781cb34af8f1da0e9b2773c3e18faa
SHA1 53865f60b51dcd4b3e10a427c4c7c45193cefc4e
SHA256 ae67b5bf118b7ee4a95ae0ba1f030789f5da62162122006b75a20840ddc6231d
SHA512 11835ab094e411d47101b7a2e6be80e7d0032055f1301e9e6a16b03bea27a705fd4647fc5708fd5253867ac74f138c1144685082f6f7c0a30403f6ce791ba520

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 23489384e9e5067b4b495141f3059839
SHA1 796b21515fadaeb1e13c0c61504dc5908ff3e81d
SHA256 67a407f6fcf300a9d052fbcf20f75b97e78e0a49f3c5c11f18373084dc913327
SHA512 57a9b1a526328b37fbefb10f046e9e61e438029c800c8a4dd8cc57a6c5ef963b9086adc4c319f1915f2a1d93a45536bcced4eaf00d64e2c7b617651897683c7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 52618aed078c68affcb94b3b247a5c44
SHA1 b233536748baae4f6b638db7b8eb58a1bc276e20
SHA256 bdc019fd534d2988b7577699d89b179351d2fdd131516b473e891f0e3617458a
SHA512 e89eccfdbddc23b182e0ef6836fbb48bd75159f5a13f8fe55dc14ad31e3381685e878358af78a1444e875013d149cc5477dc0d7e023068d52e46b80baebe2a3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 039b95cf7c9e1c25564ec5b14e284a01
SHA1 cabda0b88ee38621afacc3886abbd38abb2b6cc2
SHA256 bf52c1a498a30b0f01dbda17bb562805ff6aa4ff73e297812008e819538e9fb6
SHA512 e1b23e96c2723c637e9a29d7a2cd122a34b566d52eaa9468810583a9065ea3d6cb45a8cd8fe350866893c84f9aa646b1b4749bdc88eb0003d6a2572bb247e1e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 7e0d19252e72c855d9d7db263e9730f0
SHA1 a1a0257ec1f865151d437671b80768ab3666a6c9
SHA256 7b914c37f4af316d9fadb66e8ded4f03d72205f9f9de5d2224a582ac9bbcb36c
SHA512 0cdfd3a37c34a261ea1a8cb70198a07b689f7dbf18c28815e53bf433fa6db40dc563b9f0ad013921f618ab2e2e31f15ef4a215c0b1c9f9f4f1ef2e87cc2c449f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 2786966579699aebf2736963901fd3b8
SHA1 5505811c683e963a6047e53cbcc6899720ad7c1b
SHA256 5f70c4b188d05930661b31251f6d9fcdd0375dd79b105b6f394f656760412c02
SHA512 4ae69236ca7afa9007cdaa4c63127250a3a0058452f7b8cb247ec07335782efd39b1e57b1a3f683406b492a72e2a6f705a1e50e0da5b9a9bae2846db9802d642

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6236a02acd00678e0596b080a517367a
SHA1 c034caaab130bc7e1237249ebcd25f35f3397997
SHA256 10fdccc9fdfac36a77e27b34cf77def23b545e693ffce2b444392e0f98d34853
SHA512 cec558e4a47d0cbbc3ab48bc474ff3d3e7d510da210944736a114d7a2f14f8750ab43044e96c24633e68767aa102d99533b04d2f21e2b42af9106816005605ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 5d29b4cd0f2fbfabc75a9c4c4a429aa6
SHA1 9a69fb4ce5bf0d7b30143ba40bdfefe23d40786b
SHA256 a6173b0929199580af121b8a4a1ca03188bb7e077ae03332d4caa6cf4229a052
SHA512 9fdb5793f8d045cf6339cfd7b52005491b6c5a8c136da71ab4cd6f814255c7beadbcbe67999ce88c7de2d59cca8afe3e7d35058aa26528e100de3f037f433c40

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 16ce1b166c916b6d421b922172ce7a3c
SHA1 d1c989c8775645cd09f53f58dc5d60666f43fb3e
SHA256 9560641ed74e375090ac38e386e0b26aaba767da6c33f0e14be762e23e19aeb8
SHA512 46fb521559501431ddb88cbbe88d9af7278bd5b6c24eec116e3f74b06ed4183b7a9892b24a422ef17847e10ac04fa2c29ccc84e7e4fab3f8a95b2589e16a0c5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 bca701f69b8b09c6a0869483cd1f5801
SHA1 b7f5fcda3a21dcc22ae6fe4aa8b0063964626a43
SHA256 0a7f42054cded5f7bc51f830a3be8b42cece3d9145b5c76d0259c5fd5402cd16
SHA512 75d75a2c021ee00d48dbeaec0d38242e18c2afa25584147ff97ed1f1a2880676c46088d6d43d10f1b70b37d5670512c8b0eaec27380a0621c69eeaf2f4635711

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 0ecce95ff6103cdfd2c475e6a6c099ec
SHA1 c3939a270b45253e61468b3ca1c1ef8d57d354c4
SHA256 5c2456b088cac6abafcd34ff70d986c8ea5ff1839d4a8782a8a8be735f5e77f0
SHA512 f14d817dcdf3a6a65a31570e3889c26fcf6b8fa504f522e01e49500ea3764d689a37c0b4aa3f342037782ff681d703871741168c25ebbcf9564f807cc827fa34

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 b4f90894d934dca4d12dde074cec0d2d
SHA1 63c0c9c9ddc6d71cdddb93bdd085d85ec1b5d77a
SHA256 0062a7bc67f1cd00c9acd44ecf310e031db0c11724780c632dcbb6fd95b92253
SHA512 690f3909e44d30bf3011763910c10daee0156ebdd436d1f4aaa81da214f47d8a819721af908fbdff99b96c3585a614579ddb5f73e3627ac30b4212d1f4c6966b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 49844befd6826f4d8052d06b178e9159
SHA1 6ecd569bd18498eec9f1e27a54bfdbadda7170ec
SHA256 f3401f79aa6f53a302f8e6f4cd27604ba387ab6050fe57edc1da260f30361df3
SHA512 3ab18b1c6f54908f41cac7a0d22c5d185c4f40985e99e31d81af0971147752ed22e6ad297d4af7e8be9902979d367f59dec9dd880d6ba5ba4fcf082251b0e67f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 3cd9429859ec483ca34ee6368bb0b96f
SHA1 ca6d4ac47abab8122ceb31334a1e4204b14cebf4
SHA256 4b0c4baab1e542d485b4bc7a23ea2bf9d338c1a03103dd19fb00f79ee2c42e87
SHA512 50c7b59dae370413ec05e8af7b0a28eb74ca5af81703171848892b9fd40a16ce497c078004bd9f1318291613c368623fef105facccf73c5bd92db3b82b22f569

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 638ae348a237992d2e1e519cd4da5d72
SHA1 f3cc8f2cbfc61600f5419d54b14f057c536bab15
SHA256 fce5185def6cc4beca46797ac939fd5fda07dfcf2857e0851f6601e518c2c789
SHA512 b6079db97823e7baed1b11ad233e74fa4b194028aaa622c891a43ab091328843e26a85d493263baf69de1b0b078ac71168b38816bb9238aac15628d7150a5bbc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 da9b7469eaa81ee201192427e4f1446d
SHA1 593f53473e12643d74631790458b3fbd6f713887
SHA256 54b3d4892a6656f902548acd7f120453da116131375fe8999ae4245a4f385f43
SHA512 3b46dce0f07e30a78f8a65cb3c1f9345d6b6379d44ef93e1562bc6d9ceba89a6295ae98e48fff606e20cdced864d9b827700464524f5c6b29aa4319e05ed4690

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 73e5e3d6f18e5051671ab0f5c9c15e75
SHA1 d5bb54b8fdeb1109573befdf7c108eb4d1ed4c6d
SHA256 d66789fc5543880f093f1b916944881d65e52401c3748f1ec6db5b9a1617a20f
SHA512 ffa6fc591fd3fd529358447aeed60213f3ff6328594fd3b04e2bb042986a0c2fff43136b754780205281ffb6c8cd648598bad8847fc4b586869f00cf5d7df2c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 5699386c747fdee713443da703924ce8
SHA1 7e11d4629504d225fb58a099b8fd315b17239e51
SHA256 0f5f25e5cf4428ce859a2997f428b50f285fd476d8c21b293a3cb9d1d29cdf46
SHA512 4b4a765673097af6f832e5d87cd69ea2247954a05dedc9b8affba841f9187ae5f6b5fa7400386aa10379e2d7eea23e1587d13e7d7359f45b77bcc14406b649ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 17e9955a3cf9f546e32fed1a2083364c
SHA1 095bf4964cdc08ad6cefda711d37b276d49c3ed5
SHA256 216f22788772d0381204beab34dd5fc01935492baa904e36cf8b779e59ea6eab
SHA512 2c834d74901836add01ad8608da55fd8819255ea4d029466bca43d17ff1b30f9157c7f05aae9737acd843ca960d087a106065d66c0652e25d05957e116e57cbf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 56ef1dcc9497336fa78a35305340bf47
SHA1 68f3a81b873fb29b74ebeedc4a215627e87d35e4
SHA256 339aed99767c4b58931ea5ef0514557ebbab4574762904d179693b940104b2e3
SHA512 976d8b32d92d485be55200933ff9504500863a446d07e7f777ac7db528860dc79f5d237f31d3256552762f4f91b99f2cb1e1af7abb5c8648aa30c1f5ca4757fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 e1873b984da48fff189cc309bdb31645
SHA1 d7f18ed8fa0074ec4d5c7c6350ecf3ccb21e5996
SHA256 a50a4c82332ada722c66727aa7a1ca7857fd311b9fc0562b5a0529280870e904
SHA512 b3952f3c95513b572ce2557852d9ab0812ee9ab6c0d4a1f5b76b7c1552814a90c6c3540dcaa5ff5ccd7601e1cd4affacf7679cf18d92c0fabfb8dd4c25c47153

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 099df57f6c29c37e67c0ce2ee102d665
SHA1 5f2a0a833f18e8acbe1848cd49d4cbab93da0450
SHA256 4b50b29efe9b830131946f35e9785e1b20ab24e172461da61ae15215f6e8a8d7
SHA512 262e154bcb1397ea5df8b73e0176ce8d7eaeb095818446e0d3d6c1bf752639a0cdc35491cdebb0d1c35f037532533d05048086e106d836476f2202cb8647ff8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 b8a4aae569bb166dbdc76dd21e10290b
SHA1 c31bc69da4d7a77d0f9d1e1738107ca86c9b7de4
SHA256 bf2a2a7b09ae9da374eb630b1b3117c69fe92d2243646cdcd65e43d9881ed263
SHA512 5e54b12bf56f8c597438832d84119c06a2b8bbc65976dd2a98495485b99422ce0216e8bfe8fbd41cc9decd3160ce4e76e3440f4d0afa4a515a937763288cfb71

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 4f37bea14c4b58f239074447f6b8f8c9
SHA1 75e38b62ba2e2336a01ad7e7b548f53ce270368f
SHA256 704a4d3d88e1ffc828ab20c1fd3f46f88c10cd24e29b0de2bac3d39b7bc641c5
SHA512 09f3596359c392cfafc55361c8db36bd723726582440fa17cabfcce1ba39d7548434e736b57e7ebed521058e027b2a7a2719293eb9e63df58e20aece809dd395

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 284ab340f5c2059998e2eeaba1c81e6e
SHA1 5af74597b77b4d3256f5f1fcd742cfd78ca9d4d1
SHA256 9467559924b9d2cbe5b2f12daa6cd6c0a437602e19e8d581f9c5abc9a43be558
SHA512 9543805a5431232068647eef68b3e4d5a8fec6c505aa342432a22b144dcdcde9ef8eff93c28ba35f16c449e0af70293672b844d0c2aa2b5541aad21a592a756e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 6e110348e8af8af853b6e7f9a47bcbaa
SHA1 7c6b06717e97edaa34fdec202a8bcdc1038a54f4
SHA256 ce527f5abb7bd64c174be973cb22133d44ad60bbfd222d6d1c332e16b808008f
SHA512 7068595b7bb8e764a43a0fb1b9a2b3e4496bb8c48b75c302f0fc77106c5af09115ea05890e9dc5f4753078c54ad20e5958f36fb378f36c9bfcff55e1300b14f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 09739a5ba4715462fe355d8dce8ac1c9
SHA1 a72260f9eb7ed5f9fe7c08d30988b2ed9b5359b8
SHA256 27d7d8b6ac63a504d778c231d0d3569b231d7393320e10cab029d54374d2f283
SHA512 0fe22b695cef390b3da2874a17063c9e92828f53432e238416bc69dd4b3367c2acf0470fcc091b29aac7a81845e734cada366066855bf8b157b0f0e571cf59da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 b7fd7326a115c9d9fbf896bd9397e590
SHA1 6cabf5fa18be61bcea66c06f6ab8f34f1d5d55de
SHA256 7b59c09bfc6e20610abccd654f0e28e9b96d2f3f6db324fa8d382b39c87af4b8
SHA512 e67cc86858b2219e08ad3785469359b864fb78f3ccf1335a40e888bb83cccf776f35e8c69acd03b7eea5b1961736df10d58e094a58e6d992ff311af243bdd70f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 2e72c59ac157596405dbafe15e75ebfc
SHA1 07693e31dc0e625c6b9c131f26751b85d271bd88
SHA256 01dba86d6b95be6a2721017b3ae4262617b494aaf335a78bfeb1a929b6e65a00
SHA512 3f83048c557d8dea20deab6fc1c4a6b584316a0e826e22b042f88daddff8fe8f47232f151389d9046f95c631cc7b2348a8c756fb4025bcca323afc78b0755635

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 516d2351c2b304f3051bb79e59323fcb
SHA1 e4c6937db551b40d5997da935c746f2754d3109b
SHA256 ca55cbd207f7082198569cb7cedf5466c4ad4f3e4891939902309a8b16df1d8f
SHA512 992334f0187659b8cc8fdd333dba6b4de444d4fd6d13776a58a058fdbc4371da09deb545d47237cc63e9d6605a5fea6d8c4bd31bdb7b64831f5dcb98fffd8f38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 0962f0b609a2c49645fb0c784cec64a3
SHA1 fa5d15ad19f899108196c4385cef721b7d0afae9
SHA256 b6a36951be2a3ea5d45534e64c7fcbb3e36f9bda57eaae7eded7a901a53ba09c
SHA512 10db23576d1c16669815631842c990d3a5a9933f3141e858ca9f97e648362bf5995199a817f484600f7405b03e0201d23f63e901e40242a4321e3523dc80077c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 554803dc3660d7c3d61ae990c4513c4b
SHA1 5de8940c2027cedf8994721806332982e82d1445
SHA256 4f6eeadded6a30dee9937ec93953c35130ef47515b2c5bd6795620ae33319f7b
SHA512 81de6c8d0f1021b123c2a40d111c07fe3a454916cd86b1c990aa54b2316c720d69681fd0ec8f92942274de7eaf0c64cd8524d357ff50dc9a9ef08b9759745b11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 73b74d80970b54955562ff0f58c4922e
SHA1 ffb40d9dcfc84b183098492736f47fbda0c07575
SHA256 146fc4910c85ac629d7ef4fcf538940a532f31b487f02a4fc2371c844ee65274
SHA512 c398daf572d9293f47926f89fb21541f7987330147a694cb82f52bafe64fe539af2f6f54847fe722c40fdd39cd9f01365aeb0e4847c61ae8e2011969fb939872

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 92e39cb9a8add2267a5b62a3c06e0bd4
SHA1 fdaf45bb066748dcd52e65b8532144ee10877462
SHA256 4b6eec69b700b49b8ca93945bf42ef8c405b21ccbed9fba6e31c8e8c8afbbb1d
SHA512 cb1c0ced6b6c8282902a8f9174e1e9d05ca1d5fb3e6da99535ebbb4a6cb2f3f4e19ea98ca5037af4cec9d15ff17ee6f842655f50c70139a06edd3ace65d78d16

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6ac318abc834e2ebf2a99265ed467098
SHA1 c7700c9916d53942375c4150af0d9f8310026bbb
SHA256 707192fffea05a93c86d1fd18b92d45845c9000e16e0d4b6b85d7f017359f338
SHA512 51c9c497a8787a28bec91889f32fafca2976dc806a1b9347161ab564a277dda083e099beffcba3dca596b75a7eda9a5508fc2ced1aaf57f0aec66558109fe67b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 dc07dac3d90ffd2a4a1e0169290b3c81
SHA1 1ae48d93d89e413ff6bf1adcc85108f82d97ccb8
SHA256 b268298c9ac41bfbc80ba422f386e03685d10c3a08a01779e69d8fa6840d2e49
SHA512 35a7a5fd25709d6b221c1bccaf1cf8f38a63e8ae721fe63f22a895a883811ccccc56d1c3ac505a183878e68c7b1245b701e8ecf2717fbfb7aa9a96742f3632ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ef8ab93b2e7420e7ba9751d71c10697e
SHA1 a9485e60b16249339bd3ac450f24e83aef5d27b7
SHA256 42496b8c3c483dfa550508f1410a3558ea2b377bc0cc3e8760b2b499b364c2c8
SHA512 d65dde32f6524fc9d51faa15aaa7ac1c8fcef3ee84610d5793c5d7fc1b50773e4a22de85be5c26b9944b46ab1667314657fd10ac07bc79b2217bddf3b15b7f66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 4fe154642db431cccb7efd143b3a0deb
SHA1 5c74df1b5d581ca96c23ac491a35b7d48c272cb1
SHA256 0c446417e6aa556d84fd07345cedaf6f722906bdc649724efb7f89c845707ac6
SHA512 50452adef7423bb10b74cf52534c834c3bac7cc0637bb7b340e4d7444734c0526f5853e634881d454a0b8db72fbbcc893dcb5b4d5fabb7f48cbb85e81284741d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 5f641bdc7eef1d8b71edb634ea01709f
SHA1 bc11832640bc738b186c1b10ed8f3a28ba8d2b3c
SHA256 56b7dfdc53cb914690d8ac9d1c1f88b5e4f5371850dd95ba5e505f0b59ae02cb
SHA512 b8566931efe8d8682ab3a3499498266e975665154876e63be4b6d8f9062d9daed5baa7588d2267d2b489c77d53c70d7540658371c04c9f1d2522b4fa58ef85ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 9d4c290dfa6a86684e4d9e7a993676ed
SHA1 f22421fe0ff895b54eb5bb99eae6aa8a26f0e0d0
SHA256 c104ac78d12e7e8d9d3076fae017b6cd2f0be0bc27cf9c55f259a1a08a0a5188
SHA512 4182eefddb467c1f1cab925676f29929b7b90aeeb878d54fa6766d27b8771e32f72595e3038173f08832278998f781903c83a5e3d413cd688129fdcbe871848b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5786010e0b0f2056dcd104c5c2451e4b
SHA1 2b80db74bab724d20fe2fc2669249113343094f6
SHA256 20dd9eeb013872ae7449c695ad593051748fdffb44b32d65b6c665be18b50dc1
SHA512 9f8c4a9412e996a9ebeca99bc74ee74f9641026e29e99b0bddc8499fe4650bb668457be2bb9ba91e4ee91d97e4d250a2c48ae80714129f01c374fbfaac41bc47

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 f45d246e1d87cc9c533ea797502de11d
SHA1 7d26389ff428b2348a24477fee89fed63efb3e8d
SHA256 e83657e9e758e957e3fab4b9fd70d0f8de5007f34a3baf90d8041271b3964149
SHA512 d81840a8f33c197a803122b61616ceec6e1c7fe544b8f034a175209c7246ccc3446b0eb88cbdb6833c0c842193e243d88583937f9e1edf4fa66c63d3fc12027f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6abed569545dcc7b5ba87bb6d9370f60
SHA1 26c35f3957afeaab64605c51f5b47a1910c9d5e2
SHA256 ed6286873ae80f1a9507d639d39f9dada10bce0e4647aa4d1bab783db9b3a4cd
SHA512 f7227870fce2068eb9919be31af2e0e8fd8e67dce412218bc6a35ec1f9f802be168aab4a08cbfc13bc4c485b19b09790c4021de43178d128cde9a20e099ddf08

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 da159fa49c9c9d881b2173416614ea62
SHA1 86a20c2bf5ef9a907493a526e5e34e78178ea98f
SHA256 f2098dbb22c5de98e3c752fa52c45194c008a45c1a902c83c3834cb865d3343b
SHA512 f06805b4f17506ae34c13855d038d2c200108ae6179784bcdf63eeb54d43f9b35825b88e5ed6e5eb00f4f3a75efdf01387706506c4b6447fe2133cb37703a53d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5943ce3b15aae8cc91daafe27fc1ce51
SHA1 c6564e4afdabdfe6dc58e455e69ae87cf82e4090
SHA256 1abda9ebd0d732870f63304256a4a807ae4e7a1b54e520895dbf8966133f2ab4
SHA512 39dc7ef815887fc77ca0230addc0b8f44e1c050ce1d0259b231c94339bad6455b51ad589837e185aa1d5ccea6032aa599ba7f14cd270a8f54428485b04ea8348

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 830d4728be00abb5e7878bf13abce8e9
SHA1 b15ed1a988eaa64664e417bff8dbc0b457a38852
SHA256 c7cff7f287b61767214c043df8068f8850df6475b99ee9f88ab15221992b9127
SHA512 1987bc59a2b6d6c611eb3d168735eb5380b50a087991b73dcb6917e085ab4abf60e93cd618915e5ef898af940b2672aed967cad7efadcb53d387fd8ced4a6e37

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 6ac3e53a9a37b26f7b1a4dc1af879aad
SHA1 072b62a0ede426d59571df378ce38e07edbeb442
SHA256 685ad3b4aaca7c1a275d6d298e437fe4fa99c877bba8a07af9b222965cc8e42d
SHA512 cad2a9dba9062a752b31f8d21d80ed023dd692a64a4faedd7b0e1389ee8ce98a4902b191861aff8f32d746e2e56e0bddbc6be876c80616e78e4b6b3eb51a0a05

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 07f1de4655d5a2654edd09a347ac699b
SHA1 7d769dd9ce19d9680db2cbe14338bfd9af8e8fdc
SHA256 f599e79d1602e3afb0e3879f06f0f9b2920c183d05f6ea2a919a138078deb072
SHA512 d7572b047cad2348196be95f6f81c792e9b2bf99b6f6067e6a2ede25c50c2e2b6f4bc86f88406c4e3aaf3c795ea7a6dadfb7ac47073ec6ea6627ea1a35925aa0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2fb1b121ede30685a1a3129c9cd74781
SHA1 41796fb63b25a49327c313035f4901e90c938f46
SHA256 fba4f573510ecf4ae6560847d155b6f676a3dedab32af69598e574c76008ec82
SHA512 98cda1cdc1d86674e06778190d8e06499cca0e9c162696bae07d6e0a0c7be756d31d4568b52bbb4af3ee13dbd767459d3d11222439c113e0b9439b91fe9dde93

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 71099e67582505d4baea03aa2c6e970e
SHA1 3b36fa0175383d0816bd5332b4d0b4a20b681a47
SHA256 bf385bbdbecde6a89d83bf69fd98da7efcdcefb20e059f672db18311e84d1f88
SHA512 3a9c152c57241bff9e53be714d9d0a6518a613cec329681f1aafe551e7445754d41479ed3825c4010b080ce8f80e3549de07a32237f7663eb54ce0ad01d5f049

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4c08304e59638e745b1b8284433c99b2
SHA1 bb8941ffdc48bb05fc4ff7b3d9135fc9ec649df3
SHA256 69d3fc93b44b21c5acf06f0b667eee11ffef5f05a5d35b2319c70365f40520f9
SHA512 04c31ab1203f3a87ad92f6a4b7cafbf2a4ada26af13c7f6688c3393c53304754fbbfee72dfb70847c5f327c042510496147f779c150b31edf4e0fadd25dd4400

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 509aa3ce33c261561ec91cbdaeb3e7c4
SHA1 1b2656df7c8e646a52e2a57daccafaaf1913c218
SHA256 60fa63135452ab9c7f281971135b3d47616c60c56cdcff49d4b4fd2d60202a0b
SHA512 d4de7d2f53dbc4695478e8f4735b3e5958298e7d6e3aa25c5558254ba3b0d0495b7f7380ba8bab2416a5d1c1000c2c2f7c6a89ede93862efae66d660cf9486ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9a381f98037fe0237738f2367a7e4823
SHA1 e5ee85bc1f399e6fcc4d558e738f7053b9f218b0
SHA256 1f66ceafffc752374b4305ad3552658f6836a10ff375614924804ea4cdb1532f
SHA512 cb2ac093d5ebe67c5893958ae349dfe56758308f80f491bcb16c90ed53c8c5f9b76f55336fe75f4b823f33d96ce9c8a575d5b73fe357f2386e4a1901d224b501

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc2db7c033ced53bd5948b9c2c3e07be
SHA1 5622b220743b4958b3e38805d637778b8e91f710
SHA256 8d9f4028b8b7a9b66696af205989d0fe6097754dfb4902ca38651b22901b694f
SHA512 1ac5ad36a5a651aa150ecd65c233da1901f59711834d01507f0b9ed3924aef45ce19cea7eefadf64f28ad37101442092f93520d899becd85479bcf687b181eb8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 64d0f4f6caa5c51008a95bda9b0ce1e9
SHA1 e7f08cc71eaa8045e02d036279fc692c179bbce5
SHA256 54299e027982f6ca88f58d15dd73593c50a2b60f40300e8f0387633f6dcc5282
SHA512 ce1acbe2ff23de5a86a57b752e62a91c881535c1b94eae3c160290c94c814fbc85bae81cc7355f195f8405b05e151be0ec07fb2dab43d5f6040701340ddea5a4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 09aba0ab41cc35e641018d48c9f9f7c5
SHA1 7d1b757aa4ffcd7d39bc3fe16b7aeb0e0618ab09
SHA256 611af8749f3e3a5552ab9db1bf55b00a8ad220c8db0887570500fe0c72d84696
SHA512 f03d49f59e8964824f1ac2493c170570ba890ea0f27de2a0e24e0ad7b5c532eec6d08fde5d6a59e8ab0552b75526558f3c79380ae1b51501599fbfa4d88275a4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 1e6989501a6e9ae7e5daecaae7c18ba3
SHA1 e159ac3e69a065d9f39f2d20f9344ac4e8175366
SHA256 eba5dc79c02453c98bafb92eb819f6bffaa8efd9bd79b41bafd08e1fe9aff0aa
SHA512 d38cbe6e27e68cdfc3f5d92c3561263f638512afa3db7ad08f75f35af4414a237f00481405024be18a2fb330bed398dbeb8b29c14b959964850718301c224fea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 abb4347be81afae1a74fbd33a3deb919
SHA1 6256dfd1da9731fe98836c39fad4566c17ea3dd5
SHA256 440888ae524118979bc2ade3f1a6394dea3b81e6d0343d7b268dae8c17f0f91b
SHA512 91cf62a6a2cceb5d93eded9323f38f6773c6c9e6f14aafa073b1911810586176177d4f04962c0c0956ef145c6745b4f4467b627a811444711c2d1bc75b352b79

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 60e67daddd3b344fbc0dfe616e27ce43
SHA1 f7f807a30a7524c0eb9d7bb3773577c535808e55
SHA256 a700a183832667da796d4f7e8f0e176007fddd239c0e534d2a2b7c8081af90f8
SHA512 1c3f339d967d0fab26ece6bf9736f3bad14b5dbf98dd9fdd551b54a511bf45d4e1bf3f018fd3088da5535ce8da71d51c61b4278b0ccd77b507ce98a186235076

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 77aaf684f34ef1f3914a4afe5ab4fd94
SHA1 90218d603b64381db9a73452b49460d2322cc92e
SHA256 a795320361cd3f8a71a667957240f3e279a5e80e86b407329bdb44cd4fdf179b
SHA512 06544268f12361f451932eb84ffd782f719632e3fbdbf092f155628eb24b161e8b06695d6d07a61696186cf803ea488c9c1e2e2863c13ca6cf750b8fda08ec44

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1cbedb4b475fb8df8ae5dd1fa986ca26
SHA1 ce398a2ef5dea0ecd29733080ad9e687a29d6bec
SHA256 8b3a9e672522c1618396f178cb3c0f72d9cd45683f68db96e02f9b65515fcc19
SHA512 5037a15e108c860a879d180404cce1a865716834cbd511c67e7508205be257d68853bbcd6e746a9ee80b7c9369ac56793d59fe889748588d5c58e8ac10fdb715

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 04:14

Reported

2024-12-13 04:17

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe"

Signatures

Renames multiple (2190) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-250.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-250.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\PaintSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr-2x.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-125.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_40x40x32.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Oobe-ReadEbook-Alternative.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare150x150Logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.423_none_62aeb4079e61ade0\f\onenote150x150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square150x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TileSmall.scale-150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\Images\feedback.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\serviceworkericon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\branding_Full2.gif C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-7.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\SquareLogo44x44.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Square44x44Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Ignore.scale-150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\PhishSiteEdge.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\invalidcert.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\defaultbrowser.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars50.scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\http_403.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoftwindows-undockeddevkit.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a22e961d4bcae1e\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..llment-winrt-client_31bf3856ad364e35_10.0.19041.1151_none_cf4e41b223626fd1\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\ReadingListImage360x270.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.19041.1_none_21244f0b33e2b22d\ClosedHand.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Generic.Theme-Light_Scale-250.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Assets\Splashscreen.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Exchange.Theme-Light_Scale-300.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\SmallIcon.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\OfflineTabs\OfflineTabs.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_theme-dark.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.423_none_62aeb4079e61ade0\r\officehub150x150.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\http_403.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars45.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare150x150.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\4.txt C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Exchange.Theme-Dark_Scale-250.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.1_none_ce10e80fc93afe5c\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeoemregistration-main.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsLargeCloudIcon.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo150x150.scale-200.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Light_Scale-300.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\acr_error.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-7.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\cssfileicon.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\http_410.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.19041.746_none_492c8c53f3547077\OpenHand.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\SquareLogo71x71.scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\enterpriseNgcEnrollment\views\enterpriseNgcEnrollment.html C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\StoreLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.1_none_484e61e96e69ac70\SplashScreen.png C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-6.htm C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DQSSLSFEDUADBWT" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scJwx53779yuaDe.exe,0" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open\command C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scJwx53779yuaDe.exe" C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DQSSLSFEDUADBWT C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e9d71f80f9e44314a81f97542939b75b_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0e33c363ea51f3e279fc0e7656c91b11
SHA1 997909accc0947c80cc3b7fe6234d97519a74fae
SHA256 4af925c2e226ef6419b4cab0d3e8c84290bc9c6b477c6683ea69a883eb7badd7
SHA512 06025c341521bc3cd4349cbcb475aeea6b6a962bb5f9b7537f2a9256c7f03ac9a0ff9e30b4cf7e875fa7a50ab4bca30d7d89c81e9f7b5432d3970c07e0bfcee2

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ea6fde1d6b6ac7d9080a5738f2a362dd
SHA1 259a7d668766fc31a2fccbd24238632871e779ba
SHA256 a24759186983ad2ba32f5b0d4012be53ca26610484adbc1d2c217f1f6233aa95
SHA512 18691d783f497d78279d57022e865a8a34cc6ec6c91838b4d106427e63a65c990c995ab7df86f43b36c37076835f7a3eac41e228d30836937e57b8f71028e682

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5f8ef2f7acf839f7ff5d208624edc7f7
SHA1 dd2722f96b40e3aaf60eb730cdd8c6a639fcca61
SHA256 7136af0dab9934b100e1169fefd8f8da4a01be69994a63733899d1cc6c4e6c5d
SHA512 2af3ff64a36c7e3c76268e123c0f87e73b6ee37d502b648bbe1c9c4c6767d3c62cd8b080efedcd29c852b5a9c104ee75807f34ee0a282e9a0e6d6984fcf18eb5

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 f9a29acbd8faee279bce5870688eba7e
SHA1 858799eb618ab4fff583feba21399ade0f0a5b43
SHA256 d6f0b055870858e8f31b0c874010b275c2ce92c5694f6b9a37816cce93565835
SHA512 79deec423f0998f0c2eb5d346f8019e11af2ea3c8dc1aa2d4c899e0f7a294263649bdbe1c4d16d8f673c5120ed9d5941a8b558d91f4f34c9853adc5dc732cb94

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e97195f33d4b7ddee86c8977b6e6b00a
SHA1 bc04877848320e32bdbaf0589a2de7ead8d64a25
SHA256 1ae231c2d32ff2e70259ce0d13f1b3a52b85136f5a0d8503cae612bad98b76ab
SHA512 fed45ca2c1d6110dd18031d7eefa2477456bcbb46deabd9d0fafa39834b3055cfbdcdff2a0b8e4a4e05ff6c531b7fcaca68c3c4f7f2a59103395487b18751678

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 e76072e4d19cf97a82dd450bd9e33c65
SHA1 84898b34c3d0eb74a49165a8ef22511499d86e70
SHA256 062f6423092452a6a71eae098c7fd4475aa4bce74e0614283a89cd6b7dd5d592
SHA512 e1eb4651bc12928427b94ff17bee46f8562681996d71eea3112e416b23648ad3cae3fe65a8d9b6b7417710e25b5ce0388cd576c3d1eced59016edacc03563e00

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 edc803c7774df31a430c4fb97b29315f
SHA1 b7ab3643a515285df088e26d7dfa43261a7da480
SHA256 397a253f798c87cf6656164c17b648a3576f9a4c5401ab2008cdaf5d49b29b65
SHA512 90167902150a96196d1096c5bb05b3f0676e42b2cb508f912381c1ad40ee2c4836a8d1bd332d024aff50663f6e39bdc4ef3ff3a672a65d152e8d0c0d3baaf013

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 21bbf92e28373d4894555c86b1a868fc
SHA1 978f415702365539813f2556bdc2f531a633cbde
SHA256 2a6b9805fbcf72c81d707c9a8f6eeb93630008f4bb6fde9597e5ce96ce05ec16
SHA512 d6b12d8250aaa2a937c430c2856e1ebb0a8d93ff48c508d24709f9f63c7c1ad54d78effc0ada5dcf8fa324cf292669bf4bc56ea5d59220538c9dcaa23a1b065f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 730d22fe182a23e6c0c3807951e9641d
SHA1 7a6b4291aa7018995fcc3bb3b42a70e010d27578
SHA256 9511e43c82f4bd36d479088bd9a59b7d69c23d7c9b513314121e9844d79d9240
SHA512 9011b51348fa233c9a4edefcdc02babe904aac7a62344ed7c81519a7177bbac2d42298d148fbe439fb92feabb9656aca90f692d2d165bfac49c2ba514495b580

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 b3f5382d4a95e273a401338ac8cda047
SHA1 71b5a6897ea902a41a1011f01f0b3eb78f0ead12
SHA256 eee0147da1bb78b67defb84d1a4edae7fd8d42fae7713b03688f4e36f58bf8bd
SHA512 ac571a0b84eb6472907dd0db14bcd73d13ebd36c70e57cddae675fb4bc4c905172f4ec233dbdc528d25e9ea80f381f77c22109b4d9a41b4934e4c7aa86a13ea8

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b8b7abbbdb06b2e7492ad9013180a954
SHA1 c6874ce7223a1cabaf9771223e3abbe4757af20a
SHA256 338a29b9765160424f90bffa5e41109df2a37bcdbb3e15b288fe4428aedee124
SHA512 701166a36969101612130534bfeaf20b581a714458b6b8caa2a3235b6d17e1288acb034735ef1408a08d42abe4b59986d6649e73d00a433cc53910437ca046a7

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 aea14e4f234d6e1b08766ae62b23b971
SHA1 d07694e86b5603433dac0e0fea2bb55107af1369
SHA256 eedd8fc21048c746df6f36e52dce999c763508c816362c839ea3caad6dff154d
SHA512 3ebebbe169adb383458aedc509e14e91b1a47fd62262269b640190d7b9e459f6e6013176e4ee9e5834c4eed009a71ee7867d3d448b7dc855947a33cb65fca642

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e374fd577a64ad4e8cb91fdd1f9f4b2c
SHA1 f3ba659140b7337a73fe4b3f37fe47930607be27
SHA256 ba719c600a60df4cf44677dcbc16cbb9f3bec0509189fff2692c5f64f3113946
SHA512 664e0d784cfaeb087e5901b25bb19d298f8bb469fb78df5aad0456cca241fc4a5b3145fe7e1d8d5ed418b4ab001ef6a9e026f20f225ab2bd75e45a7fbf1e8bdd

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 815e8bcba39ea90e4a78d9fa5b81b184
SHA1 fe8f70fba0b9972ba007f0391ca12fa78df21113
SHA256 1139abd6abd628f70ec4f267c0dc24206988e1a4bba35b6ff861d2b6b6b30853
SHA512 b94fd765da7f72244714c90191cd1749c8f417a3391c0ec1d5ed6f038b70a859ea7c2b757ca04833fd9bd780f92c873c40cb3545b4d649d0aaab046993ca36dd

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 3b7366f45d171ee2f9a8443e419dcca8
SHA1 ad6221b4b77b38a18bdd34da0e7514426eff27e3
SHA256 5b42c31c6a8f212dbcf860f17810a92ed31a4c6ab496da8f7d3074f2d9468dd8
SHA512 4c652ddf15963cce2c9378788df46179bf71db16786aebd37b84f5ed7cf145d4d4314fe029228a15a4daaf15922dbaaa8b8da552e1c36e9eaae3abd61b2fb287

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 2f56bad38682fb4cb4b2b0404258d641
SHA1 7e308d20fba08f1d41b0dae38d77ca34e5e49a7a
SHA256 b114b7d25de093287ed0a17eb5fb97fbec6305bd1548a64e257682fef7a9b8d0
SHA512 b2614c0edd0d807a55c6147e6f564cd0fc31fbbe4c4fc8c583ed74d1131977bd0c9c0cfefdfb89f0d29e51de746899a22b6002cb5af730cbcea082867d2154d3

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 8954991abdaa464cf9fdf0b84ea9a5fe
SHA1 eb3a4046dbcb41cf3b6707dc7aa2b5f4219891ab
SHA256 eac17270e43016a634c7b7484d760eae16d1dd8c0be1ad8c71849ce2f0e3e0e7
SHA512 54953b89ed2756f080056d514e29e700d61cdddb5d500d81c2684689c1f968871c9b78a2bcfd45409f4eb69a20d8c0ff9fa72147e4d6a828b3f1efe17ca38fb3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 01a4c69afc1ea614682c63914e626909
SHA1 f38964337cf871bacff8b1a0ce91e4e92f4aceed
SHA256 c3e2f4333ed34e8ab089721408372dee40a3b034af9caed08cfa487c983623c9
SHA512 5b6bd696b0c15072c8579b7afa1b34364e594e6f2ad4744317597cf7b2a795882e0ac3225e4e166bf3d6f761a7e39e1ef830a6ed3fd215cbf479b3621609a6bf

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 0ff32a9c99618783bbffdb8521c53ef3
SHA1 527c1172379a129b337c310e6d225686e5bc5a2e
SHA256 72dda59e97bf49d3828ae4d05c4bae03946dd4d40f33e9c99c31805dd3910d5a
SHA512 735eae7242615ae500b41f339b9d9e966c5a077f81bb56dcea50ac9ffea872d73cf891339aa91b980099e0ba573bf3ca45e57b7cc59d8e9ca4e09101c0862d97

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 fc7f48f07fb8345e363b530f807007f2
SHA1 63bad2b67b8e0a799295a32ade16a957f1421033
SHA256 d4a10742015ac76206a8f59c804b1dbe2bc8de4bdbaf8684320a363496f3ec75
SHA512 d01c32ca0ee97877788efa7e69c67866b9cfd61e1abcc10fe9cd4dd65868035360385a68d45eaa3dd45b313f755d59f42fce2523a646ccbe739bcd86f46d4f74

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 28cb28be2169a176174a239173d765ab
SHA1 60c4ca85d30cee6bd4b3eb3e5cac01d45f6160cc
SHA256 efa2db380bb6a3ce7df904f91c8d8eb78f8fb73c0a171a7a4a255b37cb9a1c66
SHA512 85c9d03f427681b0cccf289febed57ef7f27420e4d771d2588a0b9c7a7774707c2bcdc8fb021883543f4c24231223100a24fb96545e34f3f0ee8460be94df4e0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 86f194489239c3a8132566f0ae08b0f0
SHA1 8a33058b665f60ff6d7e7ed9bc42e46823312878
SHA256 c30c914cce7ed0aec6116cd86922b71dd9c7f1128914942673e975495093b152
SHA512 5f5c7dc1958db5e88e2ba078ea81b6f12e92dc80371aa427ebc4ced737ce89728fe8050bb3b47493f6025bd1c94fc6eb226225fcafdd1c3811308c38def113f1

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 2e5fb6013d2046841c38dbd2efafc770
SHA1 d69ae54cf10de58956716c89d2ddeb7208625b38
SHA256 336796361003e5da1805fb262693ed0902f2961fb42ce7f8464129b166a6d3ab
SHA512 f3382a40807f35b92bebb246fe2a1f092869d12213825ec5deb081dbe6edd55e7c3041c77b7cc71ba2d5c1d98d762da4b1a3f302f8c51e8a1cf2b5ba800362b3

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2de540c1292d26fa84b66cfc671a3fd5
SHA1 7c4c4cca1da5a54c1608ce10c56ea1c430739557
SHA256 1437ab140f4bbb018af7d8761be9dd013b2c1dc619ba3561ee62aa69cc3f294c
SHA512 ac3ad93b9264e29f07b39eb84ba81e1c09f90e26456687b4557fc4f20a1e54891364a6b9767c76d9612f43732b79bc9c8b2c9f9429cca1d4b43c5cc54393d2c2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 8b86ceebf72f69f22d27fbcd772e8935
SHA1 1b98fa780917c1cf92ae845864ef7b39c0d9f076
SHA256 7019d145f022f5142431034f48e2d79dae6fbd5f1d0bd835fd619c511eb7fc7b
SHA512 c8ca8d47ba1d7618a1e3652ce484fa0c477e211ad6062b31b9261b69b646b648a722ba959d7c5acc5fd84bc47e7e1dfb8d111413d2d66b66f0b21d1649a93d84

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 abaff541ded7e0af62c53011c9b05744
SHA1 a6d88aa5a301411032e97ec4c3753edb2268078c
SHA256 78dea80bc4f4b3cc65ed75303220a0ecf03ba545fcda7bbc071d9a88132d5f72
SHA512 c22adcf032e8729202a752d0ed42644e7275d16384debd569d9bc0d08cf611ff05d30f184260aea4071ef2ca6d000ff53e100c4f16526b85c63de5ac7a5c4a62

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 f7c226bc255c11ce482d39f3c394c8ba
SHA1 b340fa50b0c22ffa21f56e25efc5928742efdf07
SHA256 05df7f4670966b73a5f3e08169d492c127e69871826ce3244ea9a14f5d0a78ff
SHA512 9dff26558732a7c1f5a441c1a3527bdcd6a89d11dc2f4a833e38a1f3efd1b2db0f2748f077cc596dba4ea63f56043d8d30b7aa73fc7e263f01351e9b8ef7606b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 a6c61e38026a6f0bc0cbed1663e80a51
SHA1 f8535904f447ec17c66f7c073806f05abebcf34d
SHA256 0f5695822d6521586ddb93f6cf8a7723c8915f0cea5dd42e6e69a0941b9b0dae
SHA512 9b5549398b222a73de347ff7e7323a3d2cc0abde636e5e8e7d8bbcd164dba4705190804682506566e21cbf78a0046f9e4cc9def5b3011382d7dbfe54739d9f75

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9cecff1c0214ee18dcf109d71b33c01f
SHA1 bf74c1c6fd288776319403370ef37d3bde9993fd
SHA256 4aae6197bbae157428d086c208b4934593aacd9043bc61d647d7f0ce1792792d
SHA512 e84a65d617d5ff288886b5028d58b87e113422d5bb7edc8fc3f1f1fd2c4b2e61fa137c729326aea604186f55d06994843296a8be16b739abb3f0215c0fde578c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 4b0517082a26873eb1e8db2dea7c2908
SHA1 53abfec318081ba7d6e835d47e73e13b3d5fea8e
SHA256 d03661315d47aec9ff07eea22f004610796bd3b8b0d7fe283434a0491087e74b
SHA512 117cc70410fbd20632fcf6bf4e045e3e53ab5ee48695c69acec4a2e45e63adb1a3bc05ba7c08c100df19fa0f8a9f9b0384838b9ebb61098b7f332d4946778725

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 64844573451d52497d55ee7a7eafeb6a
SHA1 1a7ed1107dfaee60232a055568bd5cfd6441607e
SHA256 e67c00f945845d1f8194563cbeae657aae851a059eda52886a6082d0d2cfece6
SHA512 4f9aa37e213fd37c21f55349f94bc33de2bedceb9e237336ec29121765731fa3b15c070f42bd786e40560990dfdbc575da48105d0eeec577caf7c978b1a36eac

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 6bb57b761da813e45d97a966184f5cd1
SHA1 d078ba78fff5d2af6d75c71474b92a264752fe60
SHA256 a08b019651445d9eba38e39912d8f9addc09049fee621b491defa8284360b8cd
SHA512 498960b030bafd6acb41b5b724732fe69e3a04e3314b18696fe009a689f49a4962372c9de505d31fcc6eaaed8e3d64c49504f5b8900dcce470114cc2f642e290

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 f35e59c983df24120f42f14d11b6b232
SHA1 f561dfc0b36fc26d1496fd84cc98043864c646de
SHA256 5394094e90d9f0dfb51180a6357df8148bd3263c15c13b853e1b025ca150d9ef
SHA512 a158c2f0227e9cd569e288f441e370df2780828fff391a170d9bfb6bac084aab8cd8d94e0c7bc6737809e94a563f734d85485e915b0757ca7665ac9bb6ba3c3c

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 a284b65f43708f6cb72dfbc791e5db99
SHA1 33f01ea18cdcb24b1976138e580d9815e144a992
SHA256 aed7e46e6142e2e88b881396525020738e8a45c0ebec586a3fe50ae604d1c168
SHA512 57e865857dc0e9ba5d795994fbc586bb9e7abf3c0de9fb1de4f87e2636d7eed09c1522270ae223ec6104df8554104ac925b8d85e75789da1cc5d7115cf61d221

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 faf4373073ff4f49d6e5c00b76e7c86c
SHA1 7df0117b1ae3be214f225d131b5366bc5b5a5e88
SHA256 a7ec2682a4d0f4560147494db57c4dd52e4692e6076f0cae584e2545996b6943
SHA512 2e32c82fe4fa701e9d9b2ad0552034053b17ab497b50ae13d9ce24176730fa84906c0c9331efceed580ac3504c153ac85d5713285ee961825d8d93e242c7a931

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 02ffb87c808fe6097c9de5a8440b0908
SHA1 176e56fe6ab671f4beb48e18b6334ad48568a500
SHA256 9f82319a9ce8a45fe0252a2d0177b3e883f0237ac35e87d1c9fe3b99d4b28825
SHA512 2b727d29e5da08802d35aeef76b330905845902f3fcec2b655da70ab0ba80532210bfb94aa27b449c217642c528e13527dbe87c9f0cd4d4e329ef5a6d50f4bb6

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 05025fba237718a1588bc058762bdd17
SHA1 8e8f744152e74208299805976ce529164feacb21
SHA256 e4e6fc72dbb9a2b74fc33755c757852e91164448a20834205d7e589f39d4468b
SHA512 7900935fe1b23c38a0434e513174b394b59c165ad416975f40ce18c7201b6099fa596a220052fd0bd98cca0c3c06b1cf562f01f14ac5e7780fdfb817c97f5e64

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 eab0b6fadbb50a17a57747f40c3c4005
SHA1 beff9b78e8eaaf532da3fbc0d615e9f922449d5e
SHA256 38fd536cae650629c0ba4aea6444c1669c10bf0ba86f451a7898bdc42da1b621
SHA512 caf0f48b7f43cbb17e716fb7e4f1fdbfdbd264090d285c2408c068010830545d240ea4e0dce86003dbb66b53b1725d0e818800237dc85886c026318a89dd553c

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 97d1d805e479d9b0a5dc8d5775b5a6b7
SHA1 65e706e537eb449a28e5a8820e8906740dc0eece
SHA256 e7be05aeb962e30f71f9e8ecaa12a8e4a5426208e938acad053793529217820b
SHA512 661a8269d7d305810d68bd3112531061da171f89c25546477beb00571fbca822f0ce5d91a4d069e496af3d0bf4d2e48379b64b7f3bda90de8ef908d5edda435f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 0f8e24ef8e4a5d51a39ffe9083d6c23f
SHA1 5a4078100531bc4216c906f64f8950418d2f3b00
SHA256 bf8dce9d0f3fcc7b996a6ef9fbb11597f850b2a372026995c9d712e1fee4abe7
SHA512 6713b15ff1456d2145b3e36d2f0d8c540966d1710355fc221b40104bb6be3b929ab91aa951611a9fdeceb2726d6ed17cceaeb4ae14ace05d467cd4e23ed540d9

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 4dcf62ebf4acbd1a6f8750ccbf106ca6
SHA1 0b66d4e9dec32301827f85402f3900ac127b14d7
SHA256 9906cc077a31267dacf8a6554c556e62b844717bf4792d40a158d8b7ab0afaa1
SHA512 a9f0dcbf7adcd509dc85a1b562899646d23af562e16c79a261b779f774c7670e35d9c7635920aeeeef81f80a0edb4eeb726a831e8e050ea68ff62f26e02f44e8

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 124ce069262fb86bf2f05e6bd74dd16d
SHA1 79982cf00f6e28b388a092bd5b1bd9ed66eb6457
SHA256 4fc9087c2869bbbd311c79cf7d0abec4a345a0424703c0563fc8f85e4c4c2dcf
SHA512 b0b91289923c5889cc39a0869882558f52ee5ee4e67bcbe356848672de72ffd59407d4e8ff917bf47192a4f72d1f2da40ff875c6fe3306bc5ecee014880b0fde

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f09367344cb43f493b8fb437b4870266
SHA1 65de1fe2e8c0e393034eac06bfd83b8afdce20d5
SHA256 617bde8668ec87a3ac967ea482edeb054aecfa3cba990ba09ec0128e6b7d8f5f
SHA512 cd812fba5220719f3d4a2b110644bed1bf6477ca4cde062b964e507be629bd3e0bb47656bd8d803b365b9663fa0bc3d9409e6813cdd9e8a74fa4263d12b65f49

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 46a9f77cf568149fa0b761895d82eae9
SHA1 933761e0a85c8de55196f9c53802e7157572fb4b
SHA256 d75df877670077b53df0292f7d6c0afde53abf69c39dee73af2cdb2448da3454
SHA512 90fe19687728a6439047c6096fa8dc36e18826d790097dd1e3ac3e094d62b379719978b68e67fe8d8e06ddb2d7bd9b08f79f779cb9c0134716180adf6971285f

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 a316c247e5b4a0e932f0116a2ced0f4a
SHA1 b0b8cec81b2c5601b9910391f3ba2585198f336c
SHA256 96f7772ea7814abf007050c19f9257da0286fe17c7622559e273f4e50eb7305e
SHA512 b79d7279dff4526cb2449fa6fa9d2bcfb0a8f4facd09a2193d3a8135f1f4ef1d60e9e1a3821a24160711ad83b13dad67f182a7a61ed956229eff4f164922f3b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 7c9043bb68f6b6ed03c1b7befbec1972
SHA1 1fffc1c7d4f7fe0d82a6635fef0306f7492b2234
SHA256 52890f12ca84c8ae67d07ea8afbd7ca13801ab43cca0aaab1aefbb3b6974ad95
SHA512 c95825ee7ced4779c53dbd1419224cbe1c9c5dfbe952aee0473632dd522697086b97146925f9f01c92c201036164f51ec057153455d885c6d08f34a8b4e8d8ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 5e8a16087e3e8412a88e5cf3673fd1d4
SHA1 53c50b22390f7e476ec7657021cdd1fb15f8e1dc
SHA256 54d5e9cedea63926ec2c7d5612872cbc7f3690eef32ba40e21d813cb80e13ff5
SHA512 18114dc9dd60471604954987ec4f7378cd6144b16e05aa9cf9cb36d3b9e0c11d683a72b3e8c4dda4a6d6247e3c968339274adea1780b48a46f42a71a0aae4ba1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 02ef0f2382618158d03971431efb85f7
SHA1 7cfe6dce2fd6678fdba7fe3ec3a5bba3f024c5aa
SHA256 03367a8b7d6dbe0d8e9f9be551958e71a26c374ffa8f33dfdfafe8da592dd3bd
SHA512 c9b900dff9affb61fc5cce1ecfbe3080970a9e54d58c13e97893475d6d548b54b3de6fbfb8f0024441167de364814a9baa8b6e31c9b2d4b699b656733409f47b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 be75daecb2bda3e100673da10f518326
SHA1 71f2000c4a584356e997964b6e7d7907fce0fc71
SHA256 c91983cf59dd332eb743250442e1f992134e59f45a7a5198f56023aa22ca17ac
SHA512 b30d9d1b1a0de40343d8188f5df5478ba8871a1739789ed2056d1bbaa1b9265b903023b07e4ea9e3c4acdf28dfe5f0d1e13b4f9b7314d14bc158cd0296aad722

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e2650f77c2634b887706c941e3db2a7a
SHA1 22e58143b997b1c3ade1568727acc5e13eeb1c04
SHA256 f655b60614fb2b6e161136c7d9278c6645599d9dd996faac4926bbbd5ce6a8ee
SHA512 2edbcb1a1b21cff355f5966c043c41c461cf9df2cd2a8712b45a1d7e7e027c403ffc5e1cd63ac02af9165af94cd87b42d618b3601a21e2fd234dc3d263259021

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 2f33a81089b27ac8ced2e64724ec2acf
SHA1 af92b92a0c4203fae587adca3a06d5043f56d701
SHA256 c95edf714537b8e76665c39c80b0010adca41b83efa25883d2a2080e267e7292
SHA512 9afc6e3e6fa0b02ad51e89bbae839742c4ca85ac442df6c322f67b990e7c61c8af968d76d84b4e06e1a1e1cb0ab29b0930a0af8a65fbd91cbc43c9d69b451c11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 5de3b450dac374e26ce1ccef333aa2a2
SHA1 20dc31f268693ea0e06d839456128770d399e05c
SHA256 20028b61071125085efa01278269a01c19f902bd9e4e8e9978e3210347f924c1
SHA512 a374eede466f64ea483f40a4c3080cb663ac17b69d8cff7e2fc3e0ef1fff96369dee8ca48684b8c6fb8bc4f35c9e06d0997a6de4209e2043e1b65c8d7046ea9e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9a7338cfd97dac246ad8283575a5a30d
SHA1 3d2ff8085addc59a2a87a132abf526561d921fdc
SHA256 2063e89fa7ab88be30ee170a085779399dc87f39310ef2cfb70a64a98a14e660
SHA512 d2761a2724bb024935510ff8bd4fc41027f6e79af0144f7381b09092a0c1389ef24aed88822444964957599388f921aa8cd60f6b933b84c81f4baceb3ed7bd43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 68637878f284630255177806f2b141a7
SHA1 ea78522f9fe6618eb6a0f974719cbbe61749c228
SHA256 62cbac7522fdc3b2459a89a7d03024dc542f9f90a2895fa805d5c1e7f442d21d
SHA512 a1872517667ddbfffb499997b55c3c411c9471393d06aa11222d70732b9a85582dfece18dae09923fd1a1656e5303f8469be86552d1c14a1f612c97875f94d7e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 aa1948e9847eb2e59c6911d4fce19989
SHA1 4ea537b700793e5eca04c6decaf387664a07e954
SHA256 9e8a16301c1a2261cf2c0865b0b4d2e8e4001b5670f94fd81bd222fff431dbbf
SHA512 a2ed344c9adffbbbf22755d57df07e8e1730d63175835e409a9785eb8a9209428dcfc04fdb4eb4f57f3bd507f1355eb86f976026383acbcdb11ee944643db1e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 d6ba52da3d7f87aa8efdcbc975e4b939
SHA1 5fc52fa94d8a79d56b622270b5302bbde27469ff
SHA256 50d2fe210fcac1436742646ed216db806b190dde0733a03fbf04ea24a1f0e803
SHA512 e10d1dd1096aca38aeff75b40a322430f1568afc7088f5f8da65b7cf822b686f076b3b696bb361a7d1c4db409c83ced6a4e02db19c0ee5ec1772b2aed2878f3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 0c99975d8b605e4ee39e68fcd76d81db
SHA1 f76b7f04859d5107c2c9912ad326b7ecbe26f754
SHA256 187aeddd72e9ca51a7c3411ea0f5883938056ea50750a97f22bbcb7d1c6e7438
SHA512 60484795a0615f44b096819dc15f0ec86c536e6fecb02203ff0da23dccf13e2700c9eb6cfa61b4b67649e747e72d061e6bf9b5d2509e715e956b855e7783d6a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 40491a8cd4d7811c17e0458ef8b7cff2
SHA1 4fc18f09210a7a55c775834e691acae11dc20823
SHA256 46926aae66d3a9c011d68fdfbd8332d99f45bfc935b6997f8b3d335556d15ea3
SHA512 a4d73877efad7ae5defedd8b07a9fe14de4da3338b37cfa8b8066be72c1d136e9c1bfacee5b56695204f6f8ec667498725b662a2beaf49defc78458e54af1e5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 00cd7f72497d3e3053e6b6124ce73624
SHA1 457251a366ad83d500e4ecf58f30dc524a41189c
SHA256 d8015fc4873b9281f2965c3350aa90fcc84d551e5addd85503d6aa9021bd4a55
SHA512 11c2bb0318a72edaa08827c555585b0ce6e6a66ae5ea29b95e864b5b581fd41cd351b3c4d1e535f8c0f44d8c4f1720b5e75e50515b8dfa002403122b07eba298

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 567b9e40393fd78463460a9496ed8c77
SHA1 c81a13c67b21d404655a15eb8e296a98f71f123e
SHA256 16698fdd5819de715333edc00ff461cf22a4f831f76ffe158b5c06aa910b4b6f
SHA512 48a956b08cdb69aaeeb1a396fc93e8b2d33d2b81ea9cdf4429bf4b5891a695784facd9d3a205999e7fdbe1d21ab448ab49f0f3bd9537f8e29d9c529771c9318d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c3d0a68c96ce29451fdc4a647704b1fd
SHA1 6259ec93a4ff27bde572853a49b834666eef8e62
SHA256 293de94caf58359cc03470b0d88657f38082fd5a26566bcade4fc88bce7c1037
SHA512 8577a0dbe543058e0b8f91bfe1ab1346afb2e15dbae52f798a5799fb1ae9fba72f1f96815243e5f0b79508bbd2e812d055aeda55854581f7cd704b187d528622

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 02bf3740f62a9956bc93cd7060d2b3de
SHA1 2bfb2586676be80d78f9272d7916ee51657f0c0f
SHA256 412c94727c82d2969fb2d5f714e8ea91015d1dba26a6c1225e38792481984c02
SHA512 1a4c7159cd24cda05c8549fafd8c034a7c9976b0aa9e834ea7c5e489bbb9778954f3727524cf4a7b9f5e09868a8a222508b3ca42bf25e346c748b145982f46da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4a2381937cd79f484b1bb2ec2add38f6
SHA1 fab888c925ed6e60f05cbb4c7a5afb99dae51cae
SHA256 709f0296c56ebc04327ec694e7dec72167b19467f94bac95a1f347928c1eebe8
SHA512 7ee44a610d579014154454af77c860a4abc8d36966bf50f3aa0735a79f1bfd1c8729e160fe533537665c01ae97c442ae351e591ab7e26ddc50453ad9720b07d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 45205503731e6d55c798769cc5c79c39
SHA1 784b567db089f8f7f1a73211b0e9980ca0bd15d2
SHA256 1c5cb87d8df60a1fa52eb4fa4eaadf3181865e0df6a75ae40e5a4b0a05b043ef
SHA512 0ae06b35178e8c38cf5ce4a97e2699e6f97ba57e3bb21dac2d768d1da38c907378445248d492ad9ba77a4530225649a9757d32a74cc372689dea569c4a56b786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 536dcee93a67a59d46e186068496d694
SHA1 f59c3748a3104383efad5944d29a6694886a5282
SHA256 c11a4da61804520ea354aeeef7fcad7ba81050596df462177747f99f09259688
SHA512 61be1b8e28211fd15e68039f6c547ca5b4fb66cc5548f2c39dabf5c3d0bda2260fb85d9c11a5ac0bcf45bddbfe6dae11608990ff9a38a8bf1e05fea82a76b776

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 1a5d788a5447e3265e021c122e46860f
SHA1 d20663638bbbca695feca345b422b80b325a793e
SHA256 56c7dfc2fc8a843f29b0d9765b56210ff2e8d205bf1a2ad5149c684a2e592d51
SHA512 3ecbcf09fc4f092a7c0f8fd053cdccb7100e0440eae2272557b3352d55316c64742f60ada87eb90fcb96c0e98ff9da9b39ecab230d8fea9d254ff34cf763881e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 29cc8a3279739f86f28acddd0a07b668
SHA1 61e600c864ad10cc60134fea2fafe12e2b405113
SHA256 38aad36b5141dee0d3b0e5af65a9cfb5e6957f6525e8e0b5dc2247ca75fdf7e7
SHA512 b427e7c22f7e1435ef0ff8a5ab964e6ff5e70c2abc916fe965c9f595b7f607ea05c5ecc59f9ff9b70991cb738e3878c2430cec20c7d3f35031fd454c8e63e02a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 be5054167711d16e249912cca136d8f1
SHA1 b1929ef7ec15a1bf507f18e35fecb237d73c0046
SHA256 71a20cf4489aecd424ec12a8eeb00e20c879c658abf5192016b9be47eaa5be75
SHA512 a859085742b3c89365aa9376e8df97a1915ddd2a2add8162b6816c5648122f91d327a1b84dd392e7cf8c03bffae183e73221537dc393368947b9b5275eb92d58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7aa0f425d7c79979447cda39df2e9c2f
SHA1 6371def16f455baa1a620f0b98a97a10222b5241
SHA256 c332a5eede11cbc244fbdeed18a458e421d2a6085c8abe9a80d57ac979951bf3
SHA512 6531c5d685f8ef3131e2034b9ebd32dd0465724adf3b1aeb138b86b0614fd1bf76d0ff6986a9adb59033319a301a536ed16dcb56ba3571306c907da6207ae80a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 c614c13b94f31b9624df30de7e7f77ab
SHA1 3a74cb11f1263789bbdc55d6500a45d9923c754c
SHA256 82c0fd883de91a032423e1a2f31272caee9280dbb32d71df3101486db3f738e6
SHA512 492e0381afbce47080d619071f0b20f394e291fe27299a8144c1e885540053426fc6dd4a344006b59b0c2fd6452490840e9aacc852fc7e288e8d7f8cc1b658e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 24d783baa25da6c44d7bece81cec3cef
SHA1 17eebc2d3e94a7c3eb403ffb1e6498ba6f0f0f83
SHA256 c6f790bb07854585f204920b5eabe414459ccd8257f36f278e1f15088deabdd5
SHA512 5e24543524285135f2d1a710c9d6f30613080199354fb39412fa6463f34341c0008ed7afcfd580d2fd2ca3119b766cd3af574caf3dd2752f222f93f8c5d1d48e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 803556f222b10c178eedc1b03b30cec6
SHA1 ffc89f67b44b3e5c5083d20097bb2ef24b5d01f9
SHA256 b227ba66b4f3cfe31216fdbfe65a7864524dcdde4aa90dcc66843d9362d3e05a
SHA512 6c4243dac0dfcfad5f748c1ef40e4ed107219f4a306c11056547aabdf7d2b30cb32b197ac7d5cb5e6ecf40355ed0c13e9d224a17fa3b20675e800ca735d03203

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c2c442923e27c147124f215735ae6134
SHA1 76f7103a92c28caec4586c19531dd51987ebb920
SHA256 b75f0a6b31bb2dc0e8664e04678db84973a83401e0818f6458d33e4340c468f3
SHA512 6b70d35a2467d59b0a45d31d1e6c02c23964bda95582ba0833ed453fc4da4b570972a24e6cee8a09d060cae9c8bed759443072cf53079da79471e100f4c03944

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 1053f6f6b26abb842d4bf67e2abfc84e
SHA1 22bbc9026e3198f2c0006e9005624517d1277c45
SHA256 8e77b7eb92ed67db3b2dda9db54c754a8c9f6afd53c06048167bd3699ea791d2
SHA512 b5522aca588f8f362e4c33892cddc968b0688e74a893aed36168472edba157e070d8de898dcd4e017e6caafe55309968bdb5d09fba5dda3b1f721c749d001606

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 b54ce4ec99151fef8416775933806be7
SHA1 bf8e29cca80d7af72bc5a0177e85082b450d9a93
SHA256 5f46b4b1788f7295360895a6ed22616813ac482927c487b4a4b50763c5b852e6
SHA512 7c9398dc5ae9dc2b551eff6c71372fad16ad7d99fed1be7cda0381397c948468534853b0db93ac4e352513d39206f46a619735199f10fd591cacb93bb9e7e3c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 0723042e05290d2018eab770805a965e
SHA1 8d4ff56311ebd0392c3624877f139594d965f53d
SHA256 7caec31f609d6a75efd2c67211475bf55eeca05769a3eb1701b9956fe57d61c4
SHA512 27582a447d5c34ecfb660c76a045bcb201e94938e32aa1a0d1a215c4264f6e51aee6de7d67eb205e0966ea3370c22e7088ac63be5161515bd938eee1da02e14e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 5693fa20d2ab8bf8a6b6a23816559b3b
SHA1 c69fe64e88c7ce14303858d82e9317634da3fc9a
SHA256 25cced3e1ba9e4c0643b677ff7a59dd36c369720f4b118e14f32963803ff5470
SHA512 00fb68e255007c6109264d9fdb91157a66ed26145950436b1f1f5e298483ec899695b859db69745bdaba46d0f181e1da4b9d192fd99d4d6f069b55e040f5abb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 e7742202cfe5680ec4afbc3020c2018e
SHA1 cba22a79ae6c1169e625916a848ef340769abf09
SHA256 4ec2d4984d21f700db5fdd4a0a8137e326c4f15fab53228cc3b326fb55242e1e
SHA512 57b8efc447934ad7fe747e2f757e4c245e15e20cdde8265a681325276cdda92ac948ae986934d172945c66b8c4c65536c503b2e236be9a7c37dbc21c10adcc15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 7a2b66c62a1850d6023a3cee4b3ee996
SHA1 2658afd7175ea1c73694e33325d6277f776469b4
SHA256 f2a22766e6c83010d50f0057b576b580f4b822bbcc1f2b5efd597b4b56d21f53
SHA512 ecb4249341b887eac4fd271de9d851dce9bf7cfd23b61aa59140f4a108124cb1565a5c36de437e1cf77ec8c7771f8bb44aea237ec0f4f784fa1e8a5b1360d7eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7100c5f9a96fdf970a00d66c7bb7e965
SHA1 803f4d84d5c649f76e62c4dfc238cd4a9aeedb80
SHA256 4e80ab18a5a4f8ad7ec5f607b57bf9eb9bab5795a5b363c6120f704345ffeb43
SHA512 a25c0f49c11e36cd2002b1722126c08cde84db673c53589abb12226c125890505447c1b3eda207a99f26c6895d58cb0301bcfb2e6f618fc6996464537de8fb77

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 7679726ba64583d6fd3ec43511073bcc
SHA1 094af9c8d1e629f89c1fcb0f232213d5248c4f0d
SHA256 70919384b4de88279f95e8b3763dc2c5bcdabc449e0777db73737a69fe2b74d2
SHA512 d2d316399268901001df79d06fc149b97c83c163fb711a1fa5170e320cc081cc8f43a5aa696ffaab69175b059302f35a6e362304ee6fa7a20a812b68f045a43a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 4365a66056f4b67595171fe015b2d7df
SHA1 136e485d8e97f1910b75fc96348051cf23a29b73
SHA256 64f4390c65cc07cb6ccc3d080e00f5d7b7040308fa3814c9c6c16d30d7f2ebe5
SHA512 2e78b1acc03032e0b652290b03f4e0f6c88bc4a3e076e5455095e88eb2e9856af683b2c4b6195459b8854a2c7cbbd1e5792a90ded72a286912823f5a7411bb85

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 16d7902dc254a8ed2e4cf876b6bb9931
SHA1 904d67586268768f4c7bbfcd9f42136a32facfd5
SHA256 79e1b550665003cd62d0f6e83b250ce372cc47a377c75d0205ecae5f11e9a371
SHA512 62f72dcbd9c817001b1ba32b857041272dbf1ae2df9df1e561a5348b5e6779a72e69233c407c0e7cfe35c6850183b45fb4d34bdd43a48b657dd9ba0c886eaf56

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 7d3d732b59fa854a3e634a8e061ed736
SHA1 d84e95053f88bcb65288ef0f6250b6e90b1162ac
SHA256 511ead839adb4107e44d9b35b6bcd8205466a48e0f1499b5923cf2d8778e2f61
SHA512 42d6052584c7b1fa10d7843370f73b1fb25f74beb605a3663e3ee141db4278486d30a0e8660651c2b1cf782297716aed85d924075f87e00665285a23e753f763

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 9f7c398a69d01fce8809dd78d20f8c2c
SHA1 256660c94e6e5c82a9a249259b49c27712b3540e
SHA256 535fa330c9c42d1f082d8b9bae371fb92bcb76ff89dfd01214e321eac7c4c84d
SHA512 2c8413b8076712ecf6913ad33499a1c586078260a3851822d06c10ff3132fa93aa680371d823f3748203283eb4c2aa18f9a3096cca23e0842dc9e9f39c7bb304

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 94c0dda468fea1fa8abb9c98eaf2a999
SHA1 d54b89e0f849a1aabcf7188b7590c23aa8dda4a5
SHA256 de862eaf771494152d7831f825b979e8596eaf520f6c86c5b691323d0c76ba75
SHA512 5ba31f57b1392dceb22a6dcdfcf064cf9220f661fd6574b0955021fcb1740deee1dc1e91467319a9e78f6a012603cabae77c31dea9f7f6464f728ab676bd12ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt.EnCiPhErEd

MD5 6fedeeacc494750f8da7a7d0c8e21d14
SHA1 eb30e72e6aef0bad0f348fe3e341c54a71ce0d38
SHA256 b4204092405b20abdfc9a1e75d6ae2ed39545422ef0325dc498d015467b7a41f
SHA512 2917f173c798c201bddc0f9db7c51dfee1ba01724c02f0d1156149ea132370456587db36bd459704c940f0c5f8135459c9d4add40c3761124673a9a290d8cda1

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 80c8cadca8cc3ac64c6f5ce2a1457032
SHA1 b526880af3e4853609c68797d65302eefc8d6ca4
SHA256 09bd7ae87ff7b9eba35eadcfb9e6268c45c2f00ecee3a4342734d65fd7f36524
SHA512 5034f32fdece4792861fd2a78b02d52d3b60f17d31b578e344a06fced09df4496609be78f5ac843e58f23af367dfa44111a960bcb46e70a838e46b9d6fd281b4

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 9d4c290dfa6a86684e4d9e7a993676ed
SHA1 f22421fe0ff895b54eb5bb99eae6aa8a26f0e0d0
SHA256 c104ac78d12e7e8d9d3076fae017b6cd2f0be0bc27cf9c55f259a1a08a0a5188
SHA512 4182eefddb467c1f1cab925676f29929b7b90aeeb878d54fa6766d27b8771e32f72595e3038173f08832278998f781903c83a5e3d413cd688129fdcbe871848b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5786010e0b0f2056dcd104c5c2451e4b
SHA1 2b80db74bab724d20fe2fc2669249113343094f6
SHA256 20dd9eeb013872ae7449c695ad593051748fdffb44b32d65b6c665be18b50dc1
SHA512 9f8c4a9412e996a9ebeca99bc74ee74f9641026e29e99b0bddc8499fe4650bb668457be2bb9ba91e4ee91d97e4d250a2c48ae80714129f01c374fbfaac41bc47

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6abed569545dcc7b5ba87bb6d9370f60
SHA1 26c35f3957afeaab64605c51f5b47a1910c9d5e2
SHA256 ed6286873ae80f1a9507d639d39f9dada10bce0e4647aa4d1bab783db9b3a4cd
SHA512 f7227870fce2068eb9919be31af2e0e8fd8e67dce412218bc6a35ec1f9f802be168aab4a08cbfc13bc4c485b19b09790c4021de43178d128cde9a20e099ddf08

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 f45d246e1d87cc9c533ea797502de11d
SHA1 7d26389ff428b2348a24477fee89fed63efb3e8d
SHA256 e83657e9e758e957e3fab4b9fd70d0f8de5007f34a3baf90d8041271b3964149
SHA512 d81840a8f33c197a803122b61616ceec6e1c7fe544b8f034a175209c7246ccc3446b0eb88cbdb6833c0c842193e243d88583937f9e1edf4fa66c63d3fc12027f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 da159fa49c9c9d881b2173416614ea62
SHA1 86a20c2bf5ef9a907493a526e5e34e78178ea98f
SHA256 f2098dbb22c5de98e3c752fa52c45194c008a45c1a902c83c3834cb865d3343b
SHA512 f06805b4f17506ae34c13855d038d2c200108ae6179784bcdf63eeb54d43f9b35825b88e5ed6e5eb00f4f3a75efdf01387706506c4b6447fe2133cb37703a53d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 71099e67582505d4baea03aa2c6e970e
SHA1 3b36fa0175383d0816bd5332b4d0b4a20b681a47
SHA256 bf385bbdbecde6a89d83bf69fd98da7efcdcefb20e059f672db18311e84d1f88
SHA512 3a9c152c57241bff9e53be714d9d0a6518a613cec329681f1aafe551e7445754d41479ed3825c4010b080ce8f80e3549de07a32237f7663eb54ce0ad01d5f049

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 4c08304e59638e745b1b8284433c99b2
SHA1 bb8941ffdc48bb05fc4ff7b3d9135fc9ec649df3
SHA256 69d3fc93b44b21c5acf06f0b667eee11ffef5f05a5d35b2319c70365f40520f9
SHA512 04c31ab1203f3a87ad92f6a4b7cafbf2a4ada26af13c7f6688c3393c53304754fbbfee72dfb70847c5f327c042510496147f779c150b31edf4e0fadd25dd4400

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 07f1de4655d5a2654edd09a347ac699b
SHA1 7d769dd9ce19d9680db2cbe14338bfd9af8e8fdc
SHA256 f599e79d1602e3afb0e3879f06f0f9b2920c183d05f6ea2a919a138078deb072
SHA512 d7572b047cad2348196be95f6f81c792e9b2bf99b6f6067e6a2ede25c50c2e2b6f4bc86f88406c4e3aaf3c795ea7a6dadfb7ac47073ec6ea6627ea1a35925aa0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 6ac3e53a9a37b26f7b1a4dc1af879aad
SHA1 072b62a0ede426d59571df378ce38e07edbeb442
SHA256 685ad3b4aaca7c1a275d6d298e437fe4fa99c877bba8a07af9b222965cc8e42d
SHA512 cad2a9dba9062a752b31f8d21d80ed023dd692a64a4faedd7b0e1389ee8ce98a4902b191861aff8f32d746e2e56e0bddbc6be876c80616e78e4b6b3eb51a0a05

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 830d4728be00abb5e7878bf13abce8e9
SHA1 b15ed1a988eaa64664e417bff8dbc0b457a38852
SHA256 c7cff7f287b61767214c043df8068f8850df6475b99ee9f88ab15221992b9127
SHA512 1987bc59a2b6d6c611eb3d168735eb5380b50a087991b73dcb6917e085ab4abf60e93cd618915e5ef898af940b2672aed967cad7efadcb53d387fd8ced4a6e37

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5943ce3b15aae8cc91daafe27fc1ce51
SHA1 c6564e4afdabdfe6dc58e455e69ae87cf82e4090
SHA256 1abda9ebd0d732870f63304256a4a807ae4e7a1b54e520895dbf8966133f2ab4
SHA512 39dc7ef815887fc77ca0230addc0b8f44e1c050ce1d0259b231c94339bad6455b51ad589837e185aa1d5ccea6032aa599ba7f14cd270a8f54428485b04ea8348

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 2fb1b121ede30685a1a3129c9cd74781
SHA1 41796fb63b25a49327c313035f4901e90c938f46
SHA256 fba4f573510ecf4ae6560847d155b6f676a3dedab32af69598e574c76008ec82
SHA512 98cda1cdc1d86674e06778190d8e06499cca0e9c162696bae07d6e0a0c7be756d31d4568b52bbb4af3ee13dbd767459d3d11222439c113e0b9439b91fe9dde93

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 64d0f4f6caa5c51008a95bda9b0ce1e9
SHA1 e7f08cc71eaa8045e02d036279fc692c179bbce5
SHA256 54299e027982f6ca88f58d15dd73593c50a2b60f40300e8f0387633f6dcc5282
SHA512 ce1acbe2ff23de5a86a57b752e62a91c881535c1b94eae3c160290c94c814fbc85bae81cc7355f195f8405b05e151be0ec07fb2dab43d5f6040701340ddea5a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc2db7c033ced53bd5948b9c2c3e07be
SHA1 5622b220743b4958b3e38805d637778b8e91f710
SHA256 8d9f4028b8b7a9b66696af205989d0fe6097754dfb4902ca38651b22901b694f
SHA512 1ac5ad36a5a651aa150ecd65c233da1901f59711834d01507f0b9ed3924aef45ce19cea7eefadf64f28ad37101442092f93520d899becd85479bcf687b181eb8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 9a381f98037fe0237738f2367a7e4823
SHA1 e5ee85bc1f399e6fcc4d558e738f7053b9f218b0
SHA256 1f66ceafffc752374b4305ad3552658f6836a10ff375614924804ea4cdb1532f
SHA512 cb2ac093d5ebe67c5893958ae349dfe56758308f80f491bcb16c90ed53c8c5f9b76f55336fe75f4b823f33d96ce9c8a575d5b73fe357f2386e4a1901d224b501

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 509aa3ce33c261561ec91cbdaeb3e7c4
SHA1 1b2656df7c8e646a52e2a57daccafaaf1913c218
SHA256 60fa63135452ab9c7f281971135b3d47616c60c56cdcff49d4b4fd2d60202a0b
SHA512 d4de7d2f53dbc4695478e8f4735b3e5958298e7d6e3aa25c5558254ba3b0d0495b7f7380ba8bab2416a5d1c1000c2c2f7c6a89ede93862efae66d660cf9486ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.EnCiPhErEd

MD5 1e6989501a6e9ae7e5daecaae7c18ba3
SHA1 e159ac3e69a065d9f39f2d20f9344ac4e8175366
SHA256 eba5dc79c02453c98bafb92eb819f6bffaa8efd9bd79b41bafd08e1fe9aff0aa
SHA512 d38cbe6e27e68cdfc3f5d92c3561263f638512afa3db7ad08f75f35af4414a237f00481405024be18a2fb330bed398dbeb8b29c14b959964850718301c224fea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 09aba0ab41cc35e641018d48c9f9f7c5
SHA1 7d1b757aa4ffcd7d39bc3fe16b7aeb0e0618ab09
SHA256 611af8749f3e3a5552ab9db1bf55b00a8ad220c8db0887570500fe0c72d84696
SHA512 f03d49f59e8964824f1ac2493c170570ba890ea0f27de2a0e24e0ad7b5c532eec6d08fde5d6a59e8ab0552b75526558f3c79380ae1b51501599fbfa4d88275a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 77aaf684f34ef1f3914a4afe5ab4fd94
SHA1 90218d603b64381db9a73452b49460d2322cc92e
SHA256 a795320361cd3f8a71a667957240f3e279a5e80e86b407329bdb44cd4fdf179b
SHA512 06544268f12361f451932eb84ffd782f719632e3fbdbf092f155628eb24b161e8b06695d6d07a61696186cf803ea488c9c1e2e2863c13ca6cf750b8fda08ec44

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 60e67daddd3b344fbc0dfe616e27ce43
SHA1 f7f807a30a7524c0eb9d7bb3773577c535808e55
SHA256 a700a183832667da796d4f7e8f0e176007fddd239c0e534d2a2b7c8081af90f8
SHA512 1c3f339d967d0fab26ece6bf9736f3bad14b5dbf98dd9fdd551b54a511bf45d4e1bf3f018fd3088da5535ce8da71d51c61b4278b0ccd77b507ce98a186235076

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 abb4347be81afae1a74fbd33a3deb919
SHA1 6256dfd1da9731fe98836c39fad4566c17ea3dd5
SHA256 440888ae524118979bc2ade3f1a6394dea3b81e6d0343d7b268dae8c17f0f91b
SHA512 91cf62a6a2cceb5d93eded9323f38f6773c6c9e6f14aafa073b1911810586176177d4f04962c0c0956ef145c6745b4f4467b627a811444711c2d1bc75b352b79

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1cbedb4b475fb8df8ae5dd1fa986ca26
SHA1 ce398a2ef5dea0ecd29733080ad9e687a29d6bec
SHA256 8b3a9e672522c1618396f178cb3c0f72d9cd45683f68db96e02f9b65515fcc19
SHA512 5037a15e108c860a879d180404cce1a865716834cbd511c67e7508205be257d68853bbcd6e746a9ee80b7c9369ac56793d59fe889748588d5c58e8ac10fdb715

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 45cfb70d17c80e3205decd73a90e6cb5
SHA1 48e8520481360aca05268c59f20f27d6e433d5f8
SHA256 78b264da653814b29a9aeaddaf8d6a18da4d0b5b241b133930b5b9814e9c48ce
SHA512 198a13a4b80deb5e1a743a0e8245830b2f32c3e3b6e1d464f4b92ebb52c87a44f0851a1bb204b30b2c3997cd073d9f4f21d7f89ee6eff1c7f5159578da6ded41

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 9fde6790c12e55aec1f0a2dc0bf069a8
SHA1 2d747c5954f1ae1090cf00791df4d00605b625b3
SHA256 2298458eca96147066b7f698fa35f90b3faa24594b132973879c62a1b23a4ce6
SHA512 20766a8e945465c6e7c46af774f54f8b61813803106a1a84965cbe63b18f3fadd5d890b941d0cccd7f91e18ec46d2c41f5aa81430bae1c68a54364dbf0d09841

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 8f11c352f0b121cd7d0caa4538894a56
SHA1 c65156b1a49661277adf1f31ec34c21c4d0c55e3
SHA256 77dd835b23f8713e7879daa448f8586a2db5ff2a169ed4dc67eefa69555b0d24
SHA512 eac1748fae466469b57f4571b30c508d16ea979027124987543be6a67d0e2ab5d9c953d3324c37ada5eba05a1549eef961206c8fabf6e7b145730debe7db573a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5fe7bc9a631c145b0a9acb558c24f0a8
SHA1 9867c1d707381cfd63f5d6ebe6576e6b1c637402
SHA256 5f0ecbbd54a247592947e1156c68b47301b21bf1d444694e4e4f08c78a6cd7e2
SHA512 ad40383603d08f8a6b85c6c9e5a5f70926e0a4b6846f9bdc8faf44e3cda3bc59ba9a9ebd0606d7c02e9e5fd7e403d6bff1aacb5e9af23c20908e0629237ebc9f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 d751076437091b1e7c0e41fd82651287
SHA1 310f00b8e855ba1719f5ca48cb3250f9d8d384d8
SHA256 1c42824b5d2550cb07e3e8799a472c8923b251ce3549700fca4b36a6480b6b27
SHA512 20186de6fbd3af1e48c35426a4754c95cf9ad05c82e928e6a02a5f88d4e38fb0c9283c1a9f05a11c126d3db7cfec54eb45910ad77431a47a495c7640fa780b88

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 868896d2c02ae2d12154230ba7082c24
SHA1 f9ad2aa7c628d5eceaa8717d26645a5ee1255b11
SHA256 0c04d659939d1d2fa2b24ba8ffdb64c85fb1179dcecc25f9bcd9229e6a02249c
SHA512 f4d8d1b9107f261f5fd8da110777875bab0518c9ecec822d68b63f699f487ad198c14c8ee055b3390556880a6f5dc2559e82029d5681e832096c24b2c441d9d6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 64cd97e348f2b3f407a42fd9e0e2a344
SHA1 c18977e9e44251e3fe69e4deb5b86b4fdda26c13
SHA256 23370aca8b78a07d483246188e303d16c3c940dc9b1c7d5f8b63619e8ca95579
SHA512 893ea7f1f4aa2aa98f3b92649c86cd2a2e9a8e50f9ae8e2983703f030c36053979031f5d10f9b52e212c4b27df9bcd5bc81330777124b7e2f3b89158dd4ae997

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 9a77bb6a8a6b071b1ac52ae21b1222f9
SHA1 6fb69b9bdae3c862c7097dc66640134f342730d8
SHA256 6db5d7adb73b68728a7e242b1e35bc020d925db16bca082afc86c0162cc8c04b
SHA512 7c147f40cbe0d6ceeeecbd3b8b67c76f7ddc58ab2274db7de8b34f174d450b7e5c06d9bea189f76d90ba1b717bb95afbfeb61b605031c7d10042a92126330b15

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d0ab55e02897ab6cbbf540f202f5de43
SHA1 677b5ed2f0fd80acf5cb1145d4952dc060dca9bc
SHA256 d6ca0dd4d678d2ba9b136be61cf76a8ad9867ef66ae4fc4f245dc4ffce7f4b14
SHA512 6d4fbf6ca7adb06c75f2a6bbf282cd6737da73eb259dd6c29f782c9219c3544a071e824194318aa6b370eeae12226fe579c78716c5df26aaa79c5133f97c08cf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 99a53ece5f63d47669284dc32d5d2191
SHA1 f22e2b010a7a17f8d0961138a2b437c9fb2ddd61
SHA256 e0e7a1effe35d28196fd629f4bd250cc177bf212e7ef96c386f3fffac45e26fc
SHA512 db1dfc3c427c12bed6066c703ada4c9b6e95a25a675c11f4cc69028b0e011b7e7844d592083fac2c46f5ae685b137c487242ee744e4338cccb361e1bf5a4d224

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 fd144df81464597509149cb03034a4c1
SHA1 d11fa4a9197f9952564d6f91bde10666c4aea9f7
SHA256 1afba4d0c99cdbf54f98ef6ebcd6ef9df199ecc10dbd3eb658eccf0fe279e2ca
SHA512 af3fe35a2084402474d55311da4635d6526ee41024ac353b2e583c03f283cc3ad21b50c283008f0aee2d1db5f023c10f025367567a5350f3c286c493a1bec723

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 305f7f251ad0cee470d39a0368f2cfae
SHA1 9b89fc1df4d556dca799db138150ad7865aaa61f
SHA256 ec6fb7f18dc4ad4469e718200cd344b81e899dacf9c21aa12711573dfae86d34
SHA512 4c1ec6edafacee36f8a64df5a8b7384de94e15f42461cc294c30414a40425507cdcf1c9c9e69f03b859e7bbcd208cc2993a6ce0bec07a7d5faae723d07d44550

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 22a9482bdd024ee7a320cc230168ef9a
SHA1 6e2b503d5b9f62ad37c1c12267ef9208c4a46818
SHA256 a011f6700c3e93bb1c9970be7545153ef18f838c7613bcac66cba470710d6e09
SHA512 f67ee3689ae36ac02ee33674c1f2f8012ba64972d93cbf6c756421a28d5c64385f7a5a26858a98e7895dd8375632b07a627d2fb6f99543bc8249b58ee420f7e0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 410033a770a8b7889c8d2204d29fbbe9
SHA1 40dbdb5bbd5462d3b0b41512287f19ebe7eef36e
SHA256 ad5d3f9144bd6d655cd6d0c977b7adeb378fd167d47ef9e8e2853bcbff67ceb9
SHA512 fbfe121806f88a409a6fab81ec2119973ecf6f9502f43f049e088e322a560a4fe0cf301f0b68b87f19bc0ab19b26f48760daf7e1ca22c4ad1651220b2abab702

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 0947c699f7c320e9b8f8a3df85e8b9b4
SHA1 32ae82b573adcde088749b4b3f7fb6628115e7fe
SHA256 e9683875941108f4c99c0ea80c440148ee69b51091ed35eba584e8ebd1ab3b57
SHA512 065e138a5ce7bb34f009e528aea8c8351b8a5d169e4f762d487acba3a3891d19444a447cbdd4a0b43986c35e134b8d058af126f9f4c1fbefedff3945e92d7b86

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5d5c48e6ef0a2a54bb20d80a6e4b83cf
SHA1 82f92182d369f4eb4f90ca4e74c56efcdcf908d9
SHA256 04aaaf61a6dddc2d38b5b28a10729d4e5f22672107fe1e2d6b7504fad8c71b23
SHA512 fd5436982262eed8689c0fd884c9ac176391b643e8505736432b08fe1bb1bfa1d35eee46d2a97caeb7a5ac41a68cad7879d691f6cf86498e30c5b54fbf110731

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 24bfe9034fac5b3bed3c5a939647347e
SHA1 8c2167c12497e3286e86a44e76d531914946a932
SHA256 55f4691a785fc00bf6d15c63a61be8a712c20ae8fdea020f4ec6cc5e48bf4e1d
SHA512 2835902200f98a75f248b7ecd5607b2b0fa4cf468d8129a10ad670cfc504792a5c5eed4a668464f2e1b92de26079dbf6064330c0fd988d1846f0e15740b9cc67

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 0df72947654c3e0f101644c30638141f
SHA1 f517800fcabbc7a9eb9274df167f8375264dcc50
SHA256 daf10ba534f6a88cd831ef42928cb1858998ef777999f3dc4eebe4cb2cbbdd8f
SHA512 94117cff094d455ba553069d3676d225b21aa7e365fea9ecae38cee1390fdd7acf710d8e0979cd50c590b864f8efb8a0ad5e8d362a2096e133259dfe6d36545e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 df692d6fdd0c208367701edc6ada00ee
SHA1 a2af4d6dd3d2337128f332bfac72ba76bb0940e7
SHA256 8d7a39cc4d3d6177d45a7ae1e6b844327616f27410c90930db83368f32619124
SHA512 81a5f67c4da85c42a8b5d5e3e9a3c5df082e745e5131bd2cf88693b2f18478e6e4a0378bf3053dbfb44c0bd007c35f73be9eb67ee73800688efb7427ff2177b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 fd3cf6102e1b98ad848363e759ec107f
SHA1 313055c6b646cdbbb97fbe6056e6e72049073c3f
SHA256 d9714597fcb460267322496d28336b19ef707133912c2a9426f6786485e618ad
SHA512 bcdd170f3016e8177cfd561ac9cd15f345917c0a6ff156922d5778f131300cec2303f08fc10220aed52b052e3a281dee357d607a258475a6049ac3fdb8e585c9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 f17b19b2149bf1f11113c32ec95269c3
SHA1 b1ee821e7b0e875c33c89f78b8d034f2f8c40d6b
SHA256 2c4d678f7b3de4d2d47e9193bf6d7a539b7459afce3d31347f262d476959293f
SHA512 bd959f971cd7dae61fa41a5bf85ec994f842c476c68a1fb9d96ccbc05f0863c31982f190b9015db06957d8c06b87e6d701342af0b4a45eaf6fa03a178eda9c4f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 f6dc430abd7b6234a16d699b6ecb814d
SHA1 d4962fa2c06a756c17c6168ea1af79123dbe1ca1
SHA256 0f39d76701a068e7f49a3d38938a61cda20f84053871f552415f2b4542dcec5c
SHA512 7cb158714d4329733bb8ac0bf7d6bdd52c4d74ad8947350aea7bf1ee806e4d992e45c78ed6a8ba5b04521824bd838936f9cf666d228fe84a905baf703b3009e3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 82cbfb7e1d0e985d1bbc916e19930743
SHA1 02443ec39a616798d5f447ba00d1cfdf7efd2375
SHA256 362644d5a393cbddf1b2915bbb6726c382af810d739eb9f09081bfc874733a8c
SHA512 727bd76d411170890598d84ffbd2a0b8dbd7af619006d5289f96dce45811e361a3c8d1d1664e0042c89b643d30aacab706725175d9edd6289f777bae5effed68

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 a40bc5254aaa0b052c91d5d3aa0bfc4f
SHA1 ca6825eb778c1f9c8b4af5635f4fbd515b6ba421
SHA256 7886ae1548f7c5ed1d43d241ee5f50ac507995113354328caae1f3a325577a32
SHA512 13debab827e226d612941908999b6aca868dc07bb162c188ed8ce9efa9bea924379d3d41db51ee8a9cf68755585dcf5fad66e13f3a9d7d2eeeacdda584ba3ce4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 86aa1b4c6d1870d7cfa7e98e1bc7db08
SHA1 9a9d97d5570c7f6096775f39dd72e699f0a6a3ec
SHA256 f52e91481f5bab96e7776a5c0a9a909fee3b2bfc77bd02b89a6394616398e21c
SHA512 439ceffe3abee054c8b4c4d3ae0289caef984f929fd6177d347c0f53cf1a60419f7f6f77fca0b2e6670011386fd66feea9e100d6803c527c577fca9c0972f800

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5ba4b21160300e2fd5584e109513a246
SHA1 4ed0c32a0bac7238f7586103639e40fbe588f0eb
SHA256 d9299565902293fd9ea3ff4f6f98dfafb46e43079c1c3b8857cec9dfd57cd65e
SHA512 226efbb58982a7e1ed120546808931f3e77639dac89345af9e515cf05fed1ef924c48937c70202078bee5567ac06d557a0ca8bb89a6a8377633a4a232b886e5c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 946ff127892ac579c17c0786a38424b4
SHA1 a4072d5fff8495ce685f035709a2b207b90cfced
SHA256 d26f61a040258c9c54f9857b47d9604d6639f3680c987bc2a8091c78f54cbd63
SHA512 f1baf7a8b8ca558eb217ae52941a8d03ee57f9cf913dc3b82a95550c8a9f4cdb7c439077ae311f3f5e2cbc0e01b6da214c7754255cbc0739e67b6100d7bac6a9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c9c20f91a20397dcf437e7fe67326ff0
SHA1 87cc6f1fcb0e9c6e459f53f195ae382970453b83
SHA256 1f20837cf394d9004e36199dfd7d402dd148d8fbe3ac86e2fe55ed822e398f02
SHA512 4c3a121789f9b95b7a2a45c681ca956906efd4ab9b6285a5f4303eb8db9b6ea8e646dfa645834d9acbe36b702a8165d9ec1071e88b0c6c5eb6f671512ed065dd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 18290e630fa9f0857982e3557bd85678
SHA1 875874de92acf209953f264d6c19a0c8392006b8
SHA256 e48771badb2540012950a0ca6ac3ef964e4a80f0e0e9a48ad8920d86e81ebb1f
SHA512 d4bdf7c6ffb30ddd65ff617474f6a27d8ac75327a319309d2f9535ead73f616a7fcdbb9b4a9f450af228b35c48df804e5218e8c396e73af8ee744dd1a8a452cc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 ca2440c265a6b534baddd4033eaa28a5
SHA1 2c6518a2973e44c4dea5a69e68568ac31b1e6b91
SHA256 10daf8c7c9c9f1854785d6892157247b59952bbd43875597ccc560ea635017b0
SHA512 5ebd99ef928f727875c1f0a80386d5a385eca2f5636f2d6d1d5edfc5987fb9db67eeb739d9c612605267fd1fffdf924a5b823dd8db5011095f4e10d692cf617a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 3c455f884f7158412e4f6930f415a336
SHA1 0023a64c8072e8fb5d8c4abc2e8249e90ae0d7a6
SHA256 10abb70f75317cea3e26e8554c75cefccfd0e05860f61b8094d90adbc07ec017
SHA512 a8df146dd3faa21cf09d0a80663392198cc5884b02cb0d44bbddd6bca8dc8caab82a501bc639a40e2cd771d62c488c0a3a8a29b615e79bdf2a312c91263ed8de

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 cf10a419007d7db588d635f6af92ffc7
SHA1 bbc45772e7510fad5fc226fc7467d31f93182f8f
SHA256 a12b4177ab40aa344f7cbe7a22bfb2d19cf1119087bd8279720d7703a4337421
SHA512 927de67c26dcda3a2324727ddaf4ffc66f930c356dc5bfeb393bda10414d65f6838b84c0693b8231f92e46db8e98c387eeed0d11124f02da92efda39ffdb533e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 f87938f2e8e3bf3b51aa103dbf69af3b
SHA1 20bf18204db30453c880a3b9fded5226c36f5f3a
SHA256 63af6ce0a7f61b50dcd7c9c1cb2b3d8dfcd85233a6e8ccd053686c02107ad3f9
SHA512 e1a9c8d76714cd1bbcd486e34de94a12a6c336387727c1c2f36d613838a5d3a07fb5f417c65638c9425b6177b2a8a376742300aa47273f28cb632b8b5be3a214

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 563a36be4ee8f05de88ce9d6465bcd30
SHA1 b9d0928d6278c1c255a2cabd12e003ecb4ab7cf0
SHA256 312db2b1a414cf45ba28b58b2826d9dbf5c14c7e0f0677dfde0a37d56097ed74
SHA512 02a30b258b011b71624575e7690d1effd8a55a549dd3180af6423f9b3a868334076626986453be5e3ba0b6457a542142c8146152b77ae5c906553561ea1ee5b0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 239dd78a812816aef1a50463be2d4124
SHA1 b6cf4b993ba519adedaa0191d5004b6150d74b97
SHA256 b2d51a733789906981e8bf724719f7539a2352cbba2989620d64aaaf83341145
SHA512 127f381755175f8e2649a188c2e621d1e316702ab8f7ed108732383ff88d8bb83c5fe4b8142874f546429cb4940d1c506937d99868cd1450447fa5c608eeed55

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 be706a3afcc0d62e5b433eb817bb2860
SHA1 d310eff3708603f1d8ae2de4cd7c7d85287d6dd5
SHA256 f62a576ef282f56ace14eb1c5352c769629385bf14826b31818f801dcf46df57
SHA512 94038bb9523b38431acb6cae984dec9c78f3b40fce7e2348290fb2eaca48048a5c9aeea7150f24703859f184259c9a9ef0b72ce4e8775a023fb16e9381caa298