Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15-10-2024 09:13
Behavioral task
behavioral1
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
-
Size
22KB
-
MD5
46f19e1e156b92cefc027a98963034e2
-
SHA1
1812b0a69a7c4af7761d3de6e090cf2986d513da
-
SHA256
1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195
-
SHA512
51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d
-
SSDEEP
384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
resource yara_rule behavioral1/memory/2408-8855-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral1/memory/2408-8856-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral1/memory/2408-9144-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral1/memory/2408-9145-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral1/memory/2408-9146-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_neutral_e5693eb731048022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_neutral_8087946c82068597\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\System32\catroot2\dberr.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2408-0-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral1/memory/2408-8855-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral1/memory/2408-8856-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral1/memory/2408-9144-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral1/memory/2408-9145-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral1/memory/2408-9146-0x0000000000400000-0x0000000000412000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14883_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5F.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Country.gif 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31F.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Windows Mail\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8cfdcb8c4d6ae9e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\inf\ASP.NET\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shgina_31bf3856ad364e35_6.1.7601.17514_none_269d38ab3683c8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_27c67989322bdb65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ac13d10d3146c1a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2037586670202df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93d4e72ed679bf41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\combo-hover-left.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-homegroup-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_145ac477d7f1653b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3ac8dab2ec7d412b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_nettun.inf_31bf3856ad364e35_6.1.7600.16385_none_51c6fa78585e762e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\001D\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_904411ccd8e6767e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f8620c6384385cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-system.runtime.remoting_b03f5f7f11d50a3a_6.1.7601.17514_none_dbb72f2052e2a0db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f704a3d4d39c1ac9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84dd12e1988d1a10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked-loading.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_0f7f89a6d4628323\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.1.7601.17514_none_fb555132edb3cc33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\Boot\PCAT\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ftp_31bf3856ad364e35_6.1.7601.17514_none_0b11635f6f2987f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_es-es_53d92c4ec2b28e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\inf\.NET CLR Networking 4.0.0.0\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-appman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ec24f7afc52a9ee0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..-us-links-component_31bf3856ad364e35_6.1.7601.17514_none_b325aa489d61d3a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_43c6c67516411ace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dc874c484510a5f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-diskcopy.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_140838a85d2979cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-extrac32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39fa9e6d0fb734ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f2a688465003501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmosi.inf_31bf3856ad364e35_6.1.7600.16385_none_37b9cc32d2102a15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..blauncher.resources_31bf3856ad364e35_6.1.7600.16385_de-de_62191f59bfab52fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c810b261c62a27d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\White_Chocolate.jpg 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wsdprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8855223fb7fdd3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.speech.resources_31bf3856ad364e35_6.1.7601.17514_es-es_683e1eec2434de10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.web.dynamicdata.design_31bf3856ad364e35_6.1.7601.17514_none_0f747869dd9333c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a1465bed3f79780\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ilter-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0227bcb6ade494cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.mediacenter.itv.media_31bf3856ad364e35_6.1.7601.17514_none_d1ce91acb3723e8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netvwifibus.inf_31bf3856ad364e35_6.1.7600.16385_none_9c38dbd6bea6f0fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnkm005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f58109fce4573c6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bPrev-down.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.web.management-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_296962b9798b3494\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\ehome\CreateDisc\SonicMCEBurnEngineIcon.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6469368d18a3ac1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5d0f22c9e44cb6ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile29.bmp 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.workflow.runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f292b941fa7197a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a96db6468fda66c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7f6c6009cf5e3a1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hdaudbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dd9c43fd9e01e0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..rtuimedia.resources_31bf3856ad364e35_6.1.7600.16385_it-it_690b104007e5d376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_894f17023c54260b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe,0" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA\ = "DMMNYJYJBJCPRID" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\ = "CRYPTED!" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
125B
MD5ad136daffb0403d7adb1f96ec0ebdb76
SHA11a120e23149ae0b27f00c198295a5783e2a11d5f
SHA2566c09906367b9f3b17251a9587fe500426ed53ba85e282adbb1175a45b8c14dd5
SHA512b6e1917226e385d1e9c4ee1fc0d14274db4346f23edd1320967b7aaa8f60f70ffa02bb3a9b69581d03353bf932a4dfeff880bb5aa59ba09a501020da202c2b20
-
Filesize
341B
MD5b9e9e2fe22eb5d7a8f439d52d72f5c25
SHA177b9e5725c9c6da6e18a8daba3efcaf6f307f406
SHA2568d8b9dd0cc0069fa54ebd3fa92b37a3b55beb7b11a894e9be30038f4925a519b
SHA51263fafa853eca909ddf09e9f0c587a83d86acbdb26b7af95a4dd7d5e0095f9cd3a29a48e43cb5210574aefd80c5055017f723c67d578e7527374f99eb345810f2
-
Filesize
222B
MD5d4403b631d50280f3372b1211efc588e
SHA19dd2d384e2743a61046e958a06950135da0f73d9
SHA256a5e9ac913ed98b540ad29ea1293467330eae12e0cef75186a138b683fb309f3e
SHA5125daaf757313c3778947f6fd7b3f7644cd4dbba7f0f9df75b7eb910a072f5e726b39a09b2a26093f0f8d3488837bc803920e4045fb51474e3bc2365258c98c5c0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5ea9ac19f74d61ae3c61e2067f175b102
SHA16257fe067918017feb8aa942534814f03431db1a
SHA25672967e4f8104ffed1c776b78db72a6c6f982bd8a8a62aa00c694ec645e473835
SHA512f3b947216c48902219f3669a933e7298ac5dd762ec1679a31afaa60b529bebbe3b3b8fd6c82609cee3495416593ec086ff9be220fa279d21c2879a9ee89a8bf2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD50c006b6c5191d43686050fbe7fd3ec29
SHA14410652e721b2a3256ff365d61f293d6cdbbd9cc
SHA256cf2be1321d285d96934d3f9db73705978633c553a2f2bf98e8449cee0d8440f2
SHA51228fbadee0877a1d687a322b8f83f87c56b835aa204d81e09899ee122a638f6cbd48bf7abb16cd1563ee6da997d0b3fa9d830bf23a1f0a54a3bd7088f75d78f94
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD536022a5085bac9b2e12314fac1ee6ea2
SHA11fe04c42c8e2c35de8b315d8635fc8803fcc90e4
SHA256d74570094b9f7e2b3e515ada37283d0516f88dd744be59b9651f09c34175dc89
SHA512491186377341052612c898a9e10da17b4616c5763448b4615a259a0258967a9e267f1c9427b32774034e6bcac2fe18d8f03c36fe1bb9ff9ac786f5612c427515
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5b918226d0a15d74a40bfd40535af1b3d
SHA19efba6e46655cbe04b33b94ed59bcf3909aa556d
SHA2561269153bcdcb874991c16b73d4bd7bffdf0e8d761ab40ba525a7b8ffc402f1f4
SHA512bb04389c9986b904021ee1c9921c927dd17829c7600b4e05ada68e6768a1a111552edf60b71a67653db6da55603770452628c77107709e6e5a03c351ccdd24a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5bcaf18131b438e51de4173d72c288029
SHA1d60366bcb4579311a4e680e32bdfcb6150fb80b8
SHA2560e5ddc5e8fc65e36e5a6d9fcc49081e3947ef77aeee3bbad4ff9b04139546e5b
SHA5128e3dba16e89dc55aaa0d0e43b793535677001f845e70157a3af774c2315d1159572eefbc2a621a46732f8b0fc5fd5bb2fb60cf7143db45f016474926273cdc43
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD51760a8ab61d1d61e5662d88544ea38e1
SHA1bd67c92b992ae6d59c66992b78a5a8cf0e72257a
SHA2568e1b1126d57c3a3d8f261c8c3ee2eb674084c8d29d69d586330c43badc35a86c
SHA51289080db8f7251c524e70748e1cac3bfacfdf2c4eb141d9bcbb913220176bc374f79c7b5497a7e1f4612a18be06af805e216a906fc729d5bcb73ff25f968cdb42
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD578e796ba9f24f141f2b911b40ec7482a
SHA15f58e92badead4188de1dab6b99c6a7c86b42efe
SHA256cfcb201ce02a8bcced668f28fb5c3cd0e0fa38db029a6a974396d2e6d783e49c
SHA512e1a9244d1d1af086d830f47c74b998dacf018df7313faa92b6df60dd050b1bb64ff442239ceb51d2843bd2c1fe0ed9fcf65b275966c8b9bbacde3be8e5b4b36b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD50d224921355e4338a8d7740493a8e975
SHA1d77dd1e4af71191a0c2b5919a424eabbc9ff7a79
SHA256fda17106f53acbfc41598750fe1a9e9e589bac10146b3b4e1ed86d4b8ebf817c
SHA512d44bd82e8a4d6ff47679203e145da7df1164a71cf673ea18d495b02466e64cbdf88ba245a9d23104a6a6a9b667046913971731a56d66861c14006358da68bdbd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD59e7662a842f3af15106a27ff1efbce1e
SHA1e83bc9ca2ebc895a11cc063e7205a6241d14242b
SHA256f5ec18aebfd985b048e4f8a9461b85505809b7f9a61552c180a732add2e04d82
SHA512b63216fa85f76a8812a54771c49b5dc7249c19d3c49d243099e00e7e6371d8202c30bebd53e20ae745452aaa26f84b25c3cf691f33a25bdafc44045958aeecd8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD510e34b316e111cd8f80afe1fa11d7853
SHA19b508b7071e53bdecf6fc0537fb5ce1105546fa3
SHA256c5d2cb257940db58dea089d3afe4810c4d6b781600a2eadfed1604b22950eb90
SHA512fb858a6c65346476178a7397f26843bc124c8cbbbd562860abf158f6bac9804bbb7e38d2b6d43c96eb2eddadf39570413b15e46a84c93fc76b68fd66593b5a80
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5c829eaef78b48dc8c7a42b23ff21a88d
SHA193598ae8d40bc2a03ae6a223e2674697e17b0d65
SHA2560c4d15c50c816ba90e5a20ede81e924a6245e507b8d88ed1f280d63a4a145f67
SHA51232fede4af7b42efa76ced7a7744a3464ab9d52d5922c7b825f026e6fa5ef8fa37af0e8df7fbb19e3ab010c0b080b7de46176fe92ffbc922d6db7a62ad0e9c1b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD598c2d5e2b114ea63e353c841f68dec57
SHA107d234c901b21af4e7bf7c10cef7b042acf3bbd8
SHA2561b07909105b4c6a3f34b9c5a78900f1cedb18a7459a13fc41b6e1b58946b8a45
SHA512a17a7463ef9eb369651388d03acfe2c85509865529562cefc22ce2caffc5cf2535e3169e19371f9cebae4db9d3db03fe20562adea9cda77bd2ae6eb1a8baa102
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5bfff2b82a4040121901878102ede210a
SHA1b03739baaf67c26a3d3486a99b6b11387e4d17c0
SHA25688011dfbafbfc8184a12eaed8bdd0bf15fe418e6c63d9ccfb1995eddcb2c1547
SHA5121b1272c6c924976d1a61fb144a1bd9939b59e208264f2f5d5674b16d2d598147294ca1e5790a95587ff1bddda3a1d26bc05391d29dae7230db018ef7fb13b635
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5bb996e9ab681fe382d081cd9ea375382
SHA126121a3b54db2601755a206f7428c90fd66acc9d
SHA25698819d14ba5f862e2ca3f43b67106d29d57569997b6a810149c3869594ff7515
SHA51204120479b53e8fe3a9e2b0742e72e04501a073c96dcced75260ce82959e1d6839e336bfc442f68b56bed7daa7c374f6ce2b4a339d9f72b80ed52831660889657
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5ecc6e4fdc1ed63e048596d66f31df109
SHA1936d5ea903d35441b4a70605d371e9911ad2e744
SHA2564fd63753ebdb772f7c88ab63a7fef96de0bf41653aa1382cd65b3810dfccf005
SHA512e50d106d2fe22c70066fa71fe253f93d3810b17050a8160cf5400084b627e62bc7a1cee89b96d8c76c763321e1cda261b94b912fba6141d6d5aa1b4e495d1270
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD53441c49c84bff3d4ea5923afa8ae78e5
SHA172fdf22c03e509009966714329701f60bc3a5609
SHA2568ddf38a09d91095f6a60486407f5831899d6918e00eac31e3403cf82af88bf03
SHA5127f4a4291c6cd3d0e91204cd7a2eece2f89544453eaa1f3605ca58546d63972a10d333f0c95df62562fda61bc1bf8912bcee18e8315731022f1c1d9d81f7de676
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5003cd39a4c6e9a7909a3411b2e3bc741
SHA10de4266ed7f91396be98ff7ffe3af05d18dd693d
SHA2567b159f303fc80dd4dcaf868e440d06d171ab8d4df825ce8562f9254b0d5cb26c
SHA512198d894775b13b0f4df0bfe96e3517a2105338a425b7c20173c04ff0bf96e0809dcf0530a6c5bf0be6b50c98d10c6a2dd1e6a5ae67acf128dc2c7c80c245c9eb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5013fe7a0b60678746cd5af928ff62b19
SHA163adf7d86b74d9671d8d84853f6d94bb9a504347
SHA2569b1e2a77fa6d74c95e390236f3564602b57665213e613fd1dbbe426d1c40a975
SHA51296cdf58864b6551f141a6a6589f573a4b111cd5fde3e4199c17653513c87e529d3ce1ccb927b2087d9606097e2995593241e2ec7e76748c9c58a5252184942c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5471f163da628eadb91d4da9b9bda54f0
SHA195449b93419d2ce3e174a70f4173e3bcab20d9a9
SHA256384da0efd32ee7e7cad7487687c262ffe6dc29811bad9117ed373f5331465abf
SHA5129fa47e2b3d6e0f81d59b5162a63ac1df82e2b18bfb3174f38458482c7a28c027fcc89865bb5303cbdda3c6c21825f3a93f7dd2abb11a91b6683b869928fd2fff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD59834cdf4e501220b7d5258ae9731385d
SHA1025be57443628daaeb3ca63b5426c6ad49397fd1
SHA256bf09fe0aca0805e39e9382d210e56dc2c8b69ca82fae207b7e28a075ef3e89a8
SHA51257f26547fb6d3544c130d7b2f7b103761fdbd4d9babef5527506ae43d16cb1b15435f2326e6cf38622759a315e3be92c9d8cd2eb9e792e3d52b7c57b8ea0811f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD510bf521ee011ca8b4adb43994f8a384d
SHA149bf8040ab67ad28020cd811d1c14649c28a808c
SHA25608f9348e639eab5c9c58f440de5a45fef80000f580aae6ede01948e502537aba
SHA512e815db38a2c8d57072dd5ac51b7c759adada6bd5bc192952c2ccc8fc55cba907f5bc5253932358d28478df16ea2cf7d1ce81fde5a756172b7ed091dfb5224277
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD58e27e840efa4ce9336d5dc28af659d5d
SHA11e7b405999ba0d51242e6acdc31943863e122550
SHA256e96015c3abb52181fb040b7da35592808ace9c1e8f5a0a3242e576db6d72c6f7
SHA512b7cb5c3779674ded25938b945177edd822a2c25802ec7e3076f64b11b0b4ea264a26f5533a5deb83b0b0498105271a36913000e4bc42194a043db128d9027d29
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD54fbe8008e364f3d94aa903fa3bd4c013
SHA13b742724eca9d2a03453c19567ead44c095cb1f0
SHA256c4ba43aea361e955019004755477da952d99c4d44a9bcd2d52b3b2e7152d8f34
SHA512f958527da111455b9ef6ad196f6c2561c1c6f0fde7963d241b11adb7caf17b4ff1091ed355377caf1485ccef56389dd6a3fc32b0258f6eb2afabee1a80dca4f2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD59b0a3efa8e4713c55791a6a9b780e190
SHA18e7dac909fff817160369c0b2011fb843a46f384
SHA25642769153419a60a0b26c79a9ee5e82ac9d50e1fe75e16651233adc27992f0be5
SHA5127828cf6c34f5d288e18cd07c4ba13da0b3bcea3af17f9e4155afd90f60c9994039dc437add96859220706b65eb36455a1d84be45d71ef569e04785ec0aed34bb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD569c8e326d724d72e732a003c95dc9865
SHA1e36efaf9a2f2f8f97b2fa72fe8cbce1de66d18d8
SHA2567e845ebb199f967244b844be8330a9a34a4e4a3b1db4e1a704406f4ba662edeb
SHA5126c6b4249d71b362161b6e7ec907a1a97236a6aef9f42c8f0c65ec5c28357fdf3abfe5a7e040f38390f4d1805bf766b33303c639301e4a400da8d510fca091988
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5100a7d2021221bce987379745b6a685c
SHA12c54a4721eb630fb0f9672aed84d1dad76b46425
SHA2564eec95df2c686442f1e5e3cd3a2d0a65f726c172998d2e6f836151ebb2acc2fb
SHA51238e9e748c0d69452632cd1acf4c6695005dc2a4f359e8d3aa026b026cfe769f021ac00d625631b21db4818d0dd612e9353ec2f294ae778c294d6f95034de5c49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5350b750cac15b809e7a749df27c56cda
SHA1be8a402db9e3a166709df75227a36aca9afcc32d
SHA256049857f796793da89eea4908a27d2926fc13758daeda5cc7d29dd23ce05a77a6
SHA512aed0529f990678c8d2ac60fd32acfbbea24a935e36ba0a52bcec4d65d70d2b71162715cf17103046284d354377be69b12efc569d130725c0d1bfcc20dbe359a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5f79a26f67c9a7c3eb2f84172226aa2f9
SHA1b229b2ec3b8cca7fa142c93008d490ba2f8dfa5c
SHA256ec7ee51099b8585759a3b151f78f6711b0783c4ca3ace3fff9dbc11be626b855
SHA5129a7247c1027f736f09d3a87cb6c6812b0e953851621f0b3b51e47f4848a75bfd706410b069707da3ebe142c34a9c39d9008f5dd08ff2ffe575828e992dada8df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5a9805f0820aee9acba5867a30762c76f
SHA1f0b82c2769069a6ab4dc77ad3dc1715c21c8a721
SHA2563a437669d31c249be765d4ad71d7ed6577a3a5ed359603d77549dd2e0846b2dc
SHA51233595fe138e2e95f3bb514f2f9987413264786c0ba53e14db7449204036a67f448c9ca29292f5c424ba1b16fae4f1075c070ef361375e2997482d575b782b5d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5fcaf93600667404185671d141d3139aa
SHA1a086a2b765f8ba70686aa444a8751c8266db6837
SHA25664ea26c25c4acb05f8828fb5a072484365a2418266c9305d2d2efd4d8271684a
SHA512686e37b44c509c98a049d21d2ebae624db74f5739f799ffd81f39e2c4c539b0a39e57e6eb5129709394899d406207f3d871335e77c9e76812c89ed35faf7b923
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD51563655929d18bfb82c7f83cf2df5b97
SHA19175d628954efe801da180d6b23e183620eec81d
SHA25623d0ea5f9b00fcbfbcbd8ed5964655a6ce48104eff3d84575a72d6c7d524d018
SHA512ca34b519dc760a46c63f190246b8348a9c948cde526329b2f8e46ec1239afd274b8d6ad10aab6f087f7e37c9fcfb2601ed558cc0b83471328110cf2a46a668ff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5c6e1683b67b7031bba003763d4f85e40
SHA17daec48d49d0eea1a7843054cb8d57c2912749ba
SHA25627f74549f9c6784f4c0b97bf0ce163b6202968c3a81a6c9287345f8e0c617694
SHA5122b4fcf5aaf05b9ce6d87486444b0383d9418a03397c96a57569572f7427da437286a490a14f31ec35028bf97cdc3856cca542c1e594bd9d8379a7b71c3a4a9f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5f3ce526a90d68a9d1d7895cb5409d7c0
SHA113cda0ca549923652f1ef917695ef083308c524a
SHA2565397b4931a462d0bb40794f1f2a6a607b172c7268896045531c8b1dbd7d4f7d1
SHA5126fc90df0a94985778fb2c8620f3ccadc3a6f2ff2ceaf10db2a0950640c4a404951a7b0a3a7c4707e4165d3544c0b9a168c55138448fa294812a70e111fb63033
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD513a32c95789461685eb30cf4fba691e6
SHA1d6587eb27219803136abb59b3d022ae540e9a8f8
SHA25608f65b87cbb72431ae43ab21decffccd19582a8941a067429cd4c3eb68299120
SHA51236c124df8c959fe0fe4aa112de5634570063ad2a8fd942cdb5ff160ed5492ccad17e50440031a90807a780d98e470e4f8fc5a40e0f11cca023397fecc7681324
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5485431270eb019e4a4535dc283d656a8
SHA14f8d13bf4224a06c21c3e163ae66f2eec92e4f31
SHA2569f11ff79e962faadd0dc3eb50291827f2d7f2b8cbf01e9c9b32c63b51ee8fc11
SHA51229d2754193b47297db9394f9a5f989b1fe9414d3b060a3047f27ca534b18cca3e8cbe12f89c03919e71f9734361fa8e430f51194631d444958f3fd3dcf325eeb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD55b832467a48d4394f8cf481e4c62e756
SHA120a7762a9c787494a4347bc64d65fca667767d95
SHA256e198a482f7c0f338a8c1a6a74d7202034f9a6fe2d140b5f4c6dabc1d96d46f06
SHA512d62c898334dafd87260e20be1f502d7fe9235a8beae41bd5284082b4ffc4f6f42091645b5ed0c98604fce2f09d75278820ebb5b67c5c2d3c0bfa14d47506c5c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD533e2bbc02c7d5db8b8274d0fd4f7f335
SHA1193b29e3c397433793e03400fb94fcdaba4e12b5
SHA256ab244aef2dbfb61c37ff866b20d04084e183c5b5f445a769380068028fa72d25
SHA5125d0c6a29dd1083016b92ef44547ddb89de21317b91a8c831a683b6ff3b16f0715b0918c21ea03be1c13f8cd7bdba7e859d18c9cf245d04bc2567c41c0cf07176
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD510b5361a92150a8c7155f7a16bdf5cb0
SHA1ce0f33767dfda4b6e5f58fcb4e5cf1b877fe6eee
SHA2568002b7213afd79135cc361a9c484fd66db2d5583b6256fb2de04c887db293d04
SHA512728398711be662464bcf06a43afa870296cb517db77fb86eee7ec2807e42a4cc1ad2e9dbe41171e5c906729a48d9016d14505e26134f651c346f6b91bf7d3096
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5869a62e5a745e69b30847e4ea6d16da3
SHA1cb5d3367f760c1489b054f1df2e386aa5eeea71a
SHA25613e552ec30320ad461400e4e0a8c0410484a083e831ba98c50b644f52899f874
SHA51298e689eb56a5a96cace56e7e88e2bd55614f9e42d9b3f35548a33c3039056b0f77f1e289de280667ddfd68f9269bd69ed48f64495e152f9cf41c305a8e71784a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD548542ace917dd16ab15bc80f1ed7332d
SHA1cb4c54bf72536a4867ae1502a1f319b8627e7213
SHA2568cab1fd50ba88d28a5636035850c536730194c20e0472d4e360449f2b84feb96
SHA5126c209693692c48398654291d0a5e113fb0f810fe17b22b9c216cfbd553aba8892b82c22cdbea634a12940bb65f4ea82dc5cfaa9974bbe93460e816417dc678fb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5bb4aa450d7381f7496a2decac061be03
SHA1ab2043c5d75eb9e495fbe56ff90efd9a87ed9bff
SHA256718461223cb61ff391f7e7e11fdb533a02875919726f2702839c99f7927e1ac6
SHA512a9833500232f387cbcc56a34e317bac24c85c84efc0639f82d1a0d42b41c8a7a8726120946511e09f970a931cf9c932e80cccb129cc0499049513e36b5702de9
-
Filesize
580B
MD51b42ddd5708d6c837bc86b3597946a05
SHA16b199d1c3636991dc332e38a7fca430d07a11f77
SHA256f822e46075e928e30c705c63ca3d0f39f611a58e5639aabdb59a4bcec9aa5061
SHA512a3929dcf963240418e0ca8596d2a30610b7ee0a6822333004815fdf5516e180bb02548dc031a4859a76be573e8e0e3eb88fff1a45e84b67f1da09d7b2a76f59e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5e9ea8daa22047d59478acac488207438
SHA1ce83a2c6632e4f6ee334e442daba7743d10aa7a5
SHA25673be97ddbdcca1910b399420e08c739cfb40ae64eb5a59e340699d3f19a77d96
SHA512f10014542f6a005504485f2bf555e32d8928aaad9f093934dd12c895f87df894cfdd36115f0d86901af910c8e8bbc153e02b21495b359c1f843cbc016f9eb8e5
-
Filesize
625B
MD571e963aff1bd3b8c1c2e3d6199ff3abb
SHA18d3a05893c03044c139e51257e08d7de4b184195
SHA256cbbafbf449941121b6f3378f37255104fec5a6b48dc6c8f888d2422336790da5
SHA512d2f4b90fc7e4f7efd1156d75fbe4d734696c56a8fdde0ed8b33f2b355cfbbfe5f48b762aa197f4810db7019e086fa27632a797ce92f611d76b5c9ba1c519a034
-
Filesize
873B
MD5a02c4a003269b571f1f9e559f66b5814
SHA1911c3c5faa8b66254efcd22acb8bd52c90044d0e
SHA25605b2155e9f499d050c5cbcaf9a45fa5f9086256a2af703e8d3fe991a9fae0d5c
SHA512a57073d264d786a14be0e316ce7d8bea56225fc749718baff68a457f7e47bb3acbd8bd20b7ec4f03953eb8f77775bed7848c124b6f46e0d2e873733438f4ca22
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD520dd06bfa9d385f88103933fe607a094
SHA112ec0960803f3e2cb0f57c53e72951429af56dc2
SHA2560cd9654d074d953206f8516c9f508c57069fabe80b0c3751f95d6fcc73f88022
SHA5122f372d8b89874f7afaf7da5d6a2718009a3d0cf36b8d6780b7fc5e8ad3fd6949f86dbce4eae68abc8db16bf66fad41a767d1800fa9be009ca720a693458bdcbe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD59ad1f44b80dab052a6472c3e4db334e9
SHA1f726bc4b54d23729821290b855fd70a971f7d3d3
SHA256bb188b3030ccaffe8d4ad9c4df169c4d2efd80eb1bf9315ffb0f3fad80a480ca
SHA512d65ac5083481e04292737e8b93933b7289af81a8ac169536feeee7ed48c1f640fabbf55933234987f3f9d6d6fd6df129ff77ed22973c50c50c9f5ff79fba8bf0
-
Filesize
615B
MD58e48d1ea8d46db5af25b3b3425df43dd
SHA18719580dff3affee9fe3e108d5934bc1ac2880d1
SHA2569526c8bf804d4105740504d9de1c13f969359ecb44808e8918e70102c04bb1f5
SHA5126dee891e579965da5fd3b73aa5b5adcc34f984ba0b748e530189275dfe6742839edc4da91471399d4c9a9ec7ee8e07b175b18177e05a8ead8ccf36b2cb477995
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD54d52c15ae8af3dc1e85f0d83a76362cd
SHA1e4e7a5582481e507c5346db4e196a21e173f9c6a
SHA256ab732a14caf117c811961ea31e79d6a0d8ab1a86d1a3788ede8c0f7860a3b6e6
SHA5123a8dc12ed7378fbc2687b8796cd035dfea41de023a1503c055d96f176e4b8aa7d627d9c9010c36bb028bd3242f156a2312a564d1cfdd637f884a0829ed606fd4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5b549ff9b71579af9642023201d00377a
SHA1372cd16b3a9a58d23dde18706b7db633925376e1
SHA2566adf9cdec8a7061033b6e4074ddcf33445856f8dfbcecfa5d245c8f78677b1d7
SHA51279fb5c1b3646c11d678fbebf1e4fd141108411dc17c8fba61f96cecf975a223d614eeeb9632a44c723cb5d4e710f2d34e092610e90cb89611115e5b40dc47a1c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5ef0a2d028775afc5c44ec75e218226a7
SHA10fc985187665f149bdce3a6ca8a8872395232370
SHA256186e59e35aa3708981ff7f666543144ef343990c3588033fe26f8167e056a1ee
SHA5128dff12b0f3f61fe14a57ee3c77689edb1b0a6ab9f8b10cd70a48e13955e431169f6fcd6b528f510095c638178cbcc24de1febe86e50f346722e146731a543bf1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD500e33c596794065033c93c881263a750
SHA16f9bb837ae8dadec9a892753a97ce9499d2e24ff
SHA25676ad9a97dd19bf960f12d9bfbf1fe2a9dc0404d960989dea234527dc9a713b66
SHA512f6e01a3b879f6e83ea1f7a685c01a558efaab6888671808d521afc1228e257463181bac777abd3d2eedaecb9cc1dec9cd9157a931efb14f5c67c0a285a97b637
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD59bb70dc50112d783d446827f3ecdcf6c
SHA15eb6193c988c130e5da91af5e9083a47602b0ffa
SHA256d35542f624ff1b8fd0a2557dcbb2f4de503be9002e2990368787818194ffd88c
SHA5125b98f1a57139bdfa8c3860dd2b1164f7e3fd39ea597829d6fb972a7bbd503d18c2f39e1821a33c91eb9912f2c21ae9aeb6aab08675c8c7537de93ef6c64799e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5928c308c0b7c94458878fd2d036962f3
SHA1c1dcf84769d583c69ea721926a499f514dfb0f59
SHA25600eebf96b03a4f3742e5842d709ad71fa9bae1b3f1320173b50c8d0b357017d3
SHA512ed819ff1eb9d847fb13abc6d524451bfda293276627e764219775ddb30e86b3e324f643fa482ef2d527c1dfd80e38a8a9a633b64f70fafa260fbbd699354c193
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD554261b53ed9a99a461b91b4badcf2938
SHA1adfa6f6e387fea3b9170bc03b8a328b0eb6a1cdf
SHA25646d97cf855b163409741a829115a0654c63c7d5f9fde725fa87f15b14b5a4692
SHA5126d7c3da4a75b03477dd6dea008af8b2275f72e6a4455e644e2b67800d8d6b236f676088cc1cef16ab373bec5adc49cfe83e5b06ae2292a6b5f86e13f00c9b67c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5df1d905e6872e91c7544d9f2a0f6a8c6
SHA158f2e7a2ceda4d2dfc02c7ae3673cdc729697a5e
SHA256b1558b49839ea1ae1c1c1bff3b4611fc30047bfc1d35856af90644c0f48cc0e6
SHA51294fff556ebb775612ccb5ef40504d38d6f2510f5113010081d8e34af611cf9fbf6732f1abd80abafb61390b0e0b86e723d5beaa7f906b0fb5947a8ef0c8446f2
-
Filesize
153B
MD5cfc385beac7f5434bfd6713d1332c4e6
SHA19b8c363d6bdd4341cf2ef6dfc5bde0df04b7187a
SHA2563231db480431a4cb157de5d6cb5eaa4773c9e2ff747e4449b24eb12aacea46ff
SHA51292632ceb7a51b5761d76a9299a1f3189201ba76ca1c51a2bbb5fb111aeb3664715aa87711cb7a185274308b6c3c6613d3eb3655791066c4cdf6be75934a05b59
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD57024c76fa7fa4ba12ef514ab33d2f0b4
SHA174c8bd28d1c10201fbf91dd68c1e7f9220c81a6f
SHA256f923abe0bfe73a601f94887fdcf7bdabae91706fd277a12aae564e117e01927a
SHA5122d2c5c91278d59d7c2d6d316a183be2ce12a2796962f4e391be001dba087e020144f8c4d225437ff96f2ed26cd98e5e07976da8069612ed350c3f4ec9af7346d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5ba724b5d8a9e65f2dfed2d2d537a80f2
SHA1aecfe76cf7a5d12ef7b369c625bca42c7ca9f9e8
SHA25642b78514c06649c62c9e4dccba657b8a07b00583fd04335640050bf720ffa2d8
SHA512672392c55d19f6be53302ddfd721078ab75ef544cf6dc3153423b06a57fec306cff847aa77273218ff9c632267d656f76376d1366220d1804410d41c7b132896
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD524721a1db80c47dd39c5973a9b6ef464
SHA1551dc461ccdba64bb22676b6c25e90b255e1fffe
SHA25650cce3408d13b3ed3738cb4c6521b601ed82d3a629141d2cd5a2f68ffcec544d
SHA51227ef616910c53f13069939a4ef06748465c813b7b9ecf2e8df90e09d87bb86ea17ea15cb61c41c85c4c19d9f1273d66cc079fce48e94738e6e6163a01b748b93
-
Filesize
109KB
MD548a536136d689d58680d209903ff49e0
SHA1ef4673aa9895ba38e19a96a581206633c2b2b3eb
SHA2567320d93248899b8838a543606f29362b0279547c1ee2972f5ca09e69509890c7
SHA512a5d3c0ef96aed86cf7e60d3751a15a426ff661a4fe6fa8eb2e190616769e90b47b0d06dcbb90448d8c96ad3fd8077677a7ccbb150348b66935f7f0e537c7c3dd
-
Filesize
172KB
MD509728fa878594196f9f1a6859989361f
SHA1c44a516ca435fd0037fd1743c997e7ea67daa6b1
SHA256b6c7e579ed9fa0ecee5ac8e1f9d174bbbc5beca3dcd4f1be20ca3cb5de901c49
SHA512ec9661e0e4303b059f4d2ddeeb7fe0b696c7aa27b97e4e3701f2fca9e4eb5316044838827df44e9d5faad83515d4b19aabf73cfe81e72379d4107944aa477e4c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5b462313c79faf31ebea0a4e7cc7aca87
SHA171bc4abe2679a113289067a58aee8d74c82c6a5e
SHA2564f495c00f23c388b1a2a79f334134ca946d5c1143c74bede5c021d790c522f6b
SHA512cf079fdcee0fa898eac0ff3e3722ab3b6dc43b8e3f8b23859cfd6ee9aea86d677e6d15ff6ce0134a578287dbbe6c44d5f5475a32ba14d67a44907677fb454bbc
-
Filesize
49B
MD50b6c8ae97f124e9875d27564dcc0ecf4
SHA14c84bf5c64120ea7acc508550d8c13eae79c60f5
SHA256cfd561c3c8f26f7dc7398196897ee383db2b198bb69584f6db6da9dbd3d6e030
SHA5127c5f67947b9978ee00056620b26a677deda19e574852a324a9f6f4012b478b44325c507465eb845612527fed3617a5cd4ffd855126779ed3123602d023cb36b3
-
Filesize
21KB
MD575b43460f50846b686a8742f22854a47
SHA18e06acc6679050085f4448176d7f5f7005a39a64
SHA25649a14f9917f3a8c0fb2342fafc61281e75d9ecc6f98b96d64ea227c5c60e7581
SHA5128b84aa0cfbfe21382f68d862e59f7714ffbb1b7b52650ffafe3ee83339784bb5045a0650e17f2da8a31dfc04d906c525a47b739d680670c447853e32ddd209a1
-
Filesize
1KB
MD552d8d1bd36dbe2a24c01bc608651303a
SHA15d9d56877940a93dc3e989c3d1f7f1a5c5bc8d8a
SHA2565c9c78c0c41fa781a0be1c103361173f02d321c78dca1000f060c75dd22b3744
SHA512d94cbf2f3968f8433b2ea4b190bc7a3e156b72897f8a9b683670753bd7cff585e2192fc30612cefa1993ce93a9373cb9e630013a8d459824a6368f10bb2c2a39
-
Filesize
952B
MD562847d71635f39842e053af004597f7d
SHA1ffb31261f5d0bf4b0b839b12666850f243de0c1e
SHA256ac693d4138ae7f78ac57590f95c570e42e5afa304db50b2e8135cc8308adbabd
SHA512afacff400c901f86d7be708bfcf634f278ef3a02c629a61f10ee460a6d02f14edcf49fb24b03318abfec79c256c3a7b697f4bbdf1dfa67569c716289ce8a3254
-
Filesize
121B
MD5fa98f9eae3cefa61cadeb10dbf722bba
SHA1cb865773a1be8c026a039aef89b2faa697592708
SHA256200bc152c0abbc879ca964960ee3d2e8fce761d40e47bc87d404d7b7049c1813
SHA5128dc3d522e9ff00d83e6df8a51a498901236181b92f3b5493396dbcdc0e91e92a441d7124b0a71ac547706d2d7a709b904b53c4e4b3bb982f91b015c9289e9d6d
-
Filesize
1KB
MD5a5a61724fdb88a7020ab3b50dbf2bb64
SHA102ac15e8c7bd6551311d1031d792f53dc34c9559
SHA25683b78308d1c904c310b2813335ac0eaab0ac7f68102ac77721baf2069af5726b
SHA5127e8b49087c70820bd044a5475b0c2c4cade72dfc6e9bfabb3b4f54015377f53b409d876955b91baac4bdb18a800f04d2fa4e7d1a26445747ef81692bd29d86f3
-
Filesize
8KB
MD563f4841854acf4e6ae7cc3e5158ca96b
SHA1fd26a642499f8f58adf72afa743206413517c93c
SHA25652d011d9059fc326fc16979957955647ffa804f24b9ed31051d64c189c83f95f
SHA512ad0b133c18efc9738ee454f92316edfd8b2b7075101a7bf16b319d34dfd10f45a5247e68e44583689cf1b21790273a8387af49e234d106ada1c1dddaec82f8a9
-
Filesize
61B
MD5b2c1184e7fd1dccbd27da645b4380da9
SHA130badd4571f375702e1ad91e0c0a0091f88442d0
SHA2561b21a0a3303bd95044f19683d6488950b5479987441c7545d10a609a7c0f3059
SHA5125fe9b27402d7440e3154b5954d1608c12aa7f46c338059b3f6ac113ee671a2d2a725aa18bf5018d0a65f17f3e1a9b92b248f27249a2769c2e25e643d2eb2965f
-
Filesize
914B
MD58752dad203d093efabc8fcde90bb33a7
SHA1dd2f639ee6be8cce370cd3e625cc85fd60df7054
SHA2561674086cd4c1e20570a6f22f1c4136be5b57dbad39cd45e943c7f5b4f8cca39b
SHA51297e881f5976ad661c7108d390f808cf7f06eb1677fbd2133a71c2889f635df55fd4076d6021d2034df66b1571baf84655356f20ec6d02f8daf1016ad7c291004
-
Filesize
90B
MD5ae55b0d7f6db42451534ecbfbc08a620
SHA101883721d27e53edb773ebdbbd16471362798ab1
SHA256fdadc7a2263a6c59d55fbd60d5306c1b6e22e6881c003728b9f2d7c1fe00d55b
SHA5121ee105af2b640dab244df8566173b06799d4911a98ecd81bc7c7717c9cd314f48c847e8114fb638a4300e1edda1d59b69f699ae6d6b3cad143942a43e81ea425
-
Filesize
90B
MD5c78bc2ef6d81925bff54fa113a18ed4f
SHA110991ec46692fcb92d56fb39360cc6faeb20c33b
SHA2569997bd274c82c63118bf6aaf4afb173b0c3e0b8d932fab09cbe66495f476ff54
SHA512ffccd11a2777d5c7eccd87c19b99847ad5563218578057a3c9c7eceb9f0e1bcada7817846d43de9dc26a489c1ac3a2db116af304b5a2634dffcf0637f44f3580
-
Filesize
328B
MD52f02337e7c12701c0a53c008d21e23fc
SHA1e33543a392152d4c3dc6185c13d451ebc9ebbdac
SHA256a210086bd8a479f92b0ce37f91a0a3d58c68e1d4aa0b098b36cb540f481d127a
SHA5127b6e77cd05b88fec1e4ece7ebb299e6a76852b96a0da0f4e0ad44189f8aa90c49b5d31f0cca8aa83421eac24fd7a1fadb52eca22d10ac6fb0e0599d47d82483e
-
Filesize
1KB
MD52eb823c83a0846d4d0593ba3b639069e
SHA15d055b5ef912e0484d477ff2ebca3d3bbec8ed05
SHA2563609eab7ad2d5275bdc974586df7af98b593a316fbbf49f3e0d4cfb8546232c9
SHA512acf33b59527b61c9a172b5952613c3c877be893c4616185ea0a56f6f6ba28bfe928b17265d019afb2e952b6a3eeba89d26ad8fd62c6db9c7ef96bc12c5ec69ea
-
Filesize
162B
MD5e9a2a71275987a87b7c5983fab2621c8
SHA1d243ba959fa6e6e5cbdba813df74f39593b79d8d
SHA256e5db18e48ceea8e372e4efda6bade2b974abfba6f1032d5c0352dc37366738df
SHA5120c5269656e302046f32850efed4ca5f6d4be56bf01e247a23309db35c7bbdd50f27219a02e2aae83a37801024ccc090a2db468974c4ebb8e08e10d0776452b8e
-
Filesize
586B
MD517cede4723ef6d78b7c6c0084460eda9
SHA1a74f205836097cbae757e3fdb5b76a7dbc087c5f
SHA2562ff69d5724468368fa6a51cea3ef08ddcc6a1aacb454c9268738a5db696dd38f
SHA5126a19e9b321af5d06d4b922e3cfeaf5f185f233fe85cccc48ae1432630c4c992ca1c60147df0b3b6523890034ffc558484cb0d268e66e8a17ee59bf81065e2b01
-
Filesize
124B
MD59198f8109c21b7a0056a51a98b416ee0
SHA1295be83288154320bf7c4cc0a89a4e0625555d26
SHA256ee5a3fdf11bf281225469afd0c46cf00195a3c964d7c80ab3dc9a120434fd465
SHA5127d81ea6fddf3751a534e0d858f6f3e49effd53aa59229c72dc99c99f08a277b8747b0f0ffc41897a21d687259e9247790fab39ec2676766195c13bbd54c2680f
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5f8cec8b372f6292d53888152fe68cc64
SHA1aa9c341bbb50f368540abb34d05fa65667a38787
SHA256b8f669b9fbcc631bdb9398ab7e8d1d810de7a19e420047fad0e2c5234badbc98
SHA51247ea7dc2ec4888b9039cb86b21b1faaecfcdb20213f99d98696fd635db47e2a240a55d6bac3aeca97f81bd4abf2e43a7b57c25c35fd1ae58f0c780397a701ac3
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5b86a5658251dc236e7d4c4026a0238d1
SHA1b0dfb83d25dcab7d803488c317cd60ce97b8b079
SHA256fe36fc47b98c06394257f38bccf4cc95df201d9233408e5ec3f773bcf834a21c
SHA512fd19881f4bd43fbe1edabfb977867337bf5c15f7ce91b0e8eca4442d79fe9b017e4c32e934f459c8fce013792917fa2015d5361d7097b925110d0e748a43a027
-
Filesize
8KB
MD5726403849e45a9edb39e58d905009c47
SHA1929fb20ea2dcdc17c6c28d29eca76343c4f649fa
SHA256f226c02009c2359602600e64b8feab279308c1698bc57a426861e7d5a4368c9f
SHA5121df27a3321824248e58cb9319ca8e60ca9a482b3e26e27b0a91d960bbb8d9c1e4022efd1b9dbc6048f171188ef63171c5743175990368020c27072d979c9b1fa
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5a9a2669e3482388891dd58adfe1d9764
SHA104326a5d7c3d0118409734f9245a46631435b667
SHA2563924d719ac7d798230770a9af0c0884a824f96a7ec893317ca410ea5120d0fab
SHA5126621e4d4d7f7cde6d880e5ac1283467afa420f34c88271d8385c456dd4409f8c55e793a8360a780d8a2d80fe8e23f2e1fbbdb0c9e7f4129a8f50156f5aa473c9
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5f93b53a2fc2ee036f37e7b51773e9688
SHA1fe03bd8e9fc048fa4daad4063ec0357d445e541d
SHA2567092d09295e072afa81e9495fbe665c50baf5200d2597de1d7e4ad78f1daa2bb
SHA512478bad4d70bddc2e22955b2b633de6f01b10da025faf06c1199fc94fe51bc9d359951b7f82b7f9d014e44bcf151d9896e6d7574878ad5639008f3ac8c82290a8
-
Filesize
880B
MD5afcea2db8d5abd95d8dd249583993eaa
SHA1464072a6ecadf7360d8f4d44d9aba0e574d141b3
SHA256fb4928ae6f3d318ae50cfab0bebd677a1ff7ec533f2d213c134def21bc099c39
SHA5120e769a9f07d886cb7ab47bb680ac0803637c7e007dafde256c54168a0ebfedb5f81671ead3b1e551a4beb0613a9b24ee5ecd4449dd68f77e3f75a26f3f0cfce5